Layer 2 Vpn Architectures [Electronic resources]

Carlos Pignataro, Dmitry Bokotey, Anthony Chan

نسخه متنی -صفحه : 101/ 63
نمايش فراداده

Case Study 9-5: Protecting AToM Pseudowires with MPLS Traffic Engineering Fast Reroute

MPLS traffic engineering automatically establishes and maintains LSPs across the MPLS core network using RSVP. Such LSPs are created based on the resource constraints that are configured and available network resources, such as bandwidth. IGP routing protocols such as IS-IS or OSPF announce available network resources using traffic engineering protocol extensions along with link state advertisements throughout the network.

In any network, links, routers, or both can fail because of unexpected events. Network operators include this factor their network planning by having redundant links and routers at the physical or logical locations where the failures are most likely to happen. When such failure conditions occur, routers within the network might temporarily have inconsistent routing information. They might need to exchange routing updates and come up with a new, consistent view of the network. This process is known as network convergence. During network convergence, routing loops and black holes can cause packet loss. The longer the convergence takes, the larger the amount of packet loss.

The convergence time includes the amount of time for an adjacent router to detect the link (or router) failure. It also includes the amount of time for this router to distribute the information to all other routers and for all other routers to recalculate routes in the forwarding tables. Detecting a link failure requires physical and link layerspecific mechanisms. MPLS traffic engineering does not have a way to reduce the amount of time to detect failures. However, it can reduce the time required to distribute the failure information and update the forwarding tables by using MPLS traffic engineering fast rerouting capability.

Prior to a failure, fast reroute calculates and establishes a protection traffic engineering tunnel around the link or node that is deemed vulnerable. Upon detecting such a failure, the backup tunnel takes over packet forwarding immediately. Rerouting typically takes less than 50 ms upon failure detection, and packet loss is kept minimal.

Before you enable fast reroute for an AToM pseudowire, you need to configure an MPLS traffic engineering tunnel as the preferred path, as shown in the previous case study. Then at the ingress PE where the traffic engineering tunnel headend is, you can use fast reroute options to configure a backup traffic engineering tunnel to protect the primary traffic engineering tunnel.

In Case Study 9-4: Configuring a Preferred Path Using MPLS Traffic Engineering Tunnels."

Figure 9-4. Protect AToM Pseudowire with Fast Reroute

Case Study 9-4. The following steps describe how to enable fast reroute on the primary traffic engineering tunnel.

Step 1.

Add an explicit path on PE1 that originates from the PE, traverses through P2, and ends at P1.

PE1(config)#ip explicit-path name P2-P1 enable
PE1(cfg-ip-expl-path)#next-address 10.23.12.2
Explicit Path name P2-P1:
1: next-address 10.23.12.2
PE1(cfg-ip-expl-path)#next-address 10.33.23.1
Explicit Path name P2-P1:
1: next-address 10.23.12.2
2: next-address 10.33.23.1

Step 2.

Provision a backup traffic engineering tunnel with the explicit path configured in Step 1. Note that the tailend of this backup tunnel is P1, and its IP address is 10.1.2.1.

PE1(config)#interface Tunnel100
PE1(config-if)#ip unnumbered Loopback0
PE1(config-if)#tunnel destination 10.1.2.1
PE1(config-if)#tunnel mode mpls traffic-eng
PE1(config-if)#tunnel mpls traffic-eng priority 7 7
PE1(config-if)#tunnel mpls traffic-eng bandwidth  1000
PE1(config-if)#tunnel mpls traffic-eng path-option 1 explicit name P2-P1

Step 3.

Configure the primary traffic engineering tunnel with fast reroute protection. The initial tunnel interface configuration is as follows:

PE1#show running-config interface Tunnel1
Building configuration...
Current configuration : 274 bytes
!
interface Tunnel1
ip unnumbered Loopback0
no ip directed-broadcast
tunnel destination 10.1.1.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth  1000
tunnel mpls traffic-eng path-option 1 explicit name P1-PE2
end
PE1#config t
Enter configuration commands, one per line. End with CNTL/Z.
PE1(config)#interface Tunnel1
PE1(config-if)#tunnel mpls traffic-eng fast-reroute

Step 4.

Configure the protected link to use the backup tunnel. The interface that connects to the protected link on PE1 is Serial3/0.

PE1(config)#interface Serial3/0
PE1(config-if)#mpls traffic-eng backup-path Tunnel100

Step 5.

Verify that the primary tunnel is protected by fast reroute and the backup tunnel is ready under normal conditions. Use the show mpls traffic-eng tunnels protection and show mpls interfaces commands.

PE1#show mpls traffic-eng tunnels protection
PE1_t1
LSP Head, Tunnel1, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.1.2, Instance 31
Fast Reroute Protection: Requested
  Outbound: FRR Ready                 
    Backup Tu100 to LSP nhop          
      Tu100: out i/f: Et1/0, label: 16
LSP signalling info:
Original: out i/f: Se3/0, label: 16, nhop: 10.23.11.2
With FRR: out i/f: Tu100, label: 16
LSP bw: 1000 kbps, Backup level: any-unlim, type: any pool
PE1_t2
LSP Head, Tunnel2, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.1.2, Instance 18
Fast Reroute Protection: None
PE1_t100
LSP Head, Tunnel100, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.2.1, Instance 18
Fast Reroute Protection: None
PE1#show mpls interfaces Tunnel1 detail
Interface Tunnel1:
MPLS TE Tunnel Head
IP labeling not enabled
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS not operational
Fast Switching Vectors:
IP to MPLS Fast Switching Vector
MPLS Disabled
MTU = 1496
Tun hd Untagged    0          Tu1        point2point
MAC/Encaps=4/8, MRU=1500, Tag Stack{16}, via Se3/0
0F008847 00010000
No output feature configured
Fast Reroute Protection via {Tu100, outgoing label 16}

Notice that the fast reroute status for the primary tunnel is ready. This means that the backup tunnel is operational and ready to protect the primary tunnel.

