1 Reply Latest reply: Oct 10, 2019 1:48 AM by Nazim RSS

    OSPF LFA

    Mohammad

      OSPF LFA.png

      CSR1#sh ip route ospf
      Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2
             i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
             ia - IS-IS inter area, * - candidate default, U - per-user static route
             o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
             a - application route
             + - replicated route, % - next hop override, p - overrides from PfR

      Gateway of last resort is not set

            3.0.0.0/32 is subnetted, 1 subnets
      O        3.3.3.3 [110/2] via 192.168.13.3, 00:00:58, GigabitEthernet3
      O     192.168.23.0/24 [110/2] via 192.168.13.3, 00:00:58, GigabitEthernet3
                            [110/2] via 192.168.12.2, 00:04:05, GigabitEthernet1
      O     192.168.34.0/24 [110/2] via 192.168.14.4, 00:01:38, GigabitEthernet2
                            [110/2] via 192.168.13.3, 00:00:58, GigabitEthernet3

      CSR1#sh ip cef 3.3.3.3/32
      3.3.3.3/32
        nexthop 192.168.13.3 GigabitEthernet3

      router ospf 1
      fast-reroute per-prefix enable area 0 prefix-priority high

      CSR1#sh ip cef 3.3.3.3/32
      3.3.3.3/32
        nexthop 192.168.13.3 GigabitEthernet3
          repair: attached-nexthop 192.168.12.2 GigabitEthernet1

      Let us try to shut down the link between CSR1 and CSR3 (which is the preferred path):

      CSR1#sh ip route ospf
      Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2
             i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
             ia - IS-IS inter area, * - candidate default, U - per-user static route
             o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
             a - application route
             + - replicated route, % - next hop override, p - overrides from PfR

      Gateway of last resort is not set

            3.0.0.0/32 is subnetted, 1 subnets
      O        3.3.3.3 [110/3] via 192.168.14.4, 00:00:01, GigabitEthernet2
                       [110/3] via 192.168.12.2, 00:00:01, GigabitEthernet1
      O     192.168.13.0/24 [110/3] via 192.168.14.4, 00:00:01, GigabitEthernet2
                            [110/3] via 192.168.12.2, 00:00:01, GigabitEthernet1
      O     192.168.23.0/24 [110/2] via 192.168.12.2, 00:06:29, GigabitEthernet1
      O     192.168.34.0/24 [110/2] via 192.168.14.4, 00:04:02, GigabitEthernet2

      CSR1#show ip cef 3.3.3.3/32
      3.3.3.3/32
        nexthop 192.168.12.2 GigabitEthernet1
          repair: attached-nexthop 192.168.14.4 GigabitEthernet2
        nexthop 192.168.14.4 GigabitEthernet2
          repair: attached-nexthop 192.168.12.2 GigabitEthernet1

      CSR1#sh ip route 3.3.3.3
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 3, type intra area
        Last update from 192.168.12.2 on GigabitEthernet1, 00:00:25 ago
        Routing Descriptor Blocks:
        * 192.168.14.4, from 3.3.3.3, 00:00:25 ago, via GigabitEthernet2
            Route metric is 3, traffic share count is 1
            Repair Path: 192.168.12.2, via GigabitEthernet1
          192.168.12.2, from 3.3.3.3, 00:00:25 ago, via GigabitEthernet1
            Route metric is 3, traffic share count is 1
            Repair Path: 192.168.14.4, via GigabitEthernet2

      CSR1#sh ip route repair-paths 3.3.3.3
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 3, type intra area
        Last update from 192.168.12.2 on GigabitEthernet1, 00:00:51 ago
        Routing Descriptor Blocks:
        * 192.168.14.4, from 3.3.3.3, 00:00:51 ago, via GigabitEthernet2
            Route metric is 3, traffic share count is 1
            Repair Path: 192.168.12.2, via GigabitEthernet1
          192.168.12.2, from 3.3.3.3, 00:00:51 ago, via GigabitEthernet1
            Route metric is 3, traffic share count is 1
            Repair Path: 192.168.14.4, via GigabitEthernet2

      Brining back the link online:

      CSR1#sh ip route ospf
      Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2
             i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
             ia - IS-IS inter area, * - candidate default, U - per-user static route
             o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
             a - application route
             + - replicated route, % - next hop override, p - overrides from PfR

