Configuring MPLS TE Path Protection
This chapter describes how to configure Multiprotocol Label Switching (MPLS) path protection for traffic engineering (TE) on Cisco NX-OS devices.
This chapter includes the following sections:
- Finding Feature Information, page 19-1
- Information About MPLS TE Path Protection, page 19-1
- Licensing Requirements for MPLS TE Path Protection, page 19-4
- Prerequisites for MPLS TE Path Protection, page 19-4
- Guidelines and Limitations for MPLS TE Path Protection, page 19-4
- Configuring MPLS TE Path Protection, page 19-4
- Verifying the MPLS TE Path Protection Configuration, page 19-7
- Configuration Examples for MPLS TE Path Protection, page 19-10
- Additional References for MPLS TE Path Protection, page 19-16
- Feature History for MPLS TE Path Protection, page 19-17
Information About MPLS TE Path Protection
Path protection provides an end-to-end failure recovery function (full path protection) for MPLS TE tunnels.
This section includes the following topics:
Path Protection
A secondary label switched path (LSP) is configured and established to provide failure protection for the LSP that is carrying a tunnel’s TE traffic. When there is a failure on the protected LSP, the headend router immediately enables the secondary LSP to temporarily carry the tunnel’s traffic. If there is a failure on the secondary LSP, the tunnel no longer has path protection until the failure along the secondary path is cleared.
The failure detection functions that trigger a switchover to a secondary tunnel include the following:
- Path error or resv tear from RSVP signaling
- Notification from the Bidirectional Forwarding Detection (BFD) protocol that a neighbor is lost
- Notification from the Interior Gateway Protocol (IGP) that the adjacency is down
- Local teardown of the protected tunnel’s LSP due to preemption in order to signal higher priority LSPs, online insertion and removal (OIR), and so forth
An alternate recovery function is Fast Reroute (FRR), which protects MPLS TE LSPs only from link and node failures by locally repairing the LSPs at the point of failure.
Although not as fast as link or node protection, presignaling a secondary LSP is faster than configuring a secondary primary path option or allowing the tunnel’s headend router to dynamically recalculate a path. The actual recovery time is topology-dependent and is affected by delay factors such as propagation delay or switch fabric latency.
ISSU
Cisco In Service Software Upgrade (ISSU) allows you to perform a Cisco NX-OS software upgrade or downgrade while the system continues to forward packets. ISSU takes advantage of the Cisco NX-OS high availability infrastructure (Cisco nonstop forwarding [NSF] with stateful switchover [SSO] and hardware redundancy) and eliminates the downtime that is associated with software upgrades or version changes by allowing changes while the system remains in service. Cisco ISSU lowers the impact that planned maintenance activities have on network service availability; there is less downtime and better access to critical systems.
When path protection is enabled and an ISSU upgrade is performed, path protection performance is similar to that of other TE features.
NSF/SSO
Cisco NSF with SSO provides continuous packet forwarding, even during a network processor hardware or software failure.
Path protection can recover after SSO. A tunnel configured for path protection may have two LSPs signaled simultaneously: the primary LSP that is carrying the traffic and the secondary LSP that carries traffic if there is a failure along the primary path. Only information associated with one of those LSPs, the one that is currently carrying traffic, is synchronized to the standby system. On recovery, the standby system can determine from the checkpointed information whether the LSP was the primary or secondary.
If the primary LSP was active during the switchover, only the primary LSP is recovered. The secondary LSP that was signaled and provided path protection is resignaled after the TE recovery period is complete. This process does not impact the traffic on the tunnel because the secondary LSP was not carrying traffic.
Licensing Requirements for MPLS TE Path Protection
|
|
Cisco NX-OS |
MPLS TE path protection requires an MPLS license. For a complete explanation of the NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide. |
Prerequisites for MPLS TE Path Protection
Path protection has the following prerequisites:
- The MPLS TE feature must be enabled. MPLS TE can be enabled or disabled by the [ no ] feature mpls traffic-eng command and is disabled by default. See the “Configuring MPLS TE”.
- Configure a TE tunnel with a primary path option by using the path-option command.
Guidelines and Limitations for MPLS TE Path Protection
Path protection has the following configuration guidelines and limitations:
- The secondary path will not be signaled with the FRR flag.
- Dynamic diverse paths are not supported. You must configure an explicit path for the secondary LSP that avoids using any shared links with the primary LSP.
- Do not use link and node protection with path protection on the headend router.
Configuring MPLS TE Path Protection
This section includes the following topics:
These tasks are described in the following sections and are shown in Figure 19-1.
