SRTE MPLS configuration

Below a list of the necessary elements to know when forging an SR policy with an MPLS dataplane.

Basic segment routing policy configuration

The configured services rely on a SR configuration with the IS-IS protocol. The rt1 device will be configured to steer 10.200.0.0/24 traffic to the rt4 device. The configuration example is given in SRTE setup example. The below figure can help:

../../../../_images/srte_basic1.svg

Basic topology example to illustrate segment routing policies configuration.

Color configuration

As explained in the SRTE overview chapter, coloring is necessary to steer traffic in a SR network. The color is an arbitrary value associated with a routing entry. Color can be set by route-maps. The incoming BGP routes can be locally colored.

rt1

rt1 running config# vrf main
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# router-id 1.1.1.1
rt1 running bgp# network-import-check false
rt1 running bgp# address-family ipv4-unicast network 10.100.0.0/24
rt1 running network 10.100.0.0/24# / vrf main routing bgp neighbor 4.4.4.4 remote-as 65500
rt1 running bgp# neighbor 4.4.4.4 update-source loop1
rt1 running bgp# neighbor 4.4.4.4 address-family ipv4-unicast route-map in route-map-name rmap
rt1 running bgp#! / routing route-map rmap
rt1 running route-map rmap#! seq 10 policy permit
rt1 running route-map rmap# seq 10 set sr-te color 5
rt1 running route-map rmap#

rt4

rt4 running config# vrf main
rt4 running vrf main# routing bgp
rt4 running bgp#! as 65500
rt4 running bgp# router-id 4.4.4.4
rt4 running bgp# network-import-check false
rt4 running bgp# address-family ipv4-unicast network 10.200.0.0/24
rt4 running network 10.100.0.0/24# / vrf main routing bgp neighbor 1.1.1.1 remote-as 65500
rt4 running bgp# neighbor 1.1.1.1 update-source loop1
rt4 running bgp#

rt1

rt1# show bgp ipv4
BGP table version is 2, local router ID is 1.1.1.1, vrf id 0
Default local pref 100, local AS 65500
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.100.0.0/24    0.0.0.0                  0         32768 i
*>i10.200.0.0/24    4.4.4.4                  0    100      0 i

Displayed  2 routes and 2 total paths

The above configuration colors the BGP route to the 10.200.0.024 traffic. The incoming traffic entering the SR network and going to the 10.200.0.024 network will have the same characteristics.

Without the SR policy, the LSP path to the 10.200.0.024 network reuses the SID returned by the SR network.

rt1

rt1# show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 1.1.1.1/32 is directly connected, loop1, 11:55:17
[..]
I>* 3.3.3.3/32 [115/30] via 10.125.0.2, eth3, label 1033, weight 1, 00:01:59
I>* 4.4.4.4/32 [115/40] via 10.125.0.2, eth3, label 1044, weight 1, 11:54:32
B>  10.200.0.0/24 [200/0] via 4.4.4.4 (recursive), weight 1, 11:35:18
  *                         via 10.125.0.2, eth3, label 1044, weight 1, 11:35:18

The below dump indicates that only the 32001 adjacency label reuses the eth2 interface directly connected to the rt3 device.

rt1

rt1# show mpls table
 Inbound Label  Type        Nexthop     Outbound Label
 -------------------------------------------------------
 1011           SR (IS-IS)  lo          -
 1022           SR (IS-IS)  10.125.0.2  1022
 1033           SR (IS-IS)  10.125.0.2  1033
 1044           SR (IS-IS)  10.125.0.2  1044
 32000          SR (IS-IS)  10.125.0.2  implicit-null
 32001          SR (IS-IS)  10.130.0.3  implicit-null

Candidate Path configuration

The below configuration illustrates an SR policy used to steer traffic going to the 4.4.4.4 endpoint, and with a color set to 5. The SR policy must have one or more candidate paths returning a segment list, ordered by preference number. The active candidate paths with the highest preference number is chosen by the SR policy to use the returned segment list.

A candidate path can be explicit, flex-algo based, or PCEP dynamic based.

