SRv6 Loop-Free Alternate
This chapter provides information about loop-free alternate for segment routing over IPv6.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.2.R1. Segment routing over IPv6 (SRv6) is supported on FP4-based equipment in SR OS Release 21.5.R2 and later.
Overview
SR OS Release 21.5.R2 and later support loop-free alternate (LFA) for segment routing over IPv6 (SRv6). This includes regular LFA, remote LFA (R-LFA) and topology independent LFA (TI-LFA) for routers in a service originating role and for routers in a transit role, with or without segment termination.
The local router installs its locator prefix in its IPv6 route table and IPv6 forwarding information base (FIB), and advertises its locator prefix in IS-IS with the SRv6 locator sub-TLV. Each remote router populates its IPv6 route table and IPv6 FIB with the received locator prefixes, including the tunneled next hop to the originating router.
The LFA backup path for a local End.X segment identifier (SID) or a local LAN End.X SID is programmed in the IPv6 route table and in the IPv6 FIB with the specific entry corresponding to the local locator prefix.
The LFA backup path for a remote locator prefix entry is programmed in the IPv6 route table and in the IPv6 FIB. The LFA backup path for a remote End SID, End.DT4 SID, End.DT6 SID, or End.DX2 SID uses that remote locator prefix.
Configuration
Example topology shows the example topology with five SRv6-capable routers. The SRv6-enabled network that it represents comprises PE-1, PE-2, and P-3 in the control and data planes, and P-4 and P-5 in the data plane only. The SRv6-enabled network has only IPv6 addresses and interfaces.
For the transport of IPv4 and IPv6 data from the VPRN on PE-1 to the VPRN on PE-2, PE-1 acts as the SRv6 ingress PE node, while PE-2 acts as the SRv6 egress PE node.
SRv6 and forwarding path extension (FPE) are configured on all routers. P-3 acts as the BGP route reflector in the control plane. As long as the link between PE-1 and PE-2 is operational, P-3 does not participate in the SRv6 data transport between PE-1 and PE-2. When the link between PE-1 and PE-2 fails, SRv6 data transport uses an LFA backup path via P-3.
The ping and traceroute commands between IPv4 and IPv6 loopback addresses in the VPRNs simulate data transport.
SRv6 for VPRN is established between PE-1 and PE-2, as described in the Segment Routing over IPv6 for VPRN chapter. The metric on all links, except one, is set to 10. When the metric on the link between PE-2 and P-5 is set to 21, configuring TI-LFA on PE-1 for all destination prefixes using the protected link PE-1–PE-2, results in a PQ-router P-5. In this case, the End SID of P-5 suffices. When the metric on the link between P-3 and P-5 is set to 21, configuring TI-LFA on PE-1 for all destination prefixes using the protected link PE-1-PE-2, results in disjointed P-router P-3 and Q-router P-5. In that case, the End.X SID referencing the interface on P-3 facing P-5 suffices to reach the Q node.
Configure the router
This configuration includes:
- ports and IPv6-only interfaces on all routers
- port cross-connect (PXC) on all routers, using internal loopbacks on an FP4 MAC chip, as described in the Segment Routing over IPv6 chapter
- IS-IS on all routers, including:
- level 2 capability with wide metrics (for the 128-bit identifiers)
- level 2 metric is 10 on all IS-IS interfaces, but 21 on the IS-IS interface between PE-2 and P-5
- native IPv6 routing
- as a best practice to advertise the router capability within the
autonomous system (AS), also configure:
- traffic-engineering
- traffic-engineering-options
- BGP on PE-1, PE-2, and P-3, with internal group “gr_v6_internal” that
includes:
- IPv4, IPv6, VPN-IPv4 and VPN-IPv6 families
- extended-nh-encoding for IPv4 and VPN-IPv4
- advertise-ipv6-next-hops for IPv4, VPN-IPv4 and VPN-IPv6
- BGP neighbor system IPv6 addresses
- On PE-1 and PE-2 only: next-hop-self
The core network topology uses IPv6 for BGP peering (with 16 byte next hop addresses), so to advertise and receive IPv4 routes (which have 4 byte next hop addresses) with IPv6 next hop addresses, the commands advertise-ipv6-next-hops and extended-nh-encoding need to be configured at the BGP, group, or neighbor level. The advertise-ipv6-next-hops command instructs the system to advertise IPv4 routes with IPv6 next hop addresses. The extended-nh-encoding command configures BGP to advertise the capability to receive IPv4 routes with IPv6 next hop addresses.
The following example configuration applies for PE-1 and is similar for the other routers, with the following differences:
- P-3 acts as a BGP route reflector
- BGP is not configured on P-4 and P-5
*A:PE-1# configure router Base
interface "int-PE-1-PE-2"
description "interface between PE-1 and PE-2"
port 1/1/c1/1:1000
ipv6
address 2001:db8::168:12:1/126
exit
no shutdown
exit
interface "int-PE-1-P-4"
description "interface between PE-1 and P-4"
port 1/1/c2/1:1000
ipv6
address 2001:db8::168:14:1/126
exit
no shutdown
exit
interface "system"
description "system interface of PE-1"
ipv6
address 2001:db8::2:1/128
exit
no shutdown
exit
autonomous-system 64500
isis 0
router-id 1.1.1.1
level-capability level-2 # required for SRv6
area-id 49.0001
traffic-engineering
traffic-engineering-options
ipv6
application-link-attributes
exit
exit
advertise-router-capability as
ipv6-routing native
level 2
wide-metrics-only # required for SRv6
exit
interface "system"
passive
no shutdown
exit
interface "int-PE-1-PE-2"
interface-type point-to-point
level [1..2] metric 10
no shutdown
exit
interface "int-PE-1-P-4"
interface-type point-to-point
level [1..2] metric 10
no shutdown
exit
no shutdown
exit
bgp
min-route-advertisement 1
router-id 2.2.2.1
rapid-withdrawal
rapid-update vpn-ipv4 vpn-ipv6
split-horizon
group "gr_v6_internal"
description "internal bgp group on PE-1"
family ipv4 ipv6 vpn-ipv4 vpn-ipv6
extended-nh-encoding ipv4 vpn-ipv4
advertise-ipv6-next-hops ipv4 vpn-ipv4 vpn-ipv6
next-hop-self
type internal
neighbor 2001:db8::2:3 # P-3 system address
exit
exit
no shutdown
exit
exit all
Do not advertise tunnel links, because that enables forwarding adjacencies. IS-IS does not compute a remote LFA or a TI-LFA backup for an SR-ISIS tunnel when forwarding adjacency (configured via the advertise-tunnel-links command) is enabled in the IS-IS instance, even if these two types of LFAs are enabled in the configuration of that same IS-IS instance.
