ON THIS PAGE
Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN
Node-link protection establishes an alternate path through a different routing device. Use node-link protection when you assume that access to a node is lost when a link is no longer available. Junos OS calculates a backup path that avoids the primary next-hop routing device.
Requirements
This example requires Junos OS Release 9.5 or later.
No special configuration beyond device initialization is required before configuring this example.
Overview
In this example, core-facing interfaces are enabled for IS-IS Level 2, LDP, and RSVP. Node-link protection is enabled on all the core-facing interfaces, which means that if the primary next hop for any destination that traverses the interfaces becomes unavailable, Junos OS uses a backup link that avoids the next-hop router altogether if necessary.
You also need to configure a routing policy that requires all traffic to use per-packet load balancing in order to enable Packet Forwarding Engine local repair. With local repair, the Packet Forwarding Engine can correct a path failure and implement a backup loop-free alternate route before it receives recomputed paths from the Routing Engine.
Figure 1 shows the topology used in this example.
On Device PE1, an RSVP LSP is configured as a backup path for
IS-IS. Relying on the shortest-path-first (SPF) calculation of backup
paths for one-hop neighbors might result in less than 100 percent
backup coverage for a specific network topology. You can enhance coverage
of IS-IS and LDP LSPs by configuring RSVP LSPs as backup paths. To
configure a specific RSVP LSP as a backup path, include the backup statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level.
CLI Quick Configuration shows the configuration for all of the devices in Figure 1. The section #configuration364__isis-node-link-protection-step-by-step describes the steps on Device P1.
Topology
Configuration
Procedure
CLI Quick Configuration
To quickly
configure this example, copy the following commands, paste them into
a text file, remove any line breaks, change any details necessary
to match your network configuration, and then copy and paste the commands
into the CLI at the [edit] hierarchy level.
Device CE1
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces lo0 unit 0 family inet address 10.255.1.1/32
Device PE1
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces fe-1/2/0 unit 0 family iso set interfaces fe-1/2/0 unit 0 family mpls set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.5/30 set interfaces fe-1/2/1 unit 0 family iso set interfaces fe-1/2/1 unit 0 family mpls set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.21/30 set interfaces fe-1/2/2 unit 0 family iso set interfaces fe-1/2/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.2.2/32 set interfaces lo0 unit 0 family iso address 49.0001.0010.0000.0202.00 set protocols rsvp interface fe-1/2/2.0 set protocols rsvp interface fe-1/2/1.0 set protocols rsvp interface lo0.0 set protocols rsvp interface fxp0.0 disable set protocols mpls label-switched-path to-p2 backup set protocols mpls label-switched-path to-p2 to 10.255.4.4 set protocols mpls label-switched-path to-p2 ldp-tunneling set protocols mpls interface fe-1/2/2.0 set protocols mpls interface fe-1/2/1.0 set protocols mpls interface lo0.0 set protocols mpls interface fxp0.0 disable set protocols bgp group l3vpn type internal set protocols bgp group l3vpn local-address 10.255.2.2 set protocols bgp group l3vpn family inet-vpn unicast set protocols bgp group l3vpn peer-as 65534 set protocols bgp group l3vpn local-as 65534 set protocols bgp group l3vpn neighbor 10.255.5.5 set protocols isis spf-options delay 1000 set protocols isis interface all node-link-protection set protocols isis interface all level 2 metric 10 set protocols isis interface all level 1 disable set protocols isis interface fxp0.0 disable set protocols isis interface lo0.0 level 2 metric 0 set protocols ldp deaggregate set protocols ldp interface fe-1/2/1.0 set protocols ldp interface fe-1/2/2.0 set protocols ldp interface fxp0.0 disable set protocols ldp interface lo0.0 set policy-options policy-statement ecmp term 1 then load-balance per-packet set routing-instances VPN-A instance-type vrf set routing-instances VPN-A interface fe-1/2/0.0 set routing-instances VPN-A route-distinguisher 65534:1234 set routing-instances VPN-A vrf-target target:65534:1234 set routing-instances VPN-A routing-options static route 10.255.1.1/32 next-hop 10.0.0.1 set routing-options autonomous-system 65534 set routing-options forwarding-table export ecmp
Device P1