      Gateway of last resort is not set

            3.0.0.0/32 is subnetted, 1 subnets
      O        3.3.3.3 [110/3] via 192.168.14.4, 00:03:15, GigabitEthernet2
                       [110/3] via 192.168.12.2, 00:03:15, GigabitEthernet1
      O     192.168.23.0/24 [110/2] via 192.168.12.2, 00:09:43, GigabitEthernet1
      O     192.168.34.0/24 [110/2] via 192.168.14.4, 00:07:16, GigabitEthernet2


      Changing all costs to 10 and investigating needed outputs:

      CSR1#sh ip route ospf
      Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2
             i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
             ia - IS-IS inter area, * - candidate default, U - per-user static route
             o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
             a - application route
             + - replicated route, % - next hop override, p - overrides from PfR

      Gateway of last resort is not set

            3.0.0.0/32 is subnetted, 1 subnets
      O        3.3.3.3 [110/11] via 192.168.13.3, 00:03:22, GigabitEthernet3
      O     192.168.23.0/24 [110/20] via 192.168.13.3, 00:02:36, GigabitEthernet3
                            [110/20] via 192.168.12.2, 00:02:36, GigabitEthernet1
      O     192.168.34.0/24 [110/20] via 192.168.14.4, 00:02:10, GigabitEthernet2
                            [110/20] via 192.168.13.3, 00:02:10, GigabitEthernet3


      CSR1#sh ip cef 3.3.3.3
      3.3.3.3/32
        nexthop 192.168.13.3 GigabitEthernet3
          repair: attached-nexthop 192.168.14.4 GigabitEthernet2

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 33, age 00:02:21
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.14.4, GigabitEthernet2, cost 21
             Flags: RIB, Repair, IntfDj, BcastDj
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.12.2, GigabitEthernet1, cost 21
             Flags: Ignore, Repair, IntfDj, BcastDj, SRLG
             LSA: 1/3.3.3.3/3.3.3.3

      As can be seen from the output above , the primary path is via the direct link between CSR1 and CSR3
      And the repair path is via the link between CSR1 and CSR4


      CSR1#sh ip route 3.3.3.3 255.255.255.255
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 11, type intra area
        Last update from 192.168.13.3 on GigabitEthernet3, 00:08:33 ago
        Routing Descriptor Blocks:
        * 192.168.13.3, from 3.3.3.3, 00:08:33 ago, via GigabitEthernet3
            Route metric is 11, traffic share count is 1
            Repair Path: 192.168.14.4, via GigabitEthernet2

      Let us now shut down the backup link and check if R2 satisfies the link protection inequality
      The link protection inequality which is similar in terminology to EIGRP feasible successor

      D(N,D) < D(N,S) + D(S,D)

      Where
      D : Distance (Cost) (D outside parentheses)
      S : Source
      D : Destination
      N : Candidate


      OSPF LFA 2.png


      CSR1#conf t
      Enter configuration commands, one per line.  End with CNTL/Z.
      CSR1(config)#int g2
      CSR1(config-if)#shut

      CSR1#sh ip route 3.3.3.3 255.255.255.255
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 11, type intra area
        Last update from 192.168.13.3 on GigabitEthernet3, 00:00:27 ago
        Routing Descriptor Blocks:
        * 192.168.13.3, from 3.3.3.3, 00:00:27 ago, via GigabitEthernet3
            Route metric is 11, traffic share count is 1
            Repair Path: 192.168.12.2, via GigabitEthernet1

      Let us bring back the link and try to modify the costs through R2 in order to be not elected for backup:
      Adjusting the cost on the link between R2 and R3 to be 30

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 38, age 00:12:55
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.14.4, GigabitEthernet2, cost 21
             Flags: RIB, Repair, IntfDj, BcastDj
             LSA: 1/3.3.3.3/3.3.3.3

      As can be seen , the backup path through R2 is missing , now let us shut down the link between CSR1 and CSR4 (the existing backup)

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 41, age 00:14:34
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3

      CSR1#sh ip route 3.3.3.3
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 11, type intra area
        Last update from 192.168.13.3 on GigabitEthernet3, 00:04:18 ago
        Routing Descriptor Blocks:
        * 192.168.13.3, from 3.3.3.3, 00:04:18 ago, via GigabitEthernet3
            Route metric is 11, traffic share count is 1

      CSR1#sh ip cef 3.3.3.3/32
      3.3.3.3/32
        nexthop 192.168.13.3 GigabitEthernet3

      Now , no backup path is availabe

      By default , OSPF treats /32 routes as high priority routes , let us check the output for abother route:

