One of the key advantages of MPLS is the fast convergence after a link or node failure. In this post, I will go through various LSP protection features supported on Juniper router.
Secondary path protection
This following config creates a LSP path to 192.168.1.2 (other PE) that goes via first strict hop of 172.22.210.2 (the next hop have to be this IP), and via next loose hop of 192.168.5.6 (i.e. the path LSP takes travel via this loose hop, but this hop does not neccessarily follow immediately the previous strict hop). If this path is not available, LSP can go via a secondary path, which is any path.
lab@PE1# show
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
primary strict-first-hop;
secondary any-path;
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
path any-path;
Verification
lab@PE1> show rsvp session ingress extensive
Ingress RSVP: 1 sessions
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 305376
Resv style: 1 FF, Label in: -, Label out: 305376
Time left: -, Since: Mon Aug 6 18:16:45 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 3 receiver 13826 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 6 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 6 pkts
Explct route: 172.22.210.2 192.168.5.6
Record route: self 172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
Total 1 displayed, Up 1, Down 0
lab@PE1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.1.2
From: 192.168.1.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-1
ActivePath: strict-first-hop (primary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
15 Aug 6 18:16:45.128 Selected as active path
14 Aug 6 18:16:45.126 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
13 Aug 6 18:16:45.126 Up
12 Aug 6 18:16:45.110 Originate Call
11 Aug 6 18:16:45.109 Clear Call
10 Aug 6 18:16:45.109 Deselected as active
9 Aug 6 18:15:48.062 Selected as active path: due to 'primary'
8 Aug 6 18:14:47.904 Record Route: 172.22.210.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.213.1
7 Aug 6 18:14:47.904 Up
6 Aug 6 18:14:47.896 ResvTear received
5 Aug 6 18:14:47.896 172.22.210.1: Down
4 Aug 6 18:14:45.946 Record Route: 172.22.210.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.207.1 172.22.212.1
3 Aug 6 18:14:45.946 Up
2 Aug 6 18:14:45.750 172.22.207.1: Routing loop detected
1 Aug 6 18:14:45.741 Originate Call
Secondary any-path State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
14 Aug 6 18:19:41.145 Clear Call
13 Aug 6 18:19:40.483 Record Route: 172.22.211.2 172.22.203.2 172.22.204.2 172.22.213.1
12 Aug 6 18:19:40.483 Up
11 Aug 6 18:19:40.469 Originate Call
10 Aug 6 18:19:40.467 Clear Call
9 Aug 6 18:17:15.077 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
8 Aug 6 18:17:15.077 Up
7 Aug 6 18:17:15.062 Originate Call
6 Aug 6 18:16:45.110 Clear Call
5 Aug 6 18:15:48.062 Deselected as active: due to 'primary'
4 Aug 6 18:14:45.930 Selected as active path
3 Aug 6 18:14:45.928 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
2 Aug 6 18:14:45.928 Up
1 Aug 6 18:14:45.753 Originate Call
Created: Mon Aug 6 18:14:45 2012
Total 1 displayed, Up 1, Down 0
In this config, the secondary path is not up. It is only signalled, after the primary path is down.
Secondary Standby protection
[edit protocols mpls] lab@PE1# set label-switched-path pe1-to-pe2-1 secondary any-path standby
The full MPLS protocol config is
[edit protocols mpls]
lab@PE1# show
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
primary strict-first-hop;
secondary any-path {
standby;
}
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
path any-path;
interface em1.210;
interface em2.211;
Note that with this config, the Secondary LSP is also up even when the Primary is up, which will help with convergence.
