DGTL Psompl 1100 PDF

#CiscoLive
Catalyst 9000: MPLS and

Segment Routing Update
Raj Kumar Goli – Technical Marketing Engineer

Intent Based Networking Group
DGTL-PSOMPL-1100
#CiscoLive
Agenda
• Session 1
§ Introduction
§ Segmentation in Enterprise
• Session 2
§ MPLS Designs for Enterprise
§ MPLS Case Study
• Session 3
• Catalyst 9000 Product Update
• Segment Routing Introduction
#CiscoLive DGTL-PSOMPL-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Introduction
Factors for Network Segmentation
Guest Access Merged Company Isolated Services
Virtual Network Virtual Network Virtual Network

• Unique security policies
per logical domain
• Traffic isolation per
application, group,
service etc…
Virtual
“Private”
• Logically separate traffic
Network using one physical
infrastructure
Actual Physical Infrastructure
Device Virtualization
• Physically One device

• Logically many devices VLAN 10
§ Control Plane VLAN 20
§ Data Plane VLAN 30

VRF Blue
• Creates independent &

VLAN 40
VRF Orange
separate IPv4 & IPv6 address

VLAN 50
VLAN 60
spaces VRF Green
• Data traffic is not routed across

VRF’s with default configuration
Network Virtualization with MPLS
A
Data Center PE PE Backup

MPLS Core
B CE Data Center
CE
L2 VPN
MPLS
(L2 VPN)
Mirror A DC Interconnect
Campus
Mirror B Branch to DC
Storage Connectivity
Enterprise Data Center
SP Network
Internet
Access Core Access
Bay Area DC AsiaPac DC

Enterprise WAN
(MPLS)
L2 L3 (MPLS) L2 Washington DC
L3 (MPLS) L3 (MPLS) L3 (MPLS)
Enterprise WAN Edge

Service Provider #CiscoLive
DGTL-PSOMPL-
1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Segmentation in
Enterprise
Why Network Segmentation ?
Sales
Finance POS Medical Device
HR Other
Network
Network
Doctor Staff
Partner
Line of business Payment Card Industry Hospital Network
INTERNET
Bring-Your-Own-Device (BYOD) Mergers and Acquisitions Multi-Tenancy
Segmentation Options in Enterprise
VLAN Based Segmentation
MPLS Based Segmentation
VPN
VPN
VPN
Voice VLAN Data VLAN Guest VLAN

Endpoints
Endpoints
SD-Access Based Segmentation EVPN Based Segmentation
C B S
LISP BGP
VXLAN Overlay VXLAN Overlay

