OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR)

Many thanks! I forgot that OSPF keeps the topology table besides the routing table.

1 Like

Is it beneficial to have OSPF remote LFA FRR considering the overhead of configuring LDP everywhere in network ? Is it really used practically ? Any known use case?

Hello Madhu

I personally haven’t seen OSPF LFA FRR implemented in a production network, however, there are many situations where it is beneficial, even with the substantial overhead involved in its configuration. Imagine a large corporate network where the headquarters is composed of five or six buildings in a campus setup with 3500 employees. Imagine also several branch locations, say 5 or 10 throughout the country each with at least 500 employees. Also, imagine that this corporate network relies on OSPF for routing.

Now such a network, providing network services to over 8000 employees across multiple sites will have hundreds, if not more subnets, with real-time services like VoIP and video conferencing that require continuous routing between these subnets. Additional services such as financial transactions that are sensitive to real-time fluctuations in network availability may also exist on the network.

Now there are literally thousands of such organizations throughout the world, and there are many that may have even larger infrastructures. For such organizations, it is imperative that voice/video/financial transaction communications have the utmost redundancy and resiliency, especially if these operations are mission critical to their business. A network failure where OSPF must rerun SPF may cause hundreds of phone or video conferences to go off line, causing them to have to redial and reconnect. Financial transactions will delay causing a possible change in their results.

So for such requirements, it is not unusual to require the implementation of LFA FRR.

I hope this has been helpful!


excuse but i don’t understand the following command what exactly do:
R1(config-router)#fast-reroute per-prefix tie-break node-protecting required index 5

you said:
Let’s enable node protecting and change the priority to the lowest value of all currently active tie breakers
and you show:

*>, Intra, cost 5, area 0
     SPF Instance 13, age 00:18:13
     Flags: RIB, HiPrio
      via, GigabitEthernet2 label 1048578
       Flags: RIB
       LSA: 1/
      repair path via, GigabitEthernet4 label 1048578, cost 9
       Flags: RIB, Repair, IntfDj, BcastDj, NodeProt
       LSA: 1/
      repair path via, GigabitEthernet3, cost 7
       Flags: Ignore, Repair, IntfDj, BcastDj, Downstr
       LSA: 1/

the cost remain 9 for repair path via and cost remain 7 for repair path via… i don’t understand

Hello Andrea

The statement:

refers to the priorities that are given to the tie breakers. Remember the following in the lesson?

R1#show running-config all | incl break
 fast-reroute per-prefix tie-break primary-path index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break lowest-metric index 30
 fast-reroute per-prefix tie-break linecard-disjoint index 40
 fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50

Here Rene is showing the priorities that are given to the tie breakers, which are shown at the end of each line. Originally, node protection is not included by default. But with the fast-reroute command, Rene assigns a priority to the tiebreaker of 5. This priority is the lowest value of all currently active tie breakers.

These changes do not actually change the OSPF cost of the repair paths. What it does do is it changes the way the paths are evaluated. That results in OSPF preferring router 4 with a cost of 9 over router 3 with a cost of 7 as the next repair path, simply because R3 has the same next hop as R1 originally did.

I hope this has been helpful!


1 Like

Hi Rene,

thanks very much for this!!! What about iOS XR on ASR9K? OSPF LFA per prefix is supported?. I was reading the docs, but I did not find nothing clear about per-prefix support on iOS xr.

Thank you!

Hello Juan

According to the following Cisco documentation, OSPF LFA per prefix is supported on the ASR9K.

Release 6.1.X is an XR IOS release.

I hope this has been helpful!


Thanks very much Lazaros!! I will say that this feature is really useful, but unfortunately, it will not work in some scenarios like for example, when you have some kind of ECMP or like square design. Thats because Remote LFA comes here :slight_smile: but in some topologies, it is not worth to add MPLS configuration .


1 Like

2 posts were merged into an existing topic: OSPF Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)

Could you please update your document?

High: it calculates an LFA for the the /32 prefixes
Low: it calculates an LFA for all prefixes

Hello Lukas

It seems that Rene has already updated the lesson. Specifically, it states:

There are two options; high and low. When you select the high priority, OSPF treats loopback and /32 prefixes with higher priority, calculating an LFA for these a bit earlier than other prefixes. When you select the low priority, it just calculates an LFA for all prefixes. Let’s go for the low priority option:

This text is found in the 1.2 With LFA FRR section. Is there somewhere else in the lesson where this information is missing?


Hi Laz,

I think this setence is wrong, because with the option “high” it won’t calcuate an LFA for other prefixes.



Hello Lukas

Based on this post of the troubleshooting process that @ReneMolenaar performed, he came to the conclusion that:

In the lesson Rene says:

When you select the high priority, OSPF treats loopback and /32 prefixes with higher priority, calculating an LFA for these a bit earlier than other prefixes.

It is true that the high priority setting will only give high priority to loopbacks with /32 prefixes. That’s what the statement in the lesson seems to be saying as well… Am I missing something?


Hi Lagapides,

How can I simulate OSPF LFA FRR in GNS? please, advice link to download the router image.

