- Preface
- Product Overview
- Configuring the Router for the First Time
- Configuring a Supervisor Engine 720
- Configuring a Route Switch Processor 720
- Configuring NSF with SSO Supervisor Engine Redundancy
- ISSU and eFSU on Cisco 7600 Series Routers
- Configuring RPR and RPR+ Supervisor Engine Redundancy
- Configuring Interfaces
- Configuring a Supervisor Engine 32
- Configuring LAN Ports for Layer 2 Switching
- Configuring Flex Links
- Configuring EtherChannels
- Configuring VTP
- Configuring VLANs
- Configuring Private VLANs
- Configuring Cisco IP Phone Support
- Configuring IEEE 802.1Q Tunneling
- Configuring Layer 2 Protocol Tunneling
- Configuring L2TPv3
- Configuring STP and MST
- Configuring Optional STP Features
- Configuring Layer 3 Interfaces
- Configuring GTP-SLB IPV6 Support
- IP Subscriber Awareness over Ethernet
- Configuring UDE and UDLR
- Configuring Multiprotocol Label Switching on the PFC
- Configuring IPv4 Multicast VPN Support
- Configuring Multicast VPN Extranet Support
- Configuring IP Unicast Layer 3 Switching
- Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching
- Configuring IPv4 Multicast Layer 3 Switching
- Configuring MLDv2 Snooping for IPv6 Multicast Traffic
- Configuring IGMP Snooping for IPv4 Multicast Traffic
- Configuring PIM Snooping
- Configuring Network Security
- Understanding Cisco IOS ACL Support
- Configuring VRF aware 6RD Tunnels
- Configuring VLAN ACLs
- Private Hosts (Using PACLs)
- Configuring IPv6 PACL
- IPv6 First-Hop Security Features
- Configuring Online Diagnostics
- Configuring Denial of Service Protection
- Configuring DHCP Snooping
- Configuring Dynamic ARP Inspection
- Configuring Traffic Storm Control
- Unknown Unicast Flood Blocking
- Configuring PFC QoS
- Configuring PFC QoS Statistics Data Export
- Configuring MPLS QoS on the PFC
- Configuring LSM MLDP based MVPN Support
- Configuring IEEE 802.1X Port-Based Authentication
- Configuring IEEE 802.1ad
- Configuring Port Security
- Configuring UDLD
- Configuring NetFlow and NDE
- Configuring Local SPAN, RSPAN, and ERSPAN
- Configuring SNMP IfIndex Persistence
- Power Management and Environmental Monitoring
- Configuring Web Cache Services Using WCCP
- Using the Top N Utility
- Using the Layer 2 Traceroute Utility
- Configuring Bidirectional Forwarding and Detection over Switched Virtual Interface
- Configuring Call Home
- Configuring IPv6 Policy Based Routing
- Using the Mini Protocol Analyzer
- Configuring Resilient Ethernet Protocol
- Configuring Synchronous Ethernet
- Configuring Link State Tracking
- Configuring BGP PIC Edge and Core for IP and MPLS
- Configuring VRF aware IPv6 tunnels over IPv4 transport
- ISIS IPv4 Loop Free Alternate Fast Reroute (LFA FRR)
- Multicast Service Reflection
- Y.1731 Performance Monitoring
- Online Diagnostic Tests
- Acronyms
- Cisco IOS Release 15S Software Images
- Index
ISIS IPv4 Loop Free Alternate Fast Reroute (LFA FRR)
Loop Free Alternate (LFA) Fast Reroute (FRR) uses a backup route, pre-computed using the dynamic routing protocol, whenever a network fails. The backup routes (repair paths) are pre-computed and installed on the router as the backup for the primary paths. Once the router detects a link or adjacent node failure, it switches to the backup path to avoid traffic loss.
Before Release 15.1(2)S, when a link or a router failed, or returned to service, the distributed routing algorithms computed the new routes based on the changes in the network. The time during which the new routes are computed is referred to as routing transition. Until the routing transition is completed, the network connectivity was interrupted because the routers adjacent to a failure continue to forward the data packets through the failed component until an alternative path is identified.