Configure the VPRN services on PE-1 and on PE-2
This configuration includes:
- an IPv4 address and an IPv6 address for a loopback interface "lb_itf_vprn"
- BGP, with external group “gr_v6_vprn” that includes the following
capabilities:
- IPv4 and IPv6 families
- extended-nh-encoding for IPv4
- advertise-ipv6-next-hops for IPv4
- BGP neighbor interface IPv6 addresses, with BGP neighbors in a different external AS
The following example configuration applies for VPRN 2 on PE-1 and is similar for VPRN 2 on PE-2.
*A:PE-1# configure service
vprn 2 name "VPRN_2" customer 1 create
description "VPRN 2 on PE-1"
autonomous-system 64500
interface "lb_itf_vprn" create
address 172.16.211.1/32
description "VPRN 2 interface on PE-1 for external subnet"
ipv6
address 2001:db8:211::1/128
exit
loopback
exit
bgp
group "gr_v6_vprn"
description "external bgp group for VPRN 2 on PE-1"
family ipv4 ipv6
extended-nh-encoding ipv4
advertise-ipv6-next-hops ipv4
neighbor 2001:db8:101::1
type external
peer-as 64501
exit
exit
no shutdown
exit
no shutdown
exit all
Configure SRv6 in the router Base context on all routers
Configure the locator in the router Base segment-routing segment-routing-v6 context on PE-2 and similar on the other routers, with different ip-prefix for the locators.
*A:PE-2# configure router Base segment-routing segment-routing-v6
locator "PE-2_loc"
block-length 48
prefix
ip-prefix 2001:db8:aaaa:102::/64
exit
no shutdown
exit all
Configure the FPEs on PE-2 and identical on the other routers.
*A:PE-2# configure fwd-path-ext
fpe 1 create
path pxc 1
srv6 origination
interface-a
exit
interface-b
exit
exit
exit
fpe 2 create
path pxc 2
srv6 termination
interface-a
exit
interface-b
exit
exit
exit all
Use FPE 1 as the SRv6 origination FPE in the router Base segment-routing segment-routing-v6 context and FPE 2 as the SRv6 termination FPE in the router Base segment-routing segment-routing-v6 locator context on PE-2. The configuration is similar on the other routers, with different locators. For more information, see the Segment Routing over IPv6 chapter.
*A:PE-2# configure router Base segment-routing
segment-routing-v6
origination-fpe 1
locator "PE-2_loc"
termination-fpe 2
no shutdown
exit
exit all
Configure the SRv6 End function (equivalent to an IPv4 node SID) and SRv6 End.X functions (equivalent to IPv4 adjacency SIDs) in the router Base segment-routing segment-routing-v6 base-routing-instance locator context on all routers, with different locators.
*A:PE-2# configure router Base
mpls-labels
sr-labels start 20000 end 20999
reserved-label-block "SRv6"
start-label 30100 end-label 30199
exit
exit
segment-routing
segment-routing-v6
locator "PE-2_loc"
shutdown
static-function
max-entries 3
label-block "SRv6"
exit
no shutdown
exit
base-routing-instance
locator "PE-2_loc"
function
end-x-auto-allocate srh-mode usp protection protected
end 1
srh-mode usp
exit
exit
exit
exit
exit all
While not strictly needed, allow for three static functions. New SRv6 functions (for example End.DT4 and End.DT6), can then be configured without needing to reshuffle the automatic SRv6 function numbering. Ensure that the End.X functions have protection on. As a result, the End.X functions are only instantiated when loopfree-alternates is configured in the router Base isis context.
Advertise the locator in IS-IS while ensuring level 2 capability on PE-2. Configure other routers similarly, with different locators.
*A:PE-2# configure router Base isis 0
segment-routing-v6
locator "PE-2_loc"
level-capability level-2
level 1
exit
level 2
exit
exit
no shutdown
exit all
Use the show router segment-routing-v6 summary command to verify the locator and origination FPE configuration.
Configure SRv6 for the VPRNs on PE-1 and on PE-2
Create an SRv6 instance for the VPRN service. Use the locator from the router Base segment-routing segment-routing-v6 context and configure End.DT4 and End.DT6 functions for it.
Use the created SRv6 instance in the service vprn bgp-ipvpn segment-routing-v6 context, with the configured locator as the default locator. Ensure a unique route distinguisher. Use the unique PE-2 system IPv6 address as the source address. Use a similar configuration on PE-1, with the PE-1 locator as default locator, the PE-1 system IPv6 address as the source address, and a different route distinguisher.
*A:PE-2# configure service
vprn 2
segment-routing-v6 1 create
locator "PE-2_loc"
function
end-dt4
end-dt6
exit
exit
exit
bgp-ipvpn
segment-routing-v6
route-distinguisher 192.0.2.2:2
srv6-instance 1 default-locator "PE-2_loc"
source-address 2001:db8::2:2
vrf-target target:64506:2
no shutdown
exit
exit
no shutdown
exit all
This configuration results in BGP update exchanges between PE-2 and PE-1, via P-3, and between PE-1 and PE-2, via P-3.
At this point, verify that data transport is possible between the local VPRN on PE-1 and the remote VPRN on PE-2.
*A:PE-1# ping router 2 172.16.222.1
PING 172.16.222.1 56 data bytes
64 bytes from 172.16.222.1: icmp_seq=1 ttl=64 time=1.83ms.
---snip---
---- 172.16.222.1 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 1.48ms, avg = 1.97ms, max = 3.30ms, stddev = 0.678ms
*A:PE-1# traceroute router 2 172.16.222.1
traceroute to 172.16.222.1, 30 hops max, 40 byte packets
1 172.16.222.1 (172.16.222.1) 1.85 ms 1.55 ms 1.67 ms
*A:PE-1# ping router 2 2001:db8:222::1
PING 2001:db8:222::1 56 data bytes
64 bytes from 2001:db8:222::1 icmp_seq=1 hlim=64 time=1.56ms.
---snip---
---- 2001:db8:222::1 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 1.45ms, avg = 1.59ms, max = 1.78ms, stddev = 0.114ms
*A:PE-1# traceroute router 2 2001:db8:222::1
traceroute to 2001:db8:222::1, 30 hops max, 60 byte packets
1 2001:db8:222::1 (2001:db8:222::1) 3.31 ms 1.53 ms 3.23 ms
The result of the verification complies with the route tables for the local VPRN on PE-1, which contains routes for the loopback addresses in the remote VPRN on PE-2. The same is true for data transport between the remote VPRN on PE-2 and the local VPRN on PE-1.
