Segment Routing Orhan XXXXX

Segment Routing Work Book by Orhan Ergun LLC
Orhan Ergun LLC
This book belongs to XXXXXXXXXXX

1
Copyright
Orhan Ergun LLC © 2020
All rights reserved.
No part of this publication may be copied, reproduced in any format, by any means, electronic or
otherwise, without prior consent from the copyright owner and publisher of this book.
However, quoting for reviews, teaching, or for books, videos, or articles about writing is encouraged and
requires no compensation to, or request from, the author or publisher.
Orhan Ergun
About the Author
Orhan Ergun, CCIE/CCDE Trainer, Author, Network Design Advisor and Cisco Champion 2019. Orhan
Ergun is award winning Computer Network Architect, CCDE Trainer and Author. Orhan has well known
industry certificates CCIE #26567 and CCDE #20140017.
Orhan has more than 17 years of networking experience and has been working on many medium and
large-scale network design and deployment projects for Enterprise and Service Provider networks. He
has been providing consultancy services to African, Middle East and some Turkish Service Providers and
Mobile Operators for many years. Orhan has been providing Cisco network design training such as CCDE,
Pre-CCDE, Service Provider Design and many advanced technologies for many years, and created best
CCDE Training Program to share his network design experience and knowledge with the networking
community. Orhan is sharing his articles and thoughts on his blog www.orhanergun.net. All the training
and consultancy services related information can be found from his website. Orhan has a Training and
Consultancy company located in Istanbul, Turkey
Rasoul Mesghali is a Cisco Certified Internetwork Expert (CCIE) #34938 (Routing & Switching) with over
12 years in the networking industry. Rasoul loves technology and never stop keeping up with the latest
trend in technology. His experience includes Training, Consulting and Planning and deployment of
MPLS/SR (Segment routing) and data center networks. He knows Python programming language very
well and he does code and programming on a regular basis.
Vahid Tavajjohi is a Network Engineer with more than seven years of experience. He designs and
operates network projects in large service providers and data centers. Knowledge of both data center
and service provider technologies, Virtualization, Cloud, NFV, SDN, ZTP, and Scripting are main focuses
of his career. Also, consultancy of large companies and service providers is key point for his sight in
networks. He is a researcher and he is looking for new and edge technologies. Vahid have teaching
experience of network courses, like service provider and data center for technical staff of companies.
Copyright © 2020 Orhan Ergun LLC

2
Table of Contents
Introduction .......................................................................................................................... 4
Service Provider Design Using Segment Routing ..............................................................................4
Segment Routing Introduction ............................................................................................... 6
Traffic Engineering using SR ............................................................................................................7
PCEP and SR ...................................................................................................................................8
END to END Segment routing (Single BGP-AS) .................................................................................9
PCE Controller .............................................................................................................................. 11
Service Node or PE Routers ........................................................................................................... 12
Topology Independent Loop-Free Alternate (TI-LFA) with Segment Routing .......................... 12
TI-LFA application in the given topology ........................................................................................ 14
Micro-loop avoidance ................................................................................................................... 16
END To END Segment routing (Single BGP-AS) with on demand next hop (ODN) ................... 19
Egress Peer Engineering ................................................................................................................ 20
END To END Segment routing (BGP Inter-AS)................................................................................. 22
Segment routing and LDP Internetworking .......................................................................... 28
Mapping Server ............................................................................................................................ 28
Day1 - Segment Routing Fundamentals ............................................................................... 33
Task1 ........................................................................................................................................... 37
Task2 ........................................................................................................................................... 55
Task3 ........................................................................................................................................... 67
Task4 ........................................................................................................................................... 72
Task5 ........................................................................................................................................... 92
Task6 ......................................................................................................................................... 104
Day2 - Segment Routing Internetworking with LDP ...............................................................121
Task1 ......................................................................................................................................... 125
Task2 ......................................................................................................................................... 142
Task3 ......................................................................................................................................... 152
Task4 ............................................................................................................... 154

3
Task5 ......................................................................................................................................... 162

Task6 ......................................................................................................................................... 173
Task7 ......................................................................................................................................... 184
Task8 ......................................................................................................................................... 228
Day3 - Segment Routing Traffic Engineering ...................................................................... 243
Task1 ......................................................................................................................................... 252
Task2 ......................................................................................................................................... 267
Task3 ......................................................................................................................................... 272
Task4 ......................................................................................................................................... 279
Task5 ......................................................................................................................................... 287
Task5.1 ..............................................................................................................................................................300
Task5.2 ..............................................................................................................................................................309
Task5.3 ..............................................................................................................................................................313
Task5.4 ..............................................................................................................................................................316
Day4 - Segment Routing Multi-Domain SRTE...................................................................... 325

Task1 ......................................................................................................................................... 328
Task1.1 ..............................................................................................................................................................367
Task1.2 ..............................................................................................................................................................379
Task1.3 ..............................................................................................................................................................391
Task1.4 ..............................................................................................................................................................397
TASK2 ........................................................................................................................................ 405

4
Introduction
Service providers encounter various challenges to provide next generation services to

accommodate fast-paced demands of the market. Furthermore, by introduction of 5G, video
traffic growth, IoT and cloud services, combined with services requiring ubiquitous connectivity
from access to core, require unprecedented level of flexibility, elasticity and scalability in the
network infrastructure. In this chapter we are going to introduce new approaches to design highly
scalable service provider networks by means of new technologies such as Segment-Routing (SR),
SRv6, and FRR with TI-LFA, different types of EVPN and H-EVPN services.
Service Provider Design Using Segment

Routing
Service Providers must choose a very flexible design that meet any to any connectivity
requirements, without compromising in stability and availability. Furthermore, transport
programmability based on services is needed alongside reliability and scalability.
In the divide-and-conquer strategy in which the core, aggregation, and access domains are
partitioned in different IGP domains, formerly used by Unified/Seamless MPLS that reduces the
size of routing and forwarding tables within each domain, now it requires better stability and
faster convergence. Traditionally, unified MPLS used LDP or RSVP-TE to build LSP within IGP
domain and used BGP-LU for inter-Domain LSPs. While Segment Routing reduced the number of
required protocols in a service provider network by adding simple extensions to IGP protocols
such as ISIS or OSPF that can assign and distribute labels to build LSP within each IGP domain.
This enables a device inside an access, an aggregation, or a core domain to have reachability
through intra-domain SR LSPs to any other device in the same region. In next pages, we will see
in some scenarios it is better to eliminate BGP-LU for better fast convergence and simplicity of
the network. Programmability based network architecture based on segment-routing add SLA
awareness into the network and provides unlimited network scale. Moreover, Simple integration
of data centers with SP network is considered by means of EVPN capabilities that will be explain
in this chapter.
The given network topology shows a multi IGP domain network infrastructure.

5
The design can be simplified by decreasing the number of IGP domain and stretching the core
over aggregation domain
A similar approach can be applied and extend the Access domain over aggregation domain.

6
Segment Routing Introduction

Based on definition of IETF (RFC 8402), Segment Routing (briefly SR) leverage the source routing
paradigm. This definition is must notable feature of SR that everything happened in Head-end
node based on an ordered list of instructions, called “segment”. A segment can be local or global
within SR domain and often referred to by Segment Identifier (SID). SR can work on MPLS data
plane. A segment encoded as an MPLS label and ordered segments is encoded as a stack of labels.
Processing of segments starts from top and after completion of a most top segment, it popped
from the stack. Also, SR can work on IPv6 data plane with new type of routing header. A segment
encoded as an IPv6 address and ordered segments is encoded as a stack of IPv6 addresses in the
routing header.
Segment Routing reduces the number of protocols needed in a Service Provider Network. Simple
extensions to traditional IGP protocols like ISIS or OSPF provide full Intra-Domain Routing and
Forwarding Information over a label switched infrastructure, along with High Availability (HA)
and Fast Re-Route (TI-LFA) capabilities. This is an enhancement in comparing SR with Label
Distribution Protocol (LDP), that SR capable IGP node advertises segments for its attached
prefixes and adjacencies through IGP header instead of using another protocol.

7
Interior gateway protocol (IGP) distributes two types of segments: prefix segments and adjacency
segments. Each router (node) and each link (adjacency) has an associated segment identifier
(SID). A prefix SID is associated with an IP prefix. The prefix SID is manually configured from the
segment routing global block (SRGB) range of labels, and is distributed by IS-IS or OSPF. The prefix
segment steers the traffic along the shortest path to its destination. A node SID is a special type
of prefix SID that identifies a specific node. It is configured under the loopback interface with the
loopback address of the node as the prefix and it must globally unique. An adjacency segment is
identified by a dynamic label called an adjacency SID, which represents a specific adjacency, such
as egress interface, to a neighboring router. The adjacency SID is distributed by IS-IS or OSPF. The
adjacency segment steers the traffic to a specific adjacency and it must locally unique.
Generally, in distributed control-plane scenario, the segments are allocated and signaled by IS-
IS, OSPF or BGP.
Traffic Engineering using SR

Segment Routing steers a packet flow into SR Policy that contains an ordered list of segments. A
SR Policy is a framework that enables instantiation of an ordered SID list on a node for
implementing a source routing policy and it is uniquely identified through a tuple (headend, color,
endpoint). SR policy also can be used for Fast Reroute (FRR) or Operations, Administration, and
Maintenance (OAM) purposes. In comparing of SRTE with RSVP-TE, advantages of SRTE are Multi-
domain support by using PCEP for compute, Equal Cost Multi Path and Automated steering
traffic. Also, there is a component named Binding-SID (B-SID) that fundamental to SR and it may
involve a list of SIDs and it bound to SR Policy for greater scalability.

8
Moreover, must advance feature of SRTE is On-Demand Next-hop (ODN) that automatically
instantiates an SR Policy to a BGP next-hop when required and steers traffic automatically inside
the SR Policy. In this case BGP learns a route via a tail-end node with color, and headend node
authorizes the on-demand SR Policy path and maps defined color and end-point to a local
dynamic SR Policy path.
PCEP and SR
In case of using controller to compute a path dynamically through multi-domain network, nodes
are using centralized control-plane protocol named PCEP. Path Computation Element Protocol
has two main components: 1-PCE 2-PCC. Path Computation Element (PCE) is a compute server
for calculation path through nodes in multiple domains to find out best path for SRTE and send
an ordered SID list with B-SID to a headend node to reach its destination. Path Computation Client
(PCC) is a node that request a path with specified detail from PCE to reach its destination. These
two components are using PCEP to make a stateful connection with each other.

9
END to END Segment routing (Single BGP-AS)

This section focuses on the sample operator network design based on Segment routing multi
domain network and application of new features such as PCE controller, TI-LFA, BGP-LS and
service layer in which we took advantage of EVPN. The access node is also a service edge node
or PE node which service layer start or terminate here. The end-to-end transfer is established
using SDN traffic controller using PCEP Protocol or BGP-LU as shown in the following figure. The
end-to-end inter-domain network path is programmed through controllers and selected based
on the customer SLA, such as the need for a low latency path.

10
The characteristics of this network are as follow:
 There are different network domains that in each domain separate IGP is running
 TI-LFA for fast convergence in each IGP domain
 Each domain is connected to another domain using two border routers which are inline RR
and get the same Anycast-SID and the same IP address for high availability and may use
load balancing.
 There are two types of RR, transport RR and Service RR
 BGP-PIC is used for BGP Fast Reroute
Note: End-to-end transport path can be achieved by BGP-LU without SDN controller
or SRTE-Policy (SR-ODN) by the received Segment-List from PCE Controller that
collect network topology information from different domains using BGP-LS.
Note: End-to-end transport can be achieved by BGP-LU or SDN-driven path by the received
Segment-List from PCE Controller
Note:
For Anycast-SID, additional signaling protocols are not required, as the network operator
is able to simply allocates the same Prefix SID (thus a Anycast-SID) to a pair of nodes
typically acting as ABRs (border routers located between domains).
Major components of the given topology

Domains Border Router:
Routers which is locate between the boundaries of domains and play as:
 RR-Client for upstream router and RR-Server for downstream routers.
 Distribute IGP Topology information to the controller using BGP-LS address-family
 Handle traffic flow between domains
Transport RR:
A BGP Route Reflector for underlay traffics which is used for the IPv4/v6 address family, then
BGP Route Reflector is called as an IP Route Reflector or for short, Transport RR.
Service RR:
For overlays services, each node participating in BGP-based service termination has two BGP
sessions with Domain Specific S-RRs which can be located in each domain or Central S-RR which

11
can be located in the core and reflects VPNv4, VPNv6, L2VPN, EVPN .For Redundancy reasons,
there are at least 2 S-RRs.
As the below figure depicts, domain specific S-RR and T-RR is used for huge networks with very
scalable solution in which Core Domain S-RRs cover the core Domain. Aggregation Domain S-RRs
cover Access and Aggregation Domains. Aggregation Domain S-RRs and Core S-RRs have BGP
sessions among each other.
PCE Controller:
This transport option is based on SID-List that PCE controller provides. Each domain has its own
IGP/SR, and two IGP border routers in each domain using BGP LS to distribute topology,
bandwidth, reliability, latency, SRLG and other transport states of the IGP domain to the SDN
controller. The SDN controller by gathering topology data and current state of the network from
different domains, build the end-to-end best path and alternate disjoint path that satisfies a given
service requirement and sends the corresponding segment list to the service edge router. SR-PCE

12
Can be Domain Specific which will be located in each domain or Central SR-PCE which can be
located in the core.
Service Node or PE Routers:

VPN Service is defined here and VPN traffic starts and terminates at this point. Service Node
connects to the SDN-Controller using PCEP Protocol and play the role of PCC (Path computation
client) and controller take the role of PCE (Path computation engine). PCC, for the given traffic
requests to get the best path to the Egress router, send a request-Message to the controller using
PCEP protocol and get a Segment-List which steers the traffic to TE tunnel using transport label
to the egress router.
Topology Independent Loop-Free Alternate (TI-LFA) with

Segment Routing
To speed up the convergence process, TI-LFA provides precalculated-preinstalled backup path
based on post-convergence state of the network against the link or node failure in any IGP
network. TI-LFA is completely Stateless and does not require any additional signaling mechanism
such as RSVP-TE (Path/Reserve Message), therefor, each node in the IGP calculates a primary and
a backup path automatically and independently based on the IGP topology.
TI-LFA can find the optimal path all the time in any kind of topologies and cover all kind of
topologies like large ring topologies. Using segment routing, there is no need to use Targeted LDP
for rLFA, in comparison with RSVP-TE FRR, in SR there is no need to maintain the state of the
network.
Common benefits of TI-LFA are given below:
 There is no need to keep the state of the network like RSVP-TE FRR
 TI-LFA make the smaller label stack for repair path
 There is no need for complex configuration everything can happen automatically (with
simple and short commands.
 TI-LFA uses Post convergence path
 There is no need to establish targeted LDP with remote routers. This is required for Remote
LFA.
 By using the segment list in the head-end router (direct link-failure impacted router) the
backup path is created.

13
Note:
The Above Network topology can be changed to the below figure in which Core Domain RRs
collect network topology information from the Core IGP Domain and send it to the SR-PCE
Controller to calculate and provide end-to-end LSP.

14
TI-LFA application in the given topology:

According to the reference topology, imagine in the core part of the given network there are
some routers which are located in 5 regions and other part of the network are connected to the
core. As you can see geographical distance is specified in the map.
In the following scenario imagine prefix A is advertised from P5 to the core (using RR) and from
P3 to reach the BGP next-hop for A which is P5 the best path is P3—>P4—>P5
If the link between P3 and P4 goes down, P3 has to switch to the backup path in the minimum
time. In this scenario traditional LFA cannot find a path and as the q-space and p-space are not
connected together there is no pq router thus rLFA does not work.

15
However, TI-LFA can compute post convergence SPT and encode the post-convergence path in
double-segment

16
Micro-loop avoidance
Micro-loops are transient loops that occur during the period of time when some nodes have
become aware of a topology change and have changed their forwarding tables in response, but
slow routers have not yet modified their forwarding tables. With uLoop avoidance feature, node
that exist in network informed about link failure somewhere in network through IGP notification.
After computing the new path for destination, for a predetermined amount of time it installs a
FIB entry for destination that steers packets to destination via a loop-free SR path. After time
elapses, node installs normal post-convergence FIB entry for destination.
Also, when a new link comes up, maybe the best path changes for some nodes in the network
and because of new best path, slow nodes make transient loop until they converge themselves.
In this situation, uLoop helps other node to create a loop-free SR path and use that in their FIB
for amount of time until whole network converges.
The figure below illustrates a network in the normal situation before happening failure in any
connection. The best IGP path toward prefix A from P5 perspective is P3P4P6P5 and using
single segment it can reach to P5.
Now failure occurred in the connection between P6 and P5 and the figure below indicates, why
uLoop avoidance is needed in network. Node P6 detects link-failure of itself with P5 and using TI-
LFA it creates a SRTE and change the traffic flow through P4. However, P4’s best path is through
P6 and for amount of time, may some loops happen in P4’s traffic. On the other hand, P3’s best
path is through P4. In this situation, to prevent any loop until full convergence,

17
P3 creates a SRTE that force traffic to pass through P2 (Post convergence path) and install this
policy in its FIB.
The figure below illustrates that after all nodes converged with new topology, P3 removes the
FIB entry and traffic forwards with converged IGP path.

18
Interestingly, uloop avoidance supports link-up too, the below figure depicts that the connection
between P6 and P5 comes back and until full convergence, P3 by using STRE policy force the
traffic pass through P4 .
The figure below illustrates that after all nodes converged with new topology, P3 removes the
FIB entry and forwards with converged IGP path.

19
END To END Segment routing (Single BGP-AS) with on

demand next hop (ODN)
Here is an ODN scenario with SLA VPN service. In the following image, there is a multi-domain
network, CE2 advertises a prefix to PE1 and it advertise the prefix with a color for low-latency to
Route Reflector (RR). Then RR reflects the prefix with the color to the PE3 in another domain. PE3
cannot create an end-to-end LSP because it doesn’t have another domain’s topology. To
overcome this issue, PE3 asks end-to-end path from PCE server with low-latency (color), and PCE
replies to it a SID list with B-SID. Then PE3 uses this B-SID to reach PE1 through low-latency path.
While if there is another prefix that needs SLA with high capacity, by adding another color to new
prefix, traffic will pass through high capacity links. Benefit of using ODN is if the prefix wouldn’t
advertising anymore, the SR policy inside node automatically delete the path and it doesn’t
impact other prefixes. It should be noted that in the figure below, couple of border routers
between domains, get the same Anycast-SID and the same IP address for high availability and
may use load balancing.

20
Note:
In ODN scenarios, Inter-Domain forwarding is achieved via SRTE Policies which is
programmed on the PE (located in the access domain) on-demand by an external SRTE-PCE
Controller and does not require any state to be signaled throughout the rest of the network, only
on the source node (head-end). The SRTE Policy provides, by segment-list, a robust way to
program Inter-Domain end-to-end LSPs without requiring additional protocols such as BGP-
LU.
Egress Peer Engineering

A BGP EPE enabled egress PE node may advertised SIDs corresponding to its attached peers. They
enable source routing for inter-domain paths. The controller learns the BGP peer SIDs and the
external topology of the egress border router through BGP-LS EPE routes. The controller can
program an ingress node to steer traffic to a destination through the egress node and peer node
using BGP labeled unicast (BGP-LU). The below image shows how ingress routers (X,Y) control
their traffic between eBGP neighbors and override BGP path selection process at egress routers.

21
For example, in below scenario exit point from network is through node P5. P5 has two eBGP
connection with two separate nodes. Let’s assume BGP best path is through neighbor-1, however
node P2 wants to use strict path through neighbor-2. To overcome this scenario, EPE feature
must enabled on P5 per eBGP peer, then SR assign SIDs corresponding to its peers. Now node P2
can create an explicit path itself or using any controller to compute a path for eBGP neighbor-2
and put EPE SID at last SID in the label stack.

22
END To END Segment routing (BGP Inter-AS)

This section focuses on the sample network design based on Segment routing multi domain and
multi-AS network and application of new features such as PCE controller, TI-LFA, BGP-LS and
service layer in which we took advantage of EVPN. The access node is also a service edge node
or PE node which service layer start or terminate here. The end-to-end transfer is established
using SDN traffic controller using PCEP Protocol as shown in the below figure.
 Multiple BGP AS

 There are different network domains that in each domain separate IGP is running
 TI-LFA for fast convergence in each IGP domain
 Each domain is connected to another domain using two border router which are inline RR
and get the same Anycast-SID and the same IP address for high availability and may use
load balancing.
 There are two types of RR, transport RR and Service RR
 eBGP session among different ASs and exchange BGP LU
 End-to-end transport is achieved using BGP LU with BGP prefix SID
 Each access node and all the Area Border Routers (ABRs) participate in BGP LU.
 Each ASBR, which is part of the core IGP, has also iBGP peering to two central T-RRs in
its AS.

23
Dual Core Network Design
Dual core design, also known as dual plane or disjoint plane topologies, refers to a highly
redundant network chosen by companies whose main objective is to improve the resiliency of
their network. Created using different data planes, dual core design is implemented by
companies that receive the service from the different service providers. Take big companies as
an example, use dual core design in order to improve their network.
The links – passing through same fiber conduit, building, town, or city – are identified as Shared
Risk Link Group (SRLG) since they share the same fate if there are any technical glitches. It is
pertinent to carefully identify SRLG links between the providers. And if there are shared links,
diverge links should be demanded.
Dual-Plane disjointedness network design with SR anycast-sid

An Anycast SID identifies a set of routers with the same SID (with different node-SID). As some
nodes can get non-unique SID, it is possible to identify one part of network with a specific label
and another part with another label or SID. In this way we can push certain type of traffic to
traverse into particular part of the network. Also, it provides High-availability when a node
become unavailable and beside of this, it may provide ECMP. Like prefix SIDs, anycast SIDs should
be advertised in IGP using IGP protocol extension. In addition, there is a

24
limitation that if any anycast implementation planned in a network, all nodes must have same
SRGB to share same anycast SID. But this is not possible in multi-vendor environment that may
all nodes don’t have same SRGB. To overcome this issue, there is a new block named common-
anycast SRGB (CA-SRGB) that needs to be implemented in the same range on all nodes, but this
block is different from SRGB, so nodes can create this block range excluded from SRGB. Also, if
anycast SID is in the range of SRGB, there is no need to create CA-SRGB in that node.
The figure below shows the core of the network is divided into two planes, each plane has six
main node pop routers placed in different geographical location that can be full-meshed or partial
or simple ring. Different VPN traffic are planned to go to different plane. Route policy had been
used to guarantee the same VPN traffic flows on one plane. In case of failure, TI-LFA and
Microloop-Avoidance are predicted to switch traffic immediately.
Service "RED" between PE1 and PE2 must be disjoint from service "Blue" in the core of the
network:
 Service Blue has segment list {100,20} traverse the Blue plane
 Service Red has segment list {200,20} traverse the Red plane
It should be noted that IGP metric of all links are equal, thus the path P11 P22 P33 P44 is
equal to P11 P66 P55 P44 so because of ECMP traffic can goes through both path.

25
Dual-Plane network design with SR IGP Flexible Algorithm

The router may use various algorithms when calculating reachability to other nodes or to prefixes
attached to these nodes. Each node get one separate Prefix-SID related to separate algorithm
and advertises its ALGO capability. The SR-Algorithm MUST be propagated throughout the level
and MUST NOT be advertised across level boundaries. An algorithm can be defined and
configured by the administrator of the network. In a network with dual plane, a constraint would
be to use a certain plane and avoid the other plane. SR allows computing paths with these
constraints using certain algorithms. It then allow Prefix-SID to be associated with these
algorithms which is called Flex algorithm.
Based on RFC The following values have been defined:
0: Shortest Path First (SPF) algorithm based on link metric. This
is the well-known shortest path algorithm as computed by the IS-IS
Decision process. Consistent with the deployed practice for link-
state protocols, algorithm 0 permits any node to overwrite the SPF
path with a different path based on local policy.
1: Strict Shortest Path First (SPF) algorithm based on link

metric. The algorithm is identical to algorithm 0 but algorithm 1
requires that all nodes along the path will honor the SPF routing
decision. Local policy MUST NOT alter the forwarding decision
computed by algorithm 1 at the node claiming to support algorithm
1.
Generally, following steps are required for a router to take part and compute Flex Algorithm N:
1- Algorithm N Must be enabled in the router
2- Same definition for algorithm N must be applied in different routers
3- Then the router makes a special topology for algorithm N by removing:
1- any nodes which does not take part in algorithm N
2- any link that is excluded by the algorithm, for instance if it says RED affinity must be
excluded then any Red link must be removed
4- Then the router computes SPF on topology N with defined metric (IGP/TE/Delay)
5- Finally installing any reachable Prefix-Sids of Flexible-Algorithm N in the forwarding
table
The below network is consist of 2 planes and three algorithms: 0,120,130
PE1,2 participate to Algorithm 0 and 120 and 130

P11,22,33,44,55,66 participate to Algorithm 0 and 130
P1,2,3,4,5,6 participate to Algorithm 0 and 120

26
Node 6 advertises:
 Prefix-SID 16006 for ALGO 0

Node 66 advertises:

PE1 advertises:

The above figure after pruning the extra links and node will be as below figure:

27
As node p1,2,3,4,5,6 are not in the Red algorithm are removed from the Red topology.
As black connections between plane Red and Blue are not in the Red algorithm are removed from
the Red topology. In the resulted topology best path is computed and reachable prefix-sid will be
installed in the forwarding plane. Again, it should be noted that IGP metric of all links are equal,
thus the path P11 P22 P33 P44 is equal to P11 P66 P55 P44 so because of ECMP
traffic can goes through both path.
Note:
 TI-LFA is performed within each resulted topology and Backup path is based on
prefix-sid of resulted topology of each algorithm and it is optimized for that algorithm
 It is possible to have two or more algorithms for the same network, one algorithm to
minimize the delay of the path while another for minimizing IGP metric of the path
 ECMP is supported
 It is possible to use PCE controller or ODN no matter single domain or multi dome
with a specific Flexalgo

28
Segment routing and LDP Internetworking

In this part we focus on the mechanisms through which SR interworks with LDP in cases where a
mix of SR-capable and non-SR-capable routers co- exist within the same network and more
precisely in the same routing domain.
Segment Routing, can be used on top of the MPLS data plane without any modification, Segment
Routing control plane can co-exist with current label distribution protocols such as LDP.
This section focuses on the sample network design with some domains running traditional LDP
and while other domains migrated to SR and both types of domains have to be able to work
together.
Mapping Server
Segment Routing control plane can co-exist with current label distribution protocols such as LDP.
To providing internetworking in the direction LDP to SR, there is no additional signaling or state
required. However, in the direction SR to LDP internetworking one node must advertise prefix-
SIDs on behalf non-SR nodes, thereby allowing non-LDP routers to send and receive labeled traffic
from LDP-only routers. To achieve this operation, there is a role named Mapping Server. Segment
Routing Mapping Server (SRMS) assign prefix-SIDs to prefixes owned by non-SR-capable routers
as well as to prefixes owned by SR capable nodes.
Let’s assume we have a scenario that separated by two domains that one of them uses LDP and
another uses SR. Traffic wants to go from P7 to P1, but P7 doesn’t run LDP and wants to assign
label for P1. It received a SID 16001 from mapping server to reach P1. Then it adds label 16001
and send it through the nodes. When traffic received by P3, it lookup for destination and find LDP
label assigned for the P1, then it swaps Prefix-SID with LDP label and send traffic to P2 and it send
traffic to P1 with appropriate label.

