SR based Micro-Loop Avoidance

OcNOS SP : Segment Routing Guide : Segment Routing Configuration : SR based Micro-Loop Avoidance

Overview

SR based Micro-loop avoidance is a mechanism designed to prevent transient forwarding loops that can occur during IGP convergence events such as link flaps, metric changes, or other SPF-triggering events in IP networks, particularly within Segment Routing (SR) enabled domains. The primary goal is to ensure traffic continuity and minimize packet loss during convergence by computing loop-free SR tunnels for nodes at risk of micro-loops.

The Need for Micro-loop Avoidance

Micro-loops are temporary forwarding loops that can occur during IGP convergence, when routers update their forwarding paths at different times after a network change (like a link failures). These loops typically last for a few milliseconds to seconds, but can have serious consequences.

In the given topology, the link between R2 and R4 is initially down. During this state, R3 reaches R5 via R4. When the link between R2 and R4 comes up, the network begins to reconverge, and R3 recalculates its path to R5. Due to the lower cost via R1, R3 updates its next-hop to R1. As a result, R3 updates its forwarding table before R1. Since R1 has not yet converged, it still forwards packets towards R3 based on the old path, creating a transient micro-loop between R3 and R1. Once R1 completes its convergence and updates its path to forward traffic via R2, R2 still operating with the old path may continue forwarding back to R1, leading to a second micro-loop between R1 and R2. Asynchronous convergence in routers can lead to temporary micro-loops in fast-converging IGP networks, underscoring the need for effective micro-loop prevention strategies.

The IS-IS Segment Routing Micro-loop Avoidance feature provides a robust solution to mitigate these issues. It leverages SR-MPLS to ensure loop-freeness during IGP re-convergence following link-state changes, such as link or node failures, or metric updates. Micro-loops occur due to temporary inconsistencies in forwarding tables during these transitions. This feature coordinates synchronized updates to the FIB across routers, effectively reducing convergence-related packet loss. To ensure optimal protection against micro-loops, this feature should be enabled consistently on all routers within the network.

Feature Characteristics

• Helps prevent micro-loops during ISIS reconvergence.

• Supports both link up/down and metric increase/decrease events.

• Operates with Segment Routing (SR-MPLS) and requires FRR and BFD for immediate failover protection.

• Micro-loop avoidance tunnels are created only on routers that support SR and are configured with a valid Node SID.

• When a router receives a topology update, it checks whether it corresponds to a single link event. If multiple routers report the same event, the router treats them collectively as one link event. However, if the router detects multiple distinct link events, the SR micro-loop avoidance process is aborted.

• Currently, OcNOS supports this feature for IS-IS as the IGP.

Benefits

• Reduced Packet Loss: Minimizes traffic loss to under 50ms during convergence by preventing micro-loops.

• Improved Network Stability: Ensures consistent forwarding paths during topology changes.

• Flexible Deployment: Supports various MPLS-based services and integrates with EVPN and BGP.

• Enhanced Reliability: Complements FRR mechanisms like TI-LFA for robust failure handling.

• Scalability: Applicable to both Level-1 and Level-2 IS-IS environments with segment routing.

Prerequisites

• IS-IS with Segment Routing (SR) should be configured and operational on all routers.

• MPLS services (such as L2VPN, L3VPN, VPLS, VPWS, 6VPE, 6PE) should be supported and configured as needed.

• Bidirectional Forwarding Detection (BFD) should be enabled for faster failure detection.

• FRR mechanisms namely, TI-LFA, and so on, should be configured to protect against critical link or node failures, with Equal-Cost Multi-Path (ECMP) support also enabled.

• EVPN and BGP should be configured for MPLS services like ELINE.

• All routers should support the micro-loop avoidance feature and have compatible hardware profiles (such as EVPN-MPLS multihoming enabled).

Limitations

• SNMP MIB support for SR micro-loop avoidance is not included in this release.

• Ordered-FIB-based micro-loop avoidance should not be enabled concurrently with SR-based micro-loop avoidance.

• The maximum label depth for loop-free paths is constrained by the label stack depth supported on each device in the network.

• SR micro-loop avoidance for flexible algorithms (Flex-Algo) is not supported.

• No SR micro-loop tunnels are installed for a route/tunnel if SPF results in no changes to its next hops and metrics.

