TI-LFA Protection Priorities (ISIS)

Load basic.isis.sr.enabled.cfg in the Ping Factory SR topology in EVE-NG.

configure
load bootflash:basic.isis.sr.enabled.cfg
commit replace
y

Assign all interfaces on R3 beides Gi0/0/0/9 to the same SRLG.

Configure TI-LFA on R3 for the Gi0/0/0/5 link so that node protection is preferred over SRLG protection.

Answer

#R3
srlg
 interface GigabitEthernet0/0/0/2
  name RED
 !
 interface GigabitEthernet0/0/0/4
  name RED
 !
 interface GigabitEthernet0/0/0/5
  name RED
 !
 interface GigabitEthernet0/0/0/6
  name RED
 !
 interface GigabitEthernet0/0/0/1
  name RED
 !
 name RED value 1
!
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker node-protecting index 10
  fast-reroute per-prefix tiebreaker srlg-disjoint index 20
 !
 interface GigabitEthernet0/0/0/5
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa

Explanation

When both node protection and SRLG protection are enabled, and a path providing both protection cannot be found, the path with the better protection index is used.

We can confirm the protection prorities using the following command. We see that node protection is preferred over SRLG protection because node protection has a lower index value.

The router cannot calculate a path that is both node and SRLG protecting. The only interface that is SRLG protecting is facing R9. But R9 must use R5 to get to 7.7.7.1/32, so it is SRLG protecting but not node protecting.

Due to this, R3 should calculate a backup path that is only node protecting. We can see this is the case:

If we flip the priorities around, we can force R3 to use an SRLG protecting path instead of a node protecting path:

#R3
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker srlg-disjoint index 10
  fast-reroute per-prefix tiebreaker node-protecting index 20

In summary, the tiebreaker rules for TI-LFA work as follows:

If both SRLG-disjoint and node protection are configured, try to find a path that satisfies both
If no path is found, try to find a path that is either SRLG-disjoint or node protecting, which ever one has a lower index value (higher priority)
If no path is found, simply find a link-protecting path

Also note that in ISIS, tiebreakers at the AFI level are not merged with tiebreakers at the link level. (In OSPF they are merged however). So in the following example, Gi0/0/0/3 will only use node-protection as a tiebreaker.

#R1
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker node-protecting index 20
  fast-reroute per-prefix tiebreaker srlg-disjoint index 10
 !
 interface GigabitEthernet0/0/0/3
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker node-protecting index 20
   fast-reroute per-prefix ti-lfa

You can use this fact to set tiebreakers back to their defaults on an interface:

#R1
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker node-protecting index 20
  fast-reroute per-prefix tiebreaker srlg-disjoint index 10
 !
 interface GigabitEthernet0/0/0/3
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker default
   fast-reroute per-prefix ti-lfa

In OSPF, you would use “… node-protecting disable” and “… srlg-disjoint disable” instead, to set those indexes to 0.

PreviousTI-LFA SRLG Protection NextTI-LFA Protection Priorities (OSPF)

Last updated 5 months ago