Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2

Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2

In the previous blog we covered downstream and node-protecting LFAs, as well as tie-breaking criteria. This blog covers the fourth inequality, which is specific to multi-access networks.

Author: Nicholas Russo


This blog is the third in a series covering IP Loop Free Alternate (LFA) paths using OSPFv2. In the previous blog, we covered downstream and node-protecting LFAs, as well as tie-breaking criteria. This blog covers the fourth inequality, which is specific to multi-access networks. The topology remains unchanged and is depicted below.

“Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2”

Inequality 4 is comparable to Inequality 3 that defined node protection. In fact, the logic is quite similar; node protection guarantees that the primary next-hop (E) is not traversed by a given LFA. Broadcast disjointedness guarantees that the pseudo-node (pn) is not traversed by a given LFA. This is computed by adding N’s distance to the pseudo-node and the pseudo-node’s distance to D.

Inequality 4 for broadcast disjointedness: dist(N,D) < dist(N,pn) + dist(pn,D)

This time, we’ll examine the path from R3 to R7. The shortest path from R3 (S) to R7’s loopback (D) is via R2 (E) as shown in the output below. R1 and R8 are candidate next-hop routers (N).

R3#show ip route ospf | include 10.0.0.7/32
O        10.0.0.7/32 [110/16] via 10.0.234.2, 06:02:44, GigabitEthernet3

Here are the variable assignments for reference. Neither R1 nor R8 uses R3 as a primary next-hop to reach 10.0.0.7/32, so both are worth evaluating as LFAs.

S = R3
E = R2
N = R1 or R8
D = R7's loopback0 prefix of 10.0.0.7/32

R1#show ip route ospf | include 10.0.0.7/32
O        10.0.0.7/32 [110/16] via 10.1.2.2, 06:03:16, GigabitEthernet2

R8#show ip route ospf | include 10.0.0.7/32
O        10.0.0.7/32 [110/21] via 10.4.8.4, 00:00:10, GigabitEthernet1

We’ll begin by evaluating N=R1 using all four inequalities. R1 is an LFA thanks to Inequality 1 being satisfied, providing basic link-protection at a minimum. The LFA is not downstream because both R1 and R3 are equidistant to R7’s loopback. The LFA does not provide node protection because both R1 and R3 traverse R2 (E) along their best paths to R7’s loopback. The LFA is broadcast disjoint because R1 does not traverse the pseudo-node, represented by the layer-2 switch in the diagram, along its shortest path to R6. Note that the logic of Inequality 4 is pessimistic; it assumes that the entire broadcast network fails. It’s possible that only a single link fails while the broadcast network remains mostly intact, but this is a poor assumption in a failure scenario.

let N=R1

ineq1: dist(N,D) < dist(S,D) + dist(N,S)
       dist(R1,R7) < dist(R3,R7) + dist(R1,R3)
       16 < 16 + 10 --> TRUE, it is an LFA

ineq2: dist(N,D) < dist(S,D)
       dist(R1,R7) < dist(R3,R7)
       16 < 16 --> FALSE, it is not downstream

ineq3: dist(N,D) < dist(N,E) + dist(E,D)
       dist(R1,R7) < dist(R1,R2) + dist(R2,R7)
       16 < 10 + 6 --> FALSE, it is not node protecting

ineq4: dist(N,D) < dist(N,pn) + dist(pn,D)
       dist(R1,R7) < dist(R1,pn) + dist(pn,R7)
       16 < 20 + 6 --> TRUE, it is broadcast disjoint

&ldquo;Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2&rdquo;

Next, consider R8 as an LFA candidate. R8 is farther away from R7 than R1 is, so it probably won’t be selected as the best LFA, even though it does satisfy Inequality 1. R8 is neither downstream nor node-protecting as Inequalities 2 and 3 are unsatisfied, respectively. Even worse, R8 is not broadcast disjoint. R3’s (S) best path to R7’s loopback (D) traverses the pseudo-node (pn) as does R8’s (N) best path to the same destination. If the switch fails, the entire broadcast network collapses, making R8 a less useful LFA. If only the link between R3 and the switch failed, R8 would be a suitable LFA, but that’s an optimistic outcome. Broadcast disjointedness, at least in this small network, protects against a switch node failure.

let N=R8

ineq1: dist(N,D) < dist(S,D) + dist(N,S)
       dist(R8,R7) < dist(R3,R7) + dist(R8,R3)
       21 < 16 + 10 --> TRUE, it is an LFA

ineq2: dist(N,D) < dist(S,D)
       dist(R8,R7) < dist(R3,R7)
       21 < 16 --> FALSE, it is not downstream

ineq3: dist(N,D) < dist(N,E) + dist(E,D)
       dist(R8,R7) < dist(R8,R2) + dist(R2,R7)
       21 < 15 + 6 --> FALSE, it is not node protecting

ineq4: dist(N,D) < dist(N,pn) + dist(pn,D)
       dist(R8,R7) < dist(R8,pn) + dist(pn,R7)
       21 < 15 + 6 --> FALSE, it is not broadcast disjoint

&ldquo;Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2&rdquo;

We won’t adjust any tie-breaks in this network because R1 is clearly the superior LFA choice. It is both lower cost and offers slightly better protection given its broadcast disjointedness. We can confirm these attributes by querying the OSPF RIB and examining the LFA flags.