*A:PE-1# show router 2 route-table ipv4
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.211.1/32 Local Local 00h12m37s 0
lb_itf_vprn 0
172.16.222.1/32 Remote BGP VPN 00h01m35s 170
2001:db8:aaaa:102:78a6:c000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
---snip---
===============================================================================
*A:PE-1# show router 2 route-table ipv6
===============================================================================
IPv6 Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8:211::1/128 Local Local 00h12m36s 0
lb_itf_vprn 0
2001:db8:222::1/128 Remote BGP VPN 00h01m35s 170
2001:db8:aaaa:102:78a6:b000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
---snip---
===============================================================================
The IPv4 route table and IPv4 FIB remain empty, while the IPv6 route table and IPv6 FIB contain routes for the local, IS-IS, and SRv6 protocols. The remote destinations to PE-2 and P-5 are reached via the “int-PE-1-PE-2” interface. There are no routes yet for the local End.X functions. The local End.X functions are not yet instantiated, because there is no regular LFA protection while protection is enabled for End.X function. Verify the IPv6 route table.
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::2:1/128 Local Local 00h18m56s 0
system 0
2001:db8::2:2/128 Remote ISIS 00h03m43s 18
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8::2:3/128 Remote ISIS 00h03m43s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8::2:4/128 Remote ISIS 00h03m43s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8::2:5/128 Remote ISIS 00h03m43s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
2001:db8::168:12:0/126 Local Local 00h18m55s 0
int-PE-1-PE-2 0
2001:db8::168:14:0/126 Local Local 00h18m55s 0
int-PE-1-P-4 0
2001:db8::168:25:0/126 Remote ISIS 00h03m43s 18
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 31
2001:db8::168:34:0/126 Remote ISIS 00h03m43s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8::168:35:0/126 Remote ISIS 00h03m43s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
2001:db8:aaaa:101::/64 Local SRV6 00h05m06s 3
fe80::201-"_tmnx_fpe_2.a" 0
2001:db8:aaaa:101:0:1000::/128 Local SRV6 00h05m06s 3
Black Hole 0
2001:db8:aaaa:102::/64 Remote ISIS 00h03m33s 18
2001:db8:aaaa:102::/64 (tunneled:SRV6-ISIS) 10
2001:db8:aaaa:113::/64 Remote ISIS 00h03m22s 18
2001:db8:aaaa:113::/64 (tunneled:SRV6-ISIS) 20
2001:db8:aaaa:114::/64 Remote ISIS 00h03m10s 18
2001:db8:aaaa:114::/64 (tunneled:SRV6-ISIS) 10
2001:db8:aaaa:115::/64 Remote ISIS 00h02m58s 18
2001:db8:aaaa:115::/64 (tunneled:SRV6-ISIS) 30
-------------------------------------------------------------------------------
No. of Routes: 16
---snip---
===============================================================================
Verify the corresponding IPv6 FIB.
*A:PE-1# show router fib 1 ipv6
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
2001:db8::2:1/128 LOCAL
2001:db8::2:1 (system)
2001:db8::2:2/128 ISIS
fe80::60e:1ff:fe01:1 (int-PE-1-PE-2)
2001:db8::2:3/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8::2:4/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8::2:5/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8::168:12:0/126 LOCAL
2001:db8::168:12:0 (int-PE-1-PE-2)
2001:db8::168:14:0/126 LOCAL
2001:db8::168:14:0 (int-PE-1-P-4)
2001:db8::168:25:0/126 ISIS
fe80::60e:1ff:fe01:1 (int-PE-1-PE-2)
2001:db8::168:34:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8::168:35:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8:aaaa:101::/64 SRV6
fe80::201 (_tmnx_fpe_2.a)
2001:db8:aaaa:101:0:1000::/128 SRV6
Blackhole
2001:db8:aaaa:102::/64 ISIS
2001:db8:aaaa:102::/64 (Transport:SRV6:524289)
2001:db8:aaaa:113::/64 ISIS
2001:db8:aaaa:113::/64 (Transport:SRV6:524290)
2001:db8:aaaa:114::/64 ISIS
2001:db8:aaaa:114::/64 (Transport:SRV6:524291)
2001:db8:aaaa:115::/64 ISIS
2001:db8:aaaa:115::/64 (Transport:SRV6:524292)
-------------------------------------------------------------------------------
Total Entries : 16
-------------------------------------------------------------------------------
===============================================================================
The IS-IS data base contains the following information. Only the End functions are already instantiated, on their respective locators.
*A:PE-1# show router isis database detail
===============================================================================
Rtr Base ISIS Instance 0 Database (detail)
===============================================================================
Displaying Level 1 database
-------------------------------------------------------------------------------
Level (1) LSP Count : 0
Displaying Level 2 database
-------------------------------------------------------------------------------
LSP ID : PE-1.00-00 Level : L2
---snip---
SYS ID : 0010.0100.1001 SysID Len : 6 Used Len : 368
TLVs :
---snip---
Router Cap : 1.1.1.1, D:0, S:0
TE Node Cap : B E M P
SRv6 Cap: 0x0000
SR Alg: metric based SPF
Node MSD Cap: BMI : 0 SRH-MAX-SL : 10 SRH-MAX-END-POP : 9 SRH-MAX-H-ENCAPS : 1 SRH-MAX-END-D : 9
---snip---
TE IS Nbrs :
Nbr : PE-2.00
Default Metric : 10
---snip---
TE IS Nbrs :
Nbr : P-4.00
Default Metric : 10
---snip---
IPv6 Reach:
---snip---
Metric: ( I ) 0
Prefix : 2001:db8:aaaa:101::/64
SRv6 Locator :
MT ID : 0
Metric: ( ) 0 Algo:0
Prefix : 2001:db8:aaaa:101::/64
Sub TLV :
End-SID : 2001:db8:aaaa:101:0:1000::, flags:0x0, endpoint:End-USP
-------------------------------------------------------------------------------
LSP ID : PE-2.00-00 Level : L2
---snip---
SYS ID : 0010.0100.1002 SysID Len : 6 Used Len : 368
TLVs :
---snip---
Router Cap : 1.1.1.2, D:0, S:0
TE Node Cap : B E M P
SRv6 Cap: 0x0000
SR Alg: metric based SPF
