Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing

Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing

This is the fifth and final blog in a series covering IP Loop Free Alternate (LFA) paths using OSPFv2. In the previous blog we expanded LFA coverage in the network using remote LFA (rLFA) via MPLS LDP.

Author: Nicholas Russo


This is the fifth and final blog in a series covering IP Loop Free Alternate (LFA) paths using OSPFv2. In the previous blog, we expanded LFA coverage in the network using remote LFA (rLFA) via MPLS LDP. Be sure to read that blog and the direct LFA blogs before it so you understand the core LFA concepts before continuing. We left off by modifying some link costs in the topology to ensure R5 and R8 were excluded from the Q space. Remote LFA (rLFA) could not find any PQ nodes and therefore was unable to build an LFA from R2 (S) to 10.0.0.4/32 (D). The topology is depicted below, which is largely unchanged, with the exception of the newly updated R4-R8 and R4-R5 link costs.

“Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing”

With these costs in place, R5 and R8 both route through the protected link (S-E) between R2 (S) and R4 (E). Let’s begin by removing the rLFA configuration on R2 because it clearly isn’t helping us anymore. We’ll also remove our LDP configuration network-wide, effectively disabling MPLS.

# R2 configuration
router ospf 1
 no fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp

# All routers
no mpls ldp router-id Loopback0 force
router ospf 1
 no mpls ldp autoconfig area 0

Topology-independent LFA (TI-LFA) is somewhat self-explanatory; it guarantees 100% LFA coverage because it overcomes all topological limitations. While the concepts of P and Q space still exist in TI-LFA, they are expanded thanks to additional layers of MPLS encapsulation combined with more granular MPLS forwarding options. This is achieved using Segment Routing (SR).

Every man and his dog have written about SR over the past few years, so this blog provides only a high-level overview. SR integrates label distribution with IGPs, such as OSPF and IS-IS, instead of using protocol-independent techniques such as LDP or RSVP. Every prefix and every unidirectional link in the network are assigned an MPLS label by way of a segment identifier (SID). Because every router knows all the SIDs of the entire topology, highly customized and fully stateless LSPs can be established along any arbitrary LSP.

SIDs assigned to prefixes are (unsurprisingly) called prefix SIDs and are allocated from the SR global block (SRGB). This block is often defaulted to the same range on all devices and is set to 16000 to 23999 on Cisco IOS-XE. Each prefix is assigned a value from this range, and for simplicity, the label value will be equal to the router number. 10.0.0.1/32 on R1 will use 16001, 10.0.0.2/32 on R2 will use 16002, etc. SIDs assigned to IGP neighbors across specific interfaces are called adjacency SIDs and are allocated from the existing dynamic MPLS label range. Examples include R1 using 1000 to 1999, R2 using 2000 to 2999, etc. Last, be sure to enable SR for MPLS under OSPF and for area 0 specifically.

# All routers
segment-routing mpls
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.1/32 index 1 range 1  ! different prefix/index per node

router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls

Before continuing, it’s smart to check the SID database to ensure all 8 router loopbacks are mapped to SIDs with the proper index value. To see the actual label values, check the LFIB. On R1, there won’t be an entry for its local prefix SID label of 16001, but all the others are present. Note that the local and outgoing labels are the same (PHP notwithstanding); this is because the SRGB is the same on every router, so prefix SID labels appear to have global persistence. This is illusory but it does simplify troubleshooting and operations.

