Professional Documents
Culture Documents
Segment Routing Orhan XXXXX
Segment Routing Orhan XXXXX
Segment Routing Orhan XXXXX
Copyright
No part of this publication may be copied, reproduced in any format, by any means, electronic or
otherwise, without prior consent from the copyright owner and publisher of this book.
However, quoting for reviews, teaching, or for books, videos, or articles about writing is encouraged and
requires no compensation to, or request from, the author or publisher.
Orhan Ergun
Orhan Ergun, CCIE/CCDE Trainer, Author, Network Design Advisor and Cisco Champion 2019. Orhan
Ergun is award winning Computer Network Architect, CCDE Trainer and Author. Orhan has well known
industry certificates CCIE #26567 and CCDE #20140017.
Orhan has more than 17 years of networking experience and has been working on many medium and
large-scale network design and deployment projects for Enterprise and Service Provider networks. He
has been providing consultancy services to African, Middle East and some Turkish Service Providers and
Mobile Operators for many years. Orhan has been providing Cisco network design training such as CCDE,
Pre-CCDE, Service Provider Design and many advanced technologies for many years, and created best
CCDE Training Program to share his network design experience and knowledge with the networking
community. Orhan is sharing his articles and thoughts on his blog www.orhanergun.net. All the training
and consultancy services related information can be found from his website. Orhan has a Training and
Consultancy company located in Istanbul, Turkey
Rasoul Mesghali is a Cisco Certified Internetwork Expert (CCIE) #34938 (Routing & Switching) with over
12 years in the networking industry. Rasoul loves technology and never stop keeping up with the latest
trend in technology. His experience includes Training, Consulting and Planning and deployment of
MPLS/SR (Segment routing) and data center networks. He knows Python programming language very
well and he does code and programming on a regular basis.
Vahid Tavajjohi is a Network Engineer with more than seven years of experience. He designs and
operates network projects in large service providers and data centers. Knowledge of both data center
and service provider technologies, Virtualization, Cloud, NFV, SDN, ZTP, and Scripting are main focuses
of his career. Also, consultancy of large companies and service providers is key point for his sight in
networks. He is a researcher and he is looking for new and edge technologies. Vahid have teaching
experience of network courses, like service provider and data center for technical staff of companies.
Table of Contents
Introduction .......................................................................................................................... 4
Service Provider Design Using Segment Routing ..............................................................................4
Segment Routing Introduction ............................................................................................... 6
Traffic Engineering using SR ............................................................................................................7
PCEP and SR ...................................................................................................................................8
END to END Segment routing (Single BGP-AS) .................................................................................9
PCE Controller .............................................................................................................................. 11
Service Node or PE Routers ........................................................................................................... 12
Topology Independent Loop-Free Alternate (TI-LFA) with Segment Routing .......................... 12
TI-LFA application in the given topology ........................................................................................ 14
Micro-loop avoidance ................................................................................................................... 16
END To END Segment routing (Single BGP-AS) with on demand next hop (ODN) ................... 19
Egress Peer Engineering ................................................................................................................ 20
END To END Segment routing (BGP Inter-AS)................................................................................. 22
Segment routing and LDP Internetworking .......................................................................... 28
Mapping Server ............................................................................................................................ 28
Day1 - Segment Routing Fundamentals ............................................................................... 33
Task1 ........................................................................................................................................... 37
Task2 ........................................................................................................................................... 55
Task3 ........................................................................................................................................... 67
Task4 ........................................................................................................................................... 72
Task5 ........................................................................................................................................... 92
Task6 ......................................................................................................................................... 104
Day2 - Segment Routing Internetworking with LDP ...............................................................121
Task1 ......................................................................................................................................... 125
Task2 ......................................................................................................................................... 142
Task3 ......................................................................................................................................... 152
Task4 ............................................................................................................... 154
Introduction
In the divide-and-conquer strategy in which the core, aggregation, and access domains are
partitioned in different IGP domains, formerly used by Unified/Seamless MPLS that reduces the
size of routing and forwarding tables within each domain, now it requires better stability and
faster convergence. Traditionally, unified MPLS used LDP or RSVP-TE to build LSP within IGP
domain and used BGP-LU for inter-Domain LSPs. While Segment Routing reduced the number of
required protocols in a service provider network by adding simple extensions to IGP protocols
such as ISIS or OSPF that can assign and distribute labels to build LSP within each IGP domain.
This enables a device inside an access, an aggregation, or a core domain to have reachability
through intra-domain SR LSPs to any other device in the same region. In next pages, we will see
in some scenarios it is better to eliminate BGP-LU for better fast convergence and simplicity of
the network. Programmability based network architecture based on segment-routing add SLA
awareness into the network and provides unlimited network scale. Moreover, Simple integration
of data centers with SP network is considered by means of EVPN capabilities that will be explain
in this chapter.
The given network topology shows a multi IGP domain network infrastructure.
The design can be simplified by decreasing the number of IGP domain and stretching the core
over aggregation domain
A similar approach can be applied and extend the Access domain over aggregation domain.
Interior gateway protocol (IGP) distributes two types of segments: prefix segments and adjacency
segments. Each router (node) and each link (adjacency) has an associated segment identifier
(SID). A prefix SID is associated with an IP prefix. The prefix SID is manually configured from the
segment routing global block (SRGB) range of labels, and is distributed by IS-IS or OSPF. The prefix
segment steers the traffic along the shortest path to its destination. A node SID is a special type
of prefix SID that identifies a specific node. It is configured under the loopback interface with the
loopback address of the node as the prefix and it must globally unique. An adjacency segment is
identified by a dynamic label called an adjacency SID, which represents a specific adjacency, such
as egress interface, to a neighboring router. The adjacency SID is distributed by IS-IS or OSPF. The
adjacency segment steers the traffic to a specific adjacency and it must locally unique.
Generally, in distributed control-plane scenario, the segments are allocated and signaled by IS-
IS, OSPF or BGP.
Moreover, must advance feature of SRTE is On-Demand Next-hop (ODN) that automatically
instantiates an SR Policy to a BGP next-hop when required and steers traffic automatically inside
the SR Policy. In this case BGP learns a route via a tail-end node with color, and headend node
authorizes the on-demand SR Policy path and maps defined color and end-point to a local
dynamic SR Policy path.
PCEP and SR
In case of using controller to compute a path dynamically through multi-domain network, nodes
are using centralized control-plane protocol named PCEP. Path Computation Element Protocol
has two main components: 1-PCE 2-PCC. Path Computation Element (PCE) is a compute server
for calculation path through nodes in multiple domains to find out best path for SRTE and send
an ordered SID list with B-SID to a headend node to reach its destination. Path Computation Client
(PCC) is a node that request a path with specified detail from PCE to reach its destination. These
two components are using PCEP to make a stateful connection with each other.
There are different network domains that in each domain separate IGP is running
TI-LFA for fast convergence in each IGP domain
Each domain is connected to another domain using two border routers which are inline RR
and get the same Anycast-SID and the same IP address for high availability and may use
load balancing.
There are two types of RR, transport RR and Service RR
BGP-PIC is used for BGP Fast Reroute
Note: End-to-end transport path can be achieved by BGP-LU without SDN controller
or SRTE-Policy (SR-ODN) by the received Segment-List from PCE Controller that
collect network topology information from different domains using BGP-LS.
Note: End-to-end transport can be achieved by BGP-LU or SDN-driven path by the received
Segment-List from PCE Controller
Note:
For Anycast-SID, additional signaling protocols are not required, as the network operator
is able to simply allocates the same Prefix SID (thus a Anycast-SID) to a pair of nodes
typically acting as ABRs (border routers located between domains).
Routers which is locate between the boundaries of domains and play as:
RR-Client for upstream router and RR-Server for downstream routers.
Distribute IGP Topology information to the controller using BGP-LS address-family
Handle traffic flow between domains
Transport RR:
A BGP Route Reflector for underlay traffics which is used for the IPv4/v6 address family, then
BGP Route Reflector is called as an IP Route Reflector or for short, Transport RR.
Service RR:
For overlays services, each node participating in BGP-based service termination has two BGP
sessions with Domain Specific S-RRs which can be located in each domain or Central S-RR which
can be located in the core and reflects VPNv4, VPNv6, L2VPN, EVPN .For Redundancy reasons,
there are at least 2 S-RRs.
As the below figure depicts, domain specific S-RR and T-RR is used for huge networks with very
scalable solution in which Core Domain S-RRs cover the core Domain. Aggregation Domain S-RRs
cover Access and Aggregation Domains. Aggregation Domain S-RRs and Core S-RRs have BGP
sessions among each other.
PCE Controller:
This transport option is based on SID-List that PCE controller provides. Each domain has its own
IGP/SR, and two IGP border routers in each domain using BGP LS to distribute topology,
bandwidth, reliability, latency, SRLG and other transport states of the IGP domain to the SDN
controller. The SDN controller by gathering topology data and current state of the network from
different domains, build the end-to-end best path and alternate disjoint path that satisfies a given
service requirement and sends the corresponding segment list to the service edge router. SR-PCE
Can be Domain Specific which will be located in each domain or Central SR-PCE which can be
located in the core.
There is no need to keep the state of the network like RSVP-TE FRR
TI-LFA make the smaller label stack for repair path
There is no need for complex configuration everything can happen automatically (with
simple and short commands.
TI-LFA uses Post convergence path
There is no need to establish targeted LDP with remote routers. This is required for Remote
LFA.
By using the segment list in the head-end router (direct link-failure impacted router) the
backup path is created.
Note:
The Above Network topology can be changed to the below figure in which Core Domain RRs
collect network topology information from the Core IGP Domain and send it to the SR-PCE
Controller to calculate and provide end-to-end LSP.
If the link between P3 and P4 goes down, P3 has to switch to the backup path in the minimum
time. In this scenario traditional LFA cannot find a path and as the q-space and p-space are not
connected together there is no pq router thus rLFA does not work.
However, TI-LFA can compute post convergence SPT and encode the post-convergence path in
double-segment
Micro-loop avoidance
Micro-loops are transient loops that occur during the period of time when some nodes have
become aware of a topology change and have changed their forwarding tables in response, but
slow routers have not yet modified their forwarding tables. With uLoop avoidance feature, node
that exist in network informed about link failure somewhere in network through IGP notification.
After computing the new path for destination, for a predetermined amount of time it installs a
FIB entry for destination that steers packets to destination via a loop-free SR path. After time
elapses, node installs normal post-convergence FIB entry for destination.
Also, when a new link comes up, maybe the best path changes for some nodes in the network
and because of new best path, slow nodes make transient loop until they converge themselves.
In this situation, uLoop helps other node to create a loop-free SR path and use that in their FIB
for amount of time until whole network converges.
The figure below illustrates a network in the normal situation before happening failure in any
connection. The best IGP path toward prefix A from P5 perspective is P3P4P6P5 and using
single segment it can reach to P5.
Now failure occurred in the connection between P6 and P5 and the figure below indicates, why
uLoop avoidance is needed in network. Node P6 detects link-failure of itself with P5 and using TI-
LFA it creates a SRTE and change the traffic flow through P4. However, P4’s best path is through
P6 and for amount of time, may some loops happen in P4’s traffic. On the other hand, P3’s best
path is through P4. In this situation, to prevent any loop until full convergence,
P3 creates a SRTE that force traffic to pass through P2 (Post convergence path) and install this
policy in its FIB.
The figure below illustrates that after all nodes converged with new topology, P3 removes the
FIB entry and traffic forwards with converged IGP path.
Interestingly, uloop avoidance supports link-up too, the below figure depicts that the connection
between P6 and P5 comes back and until full convergence, P3 by using STRE policy force the
traffic pass through P4 .
The figure below illustrates that after all nodes converged with new topology, P3 removes the
FIB entry and forwards with converged IGP path.
Here is an ODN scenario with SLA VPN service. In the following image, there is a multi-domain
network, CE2 advertises a prefix to PE1 and it advertise the prefix with a color for low-latency to
Route Reflector (RR). Then RR reflects the prefix with the color to the PE3 in another domain. PE3
cannot create an end-to-end LSP because it doesn’t have another domain’s topology. To
overcome this issue, PE3 asks end-to-end path from PCE server with low-latency (color), and PCE
replies to it a SID list with B-SID. Then PE3 uses this B-SID to reach PE1 through low-latency path.
While if there is another prefix that needs SLA with high capacity, by adding another color to new
prefix, traffic will pass through high capacity links. Benefit of using ODN is if the prefix wouldn’t
advertising anymore, the SR policy inside node automatically delete the path and it doesn’t
impact other prefixes. It should be noted that in the figure below, couple of border routers
between domains, get the same Anycast-SID and the same IP address for high availability and
may use load balancing.
Note:
In ODN scenarios, Inter-Domain forwarding is achieved via SRTE Policies which is
programmed on the PE (located in the access domain) on-demand by an external SRTE-PCE
Controller and does not require any state to be signaled throughout the rest of the network, only
on the source node (head-end). The SRTE Policy provides, by segment-list, a robust way to
program Inter-Domain end-to-end LSPs without requiring additional protocols such as BGP-
LU.
For example, in below scenario exit point from network is through node P5. P5 has two eBGP
connection with two separate nodes. Let’s assume BGP best path is through neighbor-1, however
node P2 wants to use strict path through neighbor-2. To overcome this scenario, EPE feature
must enabled on P5 per eBGP peer, then SR assign SIDs corresponding to its peers. Now node P2
can create an explicit path itself or using any controller to compute a path for eBGP neighbor-2
and put EPE SID at last SID in the label stack.
Dual core design, also known as dual plane or disjoint plane topologies, refers to a highly
redundant network chosen by companies whose main objective is to improve the resiliency of
their network. Created using different data planes, dual core design is implemented by
companies that receive the service from the different service providers. Take big companies as
an example, use dual core design in order to improve their network.
The links – passing through same fiber conduit, building, town, or city – are identified as Shared
Risk Link Group (SRLG) since they share the same fate if there are any technical glitches. It is
pertinent to carefully identify SRLG links between the providers. And if there are shared links,
diverge links should be demanded.
limitation that if any anycast implementation planned in a network, all nodes must have same
SRGB to share same anycast SID. But this is not possible in multi-vendor environment that may
all nodes don’t have same SRGB. To overcome this issue, there is a new block named common-
anycast SRGB (CA-SRGB) that needs to be implemented in the same range on all nodes, but this
block is different from SRGB, so nodes can create this block range excluded from SRGB. Also, if
anycast SID is in the range of SRGB, there is no need to create CA-SRGB in that node.