Node MSD Cap: BMI : 0 SRH-MAX-SL : 10 SRH-MAX-END-POP : 9 SRH-MAX-H-ENCAPS : 1 SRH-MAX-END-D : 9
---snip---
TE IS Nbrs :
Nbr : PE-1.00
Default Metric : 10
---snip---
TE IS Nbrs :
Nbr : P-5.00
Default Metric : 21
---snip---
IPv6 Reach:
---snip---
Metric: ( I ) 21
Prefix : 2001:db8::168:25:0/126
Metric: ( I ) 0
Prefix : 2001:db8:aaaa:102::/64
SRv6 Locator :
MT ID : 0
Metric: ( ) 0 Algo:0
Prefix : 2001:db8:aaaa:102::/64
Sub TLV :
End-SID : 2001:db8:aaaa:102:0:1000::, flags:0x0, endpoint:End-USP
-------------------------------------------------------------------------------
LSP ID : P-3.00-00 Level : L2
---snip---
SYS ID : 0010.0100.1003 SysID Len : 6 Used Len : 367
TLVs :
---snip---
Router Cap : 1.1.1.3, D:0, S:0
TE Node Cap : B E M P
SRv6 Cap: 0x0000
SR Alg: metric based SPF
Node MSD Cap: BMI : 0 SRH-MAX-SL : 10 SRH-MAX-END-POP : 9 SRH-MAX-H-ENCAPS : 1 SRH-MAX-END-D : 9
---snip---
TE IS Nbrs :
Nbr : P-4.00
Default Metric : 10
---snip---
TE IS Nbrs :
Nbr : P-5.00
Default Metric : 10
---snip---
IPv6 Reach:
---snip---
Metric: ( I ) 0
Prefix : 2001:db8:aaaa:113::/64
SRv6 Locator :
MT ID : 0
Metric: ( ) 0 Algo:0
Prefix : 2001:db8:aaaa:113::/64
Sub TLV :
End-SID : 2001:db8:aaaa:113:0:1000::, flags:0x0, endpoint:End-USP
-------------------------------------------------------------------------------
LSP ID : P-4.00-00 Level : L2
---snip---
SYS ID : 0010.0100.1004 SysID Len : 6 Used Len : 367
TLVs :
---snip---
Router Cap : 1.1.1.4, D:0, S:0
TE Node Cap : B E M P
SRv6 Cap: 0x0000
SR Alg: metric based SPF
Node MSD Cap: BMI : 0 SRH-MAX-SL : 10 SRH-MAX-END-POP : 9 SRH-MAX-H-ENCAPS : 1 SRH-MAX-END-D : 9
---snip---
TE IS Nbrs :
Nbr : PE-1.00
Default Metric : 10
---snip---
TE IS Nbrs :
Nbr : P-3.00
Default Metric : 10
---snip---
IPv6 Reach:
---snip---
Metric: ( I ) 0
Prefix : 2001:db8:aaaa:114::/64
SRv6 Locator :
MT ID : 0
Metric: ( ) 0 Algo:0
Prefix : 2001:db8:aaaa:114::/64
Sub TLV :
End-SID : 2001:db8:aaaa:114:0:1000::, flags:0x0, endpoint:End-USP
-------------------------------------------------------------------------------
LSP ID : P-5.00-00 Level : L2
---snip---
SYS ID : 0010.0100.1005 SysID Len : 6 Used Len : 367
TLVs :
---snip---
Router Cap : 1.1.1.5, D:0, S:0
TE Node Cap : B E M P
SRv6 Cap: 0x0000
SR Alg: metric based SPF
Node MSD Cap: BMI : 0 SRH-MAX-SL : 10 SRH-MAX-END-POP : 9 SRH-MAX-H-ENCAPS : 1 SRH-MAX-END-D : 9
---snip---
TE IS Nbrs :
Nbr : PE-2.00
Default Metric : 21
---snip---
TE IS Nbrs :
Nbr : P-3.00
Default Metric : 10
---snip---
IPv6 Reach:
---snip---
Metric: ( I ) 21
Prefix : 2001:db8::168:25:0/126
---snip---
Metric: ( I ) 0
Prefix : 2001:db8:aaaa:115::/64
SRv6 Locator :
MT ID : 0
Metric: ( ) 0 Algo:0
Prefix : 2001:db8:aaaa:115::/64
Sub TLV :
End-SID : 2001:db8:aaaa:115:0:1000::, flags:0x0, endpoint:End-USP
Level (2) LSP Count : 5
-------------------------------------------------------------------------------
---snip---
===============================================================================
Verify the SRv6 local SIDs and SRv6 base routing instances on PE-1 and similar on PE-2. The End.X functions are not yet instantiated.
*A:PE-1# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
2001:db8:aaaa:101:0:1000:: End 1
PE-1_loc
Base
2001:db8:aaaa:101:78a6:b000:: End.DT6 494187
PE-1_loc
SvcId: 2 Name: VPRN_2
2001:db8:aaaa:101:78a6:c000:: End.DT4 494188
PE-1_loc
SvcId: 2 Name: VPRN_2
-------------------------------------------------------------------------------
SIDs : 3
-------------------------------------------------------------------------------
===============================================================================
The End.X functions not yet being instantiated can also be verified in the SRv6 base routing instances on PE-1 and similar on PE-2. Only the End function is already instantiated.
*A:PE-1# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
PE-1_loc
End 1 2001:db8:aaaa:101:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Verify that the tunnels have SRv6 encapsulation.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 srv6-isis SRV6 524289 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:aaaa:113::/64 srv6-isis SRV6 524290 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8:aaaa:114::/64 srv6-isis SRV6 524291 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:115::/64 srv6-isis SRV6 524292 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
-------------------------------------------------------------------------------
---snip---
===============================================================================
Verify the interfaces that the tunnels are using. Interface “int-PE-1-PE-2” is configured on port 1/1/c1/1:1000. Interface “int-PE-1-P-4” is configured on port 1/1/c2/1:1000. SRv6 data is transported to PE-2 over the link between PE-1 and PE-2, via next hop fe80::60e:1ff:fe01:1-"int-PE-1-PE-2".
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 SRV6 524289
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:113::/64 SRV6 524290
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:114::/64 SRV6 524291
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-------------------------------------------------------------------------------
Total Entries : 4
-------------------------------------------------------------------------------
===============================================================================
Configure LFA on PE-1
Example topology with metric 21 between PE-2 and P-5 shows the example topology with initial metrics that is used to verify the behavior when a PQ-router provides TI-LFA protection.
Configure regular LFA:
*A:PE-1# configure router Base isis 0
loopfree-alternates
exit all
Verify the IPv6 route table. There are two additional routes, corresponding with the End.X functions for locator “PE-1_loc” that are instantiated. The existing route to P-5 is loop-protected with regular LFA.