R3#show ip ospf rib 10.0.0.7 255.255.255.255

*>  10.0.0.7/32, Intra, cost 16, area 0
     SPF Instance 83, age 00:30:09
     Flags: RIB, HiPrio
      via 10.0.234.2, GigabitEthernet3
       Flags: RIB
       LSA: 1/10.0.0.7/10.0.0.7
       Source: 10.0.0.7 (area 0)
      repair path via 10.1.3.1, GigabitEthernet1, cost 26
       Flags: RIB, Repair, IntfDj, BcastDj, CostWon
       LSA: 1/10.0.0.7/10.0.0.7
      repair path via 10.3.8.8, GigabitEthernet2, cost 31
       Flags: Ignore, Repair, IntfDj
       LSA: 1/10.0.0.7/10.0.0.7

We’ve spent a lot of time examining situations where LFAs exist. Any LFA is better than no LFA, after all. What happens when some destinations cannot be protected due to an inability to satisfy Inequality 1? R2 offers one such example. Given the current topology, R2 does not have an LFA to 10.0.0.4/32 despite having three potential backup paths. It’s useful to examine the “prefix-summary” coverage at a high level first. Notice that high priority prefixes only have 85% coverage. Since R2 learns seven remote loopbacks, we can assume that only one is unprotected since 6/7 is approximately 85%. Inspecting the OSPF RIB, we confirm that 10.0.0.4/32 is the prefix in question.

R2#show ip ospf fast-reroute prefix-summary

            OSPF Router with ID (10.0.0.2) (Process ID 1)
                    Base Topology (MTID 0)

Area 0:

Interface        Protected    Primary paths    Protected paths Percent protected
                             All  High   Low   All  High   Low    All High  Low
Lo0                    Yes     0     0     0     0     0     0     0%   0%   0%
Gi4                    Yes     1     1     0     1     1     0   100% 100%   0%
Gi1                    Yes     5     2     3     2     2     0    40% 100%   0%
Gi2                    Yes     2     1     1     1     1     0    50% 100%   0%
Gi3                    Yes     7     3     4     2     2     0    28%  66%   0%

Area total:                   15     7     8     6     6     0    40%  85%   0%

Process total:                15     7     8     6     6     0    40%  85%   0%


R2#show ip ospf rib 10.0.0.4 255.255.255.255

*>  10.0.0.4/32, Intra, cost 11, area 0
     SPF Instance 78, age 00:04:50
     Flags: RIB, HiPrio
      via 10.0.234.4, GigabitEthernet3
       Flags: RIB
       LSA: 1/10.0.0.4/10.0.0.4
       Source: 10.0.0.4 (area 0)

For practice, I’d recommend you stop reading here and manually evaluate Inequality 1 for each potential N value of R1, R6, and R7 from R2 (S) to 10.0.0.4/32 (D). Once you’re done, you can confirm it using some debugging. The ACL limits the output to 10.0.0.4/32 and we can trigger a recalculation to examine the result. For each potential N, R2 evaluates Inequality 1, and the output clearly indicates that none of these alternate paths satisfy the condition. Take some time to read the output as these terms should be very familiar by now. This is bad news!

# R2 configuration
ip access-list standard 4
 10 permit 10.0.0.4

R2#debug ip ospf fast-reroute rib 4
OSPF Loop-free FastReroute local RIB debugging is on for access list 4

R2#clear ip ospf force-spf

OSPF-1 FRRIB: Refreshing router 10.0.0.4 route: intra-area path, distance 20
OSPF-1 FRRIB: Add to LRIB repair path 10.0.0.4/255.255.255.255 via neighbor 10.0.0.6,
              area 0, type Intra, D(N,D)=21, ext2 metric 0
OSPF-1 FRRIB: Not an LFA; D(N,D)=21, D(N,S)=10, D(S,D)=11

OSPF-1 FRRIB: Refreshing router 10.0.0.4 route: intra-area path, distance 15
OSPF-1 FRRIB: Add to LRIB repair path 10.0.0.4/255.255.255.255 via neighbor 10.0.0.7,
              area 0, type Intra, D(N,D)=16, ext2 metric 0
OSPF-1 FRRIB: Not an LFA; D(N,D)=16, D(N,S)=5, D(S,D)=11