E E E E L L L L

Endpoints
Endpoints
MPLS Network Overview
PE-1 PE-3
MPLS CLOUD
CE Devices CE Devices
PE-4
PE-2
§ CE (Customer Edge) device § IGP for reachability within the MPLS Core
§ Connects customer network to MPLS network § Label Distribution Protocol to distribute labels for prefixes
§ PE (Provider Edge) router = Label Edge router (LER) advertised by unicast Routing Protocols.
§ Imposes and disposes MPLS labels § Dedicated Protocol – LDP
§ P (Provider) router = label switching router = core router (LSR) § Extending existing protocols like BGP to distribute Labels.
§ Switches MPLS-labeled packets
Thank you
#CiscoLive
#CiscoLive
Agenda
• Session 1
§ Introduction
• Session 2
§ MPLS Case Study
• Session 3
MPLS Designs for
Enterprise
MPLS Design Options for Enterprise
Secure
1 Segmentation
L3-VPN
1 Enterprise L2
Extensions 2
EoMPLS, L2VPN, VPLS
2
3
Multicast
MVPN, mLDP
3 User Experience
For Applications 4
QOS, Tunneling
4
5
Advanced features
Seamless MPLS, Inter-AS
5
MPLS VPN Network Overview
PE-CE link
§ Connects customer
Core/P MPLS CORE network to MPLS network;
either layer-2 or layer-3
Core
§ LDP in the core to
exchange Labels
Distribution/PE ⋯ ⋯ ⋯
§ IGP in the core
(EIGRP/OSPF/IS-IS)
PE
• VPN signaling (VRF, Route
Access
Target, Route
Distinguisher, and MP-
iBGP)
• Between PEs
• Exchange of VPN policies
IP Packet VPNV4 Label Transport Label
MPLS VPN Network Overview
Segmentation at Access [Routed MPLS Access] Segmentation at Core
⋯ ⋯ ⋯ ⋯ ⋯ ⋯
MPLS-VPN Enterprise Design
MPLS Backbone
⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯
Site-A Site-B Site-C
MPLS VPN Enterprise Design
Data-Center Shared-Services WAN DMZ
VM VM VM VM VM VM VM VM VM WAN Internet
⋯ ⋯ ⋯
VM VM VM
⋯ ⋯
Services
MPLS
Backbone
⋯ ⋯ ⋯ ⋯ ⋯ ⋯
Secure
1 Segmentation
L3-VPN
1 Enterprise L2
Extensions 2
EoMPLS, L2VPN, VPLS
2
3
Multicast
MVPN, mLDP
3 User Experience
For Applications 4
QOS, Tunneling
4
5
Advanced features
5
MPLS Layer-2 VPNS
L2 Extension over L3 networks
MPLS Layer-2 VPNs
Point-to-Point MultiPoint-to-Multipoint
Layer-2 VPNs Layer-2 VPNs
• CE connected to PE via Ethernet connection (VLAN)

• CEs peer with each other (IP routing) via p2p layer-2
VPN connection • CEs peer with each other via fully/partial mesh Layer-
2 VPN connection
• CE-CE routing; no SP involvement
• L2 Extension across the campus locations
• L2 Extension across the campus locations
MPLS Layer 2 VPN’s - EoMPLS
⋯ ⋯ ⋯ ⋯ ⋯ ⋯
• Port mode EoMPLS • EoMPLS PWR (Pseudo Wire Redundancy)

• VLAN mode EoMPLS • Protocol CLI mode
• FAT Pseudowire • MACSEC over Eompls
MPLS Layer 2 VPN’s - VPLS
VPLS Features
• VPLS – IRB *
⋯ ⋯ ⋯ • H-VPLS
• LDP or BGP Auto discovery
• MAC Address Withdrawal
• VPLS – Fat Pseudowire
• IGPMP snooping
* Multicast in roadmap
Secure
1 Segmentation
L3-VPN
1 Enterprise L2
Extensions 2
EoMPLS, L2VPN, VPLS
2
3
Multicast
MVPN, mLDP
3 User Experience
For Applications 4
QOS, Tunneling
4
5
Advanced features
5
Multicast VPN (mVPN)
MPLS CORE
Default MDT
PIM
Data MDT
⋯ ⋯ ⋯
Extranet mVPN
Building-2
Building-3
Building-1
PIM
• Source VRF at Receiver PE
• Receiver VRF at Source PE
MDT
mLDP
Upstream traffic towards root
PIM Enabled PIM Free Core(No native Multicast) PIM Enabled
• Label Switch Multicast