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
---snip---
2001:db8::2:5/128 [L] Remote ISIS 00h05m54s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
---snip---
2001:db8:aaaa:101:78a6:d000::/128 Local ISIS 00h00m33s 18
2001:db8:aaaa:101:78a6:d000:: (tunneled:SRV6-ISIS) 10
2001:db8:aaaa:101:78a6:e000::/128 Local ISIS 00h00m33s 18
2001:db8:aaaa:101:78a6:e000:: (tunneled:SRV6-ISIS) 10
---snip---
2001:db8:aaaa:115::/64 (tunneled:SRV6-ISIS) 30
-------------------------------------------------------------------------------
No. of Routes: 18
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
---snip---
===============================================================================
Verify the corresponding IPv6 FIB.
*A:PE-1# show router fib 1 ipv6
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
---snip---
2001:db8::2:5/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8:aaaa:101:78a6:d000::/128 ISIS
2001:db8:aaaa:101:78a6:d000:: (Transport:SRV6:524293)
2001:db8:aaaa:101:78a6:e000::/128 ISIS
2001:db8:aaaa:101:78a6:e000:: (Transport:SRV6:524294)
---snip---
-------------------------------------------------------------------------------
Total Entries : 18
-------------------------------------------------------------------------------
===============================================================================
The IS-IS database contains additional information about the End.X functions that are instantiated on PE-1. The End.X functions for the locator “PE-1_loc” are instantiated and advertised. There are no changes for the other routers.
*A:PE-1# show router isis database detail
===============================================================================
Rtr Base ISIS Instance 0 Database (detail)
===============================================================================
---snip---
Displaying Level 2 database
-------------------------------------------------------------------------------
LSP ID : PE-1.00-00 Level : L2
---snip---
TLVs :
---snip---
TE IS Nbrs :
Nbr : PE-2.00
Default Metric : 10
---snip---
End.X-SID: 2001:db8:aaaa:101:78a6:d000:: flags:B algo:0 weight:0 endpoint:End.X-USP
TE IS Nbrs :
Nbr : P-4.00
Default Metric : 10
---snip---
End.X-SID: 2001:db8:aaaa:101:78a6:e000:: flags:B algo:0 weight:0 endpoint:End.X-USP
---snip---
Level (2) LSP Count : 5
---snip---
===============================================================================
Verify the SRv6 local SIDs and SRv6 base routing instance on PE-1. The End.X functions are also instantiated.
*A:PE-1# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
---snip---
2001:db8:aaaa:101:78a6:d000:: End.X 494189
PE-1_loc
None
2001:db8:aaaa:101:78a6:e000:: End.X 494190
PE-1_loc
None
-------------------------------------------------------------------------------
SIDs : 5
-------------------------------------------------------------------------------
===============================================================================
The SRv6 functions are listed.
*A:PE-1# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
PE-1_loc
End 1 2001:db8:aaaa:101:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
End.X *494189 2001:db8:aaaa:101:78a6:d000:: 0
USP Protected int-PE-1-PE-2
ISIS Level: L2 Mac Address: 04:0e:01:01:00:01 Nbr Sys Id: 0010.0100.1002
End.X *494190 2001:db8:aaaa:101:78a6:e000:: 0
USP Protected int-PE-1-P-4
ISIS Level: L2 Mac Address: 04:16:01:01:00:01 Nbr Sys Id: 0010.0100.1004
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Verify the IPv6 tunnel table. There are two new SRv6 tunnels for the End.X functions and the existing SRv6 tunnel to P-5 is loop-protected via regular LFA.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
2001:db8:aaaa:101:78a6:d000::/128 srv6-isis SRV6 524293 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:aaaa:101:78a6:e000::/128 srv6-isis SRV6 524294 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
---snip---
2001:db8:aaaa:115::/64 [L] srv6-isis SRV6 524292 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
---snip---
===============================================================================
Verify the interfaces that the tunnels are using.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
---snip---
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2"(B) 1/1/c1/1:1000
2001:db8:aaaa:101:78a6:d000::/128 SRV6 524293
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:101:78a6:e000::/128 SRV6 524294
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-------------------------------------------------------------------------------
Total Entries : 6
-------------------------------------------------------------------------------
===============================================================================
Configure TI-LFA:
*A:PE-1# configure router Base isis 0
loopfree-alternates
ti-lfa
exit
exit all
There are no changes to the IPv6 route table, IPv6 FIB, IS-IS database, SRv6 local SIDs, and SRv6 base routing instance, while the change in LFA computation results in LFA protection for the tunnels to the remote routers. The existing SRv6 tunnels to PE-2, P-3 and P-4 are now also loop-protected. Verify the IPv6 tunnel table.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
2001:db8:aaaa:101:78a6:d000::/128 srv6-isis SRV6 524293 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:aaaa:101:78a6:e000::/128 srv6-isis SRV6 524294 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:102::/64 [L] srv6-isis SRV6 524289 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:aaaa:113::/64 [L] srv6-isis SRV6 524290 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8:aaaa:114::/64 [L] srv6-isis SRV6 524291 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:115::/64 [L] srv6-isis SRV6 524292 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
---snip---
===============================================================================
Verify the interfaces that the tunnels are using. When the link between PE-1 and PE-2 is operational, SRv6 data is transported to PE-2 over this link, via next hop fe80::60e:1ff:fe01:1-"int-PE-1-PE-2". When the link between PE-1 and PE-2 fails, SRv6 data is transported to PE-2 using a fast reroute (FRR) backup link between PE-1 and P-4, via backup next hop fe80::616:1ff:fe01:1-"int-PE-1-P-4". The SRv6 data is transported to PE-2 then, via an SRv6 tunnel to the End function on P-5, as the backup SID 2001:db8:aaaa:115:0:1000:: indicates.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 SRV6 524289
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:115:0:1000::
fe80::616:1ff:fe01:1-"int-PE-1-P-4"(B) 1/1/c2/1:1000
2001:db8:aaaa:113::/64 SRV6 524290
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:115:0:1000::
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2"(B) 1/1/c1/1:1000
2001:db8:aaaa:114::/64 SRV6 524291
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:115:0:1000::
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2"(B) 1/1/c1/1:1000
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2"(B) 1/1/c1/1:1000
2001:db8:aaaa:101:78a6:d000::/128 SRV6 524293
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:101:78a6:e000::/128 SRV6 524294
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-------------------------------------------------------------------------------
Total Entries : 6
-------------------------------------------------------------------------------
===============================================================================
With the topology as shown in Example topology, this behavior is described as follows:
There is no regular LFA protection for the destination prefix to PE-2 using the protected PE-1-PE-2 link, which can be understood when the regular LFA inequality is determined using a shortest-path distance (Spd) calculation:
where
- Spd is the shortest path distance (according to level 2 metrics)
- S is the source router (PE-1)
- D is the destination router (PE-2)
- N is the alternate next hop router or neighboring node (P-4)
If the outcome of the calculation is true, then regular LFA protection is valid; if the outcome is false, then there is no LFA protection.
