Protecting the LSP: link protection and link-node protection
After examining fast-reroute here, let’s delve into link and node-link protection. First I’ll briefly discover the theory. In a next post, I’ll configure and verify both protection methods on two LSPs.
The goal of link-protection is similar to that of fast-reroute; protecting traffic that is forwarded onto an LSP. Fast-reroute pre-signals detour LSPs. These detour LSPs can be used by an LSR to forward traffic in case of a link-failure. In the following picture, we can see that a link between Nero and Septimus is interrupted:
The moment Nero detects that there is something wrong with the link, Nero can use the detour LSP to deliver the traffic that is traversing the LSP. This as opposed to dropping the traffic and make users wait for Tiberius to detect the interrupted LSP and signal a new one.
Link-protection will do the same thing. Instead of calling it a detour LSP, it is called a bypass LSP:
A more important characteristic is that this bypass LSP can be used by all LSPs transiting the router. If there were 6 LSPs with FRR transiting Nero, 6 detour LSPs would be established. In the case of link-protection, a single bypass LSP is established. This single bypass LSP will offer protection to all the other LSPs.
Another difference between a detour LSP and a bypass LSP is that a bypass LSP increases the label stack. In the example above, you can see that the bypass LSP terminated on the Septimus router. The Nero router simply signaled for an LSP that does nothing more than bypass this one link. The label that Nero normally uses to forward traffic towards Septimus is still pushed onto the packet when the bypass is used. Only this time, the ‘bypass label’ is added. Take a look at the following:
During normal operations (green), the label that is used to send traffic across the link to Septimus is the label that is associated with the LSP. When the link between Nero and Septimus is down, the bypass LSP (red) is used. When this bypass LSP is used, Nero will still use the ‘normal’ label. Added on top of this label is the label that is associated with the bypass LSP. Augustus will swap labels for traffic transiting the bypass LSP just as it would swap traffic traversing a normal LSP. The Caligula router will perform PHP. This way, Septimus is confronted with the same label that it would normally receive during the times that the link was up.
To further the protection offered by link protection, you can choose to use node-link protection. Not only is there a next-hop bypass LSP, there is also a next-next-hop bypass LSP. This last LSP is setup to be able to circumvent the next-hop router in its entirety.
The above picture illustrates the protection offered to the LSP between Tiberius and Commodus. There will still be bypass LSPs to mitigate a link going down. Additionally, there is another pre-signaled bypass LSP. This LSP can be used to circumvent the Nero router going down.
A last note, just for the sake of clarity. All the nodes in the network will, using CSPF, try to establish a bypass LSP.