TI-LFA SRLG Protection
Load basic.isis.sr.enabled.cfg
Configure TI-LFA on R3 for the Gi0/0/0/5 link. Using SRLG, force R3 to calculate a backup path through R1.
Answer
Explanation
By using srlg-disjoint as a tiebreaker, the router will prefer paths that do not use the same SRLG as the protected link. In this solution, we assigned all links except Gi0/0/0/1 to the same SRLG, to force the backup path to use Gi0/0/0/1.
An interface is assigned to an SRLG under the global srlg configuration. An SRLG is a shared-risk link group. All links belonging to the same group share the same fate, so you might want backup paths to avoid links with the same SRLG. (This doesn’t happen by default, you must configure this as a tiebreaker).
Note that srlg-disjoint paths only use local SRLG values. The router cannot take into account the SRLG value of interfaces on remote routers.
Next, we add SRLG-disjoint as a tiebreaker. Like we saw with node protection, this instructs the router to add SRLG protection when calculating the LFA. When only SRLG protection is enabled, the index value does not matter. The router will first prune all links with the same SRLG value and attempt to find an LFA via CSPF. If no path is found, then the router will fallback on just a link-protecting path.
We can see that R3’s Gi0/0/0/5 interface has SRLG protection enabled for TI-LFA:
We can see that R3 indeed is using a backup path through R1. However, notice that this is not node-protecting. We did not enable node protection, so R3 simply found the lowest IGP cost backup path using any interface not in the same SRLG as the protected link.
Remember that the label listed at the Q node is the Adj-SID that the P node must see. So R3 uses 24003/16007 and forwards the packet out Gi0/0/0/1. R1 sees 24003, pops this, and forwards to R4. R4 sees 16007 and forwards along the IGP shortest path to R7. We can double check this in the FIB:
What if we want the backup LFA to also be node-protecting? To do this we simply add node protection as another index. First the router will attempt to find a path that is both node and SRLG protecting. If none are found, whichever index is lower is the preferred protection mechanism. So if we make SRLG-disjoint a lower index, any paths that are only SRLG protection are preferred over paths that are only node protecting.
We now see a much more complex backup LSP. This folows the path R3-R1-R4-R6-R7 using several Adj-SIDs:
If we change the order of the tiebreakers, we see the same LSP:
This is because the router tries the following order:
Both node and SRLG protection
Only SRLG protection (it has a better index number)
Only node protection
Only link protection
Since we have paths that are both node and SRLG protection, the index number does not matter in our case.
What happens if we add lowest-backup-metric to the bottom of the list?
Still nothing has changed. You might think the lowest IGP metrc is preferred, and then node protection and srlg protection won’t have any affect, but this is not the case.
The reason is that the lowest-backup-metric tiebreaker has no effect on TI-LFA. It only affects LFA. It just happens that LFA and TI-LFA use the same “tiebreaker” commands. If we check Gi0/0/0/5, we see nothing has changed under TI-LFA, although we see a change for LFA.
What if no SRLG-disjoint path exists? Then the router will still calculate the best LFA that it can calculate. The tiebreakers are not “requirements.” So failing to satisfy the condition does not cause an LFA to fail to be found. For example, let’s add Gi0/0/0/1 to the RED SRLG.
The backup path for 7.7.7.1/32 is no longer SRLG-disjoint, only node protecting:
Last updated