end to end convergence
DESCRIPTION
Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014. Докладчик -- Product Line Manager компании Juniper Дмитрий Шокарев. Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь: http://www.youtube.com/watch?v=R2groq4YMaQTRANSCRIPT
END TO END CONVERGENCE
Dmitry Shokarev
Product Line Management
Routing Business Unit
2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
NETWORK RESILIENCY MECHANISMS
* Sterbenz, James PG, et al. "Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines." Computer Networks 54 (2010): 1245-1265.
“Resilience as the ability of the network to provideand maintain an acceptable level of service in the face of variousfaults and challenges to normal operation.” *
In general, many ways to quantify resilience, some suggest to use availability as a metric. Using this metric, resiliency can be improved by reducing repair time or improving convergence.
3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Service Restored(sub-optimal path)
WHAT CONTRIBUTES TO CONVERGENCE
R3 R4R2 R5
R1 R6
R4
Failure
R6
Detect Failure
Flood Information
Repair Locally (Update FIB)
Select new path
Update FIB
Traffic re-routed over a backup path
10 – 40 ms <100 ms
<10s
<1s <100 ms
Time
R9 R8R10 R7
4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
FAILURE SCENARIOS, CORE INTERFACE FAILURE
P PPE PE
CPE CPE
DETECTION
Link Fault Signaling
BFD
Ethernet OAM(LFM or CFM)
Other
SCALING
Hierarchical FIB(indirect, composite or selector next-hops) to
converge independent of the number of prefixes / LSPs
LOCAL REPAIR
RSVP TE Facility Backup
RSVP TE Fast Reroute (Detour)
Loop Free Alternates
Convergence mechanisms in use
5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
BFD PER MEMBER LINK IN A LAGOVERVIEW
Transport Equipment
Transport Equipment
Problem Statement When some other transmission equipment is in the path between routers, local link status may not be correctly
propagated to the remote end (fast enough) and may even lead to black holes Regular BFD can not guarantee failure detection at a particular link of a LAG bundle (BFD is IP based and
subject to hashing / balancing)
Solution draft-mmm-bfd-on-lags-05 defines an approach where multiple micro-BFD sessions are deployed, one session
per link If micro-BFD session fails, link is declared down and removed from a group
Local link status may not be propagated to the remote end
(fast enough)
Micro-BFDSession N
Micro-BFDSession #1
6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
BFD PER MEMBER LINK IN A LAGPLATFORM SUPPORT AND SCALING
N SESSIONS INTERVAL LEVEL
30 10 ms Line card
150 50 ms Line card
300 100 ms Line card
900 300 ms Line card
PLATFORM MX, T, PTX
LINE CARDTrio, Express, FPC4, FPC3
MX MIXED MODE
Yes
JUNOS 13.3
Software and hardware
Regular Distributed BFD scaling applies
PROTOCOLS IPv4 and IPv6
DRAFT/RFCImplementation is based ondraft-mmm-bfd-on-lags-05
OTHER
Can co-exist with LACP,Supported on Tagged /
Untagged interfacesConfigured directly on the
ae interface
Features
7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
FAILURE SCENARIOS, EDGE LINK FAILURE
PE PE
CPE CPE
DETECTION
Link Fault Signaling
BFD
Ethernet OAM(LFM or CFM)
LOCAL REPAIR
L2 Circuit Egress Protection
L3 VPN Egress Protection
Convergence mechanisms in use
P
8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Prefix A
L3 VPN EGRESS PROTECTION FOR BGPOVERVIEW
PPE1 PE3
CPE1 CPE2
PE2 PE4
Prefix Preference Next-hop
APrimary (0x1) CPE1
Backup (0x4000)Push Service Label L, PE2
PE1 L3VPN forwarding table (simplified view)
Prefix A
EBGP
iBGP
Prefix Preference Next-hop
APrimary (0x1) CPE1
Backup (0x4000)Push Service Label L’, PE1
PE2 L3VPN forwarding table (simplified view)
Prefix Preference Next-hop
ABackup
(0x4000)Push Service Label L, PE2