Figure 19-1 Network Topology—Path Protection
Configuring Explicit Paths for Secondary Paths
You can specify a secondary path that does not include common links or nodes associated with the primary path in case those links or nodes go down.
Prerequisites
You must enable the MPLS TE feature (see the “Configuring MPLS TE”).
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. configure terminal
2. mpls traffic-eng configuration
3. [ no ] explicit-path { name path-name | identifier number }
4. index index command ip-address
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
mpls traffic-eng configuration Example: switch(config)# mpls traffic–eng configuration switch(config-te)# |
Enters MPLS TE configuration mode. |
Step 3 |
[ no ] explicit-path { name path-name | identifier number } Example: switch(config-te)# explicit-path name path1223 switch(config-te-expl-path) |
Creates or modifies the explicit path and enters explicit path configuration mode. |
Step 4 |
index index command ip-address Example: switch(config-te-expl-path)# index 10 next-address 10.0.0.2 |
Inserts or modifies a path entry at a specific index. The command argument can be the exclude-address keyword or the next-address keyword. The ip-address argument represents the node ID. Note Enter this command once for each router or switch along the secondary path. |
Assigning a Secondary Path Option to Protect a Primary Path Option
You can assign a secondary path option in case there is a link or node failure along a path and all interfaces in your network are not protected.
Prerequisites
You must have the MPLS TE feature enabled (see the “Configuring MPLS TE”).
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. configure terminal
2. interface tunnel-te number
3. path-option protect number explicit { identifier path-number | name path-name } [ attributes lsp-attributes | bandwidth kbps | lockdown ] [ verbatim ]
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
interface tunnel-te number Example: switch(config)# interface tunnel-te 1 switch(config-if-te)# |
Enters TE interface configuration mode. The number argument identifies the tunnel number to be configured. |
Step 3 |
path-option protect number explicit { identifier path-number | name path-name } [ attributes lsp-attributes | bandwidth kbps | lockdown ] [ verbatim ] Example: switch(config-if-te)# path-option protect 10 explicit name path344 |
Configures a secondary path option for an MPLS TE tunnel. |
Verifying the MPLS TE Path Protection Configuration
You can display the path protection configuration. Steps 1 and 2 refer to Figure 19-2.
Figure 19-2 Network Topology Verification
To display path protection for verification, perform one of the following tasks:
|
|
|
|
show running interface tunnel-te number |
Displays the configuration of the primary path and the protection path options. |
|
show mpls traffic-eng tunnels tunnel-te number |
Displays tunnel path information. |
|
show mpls traffic-eng tunnels tunnel-te number protection |
Displays the status of both LSPs (primary path and protected path), when the protection keyword is specified. Note Deleting a primary path option has the same effect as shutting down a link. Traffic moves to the protected path. |
Examples
The following example shows how to display the configuration of the primary path and protection path options.
Note To show the status of both LSPs (primary path and protected path), use the show mpls traffic-eng tunnels command with the protection keyword.
switch# show running interface tunnel-te500
Building configuration...
Current configuration : 497 bytes
!
interface Tunnel-te500
ip unnumbered Loopback0
destination 10.0.0.9
autoroute announce
priority 7 7
bandwidth 100
path-option 10 explicit name path344
path-option 20 explicit name path345
path-option protect 10 explicit name path3441
path-option protect 20 explicit name path348
end
The following example shows how to display tunnel path information.
The command output shows no common links or nodes.
Note The Common Link(s) field shows the number of links shared by both primary and secondary paths, from the headend router to the tailend router.
The Common Node(s) field shows the number of nodes shared by both primary and secondary paths, excluding the headend and tailend routers.
switch# show mpls traffic-eng tunnels tunnel-te500
Name: R1_t500 (Tunnel-te500) Destination: 10.0.0.9
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit path344 (Basis for Setup, path weight 20)
path option 20, type explicit path345
Path Protection: 0 Common Link(s), 0 Common Node(s)
path protect option 10, type explicit path3441 (Basis for Protect, path weight 20)
path protect option 20, type explicit path348
Config Parameters:
Bandwidth: 100 kb/s (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : Ethernet1/0, 16
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 19
RSVP Path Info:
My Address: 10.2.0.1
Explicit Route: 10.2.0.2 10.10.0.1 10.10.0.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
Shortest Unconstrained Path Info:
Path Weight: 20 (TE)
Explicit Route: 10.2.0.1 10.2.0.2 10.10.0.1 10.10.0.2 10.0.0.9
History:
Tunnel:
Time since created: 11 minutes, 17 seconds
Time since path change: 8 minutes, 5 seconds
Number of LSP IDs (Tun_Instances) used: 19
Current LSP:
Uptime: 8 minutes, 5 seconds
The following example shows how to display the status of both LSPs (primary path and protected path) when the protection keyword is specified.