The figure below shows the core of the network is divided into two planes, each plane has six
main node pop routers placed in different geographical location that can be full-meshed or partial
or simple ring. Different VPN traffic are planned to go to different plane. Route policy had been
used to guarantee the same VPN traffic flows on one plane. In case of failure, TI-LFA and
Microloop-Avoidance are predicted to switch traffic immediately.
Service "RED" between PE1 and PE2 must be disjoint from service "Blue" in the core of the
network:
Service Blue has segment list {100,20} traverse the Blue plane
Service Red has segment list {200,20} traverse the Red plane
It should be noted that IGP metric of all links are equal, thus the path P11 P22 P33 P44 is
equal to P11 P66 P55 P44 so because of ECMP traffic can goes through both path.
Generally, following steps are required for a router to take part and compute Flex Algorithm N:
1- Algorithm N Must be enabled in the router
2- Same definition for algorithm N must be applied in different routers
3- Then the router makes a special topology for algorithm N by removing:
1- any nodes which does not take part in algorithm N
2- any link that is excluded by the algorithm, for instance if it says RED affinity must be
excluded then any Red link must be removed
4- Then the router computes SPF on topology N with defined metric (IGP/TE/Delay)
5- Finally installing any reachable Prefix-Sids of Flexible-Algorithm N in the forwarding
table
The below network is consist of 2 planes and three algorithms: 0,120,130
Node 6 advertises:
The above figure after pruning the extra links and node will be as below figure:
As node p1,2,3,4,5,6 are not in the Red algorithm are removed from the Red topology.
As black connections between plane Red and Blue are not in the Red algorithm are removed from
the Red topology. In the resulted topology best path is computed and reachable prefix-sid will be
installed in the forwarding plane. Again, it should be noted that IGP metric of all links are equal,
thus the path P11 P22 P33 P44 is equal to P11 P66 P55 P44 so because of ECMP
traffic can goes through both path.
Note:
TI-LFA is performed within each resulted topology and Backup path is based on
prefix-sid of resulted topology of each algorithm and it is optimized for that algorithm
It is possible to have two or more algorithms for the same network, one algorithm to
minimize the delay of the path while another for minimizing IGP metric of the path
ECMP is supported
It is possible to use PCE controller or ODN no matter single domain or multi dome
with a specific Flexalgo
Mapping Server
Segment Routing control plane can co-exist with current label distribution protocols such as LDP.
To providing internetworking in the direction LDP to SR, there is no additional signaling or state
required. However, in the direction SR to LDP internetworking one node must advertise prefix-
SIDs on behalf non-SR nodes, thereby allowing non-LDP routers to send and receive labeled traffic
from LDP-only routers. To achieve this operation, there is a role named Mapping Server. Segment
Routing Mapping Server (SRMS) assign prefix-SIDs to prefixes owned by non-SR-capable routers
as well as to prefixes owned by SR capable nodes.
Let’s assume we have a scenario that separated by two domains that one of them uses LDP and
another uses SR. Traffic wants to go from P7 to P1, but P7 doesn’t run LDP and wants to assign
label for P1. It received a SID 16001 from mapping server to reach P1. Then it adds label 16001
and send it through the nodes. When traffic received by P3, it lookup for destination and find LDP
label assigned for the P1, then it swaps Prefix-SID with LDP label and send traffic to P2 and it send
traffic to P1 with appropriate label.
By using Mapping server LDP domain nodes map to Prefix-sid and end to end lSP can be
established
Some IGP domains use LDP, while other IGP domains use SR.
BGP-LU without BGP prefix-SID (BGP prefix-SID is not end-to-end)
BGP-PIC is used for BGP Fast Reroute
Couple of border routers between domains, get the same Anycast-SID and the same IP
address for high availability and may use load balancing.
Inter-domain Label Stack optimization:
Traditionally, for inter-Domain networks such as seamless MPLS, BGP-LU was being used to
connect different IGP domains in which the loopback IP address of PEs and Border routers was
accessible from any routers in the network, however in huge networks such as big mobile
operator networks, the number of loopback grew and the size of RIB increased sharply, to
overcome this issue, as the figure below shows, The SRTE Policy provides, by
simple SID stacking (SID-List), an elegant and robust way to program Inter-Domain LSPs without
requiring additional protocols such as BGP-LU.
SRTE can connect different domains by using segment-list and reach the traffic to the border
router of each domain, then the traffic by entering into the new IGP domain, can be continued
to forward through the new IGP domain and reach to the next border router till the end.
This can solve the problem but the size of label stack will be grown which lead to the big size
packet and encounter MTU problem, furthermore some platforms does not support big label
stacks. It should be noted that we can decrease the size of RIB by allocating the same IP and SID
(Anycasting) for both border routers between couple of domains. The SRTE Policy is programmed
on the Access device on-demand by an external Controller and does not require any state to be
signaled throughout the rest of the network. The below picture depicts multi-domain network in
which the packet traveling from left to right.
A good solution to optimize the size of label stack is to redistribute loopback address of Core
routers from Core IGP domain to other IGP domains on one direction from core domain toward
the access domain. It is important to note that this redistribution is unidirectional, thus it won’t
cause any L3 routing loop in the network.
as shown in the below image, in this way access domain routers have access to the loop back IP
address of Core6,7,8,9 so they can use Core routers’ SID in the Segment-List directly therefore
the size of stack will decrease.
Another important fact to consider is that there is only a limited amount of Core routers in a
Service Provider Network, therefore the redistribution does not affect scalability in the Access
IGP Domain.
Note:
In traditional BGP-LU for Inter-Domain forwarding, BGP-PIC is also required for FRR. In case
of redistribution of core loopbacks to other domains, Inter-Domain LSPs provisioned by SRTE
Policy are protected by TI-LFA also in case of ABR failure (because of Anycast-SID) because
the loopback address of core routers are installed in IGP database. This is not possible with
BGP-LU/BGP-PIC, since BGP-LU/BGP-PIC have to wait for the IGP to converge first as the
loopback address is advertised by BGP update not IGP.
Day 1
Segment Routing
Fundamentals
Addressing Table
Device Name IPv4 Loopback address Prefix-Sid
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2
Task1.
Configure segment routing on all P and PE routers based on the
following criteria:
a. configure ISIS as IGP (IPv4)
b. Level 2 only ISIS area
c. All routers are in 49.0000
d. Assign Prefix-SIDs based on SID table on loopback0
e. Configure all physical interface in the topology
Topology
Tip: Segment routing basic configuration using ISIS in IOS XE are as follow :
Tip: Segment routing basic configuration using ISIS in IOS XR are as follow:
Tip:
Segments are advertised by the link-state routing protocols by adding a new extension in IS-
IS and OSPF.
o Prefix segments: Represents IGP least cost path to a prefix which is a unique number
allocated to each node in SR Domain.(global segment in the range of SRGB. It is possible to
change SRGB of each node, so the Index is advertised to other nodes not prefix-sid, in fact,
Prefix-sid is calculated based on this formula: received node’s SRGB + received index)
o Adjacency segment: represents IGP adjacency which is a unique number allocated to each
physical link in each node.(local segment) using this SID, each node can specify which link
traffic can traverse through.
o Anycast (one or more hops) Represents IGP least cost path to a non-unique prefix
o Binding-SID Represents a tunnel (e.g., RSVP-signaled LSP)
A prefix segment is typically a multi-hop path while an adjacency segment, in most of the
cases, is a one-hop path.
SR's control-plane can be applied to both IPv6 and MPLS data-planes
SR does not require any additional signaling other than IGP (LDP or RSVP-TE is not
requires)
SR information advertised by TLVs and new Sub-TLVs
Now to answer the task you have to configure ISIS on all SP routers in the
map and configure Segment routing.
Configuration on R1(XR):
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0001.00
metric-style wide
advertise passive-only
segment-routing mpls
interface Loopback0
passive
prefix-sid index 1
interface GigabitEthernet0/0/0/2
description Connected_to_R2
point-to-point
interface GigabitEthernet0/0/0/3
description Connected_to_R3
point-to-point
Configuration on R2(IOS-XE):
! Enter segment routing mode with MPLS data plane
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
exit-address-family
interface Loopback0
interface GigabitEthernet1,2,3,4
ip router isis 1
isis circuit-type level-2-only
router isis 1
! net ID must be unique (choose it based on Prefix-SID for easier
tshoot)
net 49.0000.0000.0000.0002.00
is-type level-2-only
advertise passive-only
metric-style wide
segment-routing mpls
passive-interface Loopback0
Configuration on R3:
router isis 1
is-type level-2-only
net 49.0000.0000.000.0003.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 3
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv4 unicast
Segment-routing
Configuration on R4:
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0004.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 4
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv4 unicast
Configuration on R5:
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
5.5.5.5/32 index 5 range 1
exit-address-family
interface Loopback0
ip address 5.5.5.5 255.255.255.255
isis circuit-type level-2-only
interface GigabitEthernet1,2,3,4
ip router isis 1
isis circuit-type level-2-only
isis network point-to-point
router isis 1
net 49.0000.0000.0000.0005.00
is-type level-2-only
advertise passive-only
metric-style wide
segment-routing mpls
passive-interface Loopback0
Configuration on R6:
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0006.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
Verification
IOS XE
R2#show isis segment-routing connected-sid
Tag 1:
SID_Index of all nodes
Tip:
Segment Routing benefits two different encapsulation:
MPLS
SR packet header is an MPLS label stack and each label in the stack represents a
segment
IPv6
SR Header is an IPv6 header with a Segment Routing Extension Header (SRH)
which contains a list of IPv6 addresses that each of them represents a segment
PREFIX_SID_CONN_MAP
PREFIX_SID_PROTOCOL_ADV_MAP
IOS XR
RP/0/RP0/CPU0:R1#show isis segment-routing label table
Sun Feb 3 09:07:51.454 UTC
Prefix-SID of all nodes
16001 Loopback0
16002 2.2.2.2/32
16003 3.3.3.3/32
16004 4.4.4.4/32
16005 5.5.5.5/32
16006 6.6.6.6/32
Copyright © 2020 Orhan Ergun LLC operation: push 100006 and 16006
Tip:
Labels are dynamically assigned and will vary from session to session. Therefore,
your labels may not match the labels within this document.
Changing segment-routing global block doesn’t change behavior of other nodes when prefix
SID configured with index value:
100001 1.1.1.1/32
100002 2.2.2.2/32
100003 Loopback0
100004 4.4.4.4/32
100005 5.5.5.5/32
100006 6.6.6.6/32
Tip:
Please pay attention to your SRGB. It is recommended to use same SRGB on all
nodes of your domain. Also, it helps for better troubleshooting.
Change SRGB range to default before going to next task by using below command:
segment-routing
no global-block
Task2.
Configure L3 VPN service and verify reachability between CEs:
a. Put CE routers in VRF “A” with R1 RT export 100:1 and import
200:1, R2 RT export 200:1 and import 100:1
b. Assign AS 110 for CE1 and AS120 for CE2 and configure bgp
ipv4 with related PEs and advertise CE’s Loopbacks in MP-BGP
c. Put PE routers in AS 100 and Configure MP BGP on PEs
d. Verify reachability CE’s loopback from remote CE using ping and
traceroute
Tip:
For simplicity we do not use RR in this lab so the BGP connection is directly between PEs
Configuration
Define VRF A :
vrf A
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
interface GigabitEthernet0/0/0/0
no shutdown
vrf A
ipv4 address 10.10.110.1 255.255.255.0
vrf A
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
interface GigabitEthernet0/0/0/2
no shutdown
vrf A
ipv4 address 10.10.120.6 255.255.255.0
Verification
RP/0/RP0/CPU0:R1#show vrf all
Sun Feb 3 10:29:18.338 UTC
VRF RD RT AFI SAFI
A 200:1
import 200:1 IPV4 Unicast
export 100:1 IPV4 Unicast
A 100:1
interface Loopback100
ip address 111.111.111.111 255.255.255.255
CE2
interface Loopback200
ip address 222.222.222.222 255.255.255.255
route-policy vpn
pass
end-policy
route-policy vpn
pass
end-policy
Verification
2. On R1, Verify prefix entry of CE2 loopback on R1 in vrf A by using the command
show route vrf A 222.222.222.222/32
4. On R1, Verify the VPN label for the vrf A prefix 222.222.222.222/32 on R1 using the
command show route vrf A 222.222.222.222/32 detail.
5. R1 has the default preference of labels for imposition, hence the cef entry of 6.6.6.6/32 will
impose the transport label 16006 on top of the VPN label 24004. Verify this with the
command show cef vrf A 222.222.222.222/32
6. On CE1,Traceroute CE2 loopback prefix will show the labels along the path to the
destination traceroute 222.222.222.222 source 111.111.111.111
Tip:
In test6 please note:
In the output, this traceroute shows the labels along the two ECMP paths
Like traditional MPLS, PHP occurs on R4 and R5 so the transport label popped on
these nodes. As you can see in the output, only VPN label on R6 is existed.
In case of QoS you can preserve EXP/TC in the top label by using explicit-null lable.
You can use the following command:
Prefix-sid index ‘Sid_Index’ explicit-null
Prefix-sid absolute ‘Prefix-Sid’ explicit-null
Task3.
Configure LFA (IP-FRR) on all Routers in the map:
a. Configure IGP cost 1000 on the link between R3,R4 and R4,R6
b. Configure per-prefix LFA on all SP routers
c. Verify primary and backup path from R3 to R6 loopback
Configuration
LFA Configuration on R2 and R5 (XE):
router isis 1
fast-reroute per-prefix level-2 all
follow:
router isis 1
interface GigabitEthernet0/0/0/X
address-family ipv4 unicast
fast-reroute per-prefix
Tip:
For directly connected per-prefix LFA, no additional label is imposed, the top label is
swapped and packet is forwarded towards the LFA
Verification
On R2, verify protection coverage of per-prefix lfa using the comman Show isis fast-reroute
summary on R2
RP/0/RP0/CPU0:R3#show isis fast-reroute summary
Mon Feb 4 07:52:15.649 UTC
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00%
L2 6.6.6.6/32 [20/115]
via 10.10.35.5, GigabitEthernet0/0/0/1, R5, SRGB Base: 16000,
Weight: 0
FRR backup via 10.10.34.4, GigabitEthernet0/0/0/3, R4, SRGB Base:
16000, Weight: 0, Metric: 1020
Verify the destinations that are protected via the low bandwidth, high cost link between R3 and
R4 by using the command show isis fast-reroute | include "L2|FRR backup via.*R4"
Tip:
Note that the per-prefix LFA is not going over the final path, as it would be after IGP
would converge following a failure (“post-convergence path”). Traffic over the backup
path is using a high metric, low bandwidth link, potentially causing congestion and traffic
loss. The figure below illustrates the post-convergence path from R1 to R4 in case the
link between R2 and R3 failed.