R1#show ip ospf segment-routing sid-database

            OSPF Router with ID (10.0.0.1) (Process ID 1)

OSPF Segment Routing SIDs

Codes: L - local, N - label not programmed,
       M - mapping-server

SID             Prefix              Adv-Rtr-Id       Area-Id  Type      Algo
--------------  ------------------  ---------------  -------  --------  ----
1       (L)     10.0.0.1/32         10.0.0.1         0        Intra     0
2               10.0.0.2/32         10.0.0.2         0        Intra     0
3               10.0.0.3/32         10.0.0.3         0        Intra     0
4               10.0.0.4/32         10.0.0.4         0        Intra     0
5               10.0.0.5/32         10.0.0.5         0        Intra     0
6               10.0.0.6/32         10.0.0.6         0        Intra     0
7               10.0.0.7/32         10.0.0.7         0        Intra     0
8               10.0.0.8/32         10.0.0.8         0        Intra     0

R1#show mpls forwarding-table labels 16000 - 16008
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16002      Pop Label  10.0.0.2/32      0             Gi2        10.1.2.2
16003      Pop Label  10.0.0.3/32      0             Gi1        10.1.3.3
16004      16004      10.0.0.4/32      0             Gi2        10.1.2.2
           16004      10.0.0.4/32      0             Gi1        10.1.3.3
16005      16005      10.0.0.5/32      0             Gi2        10.1.2.2
16006      16006      10.0.0.6/32      0             Gi2        10.1.2.2
16007      16007      10.0.0.7/32      0             Gi2        10.1.2.2
16008      16008      10.0.0.8/32      0             Gi1        10.1.3.3

Let’s get back to TI-LFA. As a quick reminder, R2 (S) does not have an LFA to 10.0.0.4/32 (D). This is easily confirmed by examining the OSPF RIB. Even without TI-LFA enabled, notice the new SR-specific output. The “SID” is 4, which represents the SID-mapped index on R4 for this prefix. The N-flag is set, which makes this a node SID. Node SIDs are subsets of prefix SIDs that represent nodes themselves, not just attached networks. It’s not a critical distinction at present.

R2#show ip ospf rib 10.0.0.4 255.255.255.255

*>  10.0.0.4/32, Intra, cost 11, area 0
     SPF Instance 107, age 00:03:31
      contributing LSA: 10/7.0.0.0/10.0.0.4 (area 0)
     SID: 4, Properties: Sid, LblRegd, SidIndex, N-Flag, ProtAdj
     Flags: RIB, HiPrio
      via 10.0.234.4, GigabitEthernet3
       Flags: RIB, ProtAdj
       LSA: 1/10.0.0.4/10.0.0.4
       Source: 10.0.0.4 (area 0)

Like rLFA, enabling TI-LFA is simple. Specify the OSPF area of interest and you’re done. There isn’t an option for encapsulation type since clearly MPLS is the only choice. Checking R2’s LFA coverage, we have now achieved 100% LFA coverage.

# R2 configuration
router ospf 1
 fast-reroute per-prefix ti-lfa area 0


R2#show ip ospf fast-reroute prefix-summary

            OSPF Router with ID (10.0.0.2) (Process ID 1)
                    Base Topology (MTID 0)

Area 0:

Interface        Protected    Primary paths    Protected paths Percent protected
                             All  High   Low   All  High   Low    All High  Low
Lo0                    Yes     0     0     0     0     0     0     0%   0%   0%
Gi4                    Yes     1     1     0     1     1     0   100% 100%   0%
Gi1                    Yes     5     2     3     2     2     0    40% 100%   0%
Gi2                    Yes     2     1     1     1     1     0    50% 100%   0%
Gi3                    Yes     7     3     4     3     3     0    42% 100%   0%

Area total:                   15     7     8     7     7     0    46% 100%   0%

Process total:                15     7     8     7     7     0    46% 100%   0%

Let’s enable both SPF and RIB debugging on R2 (S) towards 10.0.0.4/32 (D) using an ACL. The output is extremely cryptic, but notice that “10.0.0.4 is in-q-space”. R4 (E) is technically in the Q space despite being connected to D, but it not in the P space as R2 (S) uses the R2-R4 link (S-E) to reach it. Also, notice that “ntpath 10.2.7.7 Gi1” and “via 10.0.0.4 MP4” which indicates a next-hop of R7 using Tunnel4 to R4. That looks good on the surface, but R7’s shortest path to R4 is via R2 due to the link cost adjustments. Won’t this cause a loop?

