TI-LFA Protection Priorities (OSPF)

Load basic.ospf.sr.enabled.cfg

configure
load bootflash:basic.ospf.sr.enabled.cfg
commit replace
y

OSPF is now used as the IGP instead of ISIS.

Assign all interfaces on R3 beides Gi0/0/0/9 to the same SRLG.

Configure TI-LFA on R3 for the Gi0/0/0/5 link so that node protection is preferred over SRLG protection.

Answer

#R3
srlg
 interface GigabitEthernet0/0/0/2
  name RED
 !
 interface GigabitEthernet0/0/0/4
  name RED
 !
 interface GigabitEthernet0/0/0/5
  name RED
 !
 interface GigabitEthernet0/0/0/6
  name RED
 !
 interface GigabitEthernet0/0/0/1
  name RED
 !
 name RED value 1
!
router ospf 1
 fast-reroute per-prefix tiebreaker node-protecting index 254
 fast-reroute per-prefix tiebreaker srlg-disjoint index 253
 area 0
  interface GigabitEthernet0/0/0/5
   fast-reroute per-prefix
   fast-reroute per-prefix ti-lfa enable

Explanation

When both node protection and SRLG protection are enabled, and a path providing both protection cannot be found, the path with the better protection index is used.

We can confirm the protection prorities using the following command. We see that node protection is preferred over SRLG protection because node protection has a higher index value. (Remember that ISIS uses the opposite logic - a lower index value is better). Also notice the new tiebreaker “Post Convergence Path” with index 256. This isn’t seen when using normal LFA. This must be an internal mechanism to force TI-LFA with OSPF to always calculate the post convergence path.

The router cannot calculate a path that is both node and SRLG protecting. The only interface that is SRLG protecting is facing R9. (R9 must use R5 to get to 7.7.7.1/32 so it is not node protecting).

Due to this, R3 should calculate a backup path that is only node protecting. We can see this is the case:

If we flip the priorities around, we can force R3 to use an SRLG protecting path instead of a node protecting path:

#R3
router ospf 1
 fast-reroute per-prefix tiebreaker srlg-disjoint index 254
 fast-reroute per-prefix tiebreaker node-protecting index 253

The tiebreakers when using TI-LFA for OSPF work similarly to ISIS:

If both SRLG-disjoint and node protection are configured, try to find a path that satisfies both
If no path is found, try to find a path that is either SRLG-disjoint or node protecting, which ever one has a higher index value
If no path is found, simply find a link-protecting path

The one difference is that with OSPF, we can also use lc-disjoint and lowest-backup-metric. We cannot test lc-disjoint with XRv, but we can change the tiebreakers to prefer node protection again (via R6) and then move lowest-backup-metric above this so that R9 is preferred.

#R3
router ospf 1
 fast-reroute per-prefix tiebreaker node-protecting index 250
 fast-reroute per-prefix tiebreaker srlg-disjoint index 240

R6 is used for the backup path again:

Let’s add lowest-backup-metric above node protection:

#R3
router ospf 1
 fast-reroute per-prefix tiebreaker lowest-backup-metric index 255

Now R9 is used:

This is very different from ISIS, which has completely separate TI-LFA tiebreakers which only consist of node protection and srlg-disjointness.

One more difference is that in ISIS, tiebreakers at the AFI level are not merged with tiebreakers configured at the link level. However, in OSPF, this merging does happen.

For example, the following configuration results in the index values changed for both node protection and srlg disjointness on Gi0/0/0/3. Additionally, interface configuration for node protection overrides the process configuration value.

#R1
router ospf 1
 fast-reroute per-prefix tiebreaker node-protecting index 252
 fast-reroute per-prefix tiebreaker srlg-disjoint index 240
 area 0
  interface GigabitEthernet0/0/0/3
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker node-protecting index 250
   fast-reroute per-prefix ti-lfa

This poses a problem when you want to disable the use of a tiebreaker on a particular interface, but it is configured at the process or area level. To accomplish this, you must use “disable.” This sets the index value to 0. You cannot explicitly set the value to 0 in the config.

#R1
router ospf 1
 fast-reroute per-prefix tiebreaker node-protecting index 252
 fast-reroute per-prefix tiebreaker srlg-disjoint index 240
 area 0
  interface GigabitEthernet0/0/0/3
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker node-protecting disable
   fast-reroute per-prefix tiebreaker srlg-disjoint disable
   fast-reroute per-prefix ti-lfa

In ISIS, you would use “default” instead. This sets all values back to their default.

#R1
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker node-protecting index 20
  fast-reroute per-prefix tiebreaker srlg-disjoint index 10
 !
 interface GigabitEthernet0/0/0/3
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker default
   fast-reroute per-prefix ti-lfa

This works for ISIS because it still allows you to configure a single tiebreaker which overrides all AFI level tiebreakers. For example, you would use the below configuration to only use node protection on Gi0/0/0/3. Since there is no merging, the srlg-disjoint index value is not inherited from the AFI level.

#R1
router isis 1
 address-family ipv4 unicast
  fast-reroute per-prefix tiebreaker node-protecting index 20
  fast-reroute per-prefix tiebreaker srlg-disjoint index 10
 !
 interface GigabitEthernet0/0/0/3
  address-family ipv4 unicast
   fast-reroute per-prefix
   fast-reroute per-prefix tiebreaker node-protecting index 20
   fast-reroute per-prefix ti-lfa

PreviousTI-LFA Protection Priorities (ISIS)NextMicroloop Avoidance

Last updated 5 months ago