TI-LFA Protection Priorities (OSPF)
Load basic.ospf.sr.enabled.cfg
OSPF is now used as the IGP instead of ISIS.
Assign all interfaces on R3 beides Gi0/0/0/9 to the same SRLG.
Configure TI-LFA on R3 for the Gi0/0/0/5 link so that node protection is preferred over SRLG protection.
Answer
Explanation
When both node protection and SRLG protection are enabled, and a path providing both protection cannot be found, the path with the better protection index is used.
We can confirm the protection prorities using the following command. We see that node protection is preferred over SRLG protection because node protection has a higher index value. (Remember that ISIS uses the opposite logic - a lower index value is better). Also notice the new tiebreaker “Post Convergence Path” with index 256. This isn’t seen when using normal LFA. This must be an internal mechanism to force TI-LFA with OSPF to always calculate the post convergence path.
The router cannot calculate a path that is both node and SRLG protecting. The only interface that is SRLG protecting is facing R9. (R9 must use R5 to get to 7.7.7.1/32 so it is not node protecting).
Due to this, R3 should calculate a backup path that is only node protecting. We can see this is the case:
If we flip the priorities around, we can force R3 to use an SRLG protecting path instead of a node protecting path:
The tiebreakers when using TI-LFA for OSPF work similarly to ISIS:
If both SRLG-disjoint and node protection are configured, try to find a path that satisfies both
If no path is found, try to find a path that is either SRLG-disjoint or node protecting, which ever one has a higher index value
If no path is found, simply find a link-protecting path
The one difference is that with OSPF, we can also use lc-disjoint and lowest-backup-metric. We cannot test lc-disjoint with XRv, but we can change the tiebreakers to prefer node protection again (via R6) and then move lowest-backup-metric above this so that R9 is preferred.
R6 is used for the backup path again:
Let’s add lowest-backup-metric above node protection:
Now R9 is used:
This is very different from ISIS, which has completely separate TI-LFA tiebreakers which only consist of node protection and srlg-disjointness.
One more difference is that in ISIS, tiebreakers at the AFI level are not merged with tiebreakers configured at the link level. However, in OSPF, this merging does happen.
For example, the following configuration results in the index values changed for both node protection and srlg disjointness on Gi0/0/0/3. Additionally, interface configuration for node protection overrides the process configuration value.
This poses a problem when you want to disable the use of a tiebreaker on a particular interface, but it is configured at the process or area level. To accomplish this, you must use “disable.” This sets the index value to 0. You cannot explicitly set the value to 0 in the config.
In ISIS, you would use “default” instead. This sets all values back to their default.
This works for ISIS because it still allows you to configure a single tiebreaker which overrides all AFI level tiebreakers. For example, you would use the below configuration to only use node protection on Gi0/0/0/3. Since there is no merging, the srlg-disjoint index value is not inherited from the AFI level.
Last updated