# R2 configuration
ip access-list standard 4
 10 permit 10.0.0.4

R2#debug ip ospf fast-reroute ti-lfa spf detail 4
OSPF TI-LFA Loop-free FastReroute SPF computation debugging is on for access list 4 with detail

R2#debug ip ospf fast-reroute ti-lfa rib 4
OSPF TI-LFA Loop-free FastReroute local RIB debugging is on for access list 4

R2#clear ip ospf force-spf

OSPF-1 TIRIB: tilfa lrib add repair paths: LP analyzing route 10.0.0.4/32 type Intra, src area 0, dist 31, pgw 10.0.0.4 via 10.0.234.4 Gi3
OSPF-1 TIRIB: tilfa link all tuninfo: ntnode 10.0.0.4 via 10.0.234.4 Gi3, area 0, lsa 1/10.0.0.4/10.0.0.4
OSPF-1 TISPF:   tilfa ntnode get first path: ctx NP+SP ntnode 10.0.0.4 LP path via 10.2.7.7 Gi1
OSPF-1 TISPF: tilfa add to rls tree: (refresh) node 10.0.0.4 via 10.2.7.7 Gi1
OSPF-1 TISPF:   tilfa link tuninfo: ntpath 10.0.0.4 via 10.2.7.7 Gi1, area 0, current: rls 0.0.0.0, new: rls 10.0.0.4, tunnel MP4, refcount 0
OSPF-1 TIRIB: tilfa find fh: LP ntnode 10.0.0.4 via 10.0.234.4 Gi3, area 0, pfx 10.0.0.4/32, type Intra, pgw 10.0.0.4 via 10.0.234.4 Gi3
OSPF-1 TIRIB:   tilfa loop free check: succeeds 10.0.0.4/32, ntnode 10.0.0.4, ntpath 10.2.7.7 Gi1, rls-pt 10.0.0.4 is in-q-space
OSPF-1 TIRIB:   tilfa lrib add repair paths: 10.0.0.4/32 adding path via 10.0.0.4 MP4 dist 31 for primary path via 10.0.234.4 Gi3
OSPF-1 TIRIB:   tilfa lrib add repair paths: skip stale/sham/etc path, 10.0.0.4/32 route_type Intra RTP Flags Repair, Strict, PostConvrg, IntfDj
OSPF-1 TIRIB:   tilfa lrib add repair paths: added 1 rtp paths

Enter MPLS. Checking the currently computed TI-LFA tunnels, we see Tunnel4. R2 will send traffic towards 10.2.7.7, which is R7, to terminate a tunnel on R4, a node in the Q space. The OSPF RIB has a new LFA via Tunnel4 for 10.0.0.4/32 (D) as a result. As a final confirmation, we see that R2’s IP FIB is pushing label 7003 along the LFA path to R7, suggesting that TI-LFA is working correctly.

R2#show ip ospf fast-reroute ti-lfa tunnels

Tunnel                Interface         Next Hop         Mid/End Point    Label
-------------------------------------------------------------------------------
MPLS-SR-Tunnel4       Gi1               10.2.7.7         10.0.0.4         7003


R2#show ip ospf rib 10.0.0.4 255.255.255.255

*>  10.0.0.4/32, Intra, cost 11, area 0
     SPF Instance 111, age 00:12:22
      contributing LSA: 10/7.0.0.0/10.0.0.4 (area 0)
     SID: 4, Properties: Sid, LblRegd, SidIndex, N-Flag, ProtAdj
     Flags: RIB, HiPrio
      via 10.0.234.4, GigabitEthernet3
       Flags: RIB, ProtAdj
       LSA: 1/10.0.0.4/10.0.0.4
       Source: 10.0.0.4 (area 0)
      PostConvrg repair path via 10.0.0.4, MPLS-SR-Tunnel4, cost 31, Lbl cnt 1
       Flags: RIB, ProtAdj, Repair, Strict, PostConvrg, IntfDj
       LSA: 1/10.0.0.4/10.0.0.4

