MPLS-TE Resiliency Part 2: Local Protection or MPLS FRR

For many enterprises, business continuity depends on having resilient connections to their remote branches and data centers. When it comes to MPLS-TE tunnels, resiliency can be achieved either through End-to-End protection or local protection.

In part 1 of this series on MPLS-TE resiliency, we covered End-to-End protection that can be achieved with the help of secondary paths. In this part, we look at another mechanism for MPLS-TE tunnel resiliency: local protection achieved with MPLS Fast Reroute.

MPLS FRR (Fast Reroute)

A popular choice to enable MPLS resiliency or protection for MPLS-TE tunnels established using RSVP-TE is MPLS Fast Reroute (FRR). With Fast Reroute, MPLS-TE LSPs are protected from link or node failures by bypassing the local point of failure until the headend router establishes a new end-to-end LSP. It is because the protection happens close to the point of failure rather than for the entire end-to-end path that FRR is referred to as local protection. The advantage of FRR is that it provides recovery in less than 50 milliseconds during a failure with minimal packet loss and does not come with the overhead of end-to-end protection when an entire backup LSP must be created. MPLS FRR is classified into two categories – link protection and node protection. Before we look at the two types of FRR, there are two router roles in addition to the ones we covered in our blog on MPLS Fundamentals. They are:

Point of Local Repair (PLR): The router where the backup tunnel originates after the failure of the downstream link or node. It is this router that forwards the traffic along the alternate path and notifies the headend router that the primary LSP has an issue.

Merge Point (MP): The point where the alternate (backup) path terminates and merges into the original LSP.

And now to get back to the two types of FRR mechanisms.

Link Protection:

In this mechanism, when a link along an LSP fails, traffic is rerouted to the next hop through backup tunnels that bypass only the failed link in the LSP. These backup tunnels created are referred to as next-hop (NHOP) backup tunnels because they terminate at the next hop after the point of failure

MPLS FRR (Fast Reroute) link protection

Here, when a link fails, the PLR swaps the MPLS label and pushes the backup label. This reroutes the traffic along the backup path until the backup terminates at the MP and traffic rejoins the primary LSP. The PLR also sends path error messages to the headend router to notify of the LSP failure.

Node Protection:

This mechanism protects the TE tunnel when the next downstream router fails. Here, backup tunnels that bypass the next-hop node are created to carry traffic. The backup tunnel terminates at a node after the next-hop node (2 hops away) and are called next-next-hop (NNHOP) backup tunnels.

MPLS FRR (Fast Reroute) Node protection

Unlike link protection that provides resiliency only in case of link failure, node protection can provide protection against both link and node failures.

Both link and node protection FRR have two further categorizations. There is One-to-One protection where each LSP is protected with a separate backup LSP. This one-to-one protection tunnel is referred to as a detour.

Many-to-One or facility backup (1:N) is where a single backup tunnel is used for multiple LSPs. This mechanism is referred to as bypass and allows many LSPs to be bound by a single bypass tunnel. For even more information on FRR and a few configuration details, check out these links:

With that we hope you have gained some insights into FRR and how it works. And if you are using MPLS-TE, remember to monitor the performance of your traffic engineering tunnels.

Explorer Suite for Traffic Engineering  | Request Demo | Follow us on Twitter