As you can see in the figure above, LFA follows some rules before finding alternate path.
If any backup paths does not match any of them, will fail to become alternate path. In the
scenario above, R2 is a good candidate for backup next-hop, but unfortunately does not
match the first rule, therefore, LFA chooses R4 which is sub-optimal path.
Task4.
Configure TI-LFA on all Routers in the map:
a. Configure IGP cost 1000 on the link between R2,R5 and R5,R6
b. Configure per-prefix TI-LFA on all routers
c. Verify primary and backup path from R2 to R6 loopback
d. Compare the backup path in this task with the task 3.
Tip:
There are four primary functions of TI-LFA
Provides guaranteed 100% link protection for all failure types (link, node, SRLG) in
all networks
Protects IP, LDP and SR traffic
Avoids congestion and suboptimal routing by tailoring the backup path over the
post-convergence path
Doesn’t use targeted LDP sessions
Configuration
TI-LFA Configuration on R2 and R5 (XE):
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
Verification
On R3, Verify the forwarding entries of R6’s loopback prefix. First, verify the RIB
entry of 6.6.6.6/32. On R3, type the command show route 6.6.6.6/32
The output below, shows backup path is chosen by TI-LFA
RIB verification
On R3, Verify the ISIS fast-reroute information for prefix 6.6.6.6/32 with the
command show isis fast-reroute 6.6.6.6/32
ISIS verification
L2 6.6.6.6/32 [20/115]
via 10.10.35.5, GigabitEthernet0/0/0/1, R5, SRGB Base: 16000,
Weight: 0
Backup path: TI-LFA (link), via 10.10.23.2,
GigabitEthernet0/0/0/2 R2, SRGB Base: 16000, Weight: 0
P node: R4.00 [4.4.4. 4], Label: 16004
Prefix label: 16006
Backup-src: R6.00
On R3, Verify the MPLS forwarding entry for the SR label path. This entry will be
used for incoming SR labeled packets show mpls for labels 16006 detail
On R3, verify the label stack size limits of the interfaces on this platform. To do
this, use the command show isis interface | include
"GigabitEthernet|MPLS Max Label"
On R3, determine which backup paths are going over the low bandwidth, high cost
link between R3 and R4 using the command show isis fast-reroute |
include "L2|FRR backup via.*R5"
L2 2.2.2.2/32 [10/115]
L2 4.4.4.4/32 [20/115]
FRR backup via 10.10.35.5, GigabitEthernet0/0/0/1, R5, SRGB Base:
16000, Weight: 0, Metric: 20
L2 5.5.5.5/32 [10/115]
L2 6.6.6.6/32 [20/115]
On R3, verify the ISIS fast-reroute information for prefix 6.6.6.6/32 with the
command show isis fast-reroute 6.6.6.6/32 detail
Tip:
keep in mind in the output of show isis fast-reroute command:
P-node: Node reached via a Prefix-SID
Q-node: Node reached via a Adjacency-SID
The figure below shows P-Space and q-Space. From TI-LFA Perspective, R4 is
selected as PQ node, therefore in case of link failure between R3&R5, traffic with
single label (16004) will reach R4 then with prefix label of 16006 continue to reach
to the destination.
Configuration:
R3
Router isis 1
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
metric 1000
R4
Router isis 1
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
metric 1000
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
metric 2000
R2
interface GigabitEthernet3
isis metric 1000
R5
interface GigabitEthernet2
isis metric 1000
Verification:
Verify prefix 6.6.6.6/32 on R1.
RP/0/RP0/CPU0:R1#show isis fast-reroute 6.6.6.6/32 detail
Wed Feb 6 13:19:54.677 UTC
P: No, TM: 1030, LC: No, NP: No, D: No, SRLG: Yes
src R6.00-00, 6.6.6.6, prefix-SID index 6, R:0 N:1 P:0 E:0 V:0 L:0
Configuration:
R2
interface GigabitEthernet2
R4
router isis 1
interface GigabitEthernet0/0/0/0
metric 1000
interface GigabitEthernet0/0/0/2
metric 1000
R6
router isis 1
interface GigabitEthernet0/0/0/0
metric 1000
R3
router isis 1
address-family ipv4 unicast
fast-reroute per-prefix tiebreaker node-protecting index 200
Verification:
In this task we are going to use Node as well as SRLG protection in TI-LFA.
a) On R3 create SRLG group and enable SRLG protection beside with Node
protection.
b) Verify Node + SRLG for prefix 6.6.6.6/32 on R3.
Configuration:
router isis 1
address-family ipv4 unicast
fast-reroute per-prefix tiebreaker node-protecting index 200
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
srlg
interface GigabitEthernet0/0/0/1
group
1 1
!
!
interface GigabitEthernet0/0/0/2
group
1 1
!
!
interface GigabitEthernet0/0/0/3
group
1 1
!
!
group 1
8 value 100
!
Verification:
RP/0/RP0/CPU0:R3#show isis fast-reroute 6.6.6.6/32 detail
Wed Feb 6 14:48:29.261 UTC
Configuration:
router isis 1
address-family ipv4 unicast
no fast-reroute per-prefix tiebreaker node-protecting index 200
Verification:
Verify SRLG for prefix 6.6.6.6/32 on R3.
Task5.
Configure segment routing on all P and PE routers based on the
following criteria:
a. configure OSPF as IGP (IPv4)
b. All routers are in Area0
c. Assign Prefix-SIDs based on SID table on loopback0
d. Configure all physical interface in the topology
Now to answer the task you have to configure OSPF on all SP routers in the
map and configure Segment routing.
Configuration on R1(XR):
router ospf 1
router-id 1.1.1.1
! enable segment routing with mpls data plane
segment-routing mpls
area 0
mpls traffic-eng
prefix-sid index 1
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
!
!
Configuration on R2(IOS-XE):
! Enter segment routing mode with MPLS data plane
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
exit-address-family
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
interface GigabitEthernet1,2,3,4
ip ospf 1 area 0
router ospf 1
router-id 2.2.2.2
segment-routing mpls
Configuration on R3:
router ospf 1
router-id 3.3.3.3
segment-routing mpls
area 0
mpls traffic-eng
segment-routing mpls
interface Loopback0
prefix-sid index 3
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
!
!
!
Segment-routing
Configuration on R4:
router ospf 1
router-id 4.4.4.4
segment-routing mpls
area 0
mpls traffic-eng
segment-routing mpls
interface Loopback0
prefix-sid index 4
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
!
mpls traffic-eng router-id Loopback0
!
Configuration on R5:
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
5.5.5.5/32 index 5 range 1
exit-address-family
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip ospf 1 area 0
interface GigabitEthernet1,2,3,4
ip ospf 1 area 0
router ospf 1
router-id 5.5.5.5
segment-routing area 0 mpls
segment-routing mpls
Configuration on R6:
router ospf 1
segment-routing mpls
area 0
segment-routing mpls
interface Loopback0
prefix-sid index 6
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
Verification
Verify segment routing control plane
IOS XE
R2#show ip ospf segment-routing sid-database
SID Prefix/Mask
1 1.1.1.1/32
2 (L) 2.2.2.2/32
3 3.3.3.3/32
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32
LS age: 1572
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.0
Opaque Type: 7 (Extended Prefix)
Opaque ID: 0
SID Prefix/Mask
1 1.1.1.1/32 (L)
2 2.2.2.2/32
3 3.3.3.3/32
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32
LS age: 1328
Options: (No TOS-capability, DC)
Task6.
Configure TI-LFA on all Routers in the map using OSPF:
a. Configure IGP cost 1000 on the link between R2,R5 and R5,R6
b. Configure per-prefix TI-LFA on all routers
c. Verify primary and backup path from R2 to R6 loopback
Configuration
IOS XR
router ospf 1
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa enable
area 0
interface GigabitEthernet0/0/0/x
network point-to-point
IOS XE
router ospf 1
fast-reroute per-prefix enable prefix-priority low
fast-reroute per-prefix ti-lfa
fast-reroute per-prefix ti-lfa area 0.0.0.0
interface GigabitEthernetx
ip ospf network point-to-point
Verification
RP/0/RP0/CPU0:R3#show ospf 1 routes 6.6.6.6/32 backup-path
Wed Feb 6 07:16:21.148 UTC
O 6.6.6.6/32, metric 3
10.10.35.5, from 6.6.6.6, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 4.4.4.4 Label: 16004
10.10.23.2, from 6.6.6.6, via GigabitEthernet0/0/0/2, protected
bitmap 0000000000000001
TI-LFA Release Node 5.5.5.5 via 10.10.23.3 GigabitEthernet3, instance 31, metric 2
Interface MPLS-SR-Tunnel1
Tunnel type: MPLS-SR
Tailend router ID: 5.5.5.5
Termination IP address: 5.5.5.5
Outgoing interface: GigabitEthernet3
First hop gateway: 10.10.23.3
instance 31, refcount 1
rn-1: rtrid 5.5.5.5, addr 5.5.5.5, node-sid label 16005
TI-LFA Node 1.1.1.1 via 10.10.12.1 GigabitEthernet1, instance 31, rspt dist 0
in-ext-p-space, in-q-space, interesting node 0
Link Protect Path-1: via 10.10.23.3 Gi3, parent 2/10.10.13.1, metric:2, rls-
pt:1.1.1.1 at dist:1
TI-LFA Node 3.3.3.3 via 10.10.23.3 GigabitEthernet3, instance 31, rspt dist 0
in-ext-p-space, in-q-space, interesting node 0
Link Protect Path-1: via 10.10.24.4 Gi2, parent 2/10.10.34.4, metric:2, rls-
pt:3.3.3.3 at dist:1
repair:y, rn-cnt:0, first-q:4.4.4.4, rtp-flags:Repair, PostConvrg, IntfDj
Protected by: directly connected TI-LFA
Link Protect Path-2: via 10.10.12.1 Gi1, parent 2/10.10.13.1, metric:2, rls-
pt:3.3.3.3 at dist:1
repair:y, rn-cnt:0, first-q:1.1.1.1, rtp-flags:Repair, PostConvrg, IntfDj
Protected by: directly connected TI-LFA
TI-LFA Node 4.4.4.4 via 10.10.24.4 GigabitEthernet2, instance 31, rspt dist 0
not-in-ext-p-space, in-q-space, interesting node 0
Link Protect Path-1: via 10.10.23.3 Gi3, parent 2/10.10.45.4, metric:3, rls-
pt:5.5.5.5 at dist:2
repair:y, rn-cnt:1, first-q:5.5.5.5, rtp-flags:Repair, PostConvrg, IntfDj
rn-1: rtrid 5.5.5.5, addr 5.5.5.5, node-sid label 16005
Protected by: MPLS-SR-Tunnel1, tailend 5.5.5.5, rls node 5.5.5.5
instance 31, metric 2, refcount 1
Configuration:
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
109
Segment Routing Work Book by Orhan Ergun LLC
R3&R4
router ospf 1
area 0
interface GigabitEthernet0/0/0/x
cost 1000
R4
router ospf 1
area 0
R2&R5
interface GigabitEthernetx
ip ospf cost 1000
Verification:
O 6.6.6.6/32, metric 4
10.10.13.3, from 6.6.6.6, via GigabitEthernet0/0/0/2, path-id 1
Backup path: TI-LFA, Repair-List: P node: 4.4.4.4 Label: 16004
Q node: 5.5.5.5 Label: 24006
10.10.12.2, from 6.6.6.6, via GigabitEthernet0/0/0/1, protected
bitmap 0000000000000001
Attributes: Metric: 1004, Node Protect, Interface Disjoint, SRLG
Disjoint
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 1, Weight: 0
MAC/Encaps: 4/8, MTU: 1500
Configuration:
R2
interface GigabitEthernet2
ip ospf cost 1000
R4
router ospf 1
area 0
interface GigabitEthernet0/0/0/0
cost 1000
interface GigabitEthernet0/0/0/2
cost 1000
R6
router ospf 1
area 0
interface GigabitEthernet0/0/0/0
cost 1000
router ospf 1
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa enable
Verification:
Verify Node protection for prefix 6.6.6.6/32 on R3.
In this task we are going to use Node as well as SRLG protection in TI-LFA.
a) On R3 create SRLG group and enable SRLG protection beside with Node
protection.
b) Verify Node + SRLG for prefix 6.6.6.6/32 on R3.
Configuration:
On R3 create SRLG group and enable SRLG protection beside with Node
protection.
router ospf 1
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa enable
fast-reroute per-prefix tiebreaker node-protecting index 200
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
srlg
interface GigabitEthernet0/0/0/1
group
1 1
!
!
interface GigabitEthernet0/0/0/2
group
1 1
!
!
interface GigabitEthernet0/0/0/3
group
1 1
!
group 1
8 value 100
!
Verification:
Verify Node + SRLG for prefix 6.6.6.6/32 on R3.
Configuration:
router ospf 1
no fast-reroute per-prefix tiebreaker node-protecting index 200
Day 2
Segment Routing
Internetworking with LDP
The lab consist of combination of traditional IOS for CEs, IOS XE and IOS
XR for SP routers. The following addressing table is applied on all labs in
this chapter.
Addressing Table
Device Name IPv4 Loopback address Prefix-Sid
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2
Base Topology
ICON Capability
Task1.
Configure L3 VPN service and verify reachability between CEs:
e. Configure ISIS as IGP and Configure LDP on all SP nodes
f. Put CE routers in VRF “A”
g. Site1 RT,RD: 100:1, Site2 RT,RD: 200:1
h. Assign AS 110 for site1 and AS120 for site2
i. Put PE routers in AS 100
j. Configure MP BGP on PEs
k. Advertise CE’s Loopbacks in MP-BGP
l. Configure BGP IPv4 session between CEs
m. CE1 and CE2 have a default route pointing to R1 and R6
n. Verify reachability CE’s loopback from remote CE using ping and
traceroute
Configuration
1. Configuring ISIS on all nodes
R1
router isis 1
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast
advertise passive-only
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/3
address-family ipv4 unicast
!
!
!
R2
router isis 1
net 49.0000.0000.0000.0002.00
advertise passive-only
passive-interface Loopback0
!
interface GigabitEthernet1
ip router isis 1
!
interface GigabitEthernet3
ip router isis 1
!
interface GigabitEthernet4
ip router isis 1
R3
router isis 1
net 49.0000.0000.0000.0003.00
address-family ipv4 unicast
advertise passive-only
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
!