Note Deleting a primary path option has the same effect as shutting down a link. Traffic moves to the protected path.
The command output shows that both primary LSP and secondary LSP are up and protection is enabled:
switch# show mpls traffic-eng tunnels tunnel-te500 protection
R1_t500
LSP Head, Tunnel-te500, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.0.0.9, Instance 19
Fast Reroute Protection: None
Path Protection: 0 Common Link(s), 0 Common Node(s)
Primary lsp path:10.2.0.1 10.2.0.2
10.10.0.1 10.10.0.2
10.0.0.9
Protect lsp path:10.0.0.1 10.0.0.2
10.0.1.1 10.0.1.2
10.0.0.9
Path Protect Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
InLabel : -
OutLabel : Ethernet0/0, 16
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 27
RSVP Path Info:
My Address: 10.0.0.1
Explicit Route: 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
The following example shows that the primary LSP is down and that the secondary LSP is up and is carrying traffic:
switch# show mpls traffic-eng tunnels tunnel-te500 protection
R1_t500
LSP Head, Tunnel-te500, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.0.0.9, Instance 27
Fast Reroute Protection: None
Path Protection: Backup lsp in use.
Configuration Examples for MPLS TE Path Protection
This section includes the following topics:
Example: Configuring Explicit Paths for Secondary Paths
Figure 19-3 shows a primary path and a secondary path. If there is a failure, the secondary path is used.
Figure 19-3 Primary Path and Secondary Path
The following example shows that the explicit path is named path3441. There is an index command for each router. If there is failure, the secondary path is used.
switch(config)# mpls traffic-eng configuration
switch(config-te)# explicit-path name path3441
switch(config-te-expl-path)# index 1 next-address 10.0.0.1
Explicit Path name path3441:
switch(config-te-expl-path)# index 2 next-address 10.0.0.2
Explicit Path name path3441:
switch(config-te-expl-path)# index 3 next-address 10.0.1.1
Explicit Path name path3441:
switch(config-te-expl-path)# index 4 next-address 10.0.1.2
Explicit Path name path3441:
Example: Assigning a Secondary Path Option to Protect a Primary Path Option
The following example shows that a TE tunnel is configured:
switch# configure terminal
switch(config)# interface tunnel-te500
switch(config-if-te)# path-option protect 10 explicit name path344
The following example shows that path protection has been configured. Tunnel 500 has path option 10 using path344 and protected by path 3441, and path option 20 using path345 and protected by path348.
switch# show running interface tunnel-te500
Building configuration...
Current configuration : 497 bytes
!
interface Tunnel-te500
ip unnumbered Loopback0
destination 10.0.0.9
autoroute announce
priority 7 7
bandwidth 100
path-option 10 explicit name path344
path-option 20 explicit name path345
path-option protect 10 explicit name path3441
path-option protect 20 explicit name path348
end
Example: Configuring Tunnels Before and After Path Protection
The following example shows information about the primary (protected) path. The following sample output shows that path protection has been configured:
switch# show mpls traffic-eng tunnels tunnel-te500
Name: R1_t500 (Tunnel-te500) Destination: 10.0.0.9
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit path344 (Basis for Setup, path weight 20)
path option 20, type explicit path345
Path Protection: 0 Common Link(s), 0 Common Node(s)
path protect option 10, type explicit path3441 (Basis for Protect, path weight 20)
path protect option 20, type explicit path348
Config Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : Ethernet1/0, 16
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 43
RSVP Path Info:
My Address: 10.2.0.1
Explicit Route: 10.2.0.2 10.10.0.1 10.10.0.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
Shortest Unconstrained Path Info:
Path Weight: 20 (TE)
Explicit Route: 10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2
10.0.0.9
History:
Tunnel:
Time since created: 18 minutes, 22 seconds
Time since path change: 19 seconds
Number of LSP IDs (Tun_Instances) used: 43
Current LSP:
Uptime: 22 seconds
Selection: reoptimization
Prior LSP:
ID: path option 10 [27]
Removal Trigger: reoptimization completed
The following example shows information about the secondary path. Tunnel500 is protected. The protection path is used, and the primary path is down. The command output shows the IP explicit paths of the primary LSP and the secondary LSP.
