End to End Convergence

END TO END CONVERGENCE

Dmitry Shokarev

Product Line Management

Routing Business Unit

2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

NETWORK RESILIENCY MECHANISMS

* Sterbenz, James PG, et al. "Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines." Computer Networks 54 (2010): 1245-1265.

“Resilience as the ability of the network to provideand maintain an acceptable level of service in the face of variousfaults and challenges to normal operation.” *

In general, many ways to quantify resilience, some suggest to use availability as a metric. Using this metric, resiliency can be improved by reducing repair time or improving convergence.


Service Restored(sub-optimal path)

WHAT CONTRIBUTES TO CONVERGENCE

R3 R4R2 R5

R1 R6

R4

Failure

R6

Detect Failure

Flood Information

Repair Locally (Update FIB)

Select new path

Update FIB

Traffic re-routed over a backup path

10 – 40 ms <100 ms

<10s

<1s <100 ms

Time

R9 R8R10 R7


FAILURE SCENARIOS, CORE INTERFACE FAILURE

P PPE PE

CPE CPE

DETECTION

Link Fault Signaling

BFD

Ethernet OAM(LFM or CFM)

Other

SCALING

Hierarchical FIB(indirect, composite or selector next-hops) to

converge independent of the number of prefixes / LSPs

LOCAL REPAIR

RSVP TE Facility Backup

RSVP TE Fast Reroute (Detour)

Loop Free Alternates

Convergence mechanisms in use


BFD PER MEMBER LINK IN A LAGOVERVIEW

Transport Equipment

Transport Equipment

Problem Statement When some other transmission equipment is in the path between routers, local link status may not be correctly

propagated to the remote end (fast enough) and may even lead to black holes Regular BFD can not guarantee failure detection at a particular link of a LAG bundle (BFD is IP based and

subject to hashing / balancing)

Solution draft-mmm-bfd-on-lags-05 defines an approach where multiple micro-BFD sessions are deployed, one session

per link If micro-BFD session fails, link is declared down and removed from a group

Local link status may not be propagated to the remote end

(fast enough)

Micro-BFDSession N

Micro-BFDSession #1


BFD PER MEMBER LINK IN A LAGPLATFORM SUPPORT AND SCALING

N SESSIONS INTERVAL LEVEL

30 10 ms Line card

150 50 ms Line card

300 100 ms Line card

900 300 ms Line card

PLATFORM MX, T, PTX

LINE CARDTrio, Express, FPC4, FPC3

MX MIXED MODE

Yes

JUNOS 13.3

Software and hardware

Regular Distributed BFD scaling applies

PROTOCOLS IPv4 and IPv6

DRAFT/RFCImplementation is based ondraft-mmm-bfd-on-lags-05

OTHER

Can co-exist with LACP,Supported on Tagged /

Untagged interfacesConfigured directly on the

ae interface

Features


FAILURE SCENARIOS, EDGE LINK FAILURE

PE PE

CPE CPE

DETECTION


BFD


LOCAL REPAIR

L2 Circuit Egress Protection

L3 VPN Egress Protection


P


Prefix A

L3 VPN EGRESS PROTECTION FOR BGPOVERVIEW

PPE1 PE3

CPE1 CPE2

PE2 PE4

Prefix Preference Next-hop

APrimary (0x1) CPE1

Backup (0x4000)Push Service Label L, PE2

PE1 L3VPN forwarding table (simplified view)

Prefix A

EBGP

iBGP


APrimary (0x1) CPE1

Backup (0x4000)Push Service Label L’, PE1



ABackup

(0x4000)Push Service Label L, PE2

PE1 L3VPN forwarding table (after failure), local repair

TrafficEBGP

Prefix AService Label L


L3 VPN EGRESS PROTECTION FOR BGPPLATFORM SUPPORT

PLATFORM M/MX, T/TX

LINE CARD Any

JUNOS 12.3R1

Software and hardwarePROTOCOL SUPPORT

IPv4 and IPv6

PE-CE PROTOCOL

BGP

OTHERCompatible with eiBGP multipath

Features


Protecting LSP transport label, Ultimate Hop Popping is

enabled to resolve ambiguity

LSP to 5.5.5.5(UHP ON)