PE1 L3VPN forwarding table (after failure), local repair
TrafficEBGP
Prefix AService Label L
9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
L3 VPN EGRESS PROTECTION FOR BGPPLATFORM SUPPORT
PLATFORM M/MX, T/TX
LINE CARD Any
JUNOS 12.3R1
Software and hardwarePROTOCOL SUPPORT
IPv4 and IPv6
PE-CE PROTOCOL
BGP
OTHERCompatible with eiBGP multipath
Features
10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Protecting LSP transport label, Ultimate Hop Popping is
enabled to resolve ambiguity
LSP to 5.5.5.5(UHP ON)
Label : 100
L2 CIRCUIT EGRESS PROTECTIONOVERVIEW
PPE1(Primary)
PE3
CPE1 CPE2
Virtual Circuit 2
Virtual Circuit 1PE2(Protector) PE4
Label Preference Next-hop
100Primary (0x1) ge-1/0/0.0
Backup (0x4000) Push 101, PE2
PE1 mpls.0 switching tableLabel Action / Next-hop
101Pop to vt-, and lookup via
__5.5.5.5__.mpls.0
PE2 mpls.0 switching table
Label Action / Next-hop100 ge-1/0/1.0
PE2 __5.5.5.5__.mpls.0 switching tableService Label is
synchronized with Primary PE
RSVP Label :101
Context Id (5.5.5.5)Identifies protection pair
ge-1/0/0.0
ge-1/0/1.0
Protection VC
PW Label :100
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
L2 CIRCUIT EGRESS PROTECTIONPLATFORM SUPPORT
PLATFORM M/MX, T/TX
LINE CARD Any
ADDITIONAL REQUIREMENTS
Tunnel Services
JUNOS 10.4
Software and hardwarePW SIGNALING LDP
OTHER
Features
SW FEATURE
13.2 Egress protection for Inter-AS case
13.3 Egress protection for BGP-Labeled Unicast
Related Features
12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
FAILURE SCENARIOS, EDGE LINK FAILURE (SWITCHED ACCESS)
DETECTION
Link Fault Signaling
BFD
Ethernet OAM(LFM or CFM)
SCALING
Hierarchical FIB(indirect, composite or selector next-hops) to
converge independent of the number of prefixes / LSPs
LOCAL REPAIR
Host FRR
Convergence mechanisms in use
PE PE
Host CPE
P
Local AreaNetwork
13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
HOST FAST REROUTE OVERVIEW
PPE1 PE3
CPE
PE2 PE4
Prefix Preference Next-hop
IP1Primary (0x1) Host
Backup (0x4000) Push Label, PE2
PE1 L3VPN forwarding table (simplified view)
iBGP
Prefix Preference Next-hop
IP1Primary (0x1) Host
Backup (0x4000) Push Label, PE1
PE2 L3VPN forwarding table (simplified view)
Prefix Preference Next-hopIP1 Backup (0x4000) Push Label, PE2
PE1 L3VPN forwarding table (after failure), local repair
Traffic
Local AreaNetwork
HostIP1 in Subnet A
Subnet A
Backup route selection is based on the exact match (local subnet A should match a prefix received from the backup)
Populated during the ARP / NDP process (only v4 /32 or v6 /128 are subject to FRR backup selection)
14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
HOST FAST REROUTEPLATFORM SUPPORT
PLATFORM M/MX, T/TX
LINE CARD Any
ADDITIONAL REQUIREMENTS
vrf-table-label or vt-
JUNOS 11.4R3
Software and hardwarePROTOCOL SUPPORT
IPv4 and IPv6
OTHER L3 VPN
Features
SW FEATURE
Post 14.2 Support for static routes
Post 14.2 Support for EIBGP learned routes
Further Improvements
15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
FAILURE SCENARIOS, EDGE NODE FAILURE
PPE PE
CPE CPE
DETECTION
Link Fault Signaling
BFD
Ethernet OAM(LFM or CFM)
SCALING
Hierarchical FIB(indirect, composite or selector next-hops) to
converge independent of the number of prefixes / LSPs
LOCAL REPAIR
L3 VPN Tail End Protection
L2 Circuit Tail End protection
Convergence mechanisms in use
16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Context Id (5.5.5.5)Identifies protection pair
Route 5.5.5.5,
higher metric
L3 VPN TAIL END PROTECTIONOVERVIEW
P1PE1(Primary)
PE3
CPE1 CPE2
PE2(Protector) PE4P2
Task 1: Program Local Repair (Loop Free Alternates case)
Route 5.5.5.5
Per-prefixLFA DecisionPE2 selected as a LFA for 5.5.5.5 prefix
Label Preference Next-hop
100Primary Pop, PE1Backup Swap to 101, PE2
