VPN FRR
Definition
As networks develop rapidly, the time used for end-to-end service convergence if a fault occurs on a carrier's network has been used as an indicator to measure bearer network performance. MPLS TE Fast Reroute (FRR) is a commonly used fast switching technology. MPLS TE FRR creates an end-to-end TE tunnel between two PEs and a backup LSP that protects a primary LSP. When either PE detects the primary LSP is unavailable because of a node or link failure, the one that detects the failure switches the traffic to the backup LSP.
MPLS TE FRR protects services in case a link or node fails between two PEs at both ends of a TE tunnel. MPLS TE FRR, however, cannot protect services in case a PE device fails. If a fault occurs on the ingress or egress, services can only be restored through end-to-end route convergence and LSP convergence. The service convergence time is closely related to the number of routes inside an MPLS VPN and the number of LSP hops on the bearer network. More VPN routes mean longer service convergence time and more lost traffic.
VPN FRR sets forwarding entries in advance that point to active and standby PEs on a remote PE. VPN FRR collaborates with fast PE fault detection to reduce end-to-end service convergence time if a fault occurs in an MPLS VPN (where a CE is dual-homed to two PEs). In VPN FRR, service convergence time only depends on the time required to detect remote PE device faults and change tunnel status. The service convergence time is not affected by the number of VPN routes because of VPN FRR.
Implementation
Figure 1 shows an example of typical VPN FRR networking.
- Both PE2 and PE3 advertise routes destined for CE2 to PE1, and assign VPN labels to these routes. They do so based on traditional BGP/MPLS VPN technology. PE1 then selects a preferred VPNv4 route based on the routing policy. In this example, the preferred route is the route advertised by PE2. Only the routing information, including the forwarding prefix, inner label, and selected LSP, advertised by PE2 is filled into the forwarding entry of the forwarding engine to guide packet forwarding.
- If PE2 fails, PE1 detects the PE2 fault (the BGP peer relationship becomes Down or the outer LSP is unavailable). PE1 then selects the route advertised by PE3 and updates the forwarding entry to complete end-to-end convergence. Before PE1 delivers the forwarding entry matching the route advertised by PE3, CE1 cannot communicate with CE2 for a certain period because the destination of the outer LSP, PE2, is Down. As a result, end-to-end services are interrupted.
- VPN FRR is an improvement on the traditional reliability technology. VPN FRR enables PE1 to add the optimal route advertised by PE2 and the secondary optimal route advertised by PE3 to a forwarding entry. The optimal route is used for traffic forwarding, and the secondary optimal route is used as a backup route.
- If a fault occurs on PE2, the MPLS LSP between PE1 and PE2 becomes unavailable. After detecting the fault, PE1 marks the corresponding entry in the LSP status table as unavailable, and delivers the setting to the forwarding table. After selecting a forwarding entry, the forwarding engine examines the status of the LSP corresponding to the forwarding entry. If the LSP is unavailable, the forwarding engine uses the second-best route carried in the forwarding entry to forward packets. After being tagged with the inner labels assigned by PE3, packets are transmitted to PE3 over the LSP between PE1 and PE3 and then forwarded to CE2. In this manner, fast end-to-end service convergence is implemented and traffic from CE1 to CE2 is restored.
VPN FRR performs fast switching based on inner labels. Outer tunnels can be LDP LSPs or RSVP TE tunnels. When the forwarding engine detects the outer tunnel is unavailable, it triggers fast switching based on inner labels.