Hello Costa

You can simulate OSFP LFA FRR by simply employing the lesson commands on any router image in GNS3 that supports it. Now keep in mind that the GNS3 emulator software is free, but the related Cisco IOS images you require to use it are not. Cisco owns the copyright on IOS so they can’t be shared freely. You’ll have to purchase them or get them from someone who has legal access to them.

I hope this has been helpful!



I dont know if the topic fits here, but I,ll ask anyways :). I would like to configure a load balancing scenario for my Pseudowire service. I have configured OSPF area 0 and MPLS.
A Pseudowire is configured and pointing towards the loopback address of each Router. The routing table shows equal cost paths towards the loopback addresses for both devices (Load Balancing for OSPF). Will my Pseudowire
service also do load-balancing? if so, how can I verfiy this. Or can you suggest me how can I achieve the load-balancing of traffic using a single PW?

Hello Abdul

When creating a pseudo-wire, you are essentially creating a Layer 2 tunnel over a Layer 3 infrastructure. The overlay, in this case, is the Layer 2 pseudowire, while the underlay is whatever infrastructure you have that is tunneling that data, which in your case is an OSPF-routed infrastructure and MPLS.

The path that the tunneled pseudowire will take will necessarily be whatever routing behavior has been configured on that underlay. Imagine instead of two routers, you have 20 in that infrastructure between the two loopback with dozens of possible routes. Whatever the routing enabled on that underlay, that is the path that the pseudowire will take.

Now having said all of that, if you have equal cost paths, then you should see both paths being utilized equally. But this will not only depend upon the OSPF cost but also on the methodology of equal cost load balancing. This has little to do with the pseudowire configuration but more to do with how the routers are configured to perform load balancing in such cases and in particular, how the use CEF. More on this can be found at this NetworkLessons note on the subject.

Now how can you verify this? Well, you can use various methods to check this out. First check to see if both paths exist in the routing tables of the routers. If they are there, then load balancing will be applied. Secondly, you can set up an access list that will match your traffic on the interfaces and use the log keyword. That way, you can track the number of packets that take a particular path. You can also use Wireshark to ensure that you see pseudowire packets arriving via both paths.

For more info on pseudowire, take a look at this lesson:

I hope this has been helpful!


Hello, everyone!

I don’t know if this is a CML bug but take a look at this:

Here’s my topology. I’ve added the total cost to reach the network on the right for each link R1 has.

Here are my tiebreakers

The top link is the best path since it has the lowest cost. Now, using LFA, shouldn’t either G3 or G4 be picked as the backup path because of the primary-path tiebreaker? Because that says that an LFA which is a part of ECMP should be preferred, so shouldn’t this ditch the path through R3? Because for some reason, it is picking the path through R3 :smiley:

Then I’ve tried a different topology with the interface-disjoint tiebreaker

After shutting down R2’s G0/0 interface, it didn’t install the LFA even though it did specify it in the output before I shutdown that interface.

Any ideas what am I doing wrong here?

Thank you all!

Hello David

This is expected behavior. Remember that the list of characteristics that are being compared are tiebreakers. But to have the tiebreakers kick in, you must first have a tie. In your scenario, the best alternative is the path via R3, which has a cost of 4. There is no other path that has a cost of 4. The other two paths via R4 and R6 have a cost of 5, so there is no tie.

You see, the first thing that is checked (before any tiebreakers) when applying LFA is the cost. Assuming the candidate backup path satisfies the loop-free condition, the only thing considered is cost.

Now, if your path via R3 had a cost of 5, then there would indeed be a tie, and the tiebreakers would kick in. Using the primary-path tiebreaker, it would prefer to use the ECMP option (links via R4 and R6) rather than the one via R3.

This is indeed behavior contrary to the way the LFA functions. If you have a declared repair path via and once the deadtime interval expires on the R1 R2 adjacency, it installs a next hop of, something else is going on in the meantime. Something else may have caused the SPF algorithm to kick in and reevaluate the next hop. Without LFA, based on the costs and the topology, what next hop would OSFP have chosen? If it is indeed the next hop, then it may be that once LFA kicked in, something else triggered the SPF algorithm changing the next hop. Can you do some more investigation with related debugs to see how this took place?

I hope this has been helpful!


Trying this out based on the topology above. My issue is that I am trying to favor an ECMP path over a lower cost link by using a tie breaker of primary-path as the only tie breaker. Destination is on R6. Weird thing to note (#1) - If I set it to required (mandatory), the output of the show ip ospf RIB does not list the ECMP G3 and G4 as loadshare. Once I remove the required option it lists them appropriately in the show ip ospf rib output.
Weird thing to note (#2) - Even after the output of the show ip ospf RIB command lists an ECMP path over the lower cost as an LFA, it still uses the lower cost path after shutting down the primary path G1 on CSR router.

This is the CSR router FRR configuration:

All seems to look well with it choosing to use a ECMP link as a repair path due to my specifying it as my only tie breaker:

But when I shut my primary path link G1 down, it still changes and chooses the lower cost path via R2-3 on interface G2 (as seen below) which it said it would ignore in the output above.

In reference to weird thing to note item #1: This is what the OSPF RIB looks like when I use the below command