lab@PE1> show rsvp session ingress extensive
Ingress RSVP: 2 sessions
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 305376
Resv style: 1 FF, Label in: -, Label out: 305376
Time left: -, Since: Mon Aug 6 18:16:45 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 3 receiver 13826 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 23 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 21 pkts
Explct route: 172.22.210.2 192.168.5.6
Record route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 305408
Resv style: 1 FF, Label in: -, Label out: 305408
Time left: -, Since: Mon Aug 6 18:29:26 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 6 receiver 13827 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 4 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 4 pkts
Record route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
Total 2 displayed, Up 2, Down 0
lab@PE1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.1.2
From: 192.168.1.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-1
ActivePath: strict-first-hop (primary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
15 Aug 6 18:16:45.128 Selected as active path
14 Aug 6 18:16:45.126 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.213.1
13 Aug 6 18:16:45.126 Up
12 Aug 6 18:16:45.110 Originate Call
11 Aug 6 18:16:45.109 Clear Call
10 Aug 6 18:16:45.109 Deselected as active
9 Aug 6 18:15:48.062 Selected as active path: due to 'primary'
8 Aug 6 18:14:47.904 Record Route: 172.22.210.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.213.1
7 Aug 6 18:14:47.904 Up
6 Aug 6 18:14:47.896 ResvTear received
5 Aug 6 18:14:47.896 172.22.210.1: Down
4 Aug 6 18:14:45.946 Record Route: 172.22.210.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.207.1 172.22.212.1
3 Aug 6 18:14:45.946 Up
2 Aug 6 18:14:45.750 172.22.207.1: Routing loop detected
1 Aug 6 18:14:45.741 Originate Call
Standby any-path State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
17 Aug 6 18:29:26.285 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
16 Aug 6 18:29:26.285 Up
15 Aug 6 18:29:26.270 Originate Call
14 Aug 6 18:19:41.145 Clear Call
13 Aug 6 18:19:40.483 Record Route: 172.22.211.2 172.22.203.2 172.22.204.2 172.22.213.1
12 Aug 6 18:19:40.483 Up
11 Aug 6 18:19:40.469 Originate Call
10 Aug 6 18:19:40.467 Clear Call
9 Aug 6 18:17:15.077 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
8 Aug 6 18:17:15.077 Up
7 Aug 6 18:17:15.062 Originate Call
6 Aug 6 18:16:45.110 Clear Call
5 Aug 6 18:15:48.062 Deselected as active: due to 'primary'
4 Aug 6 18:14:45.930 Selected as active path
3 Aug 6 18:14:45.928 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
2 Aug 6 18:14:45.928 Up
1 Aug 6 18:14:45.753 Originate Call
Created: Mon Aug 6 18:14:45 2012
Total 1 displayed, Up 1, Down 0
Secondary/Secondary protection
With Primary/Secondary protection option, when the Primary is up after a failure, it resumes its primary role. This behaviour is similar to a Preempt option in HSRP. We can config LSP with 2 secondary path, without a Primary one. In this case, the LSP will not revert back to the first secondary, once it comes back from a failure.
Configuration is as follow:
[edit protocols mpls]
lab@PE1# show
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
secondary strict-first-hop;
secondary any-path;
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
path any-path;
interface em1.210;
interface em2.211;
Fast-Reroute Protected LSP
Fast reroute attempt to protect the entire LSP. Every intermediate downstream router creates a backup detour path to the next downstream router.
[edit protocols mpls]
lab@PE1# show
no-cspf;
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
fast-reroute;
primary strict-first-hop;
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
lab@PE1> show rsvp session ingress extensive
Ingress RSVP: 1 sessions
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 305504
Resv style: 1 FF, Label in: -, Label out: 305504
Time left: -, Since: Mon Aug 6 18:44:34 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 8 receiver 13826 protocol 0
FastReroute desired
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 7 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 10 pkts
Explct route: 172.22.210.2 192.168.5.6
Record route: self 172.22.210.2 172.22.201.2 172.22.205.2 172.22.204.2 172.22.213.1
Detour is Up
Detour Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Detour adspec: sent MTU 1500
Path MTU: received 1500
Detour PATH sentto: 172.22.211.2 (em2.211) 4 pkts
Detour RESV rcvfrom: 172.22.211.2 (em2.211) 2 pkts
Detour Explct route: 172.22.211.2 172.22.203.2 172.22.204.2 172.22.213.1
Detour Record route: self 172.22.211.2 172.22.203.2 172.22.204.2 172.22.213.1
Detour Label out: 305968
Total 1 displayed, Up 1, Down 0
Link Protected LSPs
While fast reroute attempts to protect the entire path of a given LSP, you can apply link protection on a per-interface basis as needed.