• Multicast trees are built
MPLS Cloud using labels
+ mLDP PE
Receiver
CE-2
• No Overhead of PIM in
the Core
PE • Simple to Deploy
PE • No PHP – The top label
Ingress
device used to identify tree
P2MP LSP or MP2MP LSP
PIM mode support
mLDP Profiles
with LSM
CE-1
CE-3
Receiver
• Profile 1 • PIM-SM
Downstream traffic away from root
• Profile 13 • PIM-SSM
Source
• Profile 14 • PIM-Bidir
Node with a
receiver
Secure
1 Segmentation
L3-VPN
1 Enterprise L2
Extensions 2
EoMPLS, L2VPN, VPLS
2
3
Multicast
MVPN, mLDP
3 User Experience
For Applications 4
QOS, Tunneling
4
5
Advanced features
5
MPLS QoS – Uniform Mode
Propagate EXP Markings
IPP 4 EXP 6 IPP 6
VPN Imposition Pop
ip packet
EXP 6 EXP 6
IPP 4 IPP 4 EXP 6 IPP 4 EXP 6 IPP 4 EXP 6 IPP 6
Ingress Egress
CE PE P PE CE
match ip prec 4
set mpls exp imp 6
By default, IP ToS byte is unchanged.
MPLS QoS –Pipe Mode
IPP 4 EXP 6 IPP 4
VPN Imposition Pop
ip packet
EXP 6 EXP 6
IPP 4 IPP 4 EXP 6 IPP 4 EXP 6 IPP 4 EXP 6 IPP 4
Ingress Egress
CE PE P PE CE
match ip prec 4
set mpls exp imp 6
Egress classification based on MPLS

Ingress EXP not IP DSCP
MPLS Over GRE
L2 HEADER NEW IP HEADER GRE HEADER MPLS Label ORIGINAL IP HEADER IP PAYLOAD
GRE Supported GRE tunnels

Tunnel
IP Backbone
• PE-P
• P-P
Supported Topologies
⋯ ⋯ ⋯ ⋯ ⋯ ⋯ • MPLSoGRE
• VPLSoGRE
• EoMPLSoGRE
Secure
1 Segmentation
L3-VPN
1 Enterprise L2
Extensions 2
EoMPLS, L2VPN, VPLS
2
3
Multicast
MVPN, mLDP
3 User Experience
For Applications 4
QOS, Tunneling
4
5
Advanced features
5
Seamless MPLS
Seamless MPLS Seamless MPLS Seamless MPLS Seamless MPLS

Client (PE) ASBR ASBR Client (PE)
A A
c c
c Aggregation Core Aggregation c
e e
s s
s s
IGP1 + LDP IGP2 + LDP IGP3 + LDP

Inter-Area MPLS
• Segmented LDP
iBGP + Label (RFC3107)
Intra-Area MPLS
• Conserves label
space
MP-iBGP + VPN Label
L2VPN/L3VPN
• Next-hop-self-
all
• BGP labeled
Unicast
Seamless MPLS – Use Case
Core
BGP-LU BGP-LU
BRANCH-1 BRANCH-3
⋯ BGP-LU ⋯
BRANCH-2
Agg Agg
⋯ IGP3+LDP
IGP1+LDP
Agg
⋯ IGP2+LDP
⋯
Access ⋯ Access
Access
Inter-AS
Use-case – Mergers/Acquisitions
COMPANY A COMPANY B
ASBR ASBR
MPLS Backbone MPLS Backbone

AS 65000 AS 65001
Inter-AS Option A
Inter-AS Option B
Inter-AS Option AB
Site -1 Site - 2 Site - 3 Site - 4 Site -1 Site - 2 Site - 3 Site - 4
Carrier Support Carrier
Carrier CSC- CSC- CSC- CSC- Carrier