!
R4
router isis 1
net 49.0000.0000.0000.0004.00
address-family ipv4 unicast
advertise passive-only
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
!
!
R5
router isis 1
net 49.0000.0000.0000.0005.00
advertise passive-only
passive-interface Loopback0
!
interface GigabitEthernet1
ip router isis 1
!
interface GigabitEthernet3
ip router isis 1
!
interface GigabitEthernet4
ip router isis 1
R6
router isis 1
net 49.0000.0000.0000.0006.00
address-family ipv4 unicast
advertise passive-only
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
!
!
IOS XR
mpls ldp
address-family ipv4
IOS XE
Enable mpls with
router isis 1 ldp under ISIS for
mpls ldp sync auto-configuration
and synchronization
mpls ldp autoconfig
Verification
IOS XE
IOS XR
RP/0/RP0/CPU0:R3#show mpls ldp neighbor
Tue Feb 12 09:58:41.913 UTC
GigabitEthernet0/0/0/0:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
5.5.5.5:0
GigabitEthernet0/0/0/1:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
1.1.1.1:0
GigabitEthernet0/0/0/2:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
2.2.2.2:0
Tip:
LDP establishes MPLS LSPs along the shortest-path along the destination as determined
by IP forwarding. In L2VPN or L3VPN scenario, if the LSP is not formed between the PE
routers, a blackhole exists and services depending on MPLS forwarding will fail. The
reasons for LSP not setting up completely could be-
1) Implementation bug
2) Configuration error
3) A link has just come up and IGP adjacency is UP but LDP sessions are not up or label-
bindings are not exchanged with the neighbors.
To enable LDP IGP synchronization on each interface that belongs to an OSPF or IS-IS
process, enter the mpls ldp sync command. If you do not want some of the interfaces to have
LDP IGP synchronization enabled, issue the no mpls ldp igp sync command on those
interfaces.
router isis 1
interface GigabitEthernet0/0/0/2
3. Configure VRF on PEs and put PE’s customer interfaces under VRF.
PE1
vrf A
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
interface GigabitEthernet0/0/0/0
vrf A
PE6
vrf A
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
interface GigabitEthernet0/0/0/0
vrf A
Verification
RP/0/RP0/CPU0:R1#show vrf A ipv4 unicast detail
PE1
route-policy vpn
pass
end-policy
!
router bgp 100
address-family vpnv4 unicast
!
neighbor 6.6.6.6
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
!
!
vrf A
rd 200:1
address-family ipv4 unicast
!
neighbor 10.10.110.10
remote-as 110
address-family ipv4 unicast
route-policy vpn in
route-policy vpn out
!
!
PE6
route-policy vpn
pass
end-policy
!
router bgp 100
address-family vpnv4 unicast
!
neighbor 6.6.6.6
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
!
!
vrf A
rd 100:1
address-family ipv4 unicast
!
neighbor 10.10.120.20
remote-as 120
address-family ipv4 unicast
route-policy vpn in
route-policy vpn out
!
!
CE1
interface Loopback100
ip address 111.111.111.111 255.255.255.255
CE2
interface Loopback100
ip address 222.222.222.222 255.255.255.255
Verification
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
139
Segment Routing Work Book by Orhan Ergun LLC
On R1, verify entry of CE2 loopback in vrf A using the command show
route vrf A 222.222.222.222/32
Using the command show bgp vpnv4 unicast labels, verify the
vpnv4 labels allocated and advertised by BGP
On R1, Verify the LDP label binding for the BGP nexthop 222.222.222.222
(R6) using the command show mpls ldp bindings 6.6.6.6/32
2.2.2.2:0 18
3.3.3.3:0 24003
On R1, Verify the 222.222.222.222/32 FIB entry in vrf A with the command
show cef vrf A 222.222.222.222/32
Task2.
SR configuration as well as LDP
a) Configure segment routing on R2, R3, R4, R5 as well as LDP
b) Configure sr-prefer on R2 ,R3 ,R4, R5 to enable preference of
Segment Routing over LDP for ip-to-mpls. Also, mapping server
on node 3.
c) Changing topology to enforce segment routing inside core
network.
Configuration
IOS XE
router isis 1
metric-style wide
segment-routing mpls
!
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
2.2.2.2/32 index 2 range 1
exit-address-family
!
IOS XR
router isis 1
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 1
Verification
Verify LDP on nodes with the command show mpls
interfaces
RP/0/RP0/CPU0:R3#show mpls interfaces
Wed Feb 13 13:15:17.352 UTC
Interface LDP Tunnel Static Enabled
16002 2.2.2.2/32
16003 Loopback0
16004 4.4.4.4/32
16005 5.5.5.5/32
-
16002 Pop SR Pfx (idx 2) Gi0/0/0/2 10.10.23.2 3711
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.10.35.5 0
16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.23.2 0
16005 Pop SR Pfx (idx 5) Gi0/0/0/0 10.10.35.5 3669
24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.10.35.5 0
IP Address: 6.6.6.6
Metric: 0 IP-Extended 6.6.6.6/32
Prefix Attribute Flags: X:0 R:0 N:1
Hostname: R6
Metric: 10 IS-Extended R4.03
Metric: 10 IS-Extended R5.01
Configuration
IOS XE
segment-routing mpls
!
set-attributes
address-family ipv4
sr-label-preferred
IOS XR
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
segment-routing
mapping-server
Assigns label to LDP only
prefix-sid-map
nodes
address-family ipv4
1.1.1.1/32 1
Advertises labels of SRMS to
6.6.6.6/32 6 SRMS clients
router isis 1
address-family ipv4 unicast
segment-routing prefix-sid-map advertise-local
Tips:
By default, the IS-IS SRMS client mode is enabled on XR and XE routers .
Verification
On R2, traceroute 6.6.6.6 to verify sr-prefer operation as well
as LDP.
R2#traceroute 6.6.6.6 so lo0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
Verification
Task3.
Reachability of CEs with LDP only and SR only PEs.
a) No shutdown all interface and configure R3 to LDP+SR node
b) Configure SR on R1 and Remove LDP from R1. R6 must be
LDP only.
c) Verify reachability of CEs from CE routers.
Configuration
R1
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 1
Verification
On C1, use traceroute 222.222.222.222 source lo100 to
verify SR works in network.
Task4.
Configure RSVP-TE and steer traffic to the TE
a) Configure cost 100 on the link between R3, R5
b) Configure RSVP-TE between R2, R4 using explicit-map toward
R2, R3, R5, R4
c) Add Auto-route Announce on the RSVP-TE tunnels between R2
and R4
d) Verify traffic path and reachability of CEs from each other.
Configuration
a. Configure cost 100 on the link between R3, R5
R3
router isis 1
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
metric 100
interface Tunnel100
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 4.4.4.4
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name EXPATH
!
ip explicit-path name EXPATH enable
next-address 3.3.3.3
next-address 5.5.5.5
next-address 4.4.4.4
!
router isis 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
interface GigabitEthernet3
isis network point-to-point
mpls traffic-eng tunnels
ip rsvp bandwidth
!
mpls traffic-eng tunnels
R3
router isis 1
address-family ipv4 unicast
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
!
interface GigabitEthernet0/0/0/0
point-to-point
!
interface GigabitEthernet0/0/0/0
point-to-point
!
!
rsvp
interface GigabitEthernet0/0/0/0
bandwidth
!
interface GigabitEthernet0/0/0/2
bandwidth
!
!
mpls traffic-eng
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
R5
router isis 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
interface GigabitEthernet3
isis network point-to-point
mpls traffic-eng tunnels
ip rsvp bandwidth
!
interface GigabitEthernet4
isis network point-to-point
mpls traffic-eng tunnels
ip rsvp bandwidth
!
mpls traffic-eng tunnels
R4
router isis 1
address-family ipv4 unicast
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
!
interface GigabitEthernet0/0/0/0
point-to-point
!
!
rsvp
interface GigabitEthernet0/0/0/0
bandwidth
!
mpls traffic-eng
interface GigabitEthernet0/0/0/0
!
Verification
On R2, verify traffic engineering using the show mpls interfaces
R2#show mpls interfaces
Interface IP Tunnel BGP Static
Operational
GigabitEthernet1 Yes (ldp) No No No Yes
GigabitEthernet3 Yes (ldp) Yes No No Yes
GigabitEthernet4 Yes (ldp) No No No Yes
Tunnel100 No No No No Yes
On R2, Verify the tunnels with the command show mpls traffic-eng
tunnels. R2 is the head-end of one tunnel (3.3.3.3) and the tail-end of
one tunnel (4.4.4.4)
R2#show mpls traffic-eng tunnels
P2P TUNNELS/LSPs:
Config Parameters:
Bandwidth: 0 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
Path-invalidation timeout: 10000 msec (default), Action: Tear
AutoRoute: enabled LockDown: disabled Loadshare: 0 [0] bw-based
auto-bw: disabled
Fault-OAM: disabled, Wrap-Protection: disabled, Wrap-Capable: No
InLabel : -
OutLabel : GigabitEthernet3, 24011
Next Hop : 10.10.23.3
RSVP Signalling Info:
Src 2.2.2.2, Dst 4.4.4.4, Tun_Id 100, Tun_Instance 327
RSVP Path Info:
My Address: 10.10.23.2
Explicit Route: 10.10.23.3 10.10.35.5 10.10.45.4 4.4.4.4
Record Route: NONE
Tspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
on R2, verify the MPLS forwarding entry for the prefix-SID of R4 with the
command show mpls forwarding-table labels 16004
R2#show mpls forwarding-table labels 16004
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16004 [T] Pop Label 4.4.4.4/32 0 Tu100 point2point
on R2, Verify the MPLS entry for the TE tunnel using the command show
mpls forwarding-table
R2#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.10.24.4-A 0 Gi4 10.10.24.4
17 [T] Pop Label 4.4.4.4/32 0 Tu100 point2point
18 Pop Label 10.10.23.3-A 0 Gi3 10.10.23.3
20 [T] 16006 6.6.6.6/32 2037 Tu100 point2point
21 [T] 16005 5.5.5.5/32 9248 Tu100 point2point
23 24010 1.1.1.1/32 10821 Gi3 10.10.23.3
24 Pop Label 10.10.12.1-A 0 Gi1 10.10.12.1
25 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
16001 16001 1.1.1.1/32 1750 Gi3 10.10.23.3
16003 Pop Label 3.3.3.3/32 8424 Gi3 10.10.23.3
16004 [T] Pop Label 4.4.4.4/32 0 Tu100 point2point
16005 [T] 16005 5.5.5.5/32 9248 Tu100 point2point
16006 [T] 16006 6.6.6.6/32 2037 Tu100 point2point
o The traffic was carried in the RSVP-TE tunnel between R2 and R4. The actual
path is:
R1 > R2 > R3 > R5 > R4 > R6
On CE1, trace CE2’s loopback using the command traceroute
222.222.222.222 source lo100
CE1#traceroute 222.222.222.222 source lo100
Type escape sequence to abort.
Tracing the route to 222.222.222.222
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.110.1 163 msec 3 msec 7 msec
2 10.10.12.2 [MPLS: Labels 16006/24005 Exp 0] 36 msec 11 msec 7 msec
3 10.10.23.3 [MPLS: Labels 24011/16006/24005 Exp 0] 125 msec 7 msec 13 msec
4 10.10.35.5 [MPLS: Labels 18/16006/24005 Exp 0] 7 msec 5 msec 7 msec
5 10.10.45.4 [MPLS: Labels 16006/24005 Exp 0] 40 msec 6 msec 4 msec
6 10.10.46.6 [MPLS: Label 24005 Exp 0] 171 msec 13 msec 7 msec
7 10.10.120.20 32 msec * 58 msec
Task5.
Combination of SR and LDP in the same scenario and using TI-LFA
a) Make sure R1 as SR only node, R4 and R5 as LDP only node,
and Rest of SP nodes are SR+LDP while SR is preferred. Also,
make sure Mapping Server is configure to sets label for
R4&R5.
b) Configure TI-LFA on R3&R2 nodes
c) Verify TI-LFA on node R3 and R2
Configuration
R1
router isis 1
address-family ipv4 unicast
segment-routing mpls
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
R2
router isis 1
segment-routing mpls
mpls ldp sync
R3
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
segment-routing prefix-sid-map advertise-local
mpls ldp auto-config
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 3
!
!
mpls ldp
address-family ipv4
!
!
!
segment-routing
mapping-server
prefix-sid-map
address-family ipv4
4.4.4.4/32 4
5.5.5.5/32 5
!
!
!
R4
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
mpls ldp
address-family ipv4
!
!
R5
router isis 1
mpls ldp sync
mpls ldp autoconfig
!
R6
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
mpls ldp auto-config
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 6
!
!
mpls ldp
address-family ipv4
!
!
Configuration
R2
Globally configuration
router isis 1
fast-reroute per-prefix level-2 all
fast-reroute ti-lfa level-2
Interfaces must be
!
point-to-point
interface GigabitEthernet1
isis network point-to-point
isis fast-reroute protection level-2
isis fast-reroute ti-lfa protection level-2
Or you can configure it
per interface
R3
router isis 1
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
!
!
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
c. verification:
Verify Ti-LFA on R3.