P1 mpls.0 switching table
Implicit nulllabel
Route 5.5.5.5
Label 100
Label 101
ge-1/0/0.0
ge-1/0/1.0
17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Label 101
L3 VPN TAIL END PROTECTIONOVERVIEW
P1PE1(Primary)
PE3
CPE1 CPE2
PE2(Protector) PE4Context Id (5.5.5.5)
Identifies protection pair P2
Task 2: Mirror Service Labels
iBGP
Label Action / Next-hop101 Pop, lookup via __5.5.5.5__.mpls.0
PE2 mpls.0 switching table
Label Action / Next-hop16 See next task #3
PE2 __5.5.5.5__.mpls.0 switching table
Label Preference Next-hop16 Primary (0x1) ge-1/0/0.0
PE1 mpls.0 switching table
iBGP
VPNv4 route10.0.0.1/24
Label 16
iBGP
Route 5.5.5.5,
higher metric
ge-1/0/0.0
ge-1/0/1.0
18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Only routes with next hopset to 5.5.5.5 (context id) are selected
L3 VPN TAIL END PROTECTIONOVERVIEW
P1PE1(Primary)
PE3
CPE1 CPE2
PE2(Protector) PE4
ge-1/0/0.0
ge-1/0/1.0
Context Id (5.5.5.5)Identifies protection pair
P2
Task 3: Program a backup next-hop on the protector
Label Action / Next-hop16 vt- or table next-hop (__5.5.5.5-<vrf>__.inet.0)
PE2 __5.5.5.5__.mpls.0 switching table
Backup next-hop can be selected from direct routes / eBGP or iBGP.In general, protector and backup PE functionality can be decoupled. Protector does not have to have connectivity to the CPE device and can be located elsewhere
Route Action / Next-hopIP ge-1/0/1.0
PE2 __5.5.5.5-<vrf>__.inet.0 (IP)
19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
L3 VPN TAIL END PROTECTION PLATFORM SUPPORT
PLATFORM M/MX, T/TX
LINE CARD Any
PE ROUTERADDITIONAL REQUIREMENTS
vrf-table-label or vt-
PROTECTORADDITIONAL REQUIREMENTS
vt- for context lookup in non “enhanced-ip”
JUNOS 11.4R3
Software and hardwarePROTOCOL SUPPORT
IPv4 and IPv6
IGP SUPPORT IS-IS (due to per-prefix LFA)
SIGNALLING LDP
OTHER L3 VPN
Features
TOPOLOGY REQUIREMENTS (JUNOS 11.4, LDP LFA-BASED)
Protector should not be in the regular data path, otherwise traffic will get forwarded to the backup PE
In general, the router performing local repair should have a direct link to the protector or a backup LSP to the protector
20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Context Id (5.5.5.5)Identifies protection pair
Loopback Address (1.1.1.1)Route 5.5.5.5
LDP STUB ALIAS MODE FOR LOCAL REPAIR
P1PE1(Primary)
PE3
CPE1 CPE2
PE4P2
Steer traffic to a protector which is several hops away
Route 5.5.5.5
Label Preference Next-hop
100Primary Pop, PE1Backup Swap to 101, Push 103 (top), P
P1 mpls.0 switching table
Implicit nulllabel
Route 5.5.5.5
Label 100
Label 101(in an IGP TLV)
Route 1.1.1.1PE2(Protector)
LDP Label 102
Route 1.1.1.1Label 103
Populated from inet.5 table used to store stub-alias routes
Route Protocol next-hop Next-hop5.5.5.5 1.1.1.1 Push 101, Push 103 (top), P
P1 inet.5 routing table
Transport label to reach 1.1.1.1 (LDP)Identifies 5.5.5.5 context
(comes from the IGP TLV)
ge-1/0/0.0
ge-1/0/1.0
21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Description CSPF algorithm at ingress PE will always choose paths that go through primary PE
(preferred link to reach the stub node) But CSPF algorithm at the core site (P1) will choose the paths through protector for
next-nexthop bypass LSPs Regular facility backup behavior applies, no change is required
TAIL END PROTECTIONRSVP TE SUPPORT
P1PE1(Primary)
PE3
CPE1 CPE2
PE4P2
Enables tail end protection for RSVP signaling PE2
(Protector)
Stub node,context id 5.5.5.5
RSVP TE LSP
Bypass LSP
Regular next-nexthop bypass LSP
Regular Facility Backup Node Protection
Advertised with zero bandwidth, and max
TE metric
22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
STUB ALIAS AND STUB NODE FEATURES
Software and featuresJUNOS 13.3
STUB ALIAS IMPLEMENTATION DRAFT COMPLIANCE