Explicit segment List configuration using SID labels

On the former case, a segment-list needs to be configured:

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# policy color 5 endpoint 4.4.4.4
rt1 running policy color 5 endpoint 4.4.4.4# name 10_200_to_node4
rt1 running policy color 5 endpoint 4.4.4.4# candidate-path 10 type explicit name force_lsp segment-list igp_lsp
rt1 running policy color 5 endpoint 4.4.4.4#! ..
rt1 running traffic-engineering#! segment-list igp_lsp
rt1 running segment-list igp_lsp# segment 10 sid-label 1033
rt1 running segment-list igp_lsp# segment 20 sid-label 1044
rt1 running segment-list igp_lsp#

A segment list is a list of segments indexed by a number. The prioritized segment is that with the lowest index. In MPLS, the top segment stands for the first MPLS label that is used when entering a SR network. That label must be available in the SIDs offered by the SR network. If not, the candidate path associated with the segment list will not be valid, and the SR policy will be Inactive.

rt1

rt1> show segment-routing te-policies
 Endpoint  Color  Name                 BSID  Status
 ----------------------------------------------------
 4.4.4.4   5      10_200_to_node4      -     Active

The above SR policy is active because the 1033 label is available in the MPLS table, as indicated by the below output:

rt1

rt1> show mpls table
 Inbound Label  Type        Nexthop     Outbound Label
 -------------------------------------------------------
 1011           SR (IS-IS)  lo          -
 1022           SR (IS-IS)  10.125.0.2  1022
 1033           SR (IS-IS)  10.125.0.2  1033
 1044           SR (IS-IS)  10.125.0.2  1044
 32000          SR (IS-IS)  10.125.0.2  implicit-null
 32001          SR (IS-IS)  10.130.0.3  implicit-null

Once the SR policy is active, the routing entries with the next-hop set to the 4.4.4.4 address, and with the color set to 5 are modified. The segment list becomes the <1033, 1044> sid list.

rt1

rt1> show segment-routing te-policies installed
 Endpoint  Color  Name                 Status  Local Label  Segment List
 4.4.4.4   5     to_10_200_to_node4    Active  None         1033/1044

The colored BGP route will benefit from this SID list and the label stack will reflect the new segment list.

rt1

rt1# show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 1.1.1.1/32 is directly connected, loop1, 11:55:17
[..]
I>* 4.4.4.4/32 [115/40] via 10.125.0.2, eth3, label 1044, weight 1, 11:54:32
B>  10.200.0.0/24 [200/0] via 4.4.4.4 (recursive), weight 1, 11:35:18
  *                         via 10.125.0.2, eth3, label 1033/1044, weight 1, 00:00:05

Note

The labels used on the above example do not use the eth2 interface, as the 1033 label is reachable via IS-IS through the eth3 interface.

When the explicit segment list is expressed with MPLS labels, the segment list is hardset and never changes.

Explicit Segment List configuration using adjacency IP addresses

There are other ways to express segment lists in the configuration, which consists of naming the IPv4 and the IPv6 adjacencies of the SR network.

See also

  • Segment types definitions: see RFC 9256, section 4.

The below configuration illustrates a segment-list based on NAI IPv4 adjacencies. NAI stands for node or adjacency identifier.

The segment list expressed with IP addresses needs to get information on which label to use to reach a given IP adjacency. This information is known by the IGP routing protocol: IS-IS has a TE database that collects various information about nodes, and links. The edge information correlates SR information with IP information, and is used by SR-TE to resolve the NAI segments.

To enable the TE information on the IS-IS instances of the SR devices, perform the following configuration:

rt1

rt1 running vrf main# routing
rt1 running routing# interface eth2
rt1 running interface eth2# isis area-tag 1
rt1 running interface eth2#! isis ipv4-routing true
rt1 running interface eth2# isis ipv6-routing true
rt1 running interface eth2# isis network-point-to-point true
rt1 running interface eth2# traffic-engineering
rt1 running traffic-enginerring# .. ..
rt1 running routing# interface eth3
rt1 running interface eth3# isis area-tag 1
rt1 running interface eth3#! isis ipv4-routing true
rt1 running interface eth3# isis ipv6-routing true
rt1 running interface eth3# isis network-point-to-point true
rt1 running interface eth3# traffic-engineering
rt1 running traffic-engineering# .. ..
rt1 running routing# isis instance 1
rt1 running instance 1# traffic-engineering ipv4-router-address 1.1.1.1
rt1 running instance 1# traffic-engineering ipv6-router-address 1:1::1:1