Label : 100

L2 CIRCUIT EGRESS PROTECTIONOVERVIEW

PPE1(Primary)

PE3

CPE1 CPE2

Virtual Circuit 2

Virtual Circuit 1PE2(Protector) PE4

Label Preference Next-hop

100Primary (0x1) ge-1/0/0.0

Backup (0x4000) Push 101, PE2

PE1 mpls.0 switching tableLabel Action / Next-hop

101Pop to vt-, and lookup via

__5.5.5.5__.mpls.0

PE2 mpls.0 switching table

Label Action / Next-hop100 ge-1/0/1.0

PE2 __5.5.5.5__.mpls.0 switching tableService Label is

synchronized with Primary PE

RSVP Label :101

Context Id (5.5.5.5)Identifies protection pair

ge-1/0/0.0

ge-1/0/1.0

Protection VC

PW Label :100


L2 CIRCUIT EGRESS PROTECTIONPLATFORM SUPPORT

PLATFORM M/MX, T/TX

LINE CARD Any

ADDITIONAL REQUIREMENTS

Tunnel Services

JUNOS 10.4

Software and hardwarePW SIGNALING LDP

OTHER

Features

SW FEATURE

13.2 Egress protection for Inter-AS case

13.3 Egress protection for BGP-Labeled Unicast

Related Features


FAILURE SCENARIOS, EDGE LINK FAILURE (SWITCHED ACCESS)

DETECTION


BFD


SCALING



LOCAL REPAIR

Host FRR


PE PE

Host CPE

P

Local AreaNetwork


HOST FAST REROUTE OVERVIEW

PPE1 PE3

CPE

PE2 PE4


IP1Primary (0x1) Host

Backup (0x4000) Push Label, PE2


iBGP


IP1Primary (0x1) Host

Backup (0x4000) Push Label, PE1


Prefix Preference Next-hopIP1 Backup (0x4000) Push Label, PE2

PE1 L3VPN forwarding table (after failure), local repair

Traffic

Local AreaNetwork

HostIP1 in Subnet A

Subnet A

Backup route selection is based on the exact match (local subnet A should match a prefix received from the backup)

Populated during the ARP / NDP process (only v4 /32 or v6 /128 are subject to FRR backup selection)


HOST FAST REROUTEPLATFORM SUPPORT

PLATFORM M/MX, T/TX

LINE CARD Any

ADDITIONAL REQUIREMENTS

vrf-table-label or vt-

JUNOS 11.4R3


IPv4 and IPv6

OTHER L3 VPN

Features

SW FEATURE

Post 14.2 Support for static routes

Post 14.2 Support for EIBGP learned routes

Further Improvements


FAILURE SCENARIOS, EDGE NODE FAILURE

PPE PE

CPE CPE

DETECTION


BFD


SCALING



LOCAL REPAIR

L3 VPN Tail End Protection

L2 Circuit Tail End protection




Route 5.5.5.5,

higher metric

L3 VPN TAIL END PROTECTIONOVERVIEW

P1PE1(Primary)

PE3

CPE1 CPE2

PE2(Protector) PE4P2

Task 1: Program Local Repair (Loop Free Alternates case)

Route 5.5.5.5

Per-prefixLFA DecisionPE2 selected as a LFA for 5.5.5.5 prefix


100Primary Pop, PE1Backup Swap to 101, PE2

P1 mpls.0 switching table

Implicit nulllabel

Route 5.5.5.5

Label 100

Label 101

ge-1/0/0.0

ge-1/0/1.0


Label 101


P1PE1(Primary)

PE3

CPE1 CPE2

PE2(Protector) PE4Context Id (5.5.5.5)

Identifies protection pair P2

Task 2: Mirror Service Labels

iBGP

Label Action / Next-hop101 Pop, lookup via __5.5.5.5__.mpls.0


Label Action / Next-hop16 See next task #3

PE2 __5.5.5.5__.mpls.0 switching table

Label Preference Next-hop16 Primary (0x1) ge-1/0/0.0


iBGP

VPNv4 route10.0.0.1/24

Label 16

iBGP

Route 5.5.5.5,

higher metric

ge-1/0/0.0

ge-1/0/1.0


Only routes with next hopset to 5.5.5.5 (context id) are selected


P1PE1(Primary)

PE3

CPE1 CPE2

PE2(Protector) PE4

ge-1/0/0.0

ge-1/0/1.0


P2

Task 3: Program a backup next-hop on the protector

Label Action / Next-hop16 vt- or table next-hop (__5.5.5.5-<vrf>__.inet.0)

PE2 __5.5.5.5__.mpls.0 switching table

Backup next-hop can be selected from direct routes / eBGP or iBGP.In general, protector and backup PE functionality can be decoupled. Protector does not have to have connectivity to the CPE device and can be located elsewhere

Route Action / Next-hopIP ge-1/0/1.0

PE2 __5.5.5.5-<vrf>__.inet.0 (IP)


L3 VPN TAIL END PROTECTION PLATFORM SUPPORT

PLATFORM M/MX, T/TX

LINE CARD Any

PE ROUTERADDITIONAL REQUIREMENTS

vrf-table-label or vt-

PROTECTORADDITIONAL REQUIREMENTS

vt- for context lookup in non “enhanced-ip”

JUNOS 11.4R3


IPv4 and IPv6

IGP SUPPORT IS-IS (due to per-prefix LFA)

SIGNALLING LDP

OTHER L3 VPN

Features

TOPOLOGY REQUIREMENTS (JUNOS 11.4, LDP LFA-BASED)

Protector should not be in the regular data path, otherwise traffic will get forwarded to the backup PE

In general, the router performing local repair should have a direct link to the protector or a backup LSP to the protector



Loopback Address (1.1.1.1)Route 5.5.5.5

LDP STUB ALIAS MODE FOR LOCAL REPAIR

P1PE1(Primary)

PE3

CPE1 CPE2

PE4P2

Steer traffic to a protector which is several hops away

Route 5.5.5.5


100Primary Pop, PE1Backup Swap to 101, Push 103 (top), P

P1 mpls.0 switching table

Implicit nulllabel

Route 5.5.5.5

Label 100

Label 101(in an IGP TLV)

Route 1.1.1.1PE2(Protector)

LDP Label 102

Route 1.1.1.1Label 103

Populated from inet.5 table used to store stub-alias routes

Route Protocol next-hop Next-hop5.5.5.5 1.1.1.1 Push 101, Push 103 (top), P

P1 inet.5 routing table

Transport label to reach 1.1.1.1 (LDP)Identifies 5.5.5.5 context

(comes from the IGP TLV)

ge-1/0/0.0

ge-1/0/1.0


Description CSPF algorithm at ingress PE will always choose paths that go through primary PE

(preferred link to reach the stub node) But CSPF algorithm at the core site (P1) will choose the paths through protector for

next-nexthop bypass LSPs Regular facility backup behavior applies, no change is required

TAIL END PROTECTIONRSVP TE SUPPORT

P1PE1(Primary)

PE3

CPE1 CPE2

PE4P2

Enables tail end protection for RSVP signaling PE2

(Protector)

Stub node,context id 5.5.5.5

RSVP TE LSP

Bypass LSP

Regular next-nexthop bypass LSP

Regular Facility Backup Node Protection

Advertised with zero bandwidth, and max

TE metric


STUB ALIAS AND STUB NODE FEATURES

Software and featuresJUNOS 13.3

STUB ALIAS IMPLEMENTATION DRAFT COMPLIANCE

draft-gredler-isis-label-advertisement-03

IGP SUPPORT FOR STUB ALIAS IS-IS

IGP SUPPORT FOR STUB NODE IS-IS and OSPF

PLATFORM SUPPORT MX/T

http://tools.ietf.org/html/draft-gredler-isis-label-advertisement-03


Assumptions Symmetric deployment with mutual protection In tail end protection case, protector and backup PE are merged Same context ID is used for all VRFs / VCs (2 context IDs per protection pair)