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.6/30 set interfaces fe-1/2/0 unit 0 family iso set interfaces fe-1/2/0 unit 0 family mpls set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces fe-1/2/1 unit 0 family iso set interfaces fe-1/2/1 unit 0 family mpls set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.25/30 set interfaces fe-1/2/2 unit 0 family iso set interfaces fe-1/2/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.3.3/32 set interfaces lo0 unit 0 family iso address 49.0001.0010.0000.0303.00 set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols isis spf-options delay 1000 set protocols isis interface all node-link-protection set protocols isis interface all level 2 metric 10 set protocols isis interface all level 1 disable set protocols isis interface fxp0.0 disable set protocols isis interface lo0.0 level 2 metric 0 set protocols ldp deaggregate set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement ecmp term 1 then load-balance per-packet set routing-options forwarding-table export ecmp
Device P2
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.10/30 set interfaces fe-1/2/0 unit 0 family iso set interfaces fe-1/2/0 unit 0 family mpls set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.13/30 set interfaces fe-1/2/1 unit 0 family iso set interfaces fe-1/2/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.4.4/32 set interfaces lo0 unit 0 family iso address 49.0001.0010.0000.0404.00 set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols isis spf-options delay 1000 set protocols isis interface all node-link-protection set protocols isis interface all level 2 metric 10 set protocols isis interface all level 1 disable set protocols isis interface fxp0.0 disable set protocols isis interface lo0.0 level 2 metric 0 set protocols ldp deaggregate set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement ecmp term 1 then load-balance per-packet set routing-options forwarding-table export ecmp
Device P3
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.22/30 set interfaces fe-1/2/0 unit 0 family iso set interfaces fe-1/2/0 unit 0 family mpls set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.26/30 set interfaces fe-1/2/1 unit 0 family iso set interfaces fe-1/2/1 unit 0 family mpls set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.30/30 set interfaces fe-1/2/2 unit 0 family iso set interfaces fe-1/2/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.7.7/32 set interfaces lo0 unit 0 family iso address 49.0001.0010.0000.0707.00 set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols isis spf-options delay 1000 set protocols isis interface all node-link-protection set protocols isis interface all level 2 metric 10 set protocols isis interface all level 1 disable set protocols isis interface fxp0.0 disable set protocols isis interface lo0.0 level 2 metric 0 set protocols ldp deaggregate set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement ecmp term 1 then load-balance per-packet set routing-options forwarding-table export ecmp
Device PE2
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.14/30 set interfaces fe-1/2/0 unit 0 family iso set interfaces fe-1/2/0 unit 0 family mpls set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.17/30 set interfaces fe-1/2/1 unit 0 family iso set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.29/30 set interfaces fe-1/2/2 unit 0 family iso set interfaces fe-1/2/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.5.5/32 set interfaces lo0 unit 0 family iso address 49.0001.0010.0000.0505.00 set protocols rsvp interface fe-1/2/0.0 set protocols rsvp interface fe-1/2/2.0 set protocols rsvp interface lo0.0 set protocols rsvp interface fxp0.0 disable set protocols mpls interface fe-1/2/0.0 set protocols mpls interface fe-1/2/2.0 set protocols mpls interface lo0.0 set protocols mpls interface fxp0.0 disable set protocols bgp group l3vpn type internal set protocols bgp group l3vpn local-address 10.255.5.5 set protocols bgp group l3vpn family inet-vpn unicast set protocols bgp group l3vpn peer-as 65534 set protocols bgp group l3vpn local-as 65534 set protocols bgp group l3vpn neighbor 10.255.2.2 set protocols isis spf-options delay 1000 set protocols isis interface all node-link-protection set protocols isis interface all level 2 metric 10 set protocols isis interface all level 1 disable set protocols isis interface fxp0.0 disable set protocols isis interface lo0.0 level 2 metric 0 set protocols ldp deaggregate set protocols ldp interface fe-1/2/0.0 set protocols ldp interface fe-1/2/2.0 set protocols ldp interface fxp0.0 disable set protocols ldp interface lo0.0 set policy-options policy-statement ecmp term 1 then load-balance per-packet set routing-instances VPN-A instance-type vrf set routing-instances VPN-A interface fe-1/2/1.0 set routing-instances VPN-A route-distinguisher 65534:1234 set routing-instances VPN-A vrf-target target:65534:1234 set routing-instances VPN-A routing-options static route 10.255.1.1/32 next-hop 10.0.0.18 set routing-options autonomous-system 65534 set routing-options forwarding-table export ecmp
Device CE2
set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.18/30 set interfaces lo0 unit 0 family inet address 10.255.6.6/32
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure multi-level IS-IS:
Configure the interfaces.