R2#show ip cef 10.0.0.4/32 internal | begin output chain
  output chain:
    label [implicit-null|implicit-null]-(local:16004)
    FRR Primary (0x80007F2812F3E0D0)
      <primary: IP adj out of GigabitEthernet3, addr 10.0.234.4 7F287E9DEB08>
      <repair:  IP midchain out of MPLS-SR-Tunnel4 7F287900C188
                label 7003
                TAG adj out of GigabitEthernet1, addr 10.2.7.7 7F287900D308>

Next, let’s explore the origins of label 7003, because this MPLS technique is very different than the IP-bound LDP mechanism used in rLFA. I haven’t found a great command to reveal remotely learned adjacency SIDs (let me know if you find one), so let’s query the OSPF LSDB for all extended-link LSAs originated by R7. The output is extensive, so I’ve manually omitted irrelevant LFAs. This LSA represents the unidirectional link from R7 to R4. There are technically two adjacency SIDs here; the B-bit SID is protected and the other is unprotected. The word “protected” means that consumption of a given SID (via the MPLS label) will ensure link protection. TI-LFA selected the unprotected SID via label 7003 because TI-LFA itself is the mechanism providing the protection. Said another way, the R2-R4 broadcast network (S-E) is being protected by this LFA, not the R7-R4 link.

R2#show ip ospf database opaque-area type ext-link adv-router 10.0.0.7

  LS age: 1020
  Options: (No TOS-capability, DC)
  LS Type: Opaque Area Link
  Link State ID: 8.0.0.10
  Opaque Type: 8 (Extended Link)
  Opaque ID: 10
  Advertising Router: 10.0.0.7
  LS Seq Number: 80000002
  Checksum: 0x470
  Length: 104

    TLV Type: Extended Link
    Length: 80
    Link connected to : another Router (point-to-point)
    (Link ID) Neighboring Router ID: 10.0.0.4
    (Link Data) Interface IP address: 10.4.7.7

      Sub-TLV Type: Adj SID
      Length : 7
        Flags  : L-Bit, V-bit
        MTID   : 0
        Weight : 0
        Label  : 7003

      Sub-TLV Type: Adj SID
      Length : 7
        Flags  : L-Bit, V-bit, B-bit
        MTID   : 0
        Weight : 0
        Label  : 7007

      Sub-TLV Type: Remote Intf Addr
        Remote Interface Address   : 10.4.7.4

      Sub-TLV Type: Local / Remote Intf ID
        Local Interface ID   : 10
        Remote Interface ID   : 10

Heading to R7, we can see a summarized view of this local adjacency SIDs. The “DU” and “DP” flags are self-explanatory given the legend and reinforce the previous paragraph’s explanation. Remember, TI-LFA has selected label 7003 via the unprotected adjacency SID for this LFA.

R7#show ip ospf segment-routing adjacency-sid 10.0.0.4

            OSPF Router with ID (10.0.0.7) (Process ID 1)
    Flags: S - Static, D - Dynamic,  P - Protected, U - Unprotected, G - Group

Adj-Sid  Neighbor ID  Interface  Neighbor   Flags   Backup Nexthop  Backup Intf
-------- ------------ ---------- ---------- ------- --------------- -----------
7003     10.0.0.4     Gi4        10.4.7.4   D U
7007     10.0.0.4     Gi4        10.4.7.4   D P     10.2.7.2        Gi1

Why wasn’t this possible with rLFA? After all, both the rLFA and TI-LFA tunnels pushed a single label from R7. The answer is the adjacency SID. This allows a router to select a specific egress link (via an IGP adjacency known to SR, hence the SID name) rather than relying on the IP routing table to reach a prefix. With rLFA, the label imposed by R2 was R7’s local label for R5’s loopback prefix; it was not mapped to a specific egress interface. There is no mechanism to compel R7 to use its high cost link to R4 in a classic LDP-based MPLS design. Even with SR, if R2 tried to use the prefix SID label for 10.0.0.4/32 (which is 16004), R7 would loop traffic back to R2. The two LFIB entries below prove both points. Label 7003 directs R7 to send traffic to R4 while performing PHP, which would reveal the underlying IP packet (or perhaps the next label in the stack).