In this case the outcome is false.
There is TI-LFA protection for all destination prefixes using the protected PE-1-PE-2 link, which is determined using the calculation for TI-LFA.
The TI-LFA inequality for the extended P-space P’ is:
where Yi is the set of routers {P-3, P-5} that are reachable from PE-1 and its neighbor P-4 on the post-convergence path to PE-2, without traversing the link between PE-1 and PE-2.
Apply this inequality to the set of routers Yi:
For Yi=P-3, the outcome is true. So P-3 is in P’:
For Yi=P-5, the outcome is true. So P-5 is in P’:
So, the extended P-space P’ = {P-3, P-5}
The TI-LFA inequality for the Q-space Q is:
where Zi is the set of routers {P-3, P-5} that are reachable from PE-2 using reverse SPF on the post-convergence path to PE-1 without traversing the link between PE-1 and PE-2.
Apply this inequality to the set of routers Zi:
For Zi=P-3, the outcome is false. So P-3 is not in Q:
For Zi=P-5, the outcome is true. So P-5 is in Q:
So, the Q-space Q = {P-5}
So, the link between PE-1 and PE-2 is TI-LFA protected with the PQ-router P-5 that belongs to the intersection of the extended P space P’ and the Q space.
SRv6 data is transported to P-4, P-3, and P-5 over the link between PE-1 and P-4, via next hop fe80::616:1ff:fe01:1-"int-PE-1-P-4". When the link between PE-1 and P-4 fails, SRv6 data is transported to P-4, P-3, and P-5 using a FRR backup link between PE-1 and PE-2, via backup next hop fe80::60e:1ff:fe01:1-"int-PE-1-PE-2". The SRv6 data is transported to P-4 and P-3 then via an SRv6 tunnel to the End function on P-5, as the backup SID 2001:db8:aaaa:115:0:1000:: indicates. The SRv6 data is transported to P-5 then without using an SRv6 tunnel, as the absence of a backup SID indicates.
Shut down the link between PE-1 and PE-2:
*A:PE-1# configure router Base interface "int-PE-1-PE-2" shutdown
Because PE-2 disappears as a traffic-engineered (TE) IS-IS neighbor of PE-1, the End.X function that corresponds with the interface “int-PE-1-PE-2” is no longer instantiated. The IPv6 route table and IPv6 FIB indicate that data transport from PE-1 to PE-2 and P-5 now follows a path with a higher metric via P-4. The route to the End.X function that corresponds with the interface “int-PE-1-PE-2” is no longer present. There is no longer LFA protection for the route to P-5. Verify the IPv6 route table.
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
---snip---
2001:db8::2:2/128 Remote ISIS 00h00m28s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
---snip---
2001:db8::2:5/128 Remote ISIS 00h09m54s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
2001:db8::168:12:0/126 Remote ISIS 00h00m28s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 61
---snip---
2001:db8::168:25:0/126 Remote ISIS 00h00m28s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
---snip---
-------------------------------------------------------------------------------
No. of Routes: 17
---snip---
===============================================================================
Verify the corresponding IPv6 FIB.
*A:PE-1# show router fib 1 ipv6
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
---snip---
2001:db8::2:2/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8::168:12:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8::168:25:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
-------------------------------------------------------------------------------
Total Entries : 17
-------------------------------------------------------------------------------
===============================================================================
Verify the SRv6 local SIDs and SRv6 base routing instance on PE-1. The SID that corresponds with the interface “int-PE-1-PE-2” is no longer present and is no longer advertised to the other routers.
*A:PE-1# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
2001:db8:aaaa:101:0:1000:: End 1
PE-1_loc
Base
2001:db8:aaaa:101:78a6:b000:: End.DT6 494187
PE-1_loc
SvcId: 2 Name: VPRN_2
2001:db8:aaaa:101:78a6:c000:: End.DT4 494188
PE-1_loc
SvcId: 2 Name: VPRN_2
2001:db8:aaaa:101:78a6:e000:: End.X 494190
PE-1_loc
None
-------------------------------------------------------------------------------
SIDs : 4
-------------------------------------------------------------------------------
===============================================================================
The End.X function with SID 2001:db8:aaaa:101:78a6:d000:: that corresponds with the interface “int-PE-1-PE-2” is no longer instantiated.
*A:PE-1# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
PE-1_loc
End 1 2001:db8:aaaa:101:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
End.X *494190 2001:db8:aaaa:101:78a6:e000:: 0
USP Protected int-PE-1-P-4
ISIS Level: L2 Mac Address: 04:16:01:01:00:01 Nbr Sys Id: 0010.0100.1004
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Verify the IPv6 tunnel table. There are no longer any backup tunnels and SRv6 data is transported to all destinations via the link between PE-1 and P-4.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
2001:db8:aaaa:101:78a6:e000::/128 srv6-isis SRV6 524294 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:102::/64 srv6-isis SRV6 524289 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
2001:db8:aaaa:113::/64 srv6-isis SRV6 524290 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8:aaaa:114::/64 srv6-isis SRV6 524291 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:115::/64 srv6-isis SRV6 524292 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 30
-------------------------------------------------------------------------------
---snip---
===============================================================================
Verify the interfaces that the tunnels are using. There is no longer any possibility for alternate routes.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 SRV6 524289
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:113::/64 SRV6 524290
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:114::/64 SRV6 524291
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:101:78a6:e000::/128 SRV6 524294
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-------------------------------------------------------------------------------
Total Entries : 5
-------------------------------------------------------------------------------
===============================================================================
Bring up again the link between PE-1 and PE-2 to restore the initial topology:
*A:PE-1# configure router Base interface "int-PE-1-PE-2" no shutdown
The End.X function that corresponds with the interface “int-PE-1-PE-2” is re-instantiated, but with SID 2001:db8:aaaa:101:78a6:f000:: and SRv6 Tunnel-ID 524295.
Modify metrics so that the P-router and the Q-router no longer coincide
Example topology with metric 21 between P-3 and P-5 shows the example topology with modified metrics that is used to verify the behavior when a disjointed P-router and Q-router provide TI-LFA protection.
Metrics can be modified for the interface "int-PE-2-P-5" on PE-2 with the command configure router "Base" isis 0 interface "int-PE-2-P-5" level 2 metric <value>. Similar commands apply for the interface "int-P-3-P-5" on P-3, and for the interfaces "int-P-5-PE-2" and "int-P-5-P-3" on P-5.
Verify the IPv6 route table. P-5 is now reached via interface “int-PE-1-PE-2”.
