Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
The OSPFv2 Loop-Free Alternate (LFA) IP Fast Reroute (IP FRR) feature uses a precomputed alternate next hop to reduce failure
reaction time when the primary next hop fails. It lets you configure a per-prefix LFA path that redirects traffic to a next
hop other than the primary neighbor. The forwarding decision is made and service is restored without other routers’ knowledge
of the failure.
Prerequisites for OSPFv2 Loop-Free Alternate IP Fast Reroute
Open Shortest Path First (OSPF) supports IP FRR only on platforms that support this feature in the forwarding plane. See
the Cisco Feature Navigator, http://www.cisco.com/go/cfn , for information on platform support. An account on Cisco.com is not required.
Restrictions for OSPFv2 Loop-Free Alternate IP Fast Reroute
IPv6 LFA IP FRR is not supported.
LFA IP FRR is not supported with primary path or backup path as Multiprotocol Label Switching (MPLS).
LFA IP FRR is not supported with primary path or backup path as Equal-Cost Multipath (ECMP).
LFA IP FRR is not supported for OSPFv2 VRF-Lite.
LFA IP FRR is only available in network-advantage license level.
Generic Routing Encapsulation (GRE) tunnel as primary path is not supported.
The convergence time may be higher in cases of high CPU utilisation.
The convergence time is dependent on the primary link status detection, and so if the physical link goes down in cases of
logical interfaces like Switched Virtual interface (SVI) and port channels, the convergence time is expected to be higher.
Information About OSPFv2 Loop-Free Alternate IP Fast Reroute
LFA Repair Paths
The figure below shows how the OSPFv2 LFA IP FRR feature reroutes traffic if a link fails. A protecting router precomputes
per-prefix repair paths and installs them in the global routing information base (RIB). When the protected primary path fails,
the protecting router diverts live traffic from the primary path to the stored repair path, without other routers’ having
to recompute network topology or even be aware that the network topology has changed.
LFA Repair Path Attributes
When a primary path fails, many paths are possible repair candidates. The OSPFv2 LFA IP FRR feature default selection policy
prioritizes attributes in the following order:
If the evaluation does not select any candidate, the repair path is selected by implicit load balancing. This means that
repair path selection varies depending on prefix.
You can use the showipospffast-reroute command to display the current configuration.
You can use the fast-reroutetie-break command to configure one or more of the repair-path attributes described in the following sections to select among the candidates:
Shared Risk Link Groups
A shared risk link group (SRLG) is a group of next-hop interfaces of repair and protected primary paths that have a high
likelihood of failing simultaneously. The OSPFv2 LFA IP FRR feature supports only SRLGs that are locally configured on the
computing router. VLANs on a single physical interface are an example of an SRLG. If the physical interface fails, all the
VLAN interfaces will fail at the same time. The default repair-path attributes might result in the primary path on one VLAN
being protected by a repair path over another VLAN. You can configure the srlg attribute to specify that LFA repair paths
do not share the same SRLG ID as the primary path. Use the srlg command to assign an interface to an SRLG.
Point-to-point interfaces have no alternate next hop for rerouting if the primary gateway fails. You can set the interface-disjoint
attribute to prevent selection of such repair paths, thus protecting the interface.
Broadcast Interface Protection
LFA repair paths protect links when a repair path and a protected primary path use different next-hop interfaces. However,
on broadcast interfaces, if the LFA repair path is computed via the same interface as the primary path, but their next-hop
gateways are different, the node is protected but the link might not be. You can set the broadcast-interface-disjoint attribute
to specify that the repair path never crosses the broadcast network the primary path points to; that is, it cannot use the
interface and the broadcast network connected to it.
The default repair-path attributes might not protect the router that is the next hop in a primary path. You can configure
the node-protecting attribute to specify that the repair path will bypass the primary-path gateway router.
In the case of a high-level network failure or multiple simultaneous network failures, traffic sent over an alternate path
might loop until OSPF recomputes the primary paths. You can configure the downstream attribute to specify that the metric
of any repair path to the protected destination must be lower than that of the protecting node to the destination. This might
result in lost traffic but it prevents looping.
Line-Card Disjoint Interfaces
Line-card interfaces are similar to SRLGs because all interfaces on the same line card will fail at the same time if there
is a problem with the line card, for example, line card online insertion and removal (OIR). You can configure the linecard-disjoint
attribute to specify that LFA repair paths use different interfaces than those on the primary-path line card.
An LFA repair path need not be the most efficient of the candidates. A high-cost repair path might be considered more attractive
if it provides protection against higher-level network failures. You can configure the metric attribute to specify a repair-path
policy that has the lowest metric.
Equal-Cost Multipath Primary Paths
Equal-cost multipath paths (ECMPs) found during the primary shortest path first (SPF) repair, might not be desirable in network
designs where traffic is known to exceed the capacity of any single link. You can configure the primary-path attribute to
specify an LFA repair path from the ECMP set, or the secondary-path attribute to specify an LFA repair path that is not from
the ECMP set.
Candidate Repair-Path Lists
When OSPF computes a repair path, it keeps in the local RIB only the best from among all the candidate paths, in order to
conserve memory. You can use the fast-reroute keep-all-paths command to create a list of all the candidate repair paths that were considered. This information can be useful for troubleshooting
but it can greatly increase memory consumption so it should be reserved for testing and debugging.
How to Configure OSPFv2 Loop-Free Alternate IP Fast Reroute
Enabling Per-Prefix OSPFv2 Loop-Free Alternate IP Fast Reroute
Perform this task to enable per-prefix OSPFv2 Loop-Free Alternate IP Fast Reroute and select the prefix priority in an OSPF
Command or Action
Enables privileged EXEC mode.
Enter your password if prompted.
Device# configure terminal
Enters global configuration mode.
Device(config)# router ospf 10
Enables OSPF routing and enters router configuration mode.
Example: Prohibiting an Interface from Being a Protecting Interface
The following example shows how to prohibit an interface from being a protecting interface:
Device# configure terminal
Device(config)# interface Ethernet 0/0
Device(config-if)# ip address 192.0.2.1 255.255.255.0
Device(config-if)# ip ospf fast-reroute per-prefix candidate disable
Feature Information for OSPFv2 Loop-Free Alternate IP Fast Reroute
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for OSPFv2 Loop-Free Alternate IP Fast Reroute
OSPFv2 Loop-Free Alternate IP Fast Reroute
Cisco IOS XE Amsterdam 17.3.1
The OSPFv2 Loop-Free Alternate IP Fast Reroute feature uses a
precomputed alternate next hop to reduce failure reaction time
when the primary next hop fails.