draft-gredler-isis-label-advertisement-03
IGP SUPPORT FOR STUB ALIAS IS-IS
IGP SUPPORT FOR STUB NODE IS-IS and OSPF
PLATFORM SUPPORT MX/T
23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Assumptions Symmetric deployment with mutual protection In tail end protection case, protector and backup PE are merged Same context ID is used for all VRFs / VCs (2 context IDs per protection pair)
PE ROUTER CONFIGURATION COMPLEXITY ANALYSIS
FEATUREPRIMARY PE BACKUP PE
STATEMENTS REFERENCES STATEMENTS REFERENCES
L2 CIRCUIT EGRESS PROTECTION
1 per VC Backup PE IP 3 per VCProtected VC Egress PEProtected VC Ingress PE
Protected VC ID
L2 CIRCUIT TAILEND PROTECTION
1 per VC Backup PE IP 3 per VCProtected VC Egress PEProtected VC Ingress PE
Protected VC ID
L3 VPN EGRESS PROTECTION FOR BGP
2 per VRF 0 0 0
HOST FAST REROUTE 1 per interface 0 0 0
L3 VPN TAILEND PROTECTION 1 per VRF 0 0 0
New VC / VRF / interface – specific configuration statements and references
Notes Statement is a configuration statement such as “set routing-instances vrf1 protocols bgp family
inet unicast protection“ Reference is an ID external to this router pair (e.q. Protected VC ID)
24 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
TAILEND PROTECTION PLANS
SW FEATURE
12.3 L2 Circuit support (LDP signaling)
13.3 RSVP Support (stub node)
13.3IS-IS stub alias advertisements by PE and backup selection by P (protector may be multiple hops away from PLR in LDP case)
14.1Support for labeled-unicast (Enables border router protection in Seamless MPLS designs)
Support by software release
25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Route BGP NHA1 PE-SITE-B-2…AN PE-SITE-B-2
Route BGP NHA1 PE-SITE-B-1…AN PE-SITE-B-1
BGP CONVERGENCE IMPROVEMENTSPREFIX INDEPENDENT CONVERGENCE
When one remote PE fails, next-hops for all routes have to be updated, process takes time and contributes to the service interruption (assuming no tailend protection is in place)
Without this feature, each route is updated individually With this feature only one update is required for a given primary / backup router pair The goal is to converge in less than 1s
MPLS Core
Prefix A1…AN
Prefix A1…AN
PE-SITE-B-1
PE-SITE-B-2
PE-SITE-A
Routing Table (simplified view)
Traffic
Traffic
26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
BGP CONVERGENCE IMPROVEMENTSPLATFORM SUPPORT AND TEST RESULTS
N OF ROUTESN OF PE PRIMARY /
BACKUP PAIRSCONVERGENCE
100000 500 <1s
400000 500 <1s
PLATFORM MX, T
LINE CARD Trio
MX MIXED MODE
Yes, but enhanced-ip is
preferred
JUNOS 13.2
Software and hardware
Convergence Test Results (in enhanced-ip mode)
ADDRESS FAMILIES
VPNv4 / VPNv6
TRANSPORTSIGNALING
LDP
OTHERCan be enabled with / without iBGP multipath
Features
27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
MULTICAST RESILIENCY
28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
MULTICAST ONLY FAST REROUTE OVERVIEW
Fast switchover to another multicast stream from the same sourcein case of an upstream interface failure
R5R3
Multicast Source
R2
R6
R4
Multicast Receiver Discards traffic
from the backup path
Sends joins to both upstreams R1
Problem Statement Upstream interface failure will results in a traffic loss. The loss duration is in order of
seconds. IGP convergence followed by a PIM join to the new path is required to complete.
Solution Join to both sources and use only one at a time If one interface, switch to another immediately, no additional signaling required
29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
MULTICAST ONLY FAST REROUTE OVERVIEWPLATFORM SUPPORT
PLATFORM MX
LINE CARD Trio
MIXED MODE No
JUNOS VERSION 14.1
Software and hardwarePROTOCOLS PIM and mLDP
BACKUP INTERFACE SELECTION
Same metric, next least metric, disjoint paths
DRAFT/RFC draft-karan-mofrr-02
Features