PE CE PE PE CE PE
MPLS Enabled MPLS Enabled

Customer Carrier Backbone Customer Carrier
Customer VPN A
Carrier
AS 65000 CSC VPN AS 65000
Customer
AS 65001 VPN B
External Handoff
MPLS IP MPLS EVPN
L3 Handoff
VRF Lite
MPLS EVPN MPLS SR
L2 Handoff LDP
MPLS Case Study
Case Study 1: Traffic Separation with L3 VPN in Airport
Terminal A
Logical Data Separation between Terminals/Airlines
using shared physical infrastructure
Green Red Blue
VPN Green
PE
PE VPN Green
Terminal B
VPN Red
VPN Blue
VPN Blue
MPLS Backbone
Green Blue
Terminal C
VPN Blue
PE
VPN Red VRF Created for each group at PE
Red Blue
Case Study 2: Secure Segmentation in Hospital
Main Hospital Building
Secure Segmentation and data privacy
between Doctors, Staff and Patients
Doctor Devices Staff
Green Red Blue
VPN Green
PE Branch Hospital
PE
VPN Red VPN Green
VPN Blue
Doctor Staff
MPLS Backbone VPN Blue Green Blue
Specialty Clinic
VPN Blue
Doctor Devices PE
Green Red VPN Red
VRF Created for each group at PE
Case Study 3: University Campus Virtualization
IT Challenges
§ Large Campus with servers, staff,
students, faculty, admin, labs.
§ Several 100s of VLANs
§ Departments spread across buildings
Virtual
§ Need for secure connectivity between Firewall
departments and faculties, had several
department local firewalls
§ Too complex to manage
Solution Highlights
§ Intra VRF connectivity with virtual firewall
§ Secure Campus wide Multicast using MVPN solutions
Before After
Secure Campus Virtualizations across departments

Thank you
#CiscoLive
#CiscoLive
Agenda
• Session 1
§ Introduction
• Session 2
§ MPLS Case Study
• Session 3
Catalyst 9000 Product
Update
Cisco Catalyst 9000 family
One ASIC, OS and Licensing
Cisco Catalyst
9400 Series Cisco Catalyst
Converged 9600 Series
OS
IOS® XE
Converged
ASIC
UADP MPLS
supported
Cisco Catalyst Cisco Catalyst 9500

Cisco Catalyst 9300 Series 9500 Series High Performance Series
Cisco IOS XE®

Common software architecture
Cisco Unified Access Data Plane (UADP) family

Common hardware architecture
Cisco Catalyst 9600 Series
Foundation of the Cloud-Scale Campus
Industry-leading
programmable ASIC C9600-SUP-1
Powered by
UADP 3.0 • 9.6 Tbps Capacity / 2.4 Tbps per slot
and Open
IOS-XE • 3 x UADP 3.0 ACIS, 8 Core x86 CPU
Designed for campus 25G
dual-rate optics C9600-LC-24C - 100G/40G (fiber)
• 24 ports of QSFP28/QSFP+
• Supports 100G and 40G
Flexible NetFlow C9600-LC-48YL - 25G/10G/1G (fiber)

• 48 ports of SFP28/SFP+/SFP
• Supports 25G, 10G, and 1G
C9600-LC-48TX - mGig (copper)
MACsec 256 25.6 Tbps Total Capacity • 48 ports of Copper 10G (NBASE-T/10BASE-T)
• Supports 10G,5G,2.5G,1G,100M and 10M
Flexible speeds:
10G/25G/40G/100G C9600-LC-48S- 1G (fiber)
• 48 ports of SFP
Full MPLS, SDA
BGP-EVPN, SR • Supports 1G
New generation of purpose-built fixed core/aggregation switches
High Performance switches (UADP 3.0)
Standard switches Catalyst 9500 Series high

(UADP 2.0) 100G/40G SKUs 25G/10G SKUs
performance switches (UADP 3.0)
40G/10G SKUs C9500-32C: 32x 100G C9500-48Y4C: 48x 10/25G +
Throughput (3.2 Tbps)
4x 40/100G Performance: 3x UADP 2.0
9500-16X
Scale: 3x UADP2.0
9500-40X C9500-32QC: 32x 40G/16x 100G C9500-24Y4C: 24x 10/25G + 4x 1G, 10G, 25G, 40G, 100G
40/100G
9500-24Q Pluggable SSD storage for app hosting – 1 TB
9500-12Q Customizable templates
Breakout support (4X 10G, 4X 25G) on
Cisco Catalyst 240GB, 480GB, 650W AC 930W DC 1600W AC/DC C9500-32C
9500 Series 960GB SSD storage Cisco StackWise Virtual
Cisco Catalyst
9500 Series high performance switches
Performance
Security Resiliency
and scale
High End Modular Access
4-Slot 7-Slot 10-Slot Cisco Catalyst
9400 Series leadership
UADP 2.0
Open Cisco IOS XE
SD-Access
x86 CPU and containers
Encrypted Traffic Analytics
MACsec-256 link encryption
Trustworthy solutions
Cisco StackWise Virtual
ISSU
NBAR2
Model-driven programmability
Patching and GIR
Streaming telemetry
Densest 90W 1G (260 Ports)
Access Core Core Access Modules Core Modules