L2 1.1.1.1/32 [10/115]
via 10.10.13.1, GigabitEthernet0/0/0/1, R1, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.10.23.2, GigabitEthernet0/0/0/2 R2,
SRGB Base: 16000, Weight: 0
With LDP label
P node: R2.00 [2.2.2.2], Label: ImpNull
Q node: R1.00 [1.1.1.1], Label: 20
Prefix label: ImpNull
Backup-src: R1.00
L2 2.2.2.2/32 [10/115]
via 10.10.23.2, GigabitEthernet0/0/0/2, R2, SRGB Base: 16000, Weight: 0
FRR backup via 10.10.13.1, GigabitEthernet0/0/0/1, R1, SRGB Base: 16000,
Weight: 0, Metric: 20
L2 4.4.4.4/32 [20/115]
via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0
FRR backup via 10.10.23.2, GigabitEthernet0/0/0/2, R2, SRGB Base: 16000,
Weight: 0, Metric: 20
via 10.10.23.2, GigabitEthernet0/0/0/2, R2, SRGB Base: 16000, Weight: 0
FRR backup via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0,
Metric: 20
L2 5.5.5.5/32 [10/115]
via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0
Backup path: TI-LFA (link), via 10.10.23.2, GigabitEthernet0/0/0/2 R2,
SRGB Base: 16000, Weight: 0
With SR label
P node: R4.00 [4.4.4.4], Label: 16004
Prefix label: None
Backup-src: R5.00
1.1.1.1/32, version 121, labeled SR, internal 0x1000001 0x83 (ptr 0xd5d3858)
[1], 0x0 (0xd7957a8), 0xa20 (0xe32a180)
Updated Dec 23 06:06:55.352
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.10.23.2/32, GigabitEthernet0/0/0/2, 9 dependencies, weight 0, class
0, backup (TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xe2b81d0 0xe2b8380]
next hop 10.10.23.2/32, Repair Node(s): 2.2.2.2, 1.1.1.1
remote adjacency
local label 16001 labels imposed {ImplNull 20}
via 10.10.13.1/32, GigabitEthernet0/0/0/1, 9 dependencies, weight 0, class
0, protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xe3e1430 0xe3e1190]
next hop 10.10.13.1/32
local label 16001 labels imposed {ImplNull}
remote adjacency
local label 16005 labels imposed {16004}
Tunnel Interface Next Hop End Point Label End Point Host
MP1 Gi3 10.10.23.3 5.5.5.5 16005 R5
Tip
In the following topology as you can see, the left side is SR
Only while the right side is LDP only and the link in The
middle is LDP based. In these kind of scenarios for traffics
from SR-to-LDP you need to configure SRMS (Mapping Server)and
allocating Prefix-SID for LDP Routers is required for mutual
Communication.
Task6.
Migration from LDP to SR
a) Configure all SP nodes to be LDP only and verify reachability of CEs
b) Add SR to all SP nodes to be LDP+SR and verify reachability of
CEs. Also, verify on R3 the SR labels.
c) Configure sr-prefer on all SP nodes to enable preference of Segment
Routing over LDP for ip-to-mpls and verify reachability of CEs
d) Remove LDP from all SP nodes and verify reachability of CEs
Configuration
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
175
Segment Routing Work Book by Orhan Ergun LLC
R1&R3&R4&R6
!
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
!
mpls ldp
address-family ipv4
!
!
R2&R5
router isis 1
mpls ldp sync
mpls ldp autoconfig
!
Configuration
R1, R3, R4, R6
router isis 1
address-family ipv4 unicast
segment-routing mpls
!
interface Loopback0
It (X) changes based on
address-family ipv4 unicast node ID. (e.g. 1 for R1 )
prefix-sid index x
!
R2, R5
router isis 1
segment-routing mpls
mpls ldp sync
mpls ldp autoconfig
!
!!! for R5
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
5.5.5.5/32 index 5 range 1
exit-address-family
!
!!! for R2
segment-routing mpls
!
connected-prefix-sid-map
address-family ipv4
2.2.2.2/32 index 2 range 1
exit-address-family
!
Verification
On R3, verify SR labels.
16001 1.1.1.1/32
16002 2.2.2.2/32
16003 Loopback0
16004 4.4.4.4/32
16005 5.5.5.5/32
16006 6.6.6.6/32
Configuration
R1, R3, R4, R6
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
mpls ldp auto-config
R2, R5
segment-routing mpls
!
set-attributes
address-family ipv4
sr-label-preferred
exit-address-family
Verification
On CE1, verify the path for CE2.
Configuration
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
!
no mpls ldp
R2, R5
router isis 1
no mpls ldp sync
no mpls ldp autoconfig
Verification
On CE1, verify the path for CE2.
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2
Task7.
Multidomain for SR and BGP Prefix-sid
a) Configure two ISIS domains, ISIS1+SR and ISIS2+SR
b) Configure BGP AS100 in ISIS1 and AS200 in ISIS
c) Configure L3VPN inter-AS option C
d) Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
e) Assign AS 110 for site1 and AS120 for site2
f) Advertise CE’s Loopbacks in MP-BGP
Tip:
In this scenario, inter-AS option C provides inter-AS L3VPN connectivity. In the inter-AS
option C model, the L3VPN prefixes and labels are exchanged between the PEs in two ASs
using EBGP. For scalability, this exchange typically happens over a multi-hop EBGP session
between a RR in one AS and a RR in other AS. To establish the inter-AS EBGP session between
the RRs, reachability between them is required. The inter-AS option C model also requires that
the loopback prefixes of the PEs are reachable from the other AS. This is require to provide a
continuous LSP between the PEs to carry the L3VPN service traffic. Within AS, LDP or SR are
used for label distribution while BGP label unicast (LU) is used to exchange over inter-AS link
between ASs. There are two options for providing inter-AS LSPs between the PEs:
1) Mutually redistribute the PE loopback prefixes with their prefix-SID labels between BGP
and IGP on the ASBR
2) Advertise the PE loopback with their prefix-SID labels in BGP-LU (using RPL or route-
map) which is used in this scenario.
BGP session between RR <-> ASBR (R3 or R4) will be established to provide reachability
between RRs. It should be noted that, RRs only reflect VPNv4 prefixes.
To answer this task consider the following points:
Configure BGP-LU between R1<->R3, RR1<->R3, R3<->R4, R4<->RR2 ,
R4<->R6
Configure BGP VPNv4 between R1<->RR1, RR1<->RR2, RR2<->R6
Do not change BGP next hop between RR1<->RR2 (Next hop unchanged command)
Change next-hop from ASBRs to PEs (next-hop self)
Configuration
ISIS-1
R1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
R2
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0002.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 2
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
!
!
R2 and RR1 link
interface GigabitEthernet0/0/0/0.27
point-to-point
address-family ipv4 unicast
!
!
mpls oam
R3
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 3
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
!
!
mpls oam
RR1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0007.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 7
!
!
RR1 and R2 link
interface GigabitEthernet0/0/0/0.27
point-to-point
mpls oam
ISIS-2
R4
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0004.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 4
!
!
interface GigabitEthernet0/0/0/0.45
point-to-point
address-family ipv4 unicast
!
!
mpls oam
R5
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0005.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 5
!
!
interface GigabitEthernet0/0/0/0.45
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.56
point-to-point
address-family ipv4 unicast
!
!
R5 and RR2 link
interface GigabitEthernet0/0/0/0.58
point-to-point
address-family ipv4 unicast
!
!
mpls oam
R6
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0006.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0.56
point-to-point
address-family ipv4 unicast
!
!
mpls oam
RR2
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0008.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 8
!
!
interface GigabitEthernet0/0/0/0.58 RR2 and R5 link
point-to-point
address-family ipv4 unicast
!
mpls oam
Configuration
R1
neighbor 3.3.3.3
remote-as 100
update-source Loopback0
address-family ipv4 labeled-unicast
!
!
RR1 Loopback address
neighbor 7.7.7.7
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
!
!
R3
!
neighbor 7.7.7.7
remote-as 100
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self To change Next hop
! for Domain2
RR1
Configuration
R6
!
!
R4
RR2
!
!
neighbor 4.4.4.4
remote-as 200
update-source Loopback0
address-family ipv4 labeled-unicast
!
!
neighbor 6.6.6.6
remote-as 200
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
!
Configuration
Domain 1
R1
segment-routing
global-block 16000 23999 After changing SRGB, use
process restart bgp
command to take effect of label
range on bgp process
RR1
route-policy SID($SID)
set label-index $SID
end-policy
!
route-policy ebgp
pass
end-policy
!
segment-routing
global-block 16000 23999
!
R3(ASBR)
neighbor 10.10.34.4
remote-as 200
BGP-LU address family
address-family ipv4 labeled-unicast to exchange vpn label
!
segment-routing
SRGB must configured
global-block 16000 23999 for BGP label allocation
Domain 2
R6
route-policy SID($SID)
set label-index $SID
end-policy
!
segment-routing
global-block 16000 23999
!
RR2
route-policy SID($SID)
route-policy ebgp
pass
end-policy
!
router bgp 200
Assign BGP Prefix-SID to
address-family ipv4 unicast
RR2 loopback address
network 8.8.8.8/32 route-policy SID(8) and advertise it to bgp
allocate-label all
!
neighbor 7.7.7.7
vpnv4 with RR1 to
remote-as 100 exchange vpn routes
ebgp-multihop 100
update-source Loopback0
address-family vpnv4 unicast
route-policy ebgp in
route-policy ebgp out
next-hop-unchanged
!
segment-routing
global-block 16000 23999
!
R4
neighbor 10.10.34.3
remote-as 100
address-family ipv4 labeled-unicast
!
!
!
segment-routing
global-block 16000 23999
!
GigabitEthernet0/0/0/0.23 No No No Yes
GigabitEthernet0/0/0/0.34 No No No Yes
R1
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.1 0 100 3139 3202 82 0 0 03:17:32 0
RR2
8.8.8.8 0 200 1437 1456 82 0 0 03:19:46 0
d. Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
Configuration
R1
vrf A
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
interface GigabitEthernet0/0/0/0.110
vrf A
ipv4 address 10.10.110.1 255.255.255.0
encapsulation dot1q 110
!
R6
vrf A
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
!
interface GigabitEthernet0/0/0/0.120
vrf A
ipv4 address 10.10.120.6 255.255.255.0
encapsulation dot1q 120
Configuration
CE1
interface Loopback110
ip address 111.111.111.111 255.255.255.255
!
CE2
interface Loopback120
ip address 222.222.222.222 255.255.255.255
!
R1
route-policy vpn
pass
end-policy
!
R6
route-policy vpn
pass
end-policy
!
Verification
RP/0/RP0/CPU0:R1#show bgp vrf A
Fri Mar 8 11:15:41.508 UTC
BGP VRF A, state: Active
BGP Route Distinguisher: 100:1
VRF ID: 0x60000002
BGP router identifier 1.1.1.1, local AS number 100
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000002 RD version: 45
BGP main routing table version 45
BGP NSR Initial initsync version 6 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
On R1, verify 8.8.8.8/32 and 6.6.6.6/32 are received from R3: show bgp ipv4
labeled-unicast.
Verification
RP/0/RP0/CPU0:R1#show bgp ipv4 labeled-unicast
Fri Mar 8 11:21:58.790 UTC
BGP router identifier 1.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 71
BGP main routing table version 71
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
On R6, verify bgp label for the prefix 6.6.6.6/32 using command, show bgp
labels. as this prefix is local, it advertises with label 3 (implicit-null) which
enables PHP/
Verification
RP/0/RP0/CPU0:R6#show bgp labels
Fri Mar 8 11:33:15.957 UTC
BGP router identifier 6.6.6.6, local AS number 200
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 63
BGP main routing table version 63
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
On R4, verify bgp label for the prefix 6.6.6.6/32 and find prefix-sid 6.
Verification
RP/0/RP0/CPU0:R4#show bgp ipv4 labeled-unicast 6.6.6.6/32
Fri Mar 8 11:37:03.548 UTC
BGP routing table entry for 6.6.6.6/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 14 14
Local Label: 16006
Last Modified: Mar 8 07:52:15.718 for 03:44:48
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.34.3
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.34.3
Local
6.6.6.6 (metric 20) from 6.6.6.6 (6.6.6.6)
Received Label 3
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
labeled-unicast
Received Path ID 0, Local Path ID 1, version 14
Prefix SID Attribute Size: 7
Label Index: 6
On R4, both IGP (ISIS) and BGP advertise the Prefix-SID 16006 for prefix
6.6.6.6/32. Because of lower administrative distance of ISIS (115) compared
to BGP (200), ISIS installs the prefix 6.6.6.6/32. Enter the following command
to verify RIB using command.
Verification
Tip:
The prefix-SID attribute is transitive, it means it will be forwarded even if the BGP
implementation does not understand the attribute.
Verification
Verification
RP/0/RP0/CPU0:R3#show mpls forwarding labels 16006
Fri Mar 8 12:18:35.395 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
Verification
RP/0/RP0/CPU0:R1#show cef 6.6.6.6/32
Fri Mar 8 12:53:08.521 UTC
6.6.6.6/32, version 292, labeled SR, internal 0x1000001 0x80 (ptr 0xdf12c10) [1],
0x0 (0xe0d8128), 0xa08 (0xe633428)
Updated Mar 8 07:52:36.783
Prefix Len 32, traffic index 0, precedence n/a, priority 4
via 3.3.3.3/32, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xd373598 0x0]
recursion-via-/32
next hop 3.3.3.3/32 via 16003/0/21
local label 16006
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/22 ms
Task8.
Multidomain SR&LDP and BGP Prefix-sid
a) Configure two ISIS domains, ISIS1+LDP and ISIS2+SR
b) Configure BGP AS100 in ISIS1 and AS200 in ISIS as task 7
c) Configure L3VPN inter-AS option C
d) Put CE routers in VRF “A” and site1 RT,RD: 100:1, site2 RT,RD:
200:1 as task8
e) Assign AS 110 for site1 and AS120 for site2 as task 7
f) Advertise CE’s Loopbacks in MP-BGP as task 7
Configuration
ISIS1
R1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
!
mpls ldp
!
mpls oam
!
R2
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0002.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.27
point-to-point
address-family ipv4 unicast
!
!
no segment-routing
!
mpls ldp
!
mpls oam
!
R3
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
mpls ldp
!
mpls oam
!
RR1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0007.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.27
point-to-point
no segment-routing
!
mpls ldp
!
mpls oam
!
ISIS2
Same as task 8
Configuration
R1
RR1
route-policy ebgp
pass
end-policy
!
route-policy ebgp in
route-policy ebgp out
next-hop-unchanged
!
!
R3
No advertising protos.
Verification
RP/0/RP0/CPU0:R1#show mpls forwarding prefix 6.6.6.6/32
Fri Mar 8 17:41:57.150 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
Tip:
The Traffic is carried by BGP-LU and LDP in AS1 but carried by SR in AS2. The prefix-
SID attribute is transitive, it means it will be forwarded even if the BGP implementation
does not understand the attribute.
Since SR BGP is not enabled on R3, it does not understand the prefix-sid attribute and it
ignores it. Therefore, it allocate a regular dynamic label for prefix 6.6.6.6/32 and forwards
that label to R1. You can verify it by the command: show bgp label
R3 received prefix-SID label 16006 for prefix 6.6.6.6/32 from R4, but it ignores the
attached prefix-SID attribute and allocates a random dynamic label
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/26 ms
Day 3
Segment Routing
Traffic Engineering
Note: It should be noted that both types explicit and dynamic policy can be
applied using PCE controller in which external controller gathers topology
information of multiple domains and select the best path over multiple
domains and configures head end router to use injected segment list.
Addressing Table
Device Name IPv4 Loopback address Prefix-Sid
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2
Tip:
Candidate path has a preference and is associated with a single
Binding-SID.
