Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Topology Independent Loop-Free Alternate with Segment Routing for IS-IS

This example shows topology-independent loop-free alternate (TI-LFA) with segment routing for the IS-IS protocol to provide MPLS fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure by using deeper label stacks to construct backup paths. TI-LFA provides protection against link failure, node failure, and fate-sharing failures. In link failure mode, the destination is protected if the link fails. In node protection mode, the destination is protected if the neighbor connected to the primary link fails. To determine the node-protecting post-convergence path, the cost of all the links leaving the neighbor is assumed to increase by a configurable amount. With fate-sharing protection, a list of fate-sharing groups are configured on each PLR with the links in each fate-sharing group identified by their respective IP addresses.

Note:

TI-LFA supports protection of routes for both IPv4 and IPv6 prefixes. This example demonstrates protection of routes for IPv4 prefixes.

Requirements

This example uses the following hardware and software components:

  • Nine MX Series routers

  • Junos OS Release 17.4 or later running on all devices

Before you configure TI-LFA routes using SPRING for IS-IS, be sure you configure SPRING or segment routing.

Overview

Junos OS allows you to enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. TI-LFA provides protection against link failure, node failure, and failures of fate-sharing groups. You can enable the creation of post-convergence backup paths for a given interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode. You can enable node-protection mode, or fate-sharing-protection mode ,or both modes, for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. To ensure that the fate-sharing protection is enabled for a given fate-sharing group, you need to configure the use-for-post-convergence-lfa statement at the [edit routing-options fate-sharing group group-name] hierarchy level

Topology

#overview563__TI-LFA shows TI-LFA with segment routing for IS-IS configured on Device R1.

Topology

Configuration

CLI Quick Configuration

To quickly configure link-protection in this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

R1

R2

R3

R21

R22

R23

R24

R31

R34

Configuring R1

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

To configure Device R1:

  1. 1. Configure the interfaces.

  2. 2. Configure the router ID.

  3. Configure the MPLS protocol on the interfaces.

  4. Configure the maximum number of labels for segment routing routed paths for protection of backup shortest-path-first attributes.

  5. Configure IPv4 index and index range for node segments in segment routing for the IS-IS protocol.

  6. Configure wide metrics attribute of global level for the IS-IS protocol.

  7. Configure the interfaces to be point to point. Configure to install backup route along the link-protecting post-convergence path on the interface ge-0/0/2.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show protocols, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Procedure

CLI Quick Configuration

To quickly add node-protection for interface ge-0/0/2 to the above example configuration on Device R1, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

R1

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Enable node-protection on interface ge-0/0/2.

Results

If you are done configuring the device, enter commit from configuration mode.

Procedure

CLI Quick Configuration

To quickly configure define fate-sharing protection on Device R1, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device R1

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Configure the fate-sharing group cost.

  2. Configure the fate-sharing group to indicate that link from Device R1 to Device R2 and the link from Device R21 to Device R22 share fate and allow it to be used for post-convergence-lfa.

  3. Enable fate-sharing protection for ge-0/0/2 on Device R1.

Results

From configuration mode, confirm your configuration by entering the show protocols and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verify the Link-protecting Backup Path for an Ingress Route

Purpose

Verify the link-protecting backup path for primary next hops on interface ge-0/0/2 for Device R1 and verify if the backup path to reach 192.168.0.3/32 has been created and has the correct label stack.

Action

From operational mode, run the show route table inet.3 192.168.0.3 command to display the routing table information.

Meaning

The primary path to reach 198.162.0.3/32 (corresponding to Device R3) is through the interface ge-0/0/2 with a label of 800003, corresponding to the node-SID of Device R3. If the interface ge-0/0/2 fails, the backup path using the interface ge-0/0/0 using the label stack [800022, 299792, 800003] becomes active. The link-protecting post-convergence path is R1-R21-R22-R23-R2-R3. The top label on the label stack is 800022 and corresponds to the node SID to reach R22 on the shortest path R1-R2-R22. The next label (299792) corresponds to the adjacency SID for the interface R22-R23. The last label (800003) corresponds to the node SID on R23 to reach R3 on the shortest path R23-R2-R3.