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
---snip---
2001:db8::2:5/128 Remote ISIS 00h01m00s 18
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 20
---snip---
2001:db8::168:35:0/126 Remote ISIS 00h00m26s 18
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 41
---snip---
-------------------------------------------------------------------------------
No. of Routes: 18
---snip---
===============================================================================
Verify the corresponding IPv6 FIB.
*A:PE-1# show router fib 1 ipv6
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
---snip---
2001:db8::2:5/128 ISIS
fe80::60e:1ff:fe01:1 (int-PE-1-PE-2)
---snip---
2001:db8::168:35:0/126 ISIS
fe80::60e:1ff:fe01:1 (int-PE-1-PE-2)
---snip---
-------------------------------------------------------------------------------
Total Entries : 18
-------------------------------------------------------------------------------
===============================================================================
On PE-1, apart from the metrics, the IS-IS data base, the SRv6 local SIDs, and the SRv6 base routing instance do not change.
Verify the IPv6 tunnel table.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
---snip---
2001:db8:aaaa:115::/64 srv6-isis SRV6 524292 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 20
-------------------------------------------------------------------------------
---snip---
===============================================================================
Verify the interfaces that the tunnels are using.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
---snip---
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
---snip---
-------------------------------------------------------------------------------
Total Entries : 6
-------------------------------------------------------------------------------
===============================================================================
Without support for LFA on P-3, the TI-LFA computation on PE-1 does not lead to a PQ-router, because the End.X functions on P-3 are neither instantiated nor advertised to the other routers.
On P-3, verify the SRv6 local SIDs and SRv6 base routing instance. The End.X functions are not yet instantiated.
*A:P-3# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
2001:db8:aaaa:113:0:1000:: End 1
P-3_loc
Base
-------------------------------------------------------------------------------
SIDs : 1
-------------------------------------------------------------------------------
===============================================================================
Only the End function is already instantiated. The End.X functions are not yet instantiated.
*A:P-3# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
P-3_loc
End 1 2001:db8:aaaa:113:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Configure LFA on P-3
*A:P-3# configure router Base isis 0
loopfree-alternates
exit all
The IS-IS database contains additional information about the End.X functions that are instantiated on P-3.
*A:PE-1# show router isis database detail
===============================================================================
Rtr Base ISIS Instance 0 Database (detail)
===============================================================================
---snip---
Displaying Level 2 database
-------------------------------------------------------------------------------
---snip---
-------------------------------------------------------------------------------
LSP ID : P-3.00-00 Level : L2
---snip---
TLVs :
---snip---
TE IS Nbrs :
Nbr : P-4.00
Default Metric : 10
---snip---
End.X-SID: 2001:db8:aaaa:113:0:4000:: flags:B algo:0 weight:0 endpoint:End.X-USP
TE IS Nbrs :
Nbr : P-5.00
Default Metric : 21
---snip---
End.X-SID: 2001:db8:aaaa:113:0:5000:: flags:B algo:0 weight:0 endpoint:End.X-USP
---snip---
Level (2) LSP Count : 5
-------------------------------------------------------------------------------
---snip---
===============================================================================
On PE-1, the IS-IS data base, the IPv6 route table, the IPv6 FIB, the SRv6 local SIDs, and the SRv6 base routing instance do not change.
On PE-3, verify the SRv6 local SIDs and SRv6 base routing instance. The End.X functions are also instantiated.
*A:P-3# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
2001:db8:aaaa:113:0:1000:: End 1
P-3_loc
Base
2001:db8:aaaa:113:0:4000:: End.X 4
P-3_loc
None
2001:db8:aaaa:113:0:5000:: End.X 5
P-3_loc
None
-------------------------------------------------------------------------------
SIDs : 3
-------------------------------------------------------------------------------
===============================================================================
*A:P-3# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
P-3_loc
End 1 2001:db8:aaaa:113:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
End.X *4 2001:db8:aaaa:113:0:4000:: 0
USP Protected int-P-3-P-4
ISIS Level: L2 Mac Address: 04:16:01:01:00:0b Nbr Sys Id: 0010.0100.1004
End.X *5 2001:db8:aaaa:113:0:5000:: 0
USP Protected int-P-3-P-5
ISIS Level: L2 Mac Address: 04:1a:01:01:00:0b Nbr Sys Id: 0010.0100.1005
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Verify the IPv6 tunnel table. The existing routes to PE-2 and P-5 are loop-protected.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
---snip---
2001:db8:aaaa:102::/64 [L] srv6-isis SRV6 524289 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 10
---snip---
2001:db8:aaaa:115::/64 [L] srv6-isis SRV6 524292 0
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 20
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
---snip---
===============================================================================
Verify the interfaces that the tunnels are using. Interface “int-PE-1-PE-2” is configured on port 1/1/c1/1:1000. Interface “int-PE-1-P-4” is configured on port 1/1/c2/1:1000.
When the link between PE-1 and PE-2 is operational, SRv6 data is transported to PE-2 over this link, via next hop fe80::60e:1ff:fe01:1-"int-PE-1-PE-2". When the link between PE-1 and PE-2 fails, SRv6 data is transported to PE-2 using a FRR backup link between PE-1 and P-4, via backup next hop fe80::616:1ff:fe01:1-"int-PE-1-P-4". The SRv6 data is transported to PE-2 then via an SRv6 tunnel to the End.X function on P-3, as the backup SID 2001:db8:aaaa:113:0:5000:: indicates, followed by source routing to P-5.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 SRV6 524289
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:113:0:5000::
fe80::616:1ff:fe01:1-"int-PE-1-P-4"(B) 1/1/c2/1:1000
---snip---
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::60e:1ff:fe01:1-"int-PE-1-PE-2" 1/1/c1/1:1000
2001:db8:aaaa:113:0:5000::
fe80::616:1ff:fe01:1-"int-PE-1-P-4"(B) 1/1/c2/1:1000
---snip---
-------------------------------------------------------------------------------
Total Entries : 6
-------------------------------------------------------------------------------
===============================================================================
With the topology as shown in Example topology with metric 21 between PE-2 and P-5, this behavior is described as follows:
There is no regular LFA protection for the destination prefix to PE-2 using the protected PE-1-PE-2 link, which can be understood when the regular LFA inequality is determined using a shortest-path distance (Spd) calculation:
where
- Spd is the shortest path distance (according to level 2 metrics)
- S is the source router (PE-1)
- D is the destination router (PE-2)
- N is the alternate next hop router or neighboring node (P-4)
If the outcome of the calculation is true, then regular LFA protection is valid; if the outcome is false, then there is no LFA protection.
In this case the outcome is false.