29

30
 By using Mapping server LDP domain nodes map to Prefix-sid and end to end lSP can be
established
 Some IGP domains use LDP, while other IGP domains use SR.
 BGP-LU without BGP prefix-SID (BGP prefix-SID is not end-to-end)
 Couple of border routers between domains, get the same Anycast-SID and the same IP
address for high availability and may use load balancing.
Inter-domain Label Stack optimization:
Traditionally, for inter-Domain networks such as seamless MPLS, BGP-LU was being used to
connect different IGP domains in which the loopback IP address of PEs and Border routers was
accessible from any routers in the network, however in huge networks such as big mobile
operator networks, the number of loopback grew and the size of RIB increased sharply, to
overcome this issue, as the figure below shows, The SRTE Policy provides, by

31
simple SID stacking (SID-List), an elegant and robust way to program Inter-Domain LSPs without
requiring additional protocols such as BGP-LU.
SRTE can connect different domains by using segment-list and reach the traffic to the border
router of each domain, then the traffic by entering into the new IGP domain, can be continued
to forward through the new IGP domain and reach to the next border router till the end.
This can solve the problem but the size of label stack will be grown which lead to the big size
packet and encounter MTU problem, furthermore some platforms does not support big label
stacks. It should be noted that we can decrease the size of RIB by allocating the same IP and SID
(Anycasting) for both border routers between couple of domains. The SRTE Policy is programmed
on the Access device on-demand by an external Controller and does not require any state to be
signaled throughout the rest of the network. The below picture depicts multi-domain network in
which the packet traveling from left to right.
A good solution to optimize the size of label stack is to redistribute loopback address of Core
routers from Core IGP domain to other IGP domains on one direction from core domain toward
the access domain. It is important to note that this redistribution is unidirectional, thus it won’t
cause any L3 routing loop in the network.

32
as shown in the below image, in this way access domain routers have access to the loop back IP
address of Core6,7,8,9 so they can use Core routers’ SID in the Segment-List directly therefore
the size of stack will decrease.
Another important fact to consider is that there is only a limited amount of Core routers in a
Service Provider Network, therefore the redistribution does not affect scalability in the Access
IGP Domain.
Note:
In traditional BGP-LU for Inter-Domain forwarding, BGP-PIC is also required for FRR. In case
of redistribution of core loopbacks to other domains, Inter-Domain LSPs provisioned by SRTE
Policy are protected by TI-LFA also in case of ABR failure (because of Anycast-SID) because
the loopback address of core routers are installed in IGP database. This is not possible with
BGP-LU/BGP-PIC, since BGP-LU/BGP-PIC have to wait for the IGP to converge first as the
loopback address is advertised by BGP update not IGP.

33
Day 1
Segment Routing
Fundamentals

34
Segment Routing Fundamentals

Segment Routing (SR) is a flexible, scalable way of doing source routing.
The source chooses a path and encodes it in the packet header as an
ordered list of segments. Segments are identifier for any type of instruction.
Each segment is identified by the segment ID (SID) consisting of a flat
unsigned 32-bit integer. Segment instruction can be:
• Go to node N using the shortest path
• Go to node N over the shortest path to node M and then follow links Layer
1, Layer 2, and Layer 3
• Apply service S
With segment routing, the network no longer needs to maintain a per-
application and per-flow state. Instead, it obeys the forwarding instructions
provided in the packet.
As LDP and Segment-routing act as transport layer or underlay, VPLS,
MPLS L3 VPN and EVPN are overlay services based on underlay
technologies. In fact, any overlay technology can be carried by any underlay
technology, for example, it is possible to provide l2VPN or EVPN services
based on LDP or SR or RSVP-TE in transport layer.

35
This chapter is focused on SR fundamental concepts and differentiation of

Underlay and overlay protocols. A Variety of LABs are provided based on
ISIS and OSPF as IGP and traditional MPLS L3 VPN and VPLS as service
layer. In the following scenarios you will learn how to configure sample SP
network with SR in the core using ISIS/OSPF and provide MPLS L3 VPN
and VPLS between CE routers.
The lab consist of combination of traditional IOS for CEs, IOS XE and IOS
XR for SP routers. The following addressing table is applied on all labs in
this chapter.
Addressing Table
Device Name IPv4 Loopback address Prefix-Sid
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA
Addressing model between devices:

The address between nodes are using the following format:
10.10.XY.Z
X= Lower number, Y= Higher number, Z= Node number

36
For example:
The address between R1, R2 =10.10.12.z
R1= 10.10.12.1, R2=10.10.12.2

37
Task1.
Configure segment routing on all P and PE routers based on the
following criteria:
a. configure ISIS as IGP (IPv4)
b. Level 2 only ISIS area
c. All routers are in 49.0000
d. Assign Prefix-SIDs based on SID table on loopback0
e. Configure all physical interface in the topology
Topology

38
Tip: Segment routing basic configuration using ISIS in IOS XE are as follow :

39
Tip: Segment routing basic configuration using ISIS in IOS XR are as follow:
Tip:
 Segments are advertised by the link-state routing protocols by adding a new extension in IS-
IS and OSPF.
o Prefix segments: Represents IGP least cost path to a prefix which is a unique number
allocated to each node in SR Domain.(global segment in the range of SRGB. It is possible to
change SRGB of each node, so the Index is advertised to other nodes not prefix-sid, in fact,
Prefix-sid is calculated based on this formula: received node’s SRGB + received index)

40
o Adjacency segment: represents IGP adjacency which is a unique number allocated to each
physical link in each node.(local segment) using this SID, each node can specify which link
traffic can traverse through.
o Anycast (one or more hops) Represents IGP least cost path to a non-unique prefix
o Binding-SID Represents a tunnel (e.g., RSVP-signaled LSP)
 A prefix segment is typically a multi-hop path while an adjacency segment, in most of the
cases, is a one-hop path.
 SR's control-plane can be applied to both IPv6 and MPLS data-planes
 SR does not require any additional signaling other than IGP (LDP or RSVP-TE is not
 requires)
 SR information advertised by TLVs and new Sub-TLVs
Now to answer the task you have to configure ISIS on all SP routers in the
map and configure Segment routing.
Configuration on R1(XR):
router isis 1
! ISIS Area type is set to L2 globally
is-type level-2-only
! Net ID must be unique (choose it based on Prefix-SID for easier

tshoot)
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast
! Enabling TLV in ISIS for SR label extension
metric-style wide
!only passive interfaces must advertise
advertise passive-only

41
! Enabling segment routing on ISIS with MPLS data plane
segment-routing mpls
interface Loopback0
! Set loopback interface to passive
passive
! SR SID will be added by index ( SRGB + index value) or

absolute(static) command to Loopback
prefix-sid index 1
interface GigabitEthernet0/0/0/2
description Connected_to_R2
! To enable TI-LFA, interfaces must set to point-to-point
point-to-point
description Connected_to_R3
! To enable TI-LFA, interfaces must set to point-to-point
point-to-point

42
Configuration on R2(IOS-XE):
! Enter segment routing mode with MPLS data plane
!
connected-prefix-sid-map
address-family ipv4
! To attach SID with /32 prefix on Loopback0 by either index (SRGB +

index value) or absolute(static)
2.2.2.2/32 index 2 range 1
exit-address-family
interface Loopback0
ip address 2.2.2.2 255.255.255.255
! changing circuit-type per interface
isis circuit-type level-2-only
interface GigabitEthernet1,2,3,4
ip router isis 1
! to enable ti-lfa, interfaces must set to point-to-point
isis network point-to-point

43
router isis 1
! net ID must be unique (choose it based on Prefix-SID for easier
tshoot)
net 49.0000.0000.0000.0002.00
! ISIS Area type is set to L2 globally
! only passive interfaces must advertise
! enabling TLV in ISIS for SR label extension
metric-style wide
! enabling segment routing on ISIS with MPLS data plane
! set loopback interface to passive
passive-interface Loopback0
Configuration on R3:
router isis 1
net 49.0000.0000.000.0003.00

44
metric-style wide
!
interface Loopback0
passive
prefix-sid index 3
!
!
point-to-point
point-to-point
point-to-point
Segment-routing
! change global-block range from default(16000-23999)
Global-block 100000 200000
router isis 1

45
net 49.0000.0000.0000.0004.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 4
!
!
point-to-point
point-to-point
point-to-point
!

46
address-family ipv4
5.5.5.5/32 index 5 range 1
exit-address-family
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis 1
router isis 1
net 49.0000.0000.0000.0005.00
metric-style wide
router isis 1

47
net 49.0000.0000.0000.0006.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 6
!
!
point-to-point
point-to-point
Verification
IOS XE
R2#show isis segment-routing connected-sid
Tag 1:
SID_Index of all nodes

48
IS-IS Level-2 connected prefix-sids:

Host Prefix SID Index Range Flags
R2 * 2.2.2.2/32 2 1
R6 6.6.6.6/32 6 1
R5 5.5.5.5/32 5 1
Star sign Indicates
R3 Local Node 3.3.3.3/32 3 1
R1 1.1.1.1/32 1 1
R4 4.4.4.4/32 4 1
Tip:
Segment Routing benefits two different encapsulation:
MPLS
SR packet header is an MPLS label stack and each label in the stack represents a
segment
IPv6
SR Header is an IPv6 header with a Segment Routing Extension Header (SRH)
which contains a list of IPv6 addresses that each of them represents a segment
R2#show segment-routing mpls connected-prefix-sid-map ipv4
PREFIX_SID_CONN_MAP
SID_Index of all nodes

as well as ISIS net ids
49
Prefix/masklen SID Type Range Flags SRGB

2.2.2.2/32 2 Indx 1 Y
PREFIX_SID_PROTOCOL_ADV_MAP
Prefix/masklen SID Type Range Flags SRGB Source

1.1.1.1/32 1 Indx 1 Y IS-IS Level 2 0000.0000.0001
2.2.2.2/32 2 Indx 1 Y IS-IS Level 2 0000.0000.0002
3.3.3.3/32 3 Indx 1 Y IS-IS Level 2 0000.0000.0003
4.4.4.4/32 4 Indx 1 Y IS-IS Level 2 0000.0000.0004
5.5.5.5/32 5 Indx 1 Y IS-IS Level 2 0000.0000.0005
6.6.6.6/32 6 Indx 1 Y IS-IS Level 2 0000.0000.0006
IOS XR
RP/0/RP0/CPU0:R1#show isis segment-routing label table
Sun Feb 3 09:07:51.454 UTC
Prefix-SID of all nodes
IS-IS 1 IS Label Table

Label Prefix/Interface
16001 Loopback0
16002 2.2.2.2/32
16003 3.3.3.3/32
16004 4.4.4.4/32
16005 5.5.5.5/32
16006 6.6.6.6/32

50
RP/0/RP0/CPU0:R1#show mpls forwarding

Sun Feb 3 09:09:17.921 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
16002 Pop SR Pfx (idx 2) Gi0/0/0/1 10.10.12.2 0

Prefix-SID of remote nodes
16002 SR Pfx (idx 2) Gi0/0/0/2 10.10.13.3 0 (!)
16003 Pop SR Pfx (idx 3) Gi0/0/0/2 10.10.13.3 0
16003 SR Pfx (idx 3) Gi0/0/0/1 10.10.12.2 0 (!)
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.12.2 0
16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.13.3 0 (!)
16005 16005 SR Pfx (idx 5) Gi0/0/0/2 10.10.13.3 0
16005 SR Pfx (idx 5) Gi0/0/0/1 10.10.12.2 0 (!)
16006 16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 10669
16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 0 (!)
24000 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.12.2 0
16002 SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0 (!)
24001 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.12.2 Ad0jacency-SIDs
24002 Unlabelled 111.111.111.111/32[V] \

Gi0/0/0/0 10.10.110.10 0
24003 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0
16003 SR Adj (idx 1) Gi0/0/0/1 10.10.12.2 0 (!)
24004 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.13.3 0
1. On R1, verify label imposition and ECMP mechanism which is supported by SR

using this command: show cef 6.6.6.6/32
FIB entry 6.6.6.6/32 with prefix-SID 6
Copyright © 2020 Orhan Ergun LLC operation: push 100006 and 16006
This book belongs to XXXXXXXXXXX egress interface : oif spt(Node6)

51
RP/0/RP0/CPU0:R1#sh cef 6.6.6.6/32

Tue Feb 5 07:51:20.085 UTC
6.6.6.6/32, version 545, labeled SR, internal 0x1000001 0x81 (ptr 0xd7420b0)
[1], 0x0 (0xd905f68), 0xa28 (0xe53e0a8)
Updated Feb 5 07:50:41.259
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.10.13.3/32, GigabitEthernet0/0/0/2, 8 dependencies, weight 0,
class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xe2c22f0 0x0]
next hop 10.10.13.3/32
remote adjacency
local label 16006 labels imposed {100006}
via 10.10.12.2/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0,
class 0 [flags 0x0]
path-idx 1 NHID 0x0 [0xe2c2380 0x0]
next hop 10.10.12.2/32
remote adjacency
FIB entry for remote prefix-SID 16006

operation: Swap
egress interface : oif spt (Node6)
R2#sh mpls forwarding-table labels 16006

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface

52
16006 16006 6.6.6.6/32 178279 Gi2 10.10.24.4
Tip:
Labels are dynamically assigned and will vary from session to session. Therefore,
your labels may not match the labels within this document.
RP/0/RP0/CPU0:R1#traceroute 6.6.6.6 source 1.1.1.1

Tue Feb 5 11:34:32.777 UTC
Type escape sequence to abort.

Tracing the route to 6.6.6.6
1 10.10.12.2 [MPLS: Label 16006 Exp 0] 89 msec 9 msec

10.10.13.3 234 msec
10.10.24.4 58 msec
3 10.10.46.6 276 msec *
10.10.56.6 45 msec
Changing segment-routing global block doesn’t change behavior of other nodes when prefix
SID configured with index value:

53

Mon Feb 4 07:21:46.694 UTC
On R3 SRGB is changed while index
values are the same, therefore
different SRGB in each node does not
change the SR normal behavior
100001 1.1.1.1/32
100002 2.2.2.2/32
100003 Loopback0
100004 4.4.4.4/32
100005 5.5.5.5/32
100006 6.6.6.6/32

Mon Feb 4 07:31:05.070 UTC
24000 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.23.2 0

24001 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.23.2 0
24002 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.35.5 0
24003 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.35.5 0
(!) indicate backup path
24004 Pop SR Adj (idx 1) Gi0/0/0/0 10.10.13.1 0
24005 Pop SR Adj (idx 3) Gi0/0/0/0 10.10.13.1 0
24006 Pop SR Adj (idx 1) Gi0/0/0/3 10.10.34.4 0
24007 Pop S1R
) A
Bdejca(uisdexof3d
)ifferenGt iS0R/G
0/B0i/n3 10.10.34.4 0
R3, Local label (100001) is not
100001 Pop SR P fx
eq ua( li
todxou1tg
)oing laGbie0l/(01/60
0/00
1) 10.10.13.1 10682
2) R3 is PHP node in Primary path
16001 SR Pfx (idx 1) Gi0/0/0/2 10.10.23.2 0 (!)

54
100002 Pop SR Pfx (idx 2) Gi0/0/0/2 10.10.23.2 0

16002 SR Pfx (idx 2) Gi0/0/0/3 10.10.34.4 0 (!)
100004 Pop SR Pfx (idx 4) Gi0/0/0/3 10.10.34.4 0
16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.23.2 0 (!)
100005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.10.35.5 0
16005 SR Pfx (idx 5) Gi0/0/0/3 10.10.34.4 0 (!)
100006 16006 SR Pfx (idx 6) Gi0/0/0/3 10.10.34.4 1750
16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.23.2 0 (!)
Tip:
Please pay attention to your SRGB. It is recommended to use same SRGB on all
nodes of your domain. Also, it helps for better troubleshooting.
Change SRGB range to default before going to next task by using below command:
segment-routing
no global-block

55
Task2.
Configure L3 VPN service and verify reachability between CEs:
a. Put CE routers in VRF “A” with R1 RT export 100:1 and import
200:1, R2 RT export 200:1 and import 100:1
b. Assign AS 110 for CE1 and AS120 for CE2 and configure bgp
ipv4 with related PEs and advertise CE’s Loopbacks in MP-BGP
c. Put PE routers in AS 100 and Configure MP BGP on PEs
d. Verify reachability CE’s loopback from remote CE using ping and
traceroute
Tip:
For simplicity we do not use RR in this lab so the BGP connection is directly between PEs
a. Put CE routers in VRF “A”
Configuration

56
VRF Configuration on R1 (PE):
Define VRF A :
vrf A
import route-target
200:1
!
export route-target
100:1
no shutdown
vrf A
ipv4 address 10.10.110.1 255.255.255.0
VRF Configuration on R6 (PE):
vrf A
import route-target
100:1
!
export route-target

57
200:1
no shutdown
vrf A
ipv4 address 10.10.120.6 255.255.255.0
Verification
RP/0/RP0/CPU0:R1#show vrf all
Sun Feb 3 10:29:18.338 UTC
VRF RD RT AFI SAFI
A 200:1
import 200:1 IPV4 Unicast
export 100:1 IPV4 Unicast
RP/0/RP0/CPU0:R1#show vrf A ipv4 unicast detail

Sun Feb 3 10:34:07.183 UTC
VRF A; RD 200:1; VPN ID not set

VRF mode: Regular
Description not set
Interfaces:
GigabitEthernet0/0/0/0
Address family IPV4 Unicast

58
Import VPN route-target communities:

RT:200:1
Export VPN route-target communities:
RT:100:1
No import route policy
No export route policy

Sun Feb 3 10:39:23.835 UTC
VRF RD RT AFI SAFI
A 100:1


Sun Feb 3 10:44:35.762 UTC

VRF mode: Regular
Description not set
Interfaces:
RT:100:1
RT:200:1

59

b. Assign AS 110 for CE1 and AS120 for CE2

CE1
interface Loopback100
ip address 111.111.111.111 255.255.255.255
router bgp 110

network 111.111.111.111 mask 255.255.255.255
neighbor 10.10.110.1 remote-as 100
CE2
ip address 222.222.222.222 255.255.255.255
router bgp 120

network 222.222.222.222 mask 255.255.255.255
c. Put PE routers in AS 100 and Configure MP BGP on PEs

MP-BGP Configuration on R1 (PE):
eBGP session In IOS XR does not
exchange any prefix if you don’t
configure route-policy under bgp
neighbor configuration

60
route-policy vpn
pass
end-policy
router bgp 100

! only vpnv4 address family is needed in this scenario
address-family vpnv4 unicast
!
neighbor 6.6.6.6
remote-as 100
update-source Loopback0
!
!
vrf A
rd 200:1
!
neighbor 10.10.110.10
remote-as 110
route-policy vpn in
route-policy vpn out

61
MP-BGP Configuration on R6 (PE):
route-policy vpn
pass
end-policy
router bgp 100

!
neighbor 1.1.1.1
remote-as 100
!
!
vrf A
rd 100:1
!
neighbor 10.10.120.2
remote-as 120
route-policy vpn in

62
Verification
2. On R1, Verify prefix entry of CE2 loopback on R1 in vrf A by using the command
show route vrf A 222.222.222.222/32
RP/0/RP0/CPU0:R1#show route vrf A 222.222.222.222/32

Sun Feb 3 08:38:28.239 UTC
Routing entry for 222.222.222.222/32

Known via "bgp 100", distance 200, metric 0
Tag 120, type internal
Installed Feb 3 07:40:41.542 for 00:57:47
Routing Descriptor Blocks
6.6.6.6, from 6.6.6.6
Nexthop in Vrf: "default", Table: "default", IPv4 Unicast, Table
Id: 0xe0000000
Route metric is 0
No advertising protos.
3. On R1, "show bgp vpnv4 unicast labels" to see VPN label
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast labels

Sun Feb 3 08:38:57.570 UTC
BGP router identifier 1.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 14

63
BGP NSR Initial initsync version 6 (Reached)

BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1
*>i222.222.222.222/32 6.6.6.6 24004 nolabel
Route Distinguisher: 200:1 (default for vrf A)
*> 111.111.111.111/32 10.10.110.10 nolabel 24002
*>i222.222.222.222/32 6.6.6.6 24004 nolabel
BGP VPN Label

Processed 3 prefixes, 3 paths
4. On R1, Verify the VPN label for the vrf A prefix 222.222.222.222/32 on R1 using the
command show route vrf A 222.222.222.222/32 detail.
RP/0/RP0/CPU0:R1#show route vrf A 222.222.222.222/32 detail

Tue Feb 5 07:44:09.174 UTC

6.6.6.6, from 6.6.6.6

64

Id: 0xe0000000
Route metric is 0
Label: 0x5dc4 (24004)
Tunnel ID: None
Binding Label: None
Extended communities count: 0
Source RD attributes: 0x0000:100:1
NHID:0x0(Ref:0)
Route version is 0x1 (1)
No local label
IP Precedence: Not Set
QoS Group ID: Not Set
Flow-tag: Not Set
Fwd-class: Not Set
Route Priority: RIB_PRIORITY_RECURSIVE (12) SVD Type
RIB_SVD_TYPE_REMOTE
Download Priority 3, Download Version 14
5. R1 has the default preference of labels for imposition, hence the cef entry of 6.6.6.6/32 will
impose the transport label 16006 on top of the VPN label 24004. Verify this with the
command show cef vrf A 222.222.222.222/32
RP/0/RP0/CPU0:R1#sh cef vrf A 222.222.222.222/32

Tue Feb 5 07:50:59.457 UTC
222.222.222.222/32, version 14, internal 0x5000001 0x0 (ptr 0xd741fdc)
[1], 0x0 (0xd905fa8), 0xa08 (0xdb9b468)
Updated Feb 4 11:37:25.919
2 Path ECMP
Node6 P-sid because
of different SRGB on
R3 and R2
65
via 6.6.6.6/32, 3 dependencies, recursive [flags 0x6000]

path-idx 0 NHID 0x0 [0xd158e00 0x0]
BGP NH, Egress PE
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
next hop 6.6.6.6/32 via 16006/0/21
next hop 10.10.13.3/32 Gi0/0/0/2 labels imposed {16006 24004}
6. On CE1,Traceroute CE2 loopback prefix will show the labels along the path to the
destination traceroute 222.222.222.222 source 111.111.111.111
CE1#traceroute 222.222.222.222 so 111.111.111.111

VRF info: (vrf in name/id, vrf out name/id)
1 10.10.110.1 51 msec 4 msec 4 msec R4,R5 are PHP Nodes,
Top label is removed
2 10.10.13.3 [MPLS: Labels 16006/24004 Exp 0] 58 msec in node4,5 and node 6
will get only vpn label
10.10.12.2 [MPLS: Labels 16006/24004 Exp 0] 9 msec 7 msec
3 10.10.35.5 [MPLS: Labels 16006/24004 Exp 0] 16 msec
4 10.10.46.6 [MPLS: Label 24004 Exp 0] 22 msec 6 msec 5 msec
5 10.10.120.2 8 msec * 20 msec

66
Tip:
In test6 please note:
In the output, this traceroute shows the labels along the two ECMP paths
Like traditional MPLS, PHP occurs on R4 and R5 so the transport label popped on
these nodes. As you can see in the output, only VPN label on R6 is existed.
In case of QoS you can preserve EXP/TC in the top label by using explicit-null lable.
You can use the following command:
Prefix-sid index ‘Sid_Index’ explicit-null
Prefix-sid absolute ‘Prefix-Sid’ explicit-null

67
Task3.
Configure LFA (IP-FRR) on all Routers in the map:
a. Configure IGP cost 1000 on the link between R3,R4 and R4,R6
b. Configure per-prefix LFA on all SP routers
c. Verify primary and backup path from R3 to R6 loopback
Configuration
LFA Configuration on R2 and R5 (XE):
router isis 1
fast-reroute per-prefix level-2 all
LFA Configuration on R1,R3,R4,R6 (XR)
Regarding topology, configure all physical interfaces as

68
follow:
router isis 1
interface GigabitEthernet0/0/0/X
fast-reroute per-prefix
Tip:
For directly connected per-prefix LFA, no additional label is imposed, the top label is
swapped and packet is forwarded towards the LFA
Verification
On R2, verify protection coverage of per-prefix lfa using the comman Show isis fast-reroute
summary on R2
RP/0/RP0/CPU0:R3#show isis fast-reroute summary
Mon Feb 4 07:52:15.649 UTC
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 5 0 5
Some paths protected 0 0 0 0 0

69
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00%
RP/0/RP0/CPU0:R3#show isis fast-reroute 6.6.6.6/32

Mon Feb 4 07:53:15.654 UTC
L2 6.6.6.6/32 [20/115]
via 10.10.35.5, GigabitEthernet0/0/0/1, R5, SRGB Base: 16000,
Weight: 0
FRR backup via 10.10.34.4, GigabitEthernet0/0/0/3, R4, SRGB Base:
16000, Weight: 0, Metric: 1020
Verify the destinations that are protected via the low bandwidth, high cost link between R3 and
R4 by using the command show isis fast-reroute | include "L2|FRR backup via.*R4"
RP/0/RP0/CPU0:R3#show isis fast-reroute | include "L2|FRR backup

via.*R4"
Mon Feb 4 07:58:10.951 UTC
Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1)
L2 1.1.1.1/32 [10/115]
L2 2.2.2.2/32 [10/115]
L2 4.4.4.4/32 [20/115]
Sub-optimal path is
L2 5.5.5.5/32 [10/115] selected for backup

L2 6.6.6.6/32 [20/115]

70
Tip:
Note that the per-prefix LFA is not going over the final path, as it would be after IGP
would converge following a failure (“post-convergence path”). Traffic over the backup
path is using a high metric, low bandwidth link, potentially causing congestion and traffic
loss. The figure below illustrates the post-convergence path from R1 to R4 in case the
link between R2 and R3 failed.

71
As you can see in the figure above, LFA follows some rules before finding alternate path.
If any backup paths does not match any of them, will fail to become alternate path. In the
scenario above, R2 is a good candidate for backup next-hop, but unfortunately does not
match the first rule, therefore, LFA chooses R4 which is sub-optimal path.

72
Task4.
Configure TI-LFA on all Routers in the map:
b. Configure per-prefix TI-LFA on all routers
d. Compare the backup path in this task with the task 3.
Tip:
There are four primary functions of TI-LFA
Provides guaranteed 100% link protection for all failure types (link, node, SRLG) in
all networks
Protects IP, LDP and SR traffic
Avoids congestion and suboptimal routing by tailoring the backup path over the
post-convergence path
 Doesn’t use targeted LDP sessions

73
Configuration
TI-LFA Configuration on R2 and R5 (XE):
Both command are

required for TI-LFA
router isis 1
fast-reroute ti-lfa level-2
TI-LFA Configuration on R1,R3,R4,R6 (XR)
Regarding topology, configure all physical interfaces as

follow:
router isis 1
interface GigabitEthernet0/0/0/X
Both command are
address-family ipv4 unicast required for TI-LFA
fast-reroute per-prefix ti-lfa
Verification
On R3, Verify the forwarding entries of R6’s loopback prefix. First, verify the RIB
entry of 6.6.6.6/32. On R3, type the command show route 6.6.6.6/32
The output below, shows backup path is chosen by TI-LFA
RIB verification

74
RP/0/RP0/CPU0:R3#show route 6.6.6.6/32

Mon Feb 4 09:48:45.676 UTC

Known via "isis 1", distance 115, metric 20, labeled SR, type level-2
10.10.23.2, from 6.6.6.6, via GigabitEthernet0/0/0/2, Backup (TI-LFA)
Repair Node(s): 4.4.4.4
Route metric is 40
10.10.35.5, from 6.6.6.6, via GigabitEthernet0/0/0/1, Protected
Route metric is 20
On R3, Verify the ISIS fast-reroute information for prefix 6.6.6.6/32 with the
command show isis fast-reroute 6.6.6.6/32
ISIS verification
RP/0/RP0/CPU0:R3#show isis fast-reroute 6.6.6.6/32

Mon Feb 4 08:07:03.103 UTC
L2 6.6.6.6/32 [20/115]
Weight: 0
Backup path: TI-LFA (link), via 10.10.23.2,
GigabitEthernet0/0/0/2 R2, SRGB Base: 16000, Weight: 0
P node: R4.00 [4.4.4. 4], Label: 16004
Prefix label: 16006

75
Backup-src: R6.00
R4 is selected as P node to avoid micro loop
On R3, verify the cef information for prefix 6.6.6.6/32.
RP/0/RP0/CPU0:R3#show cef 6.6.6.6/32

Mon Feb 4 09:52:38.824 UTC
6.6.6.6/32, version 176, labeled SR, internal 0x1000001 0x81 (ptr 0xd5d3788)
[1], 0x0 (0xd795b28), 0xa28 (0xe37e408)
FIB verification
Updated Feb 4 08:02:58.324
via 10.10.23.2/32, GigabitEthernet0/0/0/2, 14 dependencies, weight 0, class
0, backup (TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xe2b84a0 0x0]
next hop 10.10.23.2/32, Repair Node(s): 4.4.4.4
remote adjacency
local label 16006 labels imposed {16004 16006}
0, protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xe4594d0 0x0]
next hop 10.10.35.5/32

76
On R3, Verify the MPLS forwarding entry for the SR label path. This entry will be
used for incoming SR labeled packets show mpls for labels 16006 detail
RP/0/RP0/CPU0:R3#show mpls forwarding labels 16006 detail

Mon Feb 4 10:02:31.118 UTC
16006 16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.35.5 12431

Updated: Feb 4 08:02:58.454
Path Flags: 0x400 [ BKUP-IDX:0 (0xe4594d0) ]
Label stack for primary Path
Version: 176, Priority: 1
Label Stack (Top -> Bottom): { 16006 }
NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/8, MTU: 1500
Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x01000030)
Packets Switched: 247
16004 SR Pfx (idx 6) Gi0/0/0/2 10.10.23.2 0 (!)