Tip:
SRTE Candidate Path can be received from different sources
such as: CLI, BGP, PCEP, Netconf. Source of path is not
considered for path selection. The valid path with Higher
preference is the selected path.
SRTE Segment-routing
traffic-eng
policy P1
SR policy color 20 end-point ipv4 6.6.6.6 Color & End-Point
binding-sid mpls 40180
BSID-It can be
candidate-paths
assigned
automatically preference 100
dynamic mpls
Cpath1(Dynamic) metric TE Metric
type te
affinity
Constraint
exclude-any red
Cpath2(Static) !
Valid and higher preference 200
explicit segment-list SL1 Explicit Path
preference
!
segment-list name SL1
Node 5
index 10 mpls label 16005
SID List1 index 20 mpls label 16006
Node 6
SRTE Segment-routing
traffic-eng
policy P1
SR policy color 20 end-point ipv4 6.6.6.6 Color & End-Point
binding-sid mpls 40180
BSID-It can be
candidate-paths
assigned
automatically preference 100 Explicit Path
explicit segment-list SL1
Weight 1
weight 1
explicit segment-list SL2
Explicit Path
weight 4
! Weight 4
segment-list name SL1
index 10 mpls label 16005
SID List1
index 20 mpls label 16006
!
SID List2 segment-list name SL2
index 10 mpls label 16006
Tip:
Base Topology
Tip:
SR-TE is not supported on broadcast interfaces; it is
supported only point-to-point interfaces in both ISIS and
OSPF.
Only one instance of protocol should be enabled for TE at
a given point of time.
Task1.
Single domain static SRTE:
o. Configure ISIS1 as IGP and Configure SR on all SP nodes
p. Change the IGP metric of links <R3-R4> and <R4-R6> to 1000
q. On R3, configure SRLB to assign persistence Adj-SID and verify
the Adj-SID and for R4, use dynamic Adj-SID
r. Configure R1 as Head-end and SRTE to use Explicit-Path
through R3<->R4 link and assign BSID 40000 to the SR-Policy
s. R1 must reach R6 through the path R1-R3-R4-R6
t. On R1, configure TI-LFA
u. Check the TI-LFA backup path for the SRTE path on R1
v. Shutdown R3<->R4 link. verify that traffic will drop because of
invalidation drop
Configuration
R1,R3,R4,R6
router isis 1
net 49.0000.0000.0000.000x.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index x
!
!
interface GigabitEthernet0/0/0/y
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/y
point-to-point
address-family ipv4 unicast
!
!
!
R2,R5
router isis 1
net 49.0000.0000.0000.000x.00
is-type level-2-only
advertise passive-only
metric-style wide
segment-routing mpls
passive-interface Loopback0
!
interface GigabitEthernet y
ip router isis 1
isis network point-to-point
!
segment-routing mpls
connected-prefix-sid-map
address-family ipv4
w.x.y.z/32 index x range 1
exit-address-family
Configuration
router isis 1
interface GigabitEthernet0/0/0/x
Configuration
segment-routing
SRLB reserved
local-block 24000 25000 range for
persistence Adj-SID
!
router isis 1
interface GigabitEthernet0/0/0/3
Protected
point-to-point Persistence Adj-SID
address-family ipv4 unicast
metric 1000
Non-Protected
adjacency-sid absolute 24041 protected Persistence Adj-SID
Verification
RP/0/RP0/CPU0:R3#show isis segment-routing label adjacency persistent
Sun Feb 24 07:56:20.641 UTC
24041 AF IPv4
GigabitEthernet0/0/0/3: IPv4, Protected 1/255/N, Active
24042 AF IPv4
GigabitEthernet0/0/0/3: IPv4, Not protected 1/255/N, Active
d. Configure R1 as Head-end.
segment-routing
Protected Persistence
traffic-eng
Adj-SID on R3
segment-list LowCostR6
Verification
RP/0/RP0/CPU0:R1#traceroute 6.6.6.6 source loopback 0
Sun Feb 24 09:37:07.472 UTC
1 10.10.13.3 [MPLS: Labels 24041/24011 Exp 0] 161 msec 135 msec 145 msec
2 10.10.34.4 [MPLS: Label 24011 Exp 0] 115 msec 72 msec 63 msec
3 10.10.46.6 142 msec * 113 msec
RP/0/RP0/CPU0:R1#show cef
Sun Feb 24 09:58:35.086 UTC
Path-id: 1, Weight: 64
Packets Switched: 0
Configuration
router isis 1
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
!
!
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy detail
Packets Switched: 0
Packets Switched: 0
h1. On R3, shutdown R3<->R4 link. On R1, verify that the SR policy
will keep the SRTE-LSP up but drop the traffic if failure happen in the
middle of path.
16003
24041
24011
Attributes:
Binding SID: 40000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
Traffic dropped
1 * * *
2 * * *
Attributes:
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: no
IGP Path
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.10.13.3 [MPLS: Label 16006 Exp 0] 169 msec 103 msec 64 msec
2 10.10.35.5 [MPLS: Label 16006 Exp 0] 40 msec 13 msec 31 msec
3 10.10.56.6 148 msec * 93 msec
Task2.
Single domain SRTE and WECMP:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as
Task1
b. Configure R1 as Head-end and SRTE to use Explicit-Path as
Task1
c. On R1, configure the primary path as R1-R3-R5-R6 and the
secondary path as R1-R2-R4-R6 and share the traffic with
proportion 1 to 2 using weight command
d. Verify the reachability of R6 from R1
Configuration
segment-routing
traffic-eng
segment-list P1R6
index 10 mpls label 16003
index 20 mpls label 16005
index 30 mpls label 16006
!
segment-list P2R6
index 10 mpls label 16002
index 20 mpls label 16004
index 30 mpls label 16006
!
policy R6TE
candidate-paths
preference 100
explicit segment-list P1R6
weight 1
!
explicit segment-list P2R6
weight 2
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy
Color Endpoint Segment Outgoing Outgoing Next Hop Bytes Secondary Path
traffic is half of
Primary path
16004
16006
Attributes:
Binding SID: 40000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
Task3.
Single domain Dynamic SRTE and load sharing:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as
Task1
b. Configure R1 as Head-end and SRTE to use Dynamic-Path and
assign BSID 40000 to the SR-Policy.
c. On all nodes, enable mpls traffic engineering under isis instance.
d. Change TE metric according to the following topology
e. Share the traffic between them with the lowest margin value and
set SID-Limit to 3.
f.
g. Verify the reachability of R6 from R1
Configuration
router isis 1
distribute link-state level 2 This command feeds
SRTE DB with IGP DB
address-family ipv4 unicast
Configuration
IOS XR
router isis 1
address-family ipv4 unicast
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
!
!
segment-routing
traffic-eng
!
IOS XE
router isis 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
mpls traffic-eng tunnels
!
!
interface gigabitEthernet x
mpls traffic-eng tunnel
Must be configured for
! TE computation
Configuration
R2
TE metric in IOS XE
interface GigabitEthernet2
mpls traffic-eng tunnels
R3
segment-routing
traffic-eng
interface GigabitEthernet0/0/0/3
metric 8
Name: R6TE
Requested BSID: 40000
Dynamic (valid)
Metric Type: TE, Path Accumulated Metric: 28
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes: Path through R3<->R4 link
e. now add link between R3<->R5 to the path with the lowest margin
value and set SID-Limit to 3.
Configuration
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
277
Segment Routing Work Book by Orhan Ergun LLC
segment-routing
traffic-eng
policy R6TE
binding-sid mpls 40000
color 6 end-point ipv4 6.6.6.6
autoroute
include ipv4 6.6.6.6/32
!
candidate-paths
preference 100
Absolute command is exact value for margin. In
dynamic addition, relative command
can be use that is percentage of minimum
delay. With this
metric command it adds R3<->R5 link to the path
sid-limit 3
type te
margin absolute 4
On R1, verify the margin feature
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng policy
Tue Feb 26 20:26:19.905 UTC
Margin Relative: 0%
Maximum SID Depth: 3
Dynamic (valid)
Metric Type: TE, Path Accumulated Metric: 30
16003 [Prefix-SID, 3.3.3.3]
16006 [Prefix-SID, 6.6.6.6]
Segment List updated to
Attributes: cover both path
Binding SID: 40000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
Hop1:10.10.34.4
Hop2:10.10.46.6
Hop3:6.6.6.6
Task4.
Single domain SRTE and link coloring:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as Task
1
b. Configure R1 as Head-end and SRTE to use Dynamic-Path as
Taks 4
c. Change TE and IGP metric according to the following topology
d. Configure all links color using affinity according to the following
topology and constraints configuration.
e. The traffic from R1 to R6 must exclude red and green lines.
f. Verify the path and the reachability of R6 from R1
Configuration
R2
interface GigabitEthernet2
mpls traffic-eng tunnels By default TE metric is bound to
IGP metric. No need to re-configure
isis network point-to-point TE metric again in this topology.
R3
router isis 1
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
metric 5
Configuration
R1
segment-routing
traffic-eng
interface GigabitEthernet0/0/0/1
affinity
Assigning affinity colors
with naming model
name blue
!
!
interface GigabitEthernet0/0/0/2
affinity
Assigning more than
name blue
one affinity colors
name green
!
!
policy R6TE
binding-sid mpls 40000
color 6 end-point ipv4 6.6.6.6
autoroute
include ipv4 6.6.6.6/32
!
candidate-paths
preference 100
dynamic
metric
type te
!
!
constraints
affinity
Exclude green and red links
exclude-any
name red
name green
!
!
!
!
!
!
affinity-map
Colors bit value configuration
name red bit-position 1
name blue bit-position 2
name green bit-position 0
!
R2(IOS XE)
R3(IOS XR)
segment-routing
traffic-eng
interface GigabitEthernet0/0/0/0
affinity
name green
!
!
interface GigabitEthernet0/0/0/1
affinity
name red
!
!
interface GigabitEthernet0/0/0/2
affinity
name blue
!
interface GigabitEthernet0/0/0/3
affinity
name green
!
!
affinity-map All nodes must configure with
same value for each color
name red bit-position 1
name blue bit-position 2
name green bit-position 0
!
R4 (IOS XR)
segment-routing
traffic-eng
interface GigabitEthernet0/0/0/0
affinity
name blue
!
!
interface GigabitEthernet0/0/0/1
affinity
name blue
!
!
interface GigabitEthernet0/0/0/2
affinity
name green
!
!
interface GigabitEthernet0/0/0/3
affinity
name blue
!
!
affinity-map
name red bit-position 1
name blue bit-position 2
name green bit-position 0
!
R5
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng policy
Wed Feb 27 14:21:31.984 UTC
Verification
RP/0/RP0/CPU0:R1#traceroute 6.6.6.6 source loopback 0
Wed Feb 27 14:27:15.989 UTC
Task5.
SR and L3 VPN service
a. Configure ISIS as IGP and Configure SR on all SP nodes as
Task1
b. Put CE routers in VRF “A”. Site1 RT,RD: 100:1, Site2 RT,RD:
200:1
c. Assign AS 110 for site1 and AS120 for site2
d. Put PE routers in AS 100 and configure MP BGP on PEs.
e. Loopback address 22.2.2.1/32 and 22.2.2.2/32 on CE2 and
11.1.1.1/32 on CE1 should be configured and advertise in BGP
b. Put CE routers in VRF “A”. Site1 RT,RD: 100:1, Site2 RT,RD: 200:1
Configuration
R1
vrf A
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
interface GigabitEthernet0/0/0/0
vrf A
ipv4 address 10.10.110.1 255.255.255.0
!
R6
vrf A
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
interface GigabitEthernet0/0/0/2
vrf A
ipv4 address 10.10.120.6 255.255.255.0
!
Verify configuration
Verification
RP/0/RP0/CPU0:R1#show vrf A
Fri Mar 1 15:20:45.149 UTC
VRF RD RT AFI SAFI
A 200:1
import 200:1 IPV4 Unicast
export 100:1 IPV4 Unicast
RP/0/RP0/CPU0:R6#show vrf A
Fri Mar 1 15:24:17.537 UTC
VRF RD RT AFI SAFI
A 100:1
Configuration
CE1
CE2
Configuration
R1
route-policy vpn
pass
end-policy
!
!
!
vrf A
rd 200:1
address-family ipv4 unicast
!
neighbor 10.10.110.10
remote-as 110
address-family ipv4 unicast
route-policy vpn in
route-policy vpn out
!
R6
route-policy vpn
pass
end-policy
!
Configuration
CE1
interface Loopback111
ip address 11.1.1.1 255.255.255.255
CE2
interface Loopback221
ip address 22.2.2.1 255.255.255.255
!
interface Loopback222
ip address 22.2.2.2 255.255.255.255
!
VPN Labels
Processed 3 prefixes, 3 paths
Verification
CE1#traceroute 22.2.2.1 source loopback 111
Type escape sequence to abort.
Tracing the route to 22.2.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.110.1 148 msec 80 msec 90 msec
2 10.10.13.3 [MPLS: Labels 16006/24004 Exp 0] 186 msec 188 msec
10.10.12.2 [MPLS: Labels 16006/24004 Exp 0] 168 msec
3 10.10.24.4 [MPLS: Labels 16006/24004 Exp 0] 165 msec 172 msec 171 msec
4 10.10.46.6 [MPLS: Label 24004 Exp 0] 184 msec 115 msec 107 msec
5 10.10.120.20 196 msec * 173 msec
Task5.1.
Automatic traffic steering with BGP (Color assignment on the egress
PE):
a. Configure R6 to assign color extended community for
22.2.2.1/32 (color green with value 10)
22.2.2.2/32 (color blue with value 20)
b. Configure SRTE on R1 to choose the following paths using explicit-
path:
<R1-R3-R5-R6> for green traffics with BSID 40001 and
<R1-R2-R4-R6> for blue traffics with BSID 40002 and steer them
automatically using BGP.
c. Verify the path and the reachability of both prefixes from CE1
Configuration
extcommunity-set opaque green
10
end-set
!
extcommunity-set opaque blue
20
end-set
!
!
route-policy COLOR
if destination in (22.2.2.1/32) then
set extcommunity color green
endif
if destination in (22.2.2.2/32) then
set extcommunity color blue
endif
end-policy
!
