routing resiliency latest enhancements - deniz...

Routing Resiliency Latest Enhancements BRKIPM-2000

Clarence Filsfils – [email protected]

© 2014 Cisco and/or its affiliates. All rights reserved. BRKIPM-2000 Cisco Public

Agenda

Per-Prefix LFA

Remote LFA

Segment Routing

Topology-Independent LFA

3


Acknowledgement

Stephane Litkowski and Bruno Decraene, Orange

4

Per-Prefix LFA


Per-Prefix LFA

IGP pre-computes a backup path per primary path to an IGP destination

FIB pre-installs the backup path in dataplane

Upon local failure, all the backup paths of the impacted destinations are enabled in a prefix-independent manner (<50msec LoC)

– Hierarchical HW FIB organization

– Similar to BGP-PIC FRR behavior

S F

C

E

D1

D2

C is an LFA for D1 if CD1 < CS + SD1

6


Benefits

Simple

Sub-50msec

Link, Node and SRLG Protection

Deployment friendly

– no protocol change, no interop testing, incremental deployment

Good Scaling

No degradation on IGP convergence for primary paths

7


Constraints

Coverage is topology dependent

– availability of a backup path depends on topology

In some rare cases, there are multiple LFA candidates and the one taken might not be the best choice

8


LFA Coverage is in fact excellent

11 real Core Topologies

– average coverage: 94% of destinations

– 5 topologies higher than 98% coverage

Real Aggregation

– simple design rules help ensure 100% link/node protection coverage for most frequent real aggregation topologies

– RFC6571

– Sweet Spot A simple solution is essential for access/aggregation as it represents 90% of the network size

hence complexity

9


High interest for access/aggregation

Is there a way to also support the ring and “biased square”?

Biased Square

(a<c)

Ring

10


One backup path per primary path

Default tie-break

1. Prefer primary over secondary

2. Prefer lowest backup path metric

3. Prefer linecard disjointness

4. Prefer node disjointness

CLI to customize the tie-break policy

– Default is recommended. Simplicity.

11


Primary vs Secondary

S has two primary paths to D

– E1 and E2

S has one LFA candidate to D: N1

Which backup to prefer? – Another primary path or a secondary path?

S F D E1

E2

N1

S F D E1

E2

N1

N2

12


Guaranteed-Node-Protecting

Definition: ND < NF + FD (Eq2)

– “does the path from the neighbor to D avoid node F?”

S’s primary path to D: E0

S’s LFA candidates: E1 and E2

– E1: not guaranteed node protecting N1 does not meet Eq2

– E2: guaranteed node protecting N2 meets Eq2

S F D E0

E2

N1

N2

20

E1

13


De Facto Node Protection

Choosing a guaranteed node-protecting LFA is not the only way to benefit from LFA node protection

A non-guaranteed node protecting LFA candidate might turn to be node protecting. We call this “De Facto Node Protection”

– N2 is not guaranteed node protecting for D: 20 !< 10+10

– But if F fails, N2 will trigger its own LFA for the path N2FD (via N2D) and hence the traffic SD avoids F!

S F D E0

E2

N2

20 20

14


Lowest backup path metric

S’s primary path to D: F

Two LFA Candidates: N1 and N2

Lowest backup path metric: N2

– SN2 + N2D < SN1 + N1D

– 10 + 20 < 10 + 100 S F D E0

E2

N1

N2

E1 100

20

15


Still in some cases, the LFA is suboptimal

16

Remote LFA


Remote-LFA Objective

Keep Per-prefix LFA benefits

– simplicity

– incremental deployment

Increase coverage for real topologies

– primarily for ring and biased-square access topologies

– potentially for core topology

– “98/99%” is seen as good-enough

– 100% coverage is “icing on the cake”

18


The Ring

No LFA protection in the ring

– if E4 sends a C1-destined packet to E3, E3 sends it back to E4

19


PQ Algorithm

Any node which meets the P and Q properties

– P: the set of nodes reachable from E4 without traversing E4E5

– Q: the set of nodes which can reach E5 without traversing E4E5

Best PQ node

– the closest from A: E1

Establish a directed LDP session with the selected PQ node

C1

E5

E4

E3

E1

E2

C2

Backbone

Access Region

E1

20


Remote LFA Protection

E4’s LIB

– E5’s label for FEC C2 = 20

– E3’s label for FEC E1 = 99

– E1’s label for FEC C2 = 21

E4’s FIB for destination C2 – Primary: out-label = 20, oif = E5

– Backup: out-label = 21

oif = [push 99, oif = E3]

RLFA is LFA from a remote node (E1)

C1

E5

E4

E3

E1

E2

C2

20 21

99

With Node and SRLG protection!