Updated: Feb 4 08:02:58.454 Label stack for Backup Path
which is allocated by TI-LFA
(single label)

77
Path Flags: 0xb00 [ IDX:0 BKUP, NoFwd ]

Label Stack (Top -> Bottom): { 16004 16006 }


Packets Switched: 0
(!): FRR pure backup
Traffic-Matrix Packets/Bytes Switched: 0/0
On R3, verify the label stack size limits of the interfaces on this platform. To do
this, use the command show isis interface | include
"GigabitEthernet|MPLS Max Label"
RP/0/RP0/CPU0:R3#show isis interface | include "GigabitEthernet|MPLS

Max Label"
Mon Feb 4 09:08:06.837 UTC
Backup, SRTE maximum
MPLS Max Label Stack: 1/3/10 (PRI/BKP/SRTE) label stack
GigabitEthernet0/0/0/0 Enabled
MPLS Max Label Stack: 1/3/10 (PRI/BKP/SRTE)

78
Verify ti-lfa coverage on R3 with the command show isis fast-reroute

summary
RP/0/RP0/CPU0:R3#show isis fast-reroute summary

Mon Feb 4 09:09:44.937 UTC
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 5 0 5
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00%
On R3, determine which backup paths are going over the low bandwidth, high cost
link between R3 and R4 using the command show isis fast-reroute |
include "L2|FRR backup via.*R5"
RP/0/RP0/CPU0:R3#show isis fast-reroute | include "L2|FRR backup via.*R5"

Mon Feb 4 09:35:01.707 UTC
L2 1.1.1.1/32 [10/115]

79
L2 2.2.2.2/32 [10/115]
L2 4.4.4.4/32 [20/115]
L2 5.5.5.5/32 [10/115]
L2 6.6.6.6/32 [20/115]
On R3, verify the ISIS fast-reroute information for prefix 6.6.6.6/32 with the
command show isis fast-reroute 6.6.6.6/32 detail
RP/0/RP0/CPU0:R3#show isis fast-reroute 6.6.6.6/32 detail

Mon Feb 4 09:39:56.272 UTC
L2 6.6.6.6/32 [20/115] medium priority

Weight: 0
P node: R4.00 [4.4.4.4], Label: 16004
Prefix label: 16006
Backup-src: R6.00
P: No, TM: 40, LC: No, NP: No, D: No, SRLG: Yes
src R6.00-00, 6.6.6.6, prefix-SID index 6, R:0 N:1 P:0 E:0 V:0 L:0
Tip:
keep in mind in the output of show isis fast-reroute command:
P-node: Node reached via a Prefix-SID
Q-node: Node reached via a Adjacency-SID

80
The figure below shows P-Space and q-Space. From TI-LFA Perspective, R4 is
selected as PQ node, therefore in case of link failure between R3&R5, traffic with
single label (16004) will reach R4 then with prefix label of 16006 continue to reach
to the destination.

81
TI-LFA double segment in ISIS

To check TI-LFA double segment behavior in ISIS, change topology like the figure
below and modify metric between R3<->R2 and R4<->R5 to 1000. Also change
R4<->R6 metric to 2000.
Configuration:
R3
Router isis 1
metric 1000
R4
Router isis 1
metric 1000

82
metric 2000
R2
interface GigabitEthernet3
isis metric 1000
R5
isis metric 1000
Verification:
Verify prefix 6.6.6.6/32 on R1.
Wed Feb 6 13:19:54.677 UTC

Weight: 0
P node: R4.00 [4.4.4.4], Label: 16004
Q node: R5.00 [5.5.5.5], Label: 24011
Prefix label: 16006
Backup-src: R6.00

83
Verify mpls forwarding label stack for label 16006(R6) on R1.

Wed Feb 6 13:23:07.050 UTC
Label Label or ID Interface
Switched
16006 16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 1313

Updated: Feb 6 13:10:08.931
Path Flags: 0x400 [ BKUP-IDX:1 (0xe3ac7b0) ]
16004 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 0

(!)
Updated: Feb 6 13:10:08.930
Label Stack (Top -> Bottom): { 16004 24011 16006 }

84

Packets Switched: 0
TI-LFA and Node Protection in ISIS

In this task instead of Per-Prefix protection we are going to use Node protection in
TI-LFA.
a) Change the metric of R2<->R4 and R4<->R6 to 1000 and change back all
other metrics to default.
b) enable node protection on R3 globally
c) Verify it in R3
Configuration:
R2

85
isis metric 1000
R4
router isis 1
metric 1000
metric 1000
R6
router isis 1
metric 1000
R3
router isis 1
fast-reroute per-prefix tiebreaker node-protecting index 200
Verification:

Wed Feb 6 14:50:36.515 UTC

86
via 10.10.35.5, GigabitEthernet0/0/0/1, R5, SRGB Base: 16000, Weight: 0

Backup path: TI-LFA (node), via 10.10.34.4, GigabitEthernet0/0/0/3 R4,
SRGB Base: 16000, Weight: 0
P node: R4.00 [4.4.4.4], Label: ImpNull
Q node: R6.00 [6.6.6.6], Label: 24007
Prefix label: ImpNull
Backup-src: R6.00
P: No, TM: 1010, LC: No, NP: Yes, D: No, SRLG: No

Wed Feb 6 14:52:38.176 UTC
6.6.6.6/32, version 1800, labeled SR, internal 0x1000001 0x81 (ptr 0xd879ff8) [1],
0x0 (0xda3e028), 0xa28 (0xe3a1210)
Updated Feb 6 14:50:31.526
via 10.10.34.4/32, GigabitEthernet0/0/0/3, 7 dependencies, weight 0, class 0,
backup (TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xe2b84a0 0xe2b8410]
next hop 10.10.34.4/32, Repair Node(s): 4.4.4.4, 6.6.6.6
remote adjacency
local label 16006 labels imposed {ImplNull 24007}
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xe494230 0xe493350]
next hop 10.10.35.5/32
TI-LFA and Node + SRLG protection in ISIS

87
In this task we are going to use Node as well as SRLG protection in TI-LFA.
a) On R3 create SRLG group and enable SRLG protection beside with Node
protection.
b) Verify Node + SRLG for prefix 6.6.6.6/32 on R3.
Configuration:
router isis 1
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
srlg
group
1 1
!
!
group
1 1
!
!
group
1 1
!
!
group 1

88
8 value 100
!
Verification:
Wed Feb 6 14:48:29.261 UTC

Backup path: TI-LFA (node+srlg), via 10.10.34.4, GigabitEthernet0/0/0/3
R4, SRGB Base: 16000, Weight: 0
Backup tunnel: requested
P node: R2.00 [2.2.2.2], Label: 16002

Q node: R4.00 [4.4.4.4], Label: 20
Q node: R6.00 [6.6.6.6], Label: 24007
Backup-src: R6.00
P: No, TM: 2020, LC: No, NP: Yes, D: No, SRLG: Yes

Wed Feb 6 14:02:53.598 UTC
6.6.6.6/32, version 1630, labeled SR, internal 0x1000001 0x81 (ptr 0xd87a198)
[1], 0x0 (0xda3dd28), 0xa28 (0xe3d3330)
Updated Feb 6 13:58:02.185

89

path-idx 0 NHID 0x0 [0xe2b8380 0x0]
remote adjacency
local label 16006 labels imposed {16004 24007}
path-idx 1 bkup-idx 0 NHID 0x0 [0xe39c5f0 0x0]
next hop 10.10.35.5/32
TI-LFA SRLG protection in ISIS

In this task we are going to use SRLG protection in TI-LFA.
a) Remove node protection configuration from R3 in the task before.
b) Verify SRLG for prefix 6.6.6.6/32 on R3.
Configuration:
router isis 1
no fast-reroute per-prefix tiebreaker node-protecting index 200
Verification:
Verify SRLG for prefix 6.6.6.6/32 on R3.

Wed Feb 6 14:45:32.643 UTC

90

Backup path: TI-LFA (srlg), via 10.10.13.1, GigabitEthernet0/0/0/0 R1,
P node: R2.00 [2.2.2.2], Label: 16002
Q node: R4.00 [4.4.4.4], Label: 20
Prefix label: 16006
Backup-src: R6.00

Wed Feb 6 14:46:28.073 UTC
6.6.6.6/32, version 1788, labeled SR, internal 0x1000001 0x81 (ptr 0xd879ff8)
[1], 0x0 (0xda3dba8), 0xa28 (0xe3a1378)
Updated Feb 6 14:43:22.034
path-idx 0 NHID 0x0 [0xe2b85c0 0x0]
remote adjacency
local label 16006 labels imposed {16002 20 16006}
path-idx 1 bkup-idx 0 NHID 0x0 [0xe494070 0x0]

91
next hop 10.10.35.5/32


92
Task5.
Configure segment routing on all P and PE routers based on the
following criteria:
a. configure OSPF as IGP (IPv4)
b. All routers are in Area0
c. Assign Prefix-SIDs based on SID table on loopback0
d. Configure all physical interface in the topology
Tip: Segment routing basic configuration using OSPF in IOS XE are as

follow:

93
Tip: Segment routing basic configuration using OSPF in IOS XR are as

follow:
Now to answer the task you have to configure OSPF on all SP routers in the
map and configure Segment routing.
Configuration on R1(XR):
router ospf 1
router-id 1.1.1.1
! enable segment routing with mpls data plane

94
area 0
! enables IGP traffic engineering
mpls traffic-eng
interface Loopback0 passive
! SR SID will be added by index ( SRGB + index value) or

absolute(static) command to Loopback
prefix-sid index 1
!
!
!
!
!
Configuration on R2(IOS-XE):
! Enter segment routing mode with MPLS data plane
!
address-family ipv4

95
! To attach SID with /32 prefix on Loopback0 by either index (SRGB

+ index value) or absolute(static)
2.2.2.2/32 index 2 range 1
exit-address-family
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
ip ospf 1 area 0
router ospf 1
router-id 2.2.2.2
! enables segment routing with mpls data plane in an area
segment-routing area 0.0.0.0 mpls
! enables segment routing with mpls data plane
router ospf 1
router-id 3.3.3.3

96
area 0
mpls traffic-eng
interface Loopback0
prefix-sid index 3
!
!
!
!
!
!
!
!
Segment-routing
! change global-block range from default(16000-23999)
Global-block 100000 200000
router ospf 1
router-id 4.4.4.4

97
area 0
mpls traffic-eng
interface Loopback0
prefix-sid index 4
!
!
!
!
!
!
mpls traffic-eng router-id Loopback0
!
!
address-family ipv4
5.5.5.5/32 index 5 range 1

98
exit-address-family
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip ospf 1 area 0
ip ospf 1 area 0
router ospf 1
router-id 5.5.5.5
segment-routing area 0 mpls
router ospf 1
area 0
interface Loopback0
prefix-sid index 6
!
!

99
Verification
Verify segment routing control plane
IOS XE
R2#show ip ospf segment-routing sid-database
OSPF Router with ID (2.2.2.2) (Process ID 1)
OSPF Segment Routing SIDs
Flags: L - local, N - label not programmed,

M - mapping-server
SID Prefix/Mask
1 1.1.1.1/32
2 (L) 2.2.2.2/32
3 3.3.3.3/32
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32
R2#show mpls forwarding-table


100
18 Pop Label 10.10.24.4-A 0 Gi2 10.10.24.4

19 Pop Label 10.10.12.1-A 0 Gi1 10.10.12.1
20 Pop Label 10.10.23.3-A 0 Gi3 10.10.23.3
21 Pop Label 10.10.12.1-A 0 Gi1 10.10.12.1
16001 Pop Label 1.1.1.1/32 760 Gi1 10.10.12.1
16003 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
16004 Pop Label 4.4.4.4/32 0 Gi2 10.10.24.4
16005 16005 5.5.5.5/32 0 Gi3 10.10.23.3
16005 5.5.5.5/32 0 Gi2 10.10.24.4
16006 16006 6.6.6.6/32 16466 Gi2 10.10.24.4
R2#show ip ospf 1 database opaque-area prefix 2.2.2.2 /32
Type-10 Opaque Area Link States (Area 0.0.0.0)
LS age: 1572
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.0
Opaque Type: 7 (Extended Prefix)
Opaque ID: 0

101
Advertising Router: 2.2.2.2

LS Seq Number: 80000004
Checksum: 0x1873
Length: 44
TLV Type: Extended Prefix

Length: 20
Prefix : 2.2.2.2/32
AF : 0
Route-type: Intra
Flags : N-bit
Sub-TLV Type: Prefix SID

Length: 8
Flags : None
MTID : 0
Algo : SPF
SID : 2
RP/0/RP0/CPU0:R1#show ospf sid-database

102
Mon Feb 4 13:35:28.595 UTC
SID Database for ospf 1 with ID 1.1.1.1
SID Prefix/Mask
1 1.1.1.1/32 (L)
2 2.2.2.2/32
3 3.3.3.3/32
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32
RP/0/RP0/CPU0:R1#show ospf 1 database opaque-area 1.1.1.1/32

self-originate
Mon Feb 4 13:00:40.140 UTC
Type-10 Opaque Link Area Link States (Area 0)
LS age: 1328

103

Opaque Type: 7
Opaque ID: 1
SR enable router adds
Checksum: 0xddb4
new TLV and Sub-TLV to
Length: 44 Opaque LSA
Extended Prefix TLV: Length: 20

Route-type: 1
AF : 0
Flags : 0x40
Prefix : 1.1.1.1/32

Mon Feb 4 13:05:25.124 UTC
16002 Pop SR Pfx (idx 2) Gi0/0/0/1 10.10.12.2 0

16003 Pop SR Pfx (idx 3) Gi0/0/0/2 10.10.13.3 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.13.3 0
16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.12.2 0
16005 16005 SR Pfx (idx 5) Gi0/0/0/2 10.10.13.3 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 272
16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 10300

104
24002 Unlabelled 111.111.111.111/32[V] \

Gi0/0/0/0 10.10.110.10 0
24005 Pop SR Adj (idx 0) Gi0/0/0/1 10.10.12.2 0
24006 Pop SR Adj (idx 0) Gi0/0/0/2 10.10.13.3 0
Task6.
Configure TI-LFA on all Routers in the map using OSPF:
b. Configure per-prefix TI-LFA on all routers
Configuration
IOS XR
router ospf 1
fast-reroute per-prefix ti-lfa enable
area 0
interface GigabitEthernet0/0/0/x

105
network point-to-point
IOS XE
router ospf 1
fast-reroute per-prefix enable prefix-priority low
fast-reroute per-prefix ti-lfa area 0.0.0.0
interface GigabitEthernetx
ip ospf network point-to-point
Verification
RP/0/RP0/CPU0:R3#show ospf 1 routes 6.6.6.6/32 backup-path
Wed Feb 6 07:16:21.148 UTC
Topology Table for ospf 1 with ID 3.3.3.3
Codes: O - Intra area, O IA - Inter area

O E1 - External type 1, O E2 - External type 2
Single Segment
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 6.6.6.6/32, metric 3
10.10.35.5, from 6.6.6.6, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 4.4.4.4 Label: 16004
10.10.23.2, from 6.6.6.6, via GigabitEthernet0/0/0/2, protected
bitmap 0000000000000001

106
Attributes: Metric: 5, Interface Disjoint, SRLG Disjoint
R2#show ip ospf fast-reroute ti-lfa tunnels internal
Area with ID (0.0.0.0)
Base Topology (MTID 0)
TI-LFA Release Node Tree:
TI-LFA Release Node 5.5.5.5 via 10.10.23.3 GigabitEthernet3, instance 31, metric 2
Interface MPLS-SR-Tunnel1
Tunnel type: MPLS-SR
Tailend router ID: 5.5.5.5
Termination IP address: 5.5.5.5
Outgoing interface: GigabitEthernet3
First hop gateway: 10.10.23.3
instance 31, refcount 1
rn-1: rtrid 5.5.5.5, addr 5.5.5.5, node-sid label 16005
TI-LFA Node Tree:
TI-LFA Node 1.1.1.1 via 10.10.12.1 GigabitEthernet1, instance 31, rspt dist 0
in-ext-p-space, in-q-space, interesting node 0
Link Protect Path-1: via 10.10.23.3 Gi3, parent 2/10.10.13.1, metric:2, rls-
pt:1.1.1.1 at dist:1

107
repair:y, rn-cnt:0, first-q:3.3.3.3, rtp-flags:Repair, PostConvrg, IntfDj

Protected by: directly connected TI-LFA
in-ext-p-space, in-q-space, interesting node 0
not-in-ext-p-space, in-q-space, interesting node 0
rn-1: rtrid 5.5.5.5, addr 5.5.5.5, node-sid label 16005
Protected by: MPLS-SR-Tunnel1, tailend 5.5.5.5, rls node 5.5.5.5
instance 31, metric 2, refcount 1
R2#show ip ospf fast-reroute ti-lfa tunnels
Area with ID (0.0.0.0)

108
Base Topology (MTID 0)
Tunnel Interface Next Hop Mid/End Point Label
MPLS-SR-Tunnel1 Gi3 10.10.23.3 5.5.5.5 16005
TI-LFA double segment in ISIS

To check TI-LFA double segment behavior in OSPF, change topology like the
figure below and modify metric between R3<->R2 and R4<->R5 to 1000. Also
change R4<->R6 metric to 2000.
Configuration:
109
R3&R4
router ospf 1
area 0
cost 1000
R4
router ospf 1
area 0
interface GigabitEthernet0/0/0/x  R4&R6 interface

cost 2000
R2&R5
interface GigabitEthernetx
ip ospf cost 1000
Verification:
Verify prefix 6.6.6.6/32 on R1.

RP/0/RP0/CPU0:R1#show ospf routes 6.6.6.6/32 backup-path

110
Wed Feb 6 12:02:18.849 UTC
Topology Table for ospf 1 with ID 1.1.1.1
Codes: O - Intra area, O IA - Inter area

O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 6.6.6.6/32, metric 4
Q node: 5.5.5.5 Label: 24006
bitmap 0000000000000001
Attributes: Metric: 1004, Node Protect, Interface Disjoint, SRLG
Disjoint
Verify MPLS forwarding label stack for label 16006(R6) on R1.

Wed Feb 6 12:03:21.660 UTC
16006 16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 1381

Updated: Feb 6 11:48:17.730
Path Flags: 0x400 [ BKUP-IDX:1 (0xe3ac5f0) ]

111

16004 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 0 (!)

Updated: Feb 6 11:48:17.731
Label Stack (Top -> Bottom): { 16004 24006 16006 }


Packets Switched: 0

112

113
TI-LFA and Node Protection in OSPF

In this task instead of Per-Prefix protection we are going to use Node protection in
TI-LFA.
a) Change the metric of R2<->R4 and R4<->R6 to 1000 and change back all
other metrics to default.
b) enable node protection on R3 globally
c) Verify it in R3
Configuration:
R2
ip ospf cost 1000
R4
router ospf 1
area 0
cost 1000
cost 1000

114
R6
router ospf 1
area 0
cost 1000
router ospf 1
Verification:
Verify Node protection for prefix 6.6.6.6/32 on R3.
RP/0/RP0/CPU0:R3#show ospf routes 6.6.6.6/32 backup-path detail

Wed Feb 6 10:17:18.647 UTC
OSPF Route entry for 6.6.6.6/32

Route type: Intra-area
Last updated: Feb 6 09:48:15.880

Metric: 3
SPF priority: 8, SPF version: 136
RIB version: 0, Source: Unknown
Label Info: Default 16006 SSPF 0 Type SR

115

LSA: 1/6.6.6.6/6.6.6.6, Area: 0
Backup path: TI-LFA, Repair-List: P node: 4.4.4.4 Label:ImplNull
Q node: 6.6.6.6 Label: 24001
bitmap 0000000000000001
Attributes: Metric: 1002, Node Protect, Interface Disjoint,

Wed Feb 6 10:29:35.513 UTC
6.6.6.6/32, version 1217, labeled SR, internal 0x1000001 0x81 (ptr 0xd878a08) [1],
0x0 (0xda3e6e8), 0xa28 (0xe46d138)
Updated Feb 6 10:29:25.113
path-idx 0 NHID 0x0 [0xe2b8260 0xe2b8530]
remote adjacency

path-idx 1 bkup-idx 0 NHID 0x0 [0xe4b43b0 0xe4b2b30]
next hop 10.10.35.5/32
TI-LFA and Node + SRLG protection in OSPF

116
protection.
Configuration:
On R3 create SRLG group and enable SRLG protection beside with Node
protection.
router ospf 1
fast-reroute per-prefix tiebreaker srlg-disjoint index 100
srlg
group
1 1
!
!
group
1 1
!
!
group
1 1

117
!
group 1
8 value 100
!
Verification:
Verify Node + SRLG for prefix 6.6.6.6/32 on R3.

Wed Feb 6 10:25:08.583 UTC


Metric: 3
LSA: 1/6.6.6.6/6.6.6.6, Area: 0
Q node: 4.4.4.4 Label: 17
Q node: 6.6.6.6 Label: 24001
bitmap 0000000000000001

118
Attributes: Metric: 2003, Node Protect, Interface Disjoint, SRLG

Disjoint

Wed Feb 6 10:25:57.595 UTC
0x0 (0xda3e1e8), 0xa28 (0xe46d180)
Updated Feb 6 10:21:37.846
path-idx 0 NHID 0x0 [0xe2b85c0 0x0]
remote adjacency
path-idx 1 bkup-idx 0 NHID 0x0 [0xe4b3cb0 0x0]
next hop 10.10.35.5/32
TI-LFA and SRLG protection in OSPF

protection.

119
Configuration:
router ospf 1
no fast-reroute per-prefix tiebreaker node-protecting index 200
Verify SRLG for prefix 6.6.6.6/32 on R3.

Wed Feb 6 10:37:22.248 UTC

Metric: 3

LSA: 1/6.6.6.6/6.6.6.6, Area: 0

Q node: 4.4.4.4 Label: 17
bitmap 0000000000000001
Attributes: Metric: 1005, Interface Disjoint, SRLG Disjoint

120
Wed Feb 6 10:40:32.139 UTC

0x0 (0xda3e1e8), 0xa28 (0xe46d570)
Updated Feb 6 10:32:33.002
Adj-SIDi in
path-idx 0 NHID 0x0 [0xe2b85c0 0x0] IOS XE
remote adjacency
path-idx 1 bkup-idx 0 NHID 0x0 [0xe4b3af0 0x0]
next hop 10.10.35.5/32

121
Day 2
Segment Routing
Internetworking with LDP

122
Segment Routing and LDP Coexistence

The Segment Routing architecture can be directly applied to the MPLS data
plane with no change in the forwarding plane. In this chapter we are going
to describe how Segment Routing operates in a network where LDP is
deployed and in the case where SR-capable and non-SR-capable nodes
coexist.
This chapter provides different scenarios in which you will learn a variety of
the mechanisms through which SR interworks with LDP in cases where a
mix of SR-capable and non-SR-capable routers co- exist within the same
network and more precisely in the same routing domain. In addition, you will
learn how to migrate your network from traditional LDP to Segment Routing.
There are some scenarios which show SR deployment can be used to
provide SR benefits to LDP-based traffic including a possible application of
SR in the context of inter-domain MPLS use-cases.
The lab consist of combination of traditional IOS for CEs, IOS XE and IOS
XR for SP routers. The following addressing table is applied on all labs in
this chapter.

123
Addressing Table
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA

10.10.XY.Z
For example:
R1= 10.10.12.1, R2=10.10.12.2

124
Base Topology
ICON Capability
SR + LDP Enabled Router
LDP Only Router

SR Only Router

125
Task1.
Configure L3 VPN service and verify reachability between CEs:
e. Configure ISIS as IGP and Configure LDP on all SP nodes
f. Put CE routers in VRF “A”
g. Site1 RT,RD: 100:1, Site2 RT,RD: 200:1
h. Assign AS 110 for site1 and AS120 for site2
i. Put PE routers in AS 100
j. Configure MP BGP on PEs
k. Advertise CE’s Loopbacks in MP-BGP
l. Configure BGP IPv4 session between CEs
m. CE1 and CE2 have a default route pointing to R1 and R6
n. Verify reachability CE’s loopback from remote CE using ping and
traceroute
Configuration
1. Configuring ISIS on all nodes
R1
router isis 1

126
net 49.0000.0000.0000.0001.00
!
interface Loopback0
passive
!
!
!
!
!
!
!
R2
router isis 1
net 49.0000.0000.0000.0002.00
!
ip router isis 1
!
ip router isis 1
!
ip router isis 1

127
R3
router isis 1
net 49.0000.0000.0000.0003.00
!
interface Loopback0
passive
!
!
!
!
!
!
!
!
R4
router isis 1
net 49.0000.0000.0000.0004.00
!

