When the main next hop fails, the OSPFv2 Loop-Free Alternate Fast Reroute feature uses an alternative next hop that has already been calculated to cut down on the time it takes to fix the problem. You can set up a per-prefix loop-free alternate (LFA) path that sends traffic to a neighbor other than the main neighbor. The choice to forward is made, and service is restored before other routers even know what went wrong. At the time this was written, it looked like it was only available in IOS XE.
Limits
Virtual link headend routers do not support the OSPFv2 Loop-Free Alternate Fast Reroute functionality.
Only instances of global VPN routing and forwarding (VRF) OSPF implement the Loop-Free Alternate Fast Reroute feature of OSPFv2.
A protected interface cannot be configured for a traffic engineering (TE) tunnel interface. To safeguard these tunnels, enroll in the MPLS Traffic Engineering-Fast Reroute Link and Node Protection function
Although TE tunnel interfaces can be configured in a repair path, OSPF will not check their location; it is your responsibility to make sure they do not cross the physical interfaces they are meant to protect.
There may not be a way to fix every route. Repair paths for all, some, or no primary paths may be present in multipath primary routes; this depends on the network architecture, the connectivity of the computing router, and the features required of repair paths.
Paths for LFA Repairs
The OSPFv2 Loop-Free Alternate Fast Reroute functionality is implemented to reroute traffic in the event that a link breaks, as seen in the image below. It is the responsibility of a protective router to precompute repair paths for each prefix and then install them in the global Routing Information Base (RIB). It is not necessary for other routers to recompute the network topology or even be aware that the network topology has changed because the protecting router will redirect live traffic from the primary path to the stored repair path in the event that the protected primary path fails.
When a main path fails, there are many other paths that could be fixed. The OSPFv2 Loop-Free Alternate Fast Reroute feature’s default selection policy gives the following characteristics the most weight:
- srlg
- primary-path
- interface-disjoint
- lowest-metric
- linecard-disjoint
- node-protecting
- broadcast-interface-disjoint
Implicit load balancing chooses the repair path if the evaluation doesn’t pick any candidate. This indicates that prefix has a role in the selection of repair paths.
You can use the show ip ospf fast-reroute command to show the configuration that is now active.
You can use the fast-reroute tie-break command setting up one or more of the repair-path attributes talked about in the next few parts to choose from the options
Shared Risk Link Groups
The term “shared risk link group” (SRLG) describes a cluster of potentially failing next-hop repair interfaces and protected primary pathways. Loop-Free Alternate Fast Reroute in OSPFv2 is only compatible with SRLGs that have been set up locally on the router doing the computing. SRLGs can be illustrated using a VLAN on a single physical interface. All VLAN interfaces will crash simultaneously in the event of a physical interface failure. One VLAN’s main path could end up being shielded from another VLAN’s main path due to the default repair-path attributes. To avoid having the primary path and LFA repair paths share the same SRLG ID, you can set this up using the srlg attribute. To link an SRLG to a specific interface, use the srlg command.
Interface Protection
When the primary gateway fails, point-to-point interfaces lack a backup next hop for rerouting traffic. To safeguard the interface, you might set the interface-disjoint property to prohibit the selection of such repair paths.
