When a route next-hop policy template is applied to an interface, the LFA backup selection algorithm is extended to also apply to IPv4/IPv6 SR-ISIS, and IPv4 SR-OSPF node-SID tunnels in which a primary next hop is reachable using that interface. The extension applies to base LFA, Remote LFA (RLFA), and Topology-Independent LFA (TI-LFA).
The following general rules apply across all LFA methods.
The LFA policy constraints admin-group (include-group and exclude-group) and SRLG (srlg-enable) are only checked against the outgoing interface used by the LFA/RLFA/TI-LFA backup path.
The LFA policy parameter protection-type {link | node}, which controls the preference among link and node protection backup types, applies to all LFA methods.
Base LFA automatically computes both protection types but prefers, on a prefix basis, link-protect over node-protect backup next hop by default.
By default, RLFA and TI-LFA only perform link-protect backup path computation unless the optional command node-protect is enabled, in which case, the preference is reversed.
For all three LFA methods, when the LFA policy enables a preference for link-protect or node-protect, the backup path is selected from the computed paths based on the configuration for the individual LFA method protection preference and the outcome (node-protect or link-protect) of the actual computation within each method. Note, however, that on a per-destination prefix basis, the post-convergence constraint of TI-LFA is selected over the LFA protection type in all cases. The selection rule uses the TI-LFA backup (if one exists), even if it is of a less-preferred protection type than the one backup path computed by base LFA and RLFA.
For example, assume that an LFA policy with protection-type=node is applied to an ISIS interface and the node-protect command is enabled in both RLFA and TI-LFA contexts in this ISIS instance. If TI-LFA found a link-protect backup path for the destination prefix of a SR-ISIS tunnel, it is always selected over the base LFA node-protect and RLFA node-protect backup paths.
The outcomes of LFA policy selections for specified destination prefixes of SR tunnels are summarized in Table 1 and Table 2.
|
LFA Policy protection-type=node |
|||||||||
|---|---|---|---|---|---|---|---|---|---|
|
Base LFA (LFA) Outcome |
|||||||||
|
none |
link-protect |
node-protect |
|||||||
|
TI-LFA Outcome |
TI-LFA Outcome |
TI-LFA Outcome |
|||||||
|
none |
link-protect |
node-protect |
none |
link-protect |
node-protect |
none |
link-protect |
node-protect |
|
|
RLFA Outcome |
|||||||||
|
— |
— |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
|
link-protect |
RLFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
|
node-protect |
RLFA |
TI-LFA |
TI-LFA |
RLFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
|
LFA Policy protection-type=link |
|||||||||
|---|---|---|---|---|---|---|---|---|---|
|
Base LFA (LFA) Outcome |
|||||||||
|
none |
link-protect |
node-protect |
|||||||
|
TI-LFA Outcome |
TI-LFA Outcome |
TI-LFA Outcome |
|||||||
none |
link-protect |
node-protect |
none |
link-protect |
node-protect |
none |
link-protect |
node-protect |
|
RLFA Outcome |
|||||||||
— |
— |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
link-protect |
RLFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
|
node-protect |
RLFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA |
TI-LFA |
TI-LFA |
LFA policy parameter nh-type {ip | tunnel}, which controls preference among the backup of type IP and type tunnel (IGP shortcut), is not applicable to RLFA and TI-LFA backup paths.
However, the parameter applies if the LFA policy results in selecting a base LFA backup and the user-enabled resolution of SR-ISIS or SR-OSPF tunnel over IGP shortcut using RSVP-TE LSP.
When configured on an interface, the route next-hop policy template applies to destination prefixes of:
IPv4 and IPv6 SR-ISIS node SID tunnels and
IPv4 SR-OSPF node SID tunnels
where the primary next hop is reachable using that interface
The route next-hop policy template also indirectly applies to:
IPv4 or IPv6 SR-TE LSPs
IPv4 or IPv6 SR policies that use any of the previously mentioned SR tunnels as the top SID in their SID list
Finally, the LFA policy indirectly applies to IPv4 LDP FECs when the LDP fast-reroute backup-sr-tunnel option is enabled and the FEC is protected with a SR tunnel.
An LFA policy, applied to an interface cannot be selectively enabled or disabled per LFA method.
As a result of these rules, at most one backup path will remain in each LFA method. In that case, the selection preference is as follows:
TI-LFA backup IP next hop or repair tunnel
Base LFA backup next hop
This can be of type IP (default or if nh-type type preference set to ip) or of type tunnel (nh-type type preference is set to tunnel and family SRv4 or SRv6 resolves to IGP shortcut using RSVP-TE LSP).
Remote LFA repair tunnel