rt2

rt2 running vrf main# routing
rt2 running routing# interface eth1
rt2 running interface eth1# isis area-tag 1
rt2 running interface eth1#! isis ipv4-routing true
rt2 running interface eth1# isis ipv6-routing true
rt2 running interface eth1# isis network-point-to-point true
rt2 running interface eth1# traffic-engineering
rt2 running traffic-engineering# .. ..
rt2 running routing# interface eth2
rt2 running interface eth2# isis area-tag 1
rt2 running interface eth2#! isis ipv4-routing true
rt2 running interface eth2# isis ipv6-routing true
rt2 running interface eth2# isis network-point-to-point true
rt2 running interface eth2# traffic-engineering
rt2 running traffic-engineering# .. ..
rt2 running routing# isis instance 1
rt2 running instance 1# traffic-engineering ipv4-router-address 2.2.2.2
rt2 running instance 1# traffic-engineering ipv6-router-address 2:2::2:2

rt3

rt3 running vrf main# routing
rt3 running routing# interface eth1
rt3 running interface eth1# isis area-tag 1
rt3 running interface eth1#! isis ipv4-routing true
rt3 running interface eth1# isis ipv6-routing true
rt3 running interface eth1# isis network-point-to-point true
rt3 running interface eth1# traffic-engineering
rt3 running traffic-engineering# .. ..
rt3 running routing# interface eth2
rt3 running interface eth2# isis area-tag 1
rt3 running interface eth2#! isis ipv4-routing true
rt3 running interface eth2# isis ipv6-routing true
rt3 running interface eth2# isis network-point-to-point true
rt3 running interface eth2# traffic-engineering
rt3 running traffic-engineering# .. ..
rt3 running routing# interface eth3
rt3 running interface eth3# isis area-tag 1
rt3 running interface eth3#! isis ipv4-routing true
rt3 running interface eth3# isis ipv6-routing true
rt3 running interface eth3# isis network-point-to-point true
rt3 running interface eth3# traffic-engineering
rt3 running traffic-engineering# .. ..
rt3 running routing# isis instance 1
rt3 running instance 1# traffic-engineering ipv4-router-address 3.3.3.3
rt3 running instance 1# traffic-engineering ipv6-router-address 3:3::3:3
rt3 running instance 1#

rt4

rt4 running vrf main# routing
rt4 running routing# interface eth1
rt4 running interface eth1# isis area-tag 1
rt4 running interface eth1#! isis ipv4-routing true
rt4 running interface eth1# isis ipv6-routing true
rt4 running interface eth1# isis network-point-to-point true
rt4 running interface eth1# traffic-engineering
rt4 running traffic-engineering# .. ..
rt4 running routing# interface eth2
rt4 running interface eth2# isis area-tag 1
rt4 running interface eth2#! isis ipv4-routing true
rt4 running interface eth2# isis ipv6-routing true
rt4 running interface eth2# isis network-point-to-point true
rt4 running interface eth2# traffic-engineering
rt4 running traffic-engineering# .. ..
rt4 running routing# isis instance 1
rt4 running instance 1# traffic-engineering ipv4-router-address 4.4.4.4
rt4 running instance 1# traffic-engineering ipv6-router-address 4:4::4:4
rt4 running instance 1#

The following command dumps the edge information from the TE database. As it can be seen, the relationship between SR information and adjacency IP addresses is expressed:

rt1

rt1# show isis segment-routing te-database detail
Area 1:
[..]
  Edge (176095235): 10.127.0.3  Adv. Vertex: 0007.e901.3333     Metric: 10      Status: Sync
    Origin: ISIS_L1
    Local IPv4 address: 10.127.0.3
    Remote IPv4 address: 10.127.0.4
    Maximum Bandwidth: 1.76258e+08 (Bytes/s)
    Maximum Reservable Bandwidth: 1.76258e+08 (Bytes/s)
    Unreserved Bandwidth per Class Type
        [0]: 1.76258e+08 (Bytes/sec)    [1]: 1.76258e+08 (Bytes/s)
        [2]: 1.76258e+08 (Bytes/sec)    [3]: 1.76258e+08 (Bytes/s)
        [4]: 1.76258e+08 (Bytes/sec)    [5]: 1.76258e+08 (Bytes/s)
        [6]: 1.76258e+08 (Bytes/sec)    [7]: 1.76258e+08 (Bytes/s)
    IPv4 Adjacency-SID: 33002   Flags: 0x30     Weight: 0x0

  Edge (176291841): 10.130.0.1  Adv. Vertex: 0007.e901.1111     Metric: 25      Status: Sync
    Origin: ISIS_L1
    Local IPv4 address: 10.130.0.1
    Remote IPv4 address: 10.130.0.3
    Maximum Bandwidth: 1.76258e+08 (Bytes/s)
    Maximum Reservable Bandwidth: 1.76258e+08 (Bytes/s)
    Unreserved Bandwidth per Class Type
        [0]: 1.76258e+08 (Bytes/sec)    [1]: 1.76258e+08 (Bytes/s)
        [2]: 1.76258e+08 (Bytes/sec)    [3]: 1.76258e+08 (Bytes/s)
        [4]: 1.76258e+08 (Bytes/sec)    [5]: 1.76258e+08 (Bytes/s)
        [6]: 1.76258e+08 (Bytes/sec)    [7]: 1.76258e+08 (Bytes/s)
    IPv4 Adjacency-SID: 32000   Flags: 0x30     Weight: 0x0
 [..]

The below configuration illustrates how the NAI segment list configuration is used. The traffic heading to the 4.4.4.4 IP address and which is colored is steered by using the adjacency label on the 10.130.0.0/24 network, then on the 10.127.0.0/24 network.

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# te-database import isis
rt1 running traffic-engineering# te-database enabled true
rt1 running traffic-engineering# policy color 5 endpoint 4.4.4.4
rt1 running policy color 5 endpoint 4.4.4.4# name 10_200_to_node4
rt1 running policy color 5 endpoint 4.4.4.4# candidate-path 20 type explicit name force_lsp_2 segment-list igp_lsp_2
rt1 running policy color 5 endpoint 4.4.4.4#! ..
rt1 running traffic-engineering#! segment-list igp_lsp_2
rt1 running segment-list igp_lsp_2# segment 10 nai adjacency source 10.130.0.1
rt1 running segment-list igp_lsp_2# segment 10 nai adjacency destination 10.130.0.3
rt1 running segment-list igp_lsp_2# segment 20 nai adjacency source 10.127.0.3
rt1 running segment-list igp_lsp_2# segment 20 nai adjacency destination 10.127.0.4
rt1 running segment-list igp_lsp_2#

The SR policy is updated and a new SID list is obtained:

rt1

rt1> show segment-routing te-policies detail
Endpoint: 4.4.4.4  Color: 5  Name: 10_200_to_node4  BSID: -  Status: Active
* Preference: 20  Name: force_lsp_2  Type: explicit  Segment-List: igp_lsp_2  Protocol-Origin: Unknown
    SID-list: 32000 33002

When the NAI type is used in segment list, then the MPLS values translated may vary over the time, since the TE information shared is periodically updated. Then, if there is a change in the SR network due to failover, the segment list is updated, and the changes are propagated to the SR policy.

Note

The segment list can be defined by a set of different segment types. For instance the first entry can be an MPLS label, while the second will be expressed by an IP adjacency.

Candidate paths using Flex-Algorithm

The below SR-TE configuration sets an IS-IS instance with the area-tag number 1 and with the Flex Algorithm configured with the identifier number 129:

rt1

rt1 running config# routing traffic-engineering affinity-map red bit-position 1
rt1 running config# routing traffic-engineering affinity-map green bit-position 0
rt1 running config# vrf main routing interface eth2
rt1 running interface eth2# traffic-engineering affinity-map green
rt1 running interface eth2# isis network-point-to-point true
rt1 running interface eth2# .. eth3
rt1 running interface eth3# traffic-engineering affinity-map red
rt1 running interface eth3# isis network-point-to-point true
rt1 running interface eth3# .. isis instance 1
rt1 running instance 1# traffic-engineering ipv4-router-address 1.1.1.1
rt1 running instance 1# flex-algorithm 129
rt1 running flex-algorithm 129#
rt1 running flex-algorithm 129# dataplane sr-mpls
rt1 running flex-algorithm 129# priority 150
rt1 running flex-algorithm 129# definition advertise true
rt1 running flex-algorithm 129# definition affinity exclude-any red
rt1 running flex-algorithm 129# definition affinity include-any green
rt1 running flex-algorithm 129# segment-routing prefix-sid-map 1.1.1.1/32 sid-value 110
rt1 running flex-algorithm 129# segment-routing prefix-sid-map 1.1.1.1/32 last-hop-behavior no-php

