Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Fast Reroute Problem Overview

 

Problem

Description: Incorrect configuration is a common mistake when trying to establish protection for an MPLS LSP. Protection with either fast reroute or link protection requires a per-packet load-balance policy exported at the [edit routing-options forwarding-table] hierarchy level. Correctly configured protection for an MPLS LSP results in two next-hop forwarding table entries per destination, either an incoming MPLS label or an IP destination.

Figure 1 illustrates a network topology with link protection and load balancing enabled to ensure that routes are correctly placed in to the forwarding table.

Figure 1: Fast Reroute Problem Network
Fast Reroute Problem Network

The network shown in Figure 1 illustrates an MPLS-based VPN with traffic protection and load balancing, consisting of the following:

  • All physical interfaces addresses are from the 10.0.x.x/30 address space.

  • All loopback addresses are from the 192.168.x.1/32 block.

  • The IGP is a single-area (Area 0) OSPF.

  • RSVP is deployed as the MPLS signaling protocol between PE routers.

  • LSPs (r2-r4 and r4-r2) established between PE routers.

  • MP-IBGP mesh between PE routers, loopback peering, and VPN-IPv4 NLRI.

  • CE-PE link running EBGP.

  • Full-mesh Layer 3 VPN between CE1 and CE2.

  • Traffic protection for the link between the PE1 and P routers.

  • Load balancing on PE1.

The overall goal of this network is to provide point-to-point connectivity between the two CE routers and traffic protection in the core of the network.

Symptom

In the network shown in Figure 1, the external symptom is that local repair is taking about one second to complete, which is slow. Use the show route forwarding-table vpn vpn-a destination command to check that the correct routes are included in the forwarding table. In the example output below, there is only one route installed in the forwarding table, when for fast local repair, there should be multiple next hops installed.

Sample Output

Cause

Slow local repair is caused by the forwarding table not including the necessary next-hops to support local repair. The forwarding table shows only a single next-hop, when local repair requires additional next-hops for fast recovery.

Troubleshooting Commands

The Junos OS includes commands that are useful when troubleshooting a problem. This topic provides a brief description of each command followed by sample output, and a discussion of the output in relation to the problem.

The following commands can be used when troubleshooting a fast reroute error in an MPLS-VPN network:

Sample Output

The show configuration statement-path command is used to display a specific configuration hierarchy; in this case, to verify the correct configuration of a specific routing instance named vpn-a.

Meaning

The sample output for the show configuration command shows the current running configuration of the specific routing instance named vpn-a configured on the ingress PE1 router. The vpn-a instance configuration has a VRF table that supports EBGP routing on the PE-CE link (so-0/0/0.0). This interface is the correct interface for the CE1-PE1 link in the network topology shown in Figure 1.

The VRF instance is linked to a VFR target community configured at the [edit policy-options] hierarchy level, allowing advertising of L3 VPN routes between PE routers. (See the PE1 configuration in Router Configurations for the policy options configuration.) The import statement places, into the vpn-a.inet.0 table, all received L3 VPN MP-BGP routes tagged with the correct target community. The export statement advertises and tags all routes in the vpn-a.inet.o table with the listed target community to all MP-BGP peers.

The BGP protocols configuration within the routing instance applies the BGP import and export policies to the exchange of BGP routes on the PE-CE routing instance.

Sample Output

The show bgp summary command is used to display summary information about BGP and its neighbors to determine if routes are received from peers in the autonomous system (AS). In this case, information for the specified instance vpn-a is displayed.

Meaning

The sample output for the show bgp summary instance vpn-a command shows that the peering session between the CE1 and PE1 routers is established, indicating that the peers are exchanging update messages.

Sample Output

The show configuration statement-path command is used to display a specific configuration hierarchy; in this case, the MPLS hierarchy.

Meaning

The sample output for the show configuration protocols mpls command shows the current running MPLS configuration on the ingress PE1 router. The configuration include the LSP r2-r4, link protection, and the strict primary path direct.

Sample Output

The show mpls lsp command is used to display summarized information about the configured and active LSPs on a router; in this case, the command shows only the ingress LSPs on the ingress PE1 router.

Meaning

The sample output for the show mpls lsp ingress command shows that the ingress LSP r2-r4 is up and following the configured path direct.

Sample Output

The show rsvp session command is used to display summarized information about active RSVP sessions on a router; in this case, the command shows summarized information about ingress RSVP sessions on the PE1 router

Meaning

The sample output for the show rsvp session ingress command shows two RSVP sessions are up; the main LSP r2-r4 and a bypass path protecting the main LSP. Both RSVP sessions are in the Shared Explicit (SE) style, creating a shared reservation among for the two paths.