      CSR1#sh ip ospf rib 192.168.23.0

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  192.168.23.0/24, Intra, cost 40, area 0
           SPF Instance 44, age 00:32:22
           Flags: RIB
            via 192.168.12.2, GigabitEthernet1
             Flags: RIB
             LSA: 2/192.168.23.2/2.2.2.2
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 2/192.168.23.2/2.2.2.2

      Let us try to make the route 192.168.23.0/24 of high priority

      ip prefix-list MSSK seq 5 permit 192.168.23.0/24

      route-map MAP permit 10
      match ip address prefix-list MSSK

      router ospf 1
      prefix-priority high route-map MAP

      CSR1#sh ip ospf rib 192.168.23.0

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  192.168.23.0/24, Intra, cost 40, area 0
           SPF Instance 45, age 00:36:38
           Flags: RIB, HiPrio
            via 192.168.12.2, GigabitEthernet1
             Flags: RIB
             LSA: 2/192.168.23.2/2.2.2.2
            repair path via 192.168.13.3, GigabitEthernet3, cost 40
             Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, NodeProt, Downstr
             LSA: 2/192.168.23.2/2.2.2.2
            repair path via 192.168.14.4, GigabitEthernet2, cost 50
             Flags: Ignore, Repair, IntfDj, BcastDj, NodeProt
             LSA: 2/192.168.23.2/2.2.2.2
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 2/192.168.23.2/2.2.2.2
            repair path via 192.168.12.2, GigabitEthernet1, cost 40
             Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, NodeProt, Downstr
             LSA: 2/192.168.23.2/2.2.2.2
            repair path via 192.168.14.4, GigabitEthernet2, cost 50
             Flags: Ignore, Repair, IntfDj, BcastDj
             LSA: 2/192.168.23.2/2.2.2.2

      Now as there is an explicit deny , 3.3.3.3/32 is no longer high priority:

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 45, age 00:50:46
           Flags: RIB
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3

      ip prefix-list MSSK seq 10 permit 3.3.3.3/32

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 46, age 00:51:39
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3

      We can exclude an interface from being elected as a candidate for backup using the below command:

      interface gig2
      ip ospf fast-reroute per-prefix candidate disable

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 48, age 00:55:13
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.14.4, GigabitEthernet2, cost 21
             Flags: RIB, Stale, Repair, IntfDj, BcastDj
             LSA: 1/3.3.3.3/3.3.3.3

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 48, age 00:55:20
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3

      Now , let us configure loopback 0 interface on CSR4 and advertise it in OSPF

      CSR4:
      interface loopback0
      ip address 4.4.4.4 255.255.255.255
      ip ospf 1 area 0

      and revert back all costs to 10 on all links and checking from CSR2 (S) for outputs:

      CSR2#sh ip route ospf
      Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2
             i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
             ia - IS-IS inter area, * - candidate default, U - per-user static route
             o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
             a - application route
             + - replicated route, % - next hop override, p - overrides from PfR

      Gateway of last resort is not set

            1.0.0.0/32 is subnetted, 1 subnets
      O        1.1.1.1 [110/11] via 192.168.12.1, 00:02:53, GigabitEthernet1
            3.0.0.0/32 is subnetted, 1 subnets
      O        3.3.3.3 [110/11] via 192.168.23.3, 00:01:55, GigabitEthernet2
            4.0.0.0/32 is subnetted, 1 subnets
      O        4.4.4.4 [110/21] via 192.168.23.3, 00:01:55, GigabitEthernet2
                       [110/21] via 192.168.12.1, 00:02:53, GigabitEthernet1
      O     192.168.13.0/24 [110/20] via 192.168.23.3, 00:01:56, GigabitEthernet2
                            [110/20] via 192.168.12.1, 03:44:05, GigabitEthernet1
      O     192.168.14.0/24 [110/20] via 192.168.12.1, 03:00:56, GigabitEthernet1
      O     192.168.34.0/24 [110/20] via 192.168.23.3, 00:01:56, GigabitEthernet2

      CSR2#sh ip route 4.4.4.4
      Routing entry for 4.4.4.4/32
        Known via "ospf 1", distance 110, metric 21, type intra area
        Last update from 192.168.23.3 on GigabitEthernet2, 00:02:07 ago
        Routing Descriptor Blocks:
          192.168.23.3, from 4.4.4.4, 00:02:07 ago, via GigabitEthernet2
            Route metric is 21, traffic share count is 1
            Repair Path: 192.168.12.1, via GigabitEthernet1
        * 192.168.12.1, from 4.4.4.4, 00:03:05 ago, via GigabitEthernet1
            Route metric is 21, traffic share count is 1
            Repair Path: 192.168.23.3, via GigabitEthernet2

      CSR2#sh ip ospf rib 4.4.4.4

                  OSPF Router with ID (2.2.2.2) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  4.4.4.4/32, Intra, cost 21, area 0
           SPF Instance 40, age 00:02:21
           Flags: RIB, HiPrio
            via 192.168.23.3, GigabitEthernet2
             Flags: RIB
             LSA: 1/4.4.4.4/4.4.4.4
            repair path via 192.168.12.1, GigabitEthernet1, cost 21
             Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, NodeProt, Downstr
             LSA: 1/4.4.4.4/4.4.4.4
            via 192.168.12.1, GigabitEthernet1
             Flags: RIB
             LSA: 1/4.4.4.4/4.4.4.4
            repair path via 192.168.23.3, GigabitEthernet2, cost 21
             Flags: RIB, Repair, IntfDj, BcastDj, PrimPath, NodeProt, Downstr
             LSA: 1/4.4.4.4/4.4.4.4

      Two backup paths are installed as inequality for link protection is passed

      Now , what we want to examine is node protection

      CSR2#sh ip route repair 4.4.4.4
      Routing entry for 4.4.4.4/32
        Known via "ospf 1", distance 110, metric 21, type intra area
        Last update from 192.168.23.3 on GigabitEthernet2, 00:04:54 ago
        Routing Descriptor Blocks:
          192.168.23.3, from 4.4.4.4, 00:04:54 ago, via GigabitEthernet2
            Route metric is 21, traffic share count is 1
            Repair Path: 192.168.12.1, via GigabitEthernet1
        * 192.168.12.1, from 4.4.4.4, 00:05:52 ago, via GigabitEthernet1
            Route metric is 21, traffic share count is 1
            Repair Path: 192.168.23.3, via GigabitEthernet2

      Now , let us adjust the cost on the links between R2 and R3 to 30 , and between R1 and R4 to 15 and check the outputs

      CSR2# sh ip ospf rib 4.4.4.4

                  OSPF Router with ID (2.2.2.2) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  4.4.4.4/32, Intra, cost 26, area 0
           SPF Instance 44, age 00:00:48
           Flags: RIB, HiPrio
            via 192.168.12.1, GigabitEthernet1
             Flags: RIB
             LSA: 1/4.4.4.4/4.4.4.4
            repair path via 192.168.23.3, GigabitEthernet2, cost 41
             Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr
             LSA: 1/4.4.4.4/4.4.4.4

      We can see the flag of NodeProt , which means that R3 will be able to provide backup in case of the primary node (R1) failure
      This was satisfied by passing Inquality of node protection:

      D(N,D) < D(N,E) + D(E,D)

      Where in our case:
      N : CSR3
      E : CSR1
      D : CSR4

      D(N,D) = 10
      D(N,E) = 10
      D(E,D) = 15

      10 < 10 + 15 --> 10 < 25 Passed

      Let us try to modify the costs again in order to make the inquality fails

      CSR2# sh ip ospf rib 4.4.4.4

                  OSPF Router with ID (2.2.2.2) (Process ID 1)


                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  4.4.4.4/32, Intra, cost 26, area 0
           SPF Instance 52, age 00:00:11
           Flags: RIB, HiPrio
            via 192.168.12.1, GigabitEthernet1
             Flags: RIB
             LSA: 1/4.4.4.4/4.4.4.4
            repair path via 192.168.23.3, GigabitEthernet2, cost 56
             Flags: RIB, Repair, IntfDj, BcastDj
             LSA: 1/4.4.4.4/4.4.4.4

      As can be seen from the output above , the NodeProt disappeared

      LFA Route Selection Criteria

      Below are the backup prefix selection criteria with their preference in decreasing order. In the event of two backup routes available for a protected primary prefix, only one would be selected based on below mentioned ordered list of attributes they carry. Below is a brief explanation about these attributes.

      Repair path selection policy tiebreaks (built-in default policy)

      10 srlg
      20 primary-path
      30 interface-disjoint
      40 lowest-metric
      50 linecard-disjoint
      60 node-protecting
      70 broadcast-interface-disjoint
      256 load-sharing

      Shared risk link group (SRLG): Default LFA policy tries to avoid a path that carries same SRLG as primary path.Assume multiple routers are using the same switch ,so they all be sharing the same risk .
      Primary-path: This helps in eliminating candidates that are not equal cost multiple path links or ECMPs.
      Interface-Disjoint: This means that repair path is over a different interface as compared to the interface used to reach destination via primary path. In case of point-to-point links, this condition is always met.
      Lowest-metric: Select a backup path with minimum cost to reach destination.
      Linecard-disjoint: This prefers a backup route from an interface that is on another line card. This is also a special case of SRLG however; this does not require any special configuration and is handled automatically.
      Node-protecting: Repair path all together bypasses primary path next-hop router. This ensures complete traffic protection even in the event of primary next-hop router failure.
      Broadcast-interface-disjoint : This attributes helps to ensure that repair path does not make use of same broadcast network used by primary path.
      Load-sharing: Traffic is load shared amongst candidate back up routes when all other checks discussed above fail to provide a unique back up path.

      Let us try to modify the default built-in policy , but before that let us check outputs again and check inequality

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 76, age 00:27:28
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.12.2, GigabitEthernet1, cost 41
             Flags: RIB, Repair, IntfDj, BcastDj, CostWon
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.14.4, GigabitEthernet2, cost 51
             Flags: Ignore, Repair, IntfDj, BcastDj
             LSA: 1/3.3.3.3/3.3.3.3

      CSR1#sh ip route repair-paths 3.3.3.3
      Routing entry for 3.3.3.3/32
        Known via "ospf 1", distance 110, metric 11, type intra area
        Last update from 192.168.13.3 on GigabitEthernet3, 00:05:29 ago
        Routing Descriptor Blocks:
        * 192.168.13.3, from 3.3.3.3, 00:05:29 ago, via GigabitEthernet3
            Route metric is 11, traffic share count is 1
            Repair Path: 192.168.12.2, via GigabitEthernet1
          [RPR]192.168.12.2, from 3.3.3.3, 00:05:29 ago, via GigabitEthernet1
            Route metric is 41, traffic share count is 1

      As can be seen from the above output , R1 best path to reach R3 is via the direct link between them
      Checking the inequality for link protection:

      D(N,D) < D(N,S) + D(S,D)

      If we considered first backup link to be R1 - R2

      D : R3
      S : R1
      N : R2

      D(N,D) = 20
      D(N,S) = 20
      D(S,D) = 10

      Passed!

      If we considered second backup link to be R1 - R4

      D : R3
      S : R1
      N : R4


      D(N,D) = 20
      D(N,S) = 30
      D(S,D) = 10

      Passed!

      CSR1#sh ip ospf fast-reroute

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

      Loop-free Fast Reroute protected prefixes:

                 Area        Topology name   Priority   Remote LFA Enabled
                    0                 Base       High                   No

        Repair path selection policy tiebreaks (built-in default policy):
           10  srlg
           20  primary-path
           30  interface-disjoint
           40  lowest-metric
           50  linecard-disjoint
           60  node-protecting
           70  broadcast-interface-disjoint
          256  load-sharing

      OSPF/RIB notifications:
      Topology Base: Notification Disabled, Callback Not Registered

      Last SPF calculation started 00:00:25 ago and was running for 0 ms.

      fast-reroute per-prefix tie-break lowest-metric index 10
      fast-reroute per-prefix tie-break srlg index 20

      CSR1#sh ip ospf fast-reroute

                  OSPF Router with ID (1.1.1.1) (Process ID 1)

      Loop-free Fast Reroute protected prefixes:

                 Area        Topology name   Priority   Remote LFA Enabled
                    0                 Base       High                   No

        Repair path selection policy tiebreaks:
           10  lowest-metric
           20  srlg
          256  load-sharing

      OSPF/RIB notifications:
      Topology Base: Notification Disabled, Callback Not Registered

      Last SPF calculation started 00:00:56 ago and was running for 1 ms.

      CSR1:
      interface gig1
      srlg gid 20
      interface gig3
      srlg gid 20

      CSR1#sh ip ospf rib 3.3.3.3

                  OSPF Router with ID (1.1.1.1) (Process ID 1)


                      Base Topology (MTID 0)

      OSPF local RIB
      Codes: * - Best, > - Installed in global RIB
      LSA: type/LSID/originator

      *>  3.3.3.3/32, Intra, cost 11, area 0
           SPF Instance 86, age 00:55:42
           Flags: RIB, HiPrio
            via 192.168.13.3, GigabitEthernet3
             Flags: RIB
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.12.2, GigabitEthernet1, cost 41
             Flags: RIB, Repair, IntfDj, BcastDj, SRLG, CostWon
             LSA: 1/3.3.3.3/3.3.3.3
            repair path via 192.168.14.4, GigabitEthernet2, cost 51
             Flags: Ignore, Repair, IntfDj, BcastDj
             LSA: 1/3.3.3.3/3.3.3.3