Loop-Free Alternate path with OSPFv2

当链路发生故障后,可以依靠路由协议重新收敛,计算出新的路径转发数据报文,这种方式通常会花费很长的时间,在几百毫秒以上,已经满足不了网络延时要求特别高的应用。基于RFC5286的LFA FRR(Loop-Free Alternate Fast Reroute)技术,借助链路状态协议的特性,在链路故障前就计算出备份路径,在链路故障时不用等待重新路由协议收敛就可以快速通过备份路径转发流量,能够保证倒换延时在50毫秒以内。

一、类型一:Link Protection

当满足不等式D (N,D) < D (N,S) + D (S,D)时,可以形成链路级保护

以前缀10.4.4.4/32为例,主路径是R1->R4,四台路由器基本配置:

R1

!
interface Loopback1
ip address 10.1.1.1 255.255.255.255
!
router ospf 1
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute keep-all-paths
network 10.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
network 10.10.13.1 0.0.0.0 area 0
network 10.10.14.1 0.0.0.0 area 0
!
R2!
interface Loopback1
ip address 10.2.2.2 255.255.255.255
end
!
router ospf 1
network 10.2.2.2 0.0.0.0 area 0
network 10.10.12.2 0.0.0.0 area 0
network 10.10.23.2 0.0.0.0 area 0
network 10.10.24.2 0.0.0.0 area 0
!
R3
interface Loopback1
ip address 10.3.3.3 255.255.255.255
!
router ospf 1
network 10.3.3.3 0.0.0.0 area 0
network 10.10.13.3 0.0.0.0 area 0
network 10.10.23.3 0.0.0.0 area 0
network 10.10.34.3 0.0.0.0 area 0
!
R4!
interface Loopback1
ip address 10.4.4.4 255.255.255.255
!
router ospf 1
network 10.4.4.4 0.0.0.0 area 0
network 10.10.14.4 0.0.0.0 area 0
network 10.10.24.4 0.0.0.0 area 0
network 10.10.34.4 0.0.0.0 area 0
!

R1在计算链路R1–R4的备份路径的时候,会根据下面的不等式去计算

D (N,D) < D (N,S) + D (S,D),不等式标识的含义如下表20170721-LFA-1

R2 :10 < 10 + 10 ——> 满足不等式
R3 :20 < 10 + 10 ——> 不满足不等式

在路由器R1上面查看备份路径,由于R3不满足不等式关系,所以下一跳是R2,备份路径是R1–R2

Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr

  • IntfDj : This shows that repair path used a different interface (Eth0/0) as compared to primary path (Eth1/0).
  • BcastDj : This shows that repair path used a different broadcast interface (Eth0/0) as compared to primary path (Eth1/0).
  • LC Dj: This flag shows that repair path used a different linecard (Eth0/0, module 0) as compared to primary path (Eth1/0, module 1).

本实验使用的是CSR1000V模拟器,所以没有LC Dj标记

R1#show version
Cisco IOS XE Software, Version 03.13.00.S – Extended Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S, RELEASE SOFTWARE (fc11)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 28-Jul-14 00:46 by mcpre

二、类型二:Node Protection

20170721-LFA-Node-Protection

当满足不等式D(N,D) < D(N,E) + D(E,D)时,可以形成节点级保护

以前缀10.3.3.3/32为例,主路径是R1->R4->R3,四台路由器基本配置:

三、基本配置

R1

!
interface Loopback1
ip address 10.1.1.1 255.255.255.255
!
router ospf 1
fast-reroute per-prefix enable area 0 prefix-priority high
fast-reroute keep-all-paths
network 10.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
network 10.10.14.1 0.0.0.0 area 0
!
R2!
interface Loopback1
ip address 10.2.2.2 255.255.255.255
end
!
router ospf 1
network 10.2.2.2 0.0.0.0 area 0
network 10.10.12.2 0.0.0.0 area 0
network 10.10.23.2 0.0.0.0 area 0
network 10.10.24.2 0.0.0.0 area 0
!
R3
interface Loopback1
ip address 10.3.3.3 255.255.255.255
!
router ospf 1
network 10.3.3.3 0.0.0.0 area 0
network 10.10.23.3 0.0.0.0 area 0
network 10.10.34.3 0.0.0.0 area 0
!
R4!
interface Loopback1
ip address 10.4.4.4 255.255.255.255
!
router ospf 1
network 10.4.4.4 0.0.0.0 area 0
network 10.10.14.4 0.0.0.0 area 0
network 10.10.24.4 0.0.0.0 area 0
network 10.10.34.4 0.0.0.0 area 0
!

四、验证结果

R1在计算备份节点的时候,会根据下面的不等式去计算

D(N,D) < D(N,E) + D(E,D)
R2 :10 < 10 + 15 ——> 满足不等式

在路由器R1上面查看备份路径,R2为备份下一跳,备份路径是R1–R2,并且形成节点级保护

20170721-LFA-Node-Protection-1

20170721-LFA-Node-Protection-2.jpeg

Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr

  • NodeProt : This flag shows that R2 provides node protection against failure of primary next hop R4.
  • Downstr : This flag shows that R2 is closer to destination than local router R1.

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

You are commenting using your WordPress.com account. Log Out /  更改 )

Google photo

You are commenting using your Google account. Log Out /  更改 )

Twitter picture

You are commenting using your Twitter account. Log Out /  更改 )

Facebook photo

You are commenting using your Facebook account. Log Out /  更改 )

Connecting to %s