ISIS Segment Routing¶
Segment routing (SR) is used by the IGP protocols to interconnect network devices. This chapter explains how to configure SR in IS-IS protocol, by using an MPLS dataplane.
IS-IS SR basic configuration¶
The below configuration shows how to enable SR service on the IS-IS instance
of the main VRF.
vsr running config# vrf main
vsr running vrf main# routing interface loop1
vsr running interface loop1# isis area-tag 1
vsr running interface loop1# isis ipv4-routing true
vsr running interface loop1# .. ..
vsr running vrf main# routing isis instance 1
vsr running isis# area-address 49.0002.0000.1979.00
vsr running isis#! segment-routing enabled true
vsr running isis# segment-routing prefix-sid-map 1.1.1.1/32
vsr running prefix-sid-map 1.1.1.1/32# sid-value 100
vsr running vrf main# interface physical eth0
vsr running physical eth0#! ipv4 address 10.125.0.1/24
vsr running physical eth0#! port pci-b0s4
vsr running physical eth0# .. ..
vsr running vrf main# interface loopback loop1
vsr running loopback loop1# ipv4 address 1.1.1.1/32
vsr running loopback loop1#
The SID value has to be configured for each device. A loopback IP address is generally used for that. The prefix SID value is picked up from a global block of MPLS labels. The value is transmitted as an index value in the LSP packets. The indexes received are translated into MPLS labels within the global block configuration of the device.
Note
Using an index value is flexible when remote devices participating in the SR network do not have the same global pool configured. If the global pools are all the same, then the prefix-sid-map can also be configured as an absolute value.
vsr running isis# segment-routing prefix-sid-map 1.1.1.1/32
vsr running prefix-sid-map 1.1.1.1/32# sid-value-type absolute
vsr running prefix-sid-map 1.1.1.1/32# sid-value 16050
The SR global block range can be redefined to align with the pool of other
devices. By default, the lower and the upper bounds are respectively set to
16000 and 23999.
vsr running vrf main# routing isis instance 1
vsr running isis# area-address 49.0002.0000.1979.00
vsr running isis#! segment-routing enabled true
vsr running isis# segment-routing label-blocks
vsr running label-blocks# srgb lower-bound 18000
vsr running label-blocks# srgb upper-bound 19000
vsr running label-blocks#
The following output displays the segment routing nodes, along with the defined label ranges received from LSPs packets.
vsr> show isis segment-routing node
Area 1:
IS-IS L1 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
--------------------------------------------------------------
0002.0000.1979 18000 - 19000 15000 - 15999 SPF 0
0002.0000.1994 18000 - 19000 15000 - 15999 SPF 10
Note
The last column stands for the maximum SID depth (MSD) and defines the maximum number of labels that can be stacked by the SR MPLS dataplane. This option is used by controllers performing traffic engineering and handling adjacency labels. This value can be configured:
vsr running isis# segment-routing msd node-msd 10
vsr running isis#
The following output displays the IS-IS prefix SID values configured on the
network. For instance, to reach the remote 1.1.1.1 IP address, the router
has to pop the 18642 label from the packet, before sending it.
vsr> show isis route prefix-sid
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop SID Label Op.
----------------------------------------------------------------
2.2.2.2/32 20 eth0 10.125.0.1 642 Pop(18642)
1.1.1.1/32 0 - - - -
[..]
Segment routing setup example¶
The below topology will be used to illustrate segment routing setup made up of
4 devices, and where traffic entering rt1 will be directed to rt4.
The configuration is given below for each device.
