Supported Platforms
Example: Configuring Link and Node Protection for IS-IS Routes
Understanding Loop-Free Alternate Routes for IS-IS
In Junos OS Release 9.5 and later, support for IS-IS loop-free alternate routes enables IP fast-reroute capability for IS-IS. Junos OS precomputes loop-free backup routes for all IS-IS routes. These backup routes are preinstalled in the Packet Forwarding Engine, which performs a local repair and implements the backup path when the link for a primary next hop for a particular route is no longer available. With local repair, the Packet Forwarding Engine can correct a path failure before it receives recomputed paths from the Routing Engine. Local repair reduces the amount of time needed to reroute traffic to less than 50 milliseconds. In contrast, global repair can take up to 800 milliseconds to compute a new route. Local repair and global repair are thus complementary. Local repair enables traffic to continue to be routed using a backup path until global repair is able to calculate a new route.
A loop-free path is one that does not forward traffic back through the routing device to reach a given destination. That is, a neighbor whose shortest path to the destination traverses the routing device is not used as a backup route to that destination. To determine loop-free alternate paths for IS-IS routes, Junos OS runs shortest-path-first (SPF) calculations on each one-hop neighbor. You can enable support for alternate loop-free routes on any IS-IS interface. Because it is common practice to enable LDP on an interface for which IS-IS is already enabled, this feature also provides support for LDP label-switched paths (LSPs).
 | Note: If you enable support for alternate loop-free routes on an interface configured for both LDP and IS-IS, you can use the traceroute command to trace the active path to the primary next hop. |
The level of backup coverage available through IS-IS routes depends on the actual network topology and is typically less than 100 percent for all destinations on any given routing device. You can extend backup coverage to include RSVP LSPs.
Junos OS provides two mechanisms for route redundancy for IS-IS through alternate loop-free routes: link protection and node-link protection. When you enable link protection or node-link protection on an IS-IS interface, Junos OS creates a single alternate path to the primary next hop for all destination routes that traverse a protected interface. Link protection offers per-link traffic protection. Use link protection when you assume that only a single link might become unavailable but that the neighboring node on the primary path would still be available through another interface.
Node-link protection establishes an alternate path through a different routing device altogether. Use node-link protection when you assume that access to a node is lost when a link is no longer available. As a result, Junos OS calculates a backup path that avoids the primary next-hop routing device. In Junos OS Release 9.4 and earlier, only the RSVP protocol supports Packet Forwarding Engine local repair and fast reroute as well as link protection and node protection.
In Figure 1, Case 2 shows how link protection allows source Router A to switch to Link B when the primary next hop Link A to destination Router C fails. However, if Router B fails, Link B also fails, and the protected Link A is lost. If node-link protection is enabled, Router A is able to switch to Link D on Router D and bypass the failed Router B altogether. As shown in Case 1, with node-link protection enabled, Router A has a node-link protection alternate path available through Router D to destination Router C. That means that if Router B fails, Router A can still reach Router C because the path from Router A to Link D remains available as an alternate backup path.
Figure 1: Link Protection and Node-Link Protection Comparison for IS-IS Routes
The Junos OS implementation of support for loop-free alternate paths for IS-IS routes is based on the following standards:
- RFC 5286, Basic Specification for IP Fast-Reroute: Loop-free Alternates
- RFC 5714, IP Fast Reroute Framework
Configuring Link Protection for IS-IS
You can configure link protection on any interface for which IS-IS is enabled. When you enable link protection, Junos OS creates one alternate path to the primary next hop for all destination routes that traverse a protected interface. Link protection assumes that only a single link becomes unavailable but that the neighboring node would still be available through another interface.
| Note: You must also configure a per-packet load-balancing routing policy to ensure that the routing protocol process installs all the next hops for a given route in the routing table. |
To enable link protection, include the link-protection statement at the [edit protocols isis interface interface-name] hierarchy level:
Configuring Node-Link Protection for IS-IS
You can configure node-link protection on any interface for which IS-IS is enabled. Node-link protection establishes an alternate path through a different routing device altogether for all destination routes that traverse a protected interface. Node-link protection assumes that the entire routing device, or node, has failed. Junos OS therefore calculates a backup path that avoids the primary next-hop routing device.
| Note: You must also configure a per-packet load-balancing routing policy to ensure that the routing protocol process installs all the next hops for a given route in the routing table. |
To enable node-link protection, include the node-link-protection statement at the [edit protocols isis interface interface-name] hierarchy level:
Excluding an IS-IS Interface as a Backup for Protected Interfaces
By default, all IS-IS interfaces that belong to the master instance or a specific routing instance are eligible as backup interfaces for protected interfaces. You can specify that any IS-IS interface be excluded from functioning as a backup interface to protected interfaces. To exclude an IS-IS interface as a backup interface, include the no-eligible-backup statement at the [edit protocols isis interface interface-name] hierarchy level:
Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS
Relying on the shortest-path-first (SPF) calculation of backup paths for one-hop neighbors might result in less than 100 percent backup coverage for a specific network topology. You can enhance coverage of IS-IS and LDP label-switched paths (LSPs) by configuring RSVP LSPs as backup paths. To configure a specific RSVP LSP as a backup path, include the backup statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level:
When configuring an LSP, you must specify the IP address of the egress routing device with the to statement. For detailed information about configuring LSPs and RSVP, see the RSVP Configuration Guide.