Optimized Optimized Optimized
24x mGig + 24x UPOE 48x PoE+ IEEE 802.3BT

Sup-1 Sup-1XL Sup-1XL-Y 24x 10G SFP+
90W PoE
48x UPOE+ 48x Data
48x 1G SFP compliant
Supervisors 48x UPOE Line Cards 24 x1G SFP
Flexible High-End Fixed Access
Modular Uplinks Fixed Uplinks Catalyst 9300
Premium Fixed Access
(C9300 SKUs) (C9300L SKUs) UADP 2.0
Copper Ports MGig + Fixed Uplinks x86 CPU

Cisco IOS XE
StackWise 480/320
StackPower*
48 ports 48 ports UPOE 24 ports 48/24 ports 48/24 ports
UPOE 5G UPOE Data SD-Access
12 MultiGigabit + 36 2.5G UPOE MultiGigabit
Application Hosting
1/10G + Fixed Uplinks Encrypted Traffic Analytics
MACsec-256 encryption
Trustworthy Solutions
48/24 ports 48/24 ports 48/24 ports 48/24 ports 48/24 ports IEEE1588 and AVB
UPOE/UPOE+ 1G PoE+ 1G Data 1G PoE+ Data NBAR2 App Visibility
Full Flexible NetFlow
Fiber Ports Stackwise-320 Kit
Perpetual and Fast PoE
IEEE 802.3bt Type 3
48/24 ports SFP 1G Model-Driven
Programmability & Telemetry
Hot Patching and GIR
* Modular SKUs Only
Uplink Modules Modular Fans AC & DC Power Supplies
Platinum
rated
8x 10G 2x 40G 4x Multigigabit 4x 1G 2x 25G 315W AC 715W AC/DC 1100W AC
Flexible High-End Fixed Access
Modular uplinks Fixed uplinks
(C9300 SKUs) (C9300L SKUs)
Copper Copper Cisco Catalyst 9300

Series leadership
2x40G UL
UADP 2.0 (XL)
48 ports 48 ports Cisco UPOE 24 ports Cisco 48p UPOE 25p UPOE Cisco IOS XE Software
Cisco UPOE 5G 12P Multigigabit + 36P 2.5G UPOE Multigigabit 12mG+36 1G 8mG+16 1G
SD-Access
4x10G UL x86 CPU and containers
48p UPOE 25p UPOE Application hosting
12mG+36 1G 8mG+16 1G Encrypted Traffic Analytics
48/24 ports 48/24 ports 48/24 ports
MACsec-256 link encryption
Cisco UPOE 1G PoE+ 1G data 1G 4x10G UL
Trustworthy solutions
48/24 ports PoE+ 1G 48/24 ports data 1G Cisco StackWise-480*/320
Cisco StackPower*
4x1G UL
48/24 ports 48/24 ports 48/24 ports UPOE IEEE1588 and AVB
Deep Buffer/High Scale UPOE+ 1G UL1069 1G 48/24 ports PoE+ 1G 48/24 ports data 1G NBAR2
Perpetual/Fast PoE
Fiber SFP Stack kit
IEEE 802.3bt Type3 & 4 compliant**
Model-driven programmability
48/24 ports SFP 1G Hot patching/GIR
Full Flexible NetFlow
streaming telemetry
Modular uplinks Modular fans AC and DC power supplies
* Modular uplink SKUs only
Platinum
8x 10G 2x 40G 4x Multigigabit 4x 1G 2x 25G 315W AC 715W AC/DC 1100W AC
rated
MPLS Design – Key Product Considerations
How many segmentations (vrf’s) are needed ?
MPLS Routed Access, Segmentation at Distribution , Segmentation at Core ?
Multicast - MVPN, mLDP, Extranet ?