128
interface Loopback0
passive
!
!
!
!
!
!
!
!
R5
router isis 1
net 49.0000.0000.0000.0005.00
!
ip router isis 1
!
ip router isis 1
!
ip router isis 1

129
R6
router isis 1
net 49.0000.0000.0000.0006.00
!
interface Loopback0
passive
!
!
!
!
!
!
2. Configure LDP on all nodes
IOS XR
Enable mpls with ldp

router isis 1 under ISIS for auto-
address-family ipv4 unicast configuration
mpls ldp auto-config
Enable mpls with ldp

protocol globally

130
mpls ldp
address-family ipv4
IOS XE
Enable mpls with
router isis 1 ldp under ISIS for
mpls ldp sync auto-configuration
and synchronization
mpls ldp autoconfig
Verification
IOS XE
R2#show mpls ldp neighbor

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.30287 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 245/243; Downstream
Up time: 03:17:51
LDP discovery sources:
GigabitEthernet3, Src IP addr: 10.10.23.3
Addresses bound to peer LDP Ident:
3.3.3.3 10.10.35.3 10.10.13.3 10.10.23.3
TCP connection: 1.1.1.1.646 - 2.2.2.2.44229
Up time: 00:01:05
1.1.1.1 10.10.12.1 10.10.13.1
TCP connection: 4.4.4.4.21336 - 2.2.2.2.646
Up time: 00:00:47

131

4.4.4.4 10.10.45.4 10.10.46.4 10.10.24.4
R2#show mpls ldp igp sync

GigabitEthernet1:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 1.1.1.1:0
IGP enabled: ISIS 1
GigabitEthernet3:
IGP enabled: ISIS 1
GigabitEthernet4:
IGP enabled: ISIS 1

17 24002 5.5.5.5/32 0 Gi3 10.10.23.3
24002 5.5.5.5/32 0 Gi4 10.10.24.4
18 Pop Label 4.4.4.4/32 0 Gi4 10.10.24.4
19 24003 6.6.6.6/32 0 Gi4 10.10.24.4
20 Pop Label 1.1.1.1/32 0 Gi1 10.10.12.1
21 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
IOS XR
RP/0/RP0/CPU0:R3#show mpls ldp neighbor
Tue Feb 12 09:58:41.913 UTC

132
Peer LDP Identifier: 1.1.1.1:0

TCP connection: 1.1.1.1:646 - 3.3.3.3:20072
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 31/29; Downstream-Unsolicited
Up time: 00:16:23
LDP Discovery Sources:
IPv4: (1)
IPv6: (0)
Addresses bound to this peer:
IPv4: (3)
1.1.1.1 10.10.12.1 10.10.13.1
IPv6: (0)

TCP connection: 5.5.5.5:37863 - 3.3.3.3:646
Up time: 00:16:20
IPv4: (1)
IPv6: (0)
IPv4: (4)
5.5.5.5 10.10.35.5 10.10.45.5 10.10.56.5
IPv6: (0)

TCP connection: 2.2.2.2:646 - 3.3.3.3:31013
Up time: 00:16:16
IPv4: (1)
IPv6: (0)
IPv4: (4)
2.2.2.2 10.10.12.2 10.10.23.2 10.10.24.2
IPv6: (0)

133
RP/0/RP0/CPU0:R3#show mpls ldp igp sync

Mon Feb 11 12:13:26.030 UTC
GigabitEthernet0/0/0/0:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
5.5.5.5:0
Sync status: Ready
Peers:
1.1.1.1:0
Sync status: Ready
Peers:
2.2.2.2:0

Tue Feb 12 10:05:12.295 UTC
24000 Pop 1.1.1.1/32 Gi0/0/0/1 10.10.13.1 0

24001 Pop 2.2.2.2/32 Gi0/0/0/2 10.10.23.2 0
24002 Pop 5.5.5.5/32 Gi0/0/0/0 10.10.35.5 0
24003 18 4.4.4.4/32 Gi0/0/0/0 10.10.35.5 0
18 4.4.4.4/32 Gi0/0/0/2 10.10.23.2 0
24004 19 6.6.6.6/32 Gi0/0/0/0 10.10.35.5 0
RP/0/RP0/CPU0:R3#show mpls label table detail

Tue Feb 12 10:00:42.018 UTC
Table Label Owner State Rewrite
0 0 LSD(A) InUse Yes

134

0 24000 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 1.1.1.1/32)
Tip:
LDP establishes MPLS LSPs along the shortest-path along the destination as determined
by IP forwarding. In L2VPN or L3VPN scenario, if the LSP is not formed between the PE
routers, a blackhole exists and services depending on MPLS forwarding will fail. The
reasons for LSP not setting up completely could be-
1) Implementation bug
2) Configuration error
3) A link has just come up and IGP adjacency is UP but LDP sessions are not up or label-
bindings are not exchanged with the neighbors.
To enable LDP IGP synchronization on each interface that belongs to an OSPF or IS-IS
process, enter the mpls ldp sync command. If you do not want some of the interfaces to have
LDP IGP synchronization enabled, issue the no mpls ldp igp sync command on those
interfaces.
router isis 1

135

mpls ldp sync
3. Configure VRF on PEs and put PE’s customer interfaces under VRF.
PE1
vrf A
import route-target
200:1
!
export route-target
100:1
!
vrf A
PE6
vrf A
import route-target
100:1
!
export route-target
200:1
!
vrf A
Verification

136
Tue Feb 12 13:12:29.557 UTC

VRF mode: Regular
Description not set
Interfaces:
RT:200:1
RT:100:1

Tue Feb 12 12:02:30.307 UTC
VRF RD RT AFI SAFI
A 100:1
import 100:1 IPV4
Unicast
export 200:1 IPV4
Unicast

Tue Feb 12 13:13:39.653 UTC

VRF mode: Regular
Description not set
Interfaces:
RT:100:1
RT:200:1
4. Configuration of MP BGP on PE nodes and BGP on CE nodes.

137
PE1
route-policy vpn
pass
end-policy
!
router bgp 100
!
neighbor 6.6.6.6
remote-as 100
!
!
vrf A
rd 200:1
!
neighbor 10.10.110.10
remote-as 110
route-policy vpn in
!
!
PE6
route-policy vpn
pass
end-policy
!
router bgp 100
!
neighbor 6.6.6.6

138
remote-as 100
!
!
vrf A
rd 100:1
!
neighbor 10.10.120.20
remote-as 120
route-policy vpn in
!
!
CE1
ip address 111.111.111.111 255.255.255.255
router bgp 110

bgp log-neighbor-changes
network 111.111.111.111 mask 255.255.255.255
CE2
ip address 222.222.222.222 255.255.255.255
router bgp 120

network 222.222.222.222 mask 255.255.255.255
Verification
139
 On R1, verify entry of CE2 loopback in vrf A using the command show
route vrf A 222.222.222.222/32

Tue Feb 12 13:16:12.728 UTC

6.6.6.6, from 6.6.6.6
Id: 0xe0000000
Route metric is 0
 Using the command show bgp vpnv4 unicast labels, verify the
vpnv4 labels allocated and advertised by BGP
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast labels

Tue Feb 12 13:18:48.631 UTC

*>i222.222.222.222/32 6.6.6.6 24005 nolabel
*> 111.111.111.111/32 10.10.110.10 nolabel 24000
*>i222.222.222.222/32 6.6.6.6 24005 nolabel

140
 On R1, Verify the LDP label binding for the BGP nexthop 222.222.222.222
(R6) using the command show mpls ldp bindings 6.6.6.6/32
RP/0/RP0/CPU0:R1#show mpls ldp bindings 6.6.6.6/32

Tue Feb 12 14:10:31.264 UTC
6.6.6.6/32, rev 40
Local binding: label: 24005
Remote bindings: (2 peers)
Peer Label
2.2.2.2:0 18
3.3.3.3:0 24003
 On R1, Verify the 222.222.222.222/32 FIB entry in vrf A with the command
show cef vrf A 222.222.222.222/32
RP/0/RP0/CPU0:R1#show cef vrf A 222.222.222.222/32

Tue Feb 12 14:04:05.411 UTC
222.222.222.222/32, version 13, internal 0x5000001 0x0 (ptr 0xd89831c)
[1], 0x0 (0xda5b7e8), 0xa08 (0xdcfd2a8)
Updated Feb 12 14:02:55.108
path-idx 0 NHID 0x0 [0xcd85ff0 0x0]
recursion-via-/32
next hop 6.6.6.6/32 via 24005/0/21
 On CE1, traceroute 222.222.222.222
CE1#traceroute 222.222.222.222 source loopback100

1 10.10.110.1 26 msec 3 msec 4 msec

141

10.10.35.5 [MPLS: Labels 19/24005 Exp 0] 9 msec
4 10.10.56.6 [MPLS: Label 24005 Exp 0] 239 msec
10.10.46.6 [MPLS: Label 24005 Exp 0] 8 msec 21 msec
5 10.10.120.20 11 msec * 8 msec

142
This step is to migrate to a complete segment routing topology

(apart from some remaining LDP only nodes, R1, R6)
Task2.
SR configuration as well as LDP
a) Configure segment routing on R2, R3, R4, R5 as well as LDP
b) Configure sr-prefer on R2 ,R3 ,R4, R5 to enable preference of
Segment Routing over LDP for ip-to-mpls. Also, mapping server
on node 3.
c) Changing topology to enforce segment routing inside core
network.
a. Enable segment routing on R2, R3, R4, R5
Configuration
IOS XE
router isis 1
metric-style wide

143
!
!
address-family ipv4
2.2.2.2/32 index 2 range 1
exit-address-family
!
IOS XR
router isis 1
metric-style wide
!
interface Loopback0
passive
prefix-sid index 1
Verification
 Verify LDP on nodes with the command show mpls
interfaces
RP/0/RP0/CPU0:R3#show mpls interfaces
Wed Feb 13 13:15:17.352 UTC
Interface LDP Tunnel Static Enabled

144
GigabitEthernet0/0/0/0 Yes No No Yes


Wed Feb 13 12:19:40.156 UTC

16002 2.2.2.2/32
16003 Loopback0
16004 4.4.4.4/32
16005 5.5.5.5/32

Wed Feb 13 13:08:22.371 UTC
-
16002 Pop SR Pfx (idx 2) Gi0/0/0/2 10.10.23.2 3711
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.10.35.5 0
16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.23.2 0
16005 Pop SR Pfx (idx 5) Gi0/0/0/0 10.10.35.5 3669
24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.10.35.5 0

145
24001 Pop SR Adj (idx 2) Gi0/0/0/0 10.10.35.5 0

24002 Pop SR Adj (idx 1) Gi0/0/0/0 10.10.35.5 0
24003 Pop SR Adj (idx 3) Gi0/0/0/0 10.10.35.5 0
24004 Pop SR Adj (idx 0) Gi0/0/0/1 10.10.13.1 0
24005 Pop SR Adj (idx 2) Gi0/0/0/1 10.10.13.1 0
24006 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.13.1 0
24007 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.13.1 0
24008 Pop SR Adj (idx 0) Gi0/0/0/2 10.10.23.2 0
24009 Pop SR Adj (idx 2) Gi0/0/0/2 10.10.23.2 0
24010 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.23.2 0
24011 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.23.2 0
24012 Pop 5.5.5.5/32 Gi0/0/0/0 10.10.35.5 500
24013 Pop 2.2.2.2/32 Gi0/0/0/2 10.10.23.2 442
24014 26 4.4.4.4/32 Gi0/0/0/0 10.10.35.5 0
21 4.4.4.4/32 Gi0/0/0/2 10.10.23.2 0
24015 19 6.6.6.6/32 Gi0/0/0/0 10.10.35.5 1226
24016 Pop 1.1.1.1/32 Gi0/0/0/1 10.10.13.1 900
On R3, verify segment routing TLVs advertisement of R6 by using the

command show isis database verbose R6
RP/0/RP0/CPU0:R3#show isis database verbose R6
Wed Feb 13 13:26:27.731 UTC
IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R6.00-00 0x0000001d 0xe71a 901 0/0/0
Area Address: 49.0000
NLPID: 0xcc

146
IP Address: 6.6.6.6
Metric: 0 IP-Extended 6.6.6.6/32
Prefix Attribute Flags: X:0 R:0 N:1
Hostname: R6
Metric: 10 IS-Extended R4.03
b. Enable sr-prefer on SR+LDP nodes (from R2 to R5).
Configuration
IOS XE
!
set-attributes
address-family ipv4
sr-label-preferred
IOS XR
router isis 1
segment-routing mpls sr-prefer

147
Configuration of mapping server on R3
segment-routing
mapping-server
Assigns label to LDP only
prefix-sid-map
nodes
address-family ipv4
1.1.1.1/32 1
Advertises labels of SRMS to
6.6.6.6/32 6 SRMS clients
router isis 1
segment-routing prefix-sid-map advertise-local
Tips:
By default, the IS-IS SRMS client mode is enabled on XR and XE routers .
Verification
 On R2, traceroute 6.6.6.6 to verify sr-prefer operation as well
as LDP.
R2#traceroute 6.6.6.6 so lo0

148

2 10.10.46.6 58 msec * 46 msec
 On CE1, traceroute 222.222.222.222 (CE2) to verify that

both LDP and SR are working together.
CE1#traceroute 222.222.222.222 so lo100
1 10.10.110.1 240 msec 9 msec 12 msec
2 10.10.12.2 [MPLS: Labels 20/24005 Exp 0] 12 msec 13 msec
3 10.10.24.4 [MPLS: Labels 24010/24005 Exp 0] 64 msec * 990 msec
10.10.46.6 [MPLS: Label 24005 Exp 0] 16 msec
5 10.10.120.20 28 msec * 25 msec
c. Shutdown R2<->R4 link, R5<->R6 and R1<->R3 link. Then,

remove ldp configuration from R3.
Configuration
router isis 1
no mpls ldp auto-config
Verification

149
 On R1, use show mpls label table detail command to find

R6 local ldp label.
RP/0/RP0/CPU0:R1#show mpls label table detail
Sun Feb 17 15:52:33.381 UTC

0 24005 BGP-VPNv4(A):bgp-default InUse No
(IPv4, vers:0, 'A':4U, 111.111.111.111/32)
 On R1, use show mpls forwarding labels <label_number>

detail command to find outgoing label for node R6.

Sun Feb 17 15:52:51.710 UTC

150

24004 23 6.6.6.6/32 Gi0/0/0/2 10.10.12.2 3486

Updated: Feb 17 15:44:51.307

 On R2, use show mpls forwarding-table to see translation

of LDP to SR label.

16 Pop Label 10.10.12.1-A 0 Gi1 10.10.12.1
17 16004 4.4.4.4/32 0 Gi3 10.10.23.3
18 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
21 16005 5.5.5.5/32 0 Gi3 10.10.23.3
23 16006 6.6.6.6/32 4396 Gi3 10.10.23.3
24 Pop Label 10.10.23.3-A 0 Gi3 10.10.23.3
25 Pop Label 1.1.1.1/32 23281 Gi1 10.10.12.1
16001 Pop Label 1.1.1.1/32 23281 Gi1 10.10.12.1
16003 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
16004 16004 4.4.4.4/32 0 Gi3 10.10.23.3
16005 16005 5.5.5.5/32 0 Gi3 10.10.23.3

151
16006 16006 6.6.6.6/32 4396 Gi3 10.10.23.3
 On CE1, traceroute 222.222.222.222 (CE2) to verify that

only SR are working.
CE1#traceroute 222.222.222.222 so lo100

1 10.10.110.1 8 msec 8 msec 4 msec
2 10.10.12.2 [MPLS: Labels 23/24005 Exp 0] 35 msec 20 msec 11 msec
7 10.10.120.20 9 msec * 7 msec

152
Task3.
Reachability of CEs with LDP only and SR only PEs.
a) No shutdown all interface and configure R3 to LDP+SR node
b) Configure SR on R1 and Remove LDP from R1. R6 must be
LDP only.
c) Verify reachability of CEs from CE routers.
Configuration
R1
router isis 1
metric-style wide
!
interface Loopback0
passive

153
prefix-sid index 1
Verification
 On C1, use traceroute 222.222.222.222 source lo100 to
verify SR works in network.
CE1#traceroute 222.222.222.222 source lo100

1 10.10.110.1 125 msec 31 msec 13 msec
5 10.10.120.20 15 msec * 23 msec

154
Task4.
Configure RSVP-TE and steer traffic to the TE
a) Configure cost 100 on the link between R3, R5
b) Configure RSVP-TE between R2, R4 using explicit-map toward
R2, R3, R5, R4
c) Add Auto-route Announce on the RSVP-TE tunnels between R2
and R4
d) Verify traffic path and reachability of CEs from each other.
Configuration
a. Configure cost 100 on the link between R3, R5

155
R3
router isis 1
point-to-point
metric 100
b. Configure RSVP-TE between R2, R4 using explicit-map toward R2,

R3, R5, R4.
c. Add Auto-route Announce on the RSVP-TE tunnels between R2 and
R4.
R2
interface Tunnel100
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 4.4.4.4
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name EXPATH
!
ip explicit-path name EXPATH enable
next-address 3.3.3.3

156
!
router isis 1
mpls traffic-eng level-2
!
mpls traffic-eng tunnels
ip rsvp bandwidth
!
R3
router isis 1
mpls traffic-eng level-2-only
!
point-to-point
!

157
point-to-point
!
!
rsvp
bandwidth
!
bandwidth
!
!
mpls traffic-eng
!
!
!
R5
router isis 1
!

158
ip rsvp bandwidth
!
ip rsvp bandwidth
!
R4
router isis 1
!
point-to-point
!
!
rsvp

159
bandwidth
!
mpls traffic-eng
!
Verification
 On R2, verify traffic engineering using the show mpls interfaces
R2#show mpls interfaces
Interface IP Tunnel BGP Static
Operational
GigabitEthernet1 Yes (ldp) No No No Yes
GigabitEthernet3 Yes (ldp) Yes No No Yes
GigabitEthernet4 Yes (ldp) No No No Yes
Tunnel100 No No No No Yes
 On R2, Verify the tunnels with the command show mpls traffic-eng
tunnels. R2 is the head-end of one tunnel (3.3.3.3) and the tail-end of
one tunnel (4.4.4.4)
R2#show mpls traffic-eng tunnels
P2P TUNNELS/LSPs:
Name: R2_t100 (Tunnel100) Destination: 4.4.4.4

Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type explicit EXPATH (Basis for Setup, path weight 120)
Config Parameters:
Bandwidth: 0 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
Path-invalidation timeout: 10000 msec (default), Action: Tear
AutoRoute: enabled LockDown: disabled Loadshare: 0 [0] bw-based
auto-bw: disabled
Fault-OAM: disabled, Wrap-Protection: disabled, Wrap-Capable: No

160
Active Path Option Parameters:

State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : GigabitEthernet3, 24011
Next Hop : 10.10.23.3
RSVP Signalling Info:
Src 2.2.2.2, Dst 4.4.4.4, Tun_Id 100, Tun_Instance 327
RSVP Path Info:
My Address: 10.10.23.2
Explicit Route: 10.10.23.3 10.10.35.5 10.10.45.4 4.4.4.4
Record Route: NONE
Tspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
 R4 is now reachable from R2 via tunnel-te0. Verify this on R2

with the command show ip route 4.4.4.4
255.255.255.255
R2#show ip route 4.4.4.4 255.255.255.255
Known via "isis", distance 115, metric 10, type level-2
Redistributing via isis 1
Last update from 4.4.4.4 on Tunnel100, 00:33:54 ago
Routing Descriptor Blocks:
* 4.4.4.4, from 4.4.4.4, 00:33:54 ago, via Tunnel100, merge-labels
Route metric is 10, traffic share count is 1
MPLS label: implicit-null
MPLS Flags: NSF
 on R2, verify the MPLS forwarding entry for the prefix-SID of R4 with the
command show mpls forwarding-table labels 16004
R2#show mpls forwarding-table labels 16004
16004 [T] Pop Label 4.4.4.4/32 0 Tu100 point2point

161
[T] Forwarding through a LSP tunnel.

View additional labelling info with the 'detail' option
 on R2, Verify the MPLS entry for the TE tunnel using the command show
mpls forwarding-table
16 Pop Label 10.10.24.4-A 0 Gi4 10.10.24.4
18 Pop Label 10.10.23.3-A 0 Gi3 10.10.23.3
20 [T] 16006 6.6.6.6/32 2037 Tu100 point2point
21 [T] 16005 5.5.5.5/32 9248 Tu100 point2point
23 24010 1.1.1.1/32 10821 Gi3 10.10.23.3
24 Pop Label 10.10.12.1-A 0 Gi1 10.10.12.1
25 Pop Label 3.3.3.3/32 0 Gi3 10.10.23.3
16001 16001 1.1.1.1/32 1750 Gi3 10.10.23.3
16003 Pop Label 3.3.3.3/32 8424 Gi3 10.10.23.3
16005 [T] 16005 5.5.5.5/32 9248 Tu100 point2point
16006 [T] 16006 6.6.6.6/32 2037 Tu100 point2point
 On R2, trace the route from R2 to R4 using the command traceroute

4.4.4.4 source lo0
R2#traceroute 4.4.4.4 source lo0
3 10.10.45.4 43 msec * 9 msec
 On R1, trace the route from R1 to R6 using the command traceroute

6.6.6.6
RP/0/RP0/CPU0:R1#traceroute 6.6.6.6 source loopback 0
Mon Feb 18 10:53:41.492 UTC


162

5 10.10.46.6 220 msec * 25 msec
o The traffic was carried in the RSVP-TE tunnel between R2 and R4. The actual
path is:
R1 > R2 > R3 > R5 > R4 > R6
 On CE1, trace CE2’s loopback using the command traceroute
222.222.222.222 source lo100
1 10.10.110.1 163 msec 3 msec 7 msec
3 10.10.23.3 [MPLS: Labels 24011/16006/24005 Exp 0] 125 msec 7 msec 13 msec
7 10.10.120.20 32 msec * 58 msec
Task5.
Combination of SR and LDP in the same scenario and using TI-LFA
a) Make sure R1 as SR only node, R4 and R5 as LDP only node,
and Rest of SP nodes are SR+LDP while SR is preferred. Also,
make sure Mapping Server is configure to sets label for
R4&R5.
b) Configure TI-LFA on R3&R2 nodes
c) Verify TI-LFA on node R3 and R2

163
d) Verify traffic path and reachability of CEs from each other
a. Make sure all nodes configured properly.
Configuration
R1
router isis 1
!
interface Loopback0
prefix-sid index 1
!
R2
router isis 1
mpls ldp sync

164
mpls ldp autoconfig

!
!
set-attributes
address-family ipv4
sr-label-preferred
exit-address-family
!
!
address-family ipv4
2.2.2.2/32 index 2 range 1
exit-address-family
!
!
R3
router isis 1
segment-routing prefix-sid-map advertise-local
!
interface Loopback0

165
prefix-sid index 3
!
!
mpls ldp
address-family ipv4
!
!
!
segment-routing
mapping-server
prefix-sid-map
address-family ipv4
4.4.4.4/32 4
5.5.5.5/32 5
!
!
!
R4
router isis 1
!
mpls ldp
address-family ipv4

166
!
!
R5
router isis 1
mpls ldp sync
mpls ldp autoconfig
!
R6
router isis 1
!
interface Loopback0
prefix-sid index 6
!
!
mpls ldp
address-family ipv4
!
!
b. Configure TI-LFA on R3&R2 nodes

167
Configuration
R2
Globally configuration
router isis 1
fast-reroute ti-lfa level-2
Interfaces must be
!
point-to-point
isis fast-reroute protection level-2
isis fast-reroute ti-lfa protection level-2
Or you can configure it
per interface
R3
router isis 1
point-to-point
!
!
point-to-point

168
c. verification:
 Verify Ti-LFA on R3.
RP/0/RP0/CPU0:R3#show isis fast-reroute

Tue Feb 19 10:54:46.153 UTC
IS-IS 1 IPv4 Unicast FRR backups

df - level 1 default (closest attached router), su - summary null
C - connected, S - static, R - RIP, B - BGP, O - OSPF
E - EIGRP, A - access/subscriber, M - mobile, a - application
i - IS-IS (redistributed from another instance)
D - Downstream, LC - Line card disjoint, NP - Node protecting
P - Primary path, SRLG - SRLG disjoint, TM - Total metric via backup
Maximum parallel path count: 8

169
L2 1.1.1.1/32 [10/115]
Backup path: TI-LFA (link), via 10.10.23.2, GigabitEthernet0/0/0/2 R2,
With LDP label
P node: R2.00 [2.2.2.2], Label: ImpNull
Q node: R1.00 [1.1.1.1], Label: 20
Backup-src: R1.00
L2 2.2.2.2/32 [10/115]
FRR backup via 10.10.13.1, GigabitEthernet0/0/0/1, R1, SRGB Base: 16000,
Weight: 0, Metric: 20
L2 4.4.4.4/32 [20/115]
via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0
FRR backup via 10.10.23.2, GigabitEthernet0/0/0/2, R2, SRGB Base: 16000,
Weight: 0, Metric: 20
FRR backup via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0,
Metric: 20
L2 5.5.5.5/32 [10/115]
via 10.10.35.5, GigabitEthernet0/0/0/0, R5, Weight: 0
Backup path: TI-LFA (link), via 10.10.23.2, GigabitEthernet0/0/0/2 R2,
With SR label
P node: R4.00 [4.4.4.4], Label: 16004
Prefix label: None
Backup-src: R5.00

Tue Feb 19 10:57:07.012 UTC

170
[1], 0x0 (0xd7957a8), 0xa20 (0xe32a180)
Updated Dec 23 06:06:55.352
path-idx 0 NHID 0x0 [0xe2b81d0 0xe2b8380]
remote adjacency
path-idx 1 bkup-idx 0 NHID 0x0 [0xe3e1430 0xe3e1190]
next hop 10.10.13.1/32
local label 16001 labels imposed {ImplNull}

Tue Feb 19 11:02:43.838 UTC
[1], 0x0 (0xd795b28), 0xa28 (0xe32a2e8)
Updated Dec 23 06:06:55.351
path-idx 0 bkup-idx 1 NHID 0x0 [0xe3e1c10 0xe3e15f0]
next hop 10.10.35.5/32
local label 16005 labels imposed {ImplNull}
path-idx 1 NHID 0x0 [0xe2b8380 0x0]
next hop 10.10.23.2/32, Repair Node(s): 4.4.4.4

171
remote adjacency
 Verify Ti-LFA on R2.

R2#show isis fast-reroute ti-lfa tunnel
Tag 1:
Fast-Reroute TI-LFA Tunnels:
Tunnel Interface Next Hop End Point Label End Point Host
MP1 Gi3 10.10.23.3 5.5.5.5 16005 R5
R2#show mpls forwarding-table labels 16005

16005 16005 5.5.5.5/32 0 Gi3 10.10.23.3
24000 5.5.5.5/32 0 Gi4 10.10.24.4
d. On CE1, verify traceroute 222.222.222.222 source lo100.

CE1#traceroute 222.222.222.222 source loopback100

172
1 10.10.110.1 23 msec 3 msec 4 msec

5 10.10.120.20 9 msec * 12 msec

173
Tip
In the following topology as you can see, the left side is SR
Only while the right side is LDP only and the link in The
middle is LDP based. In these kind of scenarios for traffics
from SR-to-LDP you need to configure SRMS (Mapping Server)and
allocating Prefix-SID for LDP Routers is required for mutual
Communication.
Task6.
Migration from LDP to SR
a) Configure all SP nodes to be LDP only and verify reachability of CEs
b) Add SR to all SP nodes to be LDP+SR and verify reachability of
CEs. Also, verify on R3 the SR labels.
c) Configure sr-prefer on all SP nodes to enable preference of Segment
Routing over LDP for ip-to-mpls and verify reachability of CEs
d) Remove LDP from all SP nodes and verify reachability of CEs

174
a. Configure LDP on all nodes
Configuration
175
R1&R3&R4&R6
!
router isis 1
!
!
mpls ldp
address-family ipv4
!
!
R2&R5
router isis 1
mpls ldp sync
mpls ldp autoconfig
!
 On CE1, verify path to CE2.

Verification

176

1 10.10.110.1 64 msec 4 msec 3 msec
5 10.10.120.20 12 msec * 23 msec

177
b. Add SR to all SP nodes to be LDP+SR and verify reachability of

CEs.
Configuration
R1, R3, R4, R6
router isis 1
!
interface Loopback0
It (X) changes based on
address-family ipv4 unicast node ID. (e.g. 1 for R1 )
prefix-sid index x
!
R2, R5
router isis 1
mpls ldp sync
mpls ldp autoconfig
!

178
!!! for R5
!
address-family ipv4
5.5.5.5/32 index 5 range 1
exit-address-family
!
!!! for R2
!
address-family ipv4
2.2.2.2/32 index 2 range 1
exit-address-family
!
Verification
 On R3, verify SR labels.

Tue Feb 19 12:54:52.385 UTC

16001 1.1.1.1/32

179
16002 2.2.2.2/32
16003 Loopback0
16004 4.4.4.4/32
16005 5.5.5.5/32
16006 6.6.6.6/32
 On CE1, verify the path for CE2.

