TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Egress Protection for Layer 3 VPN Edge Protection Overview

Typically, Layer 3 VPN service restoration for multihomed customer edge (CE) routers depends on the ingress provider edge (PE) router to detect the egress PE link or node failure and switch traffic to the backup PE router. To achieve faster restoration, a protector mechanism for the PE router can be used to perform local restoration of the service immediately in case of an egress PE node failure. This mechanism requires the router at the point of local repair (PLR) to redirect VPN traffic to a protector PE router for fast reroute of traffic.

The following topology describes the concept of egress protection.

Figure 1: Sample Topology for Egress Protection

In this topology:

Router PE3 acts as the protector for the PE2 Layer 3 VPN routing instances or subnets.

The CE routers are part of a VPN where Router CE1 is multihomed with Router PE1 and Router PE2. Likewise, Router CE2 is multihomed with Routers PE2 and PE3.

Router PE1 can be the originator for the context identifier for Router CE1, while Router PE2 is the protector for that context identifier. Likewise, PE2 can be the originator for the context identifier for Router CE2, while Router PE3 is the protector for that context identifier.

The working path taken by Router PE4 might be through PLR>PE2 for both Router CE1 and Router CE2. The backup path for Router CE1 is through PLR>PE1. The backup path for Router CE2 is through PLR>PE3. Traffic flows through the working path under normal circumstances.

When Router PE4 detects a PE2 node or link failure, traffic is rerouted from the working path to the protected path. In the normal failover process, the detection of failure and the recovery rely on the control plane and is therefore relatively slow.

Typically, if there is a link or node failure in the core network, the egress PE router would have to rely on the ingress PE router to detect the failure and switch over to the backup path, because a local repair option for egress failure is not available.

To provide a local repair solution for the egress PE link or node failure, a mechanism known as egress protection can be used to repair and restore the connection quickly. If egress protection is configured, the PLR router detects the PE2 link or node failure and reroutes traffic through the protector Router PE3 using the backup LDP-signaled label-switched path (LSP). The PLR router uses per-prefix loop-free alternate routes to program the backup next hop through Router PE3, and traffic is forwarded to Routers CE1 and CE2 using the alternate paths. This restoration is done quickly after the PLR router detects the Router PE2 egress node or link failure.

The dual protection mechanism can also be used for egress protection where the two PE routers can simultaneously act as the primary PE router and the protector PE router for their respective context ID routes or next hops.

Router Functions

In Figure 1, the following routers perform the following functions:

Protected PE Router

The protected PE, PE2, performs the following functions:

Updates a context identifier for the BGP next hop for the Layer 3 VPN prefix.
Advertises the context identifier to the IS-IS domain.

Protector PE Router

The protector PE router, PE3, performs the following functions:

Advertises the context identifier to the IS-IS domain with a high metric. The high IGP metric (configurable) along with the LDP label ensures that the PLR router uses the LDP-signaled backup LSP in the event of an egress PE router failure.
Builds a context-label table for route lookup and a backup forwarding table for the protected PE router (PE2).
Note: The protector PE router should not be in the forwarding path to the primary PE router.

PLR Router

The router acting as the point of local repair (PLR) performs the following functions:

Computes per-prefix loop-free alternate routes. For this computation to work, the configuration of the node-link-protection statement and the backup-spf-options per-prefix-calculation statement is necessary at the [edit protocols isis] hierarchy level.
Installs backup next hops for the context identifier through the PE3 router (protector PE).
Detects PE router failure and redirects the transport LSP traffic to the protector.

Note: The PLR router must be directly connected to the protector router (in this case, PE3). If not, the loop-free alternate route cannot find the backup path to the protector.

Protector and Protection Models

Protector is a new role or function for the restoration of egress PE node failure. This role could be played by a backup egress PE router or any other node that participates in the VPN control plane for VPN prefixes that require egress node protection. There are two protection models based on the location and role of a protector:

Co-located protector—In this model, the protector PE router and the backup PE router configurations are done on the same router. The protector is co-located with the backup PE router for the protected prefix, and it has a direct connection to the multihomed site that originates the protected prefix. In the event of an egress PE failure, the protector receives traffic from the PLR router and routes the traffic to the multihomed site.
Centralized protector—In this model, the protector PE router and the backup PE router are different. The centralized protector might not have a direct connection to the multihomed site. In the event of an egress PE link or node failure, the centralized protector reroutes the traffic to the backup egress PE router with the VPN label advertised for the backup egress PE router that takes over the role of sending traffic to the multihomed site.

A network can use either of the protection models or a combination of both, depending on the requirement.

For more information about egress PE failure protection, see Internet draft draft-minto-2547-egress-node-fast-protection-00, 2547 egress PE Fast Failure Protection..