rt1
rt1 running config# vrf main
rt1 running vrf main# interface physical eth1
rt1 running physical eth1#! port pci-b0s4
rt1 running physical eth1# ipv4 address 10.100.0.1/24
rt1 running physical eth1# .. physical eth3
rt1 running physical eth3#! port pci-b0s6
rt1 running physical eth3# ipv4 address 10.125.0.1/24
rt1 running physical eth3# .. loopback loop1
rt1 running loopback loop1# ipv4 address 1.1.1.1/32
rt1 running loopback loop1# / vrf main routing isis instance 1
rt1 running instance 1# area-address 49.0000.0007.e901.1111.00
rt1 running instance 1# is-type level-1
rt1 running instance 1# segment-routing enabled true
rt1 running instance 1# segment-routing msd node-msd 8
rt1 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt1 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt1 running instance 1# segment-routing label-blocks srlb lower-bound 32000
rt1 running instance 1#! segment-routing label-blocks srlb upper-bound 32999
rt1 running instance 1# segment-routing prefix-sid-map 1.1.1.1/32 sid-value-type index sid-value 11
rt1 running instance 1# segment-routing prefix-sid-map 1.1.1.1/32 last-hop-behavior no-php
rt1 running instance 1# .. .. interface loop1
rt1 running interface loop1# isis ipv4-routing true
rt1 running interface loop1#! isis ipv6-routing true
rt1 running interface loop1#! isis area-tag 1
rt1 running interface loop1# .. interface eth3
rt1 running interface eth3# isis ipv4-routing true
rt1 running interface eth3#! isis ipv6-routing true
rt1 running interface eth3#! isis area-tag 1
rt1 running interface eth3#
rt2
rt2 running config# vrf main
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s4
rt2 running physical eth1# ipv4 address 10.125.0.2/24
rt2 running physical eth1# .. physical eth2
rt2 running physical eth3#! port pci-b0s5
rt2 running physical eth3# ipv4 address 10.126.0.2/24
rt2 running physical eth3# .. loopback loop1
rt2 running loopback loop1# ipv4 address 2.2.2.2/32
rt2 running loopback loop1# / vrf main routing isis instance 1
rt2 running instance 1# area-address 49.0000.0007.e901.2222.00
rt2 running instance 1# is-type level-1
rt2 running instance 1# segment-routing enabled true
rt2 running instance 1# segment-routing msd node-msd 8
rt2 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt2 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt2 running instance 1# segment-routing label-blocks srlb lower-bound 30000
rt2 running instance 1#! segment-routing label-blocks srlb upper-bound 30999
rt2 running instance 1# segment-routing prefix-sid-map 2.2.2.2/32 sid-value-type index sid-value 22
rt2 running instance 1# segment-routing prefix-sid-map 2.2.2.2/32 last-hop-behavior no-php
rt2 running instance 1# .. .. interface loop1
rt2 running interface loop1# isis ipv4-routing true
rt2 running interface loop1#! isis ipv6-routing true
rt2 running interface loop1#! isis area-tag 1
rt2 running interface loop1# .. interface eth1
rt2 running interface eth1# isis ipv4-routing true
rt2 running interface eth1#! isis ipv6-routing true
rt2 running interface eth1#! isis area-tag 1
rt2 running interface eth1# .. interface eth2
rt2 running interface eth2# isis ipv4-routing true
rt2 running interface eth2#! isis ipv6-routing true
rt2 running interface eth2#! isis area-tag 1
rt2 running interface eth2#
rt3
rt3 running config# vrf main
rt3 running vrf main# interface physical eth2
rt3 running physical eth2#! port pci-b0s5
rt3 running physical eth2# ipv4 address 10.126.0.3/24
rt3 running physical eth2# .. physical eth3
rt3 running physical eth3#! port pci-b0s5
rt3 running physical eth3# ipv4 address 10.127.0.3/24
rt3 running physical eth3# .. loopback loop1
rt3 running loopback loop1# ipv4 address 3.3.3.3/32
rt3 running loopback loop1# / vrf main routing isis instance 1
rt3 running instance 1# area-address 49.0000.0007.e901.3333.00
rt3 running instance 1# is-type level-1
rt3 running instance 1# segment-routing enabled true
rt3 running instance 1# segment-routing msd node-msd 8
rt3 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt3 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt3 running instance 1# segment-routing label-blocks srlb lower-bound 33000
rt3 running instance 1#! segment-routing label-blocks srlb upper-bound 33999
rt3 running instance 1# segment-routing prefix-sid-map 3.3.3.3/32 sid-value-type index sid-value 33
rt3 running instance 1# segment-routing prefix-sid-map 3.3.3.3/32 last-hop-behavior no-php