1 10.10.110.1 84 msec 4 msec 6 msec
5 10.10.120.20 50 msec * 19 msec
c. Configure sr-prefer on all SP nodes to enable preference of

Segment Routing over LDP for ip-to-mpls and verify reachability of
CEs.
Configuration
R1, R3, R4, R6

180
router isis 1
R2, R5
!
set-attributes
address-family ipv4
sr-label-preferred
exit-address-family
Verification

1 10.10.110.1 23 msec 5 msec 2 msec

181

5 10.10.120.20 9 msec * 9 msec
d. Remove LDP from all SP nodes and verify reachability of CEs
Configuration
R1, R3, R4, R6
router isis 1
!
no mpls ldp

182
R2, R5
router isis 1
no mpls ldp sync
no mpls ldp autoconfig
Verification

1 10.10.110.1 106 msec 46 msec 50 msec
5 10.10.120.20 106 msec * 121 msec

183
Multi-domain SR and BGP Prefix-SID

Addressing Table
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
RR1 7.7.7.7/32
RR2 8.8.8.8/32
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA

10.10.XY.Z
184
For example:
R1= 10.10.12.1, R2=10.10.12.2
Task7.
Multidomain for SR and BGP Prefix-sid
a) Configure two ISIS domains, ISIS1+SR and ISIS2+SR
b) Configure BGP AS100 in ISIS1 and AS200 in ISIS
c) Configure L3VPN inter-AS option C
d) Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
e) Assign AS 110 for site1 and AS120 for site2
f) Advertise CE’s Loopbacks in MP-BGP
Tip:
In this scenario, inter-AS option C provides inter-AS L3VPN connectivity. In the inter-AS
option C model, the L3VPN prefixes and labels are exchanged between the PEs in two ASs
using EBGP. For scalability, this exchange typically happens over a multi-hop EBGP session
between a RR in one AS and a RR in other AS. To establish the inter-AS EBGP session between

185
the RRs, reachability between them is required. The inter-AS option C model also requires that
the loopback prefixes of the PEs are reachable from the other AS. This is require to provide a
continuous LSP between the PEs to carry the L3VPN service traffic. Within AS, LDP or SR are
used for label distribution while BGP label unicast (LU) is used to exchange over inter-AS link
between ASs. There are two options for providing inter-AS LSPs between the PEs:
1) Mutually redistribute the PE loopback prefixes with their prefix-SID labels between BGP
and IGP on the ASBR
2) Advertise the PE loopback with their prefix-SID labels in BGP-LU (using RPL or route-
map) which is used in this scenario.
BGP session between RR <-> ASBR (R3 or R4) will be established to provide reachability
between RRs. It should be noted that, RRs only reflect VPNv4 prefixes.
To answer this task consider the following points:
 Configure BGP-LU between R1<->R3, RR1<->R3, R3<->R4, R4<->RR2 ,
R4<->R6
 Configure BGP VPNv4 between R1<->RR1, RR1<->RR2, RR2<->R6
 Do not change BGP next hop between RR1<->RR2 (Next hop unchanged command)
 Change next-hop from ASBRs to PEs (next-hop self)
a. Configure two ISIS domains, ISIS1+SR and ISIS2+SR
Configuration

186
ISIS-1
R1
router isis 1
net 49.0000.0000.0000.0001.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0.12
point-to-point
!
To enable mpls traceroute

mpls oam

187
R2
router isis 1
net 49.0000.0000.0000.0002.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 2
!
!
point-to-point
!
!
point-to-point
!
!
R2 and RR1 link

188
point-to-point
!
!
mpls oam
R3
router isis 1
net 49.0000.0000.0000.0003.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 3
!
!

189
point-to-point
!
!
mpls oam
RR1
router isis 1
net 49.0000.0000.0000.0007.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 7
!
!
RR1 and R2 link
point-to-point

190

!
!
mpls oam
ISIS-2
R4
router isis 2
net 49.0000.0000.0000.0004.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 4
!
!

191
point-to-point
!
!
mpls oam
R5
router isis 2
net 49.0000.0000.0000.0005.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 5
!
!

192
point-to-point
!
!
point-to-point
!
!
R5 and RR2 link
point-to-point
!
!
mpls oam
R6
router isis 2
net 49.0000.0000.0000.0006.00
metric-style wide

193
!
interface Loopback0
passive
prefix-sid index 6
!
!
point-to-point
!
!
mpls oam
RR2
router isis 2
net 49.0000.0000.0000.0008.00
metric-style wide

194
!
interface Loopback0
passive
prefix-sid index 8
!
!
interface GigabitEthernet0/0/0/0.58 RR2 and R5 link
point-to-point
!
mpls oam
b1. Configure BGP AS100 in ISIS1.
Configuration
R1
router bgp 100

bgp router-id 1.1.1.1
!
!
ASBR R3

195
neighbor 3.3.3.3
remote-as 100
address-family ipv4 labeled-unicast
!
!
RR1 Loopback address
neighbor 7.7.7.7
remote-as 100
!
!
R3
router bgp 100

!
neighbor 1.1.1.1
remote-as 100
next-hop-self
!

196
!
neighbor 7.7.7.7
remote-as 100
next-hop-self To change Next hop
! for Domain2
RR1
router bgp 100

!
!
neighbor 1.1.1.1
remote-as 100
route-reflector-client
!
!
neighbor 3.3.3.3
remote-as 100

197

!
!
Configuration
R6
router bgp 200

!
!
neighbor 4.4.4.4
remote-as 200
!
!
neighbor 8.8.8.8
remote-as 200

198
!
!
R4
router bgp 200

!
neighbor 6.6.6.6
remote-as 200
next-hop-self
!
!
neighbor 8.8.8.8
remote-as 200
next-hop-self
!
!

199
RR2
router bgp 200

!
!
neighbor-group ISIS2
remote-as 200
!
!
neighbor 4.4.4.4
remote-as 200
!
!
neighbor 6.6.6.6
remote-as 200
!

200
c. Configure L3VPN inter-AS option C
Configuration
Domain 1
R1
Policy to assign BGP Prefix-SID

route-policy SID($SID)
set label-index $SID
end-policy
!
router bgp 100

Assign BGP Prefix-SID to
network 1.1.1.1/32 route-policy SID(1) R1 loopback address and
advertise it to bgp
allocate-label all
!
segment-routing
global-block 16000 23999 After changing SRGB, use
process restart bgp
command to take effect of label
range on bgp process
RR1

201
end-policy
!
route-policy ebgp
pass
end-policy
!
router bgp 100

network 7.7.7.7/32 route-policy SID(7) RR1 loopback address
and advertise it to bgp
allocate-label all
!
!
neighbor 8.8.8.8
Enable ebgp multihop
remote-as 200
ebgp-multihop 100
vpnv4 with RR2 to
exchange vpn routes
route-policy ebgp in
route-policy ebgp out
!
!

202
segment-routing
global-block 16000 23999
!
R3(ASBR)
router bgp 100 Make eBGP neighbors with no policy

pass all routes (no more policy needed)
bgp unsafe-ebgp-policy
allocate-label all
neighbor 10.10.34.4
remote-as 200
BGP-LU address family
address-family ipv4 labeled-unicast to exchange vpn label
!
A /32 static route must configured

router static for R4(Domain2’s ASBR) IP address
address-family ipv4 unicast to connected interface. It enables
MPLS forwarding on the interface
10.10.34.4/32 GigabitEthernet0/0/0/0.34
!
segment-routing
SRGB must configured
global-block 16000 23999 for BGP label allocation

203
Domain 2
R6
end-policy
!
router bgp 200

address-family ipv4 unicast Assign BGP Prefix-SID to
R6 loopback address and
network 6.6.6.6/32 route-policy SID(6) advertise it to bgp
allocate-label all
!
segment-routing
!
RR2

204

end-policy
!
route-policy ebgp
pass
end-policy
!
router bgp 200
RR2 loopback address
network 8.8.8.8/32 route-policy SID(8) and advertise it to bgp
allocate-label all
!
neighbor 7.7.7.7
vpnv4 with RR1 to
remote-as 100 exchange vpn routes
ebgp-multihop 100
next-hop-unchanged
!
segment-routing
!

205
R4
router bgp 200

allocate-label all
!
!
neighbor 10.10.34.3
remote-as 100
!
!
!
router static A /32 static route must configured

for R3(Domain1’s ASBR) IP address
address-family ipv4 unicast to connected interface. It enables
MPLS forwarding on the interface
10.10.34.3/32 GigabitEthernet0/0/0/0.34
segment-routing
!
 On R3, verify the BGP session to R1, RR1 and R4.

Verification
206
RP/0/RP0/CPU0:R3#show bgp ipv4 labeled-unicast summary

Fri Mar 8 10:50:54.752 UTC
Table ID: 0xe0000000 RD version: 14
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Speaker 14 14 14 14 14 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

1.1.1.1 0 100 192 197 14 0 0 03:00:13 1
7.7.7.7 0 100 187 193 14 0 0 03:04:00 1
10.10.34.4 0 200 196 195 14 0 0 03:03:35 2
RP/0/RP0/CPU0:R3#show bgp ipv4 labeled-unicast

Fri Mar 8 10:52:56.407 UTC

207


Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 1.1.1.1 0 100 0 i
*> 6.6.6.6/32 10.10.34.4 0 200 i
*>i7.7.7.7/32 7.7.7.7 0 100 0 i
*> 8.8.8.8/32 10.10.34.4 0 200 i
RP/0/RP0/CPU0:R3#show bgp ipv4 labeled-unicast labels

Fri Mar 8 10:54:11.830 UTC

208

*>i1.1.1.1/32 1.1.1.1 3 16001
*> 6.6.6.6/32 10.10.34.4 16006 16006
*>i7.7.7.7/32 7.7.7.7 3 16007
*> 8.8.8.8/32 10.10.34.4 16008 16008
RP/0/RP0/CPU0:R3#show mpls forwarding labels 16006

Fri Mar 8 10:56:05.691 UTC
16006 16006 SR Pfx (idx 6) Gi0/0/0/0.34 10.10.34.4 922

Fri Mar 8 11:06:03.175 UTC
GigabitEthernet0/0/0/0.23 No No No Yes
 On RR1, verify the BGP session to RR2 and R1.

Verification
RP/0/RP0/CPU0:RR1#show bgp vpnv4 unicast summary
Fri Mar 8 11:08:15.587 UTC

209


Speaker 82 82 82 82 82 0
R1
1.1.1.1 0 100 3139 3202 82 0 0 03:17:32 0
RR2
8.8.8.8 0 200 1437 1456 82 0 0 03:19:46 0
d. Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
Configuration
R1
vrf A
import route-target

210
200:1
!
export route-target
100:1
!
!
!
vrf A
ipv4 address 10.10.110.1 255.255.255.0
encapsulation dot1q 110
!
R6
vrf A
import route-target
100:1
!
export route-target
200:1
!
!
!

211
vrf A
ipv4 address 10.10.120.6 255.255.255.0
e. Assign AS 110 for site1 and AS120 for site2.
Configuration
CE1
ip address 111.111.111.111 255.255.255.255
!
router bgp 110

network 111.111.111.111 mask 255.255.255.255
!
CE2
ip address 222.222.222.222 255.255.255.255
!

212
router bgp 120

network 222.222.222.222 mask 255.255.255.255
!
R1
route-policy vpn
pass
end-policy
!
router bgp 100

vrf A
rd 100:1
!
neighbor 10.10.110.10
remote-as 110
route-policy vpn in
!
!
!

213
R6
route-policy vpn
pass
end-policy
!
router bgp 200

vrf A
rd 200:1
!
neighbor 10.10.120.20
remote-as 120
route-policy vpn in
!
!
!
 On R1, verify that the prefix 222.222.222.222/32 on VRF A with next-hop

6.6.6.6 (R6) from RR is received using command: show bgp vrf A

214
Verification
RP/0/RP0/CPU0:R1#show bgp vrf A
Fri Mar 8 11:15:41.508 UTC
BGP VRF A, state: Active
BGP Route Distinguisher: 100:1
VRF ID: 0x60000002

*> 111.111.111.111/32 10.10.110.10 0 0 110 i
*>i222.222.222.222/32 6.6.6.6 100 0 200 120 i
 On RR2, verify connectivity of remote RR1, ping and traceroute.

Verification

215
RP/0/RP0/CPU0:RR2#show cef 7.7.7.7/32

Fri Mar 8 11:20:01.504 UTC
7.7.7.7/32, version 275, internal 0x1000001 0x0 (ptr 0xdf145c8) [1], 0x0
(0xe0d7b28), 0xa08 (0xe63d4e8)
Updated Mar 8 07:48:21.726
path-idx 0 NHID 0x0 [0xd340f18 0x0]
recursion-via-/32
next hop 4.4.4.4/32 via 16004/0/21
local label 24001
next hop 10.10.58.5/32 Gi0/0/0/0.58 labels imposed {16004 16007}
RP/0/RP0/CPU0:RR2#ping 7.7.7.7 source loopback 0

Fri Mar 8 11:18:10.796 UTC
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/12/33 ms
RP/0/RP0/CPU0:RR2#traceroute 7.7.7.7 source loopback 0

Fri Mar 8 11:18:57.133 UTC


216

5 10.10.27.7 13 msec * 17 msec
 On R1, verify 8.8.8.8/32 and 6.6.6.6/32 are received from R3: show bgp ipv4
labeled-unicast.
Verification
RP/0/RP0/CPU0:R1#show bgp ipv4 labeled-unicast
Fri Mar 8 11:21:58.790 UTC

*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i6.6.6.6/32 3.3.3.3 100 0 200 i
*>i8.8.8.8/32 3.3.3.3 100 0 200 i

217
 Verify control-plane and data plane reachability from R1 to R6
 On R6, verify the SRGB allocation starting at 16000.

Verification
RP/0/RP0/CPU0:R6#show mpls label table label 16000 detail

Fri Mar 8 11:32:02.738 UTC
0 16000 ISIS(A):2 InUse No

BGP-VPNv4(A):bgp-default InUse No

218
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
 On R6, verify bgp label for the prefix 6.6.6.6/32 using command, show bgp
labels. as this prefix is local, it advertises with label 3 (implicit-null) which
enables PHP/
Verification
RP/0/RP0/CPU0:R6#show bgp labels
Fri Mar 8 11:33:15.957 UTC

*>i1.1.1.1/32 4.4.4.4 16001 16001
*> 6.6.6.6/32 0.0.0.0 nolabel 3
*>i7.7.7.7/32 4.4.4.4 16007 16007

219
 On R4, verify bgp label for the prefix 6.6.6.6/32 and find prefix-sid 6.
Verification
RP/0/RP0/CPU0:R4#show bgp ipv4 labeled-unicast 6.6.6.6/32
Fri Mar 8 11:37:03.548 UTC
BGP routing table entry for 6.6.6.6/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 14 14
Local Label: 16006
Last Modified: Mar 8 07:52:15.718 for 03:44:48
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.34.3
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.34.3
Local
6.6.6.6 (metric 20) from 6.6.6.6 (6.6.6.6)
Received Label 3
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
labeled-unicast
Received Path ID 0, Local Path ID 1, version 14
Prefix SID Attribute Size: 7
Label Index: 6
 On R4, both IGP (ISIS) and BGP advertise the Prefix-SID 16006 for prefix
6.6.6.6/32. Because of lower administrative distance of ISIS (115) compared
to BGP (200), ISIS installs the prefix 6.6.6.6/32. Enter the following command
to verify RIB using command.
Verification

220
RP/0/RP0/CPU0:R4#show route 6.6.6.6/32 detail | utility head count 15

Fri Mar 8 12:23:31.653 UTC

Known via "isis 2", distance 115, metric 20, labeled SR, type level-2
Installed Mar 8 07:38:58.529 for 04:44:33
10.10.45.5, from 6.6.6.6, via GigabitEthernet0/0/0/0.45
Route metric is 20
Label: 0x3e86 (16006)
Tunnel ID: None
Binding Label: None
Path id:1 Path ref count:0
NHID:0x2(Ref:6)
Local Label: 0x3e86 (16006)
 On R3, verify that the prefix 6.6.6.6/32 received.
Tip:
The prefix-SID attribute is transitive, it means it will be forwarded even if the BGP
implementation does not understand the attribute.
Verification

221
RP/0/RP0/CPU0:R3#show bgp ipv4 labeled-unicast 6.6.6.6/32 brief

Fri Mar 8 11:58:19.078 UTC

*> 6.6.6.6/32 10.10.34.4 0 200 i
 On R3, verify allocated-label for 6.6.6.6/32.

Verification
RP/0/RP0/CPU0:R3#show bgp labels | utility tail count 10
Fri Mar 8 12:02:06.868 UTC
*>i1.1.1.1/32 1.1.1.1 3 16001
*> 6.6.6.6/32 10.10.34.4 16006 16006
*>i7.7.7.7/32 7.7.7.7 3 16007
*> 8.8.8.8/32 10.10.34.4 16008 16008
 On R3, Verify RIB.

Verification
Fri Mar 8 12:05:59.825 UTC

222

Known via "bgp 100", distance 20, metric 0, [ei]-bgp, labeled unicast (3107),
labeled SR
Tag 200, type external
10.10.34.4, from 10.10.34.4, BGP external
Route metric is 0
Label: 0x3e86 (16006)
Tunnel ID: None
Binding Label: None
NHID:0x0(Ref:0)
 On R3, Verify FIB for 6.6.6.6/32

Verification
Fri Mar 8 12:15:25.848 UTC
6.6.6.6/32, version 36, labeled SR, internal 0x5000001 0x80 (ptr 0xde0a390)
[1], 0x0 (0xdfcdbe8), 0xa08 (0xe4dc328)
Updated Mar 8 07:52:35.068
via 10.10.34.4/32, 3 dependencies, recursive, bgp-ext [flags 0x6020]
path-idx 0 NHID 0x0 [0xd75a0b8 0x0]
recursion-via-/32
next hop 10.10.34.4/32 via 24002/0/21
local label 16006
next hop 10.10.34.4/32 Gi0/0/0/0.34 labels imposed {ImplNull 16006}
 On R3, Verify MPLS forwarding for label 16006.

223
Verification
RP/0/RP0/CPU0:R3#show mpls forwarding labels 16006
Fri Mar 8 12:18:35.395 UTC
16006 16006 SR Pfx (idx 6) Gi0/0/0/0.34 10.10.34.4 922
 On R1, Verify RIB for 6.6.6.6/32

Verification
Fri Mar 8 12:21:59.817 UTC

Known via "bgp 100", distance 200, metric 0, [ei]-bgp, labeled SR
3.3.3.3, from 3.3.3.3
Route metric is 0
Label: 0x3e86 (16006)
Tunnel ID: None
Binding Label: None
NHID:0x0(Ref:0)
 On R1, Verify FIB for 6.6.6.6/32

224
Verification
Fri Mar 8 12:53:08.521 UTC
6.6.6.6/32, version 292, labeled SR, internal 0x1000001 0x80 (ptr 0xdf12c10) [1],
0x0 (0xe0d8128), 0xa08 (0xe633428)
Updated Mar 8 07:52:36.783
path-idx 0 NHID 0x0 [0xd373598 0x0]
recursion-via-/32
next hop 3.3.3.3/32 via 16003/0/21
local label 16006
next hop 10.10.12.2/32 Gi0/0/0/0.12 labels imposed {16003 16006}
 On R1, verify 6.6.6.6 path with traceroute.

Verification
Fri Mar 8 12:55:04.492 UTC


5 10.10.56.6 34 msec * 13 msec

225
 On R1, verify label path with mpls traceroute and ping.

Verification
RP/0/RP0/CPU0:R1#traceroute mpls ipv4 6.6.6.6/32 source 1.1.1.1 fec-type generic
Fri Mar 8 13:01:30.887 UTC
Tracing MPLS Label Switched Path to 6.6.6.6/32, timeout is 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
0 10.10.12.1 MRU 1500 [Labels: 16003/16006 Exp: 0/0]

L 1 10.10.12.2 MRU 1500 [Labels: implicit-null/16006 Exp: 0/0] 7 ms
L 3 10.10.34.4 MRU 1500 [Labels: 16006 Exp: 0] 17 ms
. 4 * This is R5 that doesn’t have 1.1.1.1/32 prefix
! 5 10.10.56.6 33 ms
RP/0/RP0/CPU0:R1#ping mpls ipv4 6.6.6.6/32 source 1.1.1.1 fec-type generic

Fri Mar 8 13:11:33.967 UTC
Sending 5, 100-byte MPLS Echos to 6.6.6.6/32,

timeout is 2 seconds, send interval is 0 msec:

226

!!!!!
 On CE1, verify 222.222.222.222 reachability.

Verification
CE1#traceroute 222.222.222.222 source loopback 110
VPN label
1 10.10.110.1 2 msec 2 msec 13 msec
7 10.10.120.20 4 msec * 4 msec
CE1#ping 222.222.222.222 source loopback 110


227

Packet sent with a source address of 111.111.111.111
!!!!!

228
Task8.
Multidomain SR&LDP and BGP Prefix-sid
a) Configure two ISIS domains, ISIS1+LDP and ISIS2+SR
b) Configure BGP AS100 in ISIS1 and AS200 in ISIS as task 7
c) Configure L3VPN inter-AS option C
d) Put CE routers in VRF “A” and site1 RT,RD: 100:1, site2 RT,RD:
200:1 as task8
e) Assign AS 110 for site1 and AS120 for site2 as task 7
f) Advertise CE’s Loopbacks in MP-BGP as task 7
a. Configure two ISIS domains, ISIS1+LDP and ISIS2+SR
Configuration
ISIS1
R1
router isis 1
net 49.0000.0000.0000.0001.00
metric-style wide
!
interface Loopback0

229
passive
!
!
point-to-point
!
!
After changing SRGB, use

no segment-routing process restart bgp
! command to take effect of label
range on bgp process
mpls ldp
!
mpls oam
!
R2
router isis 1
net 49.0000.0000.0000.0002.00

230
metric-style wide
!
interface Loopback0
passive
!
!
point-to-point
!
!
point-to-point
!
!
point-to-point
!
!
no segment-routing
!

231
mpls ldp
!
mpls oam
!
R3
router isis 1
net 49.0000.0000.0000.0003.00
metric-style wide
!
interface Loopback0
passive
!
!
point-to-point

232
mpls ldp
!
mpls oam
!
RR1
router isis 1
net 49.0000.0000.0000.0007.00
metric-style wide
!
interface Loopback0
passive
!
!
point-to-point

233

!
!
!
no segment-routing
!
mpls ldp
!
mpls oam
!
ISIS2
R4,R5,R6 and RR2
Same as task 8
c. Configure L3VPN inter-AS option C
Configuration
R1

234
router bgp 100

network 1.1.1.1/32
allocate-label all
!
RR1
route-policy ebgp
pass
end-policy
!
router bgp 100

network 7.7.7.7/32
allocate-label all
!
neighbor 8.8.8.8
remote-as 200
ebgp-multihop 100

235
next-hop-unchanged
!
!
R3
router bgp 100

allocate-label all
!
neighbor 10.10.34.4
remote-as 200
!
!
!
 Verify control-plane and data plane reachability from R1 to R6

Verification
236
 On RR2, verify the BGP table entry for 222.222.222.222/32 prefix.

Verification
RP/0/RP0/CPU0:RR2#show bgp vpnv4 unicast rd 200:1 | utility tail
Fri Mar 8 17:16:12.404 UTC


237

*>i222.222.222.222/32 6.6.6.6 0 100 0 120 i
 On RR2, verify connectivity of remote RR1.

Verification
RP/0/RP0/CPU0:RR2#traceroute 7.7.7.7 source loopback 0
Fri Mar 8 17:18:25.309 UTC


5 10.10.27.7 8 msec * 24 msec
 On R3, verify allocated-label for 6.6.6.6/32.

Verification
RP/0/RP0/CPU0:R3#show bgp labels | utility tail ty tail
Fri Mar 8 17:34:21.171 UTC

238
*>i1.1.1.1/32 1.1.1.1 3 24003

*> 6.6.6.6/32 10.10.34.4 16006 24007
*>i7.7.7.7/32 7.7.7.7 3 24005
*> 8.8.8.8/32 10.10.34.4 16008 24006
 On R1, Verify RIB for prefix 222.222.222.222/32

Verification
Fri Mar 8 17:36:51.022 UTC

6.6.6.6, from 7.7.7.7
Nexthop in Vrf: "default", Table: "default", IPv4 Unicast, Table Id: 0xe0000000
Route metric is 0
 On R1, Verify FIB entry for 222.222.222.222/32 prefix.

Verification
Fri Mar 8 17:39:44.402 UTC
222.222.222.222/32, version 92, internal 0x5000001 0x0 (ptr 0xdf12074) [1],
0x0 (0xe0d8128), 0xa08 (0xe633228)
Updated Mar 8 16:28:59.874

239

path-idx 0 NHID 0x0 [0xd373328 0x0]
recursion-via-/32
next hop 6.6.6.6/32 via 24000/0/21
next hop 10.10.12.2/32 Gi0/0/0/0.12 labels imposed {24006 24007 24002}
 On R1, Verify MPLS forwarding for 6.6.6.6/32.
Verification
RP/0/RP0/CPU0:R1#show mpls forwarding prefix 6.6.6.6/32
Fri Mar 8 17:41:57.150 UTC
24000 24007 6.6.6.6/32 3.3.3.3 1040
Tip:
The Traffic is carried by BGP-LU and LDP in AS1 but carried by SR in AS2. The prefix-
SID attribute is transitive, it means it will be forwarded even if the BGP implementation
does not understand the attribute.
Since SR BGP is not enabled on R3, it does not understand the prefix-sid attribute and it
ignores it. Therefore, it allocate a regular dynamic label for prefix 6.6.6.6/32 and forwards
that label to R1. You can verify it by the command: show bgp label
R3 received prefix-SID label 16006 for prefix 6.6.6.6/32 from R4, but it ignores the
attached prefix-SID attribute and allocates a random dynamic label

240
 On R1, verify label path with mpls ping and traceroute.

Verification
RP/0/RP0/CPU0:R1#traceroute mpls ipv4 6.6.6.6/32 source 1.1.1.1 fec-type generic
Fri Mar 8 17:46:37.320 UTC
Tracing MPLS Label Switched Path to 6.6.6.6/32, timeout is 2 seconds

0 10.10.12.1 MRU 1500 [Labels: 24006/24007 Exp: 0/0]

L 3 10.10.34.4 MRU 1500 [Labels: 16006 Exp: 0] 19 ms
. 4 * This is R5 that doesn’t have 1.1.1.1/32 prefix
! 5 10.10.56.6 28 ms
RP/0/RP0/CPU0:R1#ping mpls ipv4 6.6.6.6/32 source 1.1.1.1 fec-type generic

Fri Mar 8 17:47:29.991 UTC

241
Sending 5, 100-byte MPLS Echos to 6.6.6.6/32,

timeout is 2 seconds, send interval is 0 msec:

!!!!!
 On CE1, verify 222.222.222.222 reachability with traceroute.