!
router bgp 100
neighbor 1.1.1.1
address-family vpnv4 unicast
route-policy COLOR out
aspath: 120
extended community: RT:200:1
Attributes after outbound policy was applied:
next hop: 6.6.6.6
MET ORG AS EXTCOMM
origin: IGP neighbor as: 120 metric: 0
aspath: 120
extended community: RT:200:1 Color:20
Configuration
segment-routing
traffic-eng
segment-list R2R6
index 10 address ipv4 2.2.2.2
Explicit path
index 20 address ipv4 4.4.4.4
with IP address
index 30 address ipv4 6.6.6.6
!
segment-list R3R6
index 10 mpls label 16003
Explicit path
index 20 mpls label 16005 with Label
Blue Color index 30 mpls label 16006
value
!
policy BLUE20
binding-sid mpls 40002
Status:
Admin: up Operational: up for 00:53:27 (since Mar 1 17:50:49.127)
Candidate-paths:
Preference: 100 (configuration) (current)
Name: GREEN10
Attributes:
Binding SID: 40002
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
2 10.10.13.3 [MPLS: Labels 16005/16006/24004 Exp 0] 143 msec 129 msec 137 msec
3 10.10.35.5 [MPLS: Labels 16006/24004 Exp 0] 133 msec 128 msec 104 msec
4 10.10.56.6 [MPLS: Label 24004 Exp 0] 140 msec 108 msec 106 msec
5 10.10.120.20 122 msec * 123 msec
2 10.10.12.2 [MPLS: Labels 16004/16006/24005 Exp 0] 139 msec 118 msec 126 msec
3 10.10.24.4 [MPLS: Labels 16006/24005 Exp 0] 149 msec 121 msec 122 msec
4 10.10.46.6 [MPLS: Label 24005 Exp 0] 124 msec 127 msec 126 msec
5 10.10.120.20 111 msec * 143 msec
Task5.2.
Do the same as task 5.1 but color assignment should be done on the
ingress PE
a) Remove all color assignment from R6
b) On R1, configure color assignment based on Task 5.1
Configuration
extcommunity-set opaque green
10
end-set
!
extcommunity-set opaque blue
20
end-set
!
route-policy COLOR
if destination in (22.2.2.1/32) then
set extcommunity color green
endif
if destination in (22.2.2.2/32) then
set extcommunity color blue
endif
end-policy
!
!
Task5.3.
SRTE/ODN:
a) Regarding to Task5.2, configure R1 to choose dynamic path
using ODN only for prefix 22.2.2.1/32 based on TE metric and
remove other configurations under segment-routing traffic
engineering section.
b) Change TE metric on R2<->R4 link to value 5.
c) Verify R1 for ODN SRTE and check connectivity of 22.2.2.1/32
on CE1.
Configuration
segment-routing
Using green color for
traffic-eng specified 22.2.2.1/32 prefix
on-demand color 10
dynamic
metric
Metric type TE
type te
Configuration
interface GigabitEthernet2
mpls traffic-eng tunnels
mpls traffic-eng administrative-weight 5
isis network point-to-point
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng policy
Sat Mar 2 11:55:42.153 UTC
Task5.4.
Segment Routing Flex Algorithm and Automatic traffic steering with
BGP (Color assignment on the egress PE):
a) Referring scenario in the Task 5.1, one new Algorithm is adding
to ISIS:
Algo 0 (All SP nodes and default one)
Flex-Algo 128 (R3R4) based on IGP metric
b) Assign different prefix-SIDs in each algorithm for the loopback 0
like below:
Node1: Algo default: 16001
Algo 128:16801
Configuration
R1
router isis 1
Enable algorithm 128 on node
flex-algo 128
!
interface Loopback0
address-family ipv4 unicast
Algorithm 128 Prefix-SID
prefix-sid index 1
prefix-sid algorithm 128 absolute 16801
!
R3
R4
router isis 1
flex-algo 128
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 4
prefix-sid algorithm 128 absolute 16804
!
R6
router isis 1
flex-algo 128
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 6
prefix-sid algorithm 128 absolute 16806
Configuration
segment-routing
traffic-eng
on-demand color 10
dynamic
metric
type igp
!
!
!
on-demand color 20
dynamic
sid-algorithm 128
Dynamic (valid)
16806 [Prefix-SID: 6.6.6.6, Algorithm: 128]
Preference: 100 (BGP ODN)
Last error: Constraint cannot be enforced: flex-algorithm
Requested BSID: dynamic
Constraints:
Prefix-SID Algorithm: 128
Dynamic (pce) (invalid)
Metric Type: NONE, Path Accumulated Metric: 0
Attributes:
Binding SID: 24007
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
Alg:128
L2 4.4.4.4/32 [20/115] Label: 16004, medium priority
via 10.10.13.3, GigabitEthernet0/0/0/2, R3, SRGB Base: 16000, Weight: 0
src R4.00-00, 4.4.4.4, , prefix-SID index 804, R:0 N:1 P:0 E:0 V:0 L:0,
Alg:128
L2 6.6.6.6/32 [30/115] Label: 16006, medium priority
via 10.10.13.3, GigabitEthernet0/0/0/2, R3, SRGB Base: 16000, Weight: 0
src R6.00-00, 6.6.6.6, , prefix-SID index 806, R:0 N:1 P:0 E:0 V:0 L:0,
Alg:128
22.2.2.2/32, version 83, internal 0x5000001 0x0 (ptr 0xde0a3bc) [1], 0x0 (0xdfcda68),
0xa08 (0xe4dc228)
recursion-via-label
Day 4
Segment Routing
Multi-Domain SRTE
Multi-Domain SRTE
You can scale your network with segment routing traffic engineering.
In segment routing it is possible like traditional unified MPLS (seamless
MPLS) to use inter-AS options and BGP-LU for multi domain interconnection
and in this chapter some labs are provided which shows how to use
traditional methods using Segment Routing. In the meantime, an external
controller (PCE Controller) using BGP-LS can gather topology information of
different domains and provide the best end-to-end path using dynamic or
explicit path policy. BGP-LS is an extension to Border Gateway Protocol
(BGP) for distributing the network’s link-state (LS) topology model to external
entities, such as the SDN controller. It has received a lot of attention because
many SDN apps need this model BGP-LS supports IS-IS and OSPFv2 (until
the time of writing this document).
Segment routing for traffic engineering (SR-TE) uses a “policy” to steer traffic
through the network. An SR-TE policy path is expressed as a list of segments
that specifies the path, called a segment ID (SID) list. Each segment is an
end-to-end path from the source to the destination, and instructs the routers
in the network to follow the specified path instead of the shortest path
calculated by the IGP. If a packet is steered into an SR-TE policy, the SID
list is pushed on the packet by the head-end. The rest of the network
executes the instructions embedded in the SID list.
In this chapter a number of useful multi domain scenarios are provided which
can be usable for mobile operators and internet service providers.
Addressing Table
Device Name IPv4 Loopback address Prefix-Sid
R1(XR) 1.1.1.1/32 16001
R2(XR) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XR) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
RR1 7.7.7.7/32
RR2 8.8.8.8/32
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2
Task1.
Multidomain for SR and Dynamic SRTE using PCE
a) Configure two ISIS domains, ISIS1+SR and OSPF1+SR
b) Configure BGP AS100 in ISIS1 and AS200 in OSPF1
c) Configure ebgp between RR1 and RR2.
d) Configure RR1 and RR2 as XTC+PCE and R1, R6 PCC.
e) Configure mpls traffic-engineering under all nodes.
f) Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
g) Assign AS 110 for site1 and AS120 for site2 and advertise CE’s
Loopbacks in MP-BGP
Configuration
R1
Changing level of
routing to L2
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast Only passive interfaces
are advertised
metric-style wide
advertise passive-only
Enable SR with MPLS data plane
segment-routing mpls
!
Make Loopback interface
interface Loopback0 passive
passive
address-family ipv4 unicast
prefix-sid index 1
Prefix-SID for node
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point Make physical interfaces
address-family ipv4 unicast point-to-point
!
!
interface GigabitEthernet0/0/0/0.13
point-to-point
address-family ipv4 unicast
!
!
R2
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0002.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 2
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
R3
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 3
!
!
interface GigabitEthernet0/0/0/0.13
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
!
!
RR1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0007.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 7
!
!
interface GigabitEthernet0/0/0/0.27
point-to-point
address-family ipv4 unicast
!
!
Configuration
R4
router ospf 1
router-id 4.4.4.4
Enable SR with MPLS data plane
segment-routing mpls
area 0
To advertise loopback address only
prefix-suppression
interface Loopback0
passive enable
Prefix-SID assignment
prefix-sid index 4
!
interface GigabitEthernet0/0/0/0.45
network point-to-point
!
interface GigabitEthernet0/0/0/0.46
network point-to-point
Make physical
! interfaces point-to-
!
!
R5
router ospf 1
router-id 5.5.5.5
segment-routing mpls
area 0
prefix-suppression
interface Loopback0
prefix-sid index 5
!
interface GigabitEthernet0/0/0/0.45
network point-to-point
!
interface GigabitEthernet0/0/0/0.56
network point-to-point
!
interface GigabitEthernet0/0/0/0.58
network point-to-point
!
!
R6
router ospf 1
router-id 6.6.6.6
segment-routing mpls
area 0
prefix-suppression
interface Loopback0
passive enable
prefix-sid index 6
!
interface GigabitEthernet0/0/0/0.46
network point-to-point
!
interface GigabitEthernet0/0/0/0.56
network point-to-point
!
!
RR2
router ospf 1
router-id 8.8.8.8
segment-routing mpls
area 0
prefix-suppression
interface Loopback0
passive enable
prefix-sid index 8
!
interface GigabitEthernet0/0/0/0.58
network point-to-point
!
!
!
16001 Loopback0
16002 2.2.2.2/32
16003 3.3.3.3/32
16007 7.7.7.7/32
Algorithm: 0
Algorithm: 1
Node Maximum SID Depth:
Subtype: 1, Value: 10
Metric: 10 IS-Extended R2.00
Interface IP Address: 10.10.27.7
Neighbor IP Address: 10.10.27.2
Link Maximum SID Depth:
Subtype: 1, Value: 10
ADJ-SID: F:0 B:0 V:1 L:1 S:0 P:0 weight:0 Adjacency-sid:24003
Metric: 0 IP-Extended 7.7.7.7/32
Prefix-SID Index: 7, Algorithm:0, R:0 N:1 P:0 E:0 V:0 L:0
Node Flag
Prefix Attribute Flags: X:0 R:0 N:1
SID Prefix/Mask
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32 (L)
8 8.8.8.8/32
LS age: 1527
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.1
Opaque Type: 7
Opaque ID: 1
Advertising Router: 8.8.8.8
LS Seq Number: 80000017
Checksum: 0xfc44
Length: 44
Flags : 0x0
Default algorithm
MTID : 0
Algo : 0
SID Index : 8
Configuration
R1
R2
R3
bgp unsafe-ebgp-policy
address-family ipv4 unicast
!
address-family link-state link-state
!
neighbor 7.7.7.7
remote-as 100
update-source Loopback0
!
address-family link-state link-state
!
!
neighbor 10.10.34.4
remote-as 200
address-family ipv4 unicast
!
!
RR1
!
neighbor-group ISIS1
remote-as 100
update-source Loopback0
address-family link-state link-state
!
!
neighbor 1.1.1.1
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
!
!
neighbor 2.2.2.2
use neighbor-group ISIS1
!
neighbor 3.3.3.3
use neighbor-group ISIS1
!
Configuration
R6
R5
R4
neighbor 10.10.34.3
remote-as 100
address-family ipv4 unicast
!
!
!
RR2
Configuration
ISIS1
RR1
route-policy ebgp
pass
end-policy
!
network 7.7.7.7/32
!
address-family vpnv4 unicast
!
address-family link-state link-state
!
neighbor-group ISIS1
remote-as 100
update-source Loopback0
address-family ipv4 unicast
!
address-family link-state link-state
!
!
neighbor 8.8.8.8
remote-as 200
ebgp-multihop 100
update-source Loopback0
address-family vpnv4 unicast
route-policy ebgp in
route-policy ebgp out
next-hop-unchanged
!
BGP-LS address family
address-family link-state link-state with RR2
route-policy ebgp in
route-policy ebgp out
R2
R3
OSPF1
RR2
route-policy ebgp
pass
end-policy
!
R4
R5
Speaker 33 33 33 33 33 0
Configuration
ISIS1
RR1
router isis 1
Redistribute IGP database to
distribute link-state BGP for PCE path compute and
inter-domain advertisement
!
pce
Enable PCE feature on RR
address ipv4 7.7.7.7 with its own address
!
R1
segment-routing
traffic-eng
pcc
pce address ipv4 7.7.7.7 RR PCE address
!
R2
This must be
mpls static configured for mpls
forwarding on ebgp
interface GigabitEthernet0/0/0/0.25
address-family ipv4 unicast
!
R3
mpls static
interface GigabitEthernet0/0/0/0.34
address-family ipv4 unicast
!
OSPF1
RR2
router ospf 1
distribute link-state
!
pce
address ipv4 8.8.8.8
!
R6
segment-routing
global-block 16000 23999
traffic-eng
pcc
pce address ipv4 8.8.8.8
R4
mpls static
interface GigabitEthernet0/0/0/0.34
address-family ipv4 unicast
R5
mpls static
interface GigabitEthernet0/0/0/0.25
address-family ipv4 unicast
NHID: 3
IFH: 0x1000040
Label: 24002, Refcount: 3
rpc_set: 0x7f41c44fbed8, ID: 1
GigabitEthernet0/0/0/0.12 No No No Yes
GigabitEthernet0/0/0/0.23 No No No Yes
GigabitEthernet0/0/0/0.25 No No Yes Yes
GigabitEthernet0/0/0/0.27 No No No Yes
Configuration
ISIS1
router isis 1
address-family ipv4 unicast
MPLS traffic-eng router-id
mpls traffic-eng level-2-only and BGP router ID should
mpls traffic-eng router-id Loopback0 use same on nodes.
OSPF1
router ospf 1
mpls traffic-eng router-id Loopback0
area 0
mpls traffic-eng
f. Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
Configuration
R1
vrf A
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
interface GigabitEthernet0/0/0/0.110
vrf A
ipv4 address 10.10.110.1 255.255.255.0
encapsulation dot1q 110
!
R6
vrf A
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
!
interface GigabitEthernet0/0/0/0.120
vrf A
ipv4 address 10.10.120.6 255.255.255.0
encapsulation dot1q 120
g Assign AS 110 for site1 and AS120 for site2 and advertise CE’s
Loopbacks in MP-BGP
Configuration
ISIS1
R1
route-policy vpn
pass
end-policy
!
CE1
OSPF1
R6
route-policy vpn
pass
end-policy
!