Sample Output

The show rsvp session ingress detail command is used to display more detailed information about the two ingress RSVP sessions on the PE1 router.

Meaning

The sample output for the show rsvp session ingress detail command shows the RSVP session for the ingress LSP and the bypass path, which appears as a separate RSVP ingress session for the protected interface 10.0.24.2. The bypass path is automatically generated. By default, the name appears as Bypass > interface-address, where the interface address is the next downstream router’s interface (10.0.24.2). The explicit route 10.0.23.14 10.0.34.14 for the session shows R3 as the transit node and R4 as the egress node.

Sample Output

The show route tablerouting-table-name command is used to display information about a particular routing table. In this case, the vpn-a.inet.0 routing table.

Meaning

The sample output for the show route table vpn-a 192.168.5.1 detail command shows routes associated with the remote PE-CE location as indicated by the loopback address of the PE2 router 192.168.5.1. In this case, there are different next hops with unequal weights (0x1 and 0x8001) associated with the remote location. For correct traffic protection, those two routes must appear in the forwarding table.

Sample Output

The show route forwarding-table command displays the route entries in the kernel's forwarding table. This is the version of the forwarding table in the Routing Engine. The Routing Engine copies this table to the Packet Forwarding Engine. In this case, the set of routes installed in the forwarding table to verify that the routing protocol process (rpd) has relayed the correct information to the forwarding table for the specified destination.

Meaning

The sample output for the show route forwarding-table vpn vpn-a destination 192.168.5.1 extensive command shows only one next hop so-0/0/1.0 is installed in the forwarding table, indicating that the information in the forwarding table is not correct. We would expect to see the same paths installed in the forwarding table as appear in the routing table in the output for the show route table vpn-a 192.168.5.1 detail.

Solution

The solution is to enable load-balancing and ensure that multiple next-hop forwarding table entries appear in the forwarding table for each destination. The forwarding-table entries can be an incoming MPLS label or an IP destination.

A load-balancing policy applied to the forwarding-table is the same mechanism required for ECMP (equal-cost multipath) load-balancing to install multiple next-hops into the forwarding-table. The extra paths installed for local repair are not used for load-balancing, because the paths are differently weighted, as demonstrated in the sample output for the show routing table and the show route forwarding-table commands.

Note

The load-balancing policy must be applied to all provider (P) and provider-edge (PE) routers that are required to support local repair.

The following sample output shows an example load-balancing configuration and the commands used to verify that the required two next-hop entries appear in the forwarding table.

Sample Output

Use the following two show configuration statement-path commands to display a specific configuration hierarchy; in this case, policy-options and routing-options.

Meaning

The sample output for the show configuration policy-options and show configuration routing-options commands shows the two parts required to configure a load balancing policy. The lbpf policy includes the load-balance per-packet statement. The policy is then applied at the [edit routing options forwarding-table] hierarchy level with the export lbpf statement. Enabling load balancing results in the export of routes from the routing table to the forwarding table, and a solution to the problem.

Note

The load-balance per-packet statement is named per-packet for historical reasons. When the Packet Forwarding Engine was an IP Processor-1 (before Junos 4.0), Junos supported only per-packet load balancing. When the IP Processor-II was introduced the behavior was changed to per-flow load balancing without changing the statement.

Sample Output

Use the show route forwarding-table command to display the Routing Engine's forwarding table, including the network-layer prefixes and their next hops. This command is used to help verify that the routing protocol process has relayed the correction information to the forwarding table. In this case, the option vpn vpn is used to display routing table entries for the specified VPN vpn-a.

Meaning

The sample output for the show route forwarding-table vpn vpn-a destination 192.168.5.1 extensive command shows the correct two routes were relayed from the routing table to the forwarding table.

Conclusion

In conclusion, a load balancing policy is required for link protection to work effectively. The principles are the same for the configuration of the fast reroute and the node-link protection statements.

Router Configurations

The following output shows the configurations of all routers in the network. The no-more option entered after the pipe ( | ) prevents the output from being paginated if the output is longer than the length of the terminal screen.

Sample Output

The following sample output is for the customer edge (CE) 1 router:

Sample Output

The following sample output is for the provider edge (PE) 1 ingress router :

Sample Output

The following sample output is for the provider (P) transit router:

Sample Output

The following sample output is for the provider edge (PE) 2 ingress router :

Sample Output

The following sample output is for the customer edge (CE) 2 router: