1. 最简配置如下,只有一个egress出口,这时会用cspf算法在ted里面计算一条lsp出来,
若这条lsp断掉,那么会尝试重新计算一条新的路径到192.168.32.1的lsp,
若不能找到另一条路径,那么lsp转发断掉。如果有IPv4转发,那么利用IPv4进行转发。
[edit protocols mpls]
user@Sherry# show label-switched-path Sherry-to-Char
to 192.168.32.1;
2. 有一条primary path,这个path就是RSVP里面的ERO,也就是强制路径-指必须通过指定的节点。
这时会用cspf算法在ted里面计算一条通过primary path指定节点的lsp出来,
若这条lsp断掉,那么会尝试重新计算一条新的路径到192.168.32.1的lsp(必须通过primary path指定节点),
若不能找到另一条路径,那么lsp转发断掉。如果有IPv4转发,那么利用IPv4进行转发。
若primary path不能建立,那么系统会根据一个计时器retry-timer以及计数器retry limit来控制重试建立之。
原则1:若配置了primary path,那么当它可用时,系统必须用它来创建到egress的LSP。
[edit protocols mpls]
user@Sherry# show label-switched-path Sherry-to-Char
to 192.168.32.1;
primary via-Chablis {
bandwidth 20m;
}
path via-Chablis {
192.168.24.1 loose;
}
3. 有一条primary path以及至少一条secondary path。
这时会用cspf算法在ted里面计算一条通过primary path指定节点的LSP出来,(这时primary path是active,secondary path是down)
若这条primary path断掉,ingress router会收到下游router送来的ResvTear消息,ingress router就会clear the primary path.
然后ingress router会利用secondary path重新计算一条新的路径到192.168.32.1的lsp(必须通过 secondary path 指定节点),
若成功建立,那么ingress router会即时用这条新的path转发MPLS流量。
若不能重新建立到egress的LSP,那么lsp转发断掉。如果有IPv4转发,那么利用IPv4进行转发。
注意:当primary path断掉并且ingress router clear 掉这个 primary path后,就会启用计时器retry-timer,其超时后就开始尝试重新建立primary path。
若重新建立起来primary path,系统会等待大约两个retry-timer的时间来确保刚建立的primary path是稳定可靠的。若经过两个retry-timer的时间后,这个
primary path仍为up的,那么系统就将primary path设为这条LSP的active path,MPLS流量自动从secondary path切回到primary path上来。
切换成功后,系统并不立即clear掉secondary path,而是等待大约两个retry-timer的时间来确保刚建立的primary path是稳定可靠的。若经过两个retry-timer的时间后,
这个primary path仍为up的,这时才会clear掉secondary path。
[edit protocols mpls]
user@Sherry# show label-switched-path Sherry-to-Char
to 192.168.32.1;
primary via-Chablis {
bandwidth 20m;
}
secondary via-Chianti {
bandwidth 10m;
}
总结:
1. 先clearprimary path。
2. 再建立secondary path。
3. 这时才把MPLS流量切到secondary path上来。
这个切换过程会导致MPLS流量的转发黑洞(走非MPLS路径或直接无路径)。
4. secondary path的standby的特性。
系统创建好primary path之后,并将其选择为active path。然后系统会根据ted来创建secondary path,并设为Up状态。
这样当primary path因为link down等原因被clear时,因为secondary path是Up状态,系统直接将其设置为这条LSP的active path,流量就直接切过来了。
当primary path恢复之后,和上面3的过程一样,系统会等待大约两个retry-timer的时间来确保刚建立的primary path是稳定可靠的。若经过两个retry-timer的时间后,这个
primary path仍为up的,那么系统就将primary path设为这条LSP的active path,MPLS流量自动从secondary path切回到primary path上来。
切换成功后,系统并不clear掉secondary path,而是一直将其保持为Up状态。
[edit protocols mpls]
user@Sherry# show label-switched-path Sherry-to-Char
to 192.168.32.1;
primary via-Chablis {
bandwidth 20m;
}
secondary via-Chianti {
bandwidth 10m;
standby;
}
5. 上面的3,4已经起到一定的保护作用,但是根据上面的原则1:若配置了primary path,那么当它可用时,系统必须用它来创建到egress的LSP。
系统会在primary path恢复之后,尝试切换到其上,导致流量反复切换,可能引起一定的问题。所以希望在primary path恢复之后,流量仍然保持
在secondary path上。但是由于原则1的存在,所以我们的解决方案是:不配置primary path,而是配置多个secondary path。
这个方案已经很完善了,通过配置多个secondary path,并且将它们均设置为up状态。
root@r1# show protocols mpls
label-switched-path tor7 {
to 10.0.9.7;
bandwidth 700m;
secondary r1-r7-backup {
standby;
}
secondary 2 {
standby;
}
}
root@r1# run show mpls lsp ingress detail
Ingress LSP: 1 sessions
10.0.9.7
From: 10.0.6.1, State: Up, ActiveRoute: 1, LSPname: tor7
ActivePath: r1-r7-backup (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
* Standby r1-r7-backup State: Up
Priorities: 7 0
Bandwidth: 700Mbps
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
10.0.4.13 10.0.2.6 10.0.2.17
Standby 2 State: Up
Priorities: 7 0
Bandwidth: 700Mbps
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
10.0.4.13 10.0.2.6 10.0.2.17
Total 1 displayed, Up 1, Down 0
6. 上面所有的措施都存在问题,因为当LSP的某个node检测到link down等故障时,会一路沿上游向ingress router发送ResvTear错误信息,当ingress router收到之后,
才会采取进一步的措施,比如切换到secondary path上去,但是在这个错误发生到感知到错误并开始切换的过程,会导致流量丢失。
由于以上的缺点,需要进一步的链路保护措施,这就是fast reroute,包含node protection和link protection两种。
这两种方案都是在沿途各节点建立备份LSP,从而在故障发生时,故障发生点在第一时间感知到故障之后,立刻在自身上执行流量切换,然后才通知ingress router发生了故障并且已完成切换。
a) node protection配置:
配置之后,LSP沿途各node,包括ingress router都会建立一条到egress router的detour lsp,并且专为这条LSP使用。是1:1的保护模式。
root@r6# show protocols mpls
label-switched-path r6-r4 {
to 10.0.3.4;
fast-reroute;
primary r6-r4;
}
path r6-r4 {
10.0.3.3 loose;
}
interface all;
b) link protection配置:
首先在MPLS LSP下启用 link protection,然后在LSP路径上需要进行 link protection的节点的RSVP下的具体接口上启用 link protection。
注意,这个启用 link protection了RSVP具体接口可以为每一个经过该link并且在ingress router上启用了 link protection的LSP使用,是N:1的保护模式。
root@r6# show protocols mpls
label-switched-path r6-r4 {
to 10.0.3.4;
link protection ;
primary r6-r4;
}
path r6-r4 {
10.0.3.3 loose;
}
interface all;
root@r3# show protocols rsvp
interface all;
interface ge-0/0/6.0 {
link-protection;
}
c) Node-Link Protection
While link protection is useful for selecting an alternate path to the same router when a link fails, node-link protection establishes a bypass LSP through a different router altogether. For Case 1 in Figure 1, link protection allows an LSP to switch to link B and immediately bypass failed link A. However, if Router B fails, link B will fail and the link-protected LSP will be lost.----link protection只负责将到下一跳路由器的路径切换到备用路径上去。
With node-link protection, the backup LSP can switch to link D instead and bypass the failed links and router. Another benefit of node-link protection shown in Case 2 is that a node-link-protected LSP can act like a link-protected LSP and switch to link B if link D is unavailable.
----node-link protection可以绕过下一跳router,直接到达下一跳router的下一跳router。(A绕过B,建立一条到C的备用path)
Figure 1: Link Protection and Node-Link Protection Comparison
Junos OS signals bypass LSPs dynamically when a protected LSP transverses the protected link.
----首先这条LSP必须是启用了link protection或node-link protection的,其次这条LSP经过受link protection保护的link。
The software determines if the protected LSP needs a node bypass or a link bypass and prepares the necessary bypass LSP automatically. The bypass LSP is torn down automatically when a protected LSP does not use the link.----根据下面的show命令来看,bypass-lsp先建立好并且是up状态,所以这里说的是当取消link protection的配置等情况发生后,这条创建的bypass lsp会被自动删除掉。只要link protection在起作用,那么bypass lsp就不能删除而且必须保持up状态。
Because the creation and removal of bypass LSPs is automatic, network resources can be used for other purposes when the bypass LSP is not needed. Likewise, network administrators do not need to configure bypass LSPs statically and can focus their maintenance efforts elsewhere.
注意:
1. node-link protection和link protection都是在mpls lsp下启用,并且是互斥的。
2.
1. 启用了link protection之后:
root@r3# run show rsvp session transit name r6-r4 extensive
Transit RSVP: 4 sessions
10.0.3.4
From: 10.0.9.6, LSPstate: Up, ActiveRoute: 1
LSPname: r6-r4, LSPpath: Primary
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 3
Resv style: 1 SE, Label in: 300256, Label out: 3
Time left: 132, Since: Sun Dec 16 03:07:41 2012
Tspec: rate 120Mbps size 120Mbps peak Infbps m 20 M 1500
Port number: sender 3 receiver 59673 protocol 0
Link protection desired
Type: Link protected LSP, using Bypass->10.0.2.6
3 Dec 16 03:10:11 Link protection up, using Bypass->10.0.2.6
2 Dec 16 03:10:05 New bypass Bypass->10.0.2.6
1 Dec 16 03:09:20 Link protection disabled on outbound interface[5 times]
PATH rcvfrom: 10.0.2.13 (ge-0/0/4.0) 14 pkts
Adspec: received MTU 1500 sent MTU 1500
PATH sentto: 10.0.2.6 (ge-0/0/6.0) 19 pkts
RESV rcvfrom: 10.0.2.6 (ge-0/0/6.0) 15 pkts
Explct route: 10.0.2.6
Record route: 10.0.2.13 10.0.3.4 (node-id) 10.0.2.6
Total 1 displayed, Up 1, Down 0
root@r3# run show rsvp session ingress detail
Ingress RSVP: 1 sessions
10.0.3.4
From: 10.0.3.3, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->10.0.2.6
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 300192
Resv style: 1 SE, Label in: -, Label out: 300192
Time left: -, Since: Sun Dec 16 03:10:05 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 20649 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 3
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.2.1 (ge-0/0/5.0) 24 pkts
RESV rcvfrom: 10.0.2.1 (ge-0/0/5.0) 24 pkts
Explct route: 10.0.2.1 10.0.2.10
Record route: 10.0.2.1 10.0.2.10
Total 1 displayed, Up 1, Down 0
2. 启用了node-link protection之后:
root@r1# show protocols mpls
label-switched-path tor7 {
to 10.0.9.7;
bandwidth 700m;
no-cspf;
node-link-protection;
adaptive;
primary r1-r7;
secondary r1-r7-backup {
standby;
}
}
root@r3# run show rsvp session transit name tor7 extensive
Transit RSVP: 4 sessions
10.0.9.7
From: 10.0.6.1, LSPstate: Up, ActiveRoute: 1
LSPname: tor7, LSPpath: Primary
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 299984
Resv style: 1 SE, Label in: 300272, Label out: 299984
Time left: 144, Since: Sun Dec 16 03:12:24 2012
Tspec: rate 700Mbps size 700Mbps peak Infbps m 20 M 1500
Port number: sender 8 receiver 50241 protocol 0
Node/Link protection desired
Type: Link protected LSP, using Bypass->10.0.2.6
3 Dec 16 03:31:08 New bypass Bypass->10.0.2.6->10.0.2.17[5 times]
2 Dec 16 03:12:27 Link protection up, using Bypass->10.0.2.6
1 Dec 16 03:12:24 New bypass Bypass->10.0.2.6->10.0.2.17
PATH rcvfrom: 10.0.4.14 (ge-0/0/1.0) 29 pkts
Adspec: received MTU 1500 sent MTU 1500
PATH sentto: 10.0.2.6 (ge-0/0/6.0) 35 pkts
RESV rcvfrom: 10.0.2.6 (ge-0/0/6.0) 29 pkts
Record route: 10.0.4.14 10.0.3.4 (node-id) 10.0.2.6
10.0.9.7 (node-id) 10.0.2.17
10.0.9.7
From: 10.0.6.1, LSPstate: Up, ActiveRoute: 1
LSPname: tor7, LSPpath: Secondary
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 300000
Resv style: 1 SE, Label in: 300288, Label out: 300000
Time left: 144, Since: Sun Dec 16 03:12:24 2012
Tspec: rate 700Mbps size 700Mbps peak Infbps m 20 M 1500
Port number: sender 9 receiver 50241 protocol 0
Node/Link protection desired
Type: Link protected LSP, using Bypass->10.0.2.6
1 Dec 16 03:12:24 Link protection up, using Bypass->10.0.2.6
PATH rcvfrom: 10.0.4.14 (ge-0/0/1.0) 29 pkts
Adspec: received MTU 1500 sent MTU 1500
PATH sentto: 10.0.2.6 (ge-0/0/6.0) 35 pkts
RESV rcvfrom: 10.0.2.6 (ge-0/0/6.0) 30 pkts
Record route: 10.0.4.14 10.0.3.4 (node-id) 10.0.2.6
10.0.9.7 (node-id) 10.0.2.17
Total 2 displayed, Up 2, Down 0
root@r3# run show rsvp session ingress detail ----这就是新创建的bypass-lsp。
Ingress RSVP: 1 sessions
10.0.3.4
From: 10.0.3.3, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->10.0.2.6
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 300192
Resv style: 1 SE, Label in: -, Label out: 300192
Time left: -, Since: Sun Dec 16 03:10:05 2012
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 20649 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 3
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.2.1 (ge-0/0/5.0) 39 pkts
RESV rcvfrom: 10.0.2.1 (ge-0/0/5.0) 39 pkts
Explct route: 10.0.2.1 10.0.2.10
Record route: 10.0.2.1 10.0.2.10 ----因为没有建立起来可以绕过r4的bypass lsp,所以建立了一条到r4的新path,也就是Bypass->10.0.2.6。
Total 1 displayed, Up 1, Down 0
系统检测到故障时的处理流程:
During a failure mode, the next upstream router from the point of failure immediately forwards
traffic for the LSP along the detour path. This quick decision allows for minimal packet
loss, if any occurs at all.
----检测到故障时,故障发生点的上游router第一时间进行流量切换。
This node also generates a PathErr message and forwards it to the
ingress router. The error message is designed to alert the ingress that a failure occurred along
the path and that the detour is being used to forward traffic.
----切换完成后,产生PathErr message去通知ingress router发生了故障并且已经完成切换。
The action taken by the ingress router then depends on its configuration and the state of the network.
----ingress router的后续动作取决于它的配置。
a) If a standby secondary path is established, the ingress router begins using it to forward
traffic. The primary path, along with the detours, are torn down and the ingress attempts to
locate another primary path through the network matching the LSP constraints.
----若这时一条standby secondary path并且是up状态,那么ingress router开始用它来转发流量,
然后tear down使用了detours lsp的primary path,然后再尝试建立一个新的primary path。
b) This same process occurs when a secondary path is configured but is not in an Up state.
The ingress router signals and establishes the secondary path, moves traffic onto it, and tears down the primary path.
----若这时一条standby secondary path但不是up状态,那么ingress router先建立这个secondary path,然后开始用它来转发流量,
然后tear down使用了detours lsp的primary path,然后再尝试建立一个新的primary path。
c) If the ingress router has no secondary paths defined, it examines the TED to locate a new primary
path meeting the constraints. ----若有没有定义secondary paths,那么尝试建立一条新的primary path
If one is found, the ingress router creates a new primary path and moves the traffic onto it.
This process occurs in one of two fashions:----若成功建立了一条新的primary path,那么执行如下操作:
either the ingress router creates the new path, moves traffic, and tears down the old path or
the ingress tears down the old path, creates the new path, and moves the traffic.
----两种方案:建新path、切流量、tear down老path或者tear down老path、建新path、切流量。
至于选择哪种方案,取决于是否配置了adaptive这个feature。
The actions of the ingress router in this situation are controlled by the adaptive command,
d) The ingress router might encounter one final possibility
during a failure mode. There may be no secondary paths defined and the CSPF algorithm might
not find a new primary path that meets the LSP constraints.
----最后一种情况,没有定义secondary path,而且新的primary path也没能建立起来。
When this occurs, the ingress router continues using the existing path and the detours to forward traffic across the network.
----当最后一种情况发生后,路由器继续使用当前的path以及它的detour来转发流量。
综上:
1. adaptive是用来控制primary path与secondary path之间切换时的行为的。
2. fast reroute的两种方案都是用来保护当前active path的方法。
张蒙
2012.12.15
更新记录:
1. 2012-12-16 更新了node-link-protection模式。
To implement MPLS LSP link protection or node-link protection, your system must meet these minimum requirements: Junos OS Release 8.2 or later for support on MX Series routers Junos OS Release 7.4 or later for enhanced operational commands and system log messages for link protection and node-link protection Junos OS Release 7.3 or later for link protection of point-to-multipoint LSPs and for class of service on link-protected LSPs and bypass LSPs Junos OS Release 7.1 or later for multiple bypass LSPs, manual bypass LSPs, and link protection priority Junos OS Release 5.4 or later for link protection
