[j-nsp] Egress Protection/Service Mirroring
Krzysztof Szarkowicz
kszarkowicz at gmail.com
Thu Jul 19 10:34:22 EDT 2018
> On 2018-Jul-19, at 10:51, James Bensley <jwbensley at gmail.com> wrote:
>
> On 15 July 2018 at 19:20, Krzysztof Szarkowicz <kszarkowicz at gmail.com> wrote:
> ...
>>>> https://pc.nanog.org/static/published/meetings/NANOG71/1451/20171004_Szarkowicz_Fast_Egress_Protection_v1.pdf
>>>> https://www.youtube.com/watch?v=MoZn4qq3FcU&index=69&t=0s&list=UUIvcN8QNgRGNW9osYLGsjQQ
> ...
>>> I was originally refering to
>>> draft-minto-2547-egress-node-fast-protection-03, is
>>> draft-shen-mpls-egress-protection-framework-07 majorly different off
>>> the top of your head? I'll read that draft during the week as well as
>>> your slides and check for my self, looking at the table of contents
>>> though there seems to be clear overlap.
>>
>> [Krzysztof] In the meantime, these drafts migrated to draft-ietf-mpls-egress-protection-framework, so please look just at draft-ietf-mpls-egress-protection-framework. The current version is draft-ietf-mpls-egress-protection-framework-01 (expiring Dec 2018).
> ...
>>> So which draft is
>>> implemented in the Juniper.net documents I linked, anyone know?
>>
>> [Krzysztof] Juniper implements draft-ietf-mpls-egress-protection-framework. I am not in the position to comment on what is implemented by other vendors/operators. Deutsche Telekom (DT) is co-authoring the draft-ietf-mpls-egress-protection-framework, and the world-wide first ever deployment of MPLS egress protection for L3VPNs (as mentioned in NANOG71 slide deck) was implemented at DT couple of years ago. It works perfectly since then, giving ~50 ms failover during PE failures.
>
> [JB] Thanks for all the info Krzysztof. I've read the draft and
> everything is clear to me now. It turns out I already had it under the
> name "draft-ietf-mpls-egress-protection-framework" in my inbox from
> the IETF WG mailing list and hadn't gotten round to reading it yet. I
> might have some feedback on the draft, in which case, I will post back
> to the WG mailing list.
>
> I have found PR1278535 with Juniper so I can see that bugs are being
> fixed for this feature which is good to know.
[Krzysztof] The PR says, that it takes some time (up to 20 seconds) after egress protection states are ready. If failure happens, when the states are not ready, traffic loss similar to traffic loss when egress protection is not configured, is expected.
Particularly, when the ink goes up, it might take 20 seconds until egress protection states are fully ready, since following things must happen:
1. IGP adjacency on link just comes up (between PLR and egress PE) must be established, and DB exchanged fully completed.
2. BGP has to come UP between two egress PEs (directly or via RR) and resync L3 VPN routes.
3. Ingress PE creates LSP to egress PE via PLR.
4. PLR should add protector path.
This is expected behavior, and as such it is nothing to fix. IGP/BGP timers can be tweaked, the decrease the time for IGP/BGP coming up.
After above 4 steps are completed, egress protection states are created and the network is prepared to handle failures.
>
> I'll speak to Cisco to see if they plan on adopting the draft too.
>
> Cheers,
> James.
More information about the juniper-nsp
mailing list