A scenario where the service failures caused by routing transitions were hidden by high-level protocols that retransmit the lost data packets. However, packet drop is not acceptable in case of audio/video data traffic. For these data services, the interruptions caused by routing transition and re-convergence should be transparent to a user. Effective from Release 15.1(2)S, the ISIS IPv4 Loop Free Alternate Fast ReRoute (LFA FRR) feature reduces the routing transition time to 50 ms. Currently, the IOS LFA FRR feature is supported only on the IGP Intermediate System-to-Intermediate System (ISIS) protocol.
Note Effective from Release 15.1(3)S, the IOS LFA FRR feature supports Virtual Private LAN Services (VPLS) with 50ms routing transition time on ES+ line cards.
Restrictions for ISISI LFA FRR
The following restrictions apply to the ISIS IPv4 LFA FRR feature:
- Maximum number of next-hops supported is 40.
- Maximum number of prefixes supported is 10000.
- LFA FRR feature is supported only on IGP ISIS protocol.
- Only unicast repair paths are supported.
- ISIS does not select a link that belongs to the same Shared Risk Link Groups (SRLG) as a failed link.
- LAN interfaces are not recommended for LFA FRR primary paths due to longer link-down detection time. However, LAN interfaces can be used for a repair path.
- LAN interfaces configured as the core facing interfaces for VPLS over IP-FRR are not supported.
- A maximum of six port-channel (PoCH) interfaces (LAG-NNI) are supported in the core for VPLS over IP-FRR.
- Configure the LAN interfaces with a single neighbor using the isis network point-to-point command.
- If a Traffic Engineering (TE) FRR fail-over follows LFA FRR fail-over, the 50ms convergence is not guaranteed when the FRR protected TE tunnel is configured as repair path for IP FRR.
- ISIS does not calculate LFA for prefixes where the primary interface is a tunnel interface. However, you can configure a TE tunnel (plain and FRR protected).
- GRE tunnel as a primary or a backup tunnel is not supported for VPLS.
- For an IP FRR protected prefix having multiple equal cost primary paths, only one IP GRE tunnel is supported as repair path for all the primary paths.
- Only ES+ card supports VPLS over IP-FRR in both imposition and disposition direction.
– VPLS over IP FRR feature consists of forwarding VPLS traffic (at PE) over IP-FRR protected core links. From the platform point of view, it requires programming of NP tables so that while imposition - when primary link fails, VPLS traffic switches to protected link. Similarly during disposition, NP tables should be able to identify which link (primary/backup) the traffic has come from. This extra imposition and disposition programming can be done only on ES+ line card.
- ISIS implementation waits for 5000 ms after the primary Shortest Path First (SPF) is identified for LFA calculation. A configured paths is protected only after ISIS completes the LFA calculation.
- Sub-interfaces are supported for repair interfaces only.
- ISIS LFA FRR feature supports only IPV4 prefixes.
- The LFA FRR does not support 50 ms convergence for MPLS labelled traffic when the repair path uses a GRE tunnel (MPLS over GRE).
- When a port-channel is configured as the primary path, the IP FRR convergence time is between 50 to 100 ms. Use the port-channel min-links link_number config command to reduce the convergence time when a port-channel fails.
Configuring IOS IPFRR Support on the Cisco 7600 Series Routers
You can configure the IOS LFA FRR support on the Cisco 7600 series router. For more information, see http://www.cisco.com/en/US/docs/ios/iproute_isis/configuration/guide/irs_ipv4_lfafrr.html.
Verification
Verify the IOS LFA FRR configuration using the remote commands to collect the verification information from the Distributed Forwarding Card (DFC) and Switch Processor (SP). Use these commands to verify the configuration:
- Use the show mls cef ip-address command to confirm whether the recirculation is programmed in line with the FRR protection.
- Use the show mls cef ip-address detail command to retrieve the adjacency entry address and hardware share (m-value) for the specific prefix lookup:
- Use the show mls cef adjacency entry entry_id detail command to display the actual adjacency details such as recirculation VLAN and the label stack imposed on the incoming packet:
- Use the show mls cef mpls label label_id detail command to verify the primary and repair path adjacencies corresponding to the internal label imposed on the incoming packet:
Note The entry corresponding to VPN 510 represents the primary path and VPN 511 represents the repair path.