rt2

rt2 running config# routing traffic-engineering affinity-map red bit-position 1
rt2 running config# routing traffic-engineering affinity-map green bit-position 0
rt2 running config# vrf main routing interface eth1
rt2 running interface eth1# traffic-engineering affinity-map red
rt2 running interface eth1# isis network-point-to-point true
rt2 running interface eth1# .. eth2
rt2 running interface eth2# traffic-engineering affinity-map green
rt2 running interface eth2# isis network-point-to-point true
rt2 running interface eth2# .. isis instance 1
rt2 running instance 1# traffic-engineering ipv4-router-address 2.2.2.2
rt2 running instance 1# flex-algorithm 129
rt2 running flex-algorithm 129# dataplane sr-mpls
rt2 running flex-algorithm 129# segment-routing prefix-sid-map 2.2.2.2/32 sid-value 220
rt2 running flex-algorithm 129# segment-routing prefix-sid-map 2.2.2.2/32 last-hop-behavior no-php

rt3

rt3 running config# routing traffic-engineering affinity-map red bit-position 1
rt3 running config# routing traffic-engineering affinity-map green bit-position 0
rt3 running config# vrf main routing interface eth1
rt3 running interface eth1# traffic-engineering affinity-map green
rt3 running interface eth1# isis network-point-to-point true
rt3 running interface eth1# .. eth2
rt3 running interface eth2# traffic-engineering affinity-map green
rt3 running interface eth2# isis network-point-to-point true
rt3 running interface eth2# .. eth3
rt3 running interface eth3# traffic-engineering affinity-map green
rt3 running interface eth3# isis network-point-to-point true
rt3 running interface eth3# .. isis instance 1
rt3 running instance 1# traffic-engineering ipv4-router-address 3.3.3.3
rt3 running instance 1# flex-algorithm 129
rt3 running flex-algorithm 129# dataplane sr-mpls
rt3 running flex-algorithm 129# segment-routing prefix-sid-map 3.3.3.3/32 sid-value 330
rt3 running flex-algorithm 129# segment-routing prefix-sid-map 3.3.3.3/32 last-hop-behavior no-php

rt4

rt4 running config# routing traffic-engineering affinity-map red bit-position 1
rt4 running config# routing traffic-engineering affinity-map green bit-position 0
rt4 running config# vrf main routing interface eth2
rt4 running interface eth2# traffic-engineering affinity-map green
rt4 running interface eth2# isis network-point-to-point true
rt4 running interface eth2# .. isis instance 1
rt4 running instance 1# traffic-engineering ipv4-router-address 4.4.4.4
rt4 running instance 1# flex-algorithm 129
rt4 running flex-algorithm 129# dataplane sr-mpls
rt4 running flex-algorithm 129# segment-routing prefix-sid-map 4.4.4.4/32 sid-value 330
rt4 running flex-algorithm 129# segment-routing prefix-sid-map 4.4.4.4/32 last-hop-behavior no-php

See also

The following configuration creates an SR policy that follows the routing updates given by the Flexible Algorithm configured by IS-IS.

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# flex-algorithm import isis instance 1
rt1 running traffic-engineering# policy color 5 endpoint 4.4.4.4
rt1 running policy color 5 endpoint 4.4.4.4# name 10_200_to_node4
rt1 running policy color 5 endpoint 4.4.4.4# candidate-path 30 name force_lsp_3 type flex-algorithm algorithm 129
rt1 running policy color 5 endpoint 4.4.4.4#

The routing updates related to the 4.4.4.4 endpoint are propagated to the SR policy. The colored routes using the 4.4.4.4 nexthop as endpoint will use the provided segment-list.

rt1

rt1> show segment-routing te-policies detail
Endpoint: 1.1.1.1  Color: 1  Name:   BSID: 501  Status: Active
  * Preference: 30  Name: flex_algo  Type: flex-algo  Segment-List: flex_algo-fa-p10  Protocol-Origin: Local
      SID-list: 1440

rt1

rt1> show ipv4-routes protocol bgp
north-vm> show ipv-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

B>  10.200.0.0/24 [200/0] via 4.4.4.4 (recursive), weight 1, 00:28:45
  *                         via 10.130.0.3, eth2, label 1440, weight 1, 00:28:45

Flex-Algorithm candidate paths follow the segment list definition given by the IS-IS Flex-Algorithm definition. If there is a change in the SR network due to failover, then the Flex-Algorithm is informed, and propagates this change to the SR policy. For instance, when there is a failover on a link, a backup path may be put in place to repair the broken link, or the broken adjacency node.

Dynamic candidate paths using PCEP

Configuring a dynamic candidate path in a policy requires the head-end device acting as a PCC device, and configured to connect to a PCE controller. A PCE controller is added to the topology example, and rt1 will act as a PCC. The below figure can help:

../../../../_images/srte_basic_pcep.svg

Basic topology example to illustrate segment routing policies with a PCE controller.