rt3 running instance 1# .. .. interface loop1
rt3 running interface loop1# isis ipv4-routing true
rt3 running interface loop1#! isis ipv6-routing true
rt3 running interface loop1#! isis area-tag 1
rt3 running interface loop1# .. interface eth2
rt3 running interface eth2# isis ipv4-routing true
rt3 running interface eth2#! isis ipv6-routing true
rt3 running interface eth2#! isis area-tag 1
rt3 running interface eth2# .. interface eth3
rt3 running interface eth3# isis ipv4-routing true
rt3 running interface eth3#! isis ipv6-routing true
rt3 running interface eth3#! isis area-tag 1
rt3 running interface eth3#
rt4
rt4 running config# vrf main
rt4 running vrf main# interface physical eth1
rt4 running physical eth1#! port pci-b0s4
rt4 running physical eth1# ipv4 address 10.200.0.4/24
rt4 running physical eth1# .. physical eth2
rt4 running physical eth2#! port pci-b0s5
rt4 running physical eth2# ipv4 address 10.127.0.4/24
rt4 running physical eth2# .. loopback loop1
rt4 running loopback loop1# ipv4 address 4.4.4.4/32
rt4 running loopback loop1# / vrf main routing isis instance 1
rt4 running instance 1# area-address 49.0000.0007.e901.4444.00
rt4 running instance 1# is-type level-1
rt4 running instance 1# segment-routing enabled true
rt4 running instance 1# segment-routing msd node-msd 8
rt4 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt4 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt4 running instance 1# segment-routing label-blocks srlb lower-bound 31000
rt4 running instance 1#! segment-routing label-blocks srlb upper-bound 31999
rt4 running instance 1# segment-routing prefix-sid-map 4.4.4.4/32 sid-value-type index sid-value 33
rt4 running instance 1# segment-routing prefix-sid-map 4.4.4.4/32 last-hop-behavior no-php
rt4 running instance 1# .. .. interface loop1
rt4 running interface loop1# isis ipv4-routing true
rt4 running interface loop1#! isis ipv6-routing true
rt4 running interface loop1#! isis area-tag 1
rt4 running interface loop1# .. interface eth2
rt4 running interface eth2# isis ipv4-routing true
rt4 running interface eth2#! isis ipv6-routing true
rt4 running interface eth2#! isis area-tag 1
rt4 running interface eth2#
The below command dumps the devices that participate in the SR topology:
rt1
rt4> show isis segment-routing node
Area 1:
IS-IS L1 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
-------------------------------------------------------------
0007.e901.1111 1000 - 10000 32000 - 32999 SPF 8
0007.e901.2222 1000 - 10000 30000 - 30999 SPF 8
0007.e901.3333 1000 - 10000 33000 - 33999 SPF 8
0007.e901.4444 1000 - 10000 31000 - 31999 SPF 8
IS-IS L2 SR-Nodes:
The MPLS labels is provisioned with the prefix SIDs configured on each
device. The last entry is the local adjacency label provisioned on the ‘eth3’
interface to reach the rt2 device next to the rt1 device.
rt1
rt1> show mpls table
Inbound Label Type Nexthop Outbound Label
-------------------------------------------------------
1011 SR (IS-IS) lo -
1022 SR (IS-IS) 10.125.0.2 1022
1033 SR (IS-IS) 10.125.0.2 1033
1044 SR (IS-IS) 10.125.0.2 1044
32000 SR (IS-IS) 10.125.0.2 implicit-null
If the BGP service is configured between the rt1 and the rt4 devices,
then the BGP routes will inherit the prefix SIDs values to reach
each other.
rt1
rt1 running config# vrf main routing bgp
rt1 running routing bgp#! as 65500
rt1 running routing bgp# router-id 1.1.1.1
rt1 running routing bgp# neighbor 4.4.4.4 remote-as 65500
rt1 running routing bgp# neighbor 4.4.4.4 update-source loop1
rt1 running routing bgp# address-family ipv4-unicast network 10.100.0.0/24
rt1 running routing bgp#
rt4
rt4 running config# vrf main routing bgp
rt4 running routing bgp#! as 65500
rt4 running routing bgp# router-id 4.4.4.4
rt4 running routing bgp# neighbor 1.1.1.1 remote-as 65500
rt4 running routing bgp# neighbor 1.1.1.1 update-source loop1
rt4 running routing bgp# address-family ipv4-unicast network 10.200.0.0/24
rt4 running routing bgp#
rt1
rt1> show ipv4-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
B> 10.200.0.0/24 [200/0] via 4.4.4.4 (recursive), weight 1, 02:15:33
* via 10.125.0.2, eth3, label 1044, weight 1, 02:15:33
Interconnect L3VPN networks¶
A similar topology is used to depict how an SR network conveys some L3VPN
traffic. The rt1 and rt4 devices are used to interconnect two L3VRFs
located behind each of the devices.