R7#show mpls forwarding-table labels 7003
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
7003       Pop Label  10.4.7.4-A       0             Gi4        10.4.7.4

R7#show mpls forwarding-table 10.0.0.4 32
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16004      16004      10.0.0.4/32      0             Gi1        10.2.7.2

&ldquo;Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing&rdquo;

Let’s work through another example that showcases the true power of SR and TI-LFA. We’ll look for an LFA between R3 (S) and 10.0.0.4/32 (D) behind R4 (E). Currently, no direct LFA exists. Let’s enable TI-LFA on R3 to rectify that.

R3#show ip ospf rib 10.0.0.4 255.255.255.255

*>  10.0.0.4/32, Intra, cost 11, area 0
     SPF Instance 112, age 00:42:47
      contributing LSA: 10/7.0.0.0/10.0.0.4 (area 0)
     SID: 4, Properties: Sid, LblRegd, SidIndex, N-Flag, ProtAdj
     Flags: RIB, HiPrio
      via 10.0.234.4, GigabitEthernet3
       Flags: RIB, ProtAdj
       LSA: 1/10.0.0.4/10.0.0.4
       Source: 10.0.0.4 (area 0)

# R3 configuration
router ospf 1
 fast-reroute per-prefix ti-lfa area 0

First, begin by checking the TI-LFA tunnel entries. Tunnel1 routes through 10.0.234.4 on R4 and terminates on R8. This protects the R3-R8 link when reaching 10.0.0.8/32, which we don’t care about at present. Tunnel2 routes through 10.0.234.2 on R2, stops at R7 as a midpoint, then terminates on R4. That seems like an awfully long backup path when routing through R8 appears shorter to the naked eye, right? Additionally, why do we see 2 label values? Why is the label count suddenly 2 in the OSPF RIB?

R3#show ip ospf fast-reroute ti-lfa tunnels

Tunnel                Interface         Next Hop         Mid/End Point    Label
-------------------------------------------------------------------------------
MPLS-SR-Tunnel2       Gi3               10.0.234.2       10.0.0.7         16007
                                                         10.0.0.4         7003
MPLS-SR-Tunnel1       Gi3               10.0.234.4       10.0.0.8         4002

R3#show ip ospf rib 10.0.0.4 255.255.255.255

*>  10.0.0.4/32, Intra, cost 11, area 0
     SPF Instance 111, age 00:39:36
      contributing LSA: 10/7.0.0.0/10.0.0.4 (area 0)
     SID: 4, Properties: Sid, LblRegd, SidIndex, N-Flag, ProtAdj
     Flags: RIB, HiPrio
      via 10.0.234.4, GigabitEthernet3, label 3
       Flags: RIB, ProtAdj
       LSA: 1/10.0.0.4/10.0.0.4
       Source: 10.0.0.4 (area 0)
      PostConvrg repair path via 10.0.0.4, MPLS-SR-Tunnel2 cost 41, Lbl cnt 2
       Flags: RIB, ProtAdj, Repair, PostConvrg
       LSA: 1/10.0.0.4/10.0.0.4

An important caveat about TI-LFA is that it always takes the shortest path in the network. Engineers cannot customize the tie-break process as with direct LFA. The R3-R8-R4 cost is 46 while the R3-R2-R7-R4 cost is 41 as indicated in the OSPF RIB output above. This weak LFA is not even interface disjoint as it traverses the R3-switch link to reach R2 via the broadcast network. It only protects against a failure of the R4-switch link. R8 would have offered interface disjointedness but the cost is too high! Let’s examine how TI-LFA carefully weaves its way through this complex LSP. On R3, the IP FIB pushes 7003 first and 16007 second; the latter is the topmost label.