PE ROUTER CONFIGURATION COMPLEXITY ANALYSIS

FEATUREPRIMARY PE BACKUP PE

STATEMENTS REFERENCES STATEMENTS REFERENCES

L2 CIRCUIT EGRESS PROTECTION

1 per VC Backup PE IP 3 per VCProtected VC Egress PEProtected VC Ingress PE

Protected VC ID

L2 CIRCUIT TAILEND PROTECTION

1 per VC Backup PE IP 3 per VCProtected VC Egress PEProtected VC Ingress PE

Protected VC ID

L3 VPN EGRESS PROTECTION FOR BGP

2 per VRF 0 0 0

HOST FAST REROUTE 1 per interface 0 0 0

L3 VPN TAILEND PROTECTION 1 per VRF 0 0 0

New VC / VRF / interface – specific configuration statements and references

Notes Statement is a configuration statement such as “set routing-instances vrf1 protocols bgp family

inet unicast protection“ Reference is an ID external to this router pair (e.q. Protected VC ID)


TAILEND PROTECTION PLANS

SW FEATURE

12.3 L2 Circuit support (LDP signaling)

13.3 RSVP Support (stub node)

13.3IS-IS stub alias advertisements by PE and backup selection by P (protector may be multiple hops away from PLR in LDP case)

14.1Support for labeled-unicast (Enables border router protection in Seamless MPLS designs)

Support by software release


Route BGP NHA1 PE-SITE-B-2…AN PE-SITE-B-2

Route BGP NHA1 PE-SITE-B-1…AN PE-SITE-B-1

BGP CONVERGENCE IMPROVEMENTSPREFIX INDEPENDENT CONVERGENCE

When one remote PE fails, next-hops for all routes have to be updated, process takes time and contributes to the service interruption (assuming no tailend protection is in place)

Without this feature, each route is updated individually With this feature only one update is required for a given primary / backup router pair The goal is to converge in less than 1s

MPLS Core

Prefix A1…AN

Prefix A1…AN

PE-SITE-B-1

PE-SITE-B-2

PE-SITE-A

Routing Table (simplified view)

Traffic

Traffic


BGP CONVERGENCE IMPROVEMENTSPLATFORM SUPPORT AND TEST RESULTS

N OF ROUTESN OF PE PRIMARY /

BACKUP PAIRSCONVERGENCE

100000 500 <1s

400000 500 <1s

PLATFORM MX, T

LINE CARD Trio

MX MIXED MODE

Yes, but enhanced-ip is

preferred

JUNOS 13.2

Software and hardware

Convergence Test Results (in enhanced-ip mode)

ADDRESS FAMILIES

VPNv4 / VPNv6

TRANSPORTSIGNALING

LDP

OTHERCan be enabled with / without iBGP multipath

Features


MULTICAST RESILIENCY


MULTICAST ONLY FAST REROUTE OVERVIEW

Fast switchover to another multicast stream from the same sourcein case of an upstream interface failure

R5R3

Multicast Source

R2

R6

R4

Multicast Receiver Discards traffic

from the backup path

Sends joins to both upstreams R1

Problem Statement Upstream interface failure will results in a traffic loss. The loss duration is in order of

seconds. IGP convergence followed by a PIM join to the new path is required to complete.

Solution Join to both sources and use only one at a time If one interface, switch to another immediately, no additional signaling required


MULTICAST ONLY FAST REROUTE OVERVIEWPLATFORM SUPPORT

PLATFORM MX

LINE CARD Trio

MIXED MODE No

JUNOS VERSION 14.1

Software and hardwarePROTOCOLS PIM and mLDP

BACKUP INTERFACE SELECTION

Same metric, next least metric, disjoint paths

DRAFT/RFC draft-karan-mofrr-02

Features

http://tools.ietf.org/html/draft-karan-mofrr-02

http://tools.ietf.org/html/draft-karan-mofrr-02

End to End Convergence

Technology

Transcript of End to End Convergence