IOS XE 15.5
IOS XR 5.3
The topology for this demo:
In this post we will look at MPLS Session protection. The name of this feature is a direct coorelation to what it does. It protects the session between 2 peers from going down when a link failure occurs. This feature leverages a technique known as Targeted LDP or tLDP. This technique is used to form a non-directly connected multi-hop connection between 2 LSRs. By default the session is held up for 86400 seconds or 1 day. This can be modified to some other value. Before we begin, let's look at the output of a link failure when the LIB is flushed.
R3#debug mpls ldp bindings
%LDP-5-NBRCHG: LDP Neighbor 192.168.1.4:0 (1) is DOWN (Interface not operational)
lcon: tibent(10.1.11.0/24): label 16 from 192.168.1.4:0 removed
LIB: 10.1.11.0/24: LIB entry added to remote label programming list
lcon: tibent(10.1.12.0/24): label 17 from 192.168.1.4:0 removed
LIB: 10.1.12.0/24: LIB entry added to remote label programming list
lcon: tibent(10.1.15.0/24): label 18 from 192.168.1.4:0 removed
Basically when this happens, there is no longer a IP prefix to label binding when the LIB is flushed and MPLS Forwarding will be down. There is a way to fix this when you have 2 or more paths in the MPLS core to get info from here to there.
Session protection helps with that. Supported on IOS and XR, let's take a look at the configuration
All IOS
mpls ldp session protection
All XR
mpls ldp
session protection
Now we get to verify it:
R3#sh mpls ldp discovery detail | b Targeted
Targeted Hellos:
Targeted Hellos:
192.168.1.3 -> 192.168.1.14 (ldp): active/passive, xmit/recv
Enabled by: LDP SP,
Hello interval: 10000 ms; Transport IP addr: 192.168.1.3
LDP Id: 192.168.1.14:0
Src IP addr: 192.168.1.14; Transport IP addr: 192.168.1.14
Hold time: 90 sec; Proposed local/peer: 90/90 sec
Reachable via 192.168.1.14/32
Password: required, neighbor, in use
192.168.1.3 -> 192.168.1.4 (ldp): active/passive, xmit/recv
Enabled by: LDP SP,
Hello interval: 10000 ms; Transport IP addr: 192.168.1.3
LDP Id: 192.168.1.4:0
Src IP addr: 192.168.1.4; Transport IP addr: 192.168.1.4
Hold time: 90 sec; Proposed local/peer: 90/90 sec
Reachable via 192.168.1.4/32
Password: required, fallback, in use
R3#sh mpls ldp bindings neighbor 192.168.1.4
lib entry: 10.1.11.0/24, rev 127
remote binding: lsr: 192.168.1.4:0, label: 16
lib entry: 10.1.12.0/24, rev 128
remote binding: lsr: 192.168.1.4:0, label: 17
lib entry: 10.1.15.0/24, rev 129
remote binding: lsr: 192.168.1.4:0, label: 18
Now let's take down the G1.34 connection
R3#debug mpls ldp session protection
LDP SP: 192.168.1.4:0: last primary adj lost; starting session protection holdup timer
LDP SP: 192.168.1.4:0: LDP session protection holdup timer started, 86400 seconds
LDP SP: 192.168.1.4:0: state change (Ready -> Protecting)
%LDP-5-SP: 192.168.1.4:0: session hold up initiated
Now we have to make sure that the peering to R4 is still reachable from R3.
R3(config-subif)#do sh mpls ldp bind nei 192.168.1.4
lib entry: 10.1.11.0/24, rev 127
remote binding: lsr: 192.168.1.4:0, label: 16
lib entry: 10.1.12.0/24, rev 128
remote binding: lsr: 192.168.1.4:0, label: 17
lib entry: 10.1.15.0/24, rev 129
remote binding: lsr: 192.168.1.4:0, label: 18
R3(config-subif)#do sh mpls ldp nei 192.168.1.4
Peer LDP Ident: 192.168.1.4:0; Local LDP Ident 192.168.1.3:0
TCP connection: 192.168.1.4.51573 - 192.168.1.3.646
State: Oper; Msgs sent/rcvd: 38/36; Downstream
Up time: 00:03:14
LDP discovery sources:
Targeted Hello 192.168.1.3 -> 192.168.1.4, active, passive
Addresses bound to peer LDP Ident:
10.4.5.4 10.15.4.4 192.168.1.4 10.3.4.4
We can verify that session protection is working.
R3#show mpls ldp neighbor 192.168.1.4 detail | b Session
LDP Session Protection enabled, state: Protecting
duration: 86400 seconds
holdup time remaining: 86355 seconds
A Trace to R4 from R3s loopback prooves we are up and running.
R3#traceroute 192.168.1.4 source lo0 num
Type escape sequence to abort.
Tracing the route to 192.168.1.4
VRF info: (vrf in name/id, vrf out name/id)
1 10.14.3.14 [MPLS: Label 24003 Exp 0] 4 msec 3 msec 3 msec
2 10.14.15.15 [MPLS: Label 24003 Exp 0] 3 msec 3 msec 3 msec
3 10.15.4.4 42 msec * 6 msec
We can also manipulate how long that SP will maintain the peering. This by default is 86400 seconds or 1 day, let's bring that down to 10 minutes.
IOS
mpls ldp session protection duration 600
XR
mpls ldp
session protection duration 600
LDP SP: 192.168.1.4:0: adjusting session protection holdup timer (cfg changed: 86400 -> 600 secs)
LDP SP: 192.168.1.4:0: LDP session protection holdup timer started, 348 seconds
Lets verify the configuration.
R3#show mpls ldp neighbor 192.168.1.4 detail | b Session
LDP Session Protection enabled, state: Protecting
duration: 600 seconds
holdup time remaining: 213 seconds
The timer expires.