Step 6.

Verify the status of AToM pseudowire with VC ID 200, which traverses the primary tunnel under normal conditions. Label 16 is the traffic engineering tunnel label.

PE1#show mpls l2transport vc 200 detail
Local interface: Et0/0.2 up, line protocol up, Eth VLAN 200 up
Destination address: 10.1.1.2, VC ID: 200, VC status: up
  Preferred path: Tunnel1,  active                      
  Default path: disabled                                
Tunnel label: 3, next hop point2point
Output interface: Tu1, imposed label stack {16 24}
Create time: 01:14:59, last status change time: 01:11:17
Signaling protocol: LDP, peer 10.1.1.2:0 up
MPLS VC labels: local 17, remote 24
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 101, send 101
byte totals:   receive 31270, send 29960
packet drops:  receive 0, send 5

Step 7.

To verify the effectiveness of the fast reroute capability, introduce a link failure and use the show mpls traffic-eng tunnels protection and show mpls l2transport vc commands to examine the fast reroute status and pseudowire information.

PE1#show mpls traffic-eng tunnels protection
PE1_t1
LSP Head, Tunnel1, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.1.2, Instance 124
Fast Reroute Protection: Requested
  Outbound: FRR Active                
    Backup Tu100 to LSP nhop          
      Tu100: out i/f: Et1/0, label: 16
LSP signalling info:
Original: out i/f: Se3/0, label: 16, nhop: 10.1.2.1
With FRR: out i/f: Tu100, label: 16
LSP bw: 1000 kbps, Backup level: any-unlim, type: any pool
PE1_t2
LSP Head, Tunnel2, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.1.2, Instance 18
Fast Reroute Protection: None
PE1_t100
LSP Head, Tunnel100, Admin: up, Oper: up
Src 10.1.1.1, Dest 10.1.2.1, Instance 19
Fast Reroute Protection: None
PE1#show mpls l2transport vc 200 detail
Local interface: Et0/0.2 up, line protocol up, Eth VLAN 200 up
Destination address: 10.1.1.2, VC ID: 200, VC status: up
  Preferred path: Tunnel1,  active                      
  Default path: disabled                                
Tunnel label: 16, next hop point2point
Output interface: Tu100, imposed label stack {16 16 24}
Create time: 01:17:49, last status change time: 01:14:07
Signaling protocol: LDP, peer 10.1.1.2:0 up
MPLS VC labels: local 17, remote 24
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 111, send 114
byte totals:   receive 33316, send 32384
packet drops:  receive 0, send 5

Notice that the fast reroute status has changed from ready to active. The output interface for the pseudowire has switched from Tunnel1 to Tunnel100, and the label stack has become {16 16 24}. The top label 16 is the backup tunnel label so that pseudowire packets can be forwarded to the tailend router P1 through the backup traffic engineering tunnel. The second label 16 is the primary tunnel label that P1 assigns. The last label 24 is the VC label for the pseudowire.

The configuration on PE1 after finishing these steps is shown in Example 9-19.

Example 9-19. Configuration for MPLS Fast RerouteProtected Pseudowire
hostname PE1
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
mpls traffic-eng tunnels
pseudowire-class PE1-P1-PE2
encapsulation mpls
preferred-path interface Tunnel1 disable-fallback
!
pseudowire-class High_Bandwidth
encapsulation mpls
preferred-path interface Tunnel2
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Tunnel1
ip unnumbered Loopback0
tunnel destination 10.1.1.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth  1000
tunnel mpls traffic-eng path-option 1 explicit name P1-PE2
tunnel mpls traffic-eng fast-reroute
!
interface Tunnel2
ip unnumbered Loopback0
tunnel destination 10.1.1.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth  5000
tunnel mpls traffic-eng path-option 1 dynamic
!
interface Tunnel100
ip unnumbered Loopback0
no ip directed-broadcast
tunnel destination 10.1.2.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth  1000
tunnel mpls traffic-eng path-option 1 explicit name P2-P1
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.1
encapsulation dot1Q 100
xconnect 10.1.1.2 100 encapsulation mpls
!
interface Ethernet0/0.2
encapsulation dot1Q 200
xconnect 10.1.1.2 200 pw-class PE1-P1-PE2
!
interface Ethernet0/0.3
encapsulation dot1Q 300
xconnect 10.1.1.2 300 pw-class High_Bandwidth
!
interface Ethernet1/0
ip address 10.23.12.1 255.255.255.0
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 8000
!
interface Serial3/0
ip address 10.23.11.1 255.255.255.0
mpls ip
mpls traffic-eng tunnels
mpls traffic-eng backup-path Tunnel100
ip rsvp bandwidth 1200
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
network 10.1.1.1 0.0.0.0 area 0
network 10.23.11.0 0.0.0.255 area 0
network 10.23.12.0 0.0.0.255 area 0
!
ip explicit-path name P1-PE2 enable
next-address 10.23.11.2
next-address 10.23.21.2
!
ip explicit-path name P2-P1 enable
next-address 10.23.12.2
next-address 10.33.23.1