OSPF-1 FRRIB: Refreshing router 10.0.0.4 route: intra-area path, distance 20
OSPF-1 FRRIB: Add to LRIB repair path 10.0.0.4/255.255.255.255 via neighbor 10.0.0.1,
              area 0, type Intra, D(N,D)=21, ext2 metric 0
OSPF-1 FRRIB: Not an LFA; D(N,D)=21, D(N,S)=10, D(S,D)=11

OSPF-1 FRRIB: Refreshing router 10.0.0.4 route: intra-area path, distance 0
OSPF-1 FRRIB: Add to LRIB repair path 10.0.0.4/255.255.255.255 via neighbor 10.0.0.4,
              area 0, type Intra, D(N,D)=1, ext2 metric 0
OSPF-1 FRRIB: Finished processing LFA, added 0 repair paths

Suppose you don’t trust the debugging and show commands on R2. Head over to R1, R6, and R7 and ask them about their shortest path to reach R4. All of them route through R2, implying that none of these paths are loop-free. R2 cannot rely on any of its neighbors to reliably deliver traffic to R4 if the R2-switch link fails. Note that R1 load-shares towards 10.0.0.4/32 via R2 and R3, but this doesn’t matter; R1 cannot be considered loop free because there’s a 50% chance that traffic will loop back to R2.

R6#show ip route ospf | section 10.0.0.4/32
O        10.0.0.4/32 [110/21] via 10.2.6.2, 12:12:08, GigabitEthernet4

R7#show ip route ospf | section 10.0.0.4/32
O        10.0.0.4/32 [110/16] via 10.2.7.2, 12:12:38, GigabitEthernet1

R1#show ip route ospf | section 10.0.0.4/32
O        10.0.0.4/32 [110/21] via 10.1.3.3, 11:37:25, GigabitEthernet1
                     [110/21] via 10.1.2.2, 11:37:25, GigabitEthernet2

As a further proof, query R2’s FIB for some remote loopbacks. We know that 6 out of 7 loopbacks are LFA protected, so pick any other loopback in addition to 10.0.0.4/32. Choosing 10.0.0.1/32, we can see an LFA via R3 over the broadcast network that is installed as a repair path. However, for 10.0.0.4/32, no such repair path exists.

R2#show ip cef 10.0.0.4/32
10.0.0.4/32
  nexthop 10.0.234.4 GigabitEthernet3

R2#show ip cef 10.0.0.1/32
10.0.0.1/32
  nexthop 10.1.2.1 GigabitEthernet2
    repair: attached-nexthop 10.0.234.3 GigabitEthernet3

In summary, broadcast disjointedness offers an additional degree of protection by ensuring LFAs avoid the pseudo-node representing multi-access networks. It’s logically equivalent to node protection except applies to broadcast networks. Additionally, LFA is not a magic trick. Coverage is not guaranteed for all destinations just because you configured the command. The past three blogs have discussed “direct LFA” which derives its name from the selection of directly connected primary next-hops (E) and candidate next-hops (N). Perhaps we can achieve better LFA coverage by relaxing that rule.


In This Series:

  1. Introducing IP Loop Free Alternates (LFA) with OSPFv2
  2. Exploring Downstream and Node-protecting IP LFAs using OSPFv2
  3. Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2 (this article)
  4. Improving IP LFA Coverage using Remote LFA with MPLS and OSPFv2
  5. Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing

Reference Configurations:

# R1
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
ip access-list standard 6
 10 permit 10.0.0.6
!
!
!
end
# R2
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.2 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.2.6.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
ip access-list standard 4
 10 permit 10.0.0.4
!
!
end
# R3
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.3 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
end
# R4
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.4.5.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.4 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix tie-break primary-path index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break downstream index 25
 fast-reroute per-prefix tie-break lowest-metric index 30
 fast-reroute per-prefix tie-break linecard-disjoint index 40
 fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
ip ssh version 2
!
!
!
end
# R5
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.5 255.255.255.255
!
!
interface GigabitEthernet2
 ip address 10.4.5.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.5.7.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
ip ssh version 2
!
!
!
end
# R6
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
interface Loopback0
 ip address 10.0.0.6 255.255.255.255
!
!
interface GigabitEthernet4
 ip address 10.2.6.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end
# R7
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
interface Loopback0
 ip address 10.0.0.7 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
!
interface GigabitEthernet3
 ip address 10.5.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
end
# R8
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R8
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
interface Loopback0
 ip address 10.0.0.8 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end


Related tags:

it-ops   networking   cisco  
About the author

Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor’s of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Carla, and daughter, Olivia.

10-day free trial

Sign Up Now