2-Tier Vs 3-Tier Architecture ?
Port Density ? Modular vs Fixed ? QOS ?
Port Types - PoE/UPoE, UPoE + Data/Fiber, Speeds – 1G/mGig/10G/40G/100G ?
Scale – Labels, vpnv4, vrf ?

L2 Extension – P2P, MP2MP ?
Feature – Basic vs Advanced ?
Advanced Features – Seamless MPLS, CSC, Inter-AS, MPLS-TE ?
Catalyst 9000 – HW Capabilities
Capabilities
Catalyst 9500
Catalyst 9300 Catalyst 9400 Catalyst 9500 High Performance Catalyst 9600
Switch Type Fixed Modular Fixed Fixed Modular
Interface Type Data/PoE/UPOE/UPOE+ Data/PoE/UPOE/UPOE+ Data Data Data
10M/100M/1G/2.5G/5G 10M/100M/1G/2.5G/5G 100M/1G/2.5G/5G 100M/1G/2.5G/5G 10M/100M/1G/2.5G/5G

Interface Speed /10G/25G/40G /10G/25G/40G /10G/25G/40G /10G/25G/40G/100G /10G/25G/40G/100G
ASIC UADP 2.0/2.0XL UADP 2.0XL UADP 2.0XL UADP 3.0 UADP 3.0
8 Stack + SSO/NSF 2 Sup + SSO/NSF 2 node + SSO/NSF 2 node + SSO/NSF 2 Sup + SSO/NSF
HA StackWise 480/320 StackWise Virtual StackWise Virtual StackWise Virtual StackWise Virtual
Switch Role Access Access/Distribution Distribution/Core Distribution/Core Distribution/Core
MPLS Role PE P/PE P/PE P/PE P/PE
VRF Scale 256 256 256 1000 1000
App Hosting Yes Yes Yes Yes Yes
MACSEC Encryption 256-bit AES 256-bit AES 256-bit AES 256-bit AES 256-bit AES
Catalyst 9000 – Key MPLS Capabilities
Features
Catalyst 9300 Catalyst 9500 Catalyst 9500
Catalyst 9400 High Performance Catalyst 9600
L3VPN
Eompls
VPLS
Pseudowire Redundancy
Seamless MPLS
MPLS QOS
MPLSoGRE
6PE/6VPE
MPLS-LDP Synch
MVPN/MVPN6
mLDP
Seamless MPLS
Inter-AS (Option A, B, AB)
Carrier Support Carrier

MPLS-TE
Segment Routing Roadmap

SR – LDP Internetworking Limited
Availability
MPLS Deployment Options – Small to Medium Campus
C9500
C9500 C9500
C9600
C9600 C9600
⋯
MPLS MPLS MPLS
C9500 C9500
C9400 ⋯ C9400 ⋯
C9400
C9300
C9300
C9400 C9300
C9400
Standard Access Routed Access Collapsed Access
Core Distribution Access
MPLS Deployment Options – Medium to Large Campus
MPLS MPLS
Key Design Factors
C9500/C9600 C9500/C9600
• VRF Scale
• Route Scale
C9400/C9500
C9400/C9500 • Port Density
• Port Types
⋯ ⋯ ⋯ ⋯ ⋯ ⋯
• VPNV4 Scale
• MPLS Features
C9300/C9400
C9300/C9400
Core
Distribution
Standard Access Routed Access Access
MPLS Deployment with Stackwise-480 and StackWise Virtual
MPLS MPLS
C9500/C9600 C9500/C9600 Key Design Factors
• VRF Scale
C9400/C9500 C9400/C9500
• Route Scale
• Port Density
⋯ ⋯ • Port Types
• VPNV4 Scale
• MPLS Features
C9300/C9400
C9300/C9400
Standard Access Routed Access Core