R3#show ip cef 10.0.0.4/32 internal | begin output chain
  output chain:
    label [implicit-null|implicit-null]-(local:16004)
    FRR Primary (0x80007FD4C272CA18)
      <primary: IP adj out of GigabitEthernet3, addr 10.0.234.4 7FD4564E9F60>
      <repair:  IP midchain out of MPLS-SR-Tunnel2 7FD4572E44C8
                label 7003
                label 16007
                TAG adj out of GigabitEthernet3, addr 10.0.234.2 7FD4572E51E8>

Label 16007 is R2’s local label for 10.0.0.7/32, R7’s loopback prefix, corresponding to the prefix SID. R2 consults its LFIB and since R7 is one-hop away, R2 performs PHP, exposing the next label in the stack (7003) to R7. Upon receipt, R7 consults its LFIB for label 7003, performs PHP because R4 is one-hop away, then sends the raw IP packet towards R4. Label 7003 represents the unprotected adjacency SID we saw earlier and is not bound to an IP prefix, but to an individual IGP adjacency reachable over a specific egress link. Remember, LDP is incapable of this, which is why SR-based TI-LFA is so powerful.

R2#show mpls forwarding-table labels 16007
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16007      Pop Label  10.0.0.7/32      0             Gi1        10.2.7.7


R7#show mpls forwarding-table labels 7003 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
7003       Pop Label  10.0.0.4-Gi4-10.4.7.4-1-0   \
                                       0             Gi4        10.4.7.4
        MAC/Encaps=14/14, MRU=1504, Label Stack{}
        005056BBBA8D005056BB77308847
        No output feature configured

&ldquo;Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing&rdquo;

In summary, consider using TI-LFA when you need 100% coverage in an SR-enabled MPLS network. It’s easy and automatic but doesn’t provide much customization; as with all things in technology, there are important trade-offs to consider. Classic RSVP-TE and modern SR-TE mechanisms could provide customized backups using TE-FRR, which is worthy of its own blog series. Above all else, be sure to experiment with direct, remote, and topology-independent LFA in your own lab to make the right decisions for your network.


In This Series:

  1. Introducing IP Loop Free Alternates (LFA) with OSPFv2
  2. Exploring Downstream and Node-protecting IP LFAs using OSPFv2
  3. Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2
  4. Improving IP LFA Coverage using Remote LFA with MPLS and OSPFv2
  5. Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing (this article)

Reference Configurations:

# R1
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
mpls label range 1000 1999
!
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.1/32 index 1 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end
# R2
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
mpls label range 2000 2999
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.2 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.2.6.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.2/32 index 2 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix ti-lfa area 0
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
ip ssh version 2
!
!
ip access-list standard 4
 10 permit 10.0.0.4
!
!
end
# R3
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
mpls label range 3000 3999
!
!
!
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.3 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.3/32 index 3 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix ti-lfa area 0
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
end
# R4
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
mpls label range 4000 4999
!
!
!
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 35
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.4.5.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 35
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.4 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.4/32 index 4 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix tie-break primary-path index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break downstream index 25
 fast-reroute per-prefix tie-break lowest-metric index 30
 fast-reroute per-prefix tie-break linecard-disjoint index 40
 fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end
# R5
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
!
mpls label range 5000 5999
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.5 255.255.255.255
!
!
interface GigabitEthernet2
 ip address 10.4.5.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 35
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.5.7.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.5/32 index 5 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
end
# R6
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
mpls label range 6000 6999
!
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.6 255.255.255.255
!
!
interface GigabitEthernet4
 ip address 10.2.6.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.6/32 index 6 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
end
# R7
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
mpls label range 7000 7999
!
!
!
!
interface Loopback0
 ip address 10.0.0.7 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
!
interface GigabitEthernet3
 ip address 10.5.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.7/32 index 7 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
!
end
# R8
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R8
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
mpls label range 8000 8999
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.8 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 35
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.8/32 index 8 range 1
  exit-address-family
 !
!
router ospf 1
 segment-routing area 0 mpls
 segment-routing mpls
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
!
!
end


Related tags:

it-ops   networking   cisco  
About the author

Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor’s of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Carla, and daughter, Olivia.

10-day free trial

Sign Up Now