Enable IS-IS and MPLS.
[edit interfaces] user@P1# set fe-1/2/0 unit 0 family inet address 10.0.0.6/30 user@P1# set fe-1/2/0 unit 0 family iso user@P1# set fe-1/2/0 unit 0 family mpls user@P1# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30 user@P1# set fe-1/2/1 unit 0 family iso user@P1# set fe-1/2/1 unit 0 family mpls user@P1# set fe-1/2/2 unit 0 family inet address 10.0.0.25/30 user@P1# set fe-1/2/2 unit 0 family iso user@P1# set fe-1/2/2 unit 0 family mpls user@P1# set lo0 unit 0 family inet address 10.255.3.3/32 user@P1# set lo0 unit 0 family iso address 49.0001.0010.0000.0303.00
Configure the IS-IS interfaces for Level 2.
[edit protocols] user@P1# set isis interface all level 2 metric 10 user@P1# set isis interface all level 1 disable user@P1# set isis interface fxp0.0 disable user@P1# set isis interface lo0.0 level 2 metric 0
Enable IS-IS node-link protection, which also automatically extends backup coverage to all LDP LSPs.
[edit protocols] user@P1# set isis interface all node-link-protection
(Optional) Configure a 1000-millisecond time interval between the detection of a topology change and when the SPF algorithm runs.
[edit protocols] user@P1# set isis spf-options delay 1000
Configure MPLS to use both RSVP and LDP label-switched paths (LSPs).
[edit protocols] user@P1# set mpls interface all user@P1# set mpls interface fxp0.0 disable user@P1# set rsvp interface all user@P1# set rsvp interface fxp0.0 disable user@P1# set ldp interface all user@P1# set ldp interface fxp0.0 disable
(Optional) For LDP, enable forwarding equivalence class (FEC) deaggregation, which results in faster global convergence.
[edit protocols] user@P1# set ldp deaggregate
To enable Packet Forwarding Engine local repair, establish a policy that forces the routing protocol process to install all the next hops for a given route.
This policy ensures that the backup route is installed in the forwarding table used by the Packet Forwarding Engine to forward traffic to a given destination.
[edit policy-options policy-statement ecmp term 1] user@P1# set then load-balance per-packet
Apply the policy to the forwarding table of the local router with the
exportstatement.[edit routing-options forwarding-table] user@P1# set export ecmp
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@P1# show interfaces
fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.6/30;
}
family iso;
family mpls;
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 10.0.0.9/30;
}
family iso;
family mpls;
}
}
fe-1/2/2 {
unit 0 {
family inet {
address 10.0.0.25/30;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.3.3/32;
}
family iso {
address 49.0001.0010.0000.0303.00;
}
}
}
user@P1# show protocols
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
isis {
spf-options delay 1000;
interface all {
node-link-protection;
level 2 metric 10;
level 1 disable;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
level 2 metric 0;
}
}
ldp {
deaggregate;
interface all;
interface fxp0.0 {
disable;
}
}
user@P1# show policy-options
policy-statement ecmp {
term 1 {
then {
load-balance per-packet;
}
}
}
user@P1# show routing-options
forwarding-table {
export ecmp;
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Checking the MPLS LSP Backup Path
- Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the Destination Node
- Checking the Backup Coverage
- Checking the Type of Protection Configured
Checking the MPLS LSP Backup Path
Purpose
Display information about the MPLS label-switched-paths (LSPs) designated as the backup route for the IS-IS routes.
