IP/LDP FAST PROTECTION SCHEMES PL-NOG, OCT 203 Julian Lucek
AGENDA Loop-Free Alternate (LFA) brief review Improving LFA coverage Remote LFA (rlfa) Directed forwarding label LFA with automatically created RSVP bypasses Maximally Redundant Trees (MRT) 2 Copyright 200 Juniper Networks, Inc. www.juniper.net
BACKGROUND RSVP Fast Reroute has been available for many years Advantages of simplicity: get full coverage as long as alternative path exists. Usually involves creating a full-mesh of RSVP LSPs between end-points There has been a lot of interest in IP and/or LDP FRR schemes. From operators who don t use RSVP traffic engineering etc and don t want to deploy a full RSVP mesh solely to make use of FRR. 3 Copyright 200 Juniper Networks, Inc. www.juniper.net
SPF ROOTS & LFA ILLUSTRATED N 2 R2 3 S 3 D 3 N2 3 R3 Main SPF Backup SPF 4 Copyright 200 Juniper Networks, Inc. www.juniper.net
LFA COVERAGE ISSUES 5 Copyright 200 Juniper Networks, Inc. www.juniper.net
INCOMPLETE COVERAGE PROBLEM S R D R2 Consider traffic travelling from S to D (via R). R4 is not an LFA that protects the S-R link. In almost all deployments, don t get full coverage using just plain LFA. R4 R3 6 Copyright 200 Juniper Networks, Inc. www.juniper.net
IMPROVING LFA COVERAGE WITH REMOTE LFA 7 Copyright 200 Juniper Networks, Inc. www.juniper.net
REMOTE LFA Remote LFA extends LFA coverage by tunnelling packets inside LDP to reach a non-directly-connected router (a remote neighbour ). C.f. http://tools.ietf.org/html/draft-ietf-rtgwg-remote-lfa-0 Targeted LDP session will be brought up automatically as needed. 8 Copyright 200 Juniper Networks, Inc. www.juniper.net
REMOTE LFA S R D R2 Consider traffic travelling from S to D (via R). R4 is not an LFA that protects the S-R link. P-Space contains the routers that S can reach without using the S-R link. R4 R3 P-Space 9 Copyright 200 Juniper Networks, Inc. www.juniper.net
REMOTE LFA R D Consider traffic travelling from S to D (via R). R4 is not an LFA that protects the S-R link. S R2 Extended P-Space contains the routers that S s direct neighbours can reach without using the S-R link. R4 R3 Extended P-Space 0 Copyright 200 Juniper Networks, Inc. www.juniper.net
REMOTE LFA R S R4 Extended P-Space D R3 Q-Space R2 Q-Space contains the routers that normally reach D without using the S-R link. A router that is in both Extended P-Space and Q- Space is a PQ-node. It can be a Remote LFA of S, in order to protect the S-R link. R2 and R3 are PQ-nodes. Copyright 200 Juniper Networks, Inc. www.juniper.net
COVERAGE EXTENSION USING REMOTE LFA (CONT D) S R D R2 Remote LFA involves sending traffic to a PQ-node via a tunnel. The PQ-node then sends the traffic towards the destination. An LDP tunnel is used. Existing LDP LSP to R3 R4 R3 2 Copyright 200 Juniper Networks, Inc. www.juniper.net
COVERAGE EXTENSION USING REMOTE LFA (CONT D) R D In the case of IP traffic being protected, S pushes the LDP label required to reach R3 on top of the IP packet. S Existing LDP LSP to R3 R4 R3 R2 Assuming PHP, packet arrives at R3 as a plain IP packet. R3 then forwards the packet to R2, as this is on the best path towards the destination, D. 3 Copyright 200 Juniper Networks, Inc. www.juniper.net
COVERAGE EXTENSION USING REMOTE LFA (CONT D) R D In the case of LDP traffic being protected, a stack consisting of two LDP labels is used by S, i.e. LDP over LDP. S Existing LDP LSP to R3 R4 Targeted LDP session R3 R2 The outer LDP label, X, is the label required to reach R3. The inner LDP label, Y, is the label required to reach D from R3. A targeted LDP session (automatically created) is needed between R3 and S, so that S can learn the label, Y, advertised by R3 to reach D. 4 Copyright 200 Juniper Networks, Inc. www.juniper.net
S COVERAGE EXTENSION USING REMOTE LFA (CONT D) R 8 D Q-Space R2 Remote LFA cannot provide full coverage for all scenarios. Remote LFA cannot be used in the example on the left no PQ-nodes! However, in real networks, Remote LFA usually improves coverage compared to just vanilla LFA. R4 R3 Extended P-Space The Remote LFA draft reported analysis of different SP topologies. R-LFA coverage was 00% in 4 cases, 78% in worst case. Average of the networks was 96%. 5 Copyright 200 Juniper Networks, Inc. www.juniper.net