Verification
1 10.10.110.1 11 msec 1 msec 1 msec
7 10.10.120.20 4 msec * 4 msec

242

243
Day 3
Segment Routing
Traffic Engineering

244
Segment Routing Traffic engineering

SRTE has brought new Traffic Engineering techniques to tackle network
operators scaling issues which prevented them in the past from having an
end-to-end control over the variety of services they offer. In this chapter
variety of scenarios are provided to cover SR-TE, automated steering, on
demand next hop (ODN) and IGP SR Flexible Algorithm (Flex-Algo) in the
single IGP domain.
Segment Routing steers a packet flow into SR Policy that contains an
ordered list of segments. The Path can be different from the least cost path.
Encode path information in the packet. A SR Policy is a framework that
enables instantiation of an ordered SID list on a node for implementing a
source routing policy and it is uniquely identified through a tuple (Head-end,
color, and Endpoint). SR policy also can be used for Fast Reroute (FRR) or
Operations, Administration, and Maintenance (OAM) purposes. Compared
to RSVP-TE, advantages of SRTE are Multi-domain support by using PCEP
for computation, ECMP/WECMP and Automated steering traffic. Also, there
is a component named Binding-SID (B-SID) that involves a list of SIDs and
it bound to SR Policy for greater scalability.
The head-end imposes the corresponding MPLS label stack on to outgoing
packets to be carried over the tunnel. Each transit node along the SR-TE
LSP path uses the incoming top label to select the next-hop, pop or swap
the label, and forward the packet to the next node with the remainder of the
label stack, until the packet reaches the ultimate destination. OSPF/ISIS
provides TE with the topology and SR related information. SR related
information include SRGB/prefix/Adjacency SIDs of all nodes/links with SR
enabled in the network.
Correspondingly, the Automate Steering using BGP community is another

technique which helps steering service traffic in a SR-policy that is covered
in this chapter. ODN and Flex-Algo scenarios are provided to help you
bringing scalability and flexibility to your network.

245
There are two types of SR-TE policies: dynamic and explicit.

Dynamic SR-TE Policy
When you configure local dynamic SR-TE, the head-end locally calculates
the path to the destination address. Dynamic path calculation results in a list
of interface IP addresses that traffic engineering (TE) maps to adj-SID labels.
Routes are learned by way of forwarding adjacencies over the TE tunnel.
Explicit SR-TE Policy
An explicit path is a list of IP addresses or labels, each representing a node
or link in the explicit path. This feature is enabled through the explicit-
path command that allows you to create an explicit path and enter a
configuration submode for specifying the path.
Note: It should be noted that both types explicit and dynamic policy can be
applied using PCE controller in which external controller gathers topology
information of multiple domains and select the best path over multiple
domains and configures head end router to use injected segment list.
Addressing Table
R1(XR) 1.1.1.1/32 16001
R2(XE) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XE) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
CE1(IOS) 111.111.111.111/32 NA

246
CE2(IOS) 222.222.222.222/32 NA

10.10.XY.Z
For example:
R1= 10.10.12.1, R2=10.10.12.2

247
Tip:
Candidate path has a preference and is associated with a single
Binding-SID.
Tip:
SRTE Candidate Path can be received from different sources
such as: CLI, BGP, PCEP, Netconf. Source of path is not
considered for path selection. The valid path with Higher
preference is the selected path.

248
SRTE Basic Configuration
SRTE Segment-routing
traffic-eng
policy P1
SR policy color 20 end-point ipv4 6.6.6.6 Color & End-Point
binding-sid mpls 40180
BSID-It can be
candidate-paths
assigned
automatically preference 100
dynamic mpls
Cpath1(Dynamic) metric TE Metric
type te
affinity
Constraint
exclude-any red
Cpath2(Static) !
Valid and higher preference 200
explicit segment-list SL1 Explicit Path
preference
!
segment-list name SL1
Node 5
index 10 mpls label 16005
SID List1 index 20 mpls label 16006
Node 6

249
SRTE and WECMP Configuration
SRTE Segment-routing
traffic-eng
policy P1
SR policy color 20 end-point ipv4 6.6.6.6 Color & End-Point
BSID-It can be
candidate-paths
assigned
automatically preference 100 Explicit Path
explicit segment-list SL1
Weight 1
weight 1
explicit segment-list SL2
Explicit Path
weight 4
! Weight 4
segment-list name SL1
SID List1
!
SID List2 segment-list name SL2

250
Tip:
Binding-SIDs can be used in the following cases:

 Multi-Domain (inter-domain, inter-autonomous system)
Binding-SIDs can be used to steer traffic across domain
borders, creating seamless end-to-end inter-domain SR-TE
policies.
 Large-Scale within a single domain
The head-end can use hierarchical SR-TE policies by
nesting the end-to-end (edge-to-edge) SR-TE policy
within another layer of SR-TE policies (aggregation-to-
aggregation). The SR-TE policies are nested within
another layer of policies using the binding-SIDs,
resulting in seamless end-to-end SR-TE policies.
 Label stack compression
If the label-stack size required for an SR-TE policy
exceeds the platform capability, the SR-TE policy can be
seamlessly stitched to, or nested within, other SR-TE
policies using a binding segment.
 BGP SR-TE Dynamic
The head-end steers the packet into a BGP-based FIB
entry whose next hop is a binding-SID.

251
Base Topology
Tip:
 SR-TE is not supported on broadcast interfaces; it is
supported only point-to-point interfaces in both ISIS and
OSPF.
 Only one instance of protocol should be enabled for TE at
a given point of time.

252
Task1.
Single domain static SRTE:
o. Configure ISIS1 as IGP and Configure SR on all SP nodes
p. Change the IGP metric of links <R3-R4> and <R4-R6> to 1000
q. On R3, configure SRLB to assign persistence Adj-SID and verify
the Adj-SID and for R4, use dynamic Adj-SID
r. Configure R1 as Head-end and SRTE to use Explicit-Path
through R3<->R4 link and assign BSID 40000 to the SR-Policy
s. R1 must reach R6 through the path R1-R3-R4-R6
t. On R1, configure TI-LFA
u. Check the TI-LFA backup path for the SRTE path on R1
v. Shutdown R3<->R4 link. verify that traffic will drop because of
invalidation drop
a. Configure ISIS1 as IGP and Configure SR on all SP nodes
Configuration
R1,R3,R4,R6
router isis 1

253
net 49.0000.0000.0000.000x.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index x
!
!
interface GigabitEthernet0/0/0/y
point-to-point
!
!
interface GigabitEthernet0/0/0/y
point-to-point
!
!
!
R2,R5

254
router isis 1
net 49.0000.0000.0000.000x.00
metric-style wide
!
interface GigabitEthernet y
ip router isis 1
!
address-family ipv4
w.x.y.z/32 index x range 1
exit-address-family
b. Change the IGP metric of links <R3-R4> and <R4-R6> to 1000
Configuration
router isis 1

255

metric 1000
c1. On R3, Check adjacency-SID dynamic label assignment for R3<-

>R4 link.
RP/0/RP0/CPU0:R3#show isis adjacency detail

Sun Feb 24 07:45:46.282 UTC
IS-IS 1 Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
R1 Gi0/0/0/0 *PtoP* Up 27 00:16:48 Yes None None
Neighbor IPv4 Address: 10.10.13.1*
Adjacency SID: 25001
Non-FRR Adjacency SID: 25002

Topology: IPv4 Unicast

Protected
R4 Gi0/0/0/3 *PtoP* dynUap
mic Adj2-S2ID 00:13:53 Yes None None
Adjacency SID: 25005 Non-Protected
dynamic Adj-SID

256



Total adjacency count: 4
c2. On R3, configure persistence Adj-SID for R3<->R4 link.
Configuration
segment-routing
SRLB reserved
local-block 24000 25000 range for
persistence Adj-SID
!
router isis 1
Protected
point-to-point Persistence Adj-SID
metric 1000
Non-Protected
adjacency-sid absolute 24041 protected Persistence Adj-SID
adjacency-sid absolute 24042
c3. On R3, use clear segment-routing local-block discrepancy all

command to force SRLB configuration allocation.
257
c4. On R3, verify the persistence Adj-SIDs.
Verification
RP/0/RP0/CPU0:R3#show isis segment-routing label adjacency persistent
Sun Feb 24 07:56:20.641 UTC
IS-IS 1 Manual Adjacency SID Table
24041 AF IPv4
GigabitEthernet0/0/0/3: IPv4, Protected 1/255/N, Active
24042 AF IPv4
GigabitEthernet0/0/0/3: IPv4, Not protected 1/255/N, Active

Sun Feb 24 07:58:32.935 UTC
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.10.13.1 0

16002 Pop SR Pfx (idx 2) Gi0/0/0/2 10.10.23.2 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.23.2 0
16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.35.5 0
Persistence Adj-SIDs
16005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.10.35.5 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.35.5 0
24041 Pop SRLB (idx 41) Gi0/0/0/3 10.10.34.4 0
24042 Pop SRLB (idx 42) Gi0/0/0/3 10.10.34.4 0
25001 Pop SR Adj (idx 1) Gi0/0/0/0 10.10.13.1 0

258
25002 Pop SR Adj (idx 3) Gi0/0/0/0 10.10.13.1 0

Dynamic Adj-SIDs
25003 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.23.2 0
25004 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.23.2 0
25005 Pop SR Adj (idx 1) Gi0/0/0/3 10.10.34.4 0
25006 Pop SR Adj (idx 3) Gi0/0/0/3 10.10.34.4 0
25007 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.35.5 0
25008 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.35.5 0
c5. On R4, find the dynamic Adj-SID related to R6.
RP/0/RP0/CPU0:R4#show isis adjacency systemid R6 detail

Sun Feb 24 09:05:18.259 UTC
IS-IS 1 Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD

d. Configure R1 as Head-end.
segment-routing
Protected Persistence
traffic-eng
Adj-SID on R3
segment-list LowCostR6

259

Non-Protected
index 20 mpls label 24041 dynamic Adj-SID on R4
!
If BSID not configured, SRTE
policy R6TE will assign dynamic BSID
color 6 end-point ipv4 6.6.6.6
For traffic steering
autoroute toward R6
include ipv4 6.6.6.6/32
!
candidate-paths
preference 100
explicit segment-list LowCostR6 Using Explicit path
e. R1 must reach R6 through the path R1-R3-R4-R6
Verification
Sun Feb 24 09:37:07.472 UTC

3 10.10.46.6 142 msec * 113 msec

260
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng policy

Sun Feb 24 09:39:01.793 UTC
SR-TE policy database
Color: 6, End-point: 6.6.6.6

Name: srte_c_6_ep_6.6.6.6
Status:
Admin: up Operational: up for 00:55:23 (since Feb 24 08:43:38.923)
Candidate-paths:
Preference: 100 (configuration) (current)
Name: R6TE
Requested BSID: 40000
Explicit: segment-list LowCostR6 (valid)
Weight: 1, Metric Type: TE
16003
24041
24011
Attributes:
Binding SID: 40000
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes

Sun Feb 24 09:47:05.113 UTC

261

16002 Pop SR Pfx (idx 2) Gi0/0/0/1 10.10.12.2 0

16003 Pop SR Pfx (idx 3) Gi0/0/0/2 10.10.13.3 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.12.2 336
16005 16005 SR Pfx (idx 5) Gi0/0/0/2 10.10.13.3 0
24000 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0
24001 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.13.3 0
24005 Pop 6.6.6.6/32 srte_c_6_ep_ 6.6.6.6 0
24006 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.12.2 0
24007 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.12.2 0
40000 Pop No ID srte_c_6_ep_ point2point 0
RP/0/RP0/CPU0:R1#show cef
Sun Feb 24 09:58:35.086 UTC
Prefix Next Hop Interface
0.0.0.0/0 drop default handler

0.0.0.0/32 broadcast
1.1.1.1/32 receive Loopback0
2.2.2.2/32 10.10.12.2/32 GigabitEthernet0/0/0/1
6.6.6.6/32 6.6.6.6/32 srte_c_6_ep_6.6.6.6

262
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy binding-sid 40000

detail
Sun Feb 24 10:05:09.463 UTC
Color Endpoint Segment Outgoing Outgoing Next Hop Bytes

List Label Interface Switched
6 6.6.6.6 LowCostR6 24041 Gi0/0/0/2 10.10.13.3 0

Label Stack (Top -> Bottom): { 24041, 24011 }
Path-id: 1, Weight: 64
Packets Switched: 0
Local label: 24004
Policy Packets/Bytes Switched: 111/3108
f. On R1, configure TI-LFA
Configuration
router isis 1
point-to-point
!
!

263
point-to-point
g. Verify back path for SRTE
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy detail
Sun Feb 24 10:52:29.980 UTC
6 6.6.6.6 LowCostR6 24041 Gi0/0/0/2 10.10.13.3 0
Primary path Label Stack (Top -> Bottom): { 24041, 24011 }

through R3
Path-id: 1 (Protected), Backup-path-id: 2, Weight: 64
Packets Switched: 0
16003 Gi0/0/0/1 10.10.12.2 0 (!)

Backup path Label Stack (Top -> Bottom): { 16003, 24041, 24011 }
through R2
Path-id: 2 (Pure-Backup), Weight: 64
Packets Switched: 0
Local label: 24002

h1. On R3, shutdown R3<->R4 link. On R1, verify that the SR policy
will keep the SRTE-LSP up but drop the traffic if failure happen in the
middle of path.

264

Sun Feb 24 11:32:42.207 UTC
Path is valid regardless of

Color: 6, End-point: 6.6.6.6 R3<->R4 link is shutdown
Status:
Candidate-paths:
Name: R6TE

Explicit: segment-list LowCostR6 (valid)
16003
24041
24011
Attributes:
Binding SID: 40000
Forward Class: 0

Sun Feb 24 11:35:05.312 UTC

265
Traffic dropped
1 * * *
2 * * *
h2. Now no shutdown the R3<->R4 link, and shutdown R3’s

Loopback0. On R1, verify that the SRTE become unavailable and R1
removes SRTE from data plane and uses IGP instead.
Sun Feb 24 11:42:06.649 UTC

Status:
Admin: up Operational: down for 00:00:09 (since Feb 24
11:41:57.843)
Candidate-paths:
Preference: 100 (configuration)
Name: R6TE
Explicit: segment-list LowCostR6 (invalid)
Last error: unresolved first label (16003)

266
Attributes:
Forward Class: 0
IPv6 caps enable: no
Sun Feb 24 11:45:19.406 UTC

16002 Pop SR Pfx (idx 2) Gi0/0/0/1 10.10.12.2 0
16002 SR Pfx (idx 2) Gi0/0/0/2 10.10.13.3 0 (!)
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.12.2 0
16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.13.3 0 (!)
16005 16005 SR Pfx (idx 5) Gi0/0/0/2 10.10.13.3 0
16005 SR Pfx (idx 5) Gi0/0/0/1 10.10.12.2 0 (!)
16006 16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 0
16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 0 (!)
24000 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0
24001 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.13.3 0
24006 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.12.2 0
16002 SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0 (!)
24007 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.12.2 0

Sun Feb 24 11:48:02.072 UTC
IGP Path

267
3 10.10.56.6 148 msec * 93 msec
Task2.
Single domain SRTE and WECMP:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as
Task1
b. Configure R1 as Head-end and SRTE to use Explicit-Path as
Task1
c. On R1, configure the primary path as R1-R3-R5-R6 and the
secondary path as R1-R2-R4-R6 and share the traffic with
proportion 1 to 2 using weight command
d. Verify the reachability of R6 from R1

268
c. On R1, configure the primary path as R1-R3-R5-R6 and the

secondary path as R1-R2-R4-R6 and share the traffic with proportion
2 to 6 using weight command
Configuration
segment-routing
traffic-eng
segment-list P1R6
!
segment-list P2R6
!
policy R6TE
candidate-paths
preference 100
explicit segment-list P1R6
weight 1
!
explicit segment-list P2R6
weight 2

269
d.on R1, verify the weight.
Verification
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy
Sun Feb 24 12:47:20.346 UTC

6 6.6.6.6 P1R6 16005 Gi0/0/0/2 10.10.13.3 0

16003 Gi0/0/0/1 10.10.12.2 0 (!)
Primary Path
P2R6 16002 Gi0/0/0/2 10.10.13.3 0 (!)
16004 Gi0/0/0/1 10.10.12.2 0

Secondary Path
RP/0/RP0/CPU0:R1#traceroute 6.6.6.6 source loopback 0 numeric

Sun Feb 24 12:47:32.851 UTC
Results may vary

1 10.10.13.3 [MPLS: Labels 16005/16006 Exp 0] 79 msec 21 msec *

10.10.35.5 17 msec
Weighted ECMP
3 10.10.46.6 29 msec
10.10.56.6 20 msec
Sun Feb 24 12:47:42.894 UTC
Color Endpoint Segment Outgoing Outgoing Next Hop Bytes Secondary Path
traffic is half of
Primary path

270
6 6.6.6.6 P1R6 16005 Gi0/0/0/2 10.10.13.3 56
16003 Gi0/0/0/1 10.10.12.2 0 (!)
P2R6 16002 Gi0/0/0/2 10.10.13.3 0 (!)
16004 Gi0/0/0/1 10.10.12.2 28
RP/0/RP0/CPU0:R1(config-sr-te-sl)#do sho segment-routing traffic-eng policy

Sun Feb 24 13:18:01.776 UTC

Status:
Candidate-paths:
Name: R6TE

Explicit: segment-list P1R6 (valid)
16003
16005
16006
Explicit: segment-list P2R6 (valid)
16002

271
16004
16006
Attributes:
Binding SID: 40000
Forward Class: 0

272
Task3.
Single domain Dynamic SRTE and load sharing:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as
Task1
b. Configure R1 as Head-end and SRTE to use Dynamic-Path and
assign BSID 40000 to the SR-Policy.
c. On all nodes, enable mpls traffic engineering under isis instance.
d. Change TE metric according to the following topology
e. Share the traffic between them with the lowest margin value and
set SID-Limit to 3.
f.
g. Verify the reachability of R6 from R1
b. on R1, configure dynamic SRTE with B-SID 40000.
Configuration
router isis 1
distribute link-state level 2 This command feeds
SRTE DB with IGP DB

273

Enable Traffic
! Engineering
!
segment-routing
traffic-eng
policy R6TE
candidate-paths
preference 100
dynamic
c. enable mpls traffic engineering on all nodes. Also, enable segment-routing

traffic-engineering globally.
Configuration
IOS XR
router isis 1
!
!
segment-routing

274
traffic-eng
!
IOS XE
router isis 1
!
!
!
interface gigabitEthernet x
mpls traffic-eng tunnel
Must be configured for
! TE computation
d. Change TE and IGP metric according to the following topology
Configuration
R2
TE metric in IOS XE

275
mpls traffic-eng administrative-weight 30

R3
segment-routing
traffic-eng
metric 8
 On R1, verify the configuration

Verification
Tue Feb 26 20:15:37.990 UTC

Status:
Candidate-paths:

276
Name: R6TE
Dynamic (valid)
Metric Type: TE, Path Accumulated Metric: 28
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes: Path through R3<->R4 link
Binding SID: 40000

Forward Class: 0
RP/0/RP0/CPU0:R1#show mpls traffic-eng topology path destination 6.6.6.6

Tue Feb 26 20:21:55.206 UTC
Path Setup to 6.6.6.6:
bw 0 (CT0), min_bw 0, metric: 28
setup_pri 0, hold_pri 0
Affinity: 0x0/0x0
Node hop count 3
Hop0:10.10.13.3
Hop1:10.10.34.4
Hop2:10.10.46.6
Hop3:6.6.6.6
e. now add link between R3<->R5 to the path with the lowest margin
value and set SID-Limit to 3.
Configuration
277
segment-routing
traffic-eng
policy R6TE
autoroute
!
candidate-paths
preference 100
Absolute command is exact value for margin. In
dynamic addition, relative command
can be use that is percentage of minimum
delay. With this
metric command it adds R3<->R5 link to the path
sid-limit 3
type te
margin absolute 4
 On R1, verify the margin feature
Verification
Tue Feb 26 20:26:19.905 UTC

Status:

278

Candidate-paths:
Name: R6TE
Now it shows TE metric of
Path Metrics:
the path that added to
Margin Absolute: 4 SRTE with margin feature
Margin Relative: 0%
Maximum SID Depth: 3
Dynamic (valid)
16003 [Prefix-SID, 3.3.3.3]
16006 [Prefix-SID, 6.6.6.6]
Segment List updated to
Attributes: cover both path
Binding SID: 40000
Forward Class: 0
RP/0/RP0/CPU0:R1#show mpls traffic-eng topology path destination 6.6.6.6

Tue Feb 26 20:29:52.319 UTC
Path Setup to 6.6.6.6: Lowes TE metric remains same
bw 0 (CT0), min_bw 0, metric: 28

setup_pri 0, hold_pri 0
Affinity: 0x0/0x0
Node hop count 3
Hop0:10.10.13.3

279
Hop1:10.10.34.4
Hop2:10.10.46.6
Hop3:6.6.6.6
Task4.
Single domain SRTE and link coloring:
a. Configure ISIS1 as IGP and Configure SR on all SP nodes as Task
1
b. Configure R1 as Head-end and SRTE to use Dynamic-Path as
Taks 4
c. Change TE and IGP metric according to the following topology
d. Configure all links color using affinity according to the following
topology and constraints configuration.
e. The traffic from R1 to R6 must exclude red and green lines.
f. Verify the path and the reachability of R6 from R1
c. Change TE and IGP metric according to the topology.
Configuration

280
R2
mpls traffic-eng tunnels By default TE metric is bound to
IGP metric. No need to re-configure
isis network point-to-point TE metric again in this topology.
isis metric 100

end
R3
router isis 1
point-to-point
metric 5
d. Configure all links color using affinity according to the following

topology.
Configuration
R1
segment-routing
traffic-eng
affinity
Assigning affinity colors
with naming model

281
name blue
!
!
affinity
Assigning more than
name blue
one affinity colors
name green
!
!
policy R6TE
autoroute
!
candidate-paths
preference 100
dynamic
metric
type te
!
!
constraints
affinity
Exclude green and red links
exclude-any
name red
name green

282
!
!
!
!
!
!
affinity-map
Colors bit value configuration
name red bit-position 1
name blue bit-position 2
name green bit-position 0
!
R2(IOS XE)
Assigning affinity color (blue).

interface GigabitEthernet x
Converting of value 10 to hex is 2
mpls traffic-eng attribute-flags 0x10
end
R3(IOS XR)
segment-routing
traffic-eng

283
affinity
name green
!
!
affinity
name red
!
!
affinity
name blue
!
affinity
name green
!
!
affinity-map All nodes must configure with
same value for each color
!
R4 (IOS XR)

284
segment-routing
traffic-eng
affinity
name blue
!
!
affinity
name blue
!
!
affinity
name green
!
!
affinity
name blue
!
!
affinity-map
!

285
R5
Assigning affinity color (red).

Converting of value 1 to hex is 1
interface rang GigabitEthernet2, GigabitEthernet4
end
e. The traffic from R1 to R6 must exclude red and green lines.
Verification
Wed Feb 27 14:21:31.984 UTC

Status:

286

Candidate-paths:
Name: R6TE
Constraints:
Affinity:
exclude-any:
green
red
Dynamic (valid)
16002 [Prefix-SID, 2.2.2.2]
18 [Adjacency-SID, 10.10.24.2 - 10.10.24.4]
16005 [Prefix-SID, 5.5.5.5]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 40000
Forward Class: 0
f. Verify the path and the reachability of R6 from R1
Verification
Wed Feb 27 14:27:15.989 UTC

287


4 10.10.56.6 103 msec * 87 msec
Task5.
SR and L3 VPN service
a. Configure ISIS as IGP and Configure SR on all SP nodes as
Task1
b. Put CE routers in VRF “A”. Site1 RT,RD: 100:1, Site2 RT,RD:
200:1
c. Assign AS 110 for site1 and AS120 for site2
d. Put PE routers in AS 100 and configure MP BGP on PEs.
e. Loopback address 22.2.2.1/32 and 22.2.2.2/32 on CE2 and
11.1.1.1/32 on CE1 should be configured and advertise in BGP

288
f. Verify reachability CE’s loopback from remote CE using ping and

traceroute
b. Put CE routers in VRF “A”. Site1 RT,RD: 100:1, Site2 RT,RD: 200:1
Configuration
R1
vrf A
import route-target
200:1
!
export route-target
100:1
!
vrf A
ipv4 address 10.10.110.1 255.255.255.0
!

289
R6
vrf A
import route-target
100:1
!
export route-target
200:1
!
vrf A
ipv4 address 10.10.120.6 255.255.255.0
!
 Verify configuration
Verification
RP/0/RP0/CPU0:R1#show vrf A
Fri Mar 1 15:20:45.149 UTC
VRF RD RT AFI SAFI
A 200:1

Fri Mar 1 15:22:25.394 UTC

290

VRF mode: Regular
Description not set
Interfaces:
RT:200:1
RT:100:1
RP/0/RP0/CPU0:R6#show vrf A
Fri Mar 1 15:24:17.537 UTC
VRF RD RT AFI SAFI
A 100:1


Fri Mar 1 15:25:59.436 UTC

VRF mode: Regular

291
Description not set

Interfaces:
RT:100:1
RT:200:1
c. Assign AS 110 for site1 and AS120 for site2
Configuration
CE1
Router bgp 110

Neighbor 10.10.110.1 remote-as 100
CE2
Router bgp 120

Neighbor 10.10.120.6 remote-as 100
d. Put PE routers in AS 100 and configure MP BGP on PEs

292
Configuration
R1
route-policy vpn
pass
end-policy
!
router bgp 100

!
neighbor 6.6.6.6
remote-as 100
!
!
vrf A
rd 200:1
!
neighbor 10.10.110.10
remote-as 110
route-policy vpn in
!

293
R6
route-policy vpn
pass
end-policy
!
router bgp 100

!
neighbor 1.1.1.1
remote-as 100
!
!
vrf A
rd 100:1
!
neighbor 10.10.120.20
remote-as 120
route-policy vpn in
!
!

294
 Verify configuration on R1

Verification
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast summary
Fri Mar 1 15:28:48.615 UTC


Speaker 13 13 13 13 13 0

6.6.6.6 0 100 17 17 13 0 0 00:12:17 0
RP/0/RP0/CPU0:R1#show bgp vrf A summary

Fri Mar 1 15:32:51.943 UTC
VRF ID: 0x60000002

295




Speaker 13 13 13 13 13 0

10.10.110.10 0 110 27 24 13 0 0 00:20:12 0
e. Loopback address configuration on CE2 and CE1 and advertising in

BGP.
Configuration
CE1
ip address 11.1.1.1 255.255.255.255
router bgp 110

Advertising Loopback’s network
network 11.1.1.1 mask 255.255.255.255

296
CE2
ip address 22.2.2.1 255.255.255.255
!
ip address 22.2.2.2 255.255.255.255
!
router bgp 120

network 22.2.2.1 mask 255.255.255.255
network 22.2.2.2 mask 255.255.255.255
 Verify configuration on CE1 and R1.

Verification
CE1#show bgp
BGP table version is 14, local router ID is 10.10.110.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
RPKI validation codes: V valid, I invalid, N Not found

297

*> 11.1.1.1/32 0.0.0.0 0 32768 i
*> 22.2.2.1/32 10.10.110.1 0 100 120 i
*> 22.2.2.2/32 10.10.110.1 0 100 120 i
RP/0/RP0/CPU0:R1#show bgp vrf A

Fri Mar 1 15:54:55.549 UTC
VRF ID: 0x60000002

*> 11.1.1.1/32 10.10.110.10 0 0 110 i
*>i22.2.2.1/32 6.6.6.6 0 100 0 120 i
*>i22.2.2.2/32 6.6.6.6 0 100 0 120 i

298
RP/0/RP0/CPU0:R1#show bgp vrf A labels

Fri Mar 1 15:56:10.008 UTC
VRF ID: 0x60000002

*> 11.1.1.1/32 10.10.110.10 nolabel 24004
*>i22.2.2.1/32 6.6.6.6 24004 nolabel
*>i22.2.2.2/32 6.6.6.6 24005 nolabel
VPN Labels

299
f. Verify reachability CE’s loopback from remote CE using ping and

traceroute.
Verification
1 10.10.110.1 148 msec 80 msec 90 msec
5 10.10.120.20 196 msec * 173 msec

1 10.10.110.1 26 msec 19 msec 11 msec
5 10.10.120.20 7 msec * 15 msec

300
Task5.1.
Automatic traffic steering with BGP (Color assignment on the egress
PE):
a. Configure R6 to assign color extended community for
22.2.2.1/32 (color green with value 10)
22.2.2.2/32 (color blue with value 20)
b. Configure SRTE on R1 to choose the following paths using explicit-
path:
<R1-R3-R5-R6> for green traffics with BSID 40001 and
<R1-R2-R4-R6> for blue traffics with BSID 40002 and steer them
automatically using BGP.
c. Verify the path and the reachability of both prefixes from CE1
a. Configure R6 to assign color extended community.
Configuration
extcommunity-set opaque green
10
end-set
!
extcommunity-set opaque blue

301
20
end-set
!
!
route-policy COLOR
if destination in (22.2.2.1/32) then
set extcommunity color green
endif
set extcommunity color blue
endif
end-policy
!
!
router bgp 100
neighbor 1.1.1.1
route-policy COLOR out
 Verify configuration on R6.