Verify the Adjacency SID used in the Link-protecting Backup Path

Purpose

Verify that the adjacency SID 299792 corresponds to the interface between R22-R23.

Action

From operational mode, run the show isis adjacency detail R23 command to display the adjacency information.

Meaning

The Device R22 has assigned the value of 299792 to represent the level 2 adjacency to Device R23 for IPv4 traffic.

Verify the Link-protecting Backup Path for a Node SID label

Purpose

Verify that the transit route in mpls.0 corresponding to the node SID to reach Device R3 has a link-protecting backup path.

Action

From operational mode, run the show route table mpls.0 label 800003 command to display the adjacency information.

Meaning

An incoming label of 800003 corresponds to the node SID for Device R3. The primary route entry in mpls.0 corresponds to the swap of the incoming label 800003 with the outgoing label 800003 on interface ge-0/0/2, corresponding to the shortest path from Device R1 to Device R3 in the pre-failure topology. If interface ge-0/0/2 fails, the backup route entry causes a packet with the incoming label 800003 to leave interface ge-0/0/0 with that incoming label replaced by the label stack [800022, 299776, 800003]. This corresponds to the link-protecting post-convergence path to reach R3 (R1-R21-R22-R23-R2-R3). The top label on the label stack is 800022 and corresponds to the node SID to reach Device R22 on the shortest path R1-R2-R22. The next label (299792) corresponds to the adjacency SID for the interface on R22-R23. The last label (800003) corresponds to the node SID on Device R23 to reach Device R3 on the shortest path R23-R2-R3.

Verify the Link-protecting Backup Path for an Adjacency SID Label

Purpose

Verify that the route in mpls.0 corresponding to the adjacency SID from Device R1 to Device R2 has a link-protecting backup path.

Action

From operational mode, run the show route table mpls.0 label 299808 command to display the adjacency information.

Meaning

An incoming label of 299808 corresponds to the adjacency SID from Device R1 to Device R2. The primary route entry in mpls.0 corresponds to popping the incoming label 299808 and sending the packet out interface ge-0/0/2. If interface ge-0/0/2 fails, the backup route entry causes a packet with the incoming label 299808 to leave on interface ge-0/0/0 with that incoming label replaced by the label stack [800022, 299776, 800002]. This corresponds to the link-protecting post-convergence path to reach Device R2 (R1-R21-R22-R23-R2). The top label on the label stack is 800022 and corresponds to the node SID to reach Device R22 on the shortest path R1-R2-R22. The next label (299792) corresponds to the adjacency SID for the interface on R22-R23. The last label (800002) corresponds to the node SID on Device R23 to reach Device R2 on the shortest path R23-R2.

Verification

Verify the Backup Route on Device R1

Purpose

Verify that the backup route to reach 192.168.0.3 passes through R1-R31-R34-R3. This shows that the node-protection is enabled.

Action

From operational mode, run the show route table inet.3 192.168.0.3 command to display the routing table information.

Meaning

The backup path to reach 192.168.0.3 now uses the interface ge-0/0/1 (the interface to reach R31). The top label on the stack (299776) corresponds to the adjacency SID on Device R31 to reach Device R34. The bottom label (800003) takes the packet from R34 . This ensures that node-protection is enabled.

Verification

Confirm that the configuration is working properly.

Verify the Backup Path on Device R1

Purpose

Verify that the backup route to reach 192.168.0.3 is through path R1-R31-R34-R3. This shows that fate-sharing is enabled.

Action

From operational mode, run the show route table inet.3 192.168.0.3 command to display the routing table information.

Meaning

The backup path to reach 192.168.0.3 now uses ge-0/0/1 (the interface to reach R31). The top label on the stack (299776) corresponds to the adjacency-SID on Device R31 to reach Device R34. The bottom label (800003) takes the packet from Device R34 to Device R3.