MPLS TE FRR Overview


MPLS Fast Reroute (FRR) is an alternative to SONET Automatic Protection Switching (APS) which provides sub 50ms recovery of link. Additionally FRR provides node protection.


  • The main advantages of MPLS FRR over SONET APS:
    • Not linked to link type - MPLS FRR does not require fiber connections to work, it is link type agnostic.
    • Offers protection for nodes - MPLS FRR provides a backup tunnel which could protect a node instead of just a link like in SONET APS.
    • Does not require extra hardware - APS requires additional hardware, while MPLS FRR utilizes MPLS routers.
  • Recovery is up to 50ms.

FRR Terminology

  • Point of Local Repair (PLR) - Router directly connected to a failed link or a failed node, where the backup tunnel starts.
  • Merger Point (MP) - End of the backup tunnel, where the detour or facility backup joins the regular LSP path, from a failed state.
  • Next-Hop-Node -
  • Next-Next-Hop-Node -
  • Detour backup - the backup tunnel is called detour when using one to one protection.
  • Bypass backup - the backup tunnel is called bypass when using many to one protection.

FRR Local Protection Process

  • FRR is setup to protect LSP data plane by having a pre-configure backup tunnel. That tunnel can be protected in case of an link failure or a node failure.
  • When a failure is detected by the directly connected router, it will immediately forward respective LSP traffic over the backup tunnel and then notifies the head end of the error.
  • If the head end has a dynamic option configured, or an alternate valid explicit path, it will try to signal the new path.
  • The whole point of local protection is to minimize the packet loss and minimize the load on re-computing the TE tunnel paths at the same time.
  • Backup tunnel will carry the traffic from a protected tunnel around the failed link/node (at the PLR) and merge it back into the regular path at Merge Point (MP).
  • Once a new path is established, the backup tunnel is not used anymore.

Protection Types

  • MPLS TE can provide protection based on three levels:
    • Path Protection - Creates a new path end to end. For more information see mpls-te-path-protection
    • Link Protection - provides a backup tunnel if a designated important link goes down. For more information see mpls-te-link-protection
    • Node Protection - provides a backup tunnel to bypass a failure a designed node. For more information see mpls-te-node-protection
  • Link and Node have two types of protection:
    • One-to-one protection - Protects one LSP with one backup LSP. Uses RSVP-TE DETOUR object which identifies detour LSPs. Does not impose any new MPLS labels. Results in more optimal paths for each LSP. This option might not be implemented in Cisco's devices (see comments section below).
    • Many-to-one (facility) protection - Protects a set of LSPs with one backup LSP. This option is much more scalable, it imposes a new label which increases the label stack. May result in less optimal backup path forwarding, since it might have to double-back.
  • Forwarding over the backup tunnel is different for each type:
    • Many to one - backup tunnel label is pushed at the PLR and poped at the MP using penultimate hop popping. Only requires forwarding state on the PLR, MP just pops the label.
    • One to one - a backup LSP is created just for one of the protected LSP. During a failure, instead of pushing a new backup tunnel label, it swaps it with the backup label until it reaches the MP, where it the protected LSP is swapped to regular label. This method requires a forwarding state both at the PLR and MP.

Failure Detection

  • MPLS FRR only works as good as the failure detection mechanism. In this case how fast can the router detect a link failure.

Failure Detection Methods

  • Physical detection for packet-over-SONET/SDH - detect failures within milliseconds at the physical layer.
  • IGP detection - not the best way. OSPF/ISIS can detect failures using the fast-hello message with minimal timer of 1 second.
  • Debounce timers - is a delay that can be configured on a port that will delay the time supervisor is notified of a port going down. For Ethernet (10/100/1000) the command carrier-delay (ms) defines that timers. Should be set to 0 unless the physical media has a detection mechanism, which in that case it should be higher than that mechanism. The purpose of this timer is to prevent bounce of an interface for a short loss.
  • BFD - Bidirectional Forwarding Detection is a protocol that allows you maintain fast keepalives for multiple routing processes instead of just one, minimizing on the CPU load. It works for any type of physical media. The minimal detection timer for BFD depend on the platform and can range from 150 msec to 1.5 seconds.
  • RSVP Hello - can be use to detect link/node failure if link layer mechanism does not work well, such as in Ethernet.

Additional Resources

OSPF Fast Convergence - INE Blog
Nexus 5000 Configuration Guide - Cisco
Fast Reroute Extensions to RSVP-TE for LSP Tunnels - IETF


rating: 0+x
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License