The below configuration is added to the configuration of the above chapter. The configuration in the Segment routing setup example can be extended as follows:
rt1
rt1 running config# del vrf main interface physical eth1
rt1 running config# vrf main l3vrf vrf1 table-id 10
rt1 running config# vrf main l3vrf vrf1 interface physical eth1
rt1 running physical eth1# port pci-b0s4
rt1 running physical eth1# ipv4 address 10.100.0.1/24
rt1 running physical eth1# .. ..
rt1 running vrf main# del routing bgp
rt1 running vrf main# routing bgp
rt1 running routing bgp#! as 65500
rt1 running routing bgp# router-id 1.1.1.1
rt1 running routing bgp# neighbor 4.4.4.4 remote-as 65500
rt1 running routing bgp# neighbor 4.4.4.4 update-source loop1
rt1 running routing bgp# neighbor 4.4.4.4 address-family ipv4-unicast enabled false
rt1 running routing bgp# neighbor 4.4.4.4 address-family ipv4-vpn enabled true
rt1 running routing bgp# address-family ipv4-unicast network 10.100.0.0/24
rt1 running routing bgp# .. ..
rt1 running vrf main# l3vrf vrf1 routing bgp
rt1 running routing bgp# router-id 1.1.1.1
rt1 running routing bgp# address-family ipv4-unicast enabled true
rt1 running routing bgp# address-family ipv4-unicast redistribute connected
rt1 running routing bgp# address-family ipv4-unicast l3vpn export vpn true
rt1 running routing bgp# address-family ipv4-unicast l3vpn export label 103
rt1 running routing bgp# address-family ipv4-unicast l3vpn export route-target 65500:1
rt1 running routing bgp# address-family ipv4-unicast l3vpn export route-distinguisher 65500:1
rt1 running routing bgp# address-family ipv4-unicast l3vpn import vpn true
rt1 running routing bgp# address-family ipv4-unicast l3vpn import route-target 65500:1 route-target 65500:4
rt1 running routing bgp# address-family ipv4-unicast network 10.100.0.0/24
rt1 running routing bgp#
rt4
rt4 running config# del vrf main interface physical eth1
rt4 running config# vrf main l3vrf vrf1 table-id 10
rt4 running config# vrf main l3vrf vrf1 interface physical eth1
rt4 running physical eth1# port pci-b0s4
rt4 running physical eth1# ipv4 address 10.200.0.1/24
rt4 running physical eth1# .. ..
rt4 running vrf main# del routing bgp
rt4 running vrf main# routing bgp
rt4 running routing bgp#! as 65500
rt4 running routing bgp# router-id 4.4.4.4
rt4 running routing bgp# neighbor 1.1.1.1 remote-as 65500
rt4 running routing bgp# neighbor 1.1.1.1 update-source loop1
rt4 running routing bgp# neighbor 1.1.1.1 address-family ipv4-unicast enabled false
rt4 running routing bgp# neighbor 1.1.1.1 address-family ipv4-vpn enabled true
rt4 running routing bgp# address-family ipv4-unicast network 10.200.0.0/24
rt4 running routing bgp# .. ..
rt4 running vrf main# l3vrf vrf1 routing bgp
rt4 running routing bgp# router-id 1.1.1.1
rt4 running routing bgp# address-family ipv4-unicast enabled true
rt4 running routing bgp# address-family ipv4-unicast redistribute connected
rt4 running routing bgp# address-family ipv4-unicast l3vpn export vpn true
rt4 running routing bgp# address-family ipv4-unicast l3vpn export label 102
rt4 running routing bgp# address-family ipv4-unicast l3vpn export route-target 65500:4
rt4 running routing bgp# address-family ipv4-unicast l3vpn export route-distinguisher 65500:4
rt4 running routing bgp# address-family ipv4-unicast l3vpn import vpn true
rt4 running routing bgp# address-family ipv4-unicast l3vpn import route-target 65500:1 route-target 65500:4
rt4 running routing bgp# address-family ipv4-unicast network 10.200.0.0/24
rt4 running routing bgp#
An L3VPN route is learnt on the rt1 device to reach the 10.200.0.0/24
network. To reach the rt4 device, the SR label is used to calculate
the route where traffic between the L3VRFs will be steered:
rt1
rt1> show ipv4-routes l3vrf vrf1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF vrf1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:05:35
C>* 10.100.0.0/24 is directly connected, eth1, 00:05:34
B> 10.200.0.0/24 [20/0] via 4.4.4.4 (vrf default) (recursive), label 102, weight 1, 00:04:12
* via 10.125.0.2, eth3 (vrf default), label 1044/102, weight 1, 00:04:12