S RFLA COVERAGE EXTENSION USING DIRECTED- FORWARDING LABEL R R4 LDP LSP R3 8 D R2 IGP advertisement: Neighbour R: Label 00 As previously discussed, given the metrics shown, neither plain LFA or Remote LFA can protect against S-R link failure, for traffic going from source S to destination D. Directed Forwarding Label: R2 advertises via the IGP a strict-forwarding label pointing to D. S pushes this label onto the packet, and pushes the LDP label required to reach R2 on top. No targeted LDP session is needed. See Section 3. of http://tools.ietf.org/html/draft-gredler-rtgwg-igp-labeladvertisement-05 for more details. 6 Copyright 200 Juniper Networks, Inc. www.juniper.net
DIFFICULTY OF ATTAINING FULL COVERAGE WITH LFA 00% LFA Coverage gap! + Directed forwarding label + Remote LFA Difficult to reach 00% coverage without caveats. The closer we get to 00%, the more difficult is it to make further improvements. Fundamental problem is that we are trying to fight against the IGP metrics. 7 Copyright 200 Juniper Networks, Inc. www.juniper.net
ALTERNATIVE WAYS OF ACHIEVING FULL COVERAGE Would be better to have scheme in which packet is launched into a protection path that, regardless of topology/igp metrics, always takes the packet towards its destination without looping. We have a way, it s called RSVP! =>Use RSVP LSPs to augment LFA coverage, to 00% 8 Copyright 200 Juniper Networks, Inc. www.juniper.net
IMPROVING LFA COVERAGE USING RSVP LSPS 9 Copyright 200 Juniper Networks, Inc. www.juniper.net
COVERAGE EXTENSION USING DYNAMIC RSVP LSP S RSVP LSP R R4 D R3 R2 As R4 is not a valid LFA to protect the link from S to R, an RSVP bypass LSP is automatically created to R (i.e. the RSVP LSP goes all the way to the node on the far side of the protected link). From R the packet then travels to its original destination. Note: There is also an alternative mode in which RSVP LSP is always created (i.e. LFA is not configured/used) Already available in Junos 20 Copyright 200 Juniper Networks, Inc. www.juniper.net
VERY EASY TO CONFIGURE {master}[edit] user@router# show protocols ldp interface all { link-protection { dynamic-rsvp-lsp; <==== } } 2 Copyright 200 Juniper Networks, Inc. www.juniper.net
LFA + RSVP FOR FULL COVERAGE As we have seen in the previous slides, the LFA + RSVP scheme has the following properties: / If a valid LFA is present, that is used 2/ If no valid LFA is present, an RSVP bypass is automatically created 3/ Also, if the user does not want to use LFA at all, they can use the automatic RSVP bypass to cover everything. The advantages of the scheme are simplicity and full coverage. Not many RSVP LSPs needed: at most one per link per direction As well as unicast traffic, the scheme also applies to P2MP-LDP traffic! 22 Copyright 200 Juniper Networks, Inc. www.juniper.net
LINK PROTECTION FOR P2MP-LDP LSPS 23 Copyright 200 Juniper Networks, Inc. www.juniper.net
INTRODUCTION Juniper are pioneers of Point-to-Multipoint (P2MP) technology grand unification of MPLS and Multicast. RSVP-signalled P2MP LSPs have been available for ~8 years in Junos. Link Protection is supported for RSVP-signalled P2MP LSPs LDP-signalled P2MP LSPs (also known as mldp ) have been available in Junos since 20. As of 2.3, we now support Link Protection for LDP-signalled P2MP LSPs 24 Copyright 200 Juniper Networks, Inc. www.juniper.net
LINK PROTECTION SCHEMES FOR LDP-P2MP LSPS The following schemes are supported: Case / Link protection using dynamically-created point-to-point RSVP bypass LSP Case 2/ Link protection using Loop-Free Alternate (LFA) Case 3/ Combination of the above two schemes LFA is used if one exists If no LFA exists, dynamically-created RSVP bypass LSP is used 25 Copyright 200 Juniper Networks, Inc. www.juniper.net
Case : Using RSVP LSP for LDP-P2MP link protection Suppose R2 needs to protect the green LDP-P2MP LSP in the case that the R- R3 link should break. RSVP LSP is signaled from R2 to R3 via R6, avoiding interface ge-//0. The LSP is automatically created, no need to manually configure it If multiple LDP-P2MP LSPs use the R2->R3 link, the same RSVP LSP protects all of them If the R2-R3 link fails, R2 moves the LDP-P2MP traffic onto the RSVP LSP: the RSVP label (label L00) is pushed on top of the P2MP-LDP label (label L2). RSVP LSP R6 R4 R L00 R2 R3 LDP-P2MP LSP L22 Leaf L20 ge-//0.0 Root LSR-U LSR-D L2 Key: Green arrows: LDP P2MP LSP. Blue arrows: LDP label values distributed by LDP control plane Orange arrow: RSVP bypass LSP 26 Copyright 200 Juniper Networks, Inc. www.juniper.net L23 R5 Leaf