21


Remote LFA applied in the backbone

PQ’s coverage extension is significant for some SP’s

22


Targeted LDP - Scalable

Odd ring: 2 LDP additional sessions per node

Even ring: 1 LDP additional session per node

23


Targeted LDP - Scalable

Small number of automatically signaled LDP sessions per node

24


Very simple rules – RFC6571

In a square, any metric should be less than the sum of the 3 other links

Simple rule: any link in a square should have a metric less than the sum of the 3 other links

E1 can send a C2-destined packet to E2 whatever the E1E2 metric, but E2 forwards it to C2 only if E2C2 is < E2E1C1C2 C2 sends a C1-bound packet to C1 only if C2C1 < C2E2E1C1. Applying this for any link in the square we see that a link metric should be less than the sum of the other 3 link metrics 25


Not yet 100%-guaranteed…

E1 has no LFA for C1

– E2 routes back

E1 has no RemoteLFA for C1

– P and Q intersection is null

26


100% - Icing on the cake

When the P and Q space do not intersect, then setup an Explicit-Path-LSP to the closest Q node

– use SR explicit path! See next.

Automated

100% guarantee

Node protection

27


Remote LFA Benefits

Seamless integration with Per-Prefix LFA

– Packets take their shortest paths from the PQ node

– Destinations use per-prefix LFA onto physical oif when available (i.e. per-prefix LFA), and per-prefix LFA onto LDP LSP (i.e. Remote LFA) otherwise

Simple

– Automated computation, negligible CPU, low TLDP requirement

Incremental Deployment

– New code only at the protecting node

Meet the real coverage requirements – backbone and access/aggreation

28

Segment Routing


Segment Routing

: the source chooses a path and encodes it in the packet header as an ordered list of segments

: an identifier for any type of instruction

– Service

– Context

– Locator

– IGP-based forwarding construct

– BGP-based forwarding construct

– Local value or Global Index

30


Segment Routing

: an ordered list of segments is represented as a stack of labels

– a completed segment is popped

: an ordered list of segments is represented as a routing extension header, see 4.4 of RFC2460

– Type 0 could be used. A new type is proposed to enhance functionality while improving forwarding performance and security

– upon completion of a segment, the pointer is incremented

31


ISIS automatically installs segments

Simple extension

Excellent Scale: a node installs N+A FIB entries

– N node segments and A adjacency segments

A B C

M N O

Z

D

P

Nodal segment to C

Nodal segment to Z

Adj Segment

Nodal segment to C

32


Node Segment

Z advertises a global node segment 65 with its loopback

– simple ISIS sub-TLV extension

– we assume the same SRGB at every node

All remote nodes install in their FIB the node segment 65 to Z

A B C

Z

D

65

FEC Z

push 65

swap 65

to 65

swap 65

to 65 pop 65

A packet injected

anywhere with top

segment 65 will

reach Z via

shortest-path

Packet

to Z

Packet

to Z

65

Packet

to Z

65

Packet

to Z

65

Packet

to Z

33


Adjacency Segment

C allocates a local segment 9003 and maps it to the instruction “complete the segment and forward along the interface CO”

C advertises the adjacency segment in ISIS

– simple sub-TLV extension

C is the only node to install the adjacency segment in FIB

A B C

M N O

Z

D

P

Pop

9003

A packet injected at

node C with segment

9003 is forced

through datalink CO

34


Combining Segments

ECMP

– Node segment

Per-flow state only at head-end

– not at midpoints

Source Routing

– the path state is in the packet header

A B C

M N O

Z

D

P

78

Packet to Z

65

78

Packet to Z

65

Packet to Z

Packet to Z

65

Packet to Z

65

78

72

Packet to Z

65

78

72

72 72

65

65

35


Simple and Efficient Transport of MPLS services

Efficient packet networks leverage ecmp-aware shortest-path! – node segment!