Topology

The topology illustrates an IS-IS Segment Routing network designed for micro-loop avoidance. It includes two Provider Edge routers (PE1 and PE2), two Provider routers (P1 and P2), and two traffic generators (Traffic Generator 1 and Traffic Generator 2). PE1 connects to Traffic Generator 1 via the customer-facing interface ce1, while PE2 connects to Traffic Generator 2 via ce20. The network-side interfaces (ce2, ce3, ce0, ce16, ce49, ce50) link PE1, P1, P2, and PE2, forming a multi-path topology with P1 and P2 interconnected.

ISIS-SR micro-loop avoidance

Configuration

The following steps configure IS-IS Segment Routing Micro-loop Avoidance on routers PE1, P1, P2, and PE2. These steps assume IS-IS SR and MPLS services are already partially configured. For example, only ELINE services are configured. To configure SR Micro-loop functionality on nodes with ISIS as IGP, follow the steps mentioned below:

1. Configure loop-back interfaces

• Configure loopback interfaces to serve as stable router identifiers and Segment Routing Prefix SID endpoints in the IS-IS domain.

(config)#interface lo

(config-if)#ip address 28.28.28.28/32 secondary

(config-if)#prefix-sid index 28 no-php

(config-if)#ip router isis 1

(config-if)#exit

Note: Repeat the above configuration on all PE and P routers with unique loopback IPs and SID indices.

2. Configure network interface

• Configure the data-plane interfaces to establish IS-IS adjacencies and enable MPLS forwarding for SR traffic.

(config)#interface ce2
(config-if)#11.1.1.1/30

(config-if)#mtu 9216

(config-if)#label-switching

(config-if)#ip router isis 1

(config-if)#load-interval 30

(config-if)#isis network point-to-point

(config-if)#exit

(config)#interface ce3
(config-if)#10.1.1.2/30

(config-if)#mtu 9216

(config-if)#label-switching

(config-if)#ip router isis 1

(config-if)#load-interval 30

(config-if)#isis network point-to-point

(config-if)#exit

Note: Apply the respective IP configurations to all IS-IS transport interfaces.

3. Configure IS-IS with Segment Routing and TI-LFA

• Set up IS-IS parameters to enable Segment Routing with MPLS dataplane and configure TI-LFA for fast reroute capabilities.

(config)#router isis 1

(config-router)#is-type level-2-only

(config-router)#metric-style wide

(config-router)#mpls traffic-eng router-id 28.28.28.28

(config-router)#mpls traffic-eng level-2

(config-router)#capability cspf

(config-router)#dynamic-hostname

(config-router)#fast-reroute per-prefix level-2 proto ipv4 all

(config-router)#fast-reroute ti-lfa level-2 proto ipv4

(config-router)#bfd all-interfaces

(config-router)#net 49.0000.0000.1028.00

(config-router)#isis segment-routing global block 16000 23999

(config-router)#segment-routing mpls

Note: Repeat these steps on all IS-IS nodes in the SR domain with respective parameters.

4. Configure SR based Micro-Loop Avoidance

• Apply FIB update delays to enable ordered convergence and prevent micro-loops during topology changes.

(config)#router isis 1

(config-router)# microloop-avoidance segment-routing level-2 proto ipv4 fib-delay 10000

Note: Repeat these steps on all the routers.

5. Configure BGP for EVPN

• Establish an EVPN control plane to serve as the MAC/IP route distribution mechanism between provided edge routers (PE1 and PE2).

(config)#router bgp 65010

(config-router)#bgp router-id 28.28.28.28

(config-router)#neighbor 44.44.44.44 remote-as 65010

(config-router)#neighbor 44.44.44.44 update-source lo

(config-router)#address-family l2vpn evpn

(config-router)#neighbor 44.44.44.44 activate

(config-router)#exit-address-family

6. Configure MPLS EVPN ELINE Services

• Configure ELINE services using MAC VRFs and EVPN to serve as point-to-point Ethernet services over MPLS between provided edge routers (PE1 and PE2).

Note: Only ELINE services are configured.