switch# show mpls traffic-eng tunnels tunnel-te500 protection
R1_t500
LSP Head, Tunnel500, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.0.0.9, Instance 43
Fast Reroute Protection: None
Path Protection: 0 Common Link(s), 0 Common Node(s)
Primary lsp path:10.2.0.1 10.2.0.2
10.10.0.1 10.10.0.2
10.0.0.9
Protect lsp path:10.0.0.1 10.0.0.2
10.0.1.1 10.0.1.2
10.0.0.9
Path Protect Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
InLabel : -
OutLabel : Ethernet0/0, 17
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 44
RSVP Path Info:
My Address: 10.0.0.1
Explicit Route: 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
R1#
The following example shows how to shut down the interface to use path protection:
switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface e1/0
switch(config-if)# shutdown
The following example shows that the protection path is used and the primary path is down:
switch# show mpls traffic-eng tunnels tunnel-te500
Name: R1_t500 (Tunnel-te500) Destination: 10.0.0.9
Status:
Admin: up Oper: up Path: valid Signalling: connected
path protect option 10, type explicit path3441 (Basis for Protect, path weight 20)
path option 10, type explicit path344
path option 20, type explicit path345
Path Protection: Backup lsp in use.
path protect option 10, type explicit path3441 (Basis for Protect, path weight 20)
path protect option 20, type explicit path348
Config Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : Ethernet0/0, 17
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 44
RSVP Path Info:
My Address: 10.0.0.1
Explicit Route: 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
Shortest Unconstrained Path Info:
Path Weight: 20 (TE)
Explicit Route: 10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
History:
Tunnel:
Time since created: 23 minutes, 28 seconds
Time since path change: 50 seconds
Number of LSP IDs (Tun_Instances) used: 44
Current LSP:
Uptime: 5 minutes, 24 seconds
Selection:
Prior LSP:
ID: path option 10 [43]
Removal Trigger: path error
Last Error: PCALC:: Explicit path has unknown address, 10.2.0.1
R1#
The following example shows that protection is enabled:
switch# show mpls traffic-eng tunnels tunnel-te500 protection
R1_t500
LSP Head, Tunnel-te500, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.0.0.9, Instance 44
Fast Reroute Protection: None
Path Protection: Backup lsp in use.
R1#
The following example shows that the interface is up again and the primary path is activated:
switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface ethernet1/0
switch(config-if)# no shutdown
The following example shows that path protection has been reestablished and the primary path is being used:
switch# show mpls traffic-eng tunnels tunnel-te500
Name: R1_t500 (Tunnel-te500) Destination: 10.0.0.9
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit path344 (Basis for Setup, path weight 20)
path option 20, type explicit path345
Path Protection: 0 Common Link(s), 0 Common Node(s)
path protect option 10, type explicit path3441 (Basis for Protect, path weight 20)
path protect option 20, type explicit path348
Config Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : Ethernet1/0, 16
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 52
RSVP Path Info:
My Address: 10.2.0.1
Explicit Route: 10.2.0.2 10.10.0.1 10.10.0.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
Shortest Unconstrained Path Info:
Path Weight: 20 (TE)
Explicit Route: 10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
History:
Tunnel:
Time since created: 25 minutes, 26 seconds
Time since path change: 23 seconds
Number of LSP IDs (Tun_Instances) used: 52
Current LSP:
Uptime: 26 seconds
Selection: reoptimization
Prior LSP:
ID: path option 10 [44]
Removal Trigger: reoptimization completed
switch#
The following example shows that Tunnel-te500 is protected and after a failure, the primary LSP is protected:
switch# show mpls traffic-eng tunnels tunnel-te500 protection
R1_t500
LSP Head, Tunnel-te500, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.0.0.9, Instance 52
Fast Reroute Protection: None
Path Protection: 0 Common Link(s), 0 Common Node(s)
Primary lsp path:10.2.0.1 10.2.0.2
10.10.0.1 10.10.0.2
10.0.0.9
Protect lsp path:10.0.0.1 10.0.2
10.0.1.1 10.0.1.2
10.0.0.9
Path Protect Parameters:
Bandwidth: 100 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
InLabel : -
OutLabel : Ethernet0/0, 16
RSVP Signalling Info:
Src 10.1.1.1, Dst 10.0.0.9, Tun_Id 500, Tun_Instance 53
RSVP Path Info:
My Address: 10.0.0.1
Explicit Route: 10.0.0.2 10.0.1.1 10.0.1.2 10.0.0.9
Record Route: NONE
Tspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=100 kbits, burst=1000 bytes, peak rate=100 kbits
switch#
Additional References for MPLS TE Path Protection
The following sections provide references related to the MPLS TE path protection feature.
MIBs
|
|
- CISCO-IETF-FRR-MIB
- MPLS TE-STD-MIB
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
Feature History for MPLS TE Path Protection
Table 19-1 lists the release history for this feature.
Table 19-1 Feature History for MPLS TE Path Protection
|
|
|
Path protection |
5.2(1) |
This feature was introduced. |