Action
On Device PE1, from operational mode, enter the show isis backup label-switched-path command.
user@PE1> show isis backup label-switched-path Backup MPLS LSPs: to-p2, Egress: 10.255.4.4, Status: up, Last change: 01:17:45 TE-metric: 19, Metric: 0, Refcount: 1
Meaning
The output shows that the backup path is up and operational.
Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the Destination Node
Purpose
Display SPF calculations for each neighbor for a given destination.
Action
On Device PE1, from operational mode, enter the show isis backup spf results command.
user@PE1> show isis backup spf results
IS-IS level 1 SPF results:
0 nodes
IS-IS level 2 SPF results:
PE2.00
Primary next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 10, Root Preference: 0x0
track-item: P2.00-00
Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
Root: P3, Root Metric: 10, Metric: 10, Root Preference: 0x0
Not eligible, Reason: Interface is already covered
Root: P1, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: P3.00-00
Not eligible, Reason: Interface is already covered
P2.00
Primary next-hop: fe-1/2/1.0, IPV4, P1, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 0, Root Preference: 0x0
track-item: P2.00-00
Not eligible, Reason: Primary next-hop link fate sharing
Root: P1, Root Metric: 10, Metric: 10, Root Preference: 0x0
Not eligible, Reason: Primary next-hop link fate sharing
Root: P3, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: P1.00-00
Not eligible, Reason: Primary next-hop node fate sharing
P3.00
Primary next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 20, Root Preference: 0x0
track-item: P3.00-00
track-item: P2.00-00
track-item: P1.00-00
Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
Root: P3, Root Metric: 10, Metric: 0, Root Preference: 0x0
Not eligible, Reason: Interface is already covered
Root: P1, Root Metric: 10, Metric: 10, Root Preference: 0x0
track-item: P3.00-00
Not eligible, Reason: Interface is already covered
P1.00
Primary next-hop: fe-1/2/1.0, IPV4, P1, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 10, Root Preference: 0x0
track-item: P2.00-00
track-item: P1.00-00
Not eligible, Reason: Primary next-hop link fate sharing
Root: P1, Root Metric: 10, Metric: 0, Root Preference: 0x0
Not eligible, Reason: Primary next-hop link fate sharing
Root: P3, Root Metric: 10, Metric: 10, Root Preference: 0x0
track-item: P1.00-00
Eligible, Backup next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
4 nodesMeaning
The output indicates whether a specific interface or node has been designated as a backup path and why.
Checking the Backup Coverage
Purpose
Check the percentage of protected nodes and prefixes.
Action
From operational mode, enter the show isis backup
coverage command.
user@PE1> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 87.50% 0.00% 0.00%
user@P1> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
user@P2> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%
user@P3> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
user@PE2> show isis backup coverage Backup Coverage: Topology Level Node IPv4 IPv6 CLNS IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00% IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%
Meaning
The level of backup coverage available through IS-IS routes depends on the actual network topology and is typically less than 100 percent for all destinations on any given routing device. You can extend backup coverage to include RSVP LSPs.
Checking the Type of Protection Configured
Purpose
On all nodes in the IS-IS domain, check the type and percentage of protected nodes and prefixes.
Action
From operational mode, enter the show isis interface
detail command.
user@PE1> show isis interface detail
IS-IS interface database:
lo0.0
Index: 76, State: 0x6, Circuit id: 0x1, Circuit type: 0
LSP interval: 100 ms, CSNP interval: disabled
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 0 64 0 Passive
2 0 64 0 Passive
fe-1/2/2.0
Index: 79, State: 0x6, Circuit id: 0x1, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Protection Type: Node Link
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2 1 64 10 9.000 27 P3.03 (not us)
fe-1/2/1.0
Index: 77, State: 0x6, Circuit id: 0x1, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Protection Type: Node Link
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2 1 64 10 9.000 27 P1.02 (not us)Meaning
The output shows that node-link protection is configured on the interfaces.