(config)#evpn mpls enable

(config)#mac vrf 301

(config-vrf)#rd 28.28.28.28:301

(config-vrf)#route-target both 301:301

(config)#evpn mpls vtep-ip-global 28.28.28.28

(config)#evpn mpls id 401 xconnect target-mpls-id 301

(config)#host-reachability-protocol evpn-bgp 301

(config)#interface ce1.301 switchport

(config-inf)#encapsulation dot1q 301

(config-inf)#access-if-evpn

(config-access)#map vpn-id 401

Configuration Snapshot

PE1

bfd interval 3 minrx 3 multiplier 3

qos enable

mpls ilm-ecmp sr

mpls ftn-ecmp sr

evpn mpls enable

mac vrf 301

rd 28.28.28.28:301

route-target both 301:301

evpn mpls vtep-ip-global 28.28.28.28

evpn mpls id 401 xconnect target-mpls-id 301

host-reachability-protocol evpn-bgp 301

interface ce1.301 switchport

encapsulation dot1q 301

access-if-evpn

map vpn-id 401

interface ce2

load-interval 30

ip address 11.1.1.1/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface ce3

speed 100g

load-interval 30

ip address 10.1.1.2/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface lo

ip address 127.0.0.1/8

ip address 28.28.28.28/32 secondary

ipv6 address ::1/128

prefix-sid absolute 16028

ip router isis 1

router isis 1

is-type level-2-only

metric-style wide

microloop-avoidance level-2

mpls traffic-eng router-id 28.28.28.28

mpls traffic-eng level-2

capability cspf

dynamic-hostname

fast-reroute per-prefix level-2 proto ipv4 all

fast-reroute ti-lfa level-2 proto ipv4

bfd all-interfaces

net 49.0000.0000.1028.00

isis segment-routing global block 16000 23999

segment-routing mpls

router bgp 65010

bgp router-id 28.28.28.28

neighbor 44.44.44.44 remote-as 65010

neighbor 44.44.44.44 update-source lo

address-family l2vpn evpn

neighbor 44.44.44.44 activate

exit-address-family

exit

end

bfd interval 3 minrx 3 multiplier 3

qos enable

mpls ilm-ecmp sr

mpls ftn-ecmp sr

interface ce0

speed 100g

load-interval 30

ip address 11.1.1.2/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface ce1

load-interval 30

ip address 12.1.1.1/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface lo

ip address 127.0.0.1/8

ip address 29.29.29.29/32 secondary

ipv6 address ::1/128

prefix-sid absolute 16029

ip router isis 1

router isis 1

is-type level-2-only

metric-style wide

microloop-avoidance level-2

mpls traffic-eng router-id 29.29.29.29

mpls traffic-eng level-2

capability cspf

dynamic-hostname

fast-reroute per-prefix level-2 proto ipv4 all

fast-reroute ti-lfa level-2 proto ipv4

bfd all-interfaces

net 49.0000.0000.1029.00

isis segment-routing global block 16000 23999

segment-routing mpls

end

PE2

bfd interval 3 minrx 3 multiplier 3

qos enable

mpls ilm-ecmp sr

mpls ftn-ecmp sr

evpn mpls enable

mac vrf 301

rd 44.44.44.44:301

route-target both 301:301

evpn mpls vtep-ip-global 44.44.44.44

evpn mpls id 301 xconnect target-mpls-id 401

host-reachability-protocol evpn-bgp 301

interface ce1

load-interval 30

ip address 10.1.1.1/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface ce16

fec off

load-interval 30

ip address 13.1.1.1/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface ce20.301 switchport

encapsulation dot1q 301

access-if-evpn

map vpn-id 301

interface lo

ip address 127.0.0.1/8

ip address 44.44.44.44/32 secondary

ipv6 address ::1/128

prefix-sid absolute 16044

ip router isis 1

exit

router isis 1

is-type level-2-only

metric-style wide

microloop-avoidance level-2

mpls traffic-eng router-id 44.44.44.44

mpls traffic-eng level-2

capability cspf

dynamic-hostname

fast-reroute per-prefix level-2 proto ipv4 all

fast-reroute ti-lfa level-2 proto ipv4

bfd all-interfaces

net 49.0000.0000.1044.00

isis segment-routing global block 16000 23999

segment-routing mpls

router bgp 65010

bgp router-id 44.44.44.44

neighbor 28.28.28.28 remote-as 65010

neighbor 28.28.28.28 update-source lo

address-family l2vpn evpn

neighbor 28.28.28.28 activate

exit-address-family

exit

end

bfd interval 3 minrx 3 multiplier 3

qos enable

mpls ilm-ecmp sr

mpls ftn-ecmp sr

interface ce49

load-interval 30

ip address 13.1.1.2/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface ce50