Case 2: Using Loop-Free Alternate for LDP-P2MP link protection Suppose R2 needs to protect the green LDP-P2MP LSP in the case that the R-R3 link should break. R2 checks if a viable LFA path exists that avoids the R-R3 link. In the example, given the metrics shown, R6 is a valid LFA for the R2-R3 link. This is a vanilla LFA as used for unicast traffic If multiple LDP-P2MP LSPs use the R2->R3 link, the same LFA protects all of them (and also unicast traffic) If the R2-R3 link fails, R2 moves the LDP-P2MP traffic onto the LFA path: the unicast LDP label to reach R3 (label L00) is pushed on top of the P2MP-LDP label (label L2). Unicast LDP path R6 R4 R L00 R2 Metric=0 Metric=0 Metric=0 R3 LDP-P2MP LSP L22 Leaf L20 ge-//0.0 Root LSR-U LSR-D L2 R5 L23 Leaf 27 Copyright 200 Juniper Networks, Inc. www.juniper.net
Case 3: Using Loop-Free Alternate if available, and RSVP LSP if LFA is not available Suppose R2 needs to protect the green LDP-P2MP LSP in the case that the R-R3 link should break. R2 checks if a viable LFA path exists that avoids the R-R3 link. In the example, given the metrics shown, R6 is a valid LFA for the R2-R3 link. This is a vanilla LFA as used for unicast traffic If multiple LDP-P2MP LSPs use the R2->R3 link, the same LFA protects all of them (and also unicast traffic) If the R2-R3 link fails, R2 moves the LDP-P2MP traffic onto the LFA path. Unicast LDP path R6 R4 R L00 R2 Metric=0 Metric=0 Metric=0 R3 LDP-P2MP LSP L22 Leaf L20 ge-//0.0 Root LSR-U LSR-D L2 R5 L23 Leaf 28 Copyright 200 Juniper Networks, Inc. www.juniper.net
Case 3: Using Loop-Free Alternate if available, and RSVP LSP if LFA is not available (cont'd) Suppose the metrics are such that there is not a viable LFA that protects against R2->R3 link failure. In the diagram, the metric between R6 and R3 is 50. This means that R6 is not an LFA for R2->R3 traffic, because R6 would loop the traffic back to R2. In this case, an RSVP LSP is automatically created to protect the P2MP- LDP traffic travelling between R2 and R3. RSVP LSP R6 R4 R L00 R2 Metric=0 Metric=50 Metric=0 R3 LDP-P2MP LSP L22 Leaf L20 ge-//0.0 Root LSR-U LSR-D L2 R5 L23 Leaf 29 Copyright 200 Juniper Networks, Inc. www.juniper.net
MRT 30 Copyright 200 Juniper Networks, Inc. www.juniper.net
MRT-FRR For Node S to protect link S-N or Node N: Pick MRT-Blue since it doesn t use link S-N Traffic follows MRT-Blue path to destination D S A 0 0 Z SPT MRT-Blue MRT-Red N Y 0 X D W 3 Copyright 200 Juniper Networks, Inc. www.juniper.net
KEY POINTS ABOUT MRT Provides 00% coverage for link and node failure, regardless of topology and IGP metrics. (Assuming there is another way to get to the destination!). Once packet is launched onto the blue or red tree, it travels to the destination Algorithm has been defined such that all nodes have a consistent notion of the blue and red trees associated with a given destination node http://tools.ietf.org/html/draft-enyedi-rtgwg-mrt-frr-algorithm-02 Very fast to compute the trees Relatively easy (compared to LFA/rLFA) to answer the question What path will this traffic take to get to this destination if this link/node breaks?, especially with tree-tracing tools. Could be used as a supplement to LFA (use MRT blue or red path in absence of valid LFA) or as a complete alternative. 32 Copyright 200 Juniper Networks, Inc. www.juniper.net
MRT LABEL DISTRIBUTION How are labels for the red and blue trees distributed? Using multi-topology LDP Different next-hops selected based upon both the MT-ID and FEC. Or using IGP-label advertisements The label advertisement drafts have made provision for an algorithm-id field. This can be used to identify label as belonging to red-mrt or blue- MRT as appropriate http://tools.ietf.org/html/draft-previdi-isis-segment-routing-extensions- 0#page-5 http://tools.ietf.org/html/draft-psenak-ospf-segment-routing-extensions- 0#page-8 33 Copyright 200 Juniper Networks, Inc. www.juniper.net
SUMMARY Dynamically-created RSVP bypass LSPs are a very simple way of improving LFA coverage to 00% now available in Junos Works for both LDP unicast and LDP-P2MP traffic Maximally Redundant Trees Prototype code available soon 34 Copyright 200 Juniper Networks, Inc. www.juniper.net
REFERENCES Remote LFA draft http://www.ietf.org/id/draft-ietf-rtgwg-remote-lfa-02.txt MRT architecture drafts http://tools.ietf.org/html/draft-ietf-rtgwg-mrt-frr-architecture-02 (unicast) http://tools.ietf.org/html/draft-atlas-rtgwg-mrt-mc-arch-0 (multicast) 35 Copyright 200 Juniper Networks, Inc. www.juniper.net