Simplicity

– no complex LDP/ISIS synchronization to troubleshoot

– one less protocol to operate

A B

M N

PE2 PE1

All VPN services ride on the node

segment

to PE2

IPv4 over MPLS/IGP

VPN over MPLS/IGP

Internet over MPLS/IGP

PW over MPLS/IGP IPv6 over MPLS/IGP

36


Topology Independent LFA (TI-LFA)

Guaranteed Link/Node FRR in any topology

– even with asymmetric metrics

No Directed LDP session

Simplicity

– entirely automated (no need for customization)

Incremental deployment

– Applicable to LDP and IP primary traffic Only the repair tunnel is SR-based

For networks with symmetric metric & link protection

– No extra computation

– Simple repair stack

– Node segment to P node

– Adjacency segment from P to Q

Demo available

Backbone

C1 C2

E1 E4

E3 E2 1000

Node segment

to P node

Default metric: 10

Adj segment

to Q node

37


Central OptimizationN

Centralized Optimization – - find a path meeting the SLA requirement

– - encode it as a list of nodal and adjacent segments

Agility and Scalability

Hybrid Central/Distributed CP

Encoded path for

traffic to Z {66, 9001, 65}

66

65 9001

ABCOPZ meets SLA. I account the BW.

I encode the path as nodal segment to C, adj

segment to O, nodal segment to Z

Congested

A B C

M N O

Z

D

P

Collect network

status information Need 2Gbps

from A to Z

with SLA

38


Many other use-cases

See www.segment-routing.net

39

Topology-Independent LFA


Benefits

100%-coverage 50-msec link and node protection

Simple to operate and understand

– automatically computed by the IGP

Prevents transient congestion and suboptimal routing

– leverages the post-convergence path, planned to carry the traffic


– applicable to primary IP and LDP traffic only the repair tunnel needs to be SR-enabled

Demo available

41


Explicit Post-Convergence Path

What is the more optimal and natural path upon a failure ?

– the post-convergence path

Why have we never used it before SR?

– the post-convergence path may not be an LFA and hence may loop

Thanks to SR, we can always use the post-convergence path

– Explicit Post-Convergence (EPC): the non-LFA portion of the path is encoded as an explicit list of segments

42


Explicit Post-Convergence Path

Computation leverages proven and existing LFA technology

– intersection of post-convergence SPT with P and Q spaces

Number of Segments to form the Repair Tunnel

– Symmetric network, link protection: Proven: <= 2 segments to get into Q space

– Asymmetric network or node protection: No theoretical bound

In reality, as we already saw for RLFA, things are much simpler !

Orange use-case

– 100% link protection 100% use <= 2 segments

– 100% node protection (<=4 segments) 99.72% use <= 2 segments

0.24% use 3 segments

0.04% use 4 segments

43


FRR Path Optimality

44


45

Conclusion


Segment Routing

Wide Applicability

Simple to deploy and operate

More scalable and functional IP and MPLS

Agile Wan Orchestration with hybrid centralized/distributed

Massive operator interest and support

ISIS/SR demonstrated in Feb 2013

TI-LFA demonstrated in Oct 2013

Much more happening! Join the community.

www.segment-routing.net

47


TI-LFA

Applicable to native IP, LDP and SR traffic

– does not require a migration from LDP to SR


– does not require an overall SR deployment

100% coverage

– link, node and SRLG

100% automated

– fit the post-convergence path

48

Thank you


References

http://www.segment-routing.net/

Per-prefix LFA Applicability: RFC 6571

Remote LFA: draft-ietf-rtgwg-remote-lfa-04

Topology-Independent LFA: draft-francois-segment-routing-ti-lfa-00

50






Call to Action…

Visit the World of Solutions:-

Cisco Campus

Walk-in Labs

Technical Solutions Clinics

Meet the Engineer

Lunch Time Table Topics, held in the main Catering Hall

Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014

51

http://www.pearson-books.com/CLMilan2014




Complete your online session evaluation

Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt

Complete Your Online Session Evaluation

52

routing resiliency latest enhancements - deniz...

Documents