CE2
Tip:
In this scenario, inter-AS option C provides inter-AS L3VPN connectivity. In the inter-AS
option C model, the L3VPN prefixes and labels are exchanged between the PEs in two ASs
using EBGP. For scalability, this exchange typically happens over a multi-hop EBGP session
between a RR in one AS and a RR in other AS. To establish the inter-AS EBGP session between
the RRs, reachability between them is required. The inter-AS option C model also requires that
the loopback prefixes of the PEs are reachable from the other AS. This is require to provide a
continuous LSP between the PEs to carry the L3VPN service traffic. Within AS, LDP or SR are
used for label distribution while BGP label unicast (LU) is used to exchange over inter-AS link
between ASs. There are two options for providing inter-AS LSPs between the PEs:
1) Mutually redistribute the PE loopback prefixes with their prefix-SID labels between BGP
and IGP on the ASBR
2) Advertise the PE loopback with their prefix-SID labels in BGP-LU (using RPL or route-
map) which is used in this scenario.
BGP session between RR <-> ASBR (R3 or R4) will be established to provide reachability
between RRs. It should be noted that, RRs only reflect VPNv4 prefixes.
To answer this task consider the following points:
Configure BGP-LU between R1<->R3, RR1<->R3, R3<->R4, R4<->RR2 ,
R4<->R6
Configure BGP VPNv4 between R1<->RR1, RR1<->RR2, RR2<->R6
Do not change BGP next hop between RR1<->RR2 (Next hop unchanged command)
Change next-hop from ASBRs to PEs (next-hop self)
Task1.1.
Multidomain for SR and Dynamic SRTE using PCE and ODN
a) To install CE’s route on remote PEs, configure static route on
RRs and PEs.
b) On R1, configure ODN with ingress coloring policy for
222.222.222.222/32 prefix.
c) On R6, configure ODN with ingress coloring policy for
111.111.111.111/32 prefix.
d) Verify reachability between CEs.
e) Shutdown ASBR loopback of SRTE path
f) Verify path is updated.
Verify that RR1 does not best route for CE2’s loopback prefix.
Verification
RP/0/RP0/CPU0:RR1#show bgp vpnv4 unicast | utility tail
Mon Mar 11 15:45:49.011 UTC
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i111.111.111.111/32 1.1.1.1 0 100 0 110 i
Because there is no route for
Route Distinguisher: 200:1 6.6.6.6, no best route for
* 222.222.222.222/32 6.6.6.6 CE2’s loopback prefix is found. 0 200 120 i
Verify that R1 does not learn CE2’s loopback in bgp vpn address
family.
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
368
Segment Routing Work Book by Orhan Ergun LLC
Verification
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast | utility tail
Mon Mar 11 15:41:57.691 UTC
BGP scan interval 60 secs
Configuration
R1 & RR1
router static
address-family ipv4 unicast
6.6.6.6/32 Null0
Static route to null, creates
cef entry for PE’s address
R6 & RR2
router static
address-family ipv4 unicast
1.1.1.1/32 Null0
Configuration
route-policy ODN
Policy for color to
if destination in (222.222.222.222/32) then prefix binding
segment-routing
SRTE with On-demand
traffic-eng
policy using PCEP
on-demand color 10
dynamic
pcep
Configuration
extcommunity-set opaque GREEN
20
end-set
!
route-policy ODN
if destination in (111.111.111.111/32) then
set extcommunity color GREEN
else
pass
endif
end-policy
!
segment-routing
traffic-eng
on-demand color 20
dynamic
pcep
!
metric
type igp
ERO:
SID[0]: Node, Label 16003, NAI: 3.3.3.3
SID[1]: Adj, Label 24005, NAI: local 10.10.34.3 remote 10.10.34.4
SID[2]: Node, Label 16006, NAI: 6.6.6.6
Verify reachability
Verification
RP/0/RP0/CPU0:R1#show cef vrf A
Mon Mar 11 18:55:53.379 UTC
255.255.255.255/32 broadcast
Configuration
interface Loopback0
shutdown
Task1.2.
Multidomain for SR and Dynamic SRTE + disjoint-pass using PCE
a) Advertise 22.2.2.1/32 and 22.2.2.2/32 on CE2.
b) Configure ODN-SRTE for 22.2.2.1/32 and 22.2.2.1/32 on R1.
c) Configure disjoint-path for SRTE on R1.
Configuration
interface Loopback221
ip address 22.2.2.1 255.255.255.255
!
interface Loopback222
ip address 22.2.2.2 255.255.255.255
!
Configuration
extcommunity-set opaque GREEN
10
end-set
!
route-policy ODN
if destination in (22.2.2.1/32) then
set extcommunity color GREEN
endif
if destination in (22.2.2.2/32) then
set extcommunity color BLUE
endif
end-policy
!
segment-routing
traffic-eng
on-demand color 10
dynamic
pcep
!
metric
type igp
!
!
!
on-demand color 20
dynamic
pcep
!
metric
type igp
!
!
!
255.255.255.255/32 broadcast
Configuration
segment-routing
traffic-eng
on-demand color 10
dynamic
pcep
!
Same group-id
metric for both colors
type igp
!
disjoint-path group-id 1 type link
!
!
on-demand color 20
dynamic
pcep
!
metric
It can be Link,
type igp Node or SRLG
!
disjoint-path group-id 1 type link
!
!
pcc
pce address ipv4 7.7.7.7
!
!
Associated LSPs:
LSP[0]:
LSP[1]:
Status: Satisfied
TIP
If disjoint feature configured with node-disjoint and PCE couldn’t find any
path with node-disjoint, then it will fallback with link-disjoint with below
status:
Status: Fallback (Node -> Link)
Task1.3.
Configure explicit path with EPE using PCE.
a) On R1, configure PCE under segment-routing.
b) On R1, configure BGP coloring for 222.222.222.222/32 prefix.
(make sure R6 has a SRTE policy for 111.111.111.111/32 prefix.)
c) On RR1(PCE), configure explicit path using EPE with backup
path.
d) Shutdown R3’s loopback to check backup path with explicit path.
Configuration
segment-routing
traffic-eng Specify source address
pcc for PCEP connection
Configuration
extcommunity-set opaque GREEN
10
end-set
route-policy COLOR
Configuration
pce
address ipv4 7.7.7.7
!
segment-routing
traffic-eng
segment-list name R6TE_blue
index 10 mpls label 16002
index 20 mpls label 24007
index 30 mpls label 16006
!
segment-list name R6TE_green
Status:
Admin: up Operational: up for 02:53:25 (since Mar 16 07:43:22.900)
Candidate-paths:
Preference: 200 (PCEP) (current)
Name: R6TE
Requested BSID: 40000
Dynamic (pce 7.7.7.7) (valid)
Metric Type: TE, Path Accumulated Metric: 0
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 40000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
Configuration
interface Loopback0
shutdown
Task1.4.
Multidomain internetworking SRTE + RSVP-TE.
a) Configure RSVP on R4,R5 and R6
b) In OSPF1 domain, configure RSVP-TE using explicit-path on R5.
c) In ISIS1 domain, configure SRTE using explicit-path on R1.
Configuration
R4
rsvp
interface GigabitEthernet0/0/0/0.45
bandwidth
!
interface GigabitEthernet0/0/0/0.46
bandwidth
!
!
mpls traffic-eng
interface GigabitEthernet0/0/0/0.45
!
interface GigabitEthernet0/0/0/0.46
!
R5
rsvp
interface GigabitEthernet0/0/0/0.45
bandwidth
!
interface GigabitEthernet0/0/0/0.56
bandwidth
!
!
mpls traffic-eng
interface GigabitEthernet0/0/0/0.45
!
interface GigabitEthernet0/0/0/0.56
!
!
R6
rsvp
interface GigabitEthernet0/0/0/0.46
bandwidth
!
interface GigabitEthernet0/0/0/0.56
bandwidth
!
!
mpls traffic-eng
interface GigabitEthernet0/0/0/0.46
!
interface GigabitEthernet0/0/0/0.56
!
!
Configuration
R5
interface tunnel-te1
ipv4 unnumbered Loopback0
autoroute announce
Will uses for stitching
! SRTE and RSVP
destination 6.6.6.6
binding-sid mpls label 56
path-option 1 explicit name R6TE
!
path option 1, type explicit R6TE (Basis for Setup, path weight 2)
Accumulative metrics: TE 2 IGP 2 Delay 600000
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Sun Mar 17 12:54:18 UTC 2019 [23:26:27 ago]
Configuration
traffic-eng
Path must pass through R5
segment-list R5RSVP
index 10 mpls label 16002
index 20 mpls label 24007 Last segment is
index 30 mpls label 56 RSVP-TE’s binding-sid
!
policy R6RSVP
binding-sid mpls 40000
color 10 end-point ipv4 6.6.6.6 End-point must be R6
candidate-paths
preference 100
explicit segment-list R5RSVP
!
Verification
CE1#traceroute 222.222.222.222 source loopback 110
Type escape sequence to abort.
Tracing the route to 222.222.222.222
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.110.1 5 msec 1 msec 2 msec
2 10.10.12.2 [MPLS: Labels 24007/56/24002 Exp 0] 4 msec 10 msec 3 msec
Binding-sid
resolves to
RSVP label
Copyright © 2020 Orhan Ergun LLC
This book belongs to XXXXXXXXXXX
405
Segment Routing Work Book by Orhan Ergun LLC
TASK2.
Single BGP domain, with 3 different IGP.
a) Configure ISIS1+SR on R1,R2 and R3.
b) Configure OSPF1+SR on R2,R3,R4 and R5.
c) Configure ISIS2+SR on R4,R5 and R6.
d) Configure Anycast-SID on R2 and R3 in ISIS 1.
e) Configure Anycast-SID on R4 and R5 in ISIS 2.
f) Redistribute PCE to ISIS domains, and redistribute PE’s
loopback to OSPF domain for reachability
g) Configure BGP 100 on all domains based on below figure.
h) Configure CEs based on Task1 (f,g).
i) Configure static route to null0 based on Task 1.1 (a)
j)
k) Configure RR to act as PCE and R1 and R6 as PCC
a. ISIS1+SR configuration
Configuration
R1
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0001.00
distribute link-state level 2
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.13
point-to-point
address-family ipv4 unicast
!
!
!
R2
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0002.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 2
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.23
point-to-point
address-family ipv4 unicast
!
!
!
R3
router isis 1
is-type level-2-only
net 49.0000.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
b. OSPF1+SR configuration
Configuration
R2
router ospf 1
router-id 2.2.2.2
segment-routing mpls
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 2
!
interface GigabitEthernet0/0/0/0.23
network point-to-point
!
interface GigabitEthernet0/0/0/0.25
network point-to-point
!
!
mpls traffic-eng router-id Loopback0
!
R3
router ospf 1
router-id 3.3.3.3
segment-routing mpls
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 3
!
interface GigabitEthernet0/0/0/0.23
network point-to-point
!
interface GigabitEthernet0/0/0/0.34
network point-to-point
!
!
mpls traffic-eng router-id Loopback0
!
R4
router ospf 1
router-id 4.4.4.4
segment-routing mpls
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 4
!
interface GigabitEthernet0/0/0/0.34
network point-to-point
!
interface GigabitEthernet0/0/0/0.45
network point-to-point
!
!
mpls traffic-eng router-id Loopback0
!
R5
router ospf 1
router-id 5.5.5.5
segment-routing mpls
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 5
!
interface GigabitEthernet0/0/0/0.45
network point-to-point
!
interface GigabitEthernet0/0/0/0.58
network point-to-point
!
!
mpls traffic-eng router-id Loopback0
!
RR
router ospf 1
router-id 8.8.8.8
segment-routing mpls
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 8
!
interface GigabitEthernet0/0/0/0.58
network point-to-point
!
c. ISIS2+SR configuration
Configuration
R4
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0004.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 4
!
!
interface GigabitEthernet0/0/0/0.45
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.46
point-to-point
address-family ipv4 unicast
!
!
!
R5
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0005.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 5
!
!
interface GigabitEthernet0/0/0/0.45
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.56
point-to-point
R6
router isis 2
is-type level-2-only
net 49.0000.0000.0000.0006.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback0
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0.46
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.56
point-to-point
address-family ipv4 unicast
!
!
!
Configuration
interface Loopback23
ipv4 address 9.9.9.23 255.255.255.255
!
router isis 1
interface Loopback23
passive
address-family ipv4 unicast
prefix-sid absolute 16023
Configuration
interface Loopback45
ipv4 address 9.9.9.45 255.255.255.255
!
router isis 2
interface Loopback45
address-family ipv4 unicast
prefix-sid absolute 16045
!
Configuration
R2,R3
PE1’s loopback
route-policy PE
if destination in (1.1.1.1/32) then
pass
endif
end-policy
!
PCE’s loopback
route-policy PCE
if destination in (8.8.8.8/32) then
pass
endif
end-policy
router isis 1
distribute link-state
address-family ipv4 unicast
redistribute ospf 1 route-policy PCE
PEs will have
reachability to PCE
R4,R5
route-policy PCE
if destination in (8.8.8.8/32) then
pass
endif
end-policy
!
route-policy PE
if destination in (6.6.6.6/32) then
pass
endif
end-policy
router isis 2
distribute link-state
address-family ipv4 unicast
redistribute ospf 1 route-policy PCE
!
router ospf 1
redistribute isis 2 route-policy PE
Configuration
RR
neighbor 4.4.4.4
use neighbor-group BGPLS
!
neighbor 5.5.5.5
use neighbor-group BGPLS
!
neighbor 6.6.6.6
use neighbor-group PE-BGP
!
!
R1
route-policy COLOR
if destination in (222.222.222.222/32) then
set extcommunity color GREEN
endif
end-policy
bgp unsafe-ebgp-policy
address-family vpnv4 unicast
!
neighbor 8.8.8.8
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
route-policy COLOR in
For traffic steering
!
R6
route-policy COLOR
if destination in (111.111.111.111/32) then
set extcommunity color GREEN
endif
end-policy
!
Configuration
RR
pce
address ipv4 8.8.8.8
segment-routing
traffic-eng
!
R1, R6
segment-routing
traffic-eng
pcc
pce address ipv4 8.8.8.8
Configuration
R1
segment-routing
traffic-eng
policy R6TE
binding-sid mpls 40000
color 10 end-point ipv4 6.6.6.6
!
candidate-paths
preference 100
dynamic
pcep
!
metric
type igp
R6
segment-routing
traffic-eng
policy R1TE
binding-sid mpls 50000
color 20 end-point ipv4 1.1.1.1
!
candidate-paths
preference 100
dynamic
pcep
!
metric
type igp
Attributes:
Binding SID: 50000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes