Professional Documents
Culture Documents
Segment Routing Fundamentals26
Segment Routing Fundamentals26
Segment Routing Fundamentals26
FUNDAMENTALS
BY AMIT TYAGI
• Segment Routing OAM: MPLS Ping and Traceroute for SPRING 277
• Reference 346
Not Covered: SRv6, PCEP, and concepts of NorthStar. How to make setup…
© 2018 Juniper Networks 2
Juniper Business Use Only
WHAT IS SEGMENT ROUTING?
Global Segment: Any node in SR domain understands associated instruction and Each node in SR domain installs the
associated instruction in its forwarding table.
Segment list: It is an ordered list of segments, which is actually encoded as the stack of labels in the MPLS architecture.
SID: A segment identifier. Note that the term SID is commonly used in place of the term "Segment"
Segment Routing domain (SR domain): An SR domain is defined as a single administrative domain for global SID
assignment. It may be comprised of a single AS or multiple ASes under consolidated global SID administration.
SR Local Block (SRLB): Local property of an SR node. Defines a list of label blocks represented by a pair of lower-
bound/upper-bound labels, reserved for local SIDs. If a node participates in multiple SR domains, there is one SRLB for each SR
domain.
SR Global Block (SRGB): The set of local labels reserved for globally unique segments in the SR domain. If a node participates
in multiple SR domains, there is one SRGB for each SR domain.
© 2018 Juniper Networks 4
Juniper Business Use Only
Segment Routing or Source Packet Routing in Networking
Segment Routing (SR) is a source routing paradigm based on the “Source Packet Routing in Networking (SPRING)” architecture.
It provides a new approach to achieve traffic engineering (TE) and resilience in today’s networks.
In SR, Each end-to-end unidirectional forwarding path is modeled as a sequence of forwarding instructions, called “segments”.
Routing is done based on segments. Segments indicates the exact path that packet must follow in the network or we can say
segments are the instructions for the packet to reach its destination. A segment is encoded as an MPLS label (distributed by
IGP). The ingress router of the forwarding path constructs the list of segments and attaches it to each packet. Each transit router
along the path in turn processes the current segment and applies the corresponding forwarding instruction to the packet. In this
paradigm, the ingress router has the full control of steering the packet over this desired path.
SR is a flexible, scalable way of doing source routing. The source chooses a path and encodes it in the packet header as an
ordered list of segments. Segments are identifier for any type of instruction. Each segment is identified by the segment ID (SID)
consisting of a flat unsigned 32-bit integer.
With segment routing, the network no longer needs to maintain a per-application and per-flow state. Instead, it obeys the
forwarding instructions provided in the packet. Per-flow state is maintained only on the ingress node of the SR domain.
When SR uses MPLS forwarding plane as data plane, each segment is assigned a unique label. The label also serves as the
segment identifier (SID) for the segment, and hence is called a SID label. Therefore, each forwarding path is instantiated as a
label-switched path, called SR LSP.
Segment Segment Segment
On ingress router, an SR LSP is represented
by a stack of SID labels. The ingress router Segment Segment
R1 R2 R3 R4
applies the label stack to a packet to steer
the traffic based on labels. Each transit
router in turn performs label switching based
on the top SID label, i.e. the current segment.
The packet is thus forwarded hop by hop to the Segment Segment
egress router.
Segment
R5 R6
Segment Segment
© 2018 Juniper Networks 6
Juniper Business Use Only
Segment Routing or Source Packet Routing in Networking Cont…
Segment Routing Provisioning:
In general, the provisioning of SR in an MPLS network involves three main tasks, i.e. segment provisioning, segment
information distribution, and SR LSP provisioning.
1. Segment Provisioning: Segment provisioning is performed on a per-router basis. For a given segment on a router, a SID
label is allocated from a desired label pool, which may be a dynamic label pool for an adj-SID label, or the SRGB for a prefix-
SID or node-SID. A route for the SID label is then installed in the mpls.0 table.
2. Segment Information Distribution: After segments are provisioned on a router, the router may advertise segment
information (including SID labels) through ISIS/OSPF SR extensions to other routers in the network. The information may
also further be distributed to a controller. The information allows ingress routers and the controller to translate an end-to-
end forwarding path from an IP address list to a segment list (i.e. a stack of SID labels). The ingress routers and the controller
can then use the segment lists to set up an SR LSP. Also, each prefix or node segment advertised will provide neighbor
routers with the outgoing SID label for their SID label routes of that segment.
3. Segment Routing LSP Provisioning: SR LSPs are provisioned on ingress routers. The provisioning may be dynamic or
static. In dynamic provisioning, an SR LSP may be created on a controller, and downloaded to an ingress router in an ERO
via PCEP SR extensions, or in a BGP SR policy via BGP SR extensions (RLI 29611). The PCEP ERO or BGP SR policy will
contain the segment list of the SR LSP.
2. At R6, launch the traffic into the traffic-engineered LSP X. This LSP follows the path R6, R8, R9, R11.
3. From R11, you want the traffic to use the link to R12.
4. From R12, you want the traffic to use the link to R14.
Each of the four stages in this path has a corresponding segment. An MPLS label is associated with each segment, namely:
• For stage one, the Node Segment is used associated with R6 – in the example the label is 302. This label tells R2 and R4 to
forward the packet towards R6 using the shortest IGP path.
• For stage two, the Binding Segment is used associated with TE LSP X. In the example, the label is 183. This label tells R6
to launch the packet onto the LSP
• For stage three, the Adjacency Segment is used associated with the link from R11 to R12. In the example, the label is 555.
• For stage four, the Adjacency Segment is used associated with the link from R12 to R14. In the example, the label is 718.
© 2018 Juniper Networks 9
Juniper Business Use Only
Segment Routing or Source Packet Routing in Networking Cont…
Once you enabled the SR then local router will advertise its SR capability in SR-Capabilities Sub-TLV (2) inside Router Capability
(242) TLV. For more details on this and other basic TLVs associated with SR, please visit “
https://www.ietf.org/id/draft-ietf-isis-segment-routing-extensions-25.txt”.
I-Flag: MPLS IPv4 flag. If set, then the router is capable of processing SR MPLS encapsulated IPv4 packets on all
interfaces.
V-Flag: MPLS IPv6 flag. If set, then the router is capable of processing SR MPLS encapsulated IPv6 packets on all
interfaces.
• A segment can have a local semantic to a segment routing node or to a global node within a segment routing
domain. Segment routing enforces a flow through any topological path and service chain while maintaining
per-flow state only at the ingress node to the segment routing domain.
• Upon completion of a segment, the related label is popped from the stack.
• A segment is stateless. Device only needs to know its own Block and adjacencies to generate a SID.
• Segment routing can be directly applied to the MPLS architecture with no change on the forwarding plane.
Scalable: Segment routing does not require any path signaling. Hence, per-flow state only needs to be
maintained at the ingress node of the SR domain increasing your network flexibility while reducing cost.
Seamless deployment: Segment Routing runs natively on an MPLS or IPv6 data plane. A simple software
upgrade will enable your hardware to run it. Also, Segment Routing can coexist with your existing LDP
network, making the migration painless.
Traffic Engineering: Segment Routing can be used to steer traffic along any arbitrary path in the network.
This allows operators to enforce low-latency and/or disjoint paths, regardless of the normal forwarding paths.
Failure Protection: The Segment Routing-based fast-reroute solution, TI-LFA, can provide per-destination
sub-50msec protection upon any single link, node or SRLG failure regardless the topology.
Programmable: Can be configured via external controller via PCEP or other means.
© 2018 Juniper Networks 12
Juniper Business Use Only
Comparison of SR with LDP and RSVP
Benefit Segment Routing LDP RSVP-TE
ECMP for TE Takes advantage of and Need to be specifically Need to be specifically configured
automatically load- configured (one LDP session (at least one RSVP LSP per ECMP
shares per ECMP link) to be able to link) to be able to take advantage of
take advantage of ECMP ECMP
TE scalability High: A minimal state TE is not supported Low: In addition to IGP state,
(IGP state) in RSVP needs to create & maintain
the core network is ingress RSVP-TE LSP in edge
required. nodes and core noes need to keep
IGP state + TE state in state of transit RSVP-TE LSPs
the edge/source node
is required
• lsdist.0 - You need to Populate NTAD with TED using import policy
Topology “set protocols mpls traffic-engineering database
import policy TE” for this table to get created. It stores the
network topology from TED having link that have RSVP enables.
Northstar lsdist.0 normally contains the normal ted database entries. It can
JVM
192.168.1.10 em2
have TED route entries learned from OSPF/ISIS and BGP-LS.
AS200 172.16.18.199/24
• lsdist.1 - Need to enable “set protocols mpls traffic-
engineering database import igp-topology” for this table to
get created. Stores the network topology from TED including links that
do not have RSVP enabled. lsdist.1 contain pure IGP topology
eth2 ge-0/0/9 ge-0/0/4 Anycast SID: ge-0/0/4
database entries. lsdist.0 is super set of lsdist.1.
172.16.18.1/24 172.16.18.11/24 1.1.1.45/3 lo0.0: 192.168.1.101/32 1.1.1.49/30
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
Northstar 192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
PCS SL: 1000 Prefix SID: SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 SL: 8000
Index: 101 10.10.10.1/32 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
ge-0/0/5 ge-0/0/6
1.1.1.54/30 1.1.1.57/30
Segment Routing
AS100
ge-0/0/4 ge-0/0/4
1.1.1.53/30 1.1.1.58/30
ge-0/0/1 ge-0/0/3 ae0 ae0 ge-0/0/3 ge-0/0/1
1.1.1.6/30 1.1.1.22/30 1.1.1.25/30 1.1.1.26/30 1.1.1.34/30 1.1.1.42/30
R2 - lo0.0- R5 - lo0.0- ge-0/0/1 ge-0/0/1 R7-RR - lo0.0- R9 - lo0.0-
192.168.1.2/32 192.168.1.5/32 192.168.1.7/32 192.168.1.9/32
SL: 2000 ge-0/0/0 ge-0/0/0 SL: 5000 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 102 1.1.1.9/30 1.1.1.10/30 Index: 105 ge-0/0/2 ge-0/0/2 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
The Segment Routing Global Block (SRGB) represents the local label space that nodes use to refer to global segments. SRGB is
encoded as a base (start label) and a range (number of labels)
SRGB block range is configured using above command highlighted in green. Default value for index-range is 4096.
With the above CLI configuration, Labels advertised in the segment routing would be more predictable and deterministic across
the segment routing domain. SRGB can be same or different across the nodes.
For example, user configured the index-range 1000 and start-label 1000, SRGB start label is 1000 and end label is 1999 (start
label 1000 + index-range 1000 - 1 = end label of SRGB block).
root@R1>
“show mpls label usage” shows the available label space resource in RPD and the applications that use the label space in
RPD. There are four different label spaces currently used in MPLS namely LSI, dynamic, block, and static. Each label space has a
fixed number and cannot grow beyond the fixed value.
root@R1>
© 2018 Juniper Networks 18
Juniper Business Use Only
SRGB - Segment Routing Global Block Cont…
Failed to allocate SRGB label range: In the case where MPLS label manager is not able to successfully allocate SRGB label
range during the IGP task initialization, it will log a syslog message. We need to ensure that the labels in the SRGB label range is
not used by any other applications. Failed to allocate SRGB label range due to label within the SRGB label range might be because
the label range is already allocated to the other applications, then a syslog error message RPD_ISIS_SRGBALLOCATIONFAIL is
logged to indicate that the label manager is not able to allocate the requested SRGB label range as a label within the SRGB label
range is used by other application. There will not be any commit failure, in case label reservation failed. Operator must manually
free the label (manually/ any other mean like restart routing) which is being used by anther application. “show isis
overview” command will show failure in case of label block is not reserved due to any reason.
Change of SRGB configuration value: Change in the existing SRGB label range configuration value, MPLS label manager
will try to reserve the modified SRGB label range during the commit process.
Case where SRGB label range successfully modified and reserved by the MPLS label manager, IGP shall detect the modified range
configuration and IGP will update the existing label route install in the mpls.0 and inet.3 table with new SRGB range label
values. This will lead to the traffic distribution for brief period of time.
Case where modified SRGB label range is not successfully reserve by the MPLS label manger (due to label being used by other
application), IGP shall hold the old SRGB label range and display old SRGB range in the “show isis overview”. Old SRGB
label will be remain as it is in forwarding tables.
You can configure labels range for static SIDs using command “set protocols mpls label-range static-label-
range <range-start 16..1048575> <range-end 16..1048575>”
root@R1>
To get all the labels allocated by RPD for a specific protocol or all the protocols.
root@R1> start shell command "dbgsh call mpls_label_debug_dump_app_labels 4" root@R1> start shell command "dbgsh call mpls_label_debug_dump_all_app_labels"
call mpls_label_debug_dump_app_labels 4 call mpls_label_debug_dump_all_app_labels
======= Label usage debug begin =======
============================= =============================
Labels used by application ISIS Labels used by application RSVP
============================= =============================
16, 18, 19,
=============================
root@R1> start shell command "dbgsh call mpls_label_debug_dump_app_labels 6" Labels used by application LDP
call mpls_label_debug_dump_app_labels 6 =============================
============================= . . .
Labels used by application BGP =============================
============================= Labels used by application ISIS
17, =============================
16, 18, 19,
root@R1>
=============================
Labels used by application VRF
=============================
=============================
Labels used by application BGP
=============================
17,
. . .
© 2018 Juniper Networks 21
Juniper Business Use root@R1>
Only
INTRODUCTION TO DIFFERENT SIDS
2. Node Segments (Node-SID) and Prefix Segment (Prefix-SID): A Loose Multi-hop tunnel, Prefix SID is a loose multi-
hop tunnel using ECMP aware shortest path links between two specific nodes or to a specific prefix hence they are globally
unique. Prefix segments contain one or more router hops. Prefix Segment Identifier (Prefix-SID) is a Global Segment,
advertised by ISIS or OSPF and associated with a prefix, commonly with a loopback IP address. Prefix SID associated with the
loopback address is known as Node SID and N flag is set for it. Operator assigns a domain wide unique Prefix-SID to prefixes
in the domain. The domain wide uniqueness is a property. In the MPLS data plane, Prefix-SIDs are allocated from SRGB.
BGP prefix SID: There is one more type of prefix SID exists, and we call it BGP prefix SID. The BGP Prefix-SID is an
identifier of the BGP prefix segment. BGP-Prefix Segment is a BGP prefix with a Prefix-SID attached. It is used in seamless SR
across multiple ASes. A BGP Prefix-SID is always a global SID within the SR domain and identifies an instruction to forward
the packet over the Equal-Cost Multi-Path (ECMP) best-path computed by BGP to the related prefix. To support segment
routing, Border Gateway Protocol (BGP) requires the ability to advertise a segment identifier (SID) for a BGP prefix. When
BGP nodes communicate with neighbor nodes in a network, the BGP Update, message sent to neighbor nodes, includes the
Prefix-SID in Labeled Unicast NLRI and a prefix SID index in a new attribute called Prefix SID attribute.
A BGP Prefix-SID will be global across ASes when the interconnected ASes are part of the same SR domain. Alternatively,
when interconnecting ASes, the ASBRs of each domain will have to handle the advertisement of unique SIDs. BGP Prefix-SID
is yet to be supported by Junos and NorthStar.
3. Anycast Segment (Anycast-SID): IGP Anycast Segment Identifier (Anycast SID) is a special type of IGP Prefix Segment
which is represent the IGP least cost path between any router and a specified prefix. However, the specified prefix can be
advertised from multiple points in the network. An IGP-Anycast Segment specifies a set of routers. An "Anycast Segment" or
"Anycast SID“ enforces the ECMP-aware shortest-path forwarding towards the closest node of the anycast set.
4. Binding Segment (Binding-SID): Represents a tunnel (SR/LDP/RSVP) or in another words it represents a set of labels.
a. It can be used in LSP stitching or it can also be used to stitch or nest various domains. It has local significance to the
ingress node of the corresponding SID. It is used for Interop, a type of local SID. It can alias an entire LSP to one label. As
soon as router get Binding SID label It normally pushes additional stack of labels corresponding to the LSP.
b. The binding segment also used in local segment identification of an SR-TE policy. Normally each SR-TE policy is
associated with a binding segment ID (BSID).
© 2018 Juniper Networks 24
Juniper Business Use Only
Different Types of SIDs - BGP SIDs for EPE Solutions
Certain segments are defined by a BGP-EPE capable node and corresponding to its attached peers. These segments are called
BGP peering segments or BGP Peering SIDs. They enable the expression of source-routed inter-domain paths.
An ingress border router of an AS may compose a list of segments to steer a flow along a selected path within the AS, towards a
selected egress border router of the peer AS and through a specific local ASBR router. At minimum, a BGP Egress Peering
Engineering policy applied at an ingress EPE involves two segments: the Node SID of the chosen egress EPE and then the BGP
Peering Segment for the chosen egress EPE peer or peering interface.
5. BGP Segments - Peering Adjacency Segment (PeerAdj SID): Only used for Egress Peer Engineering
A Peer Adjacency Segment is a segment describing a link, including the SID (PeerAdj SID) allocated to it.
6. BGP Segments - Peering Node Segment (PeerNode SID): Only used for Egress Peer Engineering
A Peer Node Segment is a segment describing a peer, including the SID (PeerNode SID) allocated to it.
7. BGP Segments - Peering Set Segment (PeerSet SID): Only used for Egress Peer Engineering
A Peer Set Segment is a segment describing links or nodes that are part of the set, including the SID (PeerSet SID) allocated to
the set.
8. Spray SID: Spray P2MP segment enables a Root node to directly replicate a packet using a SR path to each Leaf node. A SR
Replication policy for a Spray P2MP segment is instantiated only at the Root node. There are no Replication nodes in these
segments.
9. Tree SID: For a Tree SID P2MP segment, a controller computes a tree from a Root node to a set of Leaf nodes via a set of
Replication nodes. A packet is replicated at the Root node and on Replication nodes towards each Leaf node. A SR Replication
policy instantiated on the Root node takes a packet from the Root node to Replication nodes towards the Leaf node. A
Replication node MAY also be a Leaf node. The SR Replication policy instantiated at the Replication nodes take the packet
down further to other Replication nodes or Leaf nodes.
Spray-SID and Tree-SID and along with BIER (Bit Index Explicit Replication) are still in discussion phase (No RLI yet). Currently
Spray-SID and Tree-SID are not available in Junos or NorthStar.
For further information on Spray and Tree SID please visit “https://tools.ietf.org/html/draft-voyer-spring-sr-p2mp-policy-02”
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|F|B|V|L|S| |
+-+-+-+-+-+-+-+-+
The minimum configuration to invoke Adjacency Segments: “set protocols isis source-packet-routing”
root@R1> show isis adjacency extensive
R4
Interface: ge-0/0/0.0, Level: 2, State: Up, Expires in 25 secs
Priority: 0, Up/Down transitions: 1, Last transition: 00:02:15 ago
Circuit type: 2, Speaks: IP, IPv6
Topologies: Unicast
Restart capable: Yes, Adjacency advertisement: Advertise
IP addresses: 1.1.1.2 . . .
Level 2 IPv4 Adj-SID: 28 R3
State: Up Interface: ge-0/0/4.0, Level: 2, State: Up, Expires in 26 secs
Priority: 0, Up/Down transitions: 1, Last transition: 00:02:40 ago
R2 Circuit type: 2, Speaks: IP, IPv6
Interface: ge-0/0/1.0, Level: 2, State: Up, Expires in 21 secs Topologies: Unicast
Priority: 0, Up/Down transitions: 1, Last transition: 00:01:44 ago Restart capable: Yes, Adjacency advertisement: Advertise
Circuit type: 2, Speaks: IP, IPv6 IP addresses: 1.1.1.46
Topologies: Unicast Level 2 IPv4 Adj-SID: 27
Restart capable: Yes, Adjacency advertisement: Advertise State: Up
IP addresses: 1.1.1.6 . . .
Level 2 IPv4 Adj-SID: 29 root@R1>
State: Up
. . .
Note: For LAN Segment, each router advertises a set of Adj-SIDs for each of its neighbors
© 2018 Juniper Networks 28
Juniper Business Use Only
Adjacency SID Cont…
root@R1> show isis database R1.00-00 extensive root@R1> show route table mpls.0
. . .
R1.00-00 Sequence: 0xa94, Checksum: 0x1eb5, Lifetime: 951 secs mpls.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
IPV4 Index: 101 + = Active Route, - = Last Active, * = Both
Node Segment Blocks Advertised: . . .
Start Index : 0, Size : 1000, Label-Range: [ 1000, 1999 ] 27 *[L-ISIS/14] 00:08:20, metric 0 <<< L-ISIS stands for labeled IS-IS.
IS neighbor: R2.00 Metric: 10 > to 1.1.1.46 via ge-0/0/4.0, Pop
Two-way fragment: R2.00-00, Two-way first fragment: R2.00-00 27(S=0) *[L-ISIS/14] 00:08:05, metric 0
P2P IPv4 Adj-SID: 29, Weight: 0, Flags: --VL-- > to 1.1.1.46 via ge-0/0/4.0, Pop
IS neighbor: R3.00 Metric: 10 28 *[L-ISIS/14] 00:08:14, metric 0
Two-way fragment: R3.00-00, Two-way first fragment: R3.00-00 > to 1.1.1.2 via ge-0/0/0.0, Pop
P2P IPv4 Adj-SID: 27, Weight: 0, Flags: --VL-- 28(S=0) *[L-ISIS/14] 00:08:05, metric 0
IS neighbor: R4.00 Metric: 10 > to 1.1.1.2 via ge-0/0/0.0, Pop
Two-way fragment: R4.00-00, Two-way first fragment: R4.00-00 29 *[L-ISIS/14] 00:08:14, metric 0
P2P IPv4 Adj-SID: 28, Weight: 0, Flags: --VL-- > to 1.1.1.6 via ge-0/0/1.0, Pop
. . . 29(S=0) *[L-ISIS/14] 00:03:52, metric 0
TLVs: > to 1.1.1.6 via ge-0/0/1.0, Pop
. . . . . .
Extended IS Reachability TLV, Type: 22, Length: 217 root@R1>
IS extended neighbor: R3.00, Metric: default 10 SubTLV len: 81
. . .
P2P IPV4 Adj-SID - Flags:0x70(F:0,B:1,V:1,L:1,S:0,P:0), Weight:0, Label: 27 Note: All the Adj SID labels advertised by any router in the SR network
P2P IPv4 Adj-SID: 27, Weight: 0, Flags: -BVL-- will have POP action in their mpls.0 table.
. . .
IS extended neighbor: R4.00, Metric: default 10 SubTLV len: 81
. . .
P2P IPV4 Adj-SID - Flags:0x70(F:0,B:1,V:1,L:1,S:0,P:0), Weight:0, Label: 28
P2P IPv4 Adj-SID: 28, Weight: 0, Flags: -BVL--
. . .
Extended IS Reachability TLV, Type: 22, Length: 92
IS extended neighbor: R2.00, Metric: default 10 SubTLV len: 81
. . .
P2P IPV4 Adj-SID - Flags:0x70(F:0,B:1,V:1,L:1,S:0,P:0), Weight:0, Label: 29
P2P IPv4 Adj-SID: 29, Weight: 0, Flags: -BVL--
. . .
root@R1>
© 2018 Juniper Networks 29
Juniper Business Use Only
Adjacency SID - Forwarding Rule
Adjacency SID Working - Will be acting as strict hope tunnel. Won’t follow IGP shortest path. Max label stack depth can be 5.
b
c c
d d d
Pay Load Pay Load Pay Load Pay Load
set protocols isis interface ge-0/0/1.0 link-protection <<< No protection without this, No programming in PFE Until LFA kicks in
set protocols isis interface ge-0/0/1.0 level 2 ipv4-adjacency-segment protected dynamic (or label <label_from_static_range>)
set protocols isis interface ge-0/0/1.0 level 2 ipv4-adjacency-segment unprotected dynamic (or label <label_from_static_range>)
Note: Please use “show mpls label usage” to know the static label range
The dynamic keyword triggers the router to automatically allocate a label value. The preceding two commands result in two
adjacency labels to be allocated to ge-0/0/1 as follows: root@R1> show isis database R1.00-00 extensive | no-more
. . .
R1.00-00 Sequence: 0xa87, Checksum: 0x8d29, Lifetime: 950 secs
IPV4 Index: 101
• IPv4 traffic, protection required Node Segment Blocks Advertised:
• IPv4 traffic, no protection required Start Index : 0, Size : 1000, Label-Range: [ 1000, 1999 ]
IS neighbor: R2.00 Metric: 10
Two-way fragment: R2.00-00, Two-way first fragment: R2.00-00
P2P IPv4 Adj-SID: 177, Weight: 0, Flags: -BVL--
root@R1> show isis adjacency R2 extensive | no-more
P2P IPv4 Adj-SID: 178, Weight: 0, Flags: --VL--
R2
. . .
Interface: ge-0/0/1.0, Level: 2, State: Up, Expires in 19 secs
TLVs:
Priority: 0, Up/Down transitions: 1, Last transition: 3w2d 22:31:06 ago
. . .
Circuit type: 2, Speaks: IP, IPv6
IS extended neighbor: R2.00, Metric: default 10 SubTLV len: 88
Topologies: Unicast
. . .
Restart capable: Yes, Adjacency advertisement: Advertise
P2P IPV4 Adj-SID - Flags:0x30(F:0,B:0,V:1,L:1,S:0,P:0), Weight:0, Label: 178
IP addresses: 1.1.1.6
P2P IPv4 Adj-SID: 178, Weight: 0, Flags: --VL--
Level 2 IPv4 protected Adj-SID: 177, Flags: -BVL-- <<< Protected SID
P2P IPV4 Adj-SID - Flags:0x70(F:0,B:1,V:1,L:1,S:0,P:0), Weight:0, Label: 177
Level 2 IPv4 unprotected Adj-SID: 178, Flags: --VL-- <<< Unprotected SID
P2P IPv4 Adj-SID: 177, Weight: 0, Flags: -BVL--
State: Up
. . .
root@R1>
root@R1>
© 2018 Juniper Networks 31
Juniper Business Use Only
Adjacency SID - Unprotected and Protected Adjacency Segments Cont…
root@R1> show route label 177
Relevent Config:
mpls.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
protocols {
isis { 177 *[L-ISIS/14] 00:08:15, metric 0
> to 1.1.1.6 via ge-0/0/1.0, Pop
backup-spf-options { <<< Need to enable TI-LFA, By default to 1.1.1.2 via ge-0/0/0.0, Swap 4102 << 4102 label used by R4 for R2’s Node SID
use-post-convergence-lfa; TI-LFA provides link 177(S=0) *[L-ISIS/14] 00:00:34, metric 0
protection > to 1.1.1.6 via ge-0/0/1.0, Pop
use-source-packet-routing; to 1.1.1.2 via ge-0/0/0.0, Swap 4102
}
interface ge-0/0/1.0 { root@R1> show route label 178
point-to-point; mpls.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
level 2 { + = Active Route, - = Last Active, * = Both
post-convergence-lfa;
metric 1000; 178 *[L-ISIS/14] 00:20:37, metric 0
ipv4-adjacency-segment { > to 1.1.1.6 via ge-0/0/1.0, Pop
protected dynamic; 178(S=0) *[L-ISIS/14] 00:01:01, metric 0
> to 1.1.1.6 via ge-0/0/1.0, Pop
unprotected dynamic;
} root@R1> show route label 177 extensive
}
} mpls.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
} 177 (1 entry, 1 announced)
} . . .
Next hop: 1.1.1.6 via ge-0/0/1.0 weight 0x1, selected
Label operation: Pop
. . .
N0te: Adj-SID with backup flags are advertised in the IGP Next hop: 1.1.1.2 via ge-0/0/0.0 weight 0xf000
domain. You can map the interested traffic to the protected label Label operation: Swap 4102
. . .
(or unprotected label). Mapping can be done by provisioning LSP 177(S=0) (1 entry, 1 announced)
. . .
by external controller (NorthStar) or by statically provisioning of Next hop: 1.1.1.6 via ge-0/0/1.0 weight 0x1, selected
LSP. Label operation: Pop
. . .
Next hop: 1.1.1.2 via ge-0/0/0.0 weight 0xf000
Label operation: Swap 4102
. . .
root@R1>
© 2018 Juniper Networks 32
Juniper Business Use Only
Adjacency SID - Unprotected and Protected Adjacency Segments Cont…
root@R1> show route forwarding-table label 177 root@R1> show route forwarding-table label 178
Routing table: default.mpls Routing table: default.mpls
MPLS: MPLS:
Destination Type RtRef Next hop Type Index NhRef Netif Destination Type RtRef Next hop Type Index NhRef Netif
177 user 0 ulst 1048578 2 178 user 0 1.1.1.6 Pop 525 3 ge-0/0/1.0
1.1.1.6 Pop 525 3 ge-0/0/1.0 178(S=0) user 0 1.1.1.6 Pop 526 3 ge-0/0/1.0
1.1.1.2 Swap 4102 524 4 ge-0/0/0.0 . . .
177(S=0) user 0 ulst 1048579 2 root@R1>
1.1.1.6 Pop 526 3 ge-0/0/1.0
1.1.1.2 Swap 4102 524 4 ge-0/0/0.0
. . .
root@R1> start shell command "cprod -A fpc0 -c \"show nhdb id 1048578 recursive\""
root@R1> start shell command "cprod -A fpc0 -c \"show nhdb id 1048578 extensive\""
ID Type Interface Next Hop Addr Protocol Encap MTU Flags PFE internal Flags
----- -------- ------------- --------------- ---------- ------------ ---- ------------------ ------------------
1048578 Unilist ge-0/0/1.0 - IPv4 Ethernet 0 0x0000000000000000 0x0000000000000000
. . .
Weight Info (Selector's view): Current Weight = 1, Target_id = 0
Idx Balance Weight Orig-Weight Ifl Session Install
----- ------- ------- ----------- ------ ------- -------
0 ** 1 1 326 358 Yes
1 ** 61440 61440 324 361 No
. . .
ECMP : NO
Routing-table id: 0
. . .
root@R1>
© 2018 Juniper Networks 33
Juniper Business Use Only
Adjacency SID Set - For loadbalancing across multiple links
It’s possible to assign a common label to multiple adjacencies on a node for load balancing purpose. This is known as an
Adjacency Set (Adj-Set) for short. In the below example, when data-plane packets arrive at local router with a top label value of
1000000, the label is popped, and the packets are load-balanced on links ge-0/0/0 and ge-0/0/1 in a 1:3 ratio.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Algorithm: The router may use various algorithms when calculating
| Type | Length | Flags | Algorithm | reachability to other nodes or to prefixes attached to these nodes. Juniper
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ supports SPF. Please see below link for more details for Algorithm and flags
| SID/Index/Label (variable) | details.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
https://tools.ietf.org/id/draft-ietf-isis-segment-routing-extensions-20.html
where:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|R|N|P|E|V|L| |
+-+-+-+-+-+-+-+-+
IS-IS SPRING Install route in inet.3 table advertised as part of the Node SID configured. Protocols like BGP, in L3VPN and
L2VPN applications etc, resolve its protocol next-hop in the table inet.3/inet6.3 only.
© 2018 Juniper Networks 35
Juniper Business Use Only
Prefix and Node SID Cont…
R-Flag: Re-advertisement flag. If set, then the prefix to which this Prefix-SID is attached, has been propagated by the router either from
another level (i.e., from level-1 to level-2 or the opposite) or from redistribution (e.g.: from another protocol).
N-Flag: Node-SID flag. If set, then the Prefix-SID refers to the router identified by the prefix. Typically, the N-Flag is set on Prefix-SIDs
attached to a router loopback address. The N-Flag is set when the Prefix-SID is a Node-SID.
P-Flag: no-PHP flag. If set, then the penultimate hop MUST NOT pop the Prefix-SID before delivering the packet to the node that
advertised the Prefix-SID.
E-Flag: Explicit-Null Flag. If set, any upstream neighbor of the Prefix-SID originator MUST replace the Prefix-SID with a Prefix-SID having
an Explicit-NULL value (0 for IPv4 and 2 for IPv6) before forwarding the packet. In other words, To disable penultimate-hop-popping
(PHP) and add explicit-Null label, explicit-null option needs to be specified.
V-Flag: Value flag. If set, then the Prefix-SID carries a value (instead of an index). By default the flag is UNSET.
L-Flag: Local Flag. If set, then the value/index carried by the Prefix-SID has local significance. By default the flag is UNSET.
Other bits: MUST be zero when originated and ignored when received.
N Flag will be clear in case of Anycast SID or Prifix SID advertisement: If a node SID is advertised across levels then it becomes prefix SID
and it ceases to exists as Node SID in the other level. R-bit is set to indicate re-advertised. When R-bit is set, N-bit is ignored.
Note: Please use “show mpls label usage” to know the SRGB range
© 2018 Juniper Networks 37
Juniper Business Use Only
Prefix and Node SID Cont…
root@R1> show isis database R1.00-00 extensive root@R1> show isis overview | no-more
. . . Instance: master
R1.00-00 Sequence: 0xa95, Checksum: 0x1cb6, Lifetime: 716 secs Router ID: 192.168.1.1
IPV4 Index: 101 Hostname: R1
Node Segment Blocks Advertised: Sysid: 0000.0000.0001
Start Index : 0, Size : 1000, Label-Range: [ 1000, 1999 ] Areaid: 49.0001
. . . . . .
TLVs: IPv4 is enabled, IPv6 is enabled, SPRING based MPLS is enabled
. . . . . .
Hostname: R1 Source Packet Routing (SPRING): Enabled
Router Capability: Router ID 192.168.1.1, Flags: 0x00 SRGB Config Range:
SPRING Capability - Flags: 0xc0(I:1,V:1), Range: 1000, SID-Label: 1000 SRGB Start-Label : 1000, SRGB Index-Range : 1000
SPRING Algorithm - Algo: 0 SRGB Block Allocation: Success
. . . SRGB Start Index : 1000, SRGB Size : 1000, Label-Range: [ 1000, 1999 ]
IP extended prefix: 192.168.1.1/32 metric 0 up Node Segments: Enabled
8 bytes of subtlvs Ipv4 Index : 101
Node SID, Flags: 0x40(R:0,N:1,P:0,E:0,V:0,L:0), Algo: SPF(0), Value: 101 Post Convergence Backup: Enable d
IP extended prefix: 10.10.10.1/32 metric 10 up Max labels: 3, Max spf: 100, Max Ecmp Backup: 1
8 bytes of subtlvs Level 1
Prefix SID, Flags: 0x00(R:0,N:0,P:0,E:0,V:0,L:0), Algo: SPF(0), Value: 599 . . .
. . . Source Packet Routing is enabled
root@R1> Level 2
. . .
Source Packet Routing is enabled
root@R1>
Note: Node Index can not be same on any two routers. It must be different on
all the router. We can configure same start label and range on all the routers.
© 2018 Juniper Networks 38
Juniper Business Use Only
Prefix and Node SID - Forwarding Rules
Prefix/Node SID Working – It follows IGP shortest path. Formula to calculate the label for remote Router is:
Downstream Neighbor's Expected Node SID from local Router = Start-label of downstream neighbor router’s label range + Node index advertised by Destination Router
Case 1: When SRGB is different on all the routers: Results in different labels by each router to the destination. We have used
different SRGB on all the routers in throughout this presentation.
w+e = L Label L used by R2 x+e = M Label M used by y+e = N Label N used by R4
Pay Load for R5’s Node SID Pay Load R3 for R5’s Node Pay Loadfor R5’s Node SID Pay Load
SID
R1 R2 R3 R4 R5
Start Label: v Start Label: w Start Label: x Start Label: y Start Label: z
Index: a Index: b Index: c Index: d Index: e
Case 2: When SRGB is same on all the routers: Results in same labels used by each router to reach to the destination. In SR-
MPLS, using identical SRGBs on all nodes within the SR domain is strongly recommended. Doing so eases operations and
troubleshooting as the same label represents the same global segment at each node.
w+e = L Label L used by R2 w+e = L Label L used by R3 w+e = L Label L used by R4
Pay Loadfor R5’s Node SID Pay Load for R5’s Node SID Pay Loadfor R5’s Node SID Pay Load
R1 R2 R3 R4 R5
Start Label: w Start Label: w Start Label: w Start Label: w Start Label: w
Index: a Index: b Index: c Index: d Index: e
Topology
> to 1.1.1.2 via ge-0/0/0.0, Push 4109
label used by R1 for to 1.1.1.6 via ge-0/0/1.0, Push 2109
R9’s Node Segment: to 1.1.1.46 via ge-0/0/4.0, Push 3109
3109 [IS-IS/18] 00:07:30, metric 40
Swapped with 6109 > to 1.1.1.2 via ge-0/0/0.0
to 1.1.1.6 via ge-0/0/1.0
Example: When to 1.1.1.46 via ge-0/0/4.0
SRGB is different root@R1> traceroute 192.168.1.9 <<< Tracing R9’s loopback from R1
traceroute to 192.168.1.9 (192.168.1.9), 30 hops max, 40 byte packets
on all the routers. 1 1.1.1.2 (1.1.1.2) 6.429 ms 2.794 ms 3.494 ms
MPLS Label=4109 CoS=0 TTL=1 S=1 <<< R4’s First label + R9’s Index
2 1.1.1.14 (1.1.1.14) 10.993 ms 3.894 ms 4.224 ms
MPLS Label=6109 CoS=0 TTL=1 S=1 <<< R6’s First label + R9’s Index
Diagram is 3 1.1.1.34 (1.1.1.34) 11.629 ms 44.870 ms 5.151 ms
MPLS Label=7109 CoS=0 TTL=1 S=1 <<< R7’s First label + R9’s Index
showing the label 4 192.168.1.9 (192.168.1.9) 6.876 ms 7.165 ms 7.063 ms
these labels.
Segment Routing
AS100
Topology
> to 1.1.1.2 via ge-0/0/0.0, Push 1109
label used by R1 for to 1.1.1.6 via ge-0/0/1.0, Push 1109
R9’s Node Segment: to 1.1.1.46 via ge-0/0/4.0, Push 1109
1109 [IS-IS/18] 00:02:10, metric 40
Swapped with 1109 > to 1.1.1.2 via ge-0/0/0.0
to 1.1.1.6 via ge-0/0/1.0
Example: When to 1.1.1.46 via ge-0/0/4.0
SRGB is same on root@R1> traceroute 192.168.1.9 <<< Tracing R9’s loopback from R1
traceroute to 192.168.1.9 (192.168.1.9), 30 hops max, 40 byte packets
all the routers. 1 1.1.1.2 (1.1.1.2) 6.429 ms 2.794 ms 3.494 ms
MPLS Label=1109 CoS=0 TTL=1 S=1 <<< R4’s First label + R9’s Index
2 1.1.1.14 (1.1.1.14) 10.993 ms 3.894 ms 4.224 ms
MPLS Label=1109 CoS=0 TTL=1 S=1 <<< R6’s First label + R9’s Index
Diagram is 3 1.1.1.34 (1.1.1.34) 11.629 ms 44.870 ms 5.151 ms
MPLS Label=1109 CoS=0 TTL=1 S=1 <<< R7’s First label + R9’s Index
showing the label 4 192.168.1.9 (192.168.1.9) 6.876 ms 7.165 ms 7.063 ms
these labels.
Segment Routing
AS100
root@R4>
root@R6>
© 2018 Juniper Networks 44
Juniper Business Use Only
Tracing R9’s Prefix-SID/Node-SID from R1 across the network Cont…
root@R8> show route forwarding-table destination 192.168.1.9/32
Routing table: default.inet
. . .
Destination Type RtRef Next hop Type Index NhRef Netif
192.168.1.9/32 user 0 1.1.1.42 ucst 626 2 ge-0/0/1.0
. . .
root@R8> show route label 8109
root@R8>
A new BGP attribute known as the BGP Prefix-SID attribute is introduced and some rules defined to originate, receive and handle
error conditions for the attribute (Please see draft for further info on error conditions). The BGP Prefix-SID attribute can be
attached to prefixes from Multiprotocol BGP IPv4/IPv6 Labeled Unicast. One known use-case is the applicability of BGP Prefix-
SID in large-scale data centers. A BGP Prefix-SID will be global across ASes when the interconnected ASes are part of the same
SR domain. Alternatively, when interconnecting ASes, the ASBRs of each domain will have to handle the advertisement of unique
SIDs.
A BGP Prefix-SID can be attached to a BGP prefix and this implies that each prefix is advertised individually, reducing the ability
to pack BGP advertisements. BGP Prefix-SID is mostly used in large scale data centers (DC) having close archetecture where
normally all routers within a Tier, are connected via EBGP to other Tier routers. and normally Tier 3 or top of rack (TOR) will
have individual AS per node, Tier 2 nodes can be grouped to multiple ASes and all Tier 1 nodes will be in a single AS.
This network design provides means for moving traffic between hosts with reasonable efficiency since there all servers are same
number of hops away and there are multiple ECMP paths to interconnect them. Each node advertises its loopback interface via
BGP to its neighbors. BGP Prefix SID would be supported from 19.4 onwards.
The BGP Prefix-SID attribute is defined here to be a set of elements encoded as a set of TLVs. All BGP Prefix-SID attribute TLVs
will start with a 1-octet type and a 2-octet length. The following TLVs are defined in the draft:
1. Label-Index TLV
The Label-Index and Originator SRGB TLVs are used only when SR is applied to the MPLS dataplane. In Junos, by default
“advertise-srgb” knob will be disabled and SRGB range will not be sent. Only if this knob is enabled the SRGB TLV will be
sent along with prefix SID TLV.
For future extensibility, unknown TLVs MUST be ignored and propagated unmodified. Definitions of the TLVs are on next slides.
A BGP Prefix-SID attribute received without a Label-Index TLV MUST be considered as "invalid" by the receiving speaker.
Where: Type is 1; Length: is 7, the total length in octets of the value portion of the TLV.
RESERVED: 8-bit field. MUST be clear on transmission and MUST be ignored on reception.
Flags: 16 bits of flags. None are defined as of now. The flag field MUST be clear on transmission and MUST be ignored on
reception.
Label Index: 32-bit value representing the index value in the SRGB space.
d. SRGB: 3 octets specifying the first label in the range followed by 3 octets
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SRGB n (6 octets) | specifying the number of labels in the range. Note that the SRGB field
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ MAY appear multiple times. If the SRGB field appears multiple times,
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
the SRGB consists of multiple ranges that are concatenated.
The Originator SRGB TLV contains the SRGB of the node originating the prefix to which the BGP Prefix-SID is attached. The
Originator SRGB TLV MUST NOT be changed during the propagation of the BGP update. It is used to build segment routing
policies when different SRGBs are used in the fabric, for example large scale datacenters.
Where OutIntf represents the outgoing interface to reach the destination. This may have multiple interfaces if there are
multiple ECMP paths to reach the destination.
Similarly, each router’s locally originated prefixes like the loopback addresses will also be assigned a unique Prefix Segment
Index say R01 allocate 1, R02 allocate 2 and Rx allocate ‘x’. The corresponding label will be created by adding this to ‘1000+x’.
Prefix Segment Index information is propagated (in Label-Index TLV 0f BGP Prefix-SID attribute) to all routers. All routers
will calculate the Prefix SIDs to reach the loopbacks of other routers and they would have the label entries and the
corresponding out label along with the outgoing interface to reach all other routers.
© 2018 Juniper Networks 53
Juniper Business Use Only
BGP-Prefix SID - Working explanation using Example Diagram Cont…
Now the controller can ask the application on the server to assign a stack of label to incoming packet based on the network state information
available to it and steer the packet through any path it deems best or necessary.
Say, if controller comes to know that the path via R10 and R07 is congested, it can insert a top label stack of 1009 or 1011 or 1012 {SRGB
1000 + (9 for R09, 11 for R11 and 12 for R12)} in the incoming packet of R1 for any new flows. This will ensure the path taken by that flow
will go through R09 or R11 or R12 and not R10 even if ECMP may say otherwise. As the packet reaches R09, the top label 1009 will be
popped and forwarded based on next label 1003 which would indicate path to reach the destination prefix.
One more use case requirement is to support redistribution of IGP assigned Prefix Segment Index into BGP. If the IGP has already allocated
a Prefix Segment Index and installed the route, then BGP just need to redistribute the prefix and send the prefix along with the Prefix
Segment Index information.
Note: JUNOS implementation supports capability to specify one or more global Prefix Segment SRGB blocks in protocol MPLS. This allows
configuration of a start and end value for the Prefix Segment SRGB block. The same capability will be reused by BGP to determine its range
of SRGB blocks. You can use the below commands to define the range in MPLS and use them in BGP.
This SRGB range within BGP will be the first preference for BGP LU SID allocation and only if not specifically configured under BGP or if
there is a conflict with existing SRBG ranges configured globally or inside other protocols, then the globally allocated SRGB range will be
used.
© 2018 Juniper Networks 54
Juniper Business Use Only
BGP-Prefix SID - Configuration
policy-options {
policy-statement <Policy-Name> {
term 1 {
from {
route-filter <IP_Address> exact; <<< Since the SID is allocated per prefix, the from clause will have restriction to use only route-filter with exact match
}
then {
prefix-segment index <Prefix_Segment_Index>; <<< Index needs to be within the SRGB range. Just Like IGP Prefix SID.
accept;
}
} Note: Typically, a prefix needs to be assigned a prefix segment index on the device on which the prefix has been
term 2 { originated (i.e. a local/direct route has been exported in BGP using an export-policy). On upstream routers where this
from { prefix is re-advertised this need not be re-assigned again. The prefix segment index value assigned by the originating
protocol <IGP_Protocol>; device shall be retained in the re-advertisements. However, if ever needed the operator may choose to re-assign a
} different prefix segment index with the same prefix on an upstream router using an appropriate export policy term.
then {
prefix-segment reuse-allocated-sid; <<< This knob will be used to get the IGP allocated SID into BGP along with the prefix being exported to BGP.
accept; However the reverse that is from BGP to IGP will not be applicable.
}
}
}
}
protocols {
bgp {
group <Group-Name> {
advertise-prefix-sid; <<< For external BGP peers, by default the prefix SID is not advertised. A new knob “advertise-prefix-sid” is introduced in order to
export <Policy-Name>; override this default behavior and advertise prefix SID to eBGP peers.
}
}
}
RFC 8277 mentions that if the nexthop is unchanged, then the label should also remain unchanged. If the nexthop is changed,
then the label must be assigned at the new nexthop. The same will be hold good in case of propagation of prefix-sid.
In JUNOS by default the nexthop is changed at each hop to self for labeled unicast NLRI, unless specified to keep the nexthop
unchanged.
iBGP: The operation would be like the described in above, the only difference being eBGP path propagation replaced by iBGP
path reflection with nexthop set to self.
If the nexthop is not changed on RR, then there should be no change in label propagated as per RFC8277. In this case Upstream
router will not act on the prefix-sid attribute, rather propagate the label and nexthop unchanged to its upstream router.
Anycast SID is also a type of prefix SID. One application of Prefix SIDs is to achieve anycast operation. You can ascribe the same
IP address, and associated Anycast-SID, to multiple nodes. If in the data plane a packet arrives at a node with the anycast label on
top, the node forwards the packet towards the nearest member of the group. Like Prefix and Node SID, Anycast-SID also carried
in Prefix-SID (3) sub-TLV of Extended IP Reachability (135) TLV.
Anycast segments represent a shared prefix across nodes that could be used for simple load-sharing and redundancy.
Note:
• Anycast prefix-sids are also generated when a prefix is re-advertised across levels.
root@R5>
© 2018 Juniper Networks 59
Juniper Business Use Only
Anycast SID - Traffic engineering with anycast prefix segments
11
21
1.1.1.1/32 13 1.1.1.2/32
23
12
22
14
24
51 53
31 33
99
88
41 43
1.1.1.4/32 52 54
32 34
1.1.1.5/32
42 44
1.1.1.3/32
• Shortest paths from 88 to 99 is 4X ECMP southern route (using node-sid for 99)
• Traffic engineered 8X ECMP northern route can be achieved with two label stack: Anycast prefix-sid advertised by 21,22,23, and 24, plus node-sid for 99
• Equivalent traffic engineering using RSVP-TE requires 8 separate LSPs with state on each router for each LSP.
© 2018 Juniper Networks 60
Juniper Business Use Only
Binding SID
Binding SID is similar to an adjacency SID but instead of representing a link it represents a tunnel (SR/LDP/RSVP or any other
encapsulation) or in other words, stack of labels. In order to provide greater scalability, network opacity, and service
independence, SR utilizes a Binding SID (BSID). Normally BSID is bound to an SR Policy, instantiation of which may involve a
list of SIDs. Any packets received with an active segment equal to BSID are steered onto the bound SR Policy.
A BSID may be either a local or a global SID. If local, a BSID SHOULD be allocated from the SRLB. If global, a BSID MUST be
allocated from the SRGB.
The use of Binding SID is to stitch or nest various domains. It has local significance to the ingress node of the corresponding SID.
To implement interoperability of segment routing with LDP using ISIS, a server-client configuration is required under protocols
ISIS and LDP, respectively, and routes from the inet.3 or inet.0 routing tables are used for stitching of segment routing LSP
with an LDP LSP and vice-versa.
20
30 30
Binding SID in the packet 1000 40 40 40
Label from other protocol 2000 2000 2000 2000 2000
Pay Load Pay Load Pay Load Pay Load Pay Load Pay Load
BSID: 1000 representing a tunnel having label stack of 10 (Top), 20, 30, 40 (Bottom)
Note: Label Stack can be formed using Node SIDs or mix of Node and any other SID.
© 2018 Juniper Networks 61
Juniper Business Use Only
Binding SID Cont…
Anycast-SID carried in SID/Label (3) sub-TLV of SID/Label Binding (149) TLV. Below is the format of the TLV:
Where:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Type: TBD, suggested value 149
| Type | Length | Flags | Weight | • Length: variable.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • 1 octet of flags
| Range | Prefix Length | FEC Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • 1 octet of RESERVED
// FEC Prefix (continued, variable) // • 2 octets of Range, Please see the draft for more details. Default is 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • 1 octet of Prefix Length
| SubTLVs (variable) | • 0-16 octets of Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• sub-TLVs, where each sub-TLV consists of a sequence of:
The 'Range' field provides the ability to specify a range of addresses and their associated Prefix SIDs. Default is one.
Weight: 1 octet. The value represents the weight of the SID for the purpose of load balancing.
© 2018 Juniper Networks 62
Juniper Business Use Only
Binding SID Cont…
F-Flag: Address Family flag. If unset, then the Prefix carries an IPv4 Prefix. If set, then the Prefix carries an IPv6 Prefix.
M-Flag: Mirror Context flag. Set if the advertised SID corresponds to a mirrored context. Mirroring allows an SR router to
advertise a backup path for a service (edge) segment, allowing for local (next-hop) repair using context-based switching. See RFC
8402 for more details.
S-Flag: Set Flag. If set, the SID/Label Binding TLV SHOULD be flooded across the entire routing domain. If the S flag is not set,
the SID/ Label Binding TLV MUST NOT be leaked between levels. This bit MUST NOT be altered during the TLV leaking.
D-Flag: When the SID/Label Binding TLV is leaked from level-2 to level-1, the D bit MUST be set. Otherwise, this bit MUST be
clear. SID/Label Binding TLVs with the D bit set MUST NOT be leaked from level-1 to level-2. This is to prevent TLV looping
across levels.
A-Flag: Attached flag. The originator of the SID/Label Binding TLV MAY set the A bit in order to signal that the prefixes and
SIDs advertised in the SID/Label Binding TLV are directly connected to their originators. If the Binding TLV is leaked to other
areas/levels the A-flag MUST be cleared.
Other bits: MUST be zero when originated and ignored when received.
Mapping Server: The SR mapping server is just a control plane function. It advertises prefix SIDs on behalf of the non-SR-
capable routers. This results in additional IS-IS TLVs that SR speakers will consume, and non-speakers ignore. SR routers will
install prefix SIDs learned from mapping servers, much as they install native prefix SIDs, into inet.3.
Like all proxies, the Mapping Server must be highly available, and its disseminated information must remain consistent – high
availability is achieved by configuring more than one router as Mapping Server. Complex tie-breaking rules exist if mapping
inconsistencies occur. Each Mapping Server mapping carries a preference. Mappings from the Mapping Server with the highest
preference are selected. If multiple Mapping Servers have equal preference but advertise conflicting information, SR label
collision rules come into effect. See “https://tools.ietf.org/html/draft-ietf-spring-conflict-resolution-05” for more details.
Mapping Client: For a mapping server to hold any sway, there must exist a mapping client. Different from most protocols, SR
mapping clients and servers don’t form a distinct control plane relationship with each other. Instead, clients simply use the
advertised mappings. A Mapping Server can simultaneously be both a server, as well as a client. Routers bordering both domains
are responsible for stitching the segments routed with LDP. The border router speaks both SR and LDP; on receiving a mapping,
it creates a label swap entry for an incoming node SID to be switched with the LDP learned entry for the same FEC in the mpls.0
table.
• Enable SR-capable nodes to interwork with (non-SR capable) LDP nodes. A Mapping Server is required for SR/LDP
interworking.
• Mapping server advertises Prefix-to-SID mappings in IGP on behalf of other non-SR-capable nodes. Prefix-to-SID mappings
are configured on the Mapping Server.
• Remember that any SR-capable router can act as a Segment routing mapping server (SRMS) – its topological placement is
irrelevant. Position of mapping server is comparable to a BGP Route reflector. Mapping server is a control plane mechanism
and it doesn’t have to be in the data path.
• Use remotely learnt and locally configured mapping entries to construct a valid and consistent Active SID Mapping policy.
• IGP instance uses the Active SID Mapping policy to (re-)calculate the prefix-SID of some or all prefixes.
routing-options { protocols {
source-packet-routing { isis {
mapping-server-entry mapserver { source-packet-routing {
prefix-segment 192.168.1.8/32 index 108; ldp-stitching;
prefix-segment 192.168.1.9/32 index 109; }
} }
} ldp {
} sr-mapping-client;
protocols { }
isis { }
source-packet-routing {
mapping-server mapserver;
}
}
}
Note: Segment routing can also use RSVP tunnels to stretch over. The following configuration
enables L-ISIS to use the RSVP-LSP as shortcuts. We will have one example of SR-RSVP
interworking in SR OAM section.
Topology
Northstar
JVM
192.168.1.10 em2
AS200 172.16.18.199/24
ge-0/0/1 ge-0/0/1
1.1.1.6/30 1.1.1.42/30
R2 - lo0.0-
192.168.1.2/32 R9 - lo0.0-
SL: 2000 192.168.1.9/32
Index: 102
root@R9>
© 2018 Juniper Networks 68
Juniper Business Use Only
Binding SID - Segment Routing and LDP interworking Verification
Till now SR speakers (R1, R2, R3 and R4) Does not have label bindings for the LDP speaker routers.
root@R2> show route 192.168.1.8 table inet.3
root@R2>
We need to enable mapping server on any of the SR speaker to have those bindings. In our lab we have enabled it on R1. Once we
enable mapping server on R1 we can see the bindings on SR speakers.
root@R2> show route 192.168.1.8 table inet.3 Node SID information for LDP Speakers is originated by mapping
inet.3: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden) server (R1).
+ = Active Route, - = Last Active, * = Both
192.168.1.8/32 *[L-ISIS/14] 00:12:00, metric 40 root@R2> show isis database R1.00-00 extensive
> to 1.1.1.5 via ge-0/0/1.0, Push 1108 . . .
R1.00-00 Sequence: 0x2b58, Checksum: 0x966c, Lifetime: 1144 secs
root@R2> show route 192.168.1.9 table inet.3 . . .
TLVs:
inet.3: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden) . . .
+ = Active Route, - = Last Active, * = Both Label binding: 192.168.1.8/32, Flags: 0x00(F:0,M:0,S:0,D:0,A:0), Range 1
Node SID, Flags: 0x40(R:0,N:1,P:0,E:0,V:0,L:0), Algo: SPF(0), Value: 108
192.168.1.9/32 *[L-ISIS/14] 00:12:03, metric 50 Label binding: 192.168.1.9/32, Flags: 0x00(F:0,M:0,S:0,D:0,A:0), Range 1
> to 1.1.1.5 via ge-0/0/1.0, Push 1108 Node SID, Flags: 0x40(R:0,N:1,P:0,E:0,V:0,L:0), Algo: SPF(0), Value: 109
. . .
root@R2> root@R2>
root@R6>
© 2018 Juniper Networks 70
Juniper Business Use Only
PeerNode SID, PeerAdj SID, PeerSet SID (BGP Peering SIDs)
These SIDs are used in SR-based Egress Peer Engineering.
The SR-based Egress Peer Engineering (EPE) solution allows a centralized (SDN) controller to program any egress peer policy at
ingress border routers or at hosts within the domain. This can override network-derived best-path with a controlled-derived path.
Let's say a router X is connected with n no of EBGP peers (may be located in different ASes) and router X is also connected to a
controller. The EPE information essentially are the SID labels that would be advertised by router X in BGP-LS updates to
controller. These SID labels are only local significance to router X and its EBGP peers are not even aware of those labels.
A BGP EPE enabled Egress PE node MAY advertise SIDs corresponding to its attached peers. These SIDs are called BGP peering
segments or BGP Peering SIDs. In case of EBGP, they enable the expression of source routed inter-domain paths.
An ingress border router of an AS may compose a list of SIDs to steer a flow along a selected path within the AS, towards a
selected egress border router of the AS, and to a specific EBGP peer.
At minimum, a BGP-EPE policy applied at an ingress PE involves two SIDs: the Node SID of the chosen egress PE and then the
BGP Peering SID for the chosen egress PE peer or peering interface.
Each BGP session MUST be described by a Peer Node SID. The description of the BGP session MAY be augmented by additional
Peer Adjacency SIDs. Finally, multiple Peer Node SIDs or Peer Adjacency SIDs MAY be part of the same group/set in order to
group EPE resources under a common Peer-Set SID.
© 2018 Juniper Networks 71
Juniper Business Use Only
PeerNode SID, PeerAdj SID, PeerSet SID (BGP Peering SIDs) Cont…
EBGP allocates those SID labels and programs the forwarding place to steer traffic based on incoming label in the packet. router
X will pop the label and forward the packet appropriately. Below is the explanation of these SIDs
• PeerAdj SID: A Peer Adjacency Segment is a segment describing a link that connects a BGP EPE peer and it is relevant only
for multi-hop E-BGP peer when it can be reached via multiple links. Note that the link can be P2P or a LAN. The label
assigned to PeerAdj SID can be used by ingress router to steer traffic to a specific link. PeerAdj SD is relevant only for multi-
hop E-BGP peers. Thus, for single hop E-BGP peers there is one to one mapping for peer and link, so PeerAdj SID is not
needed.
• PeerNode SID: A Peer Node Segment is a segment describing a BGP EPE peer or we can say that it is used to describe BGP-
LS-EPE session. The label assigned to PeerNode SID can be used by ingress router to steer traffic to a specific peer. PeerNode
SID MUST be present for both single-hop and multi-hop E-BGP peers.
• PeerSet SID: A Peer Set Segment is a segment describing a link or a node or a combination of both that is part of the set.
This can be seen as a mechanism to create group of PeerNode SID and PeerAdj SID. The label assigned to PeerAdj SID can be
used by ingress router to steer traffic to any member in the group. Each of the Peer-Node-SID Peer-Adj-SID MAY use the
same PeerSet SID. The packet can be sent to any member in the set and hence in the forwarding plane it would be represented
as ECMP next-hops.
ASBR B
0
10
=
S ID
de PeerSet SID = 600
N o
IP er
200 Pe IP
ASBR C
PeerNode SID = 200
ASBR A
Pee rAdj S
Pee ode SI = 500
Pee
rN
rAd
j SI
D = 00
D=
ID
400
3
ASBR D
• One or more Peer-Adj-SID MAY be instantiated corresponding to the underlying link(s) to the directly
connected BGP peer session.
• One Peer-Node-SID MUST be instantiated to describe the BGP peer session. Each EPE BGP session
MUST be described by a Peer Node SID because it describes the BGP peer configured to do egress traffic
engineering.
• A Peer-Set-SID MAY be instantiated and additionally associated and shared between one or more Peer-
Node-SIDs or Peer-Adj-SIDs.
A BGP router SHOULD NOT instantiate a BGP Peering SID for those sessions to peer nodes which are not in
the forwarding path since the purpose of BGP Peering SID is to steer traffic to that specific peers.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: Flags: 1 octet field of flags(on next slide):
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7
| Flags | Weight | Reserved | +-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V|L|B|P| Rsvd |
| SID/Label/Index (variable) | +-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
L-Flag: Local Flag. If set, then the value/index carried by the SID has local significance. By default the flag is SET.
B-Flag: Backup Flag. If set, the SID refers to a path that is eligible for protection.
P-Flag: Persistent Flag: If set, the SID is persistently allocated, i.e., As per the draft, the SID value should remain consistent
across router restart and session/interface flap.
Rsvd bits: Reserved for future use and MUST be zero when originated and ignored when received.
Weight: 1 octet. The value represents the weight of the SID for the purpose of load balancing. The default value is 0.
SID/Index/Label: According to the TLV length and to the V and L flags settings, it contains either:
• A 3 octet local label where the 20 rightmost bits are used for encoding the label value. In this case, the V and L flags MUST be
SET.
• A 4 octet index defining the offset in the SRGB (Segment Routing Global Block) as defined in RFC 8402 advertised by this
router.
Local Node Descriptors (256) TLV: Local Node Descriptors TLV contains Node Descriptors for the node anchoring the local end of the link. Local
Node Descriptors TLV has Two sub-TLVs: a. Autonomous system (512) sub-TLV containing the local end AS no and b. BGP Router-ID (516) sub-TLV
containing local router’s router ID.
Remote Node Descriptors (257) TLV: Remote Node Descriptors TLV contains Node Descriptors for the node anchoring the remote end of the link.
Remote Node Descriptors TLV has Two sub-TLVs: a. Autonomous system (512) sub-TLV containing the remote end AS no and b. BGP Router-ID (516)
sub-TLV containing remote EBGP peer router ID.
Link Descriptors TLV: The Link Descriptor TLVs uniquely identify a link among multiple parallel links between a pair of anchor routers. Link
Descriptors TLV has Two sub-TLVs: a. IPv4 interface address (259) sub-TLV containing the local end IP address and b. IPv4 neighbor address (260)
sub-TLV containing remote end IP address.
© 2018 Juniper Networks 77
Juniper Business Use Only
R3 - lo0.0-
CE7
192.168.1.3/32 Advertised Prefix
lo0.0 -
ge-0/0/0 SL: 3000 ge-0/0/1 101.101.101.1/30
192.168.2.7/32
1.1.1.46/30 Index: 103 1.1.1.50/30
Topology ge-0/0/0
3.3.3.17/30
ge-0/0/1
3.3.3.21/30
EBG
P -LS
Northstar
AS 300
JVM
192.168.1.10 em2
AS200 172.16.18.199/24
Multihop EBGP
Peer Node SID
1010001
ge-0/0/4 ge-0/0/5
3.3.3.18/30 3.3.3.22/30 Peer Set SID
eth2 ge-0/0/9 ge-0/0/4 ge-0/0/4 Peer Adj SID Peer Adj SID 1010100
172.16.18.1/24 172.16.18.11/24 1.1.1.45/3 1.1.1.49/30 1010010 1010011 Configured on R8
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0- ge-0/0/2 ge-0/0/0
CE4
Northstar 192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32 3.3.3.2/30 3.3.3.1/30
lo0.0 -
PCS SL: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 SL: 8000 Peer Node SID
192.168.2.4/32
Index: 101 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108 1010002
ge-0/0/1 ge-0/0/3 ge-0/0/3 ge-0/0/1 ge-0/0/3 Advertised Prefix
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30 3.3.3.6/30 102.102.102.1/30
ge-0/0/5 ge-0/0/6 Peer Node SID
1.1.1.54/30 1.1.1.57/30 1010003
ge-0/0/0
CE5 - AS 400
Segment Routing 3.3.3.5/30
lo0.0 -
AS100
192.168.2.5/32
Advertised Prefix
103.103.103.1/30
ge-0/0/4 ge-0/0/4
1.1.1.53/30 1.1.1.58/30
ge-0/0/1 ge-0/0/3 ae0 ae0 ge-0/0/3 ge-0/0/1
1.1.1.6/30 1.1.1.22/30 1.1.1.25/30 1.1.1.26/30 1.1.1.34/30 1.1.1.42/30
R2 - lo0.0- R5 - lo0.0- ge-0/0/1 ge-0/0/1 R7-RR - lo0.0- R9 - lo0.0-
192.168.1.2/32 192.168.1.5/32 192.168.1.7/32 192.168.1.9/32
SL: 2000 ge-0/0/0 ge-0/0/0 SL: 5000 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 102 1.1.1.9/30 1.1.1.10/30 Index: 105 ge-0/0/2 ge-0/0/2 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IfIndex:345 } Remote { AS:300 IPv4:192.168.2.7 }.{ IfIndex:0 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010011, Flags: 0xc0, Weight: 0 <<< PeerAdj SID associated with Router R8’s interface ge-0/0/5
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IPv4:3.3.3.2 } Remote { AS:300 IPv4:192.168.2.4 }.{ IPv4:3.3.3.1 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010002, Flags: 0xc0, Weight: 1 <<< PeerNode SID associated with Router R8’s neighbor CE4. Configured Weight is 1
Label: 1010100, Flags: 0xc0, Weight: 0 <<< PeerSet SID associated with Router R8’s neighbors CE4 and CE7
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IPv4:3.3.3.6 } Remote { AS:400 IPv4:192.168.2.5 }.{ IPv4:3.3.3.5 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010003, Flags: 0xc0, Weight: 0 <<< PeerNode SID associated with Router R8’s neighbor CE5
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IPv4:192.168.1.8 } Remote { AS:300 IPv4:192.168.2.7 }.{ IPv4:192.168.2.7 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010001, Flags: 0xc0, Weight: 2 <<< PeerNode SID associated with Router R8’s neighbor CE7. Configured Weight is 2
Label: 1010100, Flags: 0xc0, Weight: 0 <<< PeerSet SID associated with Router R8’s neighbors CE4 and CE7
root@R8>
© 2018 Juniper Networks 82
Juniper Business Use Only
BGP Peering SIDs Verification Cont…
root@R8> show route table lsdist.0 advertising-protocol bgp 192.168.1.10 active-path te-link-remote-node-ip 192.168.2.7 extensive
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IfIndex:345 } Remote { AS:300 IPv4:192.168.2.7 }.{ IfIndex:0 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010011, Flags: 0xc0, Weight: 0 <<< PeerAdj SID associated with Router R8’s interface ge-0/0/5
* LINK { Local { AS:100 IPv4:192.168.1.8 }.{ IPv4:192.168.1.8 } Remote { AS:300 IPv4:192.168.2.7 }.{ IPv4:192.168.2.7 } BGP-LS-EPE:0 }/1216 (1 entry, 1 announced)
BGP group Northstar-R8 type External
Nexthop: Self
AS path: [100] I
Label: 1010001, Flags: 0xc0, Weight: 2 <<< PeerNode SID associated with Router R8’s neighbor CE7. Configured Weight is 2
Label: 1010100, Flags: 0xc0, Weight: 0 <<< PeerSet SID associated with Router R8’s neighbors CE4 and CE7
root@R8>
root@R8> show route table lsdist.0 advertising-protocol bgp 192.168.1.10 active-path te-link-remote-ip 3.3.3.1 extensive
root@R8> show route table lsdist.0 advertising-protocol bgp 192.168.1.10 active-path te-link-local-ip 3.3.3.6 extensive
root@R8> show route table lsdist.0 advertising-protocol bgp 192.168.1.10 active-path te-link-remote-ip 3.3.3.5 extensive
root@R8>
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both + = Active Route, - = Last Active, * = Both
1010001 *[BGP-LS-EPE/170] 01:01:27, metric2 0, from 192.168.2.7, peer-as 300 1010011 *[BGP-LS-EPE/170] 02:11:54, from 3.3.3.21
> to 3.3.3.17 via ge-0/0/4.0, Pop > to 3.3.3.21 via ge-0/0/5.0, Pop
to 3.3.3.21 via ge-0/0/5.0, Pop to 3.3.3.17 via ge-0/0/4.0, Pop <<< Backup
root@R8> show route label 1010002 root@R8> show route label 1010100
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both + = Active Route, - = Last Active, * = Both
root@R8>
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
1010010 (1 entry, 1 announced) 1010011 (1 entry, 1 announced)
TSI: TSI:
KRT in-kernel 1010010/52 -> {list:Pop , Pop Flags acct} KRT in-kernel 1010011/52 -> {list:Pop , Pop Flags acct}
Stats ID Group: Kernel ID = 4, Stats IDs = { 268435461 } Stats ID Group: Kernel ID = 5, Stats IDs = { 268435462 }
*BGP-LS-EPE Preference: 170 *BGP-LS-EPE Preference: 170
. . . . . .
Source: 3.3.3.17 Source: 3.3.3.21
Next hop: ELNH Address 0xba27250 weight 0x1, selected Next hop: ELNH Address 0xba28ff0 weight 0x1, selected
. . . . . .
Next hop: 3.3.3.17 via ge-0/0/4.0 Next hop: 3.3.3.21 via ge-0/0/5.0
Label operation: Pop Label operation: Pop
. . . . . .
Next hop: ELNH Address 0xba29bf0 weight 0x4000 <<< Next hop: ELNH Address 0xba272b0 weight 0x4000 <<< Bac
Backup . . .
. . . Next hop: 3.3.3.17 via ge-0/0/4.0
Next hop: 3.3.3.21 via ge-0/0/5.0 Label operation: Pop
Label operation: Pop . . .
. . . root@R8>
root@R8>
root@R1>
root@R1>
root@R1>
Prefix SID
root@R8>
root@R4>
root@R1>
root@R8>
Let’s create privateForwardingAdjacency from R1 toR8 and vice versa and then
© we
2018will
Juniper Networks
create end
to end LSP from R2 to R9. 104
Juniper Business Use Only
Provisioning LSP Using Binding SID Cont…
root@R1> root@R8>
root@R2>
root@R4>
Total displayed LSPs: 1 (Up: 1, Down: 0)
root@R6> show route label 6108
root@R1>
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
root@R6>
Total displayed LSPs: 1 (Up: 1, Down: 0)
root@R4> show route label 4101
root@R8>
mpls.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
root@R8>
Total displayed LSPs: 1 (Up: 1, Down: 0)
root@R2>
root@R2>
root@R2>
root@R1>
© 2018 Juniper Networks 127
Juniper Business Use Only
Provisioning LSP Using BGP PeerAdj SID: Verification on Router
root@R6> show route label 6108 root@R1> show path-computation-client lsp extensive
General
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 LSP Name : R1_to_CE4_Using_BGP_Adj_SID
PathName : -
hidden) From : 192.168.1.1 To : 192.168.2.4 State : Up
+ = Active Route, - = Last Active, * = Both Active Path : -
Link Protection none
6108 *[L-ISIS/14] 06:47:07, metric 10 LSP Type : ext-provised
> to 1.1.1.30 via ge-0/0/0.0, Pop P2mp tree : NULL
6108(S=0) *[L-ISIS/14] 00:03:42, metric 10 Path cspf status : external_cspf
> to 1.1.1.30 via ge-0/0/0.0, Pop Template : NULL
PLSP-ID : 5
LSP-ID : 0
root@R6> RSVP Error : 0x0
Priorities : 0
root@R8> show route label 1010002 Requested AutoBw : 0
Controller : Northstar-1
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 Record Route : NULL
hidden) From PCE ERO (received) : NULL
From RPD ERO (reported) : NULL
+ = Active Route, - = Last Active, * = Both Configured ERO on PCC : NULL
Intended
1010002 *[BGP-LS-EPE/170] 06:48:18, peer-as 300 Bandwidth : 0
> to 3.3.3.1 via ge-0/0/2.0, Pop Metric : 0
Actual
root@R8> Bandwidth : 0
Metric : 0
Last Rpt/Pcreqest received from RPD at : 23:45:21.000
Last Update sent to PCE at : 23:45:21.000
Last PcUpdate/PcCreate received from PCE at : 23:45:21.000
Last error sent to PCE at : 16:00:00.000
Last 5 reasons to send Report/Pcrequest : , , , ,
root@R1>
root@R1>
© 2018 Juniper Networks 132
Juniper Business Use Only
Provisioning LSP Using BGP PeerNode SID: Verification on Router
root@R6> show route label 6108 root@R1> show path-computation-client lsp extensive
General
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) LSP Name : R1_to_CE4_Using_BGP_Node_SID
+ = Active Route, - = Last Active, * = Both PathName : -
From : 192.168.1.1 To : 192.168.2.7 State : Up
6108 *[L-ISIS/14] 07:14:27, metric 10 Active Path : -
> to 1.1.1.30 via ge-0/0/0.0, Pop Link Protection none
6108(S=0) *[L-ISIS/14] 00:06:09, metric 10 LSP Type : ext-provised
> to 1.1.1.30 via ge-0/0/0.0, Pop P2mp tree : NULL
Path cspf status : external_cspf
root@R6> Template : NULL
PLSP-ID : 6
root@R8> show route label 1010001 LSP-ID : 0
RSVP Error : 0x0
mpls.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) Priorities : 0
+ = Active Route, - = Last Active, * = Both Requested AutoBw : 0
Controller : Northstar-1
1010001 *[BGP-LS-EPE/170] 07:15:01, metric2 0, from 192.168.2.7, peer-as 300 Record Route : NULL
> to 3.3.3.17 via ge-0/0/4.0, Pop From PCE ERO (received) : NULL
to 3.3.3.21 via ge-0/0/5.0, Pop From RPD ERO (reported) : NULL
Configured ERO on PCC : NULL
root@R8> show route forwarding-table label 1010001 Intended
Routing table: default.mpls Bandwidth : 0
MPLS: Metric : 0
Destination Type RtRef Next hop Type Index NhRef Netif Actual
1010001 user 0 ulst 1048575 2 Bandwidth : 0
3.3.3.17 Pop 615 2 ge-0/0/4.0 Metric : 0
3.3.3.21 Pop 616 2 ge-0/0/5.0 Last Rpt/Pcreqest received from RPD at : 00:10:21.000
. . . Last Update sent to PCE at : 00:10:21.000
root@R8> Last PcUpdate/PcCreate received from PCE at : 00:10:21.000
Last error sent to PCE at : 16:00:00.000
Last 5 reasons to send Report/Pcrequest : , , , ,
root@R1>
The SR-TE next-hop is a list or lists of segment identifiers SIDs. These segment list or lists represent paths in the network that
the customer wants incoming traffic take. The incoming traffic may be labeled or IP traffic and the forwarding operation at the
ingress may be a label swap or a destination-based lookup to steer the traffic onto these SR-TE paths in the forwarding path.
1. Use of IGP for advertising link characteristics: This part is the same as RSVP-TE.
3. Use of IGP for advertising labels for links: The ingress router (or external controller) constructs an LSP by stacking the labels
of the links that it wants to traverse.
The per-link IGP advertisement is combined with label stacking to create source routed LSP’s on the ingress. The transit routers
do not know the end-to-end LSP’s.
protocols {
mpls {
lsp-external-controller pccd; <<< Enable PCEP based SR LSPs
}
source-packet-routing {
lsp-external-controller pccd; <<< ‘pccd’ is the only one we support.
}
pcep {
pce Northstar-1 {
spring-capability;
}
}
}
Default value of SPRING-TE preference is 8. By default, SPRING TE is less preferred than RSVP and more preferred then
LDP. Since a SPRING TE LSP must be explicitly provisioned, we make it preferred over LDP.
You can use the below commands to see the SR-TE LSPs status.
1. Static via CLI and NetConf (Static LSPs are Covered later in this presentation)
3. PCEP based SR-TE - PCEP provisioned LSPs using PCCD (On next slide)
Total displayed LSPs: 1 (Up: 1, Down: 0) Total displayed LSPs: 1 (Up: 1, Down: 0)
root@R1> show spring-traffic-engineering lsp name AdjacencySID_R1_R9 detail root@R1> show spring-traffic-engineering lsp name NodeSID_R1_R9 detail
Name: AdjacencySID_R1_R9 Name: NodeSID_R1_R9
To: 192.168.1.9 To: 192.168.1.9
State: Up, Outgoing interface: ge-0/0/4.0 State: Up, Outgoing interface: ge-0/0/1.0
SR-ERO hop count: 4 SR-ERO hop count: 2
Hop 1 (Strict): Hop 1 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.45 -> 1.1.1.46 NAI: IPv4 Adjacency ID, 1.1.1.5 -> 1.1.1.6
SID type: 20-bit label, Value: 16 SID type: 20-bit label, Value: 17
Hop 2 (Strict): Hop 2 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.50 -> 1.1.1.49 NAI: IPv4 Node ID, Node address: 192.168.1.9
SID type: 20-bit label, Value: 17 SID type: 20-bit label, Value: 2109
Hop 3 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.29 -> 1.1.1.30
SID type: 20-bit label, Value: 17 Total displayed LSPs: 1 (Up: 1, Down: 0)
Hop 4 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.41 -> 1.1.1.42 root@R1>
SID type: 20-bit label, Value: 16
root@R1>
• The controller can specify a segment routing policy consisting of multiple segment-lists to steer labeled or
IP traffic. Currently NorthStar doesn’t support these policies and it can’t provision it on the ingress router.
• The segment routing policy adds an ordered list of segments to the header of a packet for traffic steering.
• BGP installs the candidate routes of the segment routing policy into routing tables bgp.inetsrte.0 or
bgp.inet6srte.0. The table bgp.inetsrte.0 (or bgp.inet6srte.0) was earlier called
bgp.inetcolor.0 (or bgp.inet6color.0) in earlier releases.
• BGP selects one route from the candidate routes for a particular segment routing traffic engineering policy
and installs it in the routing tables inetcolor.0 or inet6color.0.
• This feature supports both statically configured as well as BGP-installed segment routing traffic
engineering policies in the forwarding table at ingress routers.
• The SR-TE tunnel is termed as SR-TE policy in the drafts. “SR-TE Policies” identified by <Endpoint, Color> (Color is just a 32-bit integer value
representing TE path From headend to the endpoint). You can consider color as a tag that separates multiple TE paths going to same endpoint. The
policies can be injected statically, dynamically (BGP) via controller. The SR-TE policies just looks like the routes and <Endpoint, Color> as their prefix
and next hop as bunch of SID list. Below is the format of the policy:
• SR policy is associated with one or more candidate paths. Paths are represented as a list of SIDs (Adjacency, Anycast, etc.). Each candidate path is
associated with a Segment-List (SID-List), or a set of SID-Lists with weights. Each SR-TE Policy may have multiple such lists – equivalent to
multipath. The SR-TE tunnel specifies one or more arbitrary paths through the network in the form of one or more lists of segment identifiers (SIDs)
Note: We actually advertise SR-TE paths from the external controller (or configure them statically). If you look carefully the above definition is saying that
SR policy can be a collection of paths and these paths can come from different-different controllers (or via static configuration). Hence, we can not
generate SR-TE policy if we go by the definition in the draft, as paths from multiple controllers are involved. If we look in to Junos CLI then you will realize
that a SR-TE policy represents a SR-TE path.
© 2018 Juniper Networks 141
Juniper Business Use Only
BGP SR-TE Policy Introduction Cont…
• Binding SID - BSID is optional in SR-TE policy.
• Binding SID of a SR policy represents its active candidate paths. Binding SID label mapped to outgoing SR-TE path(s).
• BGP sends NLRI with the tuple <Distinguisher, Endpoint, Color> to carry SR-TE policies. Distinguisher is a 32-bit field. If multiple
controllers are advertising same policy, then we use distinguisher to distinguish among them.
• If Multiple controllers are sending same NLRI with same distinguisher, then both routes will be installed as same entries in
bgp.inetsrte.0 but only one of the entry will be installed in inetcolor.0 table.
• If Multiple controllers are sending same NLRI with different distinguishers, then both routes will be installed as separate entries
in both bgp.inetsrte.0 and inetcolor.0 tables.
• Color: Color is just a 32-bit integer value representing TE path From headend to the endpoint. In RSVP, We identify multiple LSPs
going from Node A and Node B by LSP names. In SR-TE we use color for the same purpose. Color identifies the complete path. Color is
marking (distinguish) of paths having same endpoint. The <color-value> can take values in [0 to 232-1].
1. Color Policy:
• A SR Policy is identified by its tuple (headend, color, end-point). At a given head-end node, a SR policy is uniquely
identified by its tuple (color, end-point).
You can configure color/non-color statically or you can use BGP to configure them.
SR Policy 1: (R1, Blue, R2)
© 2018 Juniper Networks 143
Juniper Business Use Only
BGP SR-TE Policy standards
The SR-TE policies with a new SAFI value 73 in the BGP UPDATE are encoded along with the Tunnel Encapsulation attribute defined in “
https://tools.ietf.org/html/draft-ietf-idr-tunnel-encaps-12” (Format of the policy is defined below). The NLRI consists of a 3-value tuple,
namely <Distinguisher, Endpoint address, Color>. The Distinguisher is used to differentiate the originators of the same SR-TE policy,
namely <Endpoint address, Color>. A Preference sub-TLV (optional) is defined in the Tunnel Encapsulation attribute to select one from
different instances of the same NLRI value. Where:
+------------------+ • NLRI Length: 1 octet of length expressed in bits . The Length field indicates the length, in bits,
| NLRI Length | 1 octet
+------------------+
of the address prefix. A length of zero indicates a prefix that matches all (as specified by the
| Distinguisher | 4 octets address family) addresses (with prefix, itself, of zero octets).
+------------------+
| Policy Color | 4 octets • Distinguisher: 4-octet value uniquely identifying the policy in the context of <color, endpoint>
+------------------+
| Endpoint | 4 or 16 octets
tuple. The distinguisher has no semantic value and is solely used by the SR Policy originator to
+------------------+ make unique (from an NLRI perspective) multiple occurrences of the same SR Policy.
• Policy Color: 4-octet value identifying (with the endpoint) the policy. The color is used to
match the color of the destination prefixes to steer traffic into the SR Policy
• Endpoint: identifies the endpoint of a policy. The Endpoint may represent a single node or a set
of nodes (e.g., an anycast address or a summary address). The Endpoint is an IPv4 (4-octet)
address or an IPv6 (16-octet) address according to the AFI of the NLRI.
The color and endpoint are used to automate the steering of BGP Payload prefixes on SR policy. The NLRI containing the SR Policy is
carried in a BGP UPDATE message with an AFI of 1 or 2 (IPv4 or IPv6) and with a SAFI of 73. NLRIs can have the same color and
endpoint but should have different distinguishers to have a differentiation between two policies.
© 2018 Juniper Networks 144
Juniper Business Use Only
BGP SR-TE Policy standards - Tunnel Encapsulation attribute
The content of the SR Policy is encoded in the Tunnel Encapsulation Attribute using a new Tunnel-Type TLV (codepoint is 15).
Tunnel Encapsulation attribute: The Tunnel Encapsulation attribute is an optional transitive BGP Path attribute. IANA has
assigned the value 23 as the type code of the attribute. The attribute is composed of a set of Type-Length-Value (TLV) encodings.
Each TLV contains information corresponding to a particular tunnel type. A TLV is structured as shown in below figure:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tunnel Type (2 Octets) | Length (2 Octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Value |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Where:
• Tunnel Type (2 octets): Identifies a type of tunnel. The value is 15 (SR-TE policy). Please visit “
https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml” for more details.
1. Encapsulation Sub-TLVs for Particular Tunnel Types (Type = 1): Defines Tunnel Encapsulation sub-TLVs for the following
tunnel types: VXLAN ([RFC7348]), VXLAN-GPE ([I-D.ietf-nvo3-vxlan-gpe]), NVGRE ([RFC7637]), MPLS-in-GRE ([RFC2784],
[RFC2890], [RFC4023]), L2TPv3 ([RFC3931]), and GRE ([RFC2784], [RFC2890], [RFC4023]).
2. Color Sub-TLVs (Type = 4): The color sub-TLV MAY be encoded as a way to color the corresponding tunnel TLV. The value field
of the sub-TLV contains an extended community that is defined below: The Color Extended Community is an opaque extended
community with the following encoding:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x03 | 0x0b | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Color Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The value of the high-order octet of the extended type field is 0x03, which indicates it is transitive. The value of the low-order octet
of the extended type field for this community is 0x0b. The color value is user defined and configured locally on the routers. The
same Color Extended Community can then be attached to the UPDATE messages that contain payload prefixes. This way, the BGP
speaker can express the fact that it expects the packets corresponding to these payload prefixes to be received with a particular
tunnel encapsulation header.
© 2018 Juniper Networks 146
Juniper Business Use Only
BGP SR-TE Policy standards - Tunnel Encapsulation attribute Cont…
3. Remote Endpoint Sub-TLV (Type = 6): The Remote Endpoint sub-TLV is a sub-TLV whose value field contains three sub-
fields: Where:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
a. A four-octet Autonomous System (AS) number sub-field
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (IPv4 or IPv6)
| Autonomous System Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Family | Address ~ b. A two-octet Address Family sub-field
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
~ ~
| | c. An address sub-field, whose length depends upon the
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Family.
4. MPLS Label Stack Sub-TLV (Type = 10): This sub-TLV allows an MPLS label stack (RFC 3032) to be associated with a
particular tunnel.
The value field of this sub-TLV is a sequence of MPLS label stack entries. The first entry in the sequence is the "topmost" label, the
final entry in the sequence is the "bottommost" label. This label stack is pushed onto a packet.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label | TC |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 Type is 12; Length is 6; Flags: 1 octet of flags. Still not defined, Should set
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
to zero.
| Type | Length | Flags | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preference (4 octets) |
RESERVED: 1 octet of reserved bits. Should set to zero; Preference: a 4-
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ octet value.
6. Binding SID Sub-TLV (Type = 13): The Binding SID sub-TLV is not used by BGP. The contents of this sub-TLV are used by the
Segment routing Policy. The Binding SID sub-TLV is optional. The Binding
Where: sub-TLV has the format shown below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type is 13; Length specifies the length of the value field not including
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type and Length fields. Can be 2 or 6 or 18.
| Type | Length | Flags | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Binding SID (variable, optional) | Flags:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If length is 6 then the Binding SID contains a 4-octet SID. Below format is used to encode the SID. TC, S, TTL (Total of 12bits) are
RESERVED and SHOULD be set to Zero and MUST be ignored. If length is 18 then the Binding SID contains a 16-octet IPv6 SID.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label | TC |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
7. Segment List Sub-TLV (Type = 128): The Segment List sub-TLV encodes a single explicit path towards the endpoint as
described. The Segment List sub-TLV includes the elements of the paths (i.e., segments) as well as an optional Weight sub-TLV.
The Segment List sub-TLV may exceed 255 bytes length due to large number of segments. Therefore a 2-octet length is required.
The Segment List sub-TLV is optional and MAY appear multiple times in the SR Policy. The ordering of Segment List sub-TLVs,
each sub-TLV encoding a Segment List, does not matter.
The Segment List sub-TLV contains zero or more Segment sub-TLVs and MAY contain a Weight sub-TLV.
0 1 2 3 Type is 128; Length is the total length (not including the Type and Length
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ fields) of the sub-TLVs encoded within the Segment List sub-TLV.
| Type | Length | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// sub-TLVs // RESERVED: 1 octet of reserved bits. Should set to zero; Preference: a 4-
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ octet value.
sub-TLVs:
i. Weight sub-TLV (Type = 9): The Weight sub-TLV specifies the weight associated to a given segment list. The Weight sub-
TLV is optional. The Weight sub-TLV has the following format:
0 1 2 3
Where:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type is 9; Length is 6 and
| Type | Length | Flags | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Weight | RESERVED: 1 octet of reserved bits. Should set to zero;
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Preference: a 4-octet value.
Type 1 : SID only, in the form of MPLS Label <<< Type 1 is supported.
Type 2 : SID only, in the form of IPv6 address
Type 3 : IPv4 Node Address with optional SID
Type 4 : IPv6 Node Address with optional SID for SR MPLS
Type 5 : IPv4 Address + index with optional SID
Type 6 : IPv4 Local and Remote addresses with optional SID
Type 7 : IPv6 Address + index for local and remote pair with optional SID for SR MPLS
Type 8 : IPv6 Local and Remote addresses with optional SID for SR MPLS
Type 9 : IPv6 Node Address with optional SID for SRv6
Type 10 : IPv6 Address + index for local and remote pair with optional SID for SRv6
Type 11 : IPv6 Local and Remote addresses for SRv6
V-Flag: This flag is used by SR Policy for the purpose of "SID verification" as described in Section 5.1 in “
https://tools.ietf.org/html/draft-ietf-spring-segment-routing-policy-03#section-5.1”. V-Flag is applicable to all Segment
Types.
A-Flag: This flag indicates the presence of SR Algorithm id in the "SR Algorithm" field applicable to various Segment
Types. SR Algorithm is used by SR Policy as described in section 4 in “
https://tools.ietf.org/html/draft-ietf-spring-segment-routing-policy-03#section-5.1”. This Flag is not used.
Unused bits in the Flag octet SHOULD be set to zero upon transmission and MUST be ignored upon receipt.
© 2018 Juniper Networks 152
Juniper Business Use Only
BGP SR-TE - Policy Route Installation
static
SPRING-TE inet.3 bgp.inetsrte.0
SR-TE Can leak route 1. BGP installs the update with distinguisher
Policies using RIB Groups for BGP best path election.
• inetcolor.0 function is same as inet.3. It is a resolving RIB. It is a SR-TE table. Routes of this table will not get installed in forwarding table.
• bgp.inetsrte.0 is used for best path selection based on distinguisher and route import/export/re-advertisement (on RR) etc, It is not used for
route resolution.
© 2018 Juniper Networks 153
Juniper Business Use Only
BGP SR-TE - Policy Route Installation Cont…
SR-TE policy installation in RIBs - Once an SR-TE policy is considered Acceptable, the following procedures apply:
• The SR-TE policy is installed in the bgp.inetsrte.0 (bgp.inet6srte.0) RIB. Entries with same <Endpoint address,
Color> value but different Distinguisher are installed as separate entries in the bgp.inetsrte.0 RIB. Note that SR-TE
policies with Invalid segment lists are also installed here.
• Valid policies are subsequently installed (without distinguisher) into the resolution RIBS, namely inetcolor.0
(inet6color.0) RIBs as secondary routes with only <Endpoint address, Color > as the key. The following considerations
apply when deciding to install the secondary routes in the resolution RIBs:
• If the number of segment lists (paths) exceed the maximum path limit configured using the existing configuration knob, “
chassis maximum-ecmp” or an internal limit of 8, whichever is minimum, the SR-TE policy is installed in
inet[6]color.0 (inet6color.0) with a pruned set of segment lists.
• If the number of segments of any of the segment lists exceed the configured value in maximum-segment-routing-depth
“set protocols source-packet-routing maximum-segment-list-depth <depth 0-5>”, (default value is 5)
then those segment lists are pruned before installing the SR-TE policy into inetcolor.0 (inet6color.0). This
configuration is applied only after the Routing Process Daemon is restarted.
• If all segment lists are either Invalid or pruned out, then the SR-TE policy is not added to the resolution RIBs. This is
because the invalidations arising out of limitations or configuration are not expected to change due to future network
events. Note that, the SR-TE policy entry with the received segment lists is still maintained in the bgp.inetsrte.0
(bgp.inet6srte.0) RIB with appropriate reason codes for debug and re-advertisement purposes.
• If any of the segment lists of the received SR-TE policy is Invalid as per the above tests, then that segment list is pruned
when installing the policy to the resolution RIBs (and therefore will not be considered when creating forwarding entries).
• When an SR-TE policy is added as secondary routes to the resolution RIBs, namely inetcolor.0 (inet6color.0), an
attempt is made to resolve the top label of each segment list. If any one of the segment lists resolved, the SR-TE policy is made
Active in this RIB.
• The Weight sub-TLV in the Tunnel Encapsulation attribute is applied as balance parameters for each SR-TE Segment list TLV
specified in the update. If the Weight sub-TLV is not present, they are treated as equal cost paths.
10-192.168.1.9-100<sr>/96 <<< 10 is Distinguisher, 100 is color, and <sr> is a tag value to identify the address family (SR-TE).
*[BGP/170] 00:05:00, localpref 100 “10-192.168.1.9-100<sr>/96” is complete BGP SR-TE policy route.
AS path: 500 I, validation-state: unverified
> to 5.5.5.2 via ge-0/0/7.0
20-192.168.1.9-100<sr>/96
*[BGP/170] 00:05:00, localpref 100
AS path: 600 I, validation-state: unverified
> to 6.6.6.2 via ge-0/0/8.0
192.168.1.9-100<c>/64 <<< Distinguisher (10) is dropped as soon as route moves to inetcolor.0. 100 is s color,
*[BGP/170] 00:05:04, localpref 100, from 5.5.5.2 and <c> is a tag value to identify the address family (Color).
AS path: 500 I, validation-state: unverified
> to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top) b) A non-colored SR LSP does not have a color. An
to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
[BGP/170] 00:05:04, localpref 100, from 6.6.6.2 ingress route (for its destination) is installed in the
AS path: 600 I, validation-state: unverified
> to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
inet.3 table. The route has a protocol of SPRING-
to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top)
to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
TE, and by default, a preference of 8 and a metric of 1.
© 2018 Juniper Networks
A non-colored SR LSP may have a binding–SID label. 157
Juniper Business Use Only
BGP SR-TE - Traffic Steering in SR-TE policy for IP traffic
Color is just a 32-bit integer {Nexthop address, Color attribute} <==>
Anycast IP
value representing TE path SR-TE: {Endpoint, Color}
Anycast IP 30.30.30.30
From headend to the SID = 30 Top label
10.10.10.10
endpoint 1010 10.10.10.10
SID = 10 Endpoint IP
Servers DCR1 Used for resolution
60.60.60.60
Headend SID = 60 60.60.60.60-red
DCR3 at DCR1/DCR2
Endpoint
1030 SR-TE
r affic 1050 Label Stack 1
T g
IP tchin 1.1.1.1/24
1060 (Weight = x)
m d LSP
a
DCR4 Payload 1040 SR-TE
Re Endpoint Prefix 1050 Label Stack 2
Endpoint IP 1060 (Weight = y)
Anycast IP
Forwarding
50.50.50.50 70.70.70.70
SID = 70 (inet.0)
SID = 50
DCR2
Controller Headend Anycast IP
Note: Payload prefixes Top label
20.20.20.20 Anycast IP
are advertised by 1020 20.20.20.20
SID = 20 40.40.40.40 endpoint to the headend Used for resolution
© 2018 Juniper Networks
SID = 40 158
Juniper Business Use Only
BGP SR-TE - Traffic Steering in SR-TE policy for IP traffic Cont…
inet-unicast and inet6-unicast prefixes with color community attached (we call them payload prefixes) may steer
traffic over SR-TE policies. By default this resolution is disabled. We use color community to do lookup in inetcolor.0. We
don’t do the lookup in inet.3. Based on color value and endpoint (next-hop) payload prefix will choose the path. Endpoint may
be aware of the color as it may need to attach the color community to the prefixes that will be advertised to headend. Headend
then send traffic to these prefixes to different tunnels according to color. With “extended-nexthop-color”, Payload prefixes
will start getting resolved in inetcolor.0 (or inet[6]color.0). By default color lookup is disabled and payload prefixes gets
resolve in inet.3.
If “extended-nexthop-color” is not enabled for a address family, then traffic destined for these prefixes are steered over
IGP/MPLS routes (i.e. resolution uses routes present in inet.3 and inet.0). In this case, the color communities attached to
these prefixes are effectively ignored (although they are maintained as attributes). In summary:
• If the “extended-nexthop-color” knob is disabled, then color community attached prefixes resolve over default resolution
RIBs for inet.3 or inet6.3.
• If the “extended-nexthop-color” knob is enabled then prefixes with color community attached resolve over inetcolor.0
or inet[6]color.0 using the <Nexthop address, color> tuple as the key.
1. Labelled traffic (Traffic to Binding SID in the policy advertised by Controller): One Binding SID may be associated
with each SR-TE policy. In the previous example we have Binding SID as 1000001. This BSID gets installed in mpls.0 and this
route has the NH as the top label (27) and the label list.
So if there is an incoming traffic from customer. The Binding SID gets pop and labels (28 (top), 18, 17) gets pushed to the
packet.
2. Unlabeled plane IP Traffic (Traffic to Payload prefix advertised by Endpoint router): The Endpoint router usually
advertise the route with color community attached to it. In this case you have an option to do a resolution in inetcolor.0
instead of inet.3. Here endpoint is the next hop. The tuple <endpoint, color> is used for the lookup the color route. SR-TE
itself resolves over the top label and payload prefix itself is resolved over the inetcolor.0 SR-TE route. In this case only label
push operation is carried out.
Note: Top Label may resolve in multiple paths which may have weight attached to it. In this case you can have hierarchical ECMP.
• If the none of the top labels of the segment lists in the resolving SR-TE policy can be resolved via mpls.0, the SR-TE policy is
considered un-resolved and the corresponding Binding-SID cross-connect entry in mpls.0 remains Inactive.
If some of the segment lists of the SR-TE policy are resolved, i.e. the top label of these segment lists have resolution, then the
Binding-SID cross-connect is made active, but the forwarding entry shall contain only the resolving segment lists. The
remaining segment lists from the resolving SR-TE policy from inetcolor.0 (inet6color.0) are not installed.
• The route entries in inetcolor.0 (inet6color.0) table are only used to resolve forwarding-nexthops for binding-SID or
“payload-prefix + color” in SR-TE policy; the route entries themselves will not be installed to kernel and forwarding-plane, this
behavior is similar to routes in inet.3 and inet6.3 tables.
Binding SID sub-TLV 1000001 <<< Binding-label 1000001 as the incoming label
SID_list_1::segment-list {27, 28, 18, 17} <<< Top Label of the segment list “SID_list_1” is 27 and it is resolved in mpls.0 to obtain the forwarding next-hop(s).
SID_list_1::weight 20
SID_list_2::segment-list {28, 16, 6109} <<< Top Label of the segment list “SID_list_2” is 28 and it is resolved in mpls.0 to obtain the forwarding next-hop(s).
SID_list_2::weight 30
SID_list_2::segment-list {1104, 18, 19, 24} <<< Top Label of the segment list “SID_list_2” is 1104 and it is resolved in mpls.0 to obtain the forwarding next-hop(s).
SID_list_2::weight 50
Let's say that the top labels in this case resolve over IGP paths with the following nexthops:
27 : via ge-0/0/1.0, 1.1.1.5 <<< The top label of SID_list_1 is directly connected. In this case, the BSID route entry in mpls.0 is depicted as follows.
28 : via ge-0/0/4.0, 1.1.1.45 <<< The top label of SID_list_2 is directly connected.
1104: via ge-0/0/0.0, 1.1.1.1 <<< The top label of SID_list_3 is directly connected.
1000001
If the payload prefixes (i.e. [inet|inet6]-unicast prefixes), are configured for resolution over SR-TE policies, then the
following apply:
• If the matching SR-TE policy is inactive, then the payload prefix routes in inet.0 (inet6.0) RIBs cannot resolve over that
SR-TE policy and the payload prefix remains Inactive. No forwarding entry is created.
• If the payload prefix resolves over an Active SR-TE policy (i.e. some of its segment lists resolve), then the route entry
corresponding to the payload prefix becomes Active and is installed in the FIB. Only those segment lists that are resolved are
considered as paths for this forwarding entry.
• The top label from each segment list is used for resolution and is replaced with the label resolved from mpls.0. If the top label
in mpls.0 has a pop and forward action, then the top label does not appear in the label stack.
• If the BGP speaker receives a payload prefix with multiple color communities attached, only the first community in the update
shall be used for resolution. (Note: The draft does not specify any special handling of this case).
• If the BGP speaker receives a payload prefix with color communities, with unsupported steering options, namely CO = 01 or CO
= 10, it shall be treated in the same manner as if the CO = 00, i.e. an attempt is made to resolve the payload prefix over a
matching SR policy and failing that, it shall resolve over IGP paths.
• Considering the same SR Policy example as in the previous section for steering of a payload prefix 3.3.3.8/30 case we get the
following. (Note here that the bottom label is pushed instead of being swapped as in the case of the Binding-SID route
example).
3.3.3.8/30
Communities: color:2:100
In the scenario where a BGP speaker receives payload prefixes with color community but do not find entries with <Endpoint
Address, Color> in the resolution RIBs, it may be desirable to resolve these payload prefixes via inet.3 routes as a backup, i.e.
without considering the color.
We can implement this using existing rib-group commands to install secondary routes from inet.3 and inet6.3 into
inetcolor.0 (inet6color.0). When installing, these routes are created with a prefix length that masks out the color value.
We consider these routes to have indeterminate color in these RIBs.
Since the resolution RIBs use a 32-bit color value as part of the least matching prefix lookup, masking it out will yield entries with
prefix lengths of 32 for inetcolor.0 and 128 for inet6color.0. A single least prefix match lookup in inetcolor.0
(inet6color.0) will match these entries as fallback paths when a fully specified SR-TE policy is not present.
4.4.4.4/32 4.4.4.4-0<c>/32 <<< This results in a route with color masked out, i.e. something like 4.4.4.4<c>/32
Non colored routes are those routes who uses the same SR-TE tunnels but for inet.3 routes. You uses SR-TE policies for the
no-colored route by using above rib-group method.
• The above policy action allows us to attach an extended color community to NLRI exported by BGP. Refer “
https://tools.ietf.org/html/draft-filsfils-spring-segment-routing-policy-06” for more details.
• The <color-mode> can take values in [1..3], representing the "C" and "O" bits.
This color-only steering variation is governed by two new flags "C" and "O" defined in the color extended community. The Color-Only flags
"CO" are set to 00 by default.
• When 00 or 11, the BGP destination is preferably steered onto a valid SR Policy (N, C) where N is an IPv4/6 endpoint address and C is a
color value else it is steered on the IGP path to the next-hop N.
• When 01, the BGP destination is preferably steered onto a valid SR Policy (N, C) else onto a valid SR Policy (null endpoint, C) else on the
IGP path to the next-hop N. The null endpoint is 0.0.0.0 for IPv4 and ::0 for IPv6 (all bits set to the 0 value). We are yet to support this
mode.
• When 10, the BGP destination is preferably steered onto a valid SR Policy (N, C) else onto a valid SR Policy (null endpoint, C) else on any
valid SR Policy (any endpoint, C) else on the IGP path to the next-hop N. The null endpoint is 0.0.0.0 for IPv4 and ::0 for IPv6 (all bits set
to the 0 value). We are yet to support this mode.
As per draft, SR-TE policies should be protocol independent selection. For a given SR-TE Policy (identified by <Endpoint,
Color>), different protocols such as BGP or Static may install multiple SR Paths in the inet[6]color.0 tables. Both BGP and
SPRING-TE install to inetcolor.0.
For a given SR-TE Policy (identified by <Endpoint, Color>), different protocols such as BGP or Static may install multiple SR
paths in the inet[6]color.0 tables. Also in the case of BGP, SR-TE NLRI routes with different distinguishers in
bgp.inet[6]color.0 when imported to inet[6]color.0 will create multiple SR Paths as well.
One of the candidate SR Paths in the inetcolor.0 (or inet[6]color.0) table is selected active. Only the Binding-SID of the
active SR path (if available) is considered for installation in mpls.0 for labeled traffic steering. Also in the case of payload
prefixes, unlabeled traffic is steered onto the active SR Path only.
1. First a “sr-preference-override” value is assigned to each SR Policy. This value is set to a default of 100 for all protocols
that install SR Paths in the inet[6]color.0 tables. A higher value of “sr-preference-override” is preferred. Since
this is usually kept equal for all protocols, the selection typically proceeds to the next step.
2. Next the Preference-TLV (Configurable for SPRING-TE) carried in BGP or sr-preference configured for Static is compared.
Again the higher value is preferred. If these values are not available in the update or configured, a default value of 100 is
assumed.
3. Next the default JUNOS preference values for the installing protocol, namely 8 for Static SR-TE policies and 170 for BGP SR-
TE (180 for SPRING-TE) policies are compared. Here the lower of the two is preferred. However this value can be modified by
configuring a global preference value for Static SR-TE policies or a per policy preference value. The implication here is that
there is never a tie between SR Paths installed by two different protocols. These can be set using the existing “preference”
knob for each protocol. It is highly recommended to configure separate values for different protocols.
4. The current JUNOS best-path procedures for the individual protocol apply (e.g: BGP best-path). Note that Step 3 ensures that
SR Paths from different protocols don’t end up here.
© 2018 Juniper Networks 169
Juniper Business Use Only
BGP SR-TE - Best path selection Cont…
When a new update is received for the same <Endpoint address, Color> tuple, but with different Distinguisher value, these are
treated as different occurrences of the same NLRI. Both candidate SR paths are installed in the resolution RIBs (namely
inetcolor.0 or inet6color.0) if found valid. Since the distinguisher is dropped from the prefix in the resolution tables, one
of these entries is selected as the active SR policy. The selection proceeds as follows:
• The two candidate SR paths are treated as imported from different protocol instances and as per the draft, the Preference sub-
TLV is compared. The SR path with the higher value is preferred.
• If the Preference sub-TLV is not present in one or either policy, then the default value of 100 is assumed for comparison (Refer
Section 3 of “https://tools.ietf.org/html/draft-filsfils-spring-segment-routing-policy-06”). If the above comparison results in
equal preference, then the rest of JUNOS best path selection applies. Since in this example, both candidate SR paths are BGP,
the best-path is the BGP best-path selection.
Note that each SR-TE policy entry may itself have multiple Segment List sub-TLVs and the corresponding forwarding entry may
be a multipath, but the two SR-TE policy entries are not merged in any way.
After the selection process in the inetcolor.0 (inet6color.0) tables, if the Binding-SID corresponding to the active SR Path
is already bound to a different SR Policy (i.e. different <Endpoint, Color>), then the Binding-SID is deemed unavailable.
In this case, the BGP speaker shall generate a SYSLOG and not install the Binding-SID for the new SR Policy into mpls.0.
If the SR Policy is selected active in inetcolor.0 (inet6color.0), no attempt is made to install the Binding-SID of a less
preferred SR Policy. It is up to the controller to re-advertise a preferred SR-Policy with the desired Binding-SID value.
• Extended community of RT (Route Target) or NO_ADVERTISE should be present else BGP will reject that
route.
• Route is accepted if RT is present but only moved to inetcolor.0 if RT community contains Router ID of
the receiving router.
09
61
Northstar
Node index advertised by Destination Router
61
0
Controller
9
,
16
192.168.1.10 em2
AS200 172.16.18.199/24
28 17
27 17 16 25
Three Segments of a Single LSP path
(R1-R9) in the Topology: ge-0/0/1 ge-0/0/3 ae0 ae0 ge-0/0/3 ge-0/0/1
1.1.1.6/30 1.1.1.22/30 1.1.1.25/30 1.1.1.26/30 1.1.1.34/30 1.1.1.42/30
Advertised Subnet
R2 - lo0.0- R5 - lo0.0- ge-0/0/1 ge-0/0/1 R7-RR - lo0.0- R9 - lo0.0- ge-0/0/3
1. Blue LSP: (R1-R2-R5-R7-R9) 192.168.1.2/32 28 16 192.168.1.5/32 17 192.168.1.7/32 17 IPv4 24 192.168.1.9/32 3.3.3.10/30 from R9 to R1
2. Red LSP: (R1-R3-R6-R8-R9) 18 18
SL: 2000 ge-0/0/0 ge-0/0/0 SL: 5000 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
3. Green LSP: (R1-R4-R6-R8-R9) Index: 102 1.1.1.9/30 1.1.1.10/30 Index: 105 ge-0/0/2 ge-0/0/2 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
18, 17 IPv4
© 2018 Juniper Networks 173
Juniper Business Use Only
BGP SR-TE - Controller configs and Config for advertise Payload Prefix
BGP Config with the BGP Controller: Payload Prefix advertisement on Endpoint Router (R9):
protocols { policy-options {
bgp { policy-statement Ingress_Route {
group Controller-1 { term Ingress_Route {
type external; from {
neighbor 5.5.5.2 { protocol direct;
family inet { route-filter 3.3.3.8/30 exact; <<< Payload Prefix
segment-routing-te; <<< Enables SR-TE Policy SAFI and NRLI }
} then {
peer-as 500; community add Color;
local-as 100; next-hop 192.168.1.9;
} accept;
} }
group Controller-2 { }
type external; }
neighbor 6.6.6.2 { community Color members color:2:100;
family inet { }
segment-routing-te; <<< Enables SR-TE Policy SAFI and NRLI protocols {
} bgp {
peer-as 600; group R1-R9 {
local-as 100; type internal;
} local-address 192.168.1.9;
} family inet {
} unicast {
} extended-nexthop-color; <<< Optional, Used for lookup in
} inetcolor.0 table (color resolution)
}
neighbor 192.168.1.1 {
export Ingress_Route;
}
}
}
}
root@R1> show route receive-protocol bgp 6.6.6.2 inetcolor.0: 1 destinations, 2 routes (1 active, 0 holddown, 0 hidden)
. . . + = Active Route, - = Last Active, * = Both
mpls.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)
192.168.1.9-100<c>/64 <<< Distinguisher is dropped as soon as route moves to inetcolor.0.
inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) *[BGP/170] 00:05:04, localpref 100, from 5.5.5.2
. . . AS path: 500 I, validation-state: unverified
bgp.inetsrte.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) > to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
Prefix Nexthop MED Lclpref AS path to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top)
20-192.168.1.9-100<sr>/96 to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
* 6.6.6.2 600 I [BGP/170] 00:05:04, localpref 100, from 6.6.6.2
AS path: 600 I, validation-state: unverified
inetcolor.0: 1 destinations, 2 routes (1 active, 0 holddown, 0 hidden) > to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
Prefix Nexthop MED Lclpref AS path to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top)
192.168.1.9-100<c>/64 <<< Distinguisher (20) is dropped as soon as route moves to inetcolor.0. to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
6.6.6.2 600 I
root@R1>
root@R1>
3.3.3.8/30 *[BGP/170] 00:04:52, localpref 100, from 192.168.1.9 192.168.1.9/32 *[L-ISIS/14] 1w2d 10:16:15, metric 40
AS path: I, validation-state: unverified > to 1.1.1.2 via ge-0/0/0.0, Push 4109
> to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top) to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top) to 1.1.1.46 via ge-0/0/4.0, Push 3109
to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top) [IS-IS/18] 1w2d 10:16:15, metric 40
> to 1.1.1.2 via ge-0/0/0.0
root@R1> to 1.1.1.6 via ge-0/0/1.0
to 1.1.1.46 via ge-0/0/4.
root@R1>
root@R1>
protocols {
source-packet-routing {
segment-list <segment_list_name> { <<< A segment list must have >= 1 hop.
<hop_1_name> label <sid_label>;
<hop_2_name> label <sid_label>;
. . .
<hop_n_name> label <sid_label>;
}
source-routing-path <lsp_name> {
to <address>; <<< DA will be reflected in inet.3 table, unless the “no-ingress” knob is configured.
color <value>; Color LSP and lookup will happen in inetcolor.0 by configuring “extended-nexthop-color” knob.
no-ingress; <<< Disables the ingress route installation (e.g. in the case where it is used purely for LSP stitching)
binding-sid <label>; <<< Binding SID is an incoming label for the incoming labelled traffic or Binding SID can be
preference <value>; used if you are using this LSP for stitching. A route for the binding-sid label is installed in mpls.0.
metric <value>;
primary {
<segment_list_1> weight <weight_1>; <<< Weight for WECMP
}
. . .
primary {
<segment_list_n> weight <weight_n>; <<< A colored static SR LSP may have maximum 8 primary paths. ECMP, if all the primary paths have equal weight.
} WECMP, if the primary paths have different weights. Require per-packet load balancing policy.
secondary { <<< The secondary path comes in to the picture when all the primary path goes down. The secondary path has a
<segment_list>; nexthop weight of 0xff. Require per-packet load balancing policy to download secondary path to PFE.
}
}
}
}
protocols {
source-packet-routing {
segment-list <segment_list_name> { <<< A segment list must have >= 1 hop.
<hop_1_name> ip_address <address> | label <sid_label>; <<< Hop 1 can be a loose hop
<hop_2_name> label <sid_label>; <<< Hop 2 to Hop n can only be a strict hop as we have already defined labels
. . .
<hop_n_name> label <sid_label>;
}
source-routing-path <lsp_name> { <<< The “color” knob is not applicable and should not be configured.
to <address>; <<< Destination address will be reflected in inet.3 table, unless the “no-ingress” knob is configured.
no-ingress; <<< Disables the ingress route installation (e.g. in the case where it is used purely for LSP stitching)
binding-sid <label>; <<< Binding SID is an incoming label for the incoming labelled traffic or Binding SID can be
preference <value>; used if you are using this LSP for stitching. A route for the binding-sid label is installed in mpls.0.
metric <value>;
primary {
<segment_list_1> weight <weight_1>; <<< Weight for WECMP
}
. . .
primary {
<segment_list_n> weight <weight_n>; <<< A non-colored static SR LSP may have maximum 8 primary paths. ECMP, if all the primary paths have equal
} weight. WECMP, if the primary paths have different weights. Require per-packet load balancing policy.
secondary { <<< The secondary path comes in to the picture when all the primary path goes down. The secondary path has a
<segment_list>; nexthop weight of 0xff. Require per-packet load balancing policy to download secondary path to PFE.
}
}
inherit-label-nexthops; <<< Optional knob, If you want to configure first hop as label in the segment list.
}
}
© 2018 Juniper Networks 189
Juniper Business Use Only
Static Non-Colored LSP Cont…
In this presentation, we have taken example of non-colored LSP having label as first hop (through “inherit-label-nexthops” knob).
Ingress route in inet.3 allows services to be mapped to a non-colored static SR LSP as a transport tunnel, in the same manner as traditional RSVP and LDP
LSPs. All Tunnels to same destination are combined and placed as nexthops to the destination. Tunnels are distinguished using names.
A non-colored SR LSP may have a binding-SID label to achieve SR LSP stitching. The transit routes of the binding-SID label have a protocol of SPRING-TE,
and by default, a preference of 8 and a metric of 1.
If the “inherit-label-nexthops” knob is turned ON under “source-packet-routing” hierarchy then if any of the
underlying segment list doesn’t have this knob ON and if that has both ip and label configured; this global knob will decide the
resolution type. If the underlying segment list has also the knob; the one there will take effect than the global knob. If different
segment lists of a tunnel have different first hop resolution type; then the commit will be failed.
If the knob is not present; the default behavior will be to use the ip-address if the first hop has both ip and label specified.
• 1st hop only ip-address: ip-direct will be the mode of segment list resolution.
• 1st hop only label: label resolution will be the mode of segment list resolution.
• Both ip-address and label: Without “inherit-label-nexthops”, ip-direct will be the mode of segment list resolution.
• Both ip-address and label: With “inherit-label-nexthops”, label resolution will be the mode of segment list resolution.
protocols { protocols {
source-packet-routing { source-packet-routing {
segment-list path-1 { segment-list path-2 {
hop-1 ip-address 3.3.3.3; hop-1 label 1000011;
hop-2 label 1000012; hop-2 label 1000012;
hop-3 label 1000013; hop-3 label 1000013;
hop-4 label 1000014; hop-4 label 1000014;
} }
} }
} }
IP-direct will be the type of the segment list. Label resolution will be the type of the segment list.
protocols { protocols {
source-packet-routing { source-packet-routing {
segment-list path-3 { segment-list path-3 {
hop1 { inherit-label-nexthops;
label 1000011; hop1 {
ip-address 3.3.3.3; label 1000011;
} ip-address 3.3.3.3;
hop-2 label 1000012; }
hop-3 label 1000013; hop-2 label 1000012;
hop-4 label 1000014; hop-3 label 1000013;
} hop-4 label 1000014;
} }
} }
}
© 2018 Juniper Networks 192
Juniper Business Use Only
Static LSP - Traffic steering in the LSP through CBF and PBF
A static colored SR LSP may have a binding SID, for which a route will be installed in the mpls.0 table. This binding SID label is
used to map labeled traffic to the SR LSP. Traffic may also be mapped to a static colored SR LSP by using class-based forwarding
(CBF) or routing policies with an “install-nexthop” action.
Class Based Forwarding (CBF) example: Policy Based Forwarding (PBF) example:
class-of-service { policy-options {
forwarding-policy { policy-statement <policy-name> {
next-hop-map <map_name> { term <term-name> {
forwarding-class <class_name> { from {
lsp-next-hop <sr_lsp_ame>; <matching condition>
} }
} then {
} install-nexthop (except | lsp <sr-lsp-name> | lsp-regex <sr-lsp-regular-expression>);
} }
policy-options { }
policy-statement <policy-name> { }
term <term-name> { }
from { routing-options {
<matching condition> forwarding-table {
} export <policy-name>;
then <map_name>; }
} }
}
}
routing-options {
forwarding-table {
export <policy-name>;
}
}
policy-options {
policy-statement mpath {
then multipath-resolve;
}
}
routing-options {
resolution {
rib inet.0 {
inet-import mpath; <<< For Non-color LSPs
inetcolor-import mpath; <<< For color LSPs
}
}
}
Other variants:
root@R1>
Note: The traceroute outputs
are same for Non-Colored LSPs
© 2018 Juniper Networks 196
Juniper Business Use Only
Static Colored LSP command outputs
root@R1> show spring-traffic-engineering lsp detail . . .
Name: R1-R9-LSP Path: R1-R4-R6-R8-R9
Tunnel-source: Static configuration Outgoing interface: NA
To: 192.168.1.9-100<c> <<< In Non-Color LSP, Color “100<c>” is not present. Auto-translate status: Disabled Auto-translate result: N/A
State: Up BFD status: N/A BFD name: N/A
Path: R1-R2-R5-R7-R9 SR-ERO hop count: 4
Outgoing interface: NA Hop 1 (Strict):
Auto-translate status: Disabled Auto-translate result: N/A NAI: None
BFD status: N/A BFD name: N/A SID type: 20-bit label, Value: 1104
SR-ERO hop count: 4 Hop 2 (Strict):
Hop 1 (Strict): NAI: None
NAI: None SID type: 20-bit label, Value: 18
SID type: 20-bit label, Value: 27 Hop 3 (Strict):
Hop 2 (Strict): NAI: None
NAI: None SID type: 20-bit label, Value: 19
SID type: 20-bit label, Value: 28 Hop 4 (Strict):
Hop 3 (Strict): NAI: None
NAI: None SID type: 20-bit label, Value: 24
SID type: 20-bit label, Value: 18
Hop 4 (Strict):
NAI: None Total displayed LSPs: 1 (Up: 1, Down: 0)
SID type: 20-bit label, Value: 17
Path: R1-R3-R6-R8-R9 root@R1>
Outgoing interface: NA
Auto-translate status: Disabled Auto-translate result: N/A
BFD status: N/A BFD name: N/A
SR-ERO hop count: 3
Hop 1 (Strict):
NAI: None
SID type: 20-bit label, Value: 28
Hop 2 (Strict):
NAI: None
SID type: 20-bit label, Value: 16
Hop 3 (Strict):
NAI: None
SID type: 20-bit label, Value: 6109
. 2018
© . . Juniper Networks 197
Juniper Business Use Only
Static Colored LSP command outputs Cont…
root@R1> show route label 1000001 table mpls.0 root@R1> show route 192.168.1.9/32
mpls.0: 48 destinations, 49 routes (48 active, 0 holddown, 0 hidden) inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both + = Active Route, - = Last Active, * = Both
1000001 *[SPRING-TE/6] 00:02:26, metric 30, metric2 0 192.168.1.9/32 *[L-ISIS/14] 1w1d 03:43:26, metric 40
> to 1.1.1.6 via ge-0/0/1.0, Swap 17, Push 18, Push 28(top) > to 1.1.1.2 via ge-0/0/0.0, Push 4109
to 1.1.1.46 via ge-0/0/4.0, Swap 6109, Push 16(top) to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.2 via ge-0/0/0.0, Swap 24, Push 19, Push 18(top) to 1.1.1.46 via ge-0/0/4.0, Push 3109
[IS-IS/18] 1w1d 03:43:26, metric 40
root@R1> show route 3.3.3.8/30 > to 1.1.1.2 via ge-0/0/0.0
to 1.1.1.6 via ge-0/0/1.0
inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden) to 1.1.1.46 via ge-0/0/4.0
+ = Active Route, - = Last Active, * = Both
inet.3: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
3.3.3.8/30 *[BGP/170] 00:02:26, localpref 100, from 192.168.1.9 + = Active Route, - = Last Active, * = Both
AS path: I, validation-state: unverified
> to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top) 192.168.1.9/32 *[L-ISIS/14] 1w1d 03:43:26, metric 40
to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top) > to 1.1.1.2 via ge-0/0/0.0, Push 4109
to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top) to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.46 via ge-0/0/4.0, Push 3109
root@R1>
root@R1> show route match-prefix 192.168.1.9-100<c>/64 table inetcolor.0
192.168.1.9-100<c>/64
*[SPRING-TE/6] 00:02:26, metric 30, metric2 0
> to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top)
to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
root@R1>
mpls.0: 48 destinations, 49 routes (48 active, 0 holddown, 0 hidden) inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both + = Active Route, - = Last Active, * = Both
1000001 *[SPRING-TE/6] 00:05:08, metric 30, metric2 0 192.168.1.9/32 *[L-ISIS/14] 1w1d 03:43:26, metric 40
> to 1.1.1.6 via ge-0/0/1.0, Swap 17, Push 18, Push 28(top) > to 1.1.1.2 via ge-0/0/0.0, Push 4109
to 1.1.1.46 via ge-0/0/4.0, Swap 6109, Push 16(top) to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.2 via ge-0/0/0.0, Swap 24, Push 19, Push 18(top) to 1.1.1.46 via ge-0/0/4.0, Push 3109
[IS-IS/18] 1w1d 03:43:26, metric 40
root@R1> show route 3.3.3.8/30 > to 1.1.1.2 via ge-0/0/0.0
to 1.1.1.6 via ge-0/0/1.0
inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden) to 1.1.1.46 via ge-0/0/4.0
+ = Active Route, - = Last Active, * = Both
inet.3: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
3.3.3.8/30 *[BGP/170] 00:05:39, localpref 100, from 192.168.1.9 + = Active Route, - = Last Active, * = Both
AS path: I, validation-state: unverified
> to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top) 192.168.1.9/32 *[SPRING-TE/6] 00:06:27, metric 30, metric2 0
to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top) > to 1.1.1.6 via ge-0/0/1.0, Push 17, Push 18, Push 28(top)
to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top) to 1.1.1.46 via ge-0/0/4.0, Push 6109, Push 16(top)
root@R1> to 1.1.1.2 via ge-0/0/0.0, Push 24, Push 19, Push 18(top)
[L-ISIS/14] 1w1d 08:32:33, metric 40
> to 1.1.1.2 via ge-0/0/0.0, Push 4109
to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.46 via ge-0/0/4.0, Push 3109
root@R1>
• Each IP address can be either loopback IP address of a node or a link IP address. The type of IP address (node or link) should be
provided through configuration. The configured IP addresses of the hops will be automatically translated to corresponding
labels(SIDs) using the Translation Service. IP address (ER) list should be translated to a list of corresponding SIDs. For this
purpose, SR-TE will consult TED to retrieve SIDs corresponding to the IP addresses of the hops. Each IP address will be looked
up in IGP instance of TED to try and get the corresponding SID.
• A loopback IP address will translate to its corresponding Prefix SID whereas a link IP address will translate to its corresponding
Adjacency SID. For a link IP address translating to multiple Adjacency SIDs, a protected SID will be chosen by default, if
available. The choice of adjacency SID can be further controlled by configuration knob.
• Translation Service need not do anything explicit to handle traffic load balancing (ECMP) between two nodes. A Node/Prefix
Sid (returned from Translation) being programmed along with a route should take care of ECMP.
• SR-TE will have a retry timer per lsp to retry any translation that fails.
• Since IGP instance of TED will be used for translation, “isis traffic-engineering igp-topology” must be enabled for
successful Translation.
• “protected” or “unprotected” option can be configured to choose a protected or unprotected adjacency SID for the links of
the LSP. “mandatory” option if configured, causes translation to fail if the specified type of adjacency-SID cannot be found for
a link.
• <hop-name> under segment-list will accept a new “label-type node” attribute to indicate that the IP address is a node’s
address (e.g., loopback address). A hop with label-type “node” will translate to a Prefix-SID. The Prefix-SID can further be a
Node-SID or an Anycast-SID depending on the type of hop IP address. Absence of “node” attribute indicates that the IP address
corresponds to a link.
• Translation service keeps track of the node reached at each hop. A link address is translated into a label only if the preceding
node advertises an Adj-SID for the address in question. Otherwise, translation will fail. Beyond this, there is no validation done
on the specified ERO.
root@R1>
root@R1>
A static segment LSP is identified by a unique name. Its type is segment, and it has a SID label. A transit route for the sid-label
is installed in mpls.0.The SID label must fall in the JUNOS static label pool, which has a default range of [1000000, 1048575],
and can be configured by using the “set protocols mpls label-range static-label-range [x, y]” knob. The
segment also has a label operation of “pop” (i.e. pop-and-forward) or “swap” (i.e. swap-and-forward), applying to adjacency
segment and prefix/node segment, respectively. In both cases, the segment has a next-hop which specifies the remote IP
address or the name of an outgoing interface. Internally, the IP address is used to resolve the outgoing interface. An interface
name is only acceptable for a point-to-point interface. You can use “show mpls static-lsp segment (extensive)” and
“show mpls static-lsp statistics segment” to check status of the static segment.
© 2018 Juniper Networks 211
Juniper Business Use Only
BASICS OF LFA AND TI-LFA
Loop-Free Alternate (LFA) Fast Reroute (FRR) allows link state protocols to quickly switch (within 50 ms) to a backup path
when a primary path fails. Without LFA FRR, link state protocols has to re-run SPF to find a new path when the primary path
fails. With LFA FRR, link state protocols pre-computes a backup path and installs the backup next hop in the forwarding table.
Let’s say there is a router X with four neighbors (A, B, C, D). Router X acting as a potential (future) PLR, performs five SPF
calculations:
• One primary SPF calculation, using the local node (Router X) as the root of the SPF tree. Routers always perform this type of
SPF calculations, regardless of whether LFA is enabled, to determine primary next hops due to normal IGP operation.
• Four backup SPF calculations (to discover Extended P-space), with each calculation using a different direct IGP neighbor
node (A, B, C, D) as the root of the SPF tree. Routers perform this type of SPF calculation to determine backup next-hops
only if the LFA feature is enabled.
E
an
S,
ce
=
=
e
Distance (N, D) < Distance (N, E) + Distance (E, D) <<< For Node Protection
nc
Distance = S,D S,
N
ta
is
D
Where:
Distance = N,E
• S = Router performing the local repair or Computing Router
Primary Potential
• D = Destination under consideration
• NH = E Backup = N
N = Neighbor node that can be used as a potential backup next hop
D
• E = Node Being protected or Primary Next-hop is
,D
t an
N
ce
=
=
ce
Note: For an alternate next-hop N to protect against node failure of a primary NH E,
n
D
ta
neighbor E for destination D, N must be loop-free with respect to both E and D.
is
D
In other words, N’s path to D must not go through E.
Destination = D
© 2018 Juniper Networks 214
Juniper Business Use Only
Loop-Free Alternates (LFA) Basics Cont…
The traffic redirected by PLR traverses nodes that have an old (pre-failure) view of the network, since global convergence still
didn’t happen on them. Therefore, these nodes may still believe the shortest path to the destination is via failed link or node.
Thus, the challenge is how to ensure that in such transient state loop doesn’t occur.
If link protection condition (Distance (N, D) > Distance (S, N) + Distance (S, D)) is not true, then there would be a loop and
backup path will not install. Because in case of primary NH link failure, potential backup router will send the traffic back to the
PLR causing loop.
If node protection condition (Distance (N, D) > Distance (N, E) + Distance (E, D)) is not true, then there would be a blackhole of
traffic and backup path will not install. Because in case of primary NH neighbor router failure, potential backup router will try to
send the traffic to the primary NH neighbor router causing blackhole of traffic.
Multiple LFA may exist for a specific destination. Tie breakers are used to pick one, mostly :
PLR = S PLR = S
Link Protection Node Protection
Example D Example D
is is
5
5
ta ta
=
=
nc nc
ce
ce
e e
an
n
= =
ta
Distance = 9 9 Distance = 9 9
t
is
is
Primary Backup Primary Backup
D
D
Path Path Path Path
Distance = 3 Distance = 3
Primary Potential Primary Potential
NH = E Backup = N NH = E Backup = N
D D
is is
8
6
t an t an
=
=
ce c
e
e
e
nc
nc
= =
ta
ta
4 4
is
is
D
D
Destination = D Destination = D
© 2018 Juniper Networks 216
Juniper Business Use Only
Loop-Free Alternates (LFA) Types - Pure IGP LFAs
There are many types of LFA flavors:
1. Per-link (Pure IGP LFA - Not supported by Junos - Not covered in this document): All prefixes originally reachable over a
failed link use the same backup next hop. This type of protection is sometimes also called Per-Next-Hop LFA.
Main characteristic of per-link LFA: Failure of the primary link causes redirection of all traffic originally flowing via this link
over a single backup link. If a single backup link that satisfies loop-free criteria for all the destination prefixes cannot be
found, the backup next hop is not used at all. Per-link LFA is not available in Junos.
Additionally, per-link LFA does not provide protection against node failure (just link failure)
2. Per-prefix (Pure IGP LFA - Not covered in this document): Prefixes originally reachable over a failed link or node may use a
different backup next hop on a per-prefix basis. Junos offers two configuration options:
node-link-protection: Installs, if possible, loop-free backup next hops, which fulfill both node protection (backup path
avoids neighbor node used as primary next hop) and link protection (backup path avoids original link used to reach primary
next hop) criteria.
link-protection: Installs, if possible, loop-free backup next hops, which fulfill at least the link protection (backup path
avoids original link used to reach primary next hop)
rLFA used in MPLS enabled network. Remote LFA provides a mechanism where if direct LFA path is not available, traffic can
be tunneled (LDP) to a remote PQ-Node. Traffic sent to the PQ-Node does not traverse protected links, because this is the
definition of P-space. Next, the PQ-Node sends the traffic to the destination. Again, based on the definition of Q-space, this
traffic does not traverse the protected link. This way we can still deliver traffic to end destination within 50 millisecond
turnaround time. The disadvantage is that you need to enable LDP on all the routers. Also PQ-Node protects only the link and
not the node.
This kind of multi-hop repair paths are more complicated than single hop repair paths as computations are needed to
determine if a path exists (to begin with) and then a mechanism to send the packet to that hop.
Note: rLFA is also topology dependent but it provides far greater coverage compared to normal pure IGP LFA.
P-space: This is a set of routers reachable from a PLR router using a shortest path and without traversing the protected
resource (link, adjacency or node). In the case of ECMP, this requirement applies to all the equal-cost shortest paths from S
to a node in the P-space. None of these paths can traverse the protected link; otherwise, the node is not in the P-space.
Extended P-space: The union of P-space computed for PLR router as well as P-spaces computed for each direct neighbor of
S, excluding primary next-hop router. Point behind Extended P-Space is that it helps to increase the coverage.
Q-space: This is a set of routers that can reach the primary next hop of PLR using a shortest path and without traversing the
protected resource (link, adjacency or node). In the case of ECMP, this requirement applies to all the equal-cost shortest
paths from a node in the Q-space to E.
PQ-Node: This is a node that is a member of both the P-space (or extended P-space) and the Q-space. The PQ-Node does not
need to be directly connected to PLR or its primary next hop. Any router which is a PQ-Node can be a rLFA candidate. The
candidate router (PQ-Node) to whom PLR can send the packet, will forward the packet to the destination without traversing
through protected link. In case of multiple PQ-Nodes, S-Node will select the PQ-Node which is nearest to it.
There are various ways to tunnel the traffic to PQ-Node, like IPinIP, GRE and LDP etc. However, the most common form of
implementation is LDP tunnel.
© 2018 Juniper Networks 219
Juniper Business Use Only
Loop-Free Alternates (LFA) - Plane LFA does not give full coverage
Note: For R3, “Distance(N, D) < Distance(N, S) + Distance(S, D)” is false hence R2 (In plane LFA) can not send traffic to R3.
Q Space
Q Space Q Space
Q Space
E-Node R1 R6 Destination E-Node R1 R6 Destination
M: 1 M: 1
NH
NH
ary
ary
M:
M:
1
1
im
im
M:
M:
1
1
Pr
Pr
Source Source
S-Node S-Node
PQ-Node
R2 Q
Q Space
Space R5 R2 Q Space
Q Space R5
aaccee
SSpp
M:
M:
Al
Al
1
1
ddPP
te
ter
M:
M:
1
1
rn
na
ddee
ate
te
tteenn
NH
NH
EExx
M: 2 M: 2
R3 R4 PQ-Node R3 R4 PQ-Node
P
P Space
Space Extended
Extended P
P Space
Space
© 2018 Juniper Networks 220
Juniper Business Use Only
Loop-Free Alternates (LFA) - coverage enhancement using rLFA
In the figure, two PQ-Node exists, first one is R4 and the other
Q
Q Space
Space is R5. rLFA selects the backup next hop (PQ-Node) closest to
E-Node R1 R6 Destination the source, in this case R4.
M: 1
NH
ary
M:
1
im
M:
1
Pr
Source
S-Node
R5 is PQ-Node as this node falls in
R2 Q
Q Space
Space R5
extended P space as well as Q space.
aaccee
SSpp
M:
Al
1
ddPP
ter
M:
1
na
ddee
te
tteenn
NH
EExx
M:
1
im
M:
Pay Load
1
Pr
rg
S-Node (R4). Over this LDP session, the PQ-Node (R4) sends IPv4
LDd
aaccee
LDP-X LDP-Z
(S). Outer LDP label X (mapped to R4’s loopback), is the label
on
Pay Load
SSpp
LDP-Y
M:
Al
ddPP
La
ter
M:
1
LDP-Y
ddee
te
from R4.
tteenn
Y
NH
Pay Load
EExx
M:
1
im
M:
7
Pr
Source • rLFA provides better coverage than vanilla IGP LFA, but it
S-Node does not provide 100% coverage.
R2 R5
• rLFA doesn't provide coverage in the space where there is
no overlap between P & Q Space.
aaccee
SSpp
M:
Al
1
ddPP
ter
M:
1
na
ddee
te
tteenn
NH
EExx
M: 2
R3 P R4
P Space
Space
also
also Extended
Extended P
P Space
Space
© 2018 Juniper Networks 223
Juniper Business Use Only
Loop-Free Alternates (LFA) - TI-FRR provides 100% coverage
4. LFA with RSVP-TE backup tunnels (Topology-
Independent Fast Re-Route [TI-FRR]) (Not covered
E-Node R1 R6 Destination in this document):
M: 1
The goal is to provide 100% coverage in the topology and
NH
M:
1
im
M:
7
Pr
el
M:
Al
M:
Tu
1
VP
te
RSVP-TE tunnels.
RS
NH
In SPRING the backup path is enforced by using appropriate label stack pushed by PLR on the top of the redirected packet.
In both cases (RSVP 1:1 and SPRING) the shortest post-convergence backup path can be created (enforced) in any arbitrary
topology–it is topology independent.
TI-LFA Provides sub-50ms protection to the network and it is topology independent. TI-LFA provides protection against link
failure, node failure, and failures of fate-sharing groups. By default TI-LFA provides only link protection.
II. We still don’t have 100% coverage (except RSVP-TE backup tunnels - TI-FRR).
Any Prefix (Node, Anycast) SID is always subject to protection, while Adj-SID, depending if advertised with ‘B’ flag set or
unset, might, or might not be subject to protection.
a. No Need of Targeted LDP sessions. In case of TI-LFA, Source already knows the Node SID of the PQ-Node and
destination. It will use Node-SID to get to the PQ-Node. TI-LFA calculates the PQ-Node similar to Remote LFA.
b. Double Segment Protection: TI-LFA can provide coverage by steering packets from P-Space to Q-Space nodes. TI-LFA
provides 100% coverage on all failure types (link, node and SRLG).
c. Path Optimality: When calculating the backup path, TI-LFA temporarily removes the protected resource (link or node)
from the topology database and runs standard SPF. Therefore, the backup path calculated by TI-LFA has, among all
the paths that skip the protected resource, the lowest total metric to the final destination. This is called the shortest
post-convergence path.
TI-LFA’s always prefers the post-convergence path from a PLR point of view. In this way TI-LFA will always prefer the
best path available post failure. Post-convergence path is better than having an intermediate path, then converge again
back to post-convergence path.
d. If available, then uses ECMP-aware shortest paths (using node segment IDs).
M:
1
im
M:
1
Pr
Source the case of SR, R2 (S) will stack two labels, first is
S-Node the bottom Node-SID label of R6 (D) i.e NS: R6 and
top label as Node-SID label of R4 i.e. NS: R4. As you
R2 Q
Q Space
Space R5
can see SR brings simplicity by getting rid of
Targeted LDP sessions.
aaccee
NS: R4 NS: R6
Pay Load
SSpp
NS: R6
M:
Al
1
Pay Load
ddPP
ter
M:
1
na
NS: R6
ddee
te
tteenn
NH
Pay Load
EExx
M: 2
R3 P R4 PQ-Node
P Space
Space
also
also Extended
Extended P
P Space
Space
© 2018 Juniper Networks 227
Juniper Business Use Only
Loop-Free Alternates (LFA) - TI-LFA for SR Cont…
b. Double Segment Protection.
Q
Q Space
Space
E-Node R1 R6 Destination As we saw earlier that in the case where there is no
M: 1 overlap between P and Q space then rLFA doesn’t
provide coverage. TI-LFA can provide coverage in
NH
M:
1
im
M:
Pay Load
7
Pr
aaccee
R6 Link NS: R6
NS: R5 Pay Load
SSpp
NS: R6
M:
Al
AS: R5-
1
Pay Load
ddPP
ter
M:
R6 Link
1
na
NS: R6
ddee
te
tteenn
NH
Pay Load
EExx
M: 2
R3 P R4
P Space
Space
also
also Extended
Extended P
P Space
Space
© 2018 Juniper Networks 228
Juniper Business Use Only
Loop-Free Alternates (LFA) - TI-LFA Failure scenarios
Depending on the backup path calculation results, one of the following options are possible:
Option 1: The repair node is a direct neighbor: When the repair node (backup next hop) is a direct neighbor, the outgoing interface is set to that
neighbor and the repair label list is empty (there is no repair label). This is comparable to the plain per-prefix LFA local repair.
Option 2: The repair node is a PQ-Node: When the repair node (remote backup next hop) is a PQ-Node, the repair label list comprises a single Node
Segment ID to the repair node (PQ-Node). This is comparable to the rLFA architecture.
Option 3: The repair is a Q-node, direct neighbor of the P-node: rLFA can not provide backup path in this scenario. When the repair node (a Q-
node, used as remote backup next hop) is directly connected to the P-node (Look at the previous slide), the repair label list comprises two segments: a
Node Segment ID to the P-node, and an Adjacency Segment ID from that P-node to the repair node (Q-node). This protection method is called Direct LFA
(DLFA) and it requires the advertisement of a label (Adjacency Segment ID) for each IGP adjacency.
Option 4: Connecting distant (non directly connected) P-nodes and Q-nodes: rLFA can not provide backup path in this scenario. In some cases,
there might not be any adjacent P-nodes and Q-nodes. However, the PLR can perform additional computations to compute a list of segments (combination
of Node and Adjacency Segment IDs) that represent a loop-free path from P to Q. The computation in this option is CPU intensive.
Option 5: No Q Space available in topology: rLFA can not provide backup path in this scenario. In some cases, there might not any Q Space
available. In this case, PLR can perform additional computations to compute a list of segments (combination Adjacency Segment IDs) that represent a
loop-free path from PLR to merge point.
We have used next page topology for the TI-LFA to explore all the above scenarios.
Base
Topology
M: 2000 Segment Routing M: 1000
ge-0/0/4 ge-0/0/4
1.1.1.45/3 M: 1100 1.1.1.49/30
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 M: 1000 SL: 8000
Index: 101 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 M: 1000 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
ge-0/0/5 ge-0/0/6
1.1.1.54/30 1.1.1.57/30
ge-0/0/4 ge-0/0/4
1.1.1.53/30 1.1.1.58/30
ge-0/0/1 ge-0/0/3 ae0 ae0 ge-0/0/3 ge-0/0/1
1.1.1.6/30 1.1.1.22/30 1.1.1.25/30 1.1.1.26/30 1.1.1.34/30 1.1.1.42/30
R2 - lo0.0- R5 - lo0.0- ge-0/0/1 ge-0/0/1 R7-RR - lo0.0- R9 - lo0.0-
192.168.1.2/32 M: 2000 192.168.1.5/32 192.168.1.7/32 M: 1000 192.168.1.9/32
M: 0500 SL: 7000 SL: 9000
SL: 2000 ge-0/0/0 ge-0/0/0 SL: 5000 ge-0/0/0 ge-0/0/0
Index: 102 1.1.1.9/30 1.1.1.10/30 Index: 105 ge-0/0/2 ge-0/0/2 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
root@R8>
If you look at the routers R4 and R6 and two links between them and if we enable node protection between them, there is no
backup next hop to reach to R8 from R1.
M: 1100
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 M: 1000 SL: 8000
Index: 101 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
M: 1000
Therefore, it would be beneficial to fall back to link protection, where node protection is not possible. In legacy rLFA
configurations, you could use the “node-link-degradation” knob to enable such behavior.
TI-LFA uses a different approach, namely you can use strict or loose node protection. With strict node protection mode, the
protected node is completely removed from LSDB during SPF calculations to determine the backup next hop. With loose node
protection mode, instead of completely removing the protected node from the LSDB, the cost of all the links (other than the
primary link, for which the backup path is being calculated) to the protected node will be increased by the configured node
protection cost value. Thus, the use of the protected node will be strongly (if configured node protection cost value is high)
discouraged, but the protected node will be still considered as a backup, even if there is no other option. Therefore, it can be used
as a fallback to link protection, if node protection is not possible.
• Loose Node Protection: In loose node protection mode, instead of completely removing the protected node from the
LSDB, the cost of all the links (other than the primary link, for which the backup path is being calculated) to the protected
node will be increased by the configured node protection cost value. You need to configure “node-protection cost” to be
smaller (at least by 1) than the maximum IGP link metric (IS-IS: 16777215, OSPF: 65535) to enable loose node-protection
behavior.
How is the label stack for backup path actually determined? Let’s have four scenarios.
Topology
Scenario 1
& M: 2000
P-Space
Extended P-Space
M: 1000
Scenario 2
Source ge-0/0/4
1.1.1.45/3
ge-0/0/4
1.1.1.49/30
M: 1100
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 M: 1000 SL: 8000
Index: 101 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 M: 1000 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
root@R1> start shell command "cprod -A fpc0 -c \"show nhdb id 1048584 extensive\""
ID Type Interface Next Hop Addr Protocol Encap MTU Flags PFE internal Flags
----- -------- ------------- --------------- ---------- ------------ ---- ------------------ ------------------
1048584 Unilist ge-0/0/0.0 - IPv4 Ethernet 0 0x0000000000000000 0x0000000000000000
. . .
Selector ( ):
ID:6(1), Ref:8, Type:1 (Compact), subtype:0, Symmetric-LB: Off, Target_id:0
Key:FRR:Y, Balances:N, Locality:N/unicast, Type:Unicast, Size:2, flags:0x14, dist-mode-default
Destinatio
Source ge-0/0/4 ge-0/0/4
1.1.1.45/3
ge-0/0/0 R4-RR - lo0.0-
n 1.1.1.49/30
R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
R1 - lo0.0- ge-0/0/0
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 SL: 6000 M: 1000 SL: 8000
Index: 101 Index: 104 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
PQ-Node
without crossing the protected links. inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)
Therefore, simple redirection, would + = Active Route, - = Last Active, * = Both
be looped back towards PLR. We need 192.168.1.6/32 (1 entry, 1 announced)
. . .
to calculate the Q space and then to KRT in-kernel 192.168.1.6/32 -> {list:Push 3106, Push 7106, Push 4107(top), Push 7106, Push 2107(top)}
. . .
find PQ-Nodes. It is enough to force *L-ISIS Preference: 14
the traffic to some PQ-Node, since . . .
Level: 2
from PQ-Node, based on Q-space Next hop: 1.1.1.46 via ge-0/0/4.0 weight 0x1, selected
Label operation: Push 3106
definition, the shortest path towards . . .
the destination doesn’t use link under Next hop: 1.1.1.2 via ge-0/0/0.0 weight 0xf000
Label operation: Push 7106, Push 4107(top) <<< 7106 is a label used by R7 for R6's Node segment
protection. In this case we need to . . . 4107 is a label used by R4 for R7's Node segment
Next hop: 1.1.1.6 via ge-0/0/1.0 weight 0xf000
push two labels in the backup path, Label operation: Push 7106, Push 2107(top) <<< 7106 is a label used by R7 for R6's Node segment
. . . 2107 is a label used by R2 for R7's Node segment
top label to reach the PQ-Node and root@R1>
bottom label to reach the primary
next-hop node (E-node). Note: Router 7 is the PQ-Node (2107 and 4107 labels). Traffic first goes to R7 and
then it goes to R6 (primary next-hop node or E-node).
© 2018 Juniper Networks 238
Juniper Business Use Only
R3 - lo0.0-
192.168.1.3/32
ge-0/0/0 SL: 3000 ge-0/0/1
1.1.1.46/30 Index: 103 1.1.1.50/30
Topology
Scenario 4
M: 2000 M: 1000
Destinatio
Source ge-0/0/4 ge-0/0/4
1.1.1.45/3
ge-0/0/0 R4-RR - lo0.0-
n 1.1.1.49/30
R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
R1 - lo0.0- ge-0/0/0
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 SL: 6000 M: 1000 SL: 8000
Index: 101 Index: 104 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
4. Scenarios 4: Destination node doesn't fall in P-space or inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
extended P-Space and we can’t find PQ-Node, But we have 192.168.1.6/32 (1 entry, 1 announced)
one adjacent (directly connected) P-node and Q-node, R5 . . .
KRT in-kernel 192.168.1.6/32 -> {list:Push 3106, Push 7106, Push 18, Push 4105(top), Push 7106,
and R7 in our case. (R-LFA can not provide protection in Push 18, Push 2105(top)}
. . .
this Scenarios): *L-ISIS Preference: 14
Level: 2
. . .
Next hop: 1.1.1.46 via ge-0/0/4.0 weight 0x1, selected
This time, there is no overlap between P-space (or . . .
Label operation: Push 3106
extended P-space) and Q-space. Consequently, there is no Next hop: 1.1.1.2 via ge-0/0/0.0 weight 0xf000
Label operation: Push 7106, Push 19, Push 4105(top)
PQ-Node. The way traffic can be forwarded in such a . . .
Next hop: 1.1.1.6 via ge-0/0/1.0 weight 0xf000
scenario is as follows: . . .
Label operation: Push 7106, Push 19, Push 2105(top)
7106 is a label used by R7 for R6’s Node segment, 19 is the Adj label assigned by R5 to R5-R7 adjacency and 4105
III.Next, from Q-node, send the packet over shortest path is a label used by R4 for R5's Node segment.
towards destination. 7106 is a label used by R7 for R6’s Node segment, 19 is the Adj label assigned by R5 to R5-R7 adjacency and 2105 is
a label used by R2 for R5's Node segment.
© 2018 Juniper Networks 240
Juniper Business Use Only
R3 - lo0.0-
192.168.1.3/32
ge-0/0/0 SL: 3000 ge-0/0/1
1.1.1.46/30 Index: 103 1.1.1.50/30
Topology
Scenario 5
M: 2000 M: 1000
Destinatio
ge-0/0/4 Source ge-0/0/4
1.1.1.45/3
ge-0/0/0 R4-RR - lo0.0- ge-0/0/1
M: 0500 1.1.1.49/30 n ge-0/0/0 R8 - lo0.0-
R1 - lo0.0- ge-0/0/0 ge-0/0/1 R6 - lo0.0- ge-0/0/0
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
SL: 1000 M: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 M: 0500 SL: 8000
Index: 101 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
ge-0/0/1 ge-0/0/3 M: 1000 ge-0/0/3 ge-0/0/1
1.1.1.5/30 1.1.1.21/30 1.1.1.33/30 1.1.1.41/30
ge-0/0/5 ge-0/0/6
1.1.1.54/30 1.1.1.57/30
, 17
, 18
top)
No Q-Space
is available.
ge-0/0/4 ge-0/0/4
1.1.1.53/30 1.1.1.58/30
ge-0/0/1 ge-0/0/3 ae0 ae0 ge-0/0/3 ge-0/0/1
1.1.1.6/30 1.1.1.22/30 1.1.1.25/30 1.1.1.26/30 1.1.1.34/30 1.1.1.42/30
R2 - lo0.0- R5 - lo0.0- ge-0/0/1 ge-0/0/1 R7-RR - lo0.0- R9 - lo0.0-
192.168.1.2/32 M: 2000 192.168.1.5/32 192.168.1.7/32 M: 1000 192.168.1.9/32
18, 17 M: 0500
SL: 2000 ge-0/0/0 ge-0/0/0 SL: 5000 SL: 7000 ge-0/0/0 17 ge-0/0/0 SL: 9000
Index: 102 1.1.1.9/30 1.1.1.10/30 Index: 105 ge-0/0/2 ge-0/0/2 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Topology
Northstar
Controller
192.168.1.10 em2
AS200 172.16.18.199/24
27 18
Spirent 1 Port 1
Sending 10 6.6.6.2/30 Segment Routing
CE5
MB Traffic AS100 ge-0/0/1
towards R1 3.3.3.9/30
34 18 18 28
/junos/system/linecard/interface/
/junos/system/linecard/interface/logical/usage/
/junos/services/label-switched-path/usage/
/junos/services/segment-routing/sid/usage/
/junos/services/segment-routing/traffic-engineering/ingress/usage/
/junos/services/segment-routing/traffic-engineering/tunnel/ingress/usage/
root@R1> root@R1>
Sensor Information :
Name : IFD
Resource : /junos/system/linecard/interface/
Version : 1.1
root@R1> show isis spring sensor info <<< Lists all sensor (non-jvision) added by isis-spring in PFE sensors info
Sensor-id : 76932
They are not for exporting data; they are used for debugging only.
Subscription-ID : 562949953498244
@IS-IS SENSOR INFORMATION
Parent-Sensor-Name : Not applicable
Per-interface-per-member-link Ingress Sensor:
Component(s) : PFE
---------------------------------------------
Sensor-name Sensor-id
Server Information :
aggr_ingress_intf_sensor 3221225507
Name : Northstar-Server
Per-interface-per-member-link Egress Sensor:
Scope-id : 0
--------------------------------------------
Remote-Address : 172.16.18.1
Sensor-name Sensor-id
Remote-port : 3000 . . .
lo0.0 3221225518
Transport-protocol : UDP 1108 3221225683
ge-0/0/0.0 3221225645
ge-0/0/1.0 3221225647 1109 3221225684
Profile Information : 1499 3221225678
ge-0/0/4.0 3221225649
ge-0/0/5.0 3221225651
Name : Northstar-Profile IPv4/IPv6 Per-sid Egress Sensor:
Reporting-interval : 2 --------------------------------
Per-sid Ingress Sensor:
Payload-size : 5000 Sensor-name Sensor-id
-----------------------
Address : 172.16.18.11 L-ISIS-192.168.1.2 3221225674
Sensor-name Sensor-id
Port : 1000 L-ISIS-192.168.1.3 3221225679
27 3221225676
Timestamp : 1 L-ISIS-192.168.1.4 3221225690
28 3221225691
Format : GPB L-ISIS-192.168.1.5 3221225666
39 3221225675
DSCP : 0 L-ISIS-192.168.1.6 3221225685
1102 3221225673
Forwarding-class : 0 L-ISIS-192.168.1.7 3221225686
1103 3221225677
Loss-priority : low L-ISIS-192.168.1.8 3221225687
1104 3221225689
. . . L-ISIS-192.168.1.9 3221225688
1105 3221225657
1106 3221225681 L-ISIS-192.168.1.101 3221225680
1107 3221225682
. . . root@R1>
© 2018 Juniper Networks 248
Juniper Business Use Only
SR-TE Telemetry - Verification - Common Outputs Cont…
. . .
Sensor Information :
Name : IFL
Resource : /junos/system/linecard/interface/logical/usage/
Version : 1.1
Sensor-id : 76940
Subscription-ID : 562949953498252
Parent-Sensor-Name : Not applicable
Component(s) : PFE
Server Information :
Name : Northstar-Server
Scope-id : 0
Remote-Address : 172.16.18.1
Remote-port : 3000
Transport-protocol : UDP
Profile Information :
Name : Northstar-Profile
Reporting-interval : 2
Payload-size : 5000
Address : 172.16.18.11
Port : 1000
Timestamp : 1
Format : GPB
DSCP : 0
Forwarding-class : 0
Loss-priority : low
. . .
Name : SR-TE
Resource : /junos/services/segment-routing/traffic-engineering/ingress/usage/
Version : 1.0
Sensor-id : 85573317
Subscription-ID : 562950038994629
Parent-Sensor-Name : Not applicable
Component(s) : PFE
Server Information :
Name : Northstar-Server
Scope-id : 0
Remote-Address : 172.16.18.1
Remote-port : 3000
Transport-protocol : UDP
Profile Information :
Name : Northstar-Profile
Reporting-interval : 2
Payload-size : 5000
Address : 172.16.18.11
Port : 1000
Timestamp : 1
Format : GPB
DSCP : 0
Forwarding-class : 0
Loss-priority : low
. . .
Name : SR-TE-SID
Resource : /junos/services/segment-routing/sid/usage/
Version : 1.0
Sensor-id : 3964114175
Subscription-ID : 562953917535487
Parent-Sensor-Name : Not applicable
Component(s) : PFE
Server Information :
Name : Northstar-Server
Scope-id : 0
Remote-Address : 172.16.18.1
Remote-port : 3000
Transport-protocol : UDP
Below sensor IDs in PFE are same in all routers.
Profile Information :
Name : Northstar-Profile root@R1> start shell command "cprod -A fpc0 -c \"show agent sensors\""
Reporting-interval : 2
Payload-size : 5000
Address : 172.16.18.11 Jvision ID Name
Port : 1000 ---------- --------------------------------
Timestamp : 1 76932 IFD 5000(0)
Format : GPB 76940 IFL 5000(685)
DSCP : 0 85573317 SR-TE 5000(0)
Forwarding-class : 0 539528113 sensor_1002 0(0)
Loss-priority : low 539528114 sensor_1001 0(0)
2277069355 __default_fabric_sensor__ 5000(82)
root@R1> 3964114175 SR-TE-SID 5000(0)
. . .
root@R1>
© 2018 Juniper Networks 251
Juniper Business Use Only
SR-TE Telemetry - Sensors Stats Verification on R1
root@R1> show isis spring interface traffic-statistics | no-more <<< Display the traffic statistics of an IS-IS SPRING link. SPRING traffic is measured
Interface Output-bytes Output-packets to recalculate the actual available bandwidth to RSVP for traffic engineering.
ge-0/0/0.0 0 0 <<< Egress
ge-0/0/1.0 0 0
ge-0/0/4.0 0 0
ge-0/0/5.0 0 0
ge-0/0/9.0 0 0
lo0.0 0 0
root@R1> start shell command "cprod -A fpc0 -c \"show agent sensors id 76932\""
root@R1> start shell command "cprod -A fpc0 -c \"show agent sensors id 85573317\""
root@R1> start shell command "cprod -A fpc0 -c \"show agent sensors id 3964114175\""
root@R1>
Note: Since First top label (28) advertised by R1 on R1-R4 link will not be in label
stack, You will not see the stats (sensor id 3964114175) for this label in the outputs.
© 2018 Juniper Networks 252
Juniper Business Use Only
SR-TE Telemetry - Sensors Stats Verification on R1 Cont…
root@R1> start shell command "cprod -A fpc0 -c \"show agent sensors id 76940\"" . . .
Export: Interval = 2000 msecs, Payload-size = 5000 bytes, Server =
ID: 76940 Type: 1 Name: (IFL) Src: 172.16.18.11:1000, Dst: 172.16.18.1:3000(VRF 0) , Qos = TOS:0x0,
Sensor Data: 715(687) bytes Hint:0x40000010, FC:0 PLP:0
Jvision Header: system: R1:172.16.18.11, slot: 0, time: May 30 16:04:39.336, Filter: none
sequence_number: 7004, sensor_name: Accounting:
IFL:/junos/system/linecard/interface/logical/usage/:/junos/system/linecard/inter 7005 total successful reaps, 0 failed/aborted reap(s).
face/logical/usage/:PFE, version: 1.1 1 reaps in latest reporting interval.
1 packets in latest reporting interval.
===================================================== 10 instances in latest reporting interval.
Interface = ge-0/0/0.0 (550) <<< Egress Interface 7005 total packets sent.
Init time: May 30 12:03:32 2019 7005 wraps, 1 reap(s) on average to wrap.
Last 10 wraps (UTC):
Ingress Statistics . . .
------------------ root@R1>
Packets: 8931
Bytes: 849960
Unicast Packets : 8931
Multicast Packets: 0
Operational Status
------------------
Status: up
. . .
root@R4> start shell command "cprod -A fpc0 -c \"show agent sensors id 76932\""
root@R4> start shell command "cprod -A fpc0 -c \"show agent sensors id 85573317\""
root@R4>
root@R6>
root@R6> start shell command "cprod -A fpc0 -c \"show agent sensors id 76932\""
root@R6> start shell command "cprod -A fpc0 -c \"show agent sensors id 85573317\""
root@R6>
root@R8> start shell command "cprod -A fpc0 -c \"show agent sensors id 76932\""
root@R8> start shell command "cprod -A fpc0 -c \"show agent sensors id 85573317\""
root@R8>
root@R9> start shell command "cprod -A fpc0 -c \"show agent sensors id 76932\""
root@R9> start shell command "cprod -A fpc0 -c \"show agent sensors id 85573317\""
root@R9>
Egress Statistics
-----------------
Packets: 1065
Bytes: 67346
Unicast Packets : 1065
Multicast Packets: 0
Operational Status
------------------
Status: up
. . .
Note: Since R9 is Egress router, The bottom label (16) is popped on R8 and
hence the traffic will come as plane IPv4 on R9, hence no label on R9.
© 2018 Juniper Networks 265
Juniper Business Use Only
SR-TE Telemetry - SR LSP Optimization Using Telemetry
Two Spirent traffic generators are connected on ge-0/0/7 and ge-0/0/8 interfaces of R1. Traffic is coming with destination
address field having IP 3.3.3.10 and it is riding the LSP “R1-to-R9-LSP-AdjSID”. As previously stated, we are doing LSP
optimization based on link utilization. root@R1> show spring-traffic-engineering lsp name R1-to-R9-LSP-AdjSID detail
Name: R1-to-R9-LSP-AdjSID
Tunnel-source: Path computation element protocol(PCEP)
Interface: ge-0/0/7, Enabled, Link is Up
To: 192.168.1.9
Encapsulation: Ethernet, Speed: 1000mbps
State: Up
Traffic statistics: Current delta
Telemetry statistics:
Input bytes: 19824714 (0 bps) [9908652]
Sensor-name: ingress-R1-to-R9-LSP-AdjSID, Id: 3758096392
. . .
Outgoing interface: NA
Auto-translate status: Disabled Auto-translate result: N/A
Interface: ge-0/0/8, Enabled, Link is Up
Compute Status:Disabled , Compute Result:N/A , Compute-Profile Name:N/A
Encapsulation: Ethernet, Speed: 1000mbps
BFD status: N/A BFD name: N/A
Traffic statistics: Current delta
SR-ERO hop count: 4
Input bytes: 64484824 (0 bps) [9920548]
Hop 1 (Strict):
. . .
NAI: IPv4 Adjacency ID, 1.1.1.1 -> 1.1.1.2
SID type: 20-bit label, Value: 28
Hop 2 (Strict):
We have configured analytics on NorthStar. Config is on next slide. NAI: IPv4 Adjacency ID, 1.1.1.17 -> 1.1.1.18
SID type: 20-bit label, Value: 17
Hop 3 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.29 -> 1.1.1.30
SID type: 20-bit label, Value: 20
Hop 4 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.41 -> 1.1.1.42
SID type: 20-bit label, Value: 16
root@R1>
R1 R2 R3 R4 R5
Label advertised Label advertised Label advertised Label advertised
from R2 to R1 for from R3 to R2 for from R4 to R3 for from R5 to R4 for
R5’s loopback R5’s loopback R5’s loopback R5’s loopback
L2 L3 L4 L5
R6
First scenarios: Imagine all the links are having equal metrics. Now let's assume that LSP endpoint IP address (R5’s loopback) is not
resolving on the LDP LSP on R1. As long as IGP connectivity is there, IP ping probes destined to R5’s loopback will follow the IGP path and
they will traverse via R1 R2 R6 R5 and not the LDP LSP path. The probes will return success, but have we validated the LSP? No.
Second scenarios: Now assume there are having 10 RSVP LSP going from R1 to R5 and on R1 we have ECMP enabled. The LSP endpoint
IP (R5’s loopback) is resolving over 10 LSPs at R1. Let’s say we want to trace first LSP. In case of normal IPv4 ping (or IPv4 trace) probes,
the first ping can go to first LSP and the second probe can go to any other LSP, but each time probes will return success. Again you see we
are not be able to trace the RSVP LSP using simple IPv4 probes.
R1 R2 R3 R4 R5
Label advertised Label advertised Label advertised Label advertised
from R2 to R1 for from R3 to R2 for from R4 to R3 for from R5 to R4 for
R5’s loopback R5’s loopback R5’s loopback R5’s loopback
L2 L3 L4 L5
Now imagine a probe traveling on the LSP with label L2 on the hop between R1 and R2. Now assume that at node R2, the
forwarding state is such that the label is popped instead of being swapped to L3. This could happen, for example, because of a
corruption in the forwarding state entry, but may also be the result of a legal protocol operation, when LDP-independent control
is used. In any case, when the traffic arrives at R2, the label is popped. The packet continues its journey to R5 as a pure IP packet
and the failure in the LSP is not detected.
The idea behind LSP Ping is simple. Verify that a packet that belongs to a particular forwarding equivalence class (FEC) actually
ends its MPLS path on the LSR that is the egress for that FEC. In the topology example of third scenario, the FEC is R5’s
loopback address. In the failure scenario, when the label is popped at R2, the MPLS path ends on router R2 instead of router R5.
Because R2 is not the egress for the FEC, the check fails, and the error is detected. From this description, several requirements
become apparent regarding the probes and their handling:
a. The probes must follow exactly the same path as the data packets.
To ensure that the probes follow the same path as the data packets, they are forwarded using the same label stack as the data
forwarded over the LSP they are testing.
To allow delivery of the probe to the control plane of the egress LSR, the router-alert option is set in the IP header. Due to
PHP R4 will POP the label and native IPv4 packet will be send to R5. R5 will see the router-alert option in IP packet and it
will send the probe packet to its control plane. An interesting challenge arises with regards to the IP destination address. The
problem is that the address of the LSR, which is the egress of the LSP, may not always be known. For example, LDP may
advertise a label binding for an arbitrary FEC that is not necessarily associated with any address on the router. For this
reason, the destination address is a random address in the 127/8 range. The 127/8 address prevents the IP packet from being
forwarded over IP to its destination if the LSP is broken. If any transit router (let’s say R2) wants to forward the IP packet
after Popping of label, then it can not forward that packet to anywhere as 127/8 range is not routable range and it belongs to
the host. R2 will punt the packet to control plane so that correct error code can be sent to the ingress router.
c. The probes must contain enough information about the FEC to allow the receiving LSR to determine if it is indeed the correct
egress.
To facilitate the check that the egress LSR must perform, the probe contains information about the FEC under test. This
information is carried in the payload of the UDP packet and is encoded as a set of TLVs. The information is different based on
the type of FEC. Please see RFC 8287 for more details on the different types of TLVs.
To inform the originator of the probe of the result of the FEC test, the receiver must know its address. Therefore, the source
address of the MPLS echo request probe is set to a routable address on the originator of the probe.
© 2018 Juniper Networks 281
Juniper Business Use Only
How LSP Ping Works? Cont…
An LSR receiving an MPLS echo request validates it and sends a reply using an MPLS echo reply packet. The reply is also a UDP
packet, sent to the source address of the MPLS echo request and forwarded in accordance with the route that is available for its
destination address. Thus, the reply packet may travel as pure IP or it may be encapsulated in an LSP, if the path to the
destination is through an LSP. The reply contains status information, such as success or failure and the reason for the failure.
When the originator of the echo request receives this reply, it matches it against the outstanding requests and reports the
appropriate status for the LSP under test.
The Target FEC Stack TLV is a list of sub-TLVs. Type of sub-TLV in FEC stack TLV will be determined by the MPLS protocol used, see RFC
8029. Each sub-TLV in the Target FEC Stack TLV indicates one entry in the label stack (no of MPLS labels that ingress router put in to the
packet). The first entry in the list corresponds to the top label in the label stack, and so on. Ingress router requests a transit router to
validate the target FEC stack TLV representing the MPLS session on that transit router.
Sub-TLVs inside FEC stack TLV have different-different information (information describing LSP) for different-different protocols. Below
are some of the common type of sub-TLVs that are carried in FEC stack TLV for the MPLS protocols:
Sub-TLV Type Value Field Description
1 LDP IPv4 prefix The LDP IPv4 prefix is a FEC whereby LDP has advertised an IPv4 prefix.
RSVP IPv4 LSP is a FEC that a traffic engineering (TE) tunnel maps. Carries RSVP LSP details
3 RSVP IPv4 LSP
(i.e. Tunnel endpoint address, Tunnel IDs, LSP ID etc.)
16 Nil FEC For labels which does not have explicit FEC associated.
34 IPv4 IGP-Prefix Segment ID Carries IPv4 prefix to which the Segment ID is assigned. Normally Egress router’s loopback IP.
36 IGP-Adjacency Segment ID Carries local and Remote Interface, Local and Remote Router ID for the segment.
© 2018 Juniper Networks 283
Juniper Business Use Only
How LSP Traceroute Works? Cont…
With the LSP Trace, the idea is not just to report the hops in the path, but also determine if there is a mismatch between the
forwarding and control planes. To accomplish this, three conditions must be satisfied:
a. The MPLS echo request probe must be processed by each hop in the path. Ingress router achieve it by setting TTL value. So in
case of MPLS ping (or trace probe), router alert bit is also set in IPv4 header of the probe so that an egress router can send
the probe packet to its control plane when it receive the native IPv4 packet from PHP router.
b. To identify which LSP to test and validate. Ingress router achieve it by putting “FEC stack TLV” in MPLS echo request.
c. To identify whether MPLS trace probe packet has been received on the expected interface or not, Every transit node should
validate “Downstream Mapping TLV”. If this validation fails, then control plane and data plane are not in sync and that
router will report the error back to Ingress node.
Let's explain the process by using LDP LSP example. To trace the path of an LDP LSP, an MPLS echo request is sent from the
head end, including the Target FEC stack TLV containing LDP IPv4 prefix sub-TLV, encapsulated with the correct label stack for
the LSP, in this case the LDP label. To ensure that the echo request is received by each hop in the path, several such echo
requests are sent, with increasing TTL values, just like a normal traceroute.
To allow the transit LSR to check the control plane against the data plane, the LSR must know whether it is a correct recipient of
the probe. Therefore, the MPLS echo request packet contains, in addition to the FEC stack TLV for the FEC under test, the list of
acceptable recipients of the packet.
© 2018 Juniper Networks 284
Juniper Business Use Only
How LSP Traceroute Works? Cont…
This list is encoded in the “Downstream Mapping TLV” and contains identifying information (such as the router ID, label and
interface) of all the possible downstream neighbors for the FEC, from the point of view of the upstream LSR. The LSR processing
the echo request determines if it is a valid recipient of the traffic if it is listed in the Downstream Mapping TLV, with the correct
label and interface information. In short “Downstream Mapping TLV” is used by transit routers to identify whether they are
receiving the MPLS request packet on correct interface or not. If the check fails, it informs the head end of the failure in the echo
reply, thus pinpointing the location of the problem. If the check succeeds, the LSR extracts all its valid downstream neighbors
and labels for the FEC under test and sends this information in the echo reply, encoded in a (per-neighbor) Downstream
Mapping TLV. This TLV is sent in the next echo request that will be sent with a TTL greater by 1, and therefore will reach its
downstream neighbors.
The Downstream Mapping TLV is an optional TLV that indicates who the downstream LSR is, which downstream or outgoing
label is used, by which protocol the label was assigned, and some Multipath information. Downstream Mapping TLV is not used
if the replying LSR is the egress LSR for the FEC.
First Case: Assume that there is LDP enabled on all the routers.
R1 R2 R3 R4 R5
Label advertised Label advertised Label advertised Label advertised
from R2 to R1 for from R3 to R2 for from R4 to R3 for from R5 to R4 for
R5’s loopback R5’s loopback R5’s loopback R5’s loopback
L2 L3 L4 L5
Label advertised Label advertised
from R6 to R4 for from R5 to R6 for
R5’s loopback R5’s loopback
L6 L7
R6
R1 to R5 path through R2, R3 and R4 is having lower metric compared to the other path through R2, R6. MPLS LSP Trace is expected to
traverse R1 to R5 through R2, R3 and R4. R2 is expected to send the MPLS trace probe to R3 but if it sends the probe packet incorrectly to
R6 (due to incorrect programming on R2). R6 looks in to the probe packet. First, FEC Stack validation will happen on R6 and it will be
successful. Remember in LDP case the FEC Stack TLV will contain the LDP IPv4 prefix associated with the R5 (in this case R5’s loopback)
and R6 can validate it without any issue. let’s assume that incorrect programming on R2 happens somewhere between Probe 1 and Probe 2.
Now DDMT TLV validation will happen and this DDMT TLV validation will fail on R6 as in this case, DDMT TLV will have info related to
the R2-R3 link. R6 will look in to the DDMT TLV and it will identify that it is not the correct recipient of the Probe. R6 will return the
proper error code to R1. Hence LSP trace will be not succeed.
© 2018 Juniper Networks 286
Juniper Business Use Only
How LSP Traceroute Works? Cont…
Second Case: Assume that there is LDP enabled on all the routers except R6.
R1 R2 R3 R4 R5
Label advertised Label advertised Label advertised Label advertised
from R2 to R1 for from R3 to R2 for from R4 to R3 for from R5 to R4 for
R5’s loopback R5’s loopback R5’s loopback R5’s loopback
L2 L3 L4 L5
R6
MPLS LSP Trace is expected to traverse R1 to R5 through R2, R3 and R4. R2 is expected to send the MPLS trace probe to R3 but if it send
the probe packet incorrectly to R6 (due to incorrect programming on R2). R6 looks in to the probe packet. First, FEC Stack validation will
happen on R6 and it will fail as R6 does not understand the LDP FEC Stack TLV. Hence the first validation itself will fail. R6 will return the
proper error code to R1. LSP trace will be not succeed.
R1 R2 R3 R4 R5
Label advertised Label advertised Label advertised Label advertised
from R2 to R1 for from R3 to R2 for from R4 to R3 for from R5 to R4 for
R5’s loopback R5’s loopback R5’s loopback R5’s loopback
L2 L3 L4 L5
MPLS Echo request
FEC-Stack - R5’s loopback This process is for an LDP-signaled LSP between R1 and R5. R1 sends an
DDMT TLV having IP L2 TTL = 1
address of R2’s interface MPLS echo request with a TTL value equal to 1. The request contains an
connecting to R1, Label L2
LDP IPv4 prefix sub-TLV for FEC R5 and a Downstream Mapping TLV
MPLS Echo Reply: OK
DDMT TLV having IP address of R3’s
listing neighbor R2, as well as the label used by R2, L2. When the TTL
interface connecting to R2, Label L3 expires at R2, the echo request is delivered to the control plane of router
MPLS Echo request
R2 for processing, along with the label stack with which the packet
FEC-Stack - R5’s loopback
DDMT TLV from Previous L2 TTL = 2
arrived. LSR R2 checks if it is one of the routers in the Downstream
Echo reply containing Mapping TLV. R2 also validate the FEC listed in FEC Stack TLV. Because
label L3
the check is positive, R2 builds a new Downstream Mapping TLV, listing
MPLS Echo Reply: OK
DDMT TLV having IP address of R4’s all its valid downstream neighbors for LDP FEC R5 (in this case, router
interface connecting to R3, Label L4
R3 with label L3) and sends it back to the head end in the echo reply.
Hierarchical Tracing: Lets assume that there is a RSVP signaled LSP from R2 to R4 and that the LDP signaled LSP for R1’s loopback is
tunneled over it. When R1 traces the path towards R5, it does so using the LDP IPv4 prefix sub-TLV inside Target FEC stack TLV in the
echo request. Router R2 can successfully perform the FEC validation, but router R3, which is a pure RSVP node with no knowledge of the
LDP tunnel, cannot do the same.
Rather than returning a failure, routers in the path informs the head end that a different sub-TLV type (RSVP IPv4 Session Query sub-TLV)
needs to be used in the FEC stack TLV when sending the next probe, by encoding this information “FEC stack change sub-TLV” and RSVP
label in the Downstream Mapping TLV putting all the details of the new RSVP FEC. Also protocol field of Label stack sub-TLV in DDMT
TLV of the echo reply would indicate that the upstream label would belong to RSVP-TE. In the example above, router R2, which is the RSVP
tunnel head end, informs router R1 that for the next echo-request packet an RSVP sub-TLV rather than the LDP sub-TLV should be used
and the validation of the echo request can be successfully completed.
RSVP validation happens on the R3 and R4. MPLS probes originated at the R1 contains RSVP IPv4 Session Query sub-TLV (3) to describe
RSVP hops and below RSVP IPv4 Session Query sub-TLV (3) these probes also has LDP IPv4 prefix sub-TLV. At the RSVP endpoint, R4
validates RSVP IPv4 Session Query sub-TLV in DDMT TLV. R4 is egress for the RSVP tunnel, it returns label 3 (in DDMT TLV) in Echo
reply. We are still having validation pending for the LDP IPv4 prefix sub-TLV as well on R4, R1 sends one more Echo request with same
TTL to R4 again containing LDP IPv4 prefix sub-TLV in DDMT TLV. R4 validates this LDP IPv4 prefix TLV and again returns label 3 in
DDMT TLV in echo reply. Label 3 for the validation of LDP IPv4 prefix sub-TLV also because in data plane packet is forwarded based on
RSVP PHP label. Lab Example of hierarchical tracing provided later in the presentation.
© 2018 Juniper Networks 289
Juniper Business Use Only
LSP Ping and Traceroute Example
From our base topology:
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4 - lo0.0- ge-0/0/3 ge-0/0/3 R5 - lo0.0- ae0 ae0 R7 - lo0.0- ge-0/0/0 ge-0/0/0 R9 - lo0.0-
192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.21/30 1.1.1.22/30 192.168.1.5/32 1.1.1.25/30 1.1.1.26/30 192.168.1.7/32 1.1.1.37/30 1.1.1.38/30 192.168.1.9/32
SL: 1000 L.Out L.In SL: 4000 L.Out L.In SL: 5000 L.Out L.In SL: 7000 L.Out SL: 9000
Index: 101 26 26 Index: 104 22 22 Index: 105 23 23 Index: 107 3 Index: 109
root@R1> ping mpls ldp 192.168.1.9 source 192.168.1.1 detail root@R1> traceroute mpls ldp 192.168.1.9 source 192.168.1.1 no-resolve
Request for seq 1, to interface 334, label 26, packet size 80 Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
Reply for seq 1, return code: Egress-ok, time: 5.279 ms source 192.168.1.1
Local transmit time: 2019-06-01 15:42:07 UTC 335.281 ms
Remote receive time: 2019-06-01 15:42:07 UTC 340.560 ms ttl Label Protocol Address Previous Hop Probe Status
Request for seq 2, to interface 334, label 26, packet size 80 1 26 LDP 1.1.1.2 (null) Success
Reply for seq 2, return code: Egress-ok, time: 5.836 ms FEC-Stack-Sent: LDP
Local transmit time: 2019-06-01 15:42:08 UTC 336.311 ms ttl Label Protocol Address Previous Hop Probe Status
Remote receive time: 2019-06-01 15:42:08 UTC 342.147 ms 2 22 LDP 1.1.1.22 1.1.1.2 Success
Request for seq 3, to interface 334, label 26, packet size 80 FEC-Stack-Sent: LDP
Reply for seq 3, return code: Egress-ok, time: 5.039 ms ttl Label Protocol Address Previous Hop Probe Status
Local transmit time: 2019-06-01 15:42:09 UTC 334.265 ms 3 23 LDP 1.1.1.26 1.1.1.22 Success
Remote receive time: 2019-06-01 15:42:09 UTC 339.304 ms FEC-Stack-Sent: LDP
Request for seq 4, to interface 334, label 26, packet size 80 ttl Label Protocol Address Previous Hop Probe Status
Reply for seq 4, return code: Egress-ok, time: 9.988 ms 4 3 LDP 1.1.1.38 1.1.1.26 Egress
Local transmit time: 2019-06-01 15:42:10 UTC 329.478 ms FEC-Stack-Sent: LDP
Remote receive time: 2019-06-01 15:42:10 UTC 339.466 ms
Request for seq 5, to interface 334, label 26, packet size 80 Path 1 via ge-0/0/0.0 destination 127.0.0.64
Reply for seq 5, return code: Egress-ok, time: 5.631 ms
Local transmit time: 2019-06-01 15:42:11 UTC 328.417 ms
Remote receive time: 2019-06-01 15:42:11 UTC 334.048 ms root@R1>
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version Number: 1
| Version Number | Global Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Type | Reply Mode | Return Code | Return Subcode| Flags: Three flags are defined: the R, T, and V bits; the rest MUST be set to zero.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender's Handle |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1. The V (Validate FEC Stack) flag is set to 1 if the sender wants the receiver to
| Sequence Number | perform FEC Stack validation; if V is 0, the choice is left to the receiver.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TimeStamp Sent (seconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2. The T (Respond Only If TTL Expired) flag MUST be set only in the echo
| TimeStamp Sent (seconds fraction) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
request packet by the sender. If the T flag is set to 1 in an incoming echo
| TimeStamp Received (seconds) | request, and the TTL of the incoming MPLS label is more than 1, then the
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ receiving node MUST drop the incoming echo request and MUST NOT send
| TimeStamp Received (seconds fraction) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ any echo reply to the sender. This flag MUST NOT be set in the echo reply
| TLVs ... | packet. If this flag is set in an echo reply packet, then it MUST be ignored.
. .
. .
. . 3. The R (Validate Reverse Path) When this flag is set in the echo request, the
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Responder SHOULD return reverse-path FEC information.
The Message Type: Can be either MPLS Echo Request (Type 1) or MPLS Echo Reply (Type 2).
Reply Mode: The Address Type indicates if the interface is numbered or unnumbered. For IPv4 Numbered, the type is 1.
Reply Mode: can take one of the below values. 1 Target FEC Stack
2 Downstream Mapping (Deprecated)
Value Meaning 3 Pad
4 Unassigned
1 Do not reply 5 Vendor Enterprise Number
2 Reply via an IPv4/IPv6 UDP packet 6 Unassigned
3 Reply via an IPv4/IPv6 UDP packet with Router Alert 7 Interface and Label Stack
4 Reply via application-level control channel 8 Unassigned
9 Errored TLVs
Return Code: Provided in the Downstream Detailed Mapping TLV definition. 10 Reply TOS Byte
20 Downstream Detailed Mapping
Sender's Handle: The Sender Handle field is added by the sender in the echo request. The recipient puts the same value back in the echo reply. The
sender handle is relevant only to the sender, which uses the value to match the echo reply against the echo request. The value remains the same for all
counts of a single ping.
Sequence Number: The Sequence Number is assigned by the sender of the MPLS echo request and can be (for example) used to detect missed
replies.
Time Stamp: The Time Stamp Sent is the time of day (according to the sender's clock) in 64-bit NTP timestamp format when the MPLS echo request
is sent. The Time Stamp Received in an echo reply is the time of day (according to the receiver's clock) in 64-bit NTP timestamp format in which the
corresponding echo request was received.
TLV Types: The mentioned TLV types in the green area are defined. If Trace is successful, then we normally see Target FEC Stack TLV (1) and
Downstream Detailed Mapping (20).
2. IPv4 IGP-Prefix Segment ID sub-TLV: Used in LSP Ping and L-ISIS Trace.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Prefix Length | Protocol | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IPv4 Prefix: This field carries the IPv4 Prefix to which the Segment ID is assigned. In case of an Anycast Segment ID, this field will carry the IPv4
Anycast address.
Prefix Length: The Prefix Length field is one octet. It gives the length of the prefix in bits (values can be 1-32).
Protocol: This field is set to 1, if the responder MUST perform FEC validation using OSPF as the IGP protocol. Set to 2, if the responder MUST
perform Egress FEC validation using the Intermediate System to Intermediate System (IS-IS) as the IGP protocol. Set to 0, if the responder can use
any IGP protocol for Egress FEC validation.
Reserved:
© 2018 The
Juniper Networks Reserved field MUST be set to 0 when sent and MUST be ignored on receipt. 294
Juniper Business Use Only
MPLS Echo Packet details Cont…
3. IGP-Adjacency Segment ID sub-TLV: Used in SPRING-TE trace. This sub-TLV is applicable for any IGP-Adjacency.
Local Interface ID: Local link address (IPv4 or IPv6) that is assigned by the local LSR for a link to which the Adjacency Segment ID is bound.
Remote Interface ID: Remote (downstream neighbor) link address (IPv4 or IPv6) that is assigned by the remote LSR for a link on which the
Adjacency Segment ID is bound.
Advertising Node Identifier: This specifies the Advertising Node Identifier. If Protocol field is set to 1 (OSPF protocol), then it is a 32-bit OSPF
Router ID. If the Protocol field is set to 2 (ISIS protocol), then it is a 48-bit IS-IS System ID. If the Protocol field is set to 0, then is should be zero.
Receiving Node Identifier: This specifies the downstream node identifier. If Protocol field is set to 1 (OSPF protocol), then it is a 32-bit OSPF
Router ID. If the Protocol field is set to 2 (ISIS protocol), then it is a 48-bit IS-IS System ID. If the Protocol field is set to 0, then is should be zero.
© 2018 Juniper Networks 295
Juniper Business Use Only
MPLS Echo Packet details Cont…
Downstream Detailed Mapping TLV:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MTU | Address Type | DS Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Downstream Address (4 or 16 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Downstream Interface Address (4 or 16 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Return Code | Return Subcode| Sub-TLV Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. List of Sub-TLVs .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Maximum Transmission Unit (MTU): The MTU is the size in octets of the largest MPLS frame (including label stack) that fits on the interface to
the downstream LSR.
Address Type: The Address Type indicates if the interface is numbered or unnumbered. For IPv4 Numbered, the type is 1.
DS Flags: Two flags are defined currently, I and N. Flag I indicate that the replying router SHOULD include an Interface and Label Stack Object in
the echo reply message. Flag N is for Non-IP Packet.
Downstream Address and Downstream Interface Address: In case of Numbered Interfaces both are set to the interface address of the
downstream LSR.
Value Meaning
0 No Return Code
1 Malformed echo request received
2 One or more of the TLVs was not understood
3 Replying router is an egress for the FEC at stack-depth <RSC>
4 Replying router has no mapping for the FEC at stack-depth <RSC>
5 Downstream Mapping Mismatch
6 Upstream Interface Index Unknown
7 Reserved
8 Label switched at stack-depth <RSC>
9 Label switched but no MPLS forwarding at stack-depth <RSC>
10 Mapping for this FEC is not the given label at stack-depth <RSC>
11 No label entry at stack-depth <RSC>
12 Protocol not associated with interface at FEC stack-depth <RSC>
13 Premature termination of ping due to label stack shrinking to a single label
14 See DDMAP TLV for meaning of Return Code and Return Subcode
15 Label switched with FEC change
Return Subcode (RSC): contains the point in the label stack where processing was terminated. If the RSC is 0, no labels were processed. Otherwise,
the packet was label switched at depth RSC.
Sub-TLVs: This section defines the sub-TLVs that MAY be included as part of the Downstream Detailed Value Meaning
Mapping TLV.
0 Unknown
Sub-Type Value Field 1 Static
2 BGP
1 Multipath data 3 LDP
2 Label stack 4 RSVP-TE
3 FEC stack change 5 OSPF
6 ISIS
Multipath data TLV: The multipath data sub-TLV includes Multipath Information. 7-250 Unassigned
251-254Experimental use
Label stack TLV: The Label Stack sub-TLV contains the set of labels in the label stack as it would have 255 Reserved
appeared if this router were forwarding the packet through this interface. Any Implicit Null labels are
explicitly included. The number of label/protocol pairs present in the sub-TLV is determined based on the
sub-TLV data length. When the Downstream Detailed Mapping TLV is sent in the echo reply, this sub-TLV
MUST be included. This TLV defines protocol associated with the label.
FEC stack change TLV: A router MUST include the FEC stack change sub-TLV when the downstream
node in the echo reply has a different FEC Stack than the FEC Stack received in the echo request. One or
more FEC stack change sub-TLVs MAY be present in the Downstream Detailed Mapping TLV. The operation
associated with the FEC stack change can be pop or push.
The basic idea is to verify the segment-routed MPLS path by sending the “MPLS echo request” packet with entire label-stack
along the same data path as the data traffic. An MPLS echo request carries Forwarding Equivalence Class (FEC) of the segment-
routing path is being verified. This echo request is forwarded just like any other packet based on the label-stack.
In "ping" mode (basic connectivity check), the packet should reach the end of the path, at which point it is sent to the control
plane of the end node, which then verifies whether it is indeed an Egress for the FEC.
In "traceroute" mode (fault isolation), the packet is sent to the control plane of each transit node along the MPLS path, which
performs various checks (Control Plane and Data Plane both) that it is indeed a transit node for this path; this transit node also
returns further information that helps check the control plane against the data plane, i.e., that forwarding matches what the
segment-routing protocols determined as the path.
SR LSP ping/traceroute utility can be used for SR-LDP stitching and SR over RSVP scenarios.
ping mpls segment-routing isis (or ospf) <FEC> source <Source_IP> (detail)
ping mpls segment-routing isis (or ospf) <FEC> source <Source_IP> stitched-protocol ldp (detail) <<< In case of SR->LDP stitching
ping mpls segment-routing isis (or ospf) <FEC> source <Source_IP> stitched-protocol isis (detail) <<< In case of LDP->SR stitching
traceroute mpls segment-routing isis (or ospf) <FEC> source <Source_IP> (detail)
Let’s try to traceroute R9 from R1. root@R1> show route 192.168.1.9 table inet.0
root@R1>
© 2018 Juniper Networks 300
Juniper Business Use Only
SR OAM (L-ISIS) Example
root@R1> traceroute mpls segment-routing isis 192.168.1.9 source 192.168.1.1
Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
source 192.168.1.1
. . .
root@R1>
© 2018 Juniper Networks 301
Juniper Business Use Only
SR OAM (L-ISIS) Example Explanation for first Path
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Downstream Detailed
Mapping TLV
IP 1.1.1.2, label 4109
Downstream Detailed
Mapping TLV
IP 1.1.1.14, label 6109
Downstream Detailed
Mapping TLV
IP 1.1.1.34, label 7109
Downstream Detailed
Mapping TLV
IP 1.1.1.38, label 3
-A l
R8 e
LDP also has same behavior.
o- n n
- t Tu
R1 VP
Northstar
RS
JVM RSVP
AS100
Note: Configured “set protocols isis
192.168.1.10 em2
AS200 172.16.18.199/24 traffic-engineering family inet-
mpls shortcuts” on R1. Now labelled
Two RSVP LSPs from R1 to R8 creating
ISIS traffic is riding on RSVP LSP.
ge-0/0/9 ECMP NH for destination 192.168.1.5 on R1
eth2 ge-0/0/4 ge-0/0/4
172.16.18.1/24 172.16.18.11/24 1.1.1.45/3 1.1.1.49/30
R1 - lo0.0- ge-0/0/0 ge-0/0/0 R4-RR - lo0.0- ge-0/0/1 ge-0/0/1 R6 - lo0.0- ge-0/0/0 ge-0/0/0 R8 - lo0.0-
Northstar 192.168.1.1/32 1.1.1.1/30 1.1.1.2/30 192.168.1.4/32 1.1.1.13/30 1.1.1.14/30 192.168.1.6/32 1.1.1.29/30 1.1.1.30/30 192.168.1.8/32
PCS SL: 1000 SL: 4000 ge-0/0/2 ge-0/0/2 SL: 6000 SL: 8000
Index: 101 RSVP Tunnel Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 Index: 108
ge-0/0/1 R1-to-R8-B ge-0/0/1
1.1.1.5/30 1.1.1.41/30
SR traceroute originated
from R2 and going to R5
Segment Routing
AS100
root@R2>
. . .
Path 2 via ge-0/0/1.0 destination 127.0.0.66 <<< Following Second LSP R1-to-R8-B, Second Iteration takes second LSP
root@R2>
Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
source 192.168.1.2
. . . . . .
Label Stack: MTU: 1514
Hop 1.1.1.5 Depth 1
Label 1 Value 29 Protocol RSVP-TE . . .
Probe status: Success
FEC-Stack-Sent: RSVP,ISIS Label Stack:
Parent: (null)
Label 1 Value 9105 Protocol ISIS
. . .
Hop 1.1.1.30 Depth 4 FEC-Stack-Sent: ISIS
MTU: Unknown <<< First Packet MTU is unknown as we print MTU
Probe status: Egress
. . . from reply packet and since it is first probe,
Parent: 1.1.1.49 Hop 1.1.1.37 Depth 6
Label Stack: we are yet to receive any reply.
Return code: Egress-ok at stack-depth 1 Probe status: Success
Label 1 Value 1105 Protocol ISIS
. . . Parent: 1.1.1.42
FEC-Stack-Sent: ISIS
MTU: 1514 Return code: Label switched at stack-depth 1
FEC-Change-Recieved: PUSH-RSVP PUSH-RSVP
. . . . . .
Label Stack: MTU: 1514
Hop 1.1.1.46 Depth 2
Label 1 Value 3 Protocol RSVP-TE . . .
Probe status: Success
FEC-Stack-Sent: RSVP,ISIS Label Stack:
Parent: 1.1.1.5
FEC-Change-Recieved: POP-RSVP Label 1 Value 7105 Protocol ISIS
Return code: Label switched at stack-depth 2
FEC-Stack-Sent: ISIS
. . .
Hop 1.1.1.30 Depth 4
MTU: 1514
Probe status: Success Hop 1.1.1.25 Depth 7
. . .
Parent: 1.1.1.49 Probe status: Egress
Label Stack:
Return code: Label switched at stack-depth 1 Parent: 1.1.1.37
Label 1 Value 21 Protocol RSVP-TE
. . . Return code: Egress-ok at stack-depth 1
Label 2 Value 8105 Protocol ISIS
MTU: 1514 . . .
FEC-Stack-Sent: RSVP,ISIS
. . . MTU: 1514
Label Stack: . . .
Hop 1.1.1.49 Depth 3
Label 1 Value 3 Protocol RSVP-TE Label Stack:
Probe status: Success
FEC-Stack-Sent: ISIS Label 1 Value 3 Protocol ISIS
Parent: 1.1.1.46
FEC-Stack-Sent: ISIS
Return code: Label switched at stack-depth 2
Hop 1.1.1.42 Depth 5
. . .
Probe status: Success
MTU: 1514
Parent: 1.1.1.30 Path 1 via ge-0/0/1.0 destination 127.0.0.64
. . .
Return code: Label switched at stack-depth 1 . . .
. . .
© 2018 Juniper Networks 312
Juniper Business Use Only
SR OAM (L-ISIS) - Verification through SR-RSVP Interworking Cont…
. . . . . .
Label Stack: MTU: 1514
Hop 1.1.1.2 Depth 2
Label 1 Value 3 Protocol RSVP-TE . . .
Probe status: Success
FEC-Stack-Sent: RSVP,ISIS Label Stack:
Parent: 1.1.1.5
FEC-Change-Recieved: POP-RSVP Label 1 Value 7105 Protocol ISIS
Return code: Label switched at stack-depth 2
FEC-Stack-Sent: ISIS
. . .
Hop 1.1.1.30 Depth 4
MTU: 1514
Probe status: Success Hop 1.1.1.25 Depth 7
. . .
Parent: 1.1.1.14 Probe status: Egress
Label Stack:
Return code: Label switched at stack-depth 1 Parent: 1.1.1.37
Label 1 Value 23 Protocol RSVP-TE
. . . Return code: Egress-ok at stack-depth 1
Label 2 Value 8105 Protocol ISIS
MTU: 1514 . . .
FEC-Stack-Sent: RSVP,ISIS
. . . MTU: 1514
Label Stack: . . .
Hop 1.1.1.14 Depth 3
Label 1 Value 3 Protocol RSVP-TE Label Stack:
Probe status: Success
FEC-Stack-Sent: ISIS Label 1 Value 3 Protocol ISIS
Parent: 1.1.1.2
FEC-Stack-Sent: ISIS
Return code: Label switched at stack-depth 2
Hop 1.1.1.42 Depth 5
. . .
Probe status: Success
MTU: 1514
Parent: 1.1.1.30 Path 2 via ge-0/0/1.0 destination 127.0.0.65
. . .
Return code: Label switched at stack-depth 1
Label Stack:
. . .
Label 1 Value 26 Protocol RSVP-TE
MTU: 1514 root@R2>
FEC-Stack-Sent: RSVP,ISIS
. . .
Label Stack:
Hop 1.1.1.30 Depth 4
Label 1 Value 9105 Protocol ISIS
Probe status: Egress
FEC-Stack-Sent: ISIS
Parent: 1.1.1.14
Return code: Egress-ok at stack-depth 1
Hop 1.1.1.37 Depth 6
. . .
Probe status: Success
MTU: 1514
Parent: 1.1.1.42
. . .
Return code: Label switched at stack-depth 1
. . .
© 2018 Juniper Networks 313
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels)
The basic idea is to verify the segment-routed MPLS path by sending the “MPLS echo request” packet with entire label-stack
along the same data path as the data traffic. An MPLS echo request carries Forwarding Equivalence Class (FEC) of the segment-
routing path is being verified. This echo request is forwarded just like any other packet based on the label-stack.
In "ping" mode (basic connectivity check), the packet should reach the end of the path, at which point it is sent to the control
plane of the end node, which then verifies whether it is indeed an Egress for the FEC.
In "traceroute" mode (fault isolation), the packet is sent to the control plane of each transit node along the MPLS path, which
performs various checks that it is indeed a transit node for this path; this transit node also returns further information that helps
check the control plane against the data plane, i.e., that forwarding matches what the segment-routing protocols determined as
the path.
Note: SPRING-TE OAM supports Ping and Traceroute for all types of SR-TE tunnels including static SR tunnels, BGP-SR-TE
tunnels, PCEP tunnels.
FEC1 is associated with the Label stack and associated FECs received by the Routers from R2
R2-R1 Adj SID Segment
FEC1
(label 20) “IGP Adj
1103 FEC2
segment ID subTLV”
1105 FEC3 FEC2
1109 FEC4 1105, 1 FEC3
Pay Load 1109, 0 FEC4 FEC3
Pay Load 1109, 1 FEC4
FEC1 Pay Load
1103 FEC2 1103, 1 FEC2
1105 FEC3 1105, 0 FEC3 1105, 1 FEC3 1105, 2 FEC3 1105, 3 FEC3
1109 FEC4 1109, 0 FEC4 1109, 0 FEC4 1109, 0 FEC4 1109, 0 FEC4 1109, 1 FEC4 1109, 2 FEC4
Pay Load Pay Load Pay Load Pay Load Pay Load Pay Load Pay Load Pay Load
R2 R1 R3 R6 R4 R5 R7 R9
SL: 1000 SL: 1000 SL: 1000 SL: 1000 SL: 1000 SL: 1000 SL: 1000 SL: 1000
Index: 102 Index: 101 Index: 103 Index: 106 Index: 104 Index: 105 Index: 107 Index: 109
Two very important key points to keep in mind when you are going through the step by step procedure starting on next slide.
a. If any transit router (R1, R4 and R7 in the example) in path returns label 3 (Implicit Null label) in the DDMT TLV of Echo response
message for a segment, then ingress router sets the TTL 1 for the next label representing next segment. For the previous segment
(segment for which router returned label 3), ingress router sets the TTL of label representing that segment to 255. The exception is the
PHP router of the path (R7), in which case the TTL of the existing label will be increased by 1 so that R2 can reach the last hop of the
path (R9). If transit router returns label other then Implicit Null label, then TTL of existing label will increase by 1 in the next Echo
request.
b. If any transit router (R1, R3 and R5 in the example) in path reports itself as egress router for the FEC associated with its segment in the
DDMT TLV of the Echo response, then ingress router should remove that FEC from the FEC stack and send one more echo request with
the same TTL value and same DDMT TLV (as with the previous Echo request request) to the same node (which reported itself as egress)
for tracing the next segment. Egress router of the path (R9 in the example) will also report itself as egress router but MPLS reply from
egress
© 2018 router of path will complete the LSP trace.
Juniper Networks
Juniper Business Use Only
316
SR OAM (SPRING-TE Tunnels) - Trace Functionality Explanation
Below are the procedures performed by ingress router to perform MPLS traceroute for SR-TE path from R2 to R9.
1. Probe 1 from R2 to R1: Ingress R2 sends MPLS LSP Echo Request with label stack of ((1103,1), (1105,0), (1109,0)) to R1 along
with associated FECs of these respective labels. Please note that FEC associated with the top label of SR-TE path stack (20)
would also be present for the validation of adjacency SID of R2-R1 link. This FEC would be the first FEC in the FEC stack as it
belongs to the top label of path stack (20). For the verification on R1, the Label in the DDMT TLV of echo request will be 1103
along with the R1’s interface IP connecting to R2.
2. Probe 1 reply from R1 to R2: Since R1 receives MPLS LSP Echo Request with TTL as 1 for outer most label (1103), R1 validates
the outermost FEC and by looking at the FEC, R1 knows that it’s the egress router for the FEC associated with the R2-R1
adjacency segment. After FEC validation, R1 will validate DDMT TLV info and determine that MPLS echo request is received
on the correct interface. R1 sends echo response to R2 with return code as the egress for outermost FEC associated with the
R2-R1 adjacency segment.
3. Probe 2 from R2 to R1: R2 receives echo response with return code as egress from R1. Now Ingress LSR (R2) must start
tracing the next segment (if exists; in our case first segment) by removing the outermost FEC associated with R2-R1 adjacency
segment from the FEC stack and send one more echo request with the same TTL value to the same node (R1) for tracing the
next segment (first) in the label stack. R2 sends MPLS LSP Echo Request with label stack of ((1103,1), (1105,0), (1109,0)) to R1
along with associated FECs of respective labels “1103, 1105, 1109”. For the verification on R1, the Label in the DDMT TLV of
echo request will be 1103 along with the R1’s interface IP connecting to R2.
5. Probe 3 from R2 to R3: R2 looks at the echo response from R1 and it sees Implicit Null label value in DDMT TLV. Now
Ingress LSR (R2) must set the TTL value of next-label (1105) in label-stack to 1. All Outer-label TTL will be set to 255 and all
the other Inner-label TTL will be set to 0. R2 should send the next MPLS LSP Echo Request with label stack ((1103,255),
(1105,1), (1109,0)). For the verification on R3, the Label in the DDMT TLV of echo request will be 3 along with the R3’s
interface IP connecting to R1.
6. Probe 3 reply from R3 to R2: R1 being PHP POPs the outermost label (1103) from the label stack and forwards the rest of
packet to R3 with label stack ((1105,1), (1109,0)). R3 receives MPLS LSP Echo Request with TTL as 1 for outer most label
(1105). R3 validates the outermost FEC and by looking at the FEC, R3 knows that it’s the egress router for the FEC associated
with Node-Sid of R3. After FEC validation, R3 will validate DDMT TLV info and determine that MPLS echo request is
received on the correct interface. R3 sends echo response to R2 with return code as the egress for outermost FEC associated
with Node-Sid of R3.
8. Probe 4 reply from R3 to R2: R1 being PHP POPs the first label from the label stack forwards the packet to R3. Once R3
receives this request with the label stack ((1105,1), (1109,0)), R3 validates the outermost FEC and by looking at the FEC, R3
knows that it’s the transit router for the FEC associated with Node-Sid of R5. After FEC validation, R3 will validate DDMT
TLV info and determine that MPLS echo request is received on the correct interface. R3 send echo response (with label 1105
along with the R6’s interface IP connecting to R3 in its DDMT TLV) to R2.
9. Probe 5 from R2 to R6: Since 1105 is not the Implicit Null label hence TTL of the same label 1105 will be incremented in the
next ECHO request. R2 send the next MPLS LSP Echo request with label stack ((1103,255), (1105,2), (1109,0)) to R6. For the
verification on R6, the Label in the DDMT TLV of echo request will be 1105 along with the R6’s interface IP connecting to R3.
10. Probe 5 reply from R6 to R2: R1 being PHP POPs the first label from the label stack and R3 forwards the packet to R6. Once
R6 receives this request with the label stack ((1105,1), (1109,0)), R6 validates the outermost FEC and by looking at the FEC,
R6 knows that it’s the transit router for the FEC associated with Node-Sid of R5. After FEC validation, R6 will validate DDMT
TLV info and determine that MPLS echo request is received on the correct interface. R6 send echo response (with label 1105
along with the R4’s interface IP connecting to R6 in its DDMT TLV) to R2.
© 2018 Juniper Networks 319
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Trace Functionality Explanation
11. Probe 6 from R2 to R4: Again returned label (1105) in DDMT TLV of echo response packet is not an Implicit Null label hence
TTL of the same label will be incremented in the next ECHO request. R2 send the next MPLS LSP Echo request with label
stack ((1103,255), (1105,3), (1109,0)) to R4. For the verification on R4, the Label in the DDMT TLV of echo request will be
1105 along with the R4’s interface IP connecting to R6.
12. Probe 6 reply from R4 to R2: R1 being PHP POPs the first label from the label stack and R3 and R6 forwards the packet to
R4. Once R4 receives this request with the label stack ((1105,1), (1109,0)), R4 validates the outermost FEC and by looking at
the FEC, R4 knows that it’s the PHP router for the FEC associated with Node-Sid of R5. After FEC validation, R4 will validate
DDMT TLV info and determine that MPLS echo request is received on the correct interface. R4 send echo response (with
label 3 along with the R5’s interface IP connecting to R4 in its DDMT TLV) to R2.
13. Probe 7 from R2 to R5: R2 looks at the echo response from R4 it sees Implicit Null label value in DDMT TLV. Now Ingress
LSR (R2) must set the TTL value of next-label (1109) in label-stack to 1. All Outer-label TTL will be set to 255 and all the
other Inner-label TTL will be set to 0. R2 send the next MPLS LSP Echo request with label stack ((1103,255), (1105,255),
(1109,1)). For the verification on R5, the Label in the DDMT TLV of echo request will be 3 along with the R5’s interface IP
connecting to R4.
15. Probe 8 from R2 to R5: R2 receives echo response with return code as egress from R5. Now Ingress LSR (R2) must start
tracing the next segment (if exists; in our case third segment) by removing the outermost FEC associated with Node-Sid of R5
from the FEC stack and send one more echo request with the same TTL value to the same node (R5) for tracing the next
segment (third) in the label stack. LSP echo request is sent by R2 with the label stack as ((1103,255), (1105,255), (1109,1)).
For the verification on R5, the Label in the DDMT TLV of echo request will be 3 along with the R5’s interface IP connecting to
R4.
16. Probe 8 reply from R5 to R2: R1 and R4 being PHP POPs the first (1103) and second (1105) label respectively. Once R5
receives this request with the label stack (1109,1)), R5 validates the outermost FEC and by looking at the, FEC R5 knows that
it’s the transit router for the FEC associated with Node-Sid of R9. After FEC validation, R5 will validate DDMT TLV info and
determine that MPLS echo request is received on the correct interface. R5 send echo response (with label 1109 along with the
R7’s interface IP connecting to R5 in its DDMT TLV) to R2.
18. Probe 9 reply from R7 to R2: R1 and R4 being PHP POPs the first (1103) and second (1105) label respectively. R5 forwards
the packet to R7. Once R7 receives this request with the label stack (1109,1), R7 validates the outermost FEC and by looking
at the FEC, R7 knows that it’s the PHP router for the FEC associated with Node-Sid of R9. After FEC validation, R7 will
validate DDMT TLV info and determine that MPLS echo request is received on the correct interface. R7 send echo response
(with label 3 along with the R9’s interface IP connecting to R7 in its DDMT TLV) to R2.
19. Probe 10 from R2 to R9: R2 looks at the echo response from R7 it sees an Implicit Null label value in DDMT TLV. Now
Ingress LSR (R2) must set the TTL value of next-label in label-stack to 1. Since 1109 is the bottom label for the last segment
and no next label exists, the TTL of the existing label (1109) has to be increased by 3 so that we can reach R9 to complete the
FEC validation of third segment. All Outer-label TTL will be set to 255 and all the other Inner-label TTL (in our case now they
are none) will be set to 0. R2 send the next MPLS LSP Echo Request with label stack ((1103,255), (1105,255), (1109,3)). For
the verification on R9, the Label in the DDMT TLV of echo request will be 3 along with the R9’s interface IP connecting to R7.
21. R2 receives an echo reply with return code as egress for the last FEC in the FEC stack TLV and conclude that R9 is the Egress
for the SR-TE path. The end of a tunnel is detected from the Return Code when it indicates that the responding LSR R9 is an
egress for the stack at depth 1. R2 completes the trace with the validation of the last FEC in the FEC stack.
root@R2>
root@R2>
Topology
Northstar
JVM
192.168.1.10 em2
AS200 172.16.18.199/24
7109
18
Segment Routing
AS100
PCEP Provisioned PCEP Provisioned
Node SID LSP Adj SID LSP
root@R1>
root@R1>
root@R1>
Note: There is no label assigned for the first IGP Adj segment ID sub-TLV (associated with label 62) when we send the trace packet. Hence the first router just process the IGP Adj segment ID sub-TLV and declare that it is
the egress for the first IGP Adj segment ID sub-TLV. For the second IGP Adj segment ID sub-TLV we have label 16, for the third one we have 17 and for forth one we have 18.
root@R1>
© 2018 Juniper Networks 331
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Adj SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 62 16, 17, 18 192.168.1.4/32 16 17, 18 192.168.1.6/32 17 18 192.168.1.7/32 18 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
MPLS Echo Request: Probe
1
Downstream Detailed
Mapping TLV
IP 1.1.1.2, label 16
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj SID Networks
label would be represented by one Adj segment ID sub-TLV. We have Juniper
four labels (62, 332
Business Use16, 17, 18) in our LSP. That is why Probe 1 is having 4 Adj segment ID sub-TLV TLVs.
Only
SR OAM (SPRING-TE Tunnels) - Adj SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 62 16, 17, 18 192.168.1.4/32 16 17, 18 192.168.1.6/32 17 18 192.168.1.7/32 18 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj SID Networks
label would be represented by one Adj segment ID sub-TLV. We have Juniper
four labels (62, 333
Business Use16, 17, 18) in our LSP. That is why Probe 1 is having 4 Adj segment ID sub-TLV TLVs.
Only
SR OAM (SPRING-TE Tunnels) - Adj SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 62 16, 17, 18 192.168.1.4/32 16 17, 18 192.168.1.6/32 17 18 192.168.1.7/32 18 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj SID Networks
label would be represented by one Adj segment ID sub-TLV. We have Juniper
four labels (62, 334
Business Use16, 17, 18) in our LSP. That is why Probe 1 is having 4 Adj segment ID sub-TLV TLVs.
Only
SR OAM (SPRING-TE Tunnels) - Adj SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 62 16, 17, 18 192.168.1.4/32 16 17, 18 192.168.1.6/32 17 18 192.168.1.7/32 18 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj SID Networks
label would be represented by one Adj segment ID sub-TLV. We have Juniper
four labels (62, 335
Business Use16, 17, 18) in our LSP. That is why Probe 1 is having 4 Adj segment ID sub-TLV TLVs.
Only
SR OAM (SPRING-TE Tunnels) - Adj SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 62 16, 17, 18 192.168.1.4/32 16 17, 18 192.168.1.6/32 17 18 192.168.1.7/32 18 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.17/30 1.1.1.18/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
MPLS Echo Request: Probe
1 MPLS Echo Request: Probe
3
Adj Segment sub-TLV R1-R4 MPLS Echo Request: Probe
Adj Segment sub-TLV R4-R6 16 TTL = 1 5
Adj Segment sub-TLV R4-R6 MPLS Echo Request: Probe
Adj Segment sub-TLV R6-R7 17 TTL = 0 16 TTL = 255
Adj Segment sub-TLV R6-R7 7
Adj Segment sub-TLV R7-R9 18 TTL = 0 17 TTL = 1 Adj Segment sub-TLV R6-R7 16 TTL = 255
Adj Segment sub-TLV R7-R9
18 TTL = 0 Adj Segment sub-TLV R7-R9 17 TTL = 255 16 TTL = 255
18 TTL = 1 Adj Segment sub-TLV R7-R9
Downstream Detailed Downstream Detailed 17 TTL = 255
Mapping TLV Downstream Detailed 18 TTL = 2
Mapping TLV Downstream Detailed
IP 1.1.1.2, label 16 Mapping TLV
IP 1.1.1.18, label 3 Mapping TLV
IP 1.1.1.34, label 3
IP 1.1.1.38, label 3
MPLS Echo Reply: Probe 1
R4 is Egress MPLS Echo Reply: Probe 3
R6 is Egress MPLS Echo Reply: Probe 5
R7 is Egress MPLS Echo Reply: Probe 7
R9 is Egress
MPLS Echo Request: Probe
2
MPLS Echo Request: Probe
4
Adj Segment sub-TLV R4-R6 MPLS Echo Request: Probe
16 TTL = 1
Adj Segment sub-TLV R6-R7 6
17 TTL = 0 Adj Segment sub-TLV R6-R7 16 TTL = 255
Adj Segment sub-TLV R7-R9
18 TTL = 0 Adj Segment sub-TLV R7-R9 17 TTL = 1 16 TTL = 255
Adj Segment sub-TLV R7-R9
18 TTL = 0 17 TTL = 255
Downstream Detailed
Downstream Detailed 18 TTL = 1
Mapping TLV Downstream Detailed
Mapping TLV
IP 1.1.1.2, label 16 Mapping TLV
IP 1.1.1.18, label 3
IP 1.1.1.34, label 3
MPLS Echo Reply: Probe 2
R4 is transit. MPLS Echo Reply: Probe 4
Downstream Detailed Mapping TLV R6 is transit. MPLS Echo Reply: Probe 6
IP 1.1.1.18, label 3 Downstream Detailed Mapping TLV R7 is transit.
IP 1.1.1.34, label 3 Downstream Detailed Mapping TLV
IP 1.1.1.38, label 3
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj SID Networks
label would be represented by one Adj segment ID sub-TLV. We have Juniper
four labels (62, 336
Business Use16, 17, 18) in our LSP. That is why Probe 1 is having 4 Adj segment ID sub-TLV TLVs.
Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Example
root@R1> show spring-traffic-engineering lsp detail root@R1> show route 192.168.1.9
Name: R1-to-R9-LSP-NodeSID
Tunnel-source: Path computation element protocol(PCEP) inet.0: 43 destinations, 44 routes (43 active, 0 holddown, 0 hidden)
To: 192.168.1.9 + = Active Route, - = Last Active, * = Both
State: Up
Telemetry statistics: 192.168.1.9/32 *[IS-IS/18] 4d 11:47:05, metric 40
Sensor-name: ingress-R1-to-R9-LSP-NodeSID, Id: 3758096389 > to 1.1.1.2 via ge-0/0/0.0
Outgoing interface: NA to 1.1.1.6 via ge-0/0/1.0
Auto-translate status: Disabled Auto-translate result: N/A to 1.1.1.46 via ge-0/0/4.0
Compute Status:Disabled , Compute Result:N/A , Compute-Profile Name:N/A
BFD status: N/A BFD name: N/A inet.3: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
SR-ERO hop count: 2 + = Active Route, - = Last Active, * = Both
Hop 1 (Strict):
NAI: IPv4 Adjacency ID, 1.1.1.1 -> 1.1.1.2 192.168.1.9/32 *[SPRING-TE/6] 00:00:11, metric 1, metric2 0
SID type: 20-bit label, Value: 62 > to 1.1.1.2 via ge-0/0/0.0, Push 4109
Hop 2 (Strict): [L-ISIS/14] 4d 11:47:05, metric 40
NAI: IPv4 Node ID, Node address: 192.168.1.9 > to 1.1.1.2 via ge-0/0/0.0, Push 4109
SID type: 20-bit label, Value: 4109 to 1.1.1.6 via ge-0/0/1.0, Push 2109
to 1.1.1.46 via ge-0/0/4.0, Push 3109
root@R1>
root@R1>
root@R1>
Note: There is no label assigned for the first IGP Adj segment ID sub-TLV (associated with label 62) when we send the trace packet. Hence the first router just process the IGP Adj segment ID sub-TLV and declare that it is
the egress for the first IGP Adj segment ID sub-TLV. For the second IGP Adj segment ID sub-TLV we have label 16, for the third one we have 17 and for forth one we have 18.
root@R1>
© 2018 Juniper Networks 340
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Downstream Detailed
Mapping TLV
IP 1.1.1.2, label 4109
Downstream Detailed
Mapping TLV
IP 1.1.1.2, label 4109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj Networks
SID label would be represented by one Adj segment ID sub-TLV. We have one Adj SID labels (62) in our LSP. That is why Probe 1 is having 1 Adj segment ID sub-TLV TLVs. 341
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Downstream Detailed
Mapping TLV
IP 1.1.1.14, label 6109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj Networks
SID label would be represented by one Adj segment ID sub-TLV. We have one Adj SID labels (62) in our LSP. That is why Probe 1 is having 1 Adj segment ID sub-TLV TLVs. 342
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Downstream Detailed
Mapping TLV
IP 1.1.1.34, label 7109
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj Networks
SID label would be represented by one Adj segment ID sub-TLV. We have one Adj SID labels (62) in our LSP. That is why Probe 1 is having 1 Adj segment ID sub-TLV TLVs. 343
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
Downstream Detailed
Mapping TLV
IP 1.1.1.38, label 3
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj Networks
SID label would be represented by one Adj segment ID sub-TLV. We have one Adj SID labels (62) in our LSP. That is why Probe 1 is having 1 Adj segment ID sub-TLV TLVs. 344
Juniper Business Use Only
SR OAM (SPRING-TE Tunnels) - Node SID LSP Trace Explanation
R1 - lo0.0- R4- lo0.0- R6 - lo0.0- R7 - lo0.0- R9 - lo0.0-
192.168.1.1/32 L.Out: 4109 L.In: 4109 192.168.1.4/32 L.Out: 6109 L.In: 6109 192.168.1.6/32 L.Out: 7109 L.In: 7109 192.168.1.7/32 L.Out: 3 IPv4 192.168.1.9/32
SL: 1000 ge-0/0/0 ge-0/0/0 SL: 4000 ge-0/0/0 ge-0/0/0 SL: 6000 ge-0/0/0 ge-0/0/0 SL: 7000 ge-0/0/0 ge-0/0/0 SL: 9000
Index: 101 1.1.1.1/30 1.1.1.2/30 Index: 104 1.1.1.13/30 1.1.1.14/30 Index: 106 1.1.1.33/30 1.1.1.34/30 Index: 107 1.1.1.37/30 1.1.1.38/30 Index: 109
For now, One option is to keep the start label same on all the routers and this way all the Node SID labels would be present in the TED
databases of all the routers. Then you will see “IGP IPv4 prefix sub-TLV” sub-TLV in place of NIL FEC sub-TLV in Node SID LSP trace.
Note: Each Adj Segment is represented by IGP Adj segment ID sub-TLV (FEC). Apart from other fields this TLV represents local interface, Remote Interface, Local Router ID, Remote Router ID.
© 2018
Each Juniper
Adj Networks
SID label would be represented by one Adj segment ID sub-TLV. We have one Adj SID labels (62) in our LSP. That is why Probe 1 is having 1 Adj segment ID sub-TLV TLVs. 345
Juniper Business Use Only
REFERENCES
RLI 27278 - BGP-LU Prefix SID Support - Software Functional Specification by Sanoj K Vivekanandan
RLI 27279 - Configurable SRGB for Spring Protocol ISIS - Software Functional Specification by Parag Kaneriya
RLI 27281 - MPLS Ping and Traceroute for SPRING - Software Functional Specification by Arunkumar P, Sunil Kumar, Deepti Rathi
RLI 29611 - BGP SR-TE - Software Functional Specification by S. Kolenchery, Bharat R, Salih KA, A. Nesari, J. Chen, S. Gandiboyina, S. Hegde - v1.47
RLI 31511 - Static Segment Routing LSP - Software Functional Specification by Yimin Shen
RLI 33744 - IS-IS TI-LFA - Software Functional Specification by Shelesh Bansal
RLI 33753 - BGP EPE (Peer sid + BGP LS & J-vision extensions) - Software Functional Specification by Mukul Srivastava
RLI 36838 - Static SR LSP with Label Stack (aka. Non-Colored Static SR LSP) by Yimin Shen
RLI 36966 - BGP SR-TE - Color mode support - Software Functional Specification by Vijay Kestur
RLI 37610 - First hop label support for non-colored SR-TE LSPs AND Install keyword support - Software Functional Specification by Salih K A
RLI 38689 - Color-only policy-based Routing Requirements for DT and proposed Solution_v5 - Download it
RLI 39603 - Segment Routing segment list path ERO support using IP address by Jayesh J
RLI 40089 - MPLS Ping and Traceroute phase II - (Support for SR-TE paths) by Sunil Kumar, Arunkumar P, Deepti Rathi
RFC 5286 - Basic Specification for IP Fast Reroute - Loop Free Alternates
RFC 7752 - North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP
RFC 8029 - Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures
RFC 8287 - Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) IGP-Prefix and IGP-Adjacency Segment Identifiers (SIDs) with
MPLS Data Planes
RFC 8402 - Segment Routing Architecture
BGP-LS extensions for Segment Routing BGP Egress Peer Engineering - draft-ietf-idr-bgpls-segment-routing-epe-17
Segment
© 2018 Routing Centralized BGP Egress Peer Engineering - draft-ietf-spring-segment-routing-central-epe-10
Juniper Networks 347
Juniper Business Use Only
References Cont…
TOIs:
Docs:
Books:
Links:
https://packetpushers.net/ip-frr-micro-loops-part-2/
https://packetpushers.net/yet-another-blog-about-segment-routing-part2-ti-lfa/
http://www.ciscopress.com/articles/article.asp?p=680824&seqNum=4/