There is TI-LFA protection for all destination prefixes using the protected PE-1-PE-2 link:
The TI-LFA inequality for the extended P-space P’ is:
where Yi is the set of routers {P-3, P-5} that are reachable from PE-1 and its neighbor P-4 on the post-convergence path to PE-2, without traversing the link between PE-1 and PE-2.
Apply this inequality to the set of routers Yi:
For Yi=P-3, the outcome is true. So P-3 is in P’:
For Yi=P-5, the outcome is false. So P-5 is not in P’:
So, the extended P-space P’ = {P-3}
The TI-LFA inequality for the Q-space Q is:
where Zi is the set of routers {P-3, P-5} that are reachable from PE-2 using reverse SPF on the post-convergence path to PE-1 without traversing the link between PE-1 and PE-2.
Apply this inequality to the set of routers Zi:
For Zi=P-3, the outcome is false. So P-3 is not in Q:
For Zi=P-5, the outcome is true. So P-5 is in Q:
So, the Q-space Q = {P-5}
So, the link between PE-1 and PE-2 is TI-LFA protected with the P-router P-3 and Q-router P-5.
Shut down the link between PE-1 and PE-2
*A:PE-1# configure router Base interface "int-PE-1-PE-2" shutdown
Because PE-2 disappears as a TE IS-IS neighbor of PE-1, the End.X function that corresponds with the interface “int-PE-1-PE-2” is no longer instantiated. The IPv6 route table and IPv6 FIB indicate that data transport from PE-1 to PE-2 and P-5 now follows a path with a higher metric via P-4. Verify the IPv6 route table.
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
---snip---
2001:db8::2:2/128 Remote ISIS 00h00m29s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
---snip---
2001:db8::2:5/128 Remote ISIS 00h00m29s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 41
2001:db8::168:12:0/126 Remote ISIS 00h00m29s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 61
---snip---
2001:db8::168:25:0/126 Remote ISIS 00h00m29s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
---snip---
2001:db8::168:35:0/126 Remote ISIS 00h00m29s 18
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 41
---snip---
-------------------------------------------------------------------------------
No. of Routes: 17
---snip---
===============================================================================
Verify the corresponding IPv6 FIB.
*A:PE-1# show router fib 1 ipv6
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
---snip---
2001:db8::2:2/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8::2:5/128 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
2001:db8::168:12:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8::168:25:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
2001:db8::168:35:0/126 ISIS
fe80::616:1ff:fe01:1 (int-PE-1-P-4)
---snip---
-------------------------------------------------------------------------------
Total Entries : 17
-------------------------------------------------------------------------------
===============================================================================
Verify the SRv6 local SIDs and SRv6 base routing instance on PE-1. The SID that corresponds with the interface “int-PE-1-PE-2” is no longer present and is no longer advertised to the other routers.
*A:PE-1# show router segment-routing-v6 local-sid
===============================================================================
Segment Routing v6 Local SIDs
===============================================================================
SID Type Function
Locator
Context
-------------------------------------------------------------------------------
2001:db8:aaaa:101:0:1000:: End 1
PE-1_loc
Base
2001:db8:aaaa:101:78a6:b000:: End.DT6 494187
PE-1_loc
SvcId: 2 Name: VPRN_2
2001:db8:aaaa:101:78a6:c000:: End.DT4 494188
PE-1_loc
SvcId: 2 Name: VPRN_2
2001:db8:aaaa:101:78a6:e000:: End.X 494190
PE-1_loc
None
-------------------------------------------------------------------------------
SIDs : 4
-------------------------------------------------------------------------------
===============================================================================
The End.X function that corresponds with the interface “int-PE-1-PE-2” is no longer instantiated.
*A:PE-1# show router segment-routing-v6 base-routing-instance
===============================================================================
Segment Routing v6 Base Routing Instance
===============================================================================
Locator
Type Function SID Status/InstId
SRH-mode Protection Interface
-------------------------------------------------------------------------------
PE-1_loc
End 1 2001:db8:aaaa:101:0:1000:: ok
USP
-------------------------------------------------------------------------------
Auto-allocated End.X: USP Protected,
-------------------------------------------------------------------------------
End.X *494190 2001:db8:aaaa:101:78a6:e000:: 0
USP Protected int-PE-1-P-4
ISIS Level: L2 Mac Address: 04:16:01:01:00:01 Nbr Sys Id: 0010.0100.1004
-------------------------------------------------------------------------------
===============================================================================
Legend: * - System allocated
Verify the IPv6 tunnel table. There are no longer any backup tunnels and SRv6 data is transported to all destinations via the link between PE-1 and P-4.
*A:PE-1# show router tunnel-table ipv6
===============================================================================
IPv6 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref
Nexthop Color Metric
-------------------------------------------------------------------------------
2001:db8:aaaa:101:78a6:e000::/128 srv6-isis SRV6 524294 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:102::/64 srv6-isis SRV6 524289 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 51
2001:db8:aaaa:113::/64 srv6-isis SRV6 524290 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 20
2001:db8:aaaa:114::/64 srv6-isis SRV6 524291 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 10
2001:db8:aaaa:115::/64 srv6-isis SRV6 524292 0
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 41
-------------------------------------------------------------------------------
---snip---
===============================================================================
Verify the interfaces that the tunnels are using. There is no longer any possibility for alternate routes.
*A:PE-1# show router fp-tunnel-table 1 ipv6
===============================================================================
IPv6 Tunnel Table Display
Legend:
label stack is ordered from bottom-most to top-most
B - FRR Backup
===============================================================================
Destination Protocol Tunnel-ID
Lbl/SID
NextHop Intf/Tunnel
Lbl/SID (backup)
NextHop (backup)
-------------------------------------------------------------------------------
2001:db8:aaaa:102::/64 SRV6 524289
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:113::/64 SRV6 524290
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:114::/64 SRV6 524291
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:115::/64 SRV6 524292
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
2001:db8:aaaa:101:78a6:e000::/128 SRV6 524294
-
fe80::616:1ff:fe01:1-"int-PE-1-P-4" 1/1/c2/1:1000
-------------------------------------------------------------------------------
Total Entries : 5
-------------------------------------------------------------------------------
===============================================================================
Bring up again the link between PE-1 and PE-2 to restore the initial topology:
*A:PE-1# configure router Base interface "int-PE-1-PE-2" no shutdown
The End.X function that corresponds with the interface “int-PE-1-PE-2” is re-instantiated, but with SID 2001:db8:aaaa:101:78a7:: and Tunnel-ID 524296.
Conclusion
To guard against the failure of the initial data path, LFA protection via an LFA backup path is possible for SRv6 data transport.