Distribution
Access
Segment Routing
Introduction – Catalyst
9000
What is Segment Routing
• Source Routing
• Source chooses a path and encodes it in the packet header as an ordered list of segments.
• Rest of the network executes the encoded instructions without any further per-flow state.
• Segment:
• An identifier for a forwarding or service instruction.
• Local or Global
• Distributed or programmed by IGP or BGP.
Segment = Instructions such as “go to node N
using the shortest path”
Why Segment Routing ?
Simplicity Scalability Seamless Deployment
ü Less Protocols to operate ü Avoid thousands of Labels in ü Simple to deploy and operate
ü Less Protocol interaction LDP database ü Can co-exist with existing LDP
ü Deliver automated FRR for ü Avoid thousands of TE-LSP’s network.
any topology* in the network* ü Uses existing MPLS data plane
ü Avoids configuring of tunnels* ü Leverage all services supported
over MPLS today (L3/L2 VPN)
* Not supported with 17.3

MPLS to SR
Overlay L3VPN Services

Services L2VPN Services
BGP-LU BGP-LU
RSVP-TE
Transport Transport
Protocols IGP with Protocols
LDP SR
Extensions
IGP
DATA-Plane MPLS MPLS DATA-Plane
Segment Routing
Simple extension to IGP
A B C D
• Segment Routing uses the existing MPLS
data plane
Adj Segment Z
• Uses Penultimate Hop Popping (PHP) and
Explicit-Null functionalities similar to LDP
M N O P
• Penultimate Hop Popping (PHP) is
enabled.
• Explicit-Null can be enabled Prefix segment
to Z
• Simple extension to IS-IS or OSPF, automatically builds and maintains Segments

• Prefix Segment – A Shortest path to the related prefix
• Adjacency Segment – One hop through the related adjacency
OSPF Extensions - RFC 8665

ISIS Extensions - RFC 8667
Segment Routing
IGP Segments
16004
• Steer traffic on any path through the network 30045
Packet to 5
• Path is specified by a stack of labels
• No path is signaled
• No per-flow state is created 1 2
• Single protocol: IS-IS or OSPF
30045
5
Two Segment Label on Headend node 1 à destined
Packet to 5
to node 5
• Prefix segment to node 4 + Adjacency segment
3 4
to node 5
30045
16004
Prefix Segment
Adjacency Segment
Segment Routing Global Block (SRGB)
• Segment Routing Global block
• Range of labels allocated to the SR Control-Plane
• Default Range SRGB is 16000-23999
• Within a device, each prefix segment gets one unique label within the SRGB
• Label = Prefix-SID + SRGB base
• Prefix Z with prefix-SID 65 gets label 16065
• All protocols on the device use the same SRGB

• Recommended to have same SRGB on all nodes
MPLS Data Plane Operations
Segment 16004
16004
A B C D
Push Swap Pop
16004 16004
Payload
Payload Payload Payload
• D advertises its loopback prefix 4.4.4.4/32 with attached prefix-

SID 16004 (index 4)
• D advertises its prefix-SID with P-flag unset (i.e. PHP on)
Segment Routing
Campus Deployment
Data-Center Shared-Services WAN DMZ
VM VM VM VM VM VM VM VM VM WAN Internet
⋯ ⋯ ⋯
VM VM VM
⋯ ⋯
Services
SR
Backbone
LDP
PLS
SR M
SR Transport with ISIS

SR Transport with OSPF
L3VPN v4/v6 over SR
⋯ ⋯ ⋯ ⋯ ⋯ ⋯
Transport
IPv6 VPN(6VPE)/ 6PE
SR/LDP internetworking
Catalyst 9300, 9400,

9500, 9600
Access Distribution Core
Session Summary
• Standard based Segmentation across LAN, WAN and Datacenter.