load-interval 30

ip address 12.1.1.2/30

mtu 9600

label-switching

isis network point-to-point

ip router isis 1

bfd interval 3 minrx 3 multiplier 3

interface lo

ip address 127.0.0.1/8

ip address 30.30.30.30/32 secondary

ipv6 address ::1/128

prefix-sid absolute 16030

ip router isis 1

exit

router isis 1

is-type level-2-only

metric-style wide

microloop-avoidance level-2

mpls traffic-eng router-id 30.30.30.30

mpls traffic-eng level-2

capability cspf

dynamic-hostname

fast-reroute per-prefix level-2 proto ipv4 all

fast-reroute ti-lfa level-2 proto ipv4

bfd all-interfaces

net 49.0000.0000.1033.00

isis segment-routing global block 16000 23999

segment-routing mpls

end

Validation

Verify the configuration using the following commands on each router:

PE1#sh isis microloop-avoidance segment-routing info

IS-IS level-2 proto-IPv4, microloop-avoidance segment-routing is enabled

fib-delay 10000 ms.

algorithm_num: 0

microloop-avoidance segment-routing SPF stage: Inactive

PE1#sh mpls forwarding-table

Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup

B - BGP FTN, K - CLI FTN, (t) - tunnel, P - SR Policy FTN, (b) - bypass,

L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,

U - unknown FTN, O - SR-OSPF FTN, i - SR-ISIS FTN, k - SR-CLI FTN

(m) - FTN mapped over multipath transport, (e) - FTN is ECMP

FTN-ECMP LDP: Disabled, SR: Disabled

Code FEC FTN-ID Nhlfe-ID Tunnel-ID Pri Out-Label Out-Intf ELC Nexthop Algo-Num UpTime

i> 29.29.29.29/32 5 25 - - - - - - 0 00:00:28

21 0 Yes 16029 ce2 No 11.1.1.2 - -

24 - No 16029 ce3 No 10.1.1.1 - -

i> 30.30.30.30/32 1 13 - - - - - - 0 00:19:05

3 0 Yes 16030 ce2 No 11.1.1.2 - -

6 - No 3 ce3 No 10.1.1.1 - -

9 0 Yes 16030 ce3 No 10.1.1.1 - -

1 - No 3 ce2 No 11.1.1.2 - -

i(b)> 30.30.30.30/32 3 9 2201 Yes 16030 ce3 No 10.1.1.1 0 00:14:17

i(b)> 30.30.30.30/32 4 3 2202 Yes 16030 ce2 No 11.1.1.2 0 00:14:17

i> 44.44.44.44/32 2 19 - - - - - - 0 00:14:18

18 0 Yes 16044 ce3 No 10.1.1.1 - -

15 - No 16044 ce2 No 11.1.1.2 - -

PE1#

PE1#sh mpls ilm-table

Codes: > - installed ILM, * - selected ILM, p - stale ILM, ! - using backup

K - CLI ILM, T - MPLS-TP, s - Stitched ILM

S - SNMP, L - LDP, R - RSVP, C - CRLDP

B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT

O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI

P - SR Policy, U - unknown, UPStr - upstream

ILM-ECMP LDP: Disabled, SR: Enabled

Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf/VRF Nexthop pri Algo-Num UpTime UPStr peers

i> 29.29.29.29/32 6 16029 3 N/A ce2 11.1.1.2 Yes 0 00:07:32

16029 16029 N/A ce3 10.1.1.1 No - -

i> 28.28.28.28/32 5 16028 Nolabel N/A N/A 127.0.0.1 Yes 0 00:07:35

i> 44.44.44.44/32 8 16044 3 N/A ce3 10.1.1.1 Yes 0 00:07:27

16044 16044 N/A ce2 11.1.1.2 No - -

i> 30.30.30.30/32 9 16030 16030 N/A ce2 11.1.1.2 Yes 0 00:01:23

16030 3 N/A ce3 10.1.1.1 No - -

16030 16030 N/A ce3 10.1.1.1 Yes - -

16030 3 N/A ce2 11.1.1.2 No - -

i> 11.1.1.2/32 4 26240 3 N/A ce2 11.1.1.2 Yes 0 00:07:35

26240 16029 N/A ce3 10.1.1.1 No - -

B> evpn:401 3 25601 Nolabel N/A N/A 127.0.0.1 Yes N/A 00:07:35

i> 10.1.1.1/32 7 26241 3 N/A ce3 10.1.1.1 Yes 0 00:07:31

26241 16044 N/A ce2 11.1.1.2 No - -

PE1#

sh evpn mpls xc tunnel

EVPN-MPLS Network tunnel Entries

Source Destination Status Up/Down Update local-evpn-id remote-evpn-id Ext-Color

===================================================================================================================