Using Operational Mode Commands to Monitor Protected IS-IS Routes
You can issue operational mode commands that provide more details about your link-protected and node-link-protected IS-IS routes. The following guidelines explain the type of information available from the output of each command:
- show isis backup label-switched-path—Displays which MPLS LSPs have been designated as backup paths and the current status of those LSPs.
- show isis backup spf results—Displays SPF calculations for each neighbor for a given destination. Indicates whether a specific interface or node has been designated as a backup path and why. Use the no-coverage option to display only those nodes that do not have backup coverage.
- show isis backup coverage —Displays the percentage of nodes and prefixes for each type of address family that is protected.
- show isis interface detail—Displays the type of protection (link or node-link) applied to each protected interface.
Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN
Node-link protection establishes an alternate path through a different routing device. Use node-link protection when you assume that access to a node is lost when a link is no longer available. Junos OS calculates a backup path that avoids the primary next-hop routing device.
Requirements
This example requires Junos OS Release 9.5 or later.
No special configuration beyond device initialization is required before configuring this example.
Overview
In this example, core-facing interfaces are enabled for IS-IS Level 2, LDP, and RSVP. Node-link protection is enabled on all the core-facing interfaces, which means that if the primary next hop for any destination that traverses the interfaces becomes unavailable, Junos OS uses a backup link that avoids the next-hop router altogether if necessary.
You also need to configure a routing policy that requires all traffic to use per-packet load balancing in order to enable Packet Forwarding Engine local repair. With local repair, the Packet Forwarding Engine can correct a path failure and implement a backup loop-free alternate route before it receives recomputed paths from the Routing Engine.
Figure 2 shows the topology used in this example.
Figure 2: IS-IS Node-Link Protection Topology
On Device PE1, an RSVP LSP is configured as a backup path for IS-IS. Relying on the shortest-path-first (SPF) calculation of backup paths for one-hop neighbors might result in less than 100 percent backup coverage for a specific network topology. You can enhance coverage of IS-IS and LDP LSPs by configuring RSVP LSPs as backup paths. To configure a specific RSVP LSP as a backup path, include the backup statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level.
CLI Quick Configuration shows the configuration for all of the devices in Figure 2. The section Step-by-Step Procedure describes the steps on Device P1.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Device CE1
Device PE1
Device P1
Device P2
Device P3
Device PE2
Device CE2
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure multi-level IS-IS:
- Configure the interfaces.
Enable IS-IS and MPLS.
[edit interfaces]user@P1# set fe-1/2/0 unit 0 family inet address 10.0.0.6/30user@P1# set fe-1/2/0 unit 0 family isouser@P1# set fe-1/2/0 unit 0 family mplsuser@P1# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30user@P1# set fe-1/2/1 unit 0 family isouser@P1# set fe-1/2/1 unit 0 family mplsuser@P1# set fe-1/2/2 unit 0 family inet address 10.0.0.25/30user@P1# set fe-1/2/2 unit 0 family isouser@P1# set fe-1/2/2 unit 0 family mplsuser@P1# set lo0 unit 0 family inet address 10.255.3.3/32user@P1# set lo0 unit 0 family iso address 49.0001.0010.0000.0303.00 - Configure the IS-IS interfaces for Level 2.[edit protocols]user@P1# set isis interface all level 2 metric 10user@P1# set isis interface all level 1 disableuser@P1# set isis interface fxp0.0 disableuser@P1# set isis interface lo0.0 level 2 metric 0
- Enable IS-IS node-link protection, which also automatically
extends backup coverage to all LDP LSPs.[edit protocols]user@P1# set isis interface all node-link-protection
- (Optional) Configure a 1000-millisecond time interval
between the detection of a topology change and when the SPF algorithm
runs.[edit protocols]user@P1# set isis spf-options delay 1000
- Configure MPLS to use both RSVP and LDP label-switched
paths (LSPs).[edit protocols]user@P1# set mpls interface alluser@P1# set mpls interface fxp0.0 disableuser@P1# set rsvp interface alluser@P1# set rsvp interface fxp0.0 disableuser@P1# set ldp interface alluser@P1# set ldp interface fxp0.0 disable
- (Optional) For LDP, enable forwarding equivalence class
(FEC) deaggregation, which results in faster global convergence.[edit protocols]user@P1# set ldp deaggregate
- To enable Packet Forwarding Engine local repair, establish
a policy that forces the routing protocol process to install all the
next hops for a given route.