Configuration:
lab@PE1> show configuration protocols mpls
no-cspf;
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
link-protection;
primary strict-first-hop;
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
Verification:
lab@PE1> show rsvp session ingress extensive
Ingress RSVP: 2 sessions
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 305520
Resv style: 1 SE, Label in: -, Label out: 305520
Time left: -, Since: Mon Aug 6 18:47:35 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 13829 protocol 0
Link protection desired
Type: Link protected LSP, using Bypass->172.22.210.2
2 Aug 6 18:48:29 Link protection up, using Bypass->172.22.210.2
1 Aug 6 18:47:44 New bypass Bypass->172.22.210.2
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 6 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 4 pkts
Explct route: 172.22.210.2 192.168.5.6
Record route: 192.168.5.1 (node-id) 172.22.210.2 192.168.5.2 (node-id) 172.22.201.2 192.168.5.3 (node-id)
172.22.206.2 192.168.5.6 (node-id) 172.22.207.2 192.168.1.2 (node-id) 172.22.213.1
192.168.5.1
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->172.22.210.2
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 306016
Resv style: 1 SE, Label in: -, Label out: 306016
Time left: -, Since: Mon Aug 6 18:47:46 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 13830 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 1
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.211.2 (em2.211) 4 pkts
RESV rcvfrom: 172.22.211.2 (em2.211) 4 pkts
Explct route: 172.22.211.2 172.22.202.1
Record route: 172.22.211.2 172.22.202.1
Total 2 displayed, Up 2, Down 0
Node-Link Protected LSPs
Similarly to link protection, we can enable protection for a selected node rather than for an entire LSP. The ingress router will set up a bypass LSP around the first downstream node.
[edit protocols mpls]
lab@PE1# show
no-cspf;
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
no-cspf;
node-link-protection;
primary strict-first-hop;
}
path strict-first-hop {
172.22.210.2 strict;
192.168.5.6 loose;
}
Verification
lab@R1> show rsvp session ingress
Ingress RSVP: 2 sessions
To From State Rt Style Labelin Labelout LSPname
192.168.1.2 192.168.1.1 Up 0 1 SE - 302912 pe1-to-pe2-1
192.168.5.4 192.168.1.1 Up 0 1 SE - 3 Bypass->172.22.210.2->172.22.202.2
Total 2 displayed, Up 2, Down 0
lab@R1> show rsvp session ingress extensive
Ingress RSVP: 2 sessions
192.168.1.2
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 302912
Resv style: 1 SE, Label in: -, Label out: 302912
Time left: -, Since: Thu Aug 9 02:24:34 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 12 receiver 13924 protocol 0
Node/Link protection desired
Type: Node/Link protected LSP, using Bypass->172.22.210.2->172.22.202.2
2 Aug 9 02:25:28 Node protection up, using Bypass->172.22.210.2->172.22.202.2
1 Aug 9 02:24:43 New bypass Bypass->172.22.210.2
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.210.2 (em1.210) 14 pkts
RESV rcvfrom: 172.22.210.2 (em1.210) 12 pkts
Explct route: 172.22.210.2 192.168.5.6
Record route: 192.168.5.1 (node-id) 172.22.210.2 192.168.5.4 (node-id) 172.22.202.2
192.168.5.5 (node-id) 172.22.203.2 192.168.5.6 (node-id) 172.22.204.2 192.168.1.2 (node-id) 172.22.213.1
192.168.5.4
From: 192.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->172.22.210.2->172.22.202.2 <<<< This is node/link protection LSP
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 3
Resv style: 1 SE, Label in: -, Label out: 3
Time left: -, Since: Thu Aug 9 02:25:11 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 13941 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 1
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.211.2 (em2.211) 11 pkts
RESV rcvfrom: 172.22.211.2 (em2.211) 11 pkts
Explct route: 172.22.211.2
Record route: 172.22.211.2
Total 2 displayed, Up 2, Down 0
These two RSVP sessions (primary and bypass) are permanently up in normal network condition.
Packet Corner 