28.28.28.28 44.44.44.44 Installed 00:00:34 00:00:34 401 301 ---

Total number of entries are 1

PE1#

PE1-7028#sh clns neighbors

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 2

Total number of adjacencies: 2

Tag 1: VRF : default

System Id Interface SNPA State Holdtime Type Protocol

P1 ce2 5c07.5828.b460 Up 20 L2 IS-IS

PE2 ce3 5c17.839a.f0b3 Up 27 L2 IS-IS

PE1#

PE1#sh isis topology

Tag 1: VRF : default

IS-IS paths to level-2 routers

System Id Metric Next-Hop Interface SNPA

PE1 --

P1 10 P1 ce2 5c07.5828.b460

P2 20 P1 ce2 5c07.5828.b460

PE2 ce3 5c17.839a.f0b3

PE2 10 PE2 ce3 5c17.839a.f0b3

PE1#

PE1#sh ip isis route

Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric

** - invalid

Tag 1: VRF : default

Total number of routes: 8

Destination Metric Next-Hop Interface Tag

C 10.1.1.0/30 10 -- ce3 0

C 11.1.1.0/30 10 -- ce2 0

L2 12.1.1.0/30 20 11.1.1.2 ce2 0

L2 13.1.1.0/30 20 10.1.1.1 ce3 0

C 28.28.28.28/32 10 -- lo 0

L2 29.29.29.29/32 20 11.1.1.2 ce2 0

L2 30.30.30.30/32 30 11.1.1.2 ce2 0

10.1.1.1 ce3 0

L2 44.44.44.44/32 20 10.1.1.1 ce3 0

PE1#

CLI Commands

This section provides the commands required to configure SR micro-loop avoidance under ISIS mode.

micro-loop avoidance segment-routing

Use this command to configure a SR micro-loop avoidance under IS-IS Segment Routing (SR) mode.

Use the no form of this command to disable micro-loop avoidance for under IS-IS Segment Routing (SR) mode.

When micro-loop avoidance is enabled under Segment Routing, the router ensures loop-free convergence by controlling FIB updates across the network during topology changes.

Command Syntax

microloop-avoidance segment-routing (level-1 | level-2)(proto ipv4|ipv6 fib-delay) <100-300000>

no microloop-avoidance segment-routing (level-1 | level-2)(proto ipv4|ipv6)

Parameter

level-1

Applies Segment Routing micro-loop avoidance logic only to IS-IS Level-1

level-2

Applies Segment Routing micro-loop avoidance logic only to IS-IS Level-2

prot0

Specifies the protocol family (IPv4 or IPv6) to which micro-loop avoidance will be applied

ipv4

Specifies the IPv4 protocol family to which micro-loop avoidance will be applied

ipv6

Specifies the IPv6 protocol family to which micro-loop avoidance will be applied

<100-300000>

Sets the delay in milli-seconds for updating the Forwarding Information Base (FIB). This delay helps prevent micro-loops by controlling the rate at which FIB changes are applied.

Default

If fib-delay is not configured, default fib-delay of 1500ms(1.5sec) is configured.

Command Mode

ISIS router mode

Applicability

This command is introduced in OcNOS/Version/6.6.1.

Examples

The following example shows the enabling of a SR microloop avoidance

#configure terminal

(config)#router isis 1

(config-router)#microloop-avoidance segment-routing level-1 proto ipv4 fib-delay 100

(config-router)#microloop-avoidance segment-routing level-2 proto ipv6 fib-delay 1000

#configure terminal

(config)#router isis 1

(config-router)#no microloop-avoidance segment-routing level-1 proto ipv4

(config-router)#no microloop-avoidance segment-routing level-2 proto ipv6