This policy ensures that the backup route is installed in the forwarding table used by the Packet Forwarding Engine to forward traffic to a given destination.
[edit policy-options policy-statement ecmp term 1]user@P1# set then load-balance per-packet - Apply the policy to the forwarding table of the local
router with the export statement.[edit routing-options forwarding-table]user@P1# set export ecmp
Results
From configuration mode, confirm your configuration by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Checking the MPLS LSP Backup Path
- Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the Destination Node
- Checking the Backup Coverage
- Checking the Type of Protection Configured
Checking the MPLS LSP Backup Path
Purpose
Display information about the MPLS label-switched-paths (LSPs) designated as the backup route for the IS-IS routes.
Action
On Device PE1, from operational mode, enter the show isis backup label-switched-path command.
user@PE1> show isis backup label-switched-pathBackup MPLS LSPs: to-p2, Egress: 10.255.4.4, Status: up, Last change: 01:17:45 TE-metric: 19, Metric: 0, Refcount: 1
Meaning
The output shows that the backup path is up and operational.
Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the Destination Node
Purpose
Display SPF calculations for each neighbor for a given destination.
Action
On Device PE1, from operational mode, enter the show isis backup spf results command.
user@PE1> show isis backup spf results
IS-IS level 1 SPF results:
0 nodes
IS-IS level 2 SPF results:
PE2.00
Primary next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 10, Root Preference: 0x0
track-item: P2.00-00
Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
Root: P3, Root Metric: 10, Metric: 10, Root Preference: 0x0
Not eligible, Reason: Interface is already covered
Root: P1, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: P3.00-00
Not eligible, Reason: Interface is already covered
P2.00
Primary next-hop: fe-1/2/1.0, IPV4, P1, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 0, Root Preference: 0x0
track-item: P2.00-00
Not eligible, Reason: Primary next-hop link fate sharing
Root: P1, Root Metric: 10, Metric: 10, Root Preference: 0x0
Not eligible, Reason: Primary next-hop link fate sharing
Root: P3, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: P1.00-00
Not eligible, Reason: Primary next-hop node fate sharing
P3.00
Primary next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 20, Root Preference: 0x0
track-item: P3.00-00
track-item: P2.00-00
track-item: P1.00-00
Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
Root: P3, Root Metric: 10, Metric: 0, Root Preference: 0x0
Not eligible, Reason: Interface is already covered
Root: P1, Root Metric: 10, Metric: 10, Root Preference: 0x0
track-item: P3.00-00
Not eligible, Reason: Interface is already covered
P1.00
Primary next-hop: fe-1/2/1.0, IPV4, P1, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 10, Root Preference: 0x0
track-item: P2.00-00
track-item: P1.00-00
Not eligible, Reason: Primary next-hop link fate sharing
Root: P1, Root Metric: 10, Metric: 0, Root Preference: 0x0
Not eligible, Reason: Primary next-hop link fate sharing
Root: P3, Root Metric: 10, Metric: 10, Root Preference: 0x0
track-item: P1.00-00
Eligible, Backup next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
4 nodesMeaning
The output indicates whether a specific interface or node has been designated as a backup path and why.
Checking the Backup Coverage
Purpose
Check the percentage of protected nodes and prefixes.
Action
From operational mode, enter the show isis backup coverage command.
user@PE1> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 87.50% 0.00% 0.00%
user@P1> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
user@P2> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%
user@P3> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
user@PE2> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%
Meaning
The level of backup coverage available through IS-IS routes depends on the actual network topology and is typically less than 100 percent for all destinations on any given routing device. You can extend backup coverage to include RSVP LSPs.
Checking the Type of Protection Configured
Purpose
On all nodes in the IS-IS domain, check the percentage of protected nodes and prefixes.
Action
From operational mode, enter the show isis interface detail command.
user@PE1> show isis interface detailIS-IS interface database:
lo0.0
Index: 76, State: 0x6, Circuit id: 0x1, Circuit type: 0
LSP interval: 100 ms, CSNP interval: disabled
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 0 64 0 Passive
2 0 64 0 Passive
fe-1/2/2.0
Index: 79, State: 0x6, Circuit id: 0x1, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Protection Type: Node Link
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2 1 64 10 9.000 27 P3.03 (not us)
fe-1/2/1.0
Index: 77, State: 0x6, Circuit id: 0x1, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Protection Type: Node Link
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2 1 64 10 9.000 27 P1.02 (not us)Meaning
The output shows that node-link protection is configured on the interfaces.