Verification
RP/0/RP0/CPU0:R6#show bgp vpnv4 unicast advertised
Fri Mar 1 18:24:27.070 UTC
22.2.2.1/32 is advertised to 1.1.1.1
Path info:

302
neighbor: 10.10.120.20 neighbor router id: 22.2.2.2

valid external best import-candidate
Attributes after inbound policy was applied:
next hop: 10.10.120.20
MET ORG AS EXTCOMM
origin: IGP neighbor as: 120 metric: 0
aspath: 120
extended community: RT:200:1
Attributes after outbound policy was applied:
next hop: 6.6.6.6
MET ORG AS EXTCOMM
aspath: 120
extended community: RT:200:1 Color:10

22.2.2.2/32 is advertised to 1.1.1.1
Path info:
neighbor: 10.10.120.20 neighbor router id: 22.2.2.2
valid external best import-candidate
Attributes after inbound policy was applied:
next hop: 10.10.120.20
MET ORG AS EXTCOMM

303
aspath: 120
extended community: RT:200:1
Attributes after outbound policy was applied:
next hop: 6.6.6.6
MET ORG AS EXTCOMM
aspath: 120
extended community: RT:200:1 Color:20
b. Configure SRTE policy on R1.
Configuration
segment-routing
traffic-eng
segment-list R2R6
index 10 address ipv4 2.2.2.2
Explicit path
with IP address
!
segment-list R3R6
Explicit path
index 20 mpls label 16005 with Label
Blue Color index 30 mpls label 16006
value
!
policy BLUE20

304

candidate-paths
preference 100
explicit segment-list R2R6
!
!
policy GREEN10
No autoroute need
candidate-paths
preference 100
 Verify configuration on R1.

Verification
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast
Fri Mar 1 18:29:38.500 UTC

305

*>i22.2.2.1/32 6.6.6.6 C:10 0 100 0 120 i
*>i22.2.2.2/32 6.6.6.6 C:20 0 100 0 120 i
*> 11.1.1.1/32 10.10.110.10 0 0 110 i
*>i22.2.2.1/32 6.6.6.6 C:10 0 100 0 120 i
*>i22.2.2.2/32 6.6.6.6 C:20 0 100 0 120 i

Fri Mar 1 18:34:10.618 UTC
10 6.6.6.6 R3R6 16005 Gi0/0/0/2 10.10.13.3 0

20 6.6.6.6 R2R6 16004 Gi0/0/0/1 10.10.12.2 0

Fri Mar 1 18:44:16.211 UTC


306
Status:
Admin: up Operational: up for 00:53:27 (since Mar 1 17:50:49.127)
Candidate-paths:
Name: GREEN10

Explicit: segment-list R3R6 (valid)
16003 [Prefix-SID, 3.3.3.3]
16005
16006
Attributes:
Binding SID: 40001
Forward Class: 0

Status:
Candidate-paths:
Name: BLUE20

Explicit: segment-list R2R6 (valid)
16002 [Prefix-SID, 2.2.2.2]

16004 [Prefix-SID, 4.4.4.4]
16006 [Prefix-SID, 6.6.6.6]

307
Attributes:
Binding SID: 40002
Forward Class: 0
 Verify path and reachability on CE1.

Verification
Green Path

1 10.10.110.1 54 msec 9 msec 5 msec
5 10.10.120.20 122 msec * 123 msec

Blue Path

1 10.10.110.1 51 msec 5 msec 4 msec
5 10.10.120.20 111 msec * 143 msec

308

309
Task5.2.
Do the same as task 5.1 but color assignment should be done on the
ingress PE
a) Remove all color assignment from R6
b) On R1, configure color assignment based on Task 5.1
Configuration
extcommunity-set opaque green
10
end-set
!
extcommunity-set opaque blue
20
end-set
!
route-policy COLOR
set extcommunity color green
endif
set extcommunity color blue
endif
end-policy
!
!

310
router bgp 100

!
neighbor 6.6.6.6
remote-as 100
route-policy COLOR in
Coloring ingress routes
!
!
segment-routing
traffic-eng
segment-list R2R6
!
segment-list R3R6
No changes in SRTE
! configuration needed
policy BLUE20
candidate-paths
preference 100

311

!
!
!
!
policy GREEN10
candidate-paths
preference 100
!
 Verify path and reachability on CE1.

Verification
Green Path
1 10.10.110.1 84 msec 6 msec 4 msec
5 10.10.120.20 14 msec * 22 msec

Blue Path

312

1 10.10.110.1 56 msec 4 msec 3 msec
5 10.10.120.20 16 msec * 15 msec

313
Task5.3.
SRTE/ODN:
a) Regarding to Task5.2, configure R1 to choose dynamic path
using ODN only for prefix 22.2.2.1/32 based on TE metric and
remove other configurations under segment-routing traffic
engineering section.
b) Change TE metric on R2<->R4 link to value 5.
c) Verify R1 for ODN SRTE and check connectivity of 22.2.2.1/32
on CE1.
a. On R1, configure SRTE using ODN.
Configuration
segment-routing
Using green color for
traffic-eng specified 22.2.2.1/32 prefix
on-demand color 10
dynamic
metric
Metric type TE
type te
b. On R2, change TE metric link R2<->R4.
Configuration
mpls traffic-eng administrative-weight 5

314
c. Verification on R1 and CE.
Verification
Sat Mar 2 11:55:42.153 UTC

Status:
Admin: up Operational: up for 02:17:34 (since Mar 2
09:38:08.348)
Candidate-paths:
Preference: 200 (BGP ODN) (current)
Requested BSID: dynamic
Dynamic (valid)
16002 [Prefix-SID, 2.2.2.2]
16006 [Prefix-SID, 6.6.6.6]
Preference: 100 (BGP ODN)
Dynamic (pce) (invalid)
Metric Type: NONE, Path Accumulated Metric: 0
Attributes:

315
Binding SID: 24006

Forward Class: 0

1 10.10.110.1 68 msec 19 msec 31 msec
5 10.10.120.20 26 msec * 22 msec

316
Task5.4.
Segment Routing Flex Algorithm and Automatic traffic steering with
BGP (Color assignment on the egress PE):
a) Referring scenario in the Task 5.1, one new Algorithm is adding
to ISIS:
 Algo 0 (All SP nodes and default one)
 Flex-Algo 128 (R3R4) based on IGP metric
b) Assign different prefix-SIDs in each algorithm for the loopback 0
like below:
Node1: Algo default: 16001
Algo 128:16801
c) Configure R1 for prefix 22.2.2.1/32 to use Algo 0 (all nodes)

with IGP metric and prefix 22.2.2.2/32 to use Algo 128 (R3 and
R4 only)
b. configure Flex-Algo 128 on R1, R3, R4 and R6
Configuration
R1

317
router isis 1
Enable algorithm 128 on node
flex-algo 128
!
interface Loopback0
Algorithm 128 Prefix-SID
prefix-sid index 1
prefix-sid algorithm 128 absolute 16801
!
R3
It advertises Flex-algo definition to all

router isis 1
nodes and must be enable on at-least one
flex-algo 128
advertise-definition
!
interface Loopback0
prefix-sid index 3
!
R4
router isis 1

318
flex-algo 128
!
interface Loopback0
prefix-sid index 4
!
R6
router isis 1
flex-algo 128
!
interface Loopback0
prefix-sid index 6
c. on R1, configure blue color(22.2.2.2/32) to use Flex-Algo 128 and green

color(22.2.2.1/32) for Flex-Algo 0 (default) with IGP metric.
Configuration
segment-routing
traffic-eng
on-demand color 10
dynamic

319
metric
type igp
!
!
!
on-demand color 20
dynamic
sid-algorithm 128
 Verify SRTE config on R1.

Verification
Sun Mar 3 20:10:48.269 UTC

Status:
Candidate-paths:
Constraints:
Prefix-SID Algorithm: 128

320
Dynamic (valid)
16806 [Prefix-SID: 6.6.6.6, Algorithm: 128]
Last error: Constraint cannot be enforced: flex-algorithm
Constraints:
Prefix-SID Algorithm: 128
Attributes:
Binding SID: 24007
Forward Class: 0

Status:
Candidate-paths:
Dynamic (valid)
Metric Type: IGP, Path Accumulated Metric: 30
16006 [Prefix-SID, 6.6.6.6]

321

Attributes:
Binding SID: 24009
Forward Class: 0

Sun Mar 3 20:15:51.744 UTC
16002 Pop SR Pfx (idx 2) Gi0/0/0/1 10.10.12.2 0

16003 Pop SR Pfx (idx 3) Gi0/0/0/2 10.10.13.3 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/2 10.10.13.3 0
16004 SR Pfx (idx 4) Gi0/0/0/1 10.10.12.2 0
16005 16005 SR Pfx (idx 5) Gi0/0/0/2 10.10.13.3 0
16005 SR Pfx (idx 5) Gi0/0/0/1 10.10.12.2 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/2 10.10.13.3 352
16006 SR Pfx (idx 6) Gi0/0/0/1 10.10.12.2 40931
16803 Pop SR Pfx (idx 803) Gi0/0/0/2 10.10.13.3 0
16804 16804 SR Pfx (idx 804) Gi0/0/0/2 10.10.13.3 0
16806 16806 SR Pfx (idx 806) Gi0/0/0/2 10.10.13.3 0
24000 Pop SR Adj (idx 1) Gi0/0/0/1 10.10.12.2 0
24001 Pop SR Adj (idx 3) Gi0/0/0/1 10.10.12.2 0
24002 Pop SR Adj (idx 1) Gi0/0/0/2 10.10.13.3 0
24003 Pop SR Adj (idx 3) Gi0/0/0/2 10.10.13.3 0

322
24004 Unlabelled 11.1.1.1/32[V] Gi0/0/0/0 10.10.110.10 0

24007 Pop No ID srte_c_20_ep point2point 960
24009 Pop No ID srte_c_10_ep point2point 3104
RP/0/RP0/CPU0:R1#show isis route 6.6.6.6/32 detail

Sun Mar 3 20:20:05.740 UTC
L2 6.6.6.6/32 [30/115] Label: 16006, medium priority

via 10.10.12.2, GigabitEthernet0/0/0/1, Label: 16006, R2, SRGB Base:
16000, Weight: 0
via 10.10.13.3, GigabitEthernet0/0/0/2, Label: 16006, R3, SRGB Base:
16000, Weight: 0
src R6.00-00, 6.6.6.6, prefix-SID index 6, R:0 N:1 P:0 E:0 V:0 L:0, Alg:0,
prefix-SID index 806, R:0 N:1 P:0 E:0 V:0 L:0, Alg:128
RP/0/RP0/CPU0:R1#show isis route flex-algo 128 detail

Sun Mar 3 20:17:48.971 UTC
IS-IS 1 IPv4 Unicast routes Flex-Algo 128

df - level 1 default (closest attached router), su - summary null
C - connected, S - static, R - RIP, B - BGP, O - OSPF
E - EIGRP, A - access/subscriber, M - mobile, a - application
i - IS-IS (redistributed from another instance)
Maximum parallel path count: 8

323

src R3.00-00, 3.3.3.3, , prefix-SID index 803, R:0 N:1 P:0 E:0 V:0 L:0,
Alg:128
Alg:128
Alg:128
Sun Mar 3 20:53:31.449 UTC
22.2.2.2/32, version 83, internal 0x5000001 0x0 (ptr 0xde0a3bc) [1], 0x0 (0xdfcda68),
0xa08 (0xe4dc228)
Updated Mar 3 19:03:31.559
via local-label 24007, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xd5b6be0 0x0]
recursion-via-label
next hop via 24007/0/21
next hop srte_c_20_ep labels imposed {ImplNull 24005}
 On CE1, verify path for 22.2.2.1/32 and 22.2.2.2/32.

Verification
Green color is using
IGP and Algo 0.

324

1 10.10.110.1 51 msec 5 msec 4 msec
5 10.10.120.20 9 msec * 23 msec

Blue color is
Type escape sequence to abort. using Algo 128.
1 10.10.110.1 64 msec 6 msec 4 msec
5 10.10.120.20 13 msec * 17 msec

325
Day 4
Segment Routing
Multi-Domain SRTE

326
Multi-Domain SRTE
You can scale your network with segment routing traffic engineering.
In segment routing it is possible like traditional unified MPLS (seamless
MPLS) to use inter-AS options and BGP-LU for multi domain interconnection
and in this chapter some labs are provided which shows how to use
traditional methods using Segment Routing. In the meantime, an external
controller (PCE Controller) using BGP-LS can gather topology information of
different domains and provide the best end-to-end path using dynamic or
explicit path policy. BGP-LS is an extension to Border Gateway Protocol
(BGP) for distributing the network’s link-state (LS) topology model to external
entities, such as the SDN controller. It has received a lot of attention because
many SDN apps need this model BGP-LS supports IS-IS and OSPFv2 (until
the time of writing this document).
Segment routing for traffic engineering (SR-TE) uses a “policy” to steer traffic
through the network. An SR-TE policy path is expressed as a list of segments
that specifies the path, called a segment ID (SID) list. Each segment is an
end-to-end path from the source to the destination, and instructs the routers
in the network to follow the specified path instead of the shortest path
calculated by the IGP. If a packet is steered into an SR-TE policy, the SID
list is pushed on the packet by the head-end. The rest of the network
executes the instructions embedded in the SID list.
In this chapter a number of useful multi domain scenarios are provided which
can be usable for mobile operators and internet service providers.

327
Addressing Table
R1(XR) 1.1.1.1/32 16001
R2(XR) 2.2.2.2/32 16002
R3(XR) 3.3.3.3/32 16003
R4(XR) 4.4.4.4/32 16004
R5(XR) 5.5.5.5/32 16005
R6(XR) 6.6.6.6/32 16006
RR1 7.7.7.7/32
RR2 8.8.8.8/32
CE1(IOS) 111.111.111.111/32 NA
CE2(IOS) 222.222.222.222/32 NA

10.10.XY.Z
For example:
R1= 10.10.12.1, R2=10.10.12.2

328
Task1.
Multidomain for SR and Dynamic SRTE using PCE
a) Configure two ISIS domains, ISIS1+SR and OSPF1+SR
b) Configure BGP AS100 in ISIS1 and AS200 in OSPF1
c) Configure ebgp between RR1 and RR2.
d) Configure RR1 and RR2 as XTC+PCE and R1, R6 PCC.
e) Configure mpls traffic-engineering under all nodes.
f) Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
g) Assign AS 110 for site1 and AS120 for site2 and advertise CE’s
Loopbacks in MP-BGP

329
a1. Configure ISIS1+SR on R1,R2,R3 and RR1
Configuration
R1
Changing level of
routing to L2
router isis 1
net 49.0000.0000.0000.0001.00
address-family ipv4 unicast Only passive interfaces
are advertised
metric-style wide
Enable SR with MPLS data plane
!
Make Loopback interface
interface Loopback0 passive
passive
prefix-sid index 1
Prefix-SID for node
!
!
point-to-point Make physical interfaces
address-family ipv4 unicast point-to-point
!
!

330
point-to-point
!
!
R2
router isis 1
net 49.0000.0000.0000.0002.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 2
!
!
point-to-point

331

!
!
point-to-point
!
!
point-to-point
!
!
R3
router isis 1
net 49.0000.0000.0000.0003.00
metric-style wide
!

332
interface Loopback0
passive
prefix-sid index 3
!
!
point-to-point
!
!
point-to-point
!
!
RR1
router isis 1
net 49.0000.0000.0000.0007.00
metric-style wide

333
!
interface Loopback0
passive
prefix-sid index 7
!
!
point-to-point
!
!
a2. Configure OSPF1+SR on R4,R5,R6 and RR2.
Configuration
R4
router ospf 1
router-id 4.4.4.4
Enable SR with MPLS data plane
area 0
To advertise loopback address only
prefix-suppression

334
interface Loopback0
passive enable
Prefix-SID assignment
prefix-sid index 4
!
!
Make physical
! interfaces point-to-
!
!
R5
router ospf 1
router-id 5.5.5.5
area 0
prefix-suppression
interface Loopback0
prefix-sid index 5
!

335
!
!
!
!
R6
router ospf 1
router-id 6.6.6.6
area 0
prefix-suppression
interface Loopback0
passive enable
prefix-sid index 6
!
!

336
!
!
RR2
router ospf 1
router-id 8.8.8.8
area 0
prefix-suppression
interface Loopback0
passive enable
prefix-sid index 8
!
!
!
!
 Verify configuration on R1 and R6.

Verification

337

Sun Mar 10 07:50:34.173 UTC

16001 Loopback0
16002 2.2.2.2/32
16003 3.3.3.3/32
16007 7.7.7.7/32
RP/0/RP0/CPU0:R1#show isis database RR1.00-00 verbose

Sun Mar 10 07:55:06.624 UTC
IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd
ATT/P/OL
RR1.00-00 0x000001c4 0x1474 628 /1200
0/0/0
NLPID: 0xcc
IP Address: 7.7.7.7
Hostname: RR1
Router Cap: 7.7.7.7, D:0, S:0
Segment Routing: I:1 V:0, SRGB Base: 16000 Range: 8000
SR Local Block: Base: 15000 Range: 1000
SR Algorithm:

338
Algorithm: 0
Algorithm: 1
Node Maximum SID Depth:
Subtype: 1, Value: 10
Interface IP Address: 10.10.27.7
Neighbor IP Address: 10.10.27.2
Link Maximum SID Depth:
Subtype: 1, Value: 10
ADJ-SID: F:0 B:0 V:1 L:1 S:0 P:0 weight:0 Adjacency-sid:24003
Metric: 0 IP-Extended 7.7.7.7/32
Prefix-SID Index: 7, Algorithm:0, R:0 N:1 P:0 E:0 V:0 L:0
Node Flag
Prefix Attribute Flags: X:0 R:0 N:1
RP/0/RP0/CPU0:R6#show ospf sid-database

Sun Mar 10 08:12:43.329 UTC
SID Database for ospf 1 with ID 6.6.6.6
SID Prefix/Mask
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32 (L)
8 8.8.8.8/32

339
RP/0/RP0/CPU0:R6#show ospf database opaque-area 8.8.8.8/32

Sun Mar 10 08:13:56.711 UTC
Type-10 Opaque Link Area Link States (Area 0)
LS age: 1527
Opaque Type: 7
Opaque ID: 1
Checksum: 0xfc44
Length: 44
Extended Prefix TLV: Length: 20

Route-type: 1
AF : 0
Flags : 0x40
Prefix : 8.8.8.8/32
SID sub-TLV: Length: 8

340
Flags : 0x0
Default algorithm
MTID : 0
Algo : 0
SID Index : 8
Configuration
R1
router bgp 100

!
neighbor 7.7.7.7
remote-as 100
!
!
R2

341
router bgp 100

!
BGP-LS
address-family link-state link-state
!
neighbor 7.7.7.7
remote-as 100
!
!
neighbor 10.10.25.5
remote-as 200
!
!
!
R3
router bgp 100


342
!
!
neighbor 7.7.7.7
remote-as 100
!
!
!
neighbor 10.10.34.4
remote-as 200
!
!
RR1
router bgp 100

!

343
!
remote-as 100
!
!
neighbor 1.1.1.1
remote-as 100
!
!
neighbor 2.2.2.2
use neighbor-group ISIS1
!
neighbor 3.3.3.3
use neighbor-group ISIS1
!
b2. Configure BGP AS200 in OSPF1.
Configuration
R6

344
router bgp 200

!
neighbor 8.8.8.8
remote-as 200
!
!
R5
router bgp 200

!
!
neighbor 8.8.8.8
remote-as 200

345

!
!
neighbor 10.10.25.2
remote-as 100
!
!
R4
router bgp 200

!
!
neighbor 8.8.8.8
remote-as 200
!
!

346
neighbor 10.10.34.3
remote-as 100
!
!
!
RR2
router bgp 200

!
!
neighbor-group OSPF1
remote-as 200
!
!
neighbor 4.4.4.4
use neighbor-group OSPF1
!
neighbor 5.5.5.5

347
use neighbor-group OSPF1

!
neighbor 6.6.6.6
remote-as 200
!
!
c. Configure ebgp between RR1 and RR2.
Configuration
ISIS1
RR1
route-policy ebgp
pass
end-policy
!
router bgp 100

Advertise RR1 prefix
for RR’s reachability

348
network 7.7.7.7/32
!
!
!
remote-as 100
!
!
!
neighbor 8.8.8.8
remote-as 200
ebgp-multihop 100
next-hop-unchanged
!
BGP-LS address family
address-family link-state link-state with RR2

349
R2
router bgp 100

!
!
neighbor 7.7.7.7
next-hop-self
R3
router bgp 100

!
neighbor 7.7.7.7
next-hop-self
!

350
OSPF1
RR2
route-policy ebgp
pass
end-policy
!
router bgp 200

network 8.8.8.8/32
!
!
!
neighbor-group OSPF1
remote-as 200
!

351

!
neighbor 7.7.7.7
remote-as 100
ebgp-multihop 100
next-hop-unchanged
!
!
R4
router bgp 200

!
neighbor 8.8.8.8
next-hop-self
!

352
R5
router bgp 200

!
neighbor 8.8.8.8
next-hop-self
!
 Verify configuration on RR1.

Verification
RP/0/RP0/CPU0:RR1#show route bgp
Sun Mar 10 18:31:31.243 UTC
B 8.8.8.8/32 [200/0] via 2.2.2.2, 04:47:06
RP/0/RP0/CPU0:RR1#show bgp link-state link-state summary | utility tail

Sun Mar 10 18:32:45.311 UTC

353
Speaker 33 33 33 33 33 0

2.2.2.2 0 100 335 390 33 0 0 04:53:57 0
3.3.3.3 0 100 342 390 33 0 0 04:53:57 0
8.8.8.8 0 200 314 312 33 0 0 00:11:42 0
d. Configure RR1 and RR2 as XTC+PCE and R1, R6 PCC.
Configuration
ISIS1
RR1
router isis 1
Redistribute IGP database to
distribute link-state BGP for PCE path compute and
inter-domain advertisement
!
pce
Enable PCE feature on RR
address ipv4 7.7.7.7 with its own address
!
R1
segment-routing
traffic-eng

354
pcc
pce address ipv4 7.7.7.7 RR PCE address
!
R2
router bgp 100

neighbor 10.10.25.5 EPE configuration is
egress-engineering need for PCE SRTE
This must be
mpls static configured for mpls
forwarding on ebgp
!
R3
router bgp 100

neighbor 10.10.34.4
egress-engineering
!
mpls static

355
!
OSPF1
RR2
router ospf 1
distribute link-state
!
pce
address ipv4 8.8.8.8
!
R6
segment-routing
traffic-eng
pcc
pce address ipv4 8.8.8.8

356
R4
router bgp 200

neighbor 10.10.34.3
egress-engineering
!
mpls static
R5
router bgp 200

neighbor 10.10.25.2
egress-engineering
!
mpls static

357
 Verify configuration of XTC and PCE.

Verification
Sun Mar 10 19:03:54.186 UTC

Speaker 33 33 33 33 33 0

2.2.2.2 0 100 366 421 33 0 IG
0P 0d5
at:a2b5
as:e06 0
exchange with RR2
3.3.3.3 0 100 373 421 33 0 0 05:25:06 0
8.8.8.8 0 200 345 343 33 0 0 00:42:51 16
RP/0/RP0/CPU0:RR1#show pce ipv4 peer

Sun Mar 10 19:08:24.481 UTC
PCE's peer database:
Peer address: 1.1.1.1

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng pcc ipv4 peer

Sun Mar 10 19:09:56.268 UTC

358
PCC's peer database:
Peer address: 7.7.7.7, Precedence: 255, (best PCE)

State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation

Sun Mar 10 19:11:30.059 UTC

Speaker 49 49 49 49 49 0

4.4.4.4 0 200 1428 1493 49 0 0 05:27:11 0
5.5.5.5 0 200 479 546 49 0 0 05:27:09 0
7.7.7.7 0 100 1218 1223 49 0 0 00:50:26 16
RP/0/RP0/CPU0:RR2#show pce ipv4 peer

Sun Mar 10 19:12:37.136 UTC
PCE's peer database:
Peer address: 6.6.6.6

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation

359

Sun Mar 10 19:13:28.233 UTC
PCC's peer database:
Peer address: 8.8.8.8, Precedence: 255, (best PCE)

State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation
 Verify configuration of EPE and MPLS static.

Verification
RP/0/RP0/CPU0:R3#show bgp egress-engineering
Mon Mar 11 16:33:55.687 UTC
Egress Engineering Peer Set: 10.10.34.4/32 (0x7f41d65228b0)

Nexthop: 10.10.34.4
Version: 2, rn_version: 2
Flags: 0x00000006
Local ASN: 100
Remote ASN: 200
Local RID: 3.3.3.3
Remote RID: 4.4.4.4
Local Address: 10.10.34.3
First Hop: 10.10.34.4
EPE label for SRTE
usage

360
NHID: 3
IFH: 0x1000040
Label: 24002, Refcount: 3
rpc_set: 0x7f41c44fbed8, ID: 1

Wed Mar 13 15:29:23.951 UTC
GigabitEthernet0/0/0/0.25 No No Yes Yes
e. Configure mpls traffic-engineering under all nodes.
Configuration
ISIS1
router isis 1
MPLS traffic-eng router-id
mpls traffic-eng level-2-only and BGP router ID should
mpls traffic-eng router-id Loopback0 use same on nodes.

361
OSPF1
router ospf 1
area 0
mpls traffic-eng
f. Put CE routers in VRF “A” and site1 RT,RD: 100:1, Site2 RT,RD:
200:1
Configuration
R1
vrf A
import route-target
200:1
!
export route-target
100:1
!
!
!

362
vrf A
ipv4 address 10.10.110.1 255.255.255.0
!
R6
vrf A
import route-target
100:1
!
export route-target
200:1
!
!
!
vrf A
ipv4 address 10.10.120.6 255.255.255.0

363
g Assign AS 110 for site1 and AS120 for site2 and advertise CE’s
Loopbacks in MP-BGP
Configuration
ISIS1
R1
route-policy vpn
pass
end-policy
!
router bgp 100

vrf A
rd 100:1
!
neighbor 10.10.110.10
remote-as 110
route-policy vpn in
!
!

364
CE1
router bgp 110

network 111.111.111.111 mask 255.255.255.255
!
OSPF1
R6
route-policy vpn
pass
end-policy
!
router bgp 200

vrf A
rd 200:1

365

!
neighbor 10.10.120.20
remote-as 120
route-policy vpn in
!
!
CE2
router bgp 120

network 222.222.222.222 mask 255.255.255.255
!
Now everything is ready for configuration of SRTE.