• L3VPN and MVPN commonly deployed in Enterprise networks
• Catalyst 9000 switches have full suite of MPLS feature to meet
Enterprise Requirements
• Advanced technologies like Seamless MPLS and Inter-AS can be
used in Enterprise networks
• Catalyst 9000 switches support MPLS feature across the portfolio,
from Access(9300) to Core (9600)
Thank you
#CiscoLive
#CiscoLive

DGTL Psompl 1100 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DGTL Psompl 1100 PDF

Uploaded by

Copyright:

Available Formats

#CiscoLive

Catalyst 9000: MPLS and

Raj Kumar Goli – Technical Marketing Engineer

Virtual Network Virtual Network Virtual Network

Actual Physical Infrastructure

• Physically One device

§ Control Plane VLAN 20

§ Data Plane VLAN 30

• Creates independent &

separate IPv4 & IPv6 address

spaces VRF Green

• Data traffic is not routed across

Data Center PE PE Backup

Enterprise Data Center

Bay Area DC AsiaPac DC

L3 (MPLS) L3 (MPLS) L3 (MPLS)

Enterprise WAN Edge

Line of business Payment Card Industry Hospital Network

Bring-Your-Own-Device (BYOD) Mergers and Acquisitions Multi-Tenancy

Voice VLAN Data VLAN Guest VLAN

SD-Access Based Segmentation EVPN Based Segmentation

VXLAN Overlay VXLAN Overlay

Voice VLAN Data VLAN Guest VLAN

IP Packet VPNV4 Label Transport Label

Site-A Site-B Site-C

MPLS Layer-2 VPNs

• CE connected to PE via Ethernet connection (VLAN)

• Port mode EoMPLS • EoMPLS PWR (Pseudo Wire Redundancy)

PIM Enabled PIM Free Core(No native Multicast) PIM Enabled

• Label Switch Multicast

By default, IP ToS byte is unchanged.

Egress classification based on MPLS

GRE Supported GRE tunnels

Seamless MPLS Seamless MPLS Seamless MPLS Seamless MPLS

IGP1 + LDP IGP2 + LDP IGP3 + LDP

MPLS Backbone MPLS Backbone

Site -1 Site - 2 Site - 3 Site - 4 Site -1 Site - 2 Site - 3 Site - 4

Carrier CSC- CSC- CSC- CSC- Carrier

MPLS Enabled MPLS Enabled

MPLS IP MPLS EVPN

MPLS EVPN MPLS SR

Secure Campus Virtualizations across departments

Cisco Catalyst Cisco Catalyst 9500

Cisco IOS XE®

Cisco Unified Access Data Plane (UADP) family

Flexible NetFlow C9600-LC-48YL - 25G/10G/1G (fiber)

C9600-LC-48TX - mGig (copper)

High Performance switches (UADP 3.0)

Standard switches Catalyst 9500 Series high

Access Core Core Access Modules Core Modules

24x mGig + 24x UPOE 48x PoE+ IEEE 802.3BT

Copper Ports MGig + Fixed Uplinks x86 CPU

Copper Copper Cisco Catalyst 9300

How many segmentations (vrf’s) are needed ?

MPLS Routed Access, Segmentation at Distribution , Segmentation at Core ?

Multicast - MVPN, mLDP, Extranet ?

Port Density ? Modular vs Fixed ? QOS ?

Port Types - PoE/UPoE, UPoE + Data/Fiber, Speeds – 1G/mGig/10G/40G/100G ?

Scale – Labels, vpnv4, vrf ?

Advanced Features – Seamless MPLS, CSC, Inter-AS, MPLS-TE ?

Interface Type Data/PoE/UPOE/UPOE+ Data/PoE/UPOE/UPOE+ Data Data Data

10M/100M/1G/2.5G/5G 10M/100M/1G/2.5G/5G 100M/1G/2.5G/5G 100M/1G/2.5G/5G 10M/100M/1G/2.5G/5G

Switch Role Access Access/Distribution Distribution/Core Distribution/Core Distribution/Core