LDP SP: 192.168.1.4:0: LDP session protection holdup timer expired
LDP SP: 192.168.1.4:0: disabling session protection: holdup timer expired
LDP SP: 192.168.1.4:0: state change (Protecting -> None)
%LDP-5-SP: 192.168.1.4:0: session recovery failed
%LDP-5-NBRCHG: LDP Neighbor 192.168.1.4:0 (1) is DOWN (Session Protection disabled targeted session)
Let's verify that the label bindings from R4 and the neighbor peering are both down due the timer expiring.
NO outputs from either.
R3#sh mpls ldp neighbor 192.168.1.4
R3#sh mpls ldp bindings neighbor 192.168.1.4
R3#
Let's take a look at what it looks like when we get particular about who we form SP with. We already have an ACL from a previous post with Authentication, we'll use the R4_PERMIT ACL again.
R3(config)#mpls ldp session protection for R4_PERMIT
Let's also bring back up the R3 to R4 link.
LDP SP: 192.168.1.4:0: enabling session protection: session UP
LDP SP: 192.168.1.4:0: state change (None -> Incomplete)
%LDP-5-NBRCHG: LDP Neighbor 192.168.1.4:0 (1) is UP
LDP SP: 192.168.1.4:0: state change (Incomplete -> Ready)
The ACL should see hit's now.
R3#sh ip access-lists
Standard IP access list R4_PERMIT
10 permit 192.168.1.4 (32 matches)
Let's verify the configuration.
R3#show mpls ldp neighbor 192.168.1.4 detail | b Session
LDP Session Protection enabled, state: Ready
acl: R4_PERMIT, duration: 86400 seconds
The timer is reset to 86400 since we didn't specify a duration. Let's change that to what we had it configured to.
R3(config)#mpls ldp session protection for R4_PERMIT duration 600
R3#show mpls ldp neighbor 192.168.1.4 detail | b Session
LDP Session Protection enabled, state: Ready
acl: R4_PERMIT, duration: 600 seconds
Just remember that SP needs to be enabled on all routers that you want to form an SP peering with later on for protection.
OH! You thought we were done, not quite, SP is a single command to get something running, dynamically that is. However, what if we "can't" use this capability but still have to get the function to work? Well there is a solution for that too, yeah I have you covered there too ;)
We can configure a simple targeted LDP session between 2 different routers and not have to use the SP command. You've seen it configured mainly on IOS so far, XR is function correctly as well, but we want to configure this manual was between IOS and XR. I will disable SP on IOS for R3 to keep it fair.
IOS
mpls ldp neighbor 192.168.1.14 targeted ldp
XR
mpls ldp
address-family ipv4
neighbor 192.168.1.3 targeted
Let's verify it now.
XR
RP/0/0/CPU0:XR4#show mpls ldp discovery detail
Targeted Hellos:
192.168.1.14 -> 192.168.1.3 (active), xmit/recv
Hello interval: 10 sec (due in 1.4 sec)
Quick-start: Enabled
LDP Id: 192.168.1.3:0
Hold time: 90 sec (local:90 sec, peer:90 sec)
(expiring in 89.7 sec)
IOS
R3#sh mpls ldp discovery detail
Targeted Hellos:
192.168.1.3 -> 192.168.1.14 (ldp): active/passive, xmit/recv
Enabled by: LDP Config,
Hello interval: 10000 ms; Transport IP addr: 192.168.1.3
LDP Id: 192.168.1.14:0
Src IP addr: 192.168.1.14; Transport IP addr: 192.168.1.14
Hold time: 90 sec; Proposed local/peer: 90/90 sec
Reachable via 192.168.1.14/32
Password: required, neighbor, in use
Let's see if XR4 is advertising labels to us.
R3#show mpls ldp bindings neighbor 192.168.1.14
lib entry: 10.1.11.0/24, rev 127
remote binding: lsr: 192.168.1.14:0, label: 24019
lib entry: 10.1.12.0/24, rev 128
remote binding: lsr: 192.168.1.14:0, label: 24023
lib entry: 10.1.15.0/24, rev 129
remote binding: lsr: 192.168.1.14:0, label: 24008
Let's shutdown the link between R3 and XR4 to make sure this works as expected.
R3#show mpls ldp bindings neighbor
lib entry: 10.1.11.0/24, rev 127
remote binding: lsr: 192.168.1.14:0, label: 24019
lib entry: 10.1.12.0/24, rev 128
remote binding: lsr: 192.168.1.14:0, label: 24023
lib entry: 10.1.15.0/24, rev 129
remote binding: lsr: 192.168.1.14:0, label: 24008
Since we aren't using SP right now, we won't get those fancy show commands to tell us it's working. But we can tell it's setup by LDP.
R3#show mpls ldp discovery detail | b Targeted
Targeted Hellos:
192.168.1.3 -> 192.168.1.14 (ldp): active/passive, xmit/recv
Enabled by: LDP Config,
Hello interval: 10000 ms; Transport IP addr: 192.168.1.3
LDP Id: 192.168.1.14:0
Src IP addr: 192.168.1.14; Transport IP addr: 192.168.1.14
Hold time: 90 sec; Proposed local/peer: 90/90 sec
Reachable via 192.168.1.14/32
Password: required, neighbor, in use
As you can see above, we also have timers that can be manipulated.
R3#show mpls ldp parameters | in time
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Let's modify that to another value.
mpls ldp discovery targeted-hello interval 5
mpls ldp discovery targeted-hello holdtime 40
Let's verify that now too.
R3#show mpls ldp parameters | in time
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 40 sec; interval: 5 sec
That's about it for SP for now.
Thanks for stopping by!
Rob Riker, CCIE #50693
No comments:
Post a Comment