366
Tip:
In this scenario, inter-AS option C provides inter-AS L3VPN connectivity. In the inter-AS
option C model, the L3VPN prefixes and labels are exchanged between the PEs in two ASs
using EBGP. For scalability, this exchange typically happens over a multi-hop EBGP session
between a RR in one AS and a RR in other AS. To establish the inter-AS EBGP session between
the RRs, reachability between them is required. The inter-AS option C model also requires that
the loopback prefixes of the PEs are reachable from the other AS. This is require to provide a
continuous LSP between the PEs to carry the L3VPN service traffic. Within AS, LDP or SR are
used for label distribution while BGP label unicast (LU) is used to exchange over inter-AS link
between ASs. There are two options for providing inter-AS LSPs between the PEs:
1) Mutually redistribute the PE loopback prefixes with their prefix-SID labels between BGP
and IGP on the ASBR
2) Advertise the PE loopback with their prefix-SID labels in BGP-LU (using RPL or route-
map) which is used in this scenario.
BGP session between RR <-> ASBR (R3 or R4) will be established to provide reachability
between RRs. It should be noted that, RRs only reflect VPNv4 prefixes.
To answer this task consider the following points:
 Configure BGP-LU between R1<->R3, RR1<->R3, R3<->R4, R4<->RR2 ,
R4<->R6
 Configure BGP VPNv4 between R1<->RR1, RR1<->RR2, RR2<->R6
 Do not change BGP next hop between RR1<->RR2 (Next hop unchanged command)
 Change next-hop from ASBRs to PEs (next-hop self)

367
Task1.1.
Multidomain for SR and Dynamic SRTE using PCE and ODN
a) To install CE’s route on remote PEs, configure static route on
RRs and PEs.
b) On R1, configure ODN with ingress coloring policy for
222.222.222.222/32 prefix.
c) On R6, configure ODN with ingress coloring policy for
111.111.111.111/32 prefix.
d) Verify reachability between CEs.
e) Shutdown ASBR loopback of SRTE path
f) Verify path is updated.
 Verify that RR1 does not best route for CE2’s loopback prefix.
Verification
RP/0/RP0/CPU0:RR1#show bgp vpnv4 unicast | utility tail
Mon Mar 11 15:45:49.011 UTC
*>i111.111.111.111/32 1.1.1.1 0 100 0 110 i
Because there is no route for
Route Distinguisher: 200:1 6.6.6.6, no best route for
* 222.222.222.222/32 6.6.6.6 CE2’s loopback prefix is found. 0 200 120 i
 Verify that R1 does not learn CE2’s loopback in bgp vpn address
family.
368
Verification
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast | utility tail
Mon Mar 11 15:41:57.691 UTC

*> 111.111.111.111/32 10.10.110.10 0 0 110 i
No CE2’s
loopback found
a. configure static route on RRs and PEs.
Configuration
R1 & RR1
router static
6.6.6.6/32 Null0
Static route to null, creates
cef entry for PE’s address
R6 & RR2

369
router static
1.1.1.1/32 Null0
 On R1, verify that CE2’s route is install.

Verification
RP/0/RP0/CPU0:RR1#show bgp vpnv4 unicast | utility tail
Mon Mar 11 15:57:03.930 UTC
*>i111.111.111.111/32 1.1.1.1 0 100 0 110 i
*> 222.222.222.222/32 6.6.6.6 0 200 120 i
RP/0/RP0/CPU0:R1#show bgp vpnv4 unicast | utility tail

Mon Mar 11 16:01:07.845 UTC
*> 111.111.111.111/32 10.10.110.10 0 0 110 i

370
*>i222.222.222.222/32 6.6.6.6 100 0 200 120 i

*>i222.222.222.222/32 6.6.6.6 100 0 200 120 i
RP/0/RP0/CPU0:R1#show cef vrf A

Mon Mar 11 16:03:25.405 UTC

10.10.110.0/24 attached GigabitEthernet0/0/0/0.110
10.10.110.0/32 broadcast GigabitEthernet0/0/0/0.110
10.10.110.1/32 receive GigabitEthernet0/0/0/0.110
10.10.110.10/32 10.10.110.10/32 GigabitEthernet0/0/0/0.110
111.111.111.111/32 10.10.110.10/32 <recursive>
222.222.222.222/32 6.6.6.6/32 (?) <recursive>
224.0.0.0/4 0.0.0.0/32 Because 6.6.6.6/32
is routed to null
224.0.0.0/24 receive
255.255.255.255/32 broadcast
b. On R1, configure ODN SRTE with ingress coloring policy for

222.222.222.222/32 prefix.
Configuration

371
extcommunity-set opaque BLUE

10
Color value 10
end-set
!
route-policy ODN
Policy for color to
if destination in (222.222.222.222/32) then prefix binding
set extcommunity color BLUE

else
pass
endif
end-policy
!
router bgp 100

neighbor 7.7.7.7
route-policy ODN in
Assign policy to
! received prefixes
segment-routing
SRTE with On-demand
traffic-eng
policy using PCEP
on-demand color 10
dynamic
pcep

372
c. On R6, configure ODN SRTE with ingress coloring policy for

111.111.111.111/32 prefix.
Configuration
extcommunity-set opaque GREEN
20
end-set
!
route-policy ODN
set extcommunity color GREEN
else
pass
endif
end-policy
!
router bgp 200

neighbor 8.8.8.8
route-policy ODN in
!

373
segment-routing
traffic-eng
on-demand color 20
dynamic
pcep
!
metric
type igp
 On R1, verify SRTE policy.

Verification
Sat Mar 16 11:07:36.763 UTC

Status:
Candidate-paths:
Preference: 200 (BGP ODN) (shutdown)
Learned D
paytn
h amic (invalid)
from PCE

374

Dynamic (pce 7.7.7.7) (valid)
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 24011
Forward Class: 0
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng pcc lsp detail

Sat Mar 16 11:13:04.944 UTC
PCC's SR policy database:
Symbolic Name: bgp_color_10_ep_6.6.6.6_discriminator_0

LSP[0]:
Source 1.1.1.1, Destination 6.6.6.6, Tunnel ID 22, LSP ID 3
State: Admin up, Operation up
Binding SID: 24011
Setup type: SR
Bandwidth: requested 0, used 0
LSP object:
PLSP-ID 0x24, flags: D:0 S:0 R:0 A:1 O:1 C:0
Metric type: IGP, Accumulated Metric 11

375
ERO:
SID[0]: Node, Label 16003, NAI: 3.3.3.3
SID[1]: Adj, Label 24005, NAI: local 10.10.34.3 remote 10.10.34.4
SID[2]: Node, Label 16006, NAI: 6.6.6.6
 Verify reachability
Verification
Mon Mar 11 18:55:53.379 UTC

111.111.111.111/32 10.10.110.10/32 <recursive>
222.222.222.222/32 24009 (via-label) <recursive>
224.0.0.0/4 0.0.0.0/32
CE2’s prefix
224.0.0.0/24 receive reachability by label
255.255.255.255/32 broadcast

376

SID list provided
by PCE
1 10.10.110.1 12 msec 2 msec 1 msec
5 10.10.120.20 4 msec * 3 msec
RP/0/RP0/CPU0:R1#ping 6.6.6.6 source loopback 0

No IP reachability
Mon Mar 11 19:00:34.976 UTC form PE to PE

.....
Success rate is 0 percent (0/5)
e. Shutdown ASBR loopback of SRTE path ( in our scenario R3’s

loopback)
Configuration
interface Loopback0
shutdown
 On R1, verify SRTE policy.

Verification

377
Sat Mar 16 11:18:53.500 UTC

Status:
Candidate-paths:
Dynamic (invalid)
16002 [Prefix-SID, 2.2.2.2]
24007 [Adjacency-SID, 10.10.25.2 - 10.10.25.5]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Path is updated
Binding SID: 24005 dynamically
Forward Class: 0

378

379
Task1.2.
Multidomain for SR and Dynamic SRTE + disjoint-pass using PCE
a) Advertise 22.2.2.1/32 and 22.2.2.2/32 on CE2.
b) Configure ODN-SRTE for 22.2.2.1/32 and 22.2.2.1/32 on R1.
c) Configure disjoint-path for SRTE on R1.
a. configure prefixes and advertise them on CE2.
Configuration
ip address 22.2.2.1 255.255.255.255
!
ip address 22.2.2.2 255.255.255.255
!
router bgp 120

network 22.2.2.1 mask 255.255.255.255
network 22.2.2.2 mask 255.255.255.255
b. Configure ODN-SRTE for 22.2.2.1/32 and 22.2.2.1/32 on R1. Make

sure R6 configuration is same as Task 1.1
Configuration

380
10
end-set
!
extcommunity-set opaque BLUE

20
end-set
!
route-policy ODN
endif
set extcommunity color BLUE
endif
end-policy
!
router bgp 100

neighbor 7.7.7.7
route-policy ODN in
!
!

381
segment-routing
traffic-eng
on-demand color 10
dynamic
pcep
!
metric
type igp
!
!
!
on-demand color 20
dynamic
pcep
!
metric
type igp
!
!
!
 On R1, verify SRTE configuration.

Verification
Wed Mar 13 15:37:47.748 UTC

382

Status:
Candidate-paths:
Dynamic (invalid)
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 24005
Forward Class: 0

Status:

383
Admin: up Operational: up for 00:27:51 (since Mar 13 1 5:09:56.730)

Both colors are
Candidate-paths: using same path
Dynamic (invalid)
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 24009
Forward Class: 0
RP/0/RP0/CPU0:R1#show segment-routing traffic-eng forwarding policy detail

Wed Mar 13 15:53:50.761 UTC
10 6.6.6.6 dynamic 24005 Gi0/0/0/0.13 10.10.13.3 1152

Local label: 24010

384

20 6.6.6.6 dynamic 24005 Gi0/0/0/0.13 10.10.13.3 1920

Local label: 24003

Wed Mar 13 15:54:45.642 UTC

111.111.111.111/32 10.10.110.10/32 <recursive>
224.0.0.0/4 0.0.0.0/32
224.0.0.0/24 receive

385
255.255.255.255/32 broadcast
 On CE1, verify path for both prefixes.

Verification
1 10.10.110.1 13 msec 2 msec 2 msec
5 10.10.120.20 3 msec * 4 msec


1 10.10.110.1 7 msec 1 msec 1 msec
5 10.10.120.20 3 msec * 3 msec
c. Configure disjoint-path for SRTE on R1
Configuration

386
segment-routing
traffic-eng
on-demand color 10
dynamic
pcep
!
Same group-id
metric for both colors
type igp
!
disjoint-path group-id 1 type link
!
!
on-demand color 20
dynamic
pcep
!
metric
It can be Link,
type igp Node or SRLG
!
disjoint-path group-id 1 type link
!
!
pcc
!
!

387
 On R1, verify disjoint-path.

Verification
Wed Mar 13 15:59:54.952 UTC

Status:
Candidate-paths:
Dynamic (invalid)
24001 [Adjacency-SID, 10.10.13.1 - 10.10.13.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Path for color 10 is
Attributes: different than color 20
Binding SID: 24005
Forward Class: 0

388

Status:
Candidate-paths:
Dynamic (invalid)
24007 [Adjacency-SID, 10.10.12.1 - 10.10.12.2]
24007 [Adjacency-SID, 10.10.25.2 - 10.10.25.5]
16006 [Prefix-SID, 6.6.6.6]
Path for color 20 is
Attributes: different than color 10
Binding SID: 24009
Forward Class: 0
Wed Mar 13 16:07:08.911 UTC


389
10 6.6.6.6 dynamic 24005 Gi0/0/0/0.13 10.10.13.3 0

20 6.6.6.6 dynamic 24007 Gi0/0/0/0.12 10.10.12.2 0
 On RR1, verify PCE.

Verification
RP/0/RP0/CPU0:RR1#show pce association
Thu Mar 14 13:02:12.148 UTC
PCE's association database:
Association: Type Link-Disjoint, Group 1, Not Strict
Associated LSPs:
LSP[0]:
PCC 1.1.1.1, tunnel name bgp_color_10_ep_6.6.6.6_discriminator_0, PLSP ID 26,

tunnel ID 16, LSP ID 1, Configured on PCC
LSP[1]:
PCC 1.1.1.1, tunnel name bgp_color_20_ep_6.6.6.6_discriminator_0, PLSP ID 28,

tunnel ID 17, LSP ID 1, Configured on PCC
Status: Satisfied
TIP
If disjoint feature configured with node-disjoint and PCE couldn’t find any
path with node-disjoint, then it will fallback with link-disjoint with below
status:
Status: Fallback (Node -> Link)
 On CE1, verify path for prefixes.

Verification

390

1 10.10.110.1 5 msec 2 msec 2 msec
5 10.10.120.20 3 msec * 4 msec

1 10.10.110.1 5 msec 1 msec 1 msec
5 10.10.120.20 3 msec * 3 msec

391
Task1.3.
Configure explicit path with EPE using PCE.
a) On R1, configure PCE under segment-routing.
b) On R1, configure BGP coloring for 222.222.222.222/32 prefix.
(make sure R6 has a SRTE policy for 111.111.111.111/32 prefix.)
c) On RR1(PCE), configure explicit path using EPE with backup
path.
d) Shutdown R3’s loopback to check backup path with explicit path.
a. On R1, configure PCE under segment-routing. No extra

configuration is needed.
Configuration
segment-routing
traffic-eng Specify source address
pcc for PCEP connection
source-address ipv4 1.1.1.1

b. On R1, configure BGP coloring for 222.222.222.222/32 prefix.
Configuration
10
end-set
route-policy COLOR

392

endif
end-policy
router bgp 100

neighbor 7.7.7.7
remote-as 100
c. On RR1(PCE), configure explicit path.
Configuration
pce
!
segment-routing
traffic-eng
segment-list name R6TE_blue
!
segment-list name R6TE_green

393

!
Specify R1(PCC)
peer ipv4 1.1.1.1
policy R6TE
candidate-paths
preference 100
explicit segment-list R6TE_blue
!
!
Highest preference will be select
preference 200
explicit segment-list R6TE_green
 On R1, verify SRTE path.

Verification
Sat Mar 16 10:36:47.841 UTC


394
Status:
Candidate-paths:
Preference: 200 (PCEP) (current)
Name: R6TE
16003 [Prefix-SID, 3.3.3.3]
24005 [Adjacency-SID, 10.10.34.3 - 10.10.34.4]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 40000
Forward Class: 0
 On CE1, verify reachability.

Verification
1 10.10.110.1 2 msec 1 msec 1 msec

395
5 10.10.120.20 2 msec * 3 msec
d. Shutdown R3’s loopback to check backup path with explicit path.
Configuration
interface Loopback0
shutdown
 On R1, verify backup path.

Verification
Sat Mar 16 10:55:37.338 UTC

Status:
Candidate-paths:
Preference: 100 (PCEP) (current)
Name: R6TE
Requested BSID: 40000 Path is switched to backup


396
16002 [Prefix-SID, 2.2.2.2]

24007 [Adjacency-SID, 10.10.25.2 - 10.10.25.5]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 40000
Forward Class: 0

Verification
1 10.10.110.1 13 msec 2 msec 5 msec

5 10.10.120.20 3 msec * 3 msec

397
Task1.4.
Multidomain internetworking SRTE + RSVP-TE.
a) Configure RSVP on R4,R5 and R6
b) In OSPF1 domain, configure RSVP-TE using explicit-path on R5.
c) In ISIS1 domain, configure SRTE using explicit-path on R1.
a. Configure RSVP on related nodes
Configuration
R4
rsvp
bandwidth
!
bandwidth
!
!
mpls traffic-eng
!
!

398
R5
rsvp
bandwidth
!
bandwidth
!
!
mpls traffic-eng
!
!
!
R6

399
rsvp
bandwidth
!
bandwidth
!
!
mpls traffic-eng
!
!
!
b. In OSPF1 domain, configure RSVP-TE using explicit-path on R5.
Configuration
R5
Explicit path for

R6 through R4
explicit-path name R6TE

index 10 next-address strict ipv4 unicast 4.4.4.4
index 20 next-address strict ipv4 unicast 6.6.6.6

400
interface tunnel-te1
ipv4 unnumbered Loopback0
autoroute announce
Will uses for stitching
! SRTE and RSVP
destination 6.6.6.6
binding-sid mpls label 56
path-option 1 explicit name R6TE
!
 On R5, verify traffic engineering tunnel.

Verification
RP/0/RP0/CPU0:R5#show mpls traffic-eng tunnels
Mon Mar 18 12:20:45.024 UTC
Name: tunnel-te1 Destination: 6.6.6.6 Ifhandle:0x1c

Signalled-Name: R5_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type explicit R6TE (Basis for Setup, path weight 2)
Accumulative metrics: TE 2 IGP 2 Delay 600000
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0

401
Creation Time: Sun Mar 17 12:15:25 2019 (1d00h ago)

Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Delay-limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear
(default)
AutoRoute: enabled LockDown: disabled Policy class: not set
Forward class: 0 (not enabled)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
Loadshare: 0 equal loadshares
Auto-bw: disabled
Auto-Capacity: Disabled:
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
History:
Tunnel has been up for: 1d00h (since Sun Mar 17 12:15:25 UTC 2019)
Current LSP:
Uptime: 1d00h (since Sun Mar 17 12:15:25 UTC 2019)
Reopt. LSP:

402
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Sun Mar 17 12:54:18 UTC 2019 [23:26:27 ago]
Path info (OSPF 1 area 0):

Node hop count: 2
Hop0: 10.10.45.4
Hop1: 10.10.46.6
Hop2: 6.6.6.6

Mon Mar 18 12:38:23.378 UTC
56 Pop No ID tt1 point2point 1764
Updated: Mar 17 12:15:25.787

Label Stack (Top -> Bottom): { 24003 Imp-Null }
Outgoing Interface: tunnel-te1 (ifhandle 0x0000001c)
c. In ISIS1 domain, configure SRTE using explicit-path on R1.
Configuration
traffic-eng
Path must pass through R5

403
segment-list R5RSVP
index 20 mpls label 24007 Last segment is
index 30 mpls label 56 RSVP-TE’s binding-sid
!
policy R6RSVP
color 10 end-point ipv4 6.6.6.6 End-point must be R6
candidate-paths
preference 100
explicit segment-list R5RSVP
!
 On R1, verify SRTE.

Verification
Mon Mar 18 12:30:09.964 UTC

Status:
Candidate-paths:

404

Name: R6RSVP
Explicit: segment-list R5RSVP (valid)
16002 [Prefix-SID, 2.2.2.2]
24007
56
Attributes:
Binding SID: 40000
Forward Class: 0
Verification
1 10.10.110.1 5 msec 1 msec 2 msec
Binding-sid
resolves to
RSVP label
405

6 10.10.120.20 4 msec * 4 msec
TASK2.
Single BGP domain, with 3 different IGP.
a) Configure ISIS1+SR on R1,R2 and R3.
b) Configure OSPF1+SR on R2,R3,R4 and R5.
c) Configure ISIS2+SR on R4,R5 and R6.
d) Configure Anycast-SID on R2 and R3 in ISIS 1.
e) Configure Anycast-SID on R4 and R5 in ISIS 2.
f) Redistribute PCE to ISIS domains, and redistribute PE’s
loopback to OSPF domain for reachability
g) Configure BGP 100 on all domains based on below figure.
h) Configure CEs based on Task1 (f,g).
i) Configure static route to null0 based on Task 1.1 (a)
j)
k) Configure RR to act as PCE and R1 and R6 as PCC
l) Configure SRTE On R1 and R6.

406
a. ISIS1+SR configuration
Configuration
R1
router isis 1
net 49.0000.0000.0000.0001.00
distribute link-state level 2
metric-style wide
!
interface Loopback0
passive
prefix-sid index 1
!
!
point-to-point
!

407
!
point-to-point
!
!
!
R2
router isis 1
net 49.0000.0000.0000.0002.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 2
!
!

408
point-to-point
!
!
point-to-point
!
!
!
R3
router isis 1
net 49.0000.0000.0000.0003.00
metric-style wide
!
interface Loopback0
passive

409

prefix-sid index 3
!
!
point-to-point
!
!
point-to-point
!
!
!
b. OSPF1+SR configuration
Configuration
R2
router ospf 1
router-id 2.2.2.2
area 0

410
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 2
!
!
!
!
!
R3
router ospf 1
router-id 3.3.3.3
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable

411
prefix-sid index 3
!
!
!
!
!
R4
router ospf 1
router-id 4.4.4.4
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 4
!

412
!
!
!
!
R5
router ospf 1
router-id 5.5.5.5
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 5
!
!
!

413
!
!
RR
router ospf 1
router-id 8.8.8.8
area 0
prefix-suppression
mpls traffic-eng
interface Loopback0
passive enable
prefix-sid index 8
!
!
c. ISIS2+SR configuration
Configuration
R4
router isis 2

414
net 49.0000.0000.0000.0004.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 4
!
!
point-to-point
!
!
point-to-point
!
!
!

415
R5
router isis 2
net 49.0000.0000.0000.0005.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 5
!
!
point-to-point
!
!
point-to-point

416

!
!
!
R6
router isis 2
net 49.0000.0000.0000.0006.00
metric-style wide
!
interface Loopback0
passive
prefix-sid index 6
!
!
point-to-point

417
!
!
point-to-point
!
!
!
d. On R2 and R3, anycast-sid configuration.
Configuration
ipv4 address 9.9.9.23 255.255.255.255
!
router isis 1
passive
prefix-sid absolute 16023
e. On R4 and R5, anycast-sid configuration.
Configuration

418
ipv4 address 9.9.9.45 255.255.255.255
!
router isis 2
prefix-sid absolute 16045
!
f. Redistribute PCE to ISIS domains, and redistribute PE’s loopback to

OSPF domain for reachability.
Configuration
R2,R3
PE1’s loopback
route-policy PE
pass
endif
end-policy
!
PCE’s loopback
route-policy PCE

419
pass
endif
end-policy
PCE will have

router ospf 1 reachability to PEs
redistribute isis 1 route-policy PE
!
router isis 1
redistribute ospf 1 route-policy PCE
PEs will have
reachability to PCE
R4,R5
route-policy PCE
pass
endif
end-policy
!

420
route-policy PE
pass
endif
end-policy
router isis 2
redistribute ospf 1 route-policy PCE
!
router ospf 1
redistribute isis 2 route-policy PE
g. Configure BGP 100 on all domains based on the figure.
Configuration
RR
router bgp 100

!

421

additional-paths receive
additional-paths send
!
neighbor-group BGPLS
remote-as 100
!
!
neighbor-group PE-BGP
remote-as 100
!
!
neighbor 1.1.1.1
use neighbor-group PE-BGP
!
neighbor 2.2.2.2
use neighbor-group BGPLS
!
neighbor 3.3.3.3
Using more than one
node from each domain
! is because of redundancy

422
neighbor 4.4.4.4
!
neighbor 5.5.5.5
!
neighbor 6.6.6.6
use neighbor-group PE-BGP
!
!
R1

10
end-set
route-policy COLOR
endif
end-policy
router bgp 100


423
!
neighbor 8.8.8.8
remote-as 100
!
R2, R3, R4, R5

It must match with
router bgp 100 each node id
bgp router-id x.x.x.x

!
neighbor 8.8.8.8
remote-as 100
!
!
!

424
R6

20
end-set
route-policy COLOR
endif
end-policy
!
router bgp 100

!
neighbor 8.8.8.8
remote-as 100
!
j. Configure RR to act as PCE and R1 and R6 as PCC.
Configuration

425
RR
pce
segment-routing
traffic-eng
!
R1, R6
segment-routing
traffic-eng
pcc
 On R1, verify reachability to RR and PCC configuration.

Verification
RP/0/RP0/CPU0:R1#show route 8.8.8.8/32
Mon Apr 8 08:38:52.807 UTC

Known via "isis 1", distance 115, metric 10, labeled SR, type
level-2
Installed Apr 8 06:59:15.730 for 01:39:37

426

Route metric is 10
Route metric is 10

brief
Mon Apr 8 08:45:05.619 UTC
Address Precedence State Learned From
8.8.8.8 255 up config
k. Configure SRTE On R1 and R6.
Configuration
R1
segment-routing
traffic-eng
policy R6TE
!
candidate-paths

427
preference 100
dynamic
pcep
!
metric
type igp
R6
segment-routing
traffic-eng
policy R1TE
!
candidate-paths
preference 100
dynamic
pcep
!
metric
type igp
 On R1 and R6, verify SRTE policy.

Verification

428

Mon Apr 8 08:55:01.026 UTC

Status:
Admin: up Operational: up for 02:16:03 (since Apr 8
06:38:57.354)
Candidate-paths:
Name: R6TE
16023 [Prefix-SID, 9.9.9.23]
16045 [Prefix-SID, 9.9.9.45]
16006 [Prefix-SID, 6.6.6.6]
Attributes:
Binding SID: 40000
Forward Class: 0

429
Mon Apr 8 08:56:10.253 UTC

10 6.6.6.6 dynamic 16004 Gi0/0/0/0.12 10.10.12.2 4268

16004 Gi0/0/0/0.13 10.10.13.3 14404

Mon Apr 8 08:58:30.124 UTC

Status:
Admin: up Operational: up for 02:18:19 (since Apr 8
06:40:10.491)
Candidate-paths:
Name: R1TE
16045 [Prefix-SID, 9.9.9.45]
16023 [Prefix-SID, 9.9.9.23]
16001 [Prefix-SID, 1.1.1.1]

430
Attributes:
Binding SID: 50000
Forward Class: 0
Mon Apr 8 08:59:33.977 UTC

20 1.1.1.1 dynamic 16002 Gi0/0/0/0.56 10.10.56.5 7112

16002 Gi0/0/0/0.46 10.10.46.4 7904
 On CE1, verify reachability of CE2’s 222.222.222.222.

Verification
1 10.10.110.1 10 msec 8 msec 11 msec
2 10.10.12.2 [MPLS: Labels 16004/16006/24003 Exp 0] 3 msec 3 msec
10.10.13.3 [MPLS: Labels 16004/16006/24003 Exp 0] 6 msec
10.10.25.5 [MPLS: Labels 16004/16006/24003 Exp 0] 8 msec

431

10.10.120.20 2 msec *


Segment Routing Orhan XXXXX

Uploaded by

Copyright:

Available Formats

You might also like

Segment Routing Orhan XXXXX

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Segment Routing Orhan XXXXX

Uploaded by

Copyright:

Available Formats

Segment Routing Work Book by Orhan Ergun LLC

Orhan Ergun LLC

This book belongs to XXXXXXXXXXX

Orhan Ergun LLC © 2020

All rights reserved.

About the Author

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Task5 ......................................................................................................................................... 162

Day4 - Segment Routing Multi-Domain SRTE...................................................................... 325

TASK2 ........................................................................................................................................ 405

Copyright © 2020 Orhan Ergun LLC

Service providers encounter various challenges to provide next generation services to

Service Provider Design Using Segment

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Segment Routing Introduction

Copyright © 2020 Orhan Ergun LLC

Traffic Engineering using SR

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

END to END Segment routing (Single BGP-AS)

Copyright © 2020 Orhan Ergun LLC

The characteristics of this network are as follow:

Major components of the given topology

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Service Node or PE Routers:

Topology Independent Loop-Free Alternate (TI-LFA) with

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

TI-LFA application in the given topology:

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

END To END Segment routing (Single BGP-AS) with on

Copyright © 2020 Orhan Ergun LLC

Egress Peer Engineering

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

END To END Segment routing (BGP Inter-AS)

The characteristics of this network are as follow:

 Multiple BGP AS

Copyright © 2020 Orhan Ergun LLC

Dual Core Network Design

Dual-Plane disjointedness network design with SR anycast-sid

Copyright © 2020 Orhan Ergun LLC

Copyright © 2020 Orhan Ergun LLC

Dual-Plane network design with SR IGP Flexible Algorithm

1: Strict Shortest Path First (SPF) algorithm based on link

PE1,2 participate to Algorithm 0 and 120 and 130

Copyright © 2020 Orhan Ergun LLC

 Prefix-SID 16006 for ALGO 0

 Prefix-SID 16066 for ALGO 0

 Prefix-SID 16050 for ALGO 0

Copyright © 2020 Orhan Ergun LLC