The PCE controller implementation may support a large set of constraints. To illustrate, the PCE will be used to compute a path from rt1 to rt4 by considering how to minimize the cumulative traffic-engineering cost, and not exceeding a given traffic-engineering value.

The rt1 configuration is given below, with its PCE configuration. Also, all the participating devices in the IS-IS topology will have turned on traffic-engineering information. The link state information will include the traffic engineering metric of each link, and will be distributed to the PCE. The distribution part to the PCE is out of the scope of this chapter.

rt1

rt1 running config# vrf main
rt1 running vrf main# routing segment-routing
rt1 running segment-routing# enabled true
rt1 running segment-routing# traffic-engineering
rt1 running traffic-engineering# pcep
rt1 running pcep# pcc
rt1 running pcc# pce server1
rt1 running pce server1# server 192.168.10.5 port 4189
rt1 running pce server1# source 1.1.1.1 port 10001
rt1 running pce server1# priority 10
rt1 running pce server1# / vrf main interface physical eth1
rt1 running physical eth1#! port pci-b0s4
rt1 running physical eth1# ipv4 address 10.100.0.1/24
rt1 running physical eth1# .. physical eth2
rt1 running physical eth2#! port pci-b0s5
rt1 running physical eth2# ipv4 address 10.130.0.1/24
rt1 running physical eth2# .. physical eth3
rt1 running physical eth3#! port pci-b0s6
rt1 running physical eth3# ipv4 address 10.125.0.1/24
rt1 running physical eth3# .. loopback loop1
rt1 running loopback loop1# ipv4 address 1.1.1.1/32
rt1 running loopback loop1# / vrf main routing isis instance 1
rt1 running instance 1# area-address 49.0000.0007.e901.1111.00
rt1 running instance 1# is-type level-1
rt1 running instance 1# segment-routing enabled true
rt1 running instance 1# segment-routing msd node-msd 8
rt1 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt1 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt1 running instance 1# segment-routing label-blocks srlb lower-bound 32000
rt1 running instance 1#! segment-routing label-blocks srlb upper-bound 32999
rt1 running instance 1# segment-routing prefix-sid-map 1.1.1.1/32 sid-value-type index sid-value 11
rt1 running instance 1# segment-routing prefix-sid-map 1.1.1.1/32 last-hop-behavior no-php
rt1 running instance 1# .. .. interface loop1
rt1 running interface loop1# isis ipv4-routing true
rt1 running interface loop1#! isis ipv6-routing true
rt1 running interface loop1#! isis area-tag 1
rt1 running interface loop1# .. interface eth2
rt1 running interface eth2# traffic-engineering metric 10
rt1 running interface eth2# isis ipv4-routing true
rt1 running interface eth2#! isis ipv6-routing true
rt1 running interface eth2#! isis area-tag 1
rt1 running interface eth2# isis metric level-1 25
rt1 running interface eth2# .. interface eth3
rt1 running interface eth3# traffic-engineering metric 25
rt1 running interface eth3# isis ipv4-routing true
rt1 running interface eth3#! isis ipv6-routing true
rt1 running interface eth3#! isis area-tag 1
rt1 running interface eth3#

The full rt2 and rt3 configuration is given below. rt2 redistributes the route to reach the PCE controller.

rt2

rt2 running config# routing ipv4-access-list acl1 seq 10 permit 192.168.10.2/24
rt2 running config# routing route-map filter_192 seq 1 policy permit
rt2 running config# routing route-map filter_192 seq 1 match ip address access-list acl1
rt2 running config# vrf main
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s4
rt2 running physical eth1# ipv4 address 10.125.0.2/24
rt2 running physical eth1# .. physical eth2
rt2 running physical eth3#! port pci-b0s5
rt2 running physical eth3# ipv4 address 10.126.0.2/24
rt2 running physical eth3# .. physical eth4
rt2 running physical eth4#! port pci-b0s6
rt2 running physical eth4# ipv4 address 192.168.10.2/24
rt2 running physical eth4# .. loopback loop1
rt2 running loopback loop1# ipv4 address 2.2.2.2/32
rt2 running loopback loop1# / vrf main routing isis instance 1
rt2 running instance 1# area-address 49.0000.0007.e901.2222.00
rt2 running instance 1# is-type level-1
rt2 running instance 1# segment-routing enabled true
rt2 running instance 1# segment-routing msd node-msd 8
rt2 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt2 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt2 running instance 1# segment-routing label-blocks srlb lower-bound 30000
rt2 running instance 1#! segment-routing label-blocks srlb upper-bound 30999
rt2 running instance 1# segment-routing prefix-sid-map 2.2.2.2/32 sid-value-type index sid-value 22
rt2 running instance 1# segment-routing prefix-sid-map 2.2.2.2/32 last-hop-behavior no-php
rt2 running instance 1# redistribute ipv4 connected level-1 route-map filter_192
rt2 running instance 1# .. .. interface loop1
rt2 running interface loop1# isis ipv4-routing true
rt2 running interface loop1#! isis ipv6-routing true
rt2 running interface loop1#! isis area-tag 1
rt2 running interface loop1# .. interface eth1
rt2 running interface eth1# traffic-engineering metric 10
rt2 running interface eth1# isis ipv4-routing true
rt2 running interface eth1#! isis ipv6-routing true
rt2 running interface eth1#! isis area-tag 1
rt2 running interface eth1# .. interface eth2
rt2 running interface eth2# traffic-engineering metric 10
rt2 running interface eth2# isis ipv4-routing true
rt2 running interface eth2#! isis ipv6-routing true
rt2 running interface eth2#! isis area-tag 1
rt2 running interface eth2#

rt3

rt3 running config# vrf main
rt3 running vrf main# interface physical eth1
rt3 running physical eth1#! port pci-b0s4
rt3 running physical eth1# ipv4 address 10.130.0.3/24
rt3 running physical eth1# .. physical eth2
rt3 running physical eth2#! port pci-b0s5
rt3 running physical eth2# ipv4 address 10.126.0.3/24
rt3 running physical eth2# .. physical eth3
rt3 running physical eth3#! port pci-b0s5
rt3 running physical eth3# ipv4 address 10.127.0.3/24
rt3 running physical eth3# .. loopback loop1
rt3 running loopback loop1# ipv4 address 3.3.3.3/32
rt3 running loopback loop1# / vrf main routing isis instance 1
rt3 running instance 1# area-address 49.0000.0007.e901.3333.00
rt3 running instance 1# is-type level-1
rt3 running instance 1# segment-routing enabled true
rt3 running instance 1# segment-routing msd node-msd 8
rt3 running instance 1# segment-routing label-blocks srgb lower-bound 1000
rt3 running instance 1# segment-routing label-blocks srgb upper-bound 10000
rt3 running instance 1# segment-routing label-blocks srlb lower-bound 33000
rt3 running instance 1#! segment-routing label-blocks srlb upper-bound 33999
rt3 running instance 1# segment-routing prefix-sid-map 3.3.3.3/32 sid-value-type index sid-value 33
rt3 running instance 1# segment-routing prefix-sid-map 3.3.3.3/32 last-hop-behavior no-php
rt3 running instance 1# .. .. interface loop1
rt3 running interface loop1# isis ipv4-routing true
rt3 running interface loop1#! isis ipv6-routing true
rt3 running interface loop1#! isis area-tag 1
rt3 running interface loop1# .. interface eth1
rt3 running interface eth1# traffic-engineering metric 25
rt3 running interface eth1# isis ipv4-routing true
rt3 running interface eth1#! isis ipv6-routing true
rt3 running interface eth1#! isis area-tag 1
rt3 running interface eth1# isis metric level-1 25
rt3 running interface eth1# .. interface eth2
rt3 running interface eth2# traffic-engineering metric 10
rt3 running interface eth2# isis ipv4-routing true
rt3 running interface eth2#! isis ipv6-routing true
rt3 running interface eth2#! isis area-tag 1
rt3 running interface eth2# .. interface eth3
rt3 running interface eth3# traffic-engineering metric 10
rt3 running interface eth3# isis ipv4-routing true
rt3 running interface eth3#! isis ipv6-routing true
rt3 running interface eth3#! isis area-tag 1
rt3 running interface eth3#

Colored traffic from rt1 to rt4 will be steered by using a dynamic candidate path which will consider how to minimize the traffic engineering cost. A path computation request will be sent to the PCE with the metric and objective-function objects.

rt1

rt1 running config# vrf main
rt1 running vrf main# routing segment-routing
rt1 running segment-routing# enabled true
rt1 running segment-routing# traffic-engineering
rt1 running traffic-engineering# mpls-te-database import isis
rt1 running import isis# ..
rt1 running mpls-te-database# enabled true
rt1 running mpls-te-database# ..
rt1 running traffic-engineering# policy color 5 endpoint 4.4.4.4
rt1 running policy color 5 endpoint 4.4.4.4# name 10_200_to_node4
rt1 running policy color 5 endpoint 4.4.4.4# candidate-path 30
rt1 running candidate-path 30# name pcep_lsp
rt1 running candidate-path 30# type dynamic
rt1 running candidate-path 30# metric cumulative-traffic-engineering-cost
rt1 running metric cumulative-traffic-engineering-cost#! value 60
rt1 running metric cumulative-traffic-engineering-cost# bound true
rt1 running metric cumulative-traffic-engineering-cost# ..
rt1 running candidate-path 30# objective-function constraint minimum-cost-path required true
rt1 running candidate-path 30#

The metric constraint stands for the metric value the PCE should not exceed when computing a path. By default, when used, this constraint is required by the PCE for computation. It is possible to convey multiple metric definitions on the same candidate-path. Some options are possible for all metric definitions:

  • The PCC can opt to set this value as optional, either by setting the required keyword to false, or by setting the bound keyword to false. If the bound value is set to false, the PCE will not be forced to use this metric value in its computation.

  • The PCC can opt to request the computed value in the reply message sent back by the PCE, by setting the computed keyword to true.

The objective-function determines a specific optimization criteria. For instance, it may indicate to the PCE that the PCC wants to minimize a given cost, like the traffic-engineering metric, when computing an LSP. The required keyword can be set to true, to mandate the PCEP to rely on that function.

The PCE receives the path computation request, computes a path for the passed policy, by using the objective-function and the metric information. Assuming the PCE found an LSP path for the policy, it sends back a positive path computation reply with a proposed LSP in the explicit route object (ERO) of the reply. The PCC forges a segment-list from the ERO, installs the LSP policy with its segment-list, and activates the 10_200_to_node4 policy.

rt1

rt1> show segment-routing te-policies detail
Endpoint: 4.4.4.4  Color: 1  Name: 10_200_to_node4  BSID: -  Status: Active
  * Preference: 30  Name: pcep_lsp  Type: dynamic  Segment-List: (created by PCE)  Protocol-Origin: PCEP
      SID-list: 1033 1044

BSID configuration

BSID stands for the SID value that uniquely identifies an SR policy. For SR MPLS dataplanes, this value is an MPLS label. The BSID is used to perform switching operations on the local device, instead of doing routing operations: the incoming traffic having that MPLS value will be steered by the corresponding SR policy, and the BSID will be popped and replaced by the segment-list of the active candidate-path.

It is recommended to configure the BSID for each SR policy, like shown below:

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# policy color 5 endpoint 4.4.4.4
rt1 running policy color 5 endpoint 4.4.4.4# binding-sid 600
rt1 running policy color 5 endpoint 4.4.4.4#

BSID helps for scaling, as it is used to extend the MPLS networks to upstream devices. The below figure shows an upstream router that want to stick its traffic to a given SR policy:

../../../../_images/srte_basic_upstream_router.svg

Usage of traffic engineering in segment routing with an MPLS based upstream device

After having configured the return route, and having configured the BSID on the upstream router, if the SR policy has an active candidate path, then an MPLS entry will be added, and will switch the incoming traffic with the segment-list of the SR policy.

rt1

rt1 running vrf main# interface physical eth1
rt1 running interface eth1# port pci-b0s4
rt1 running interface eth1# ipv4-address 10.100.0.1/24
rt1 running interface eth1# .. ..
rt1 running vrf main# routing static ipv4-route 10.101.0.0/24 next-hop 10.100.0.20 mpls-label 3
rt1 running vrf main#

upstream-router

upstream-router running vrf main# interface physical eth1
upstream-router running interface eth1# port pci-b0s5
upstream-router running interface eth1# ipv4-address 10.101.0.20/24
upstream-router running interface eth1# .. ..
upstream-router running vrf main# interface physical eth0
upstream-router running interface eth0# port pci-b0s4
upstream-router running interface eth0# ipv4-address 10.100.0.20/24
upstream-router running interface eth0# .. ..
upstream-router running vrf main# routing ipv4-route 10.200.0.0/24 next-hop 10.100.0.1 mpls-label 600
upstream-router running vrf main#

rt1

rt0> show mpls table
 Inbound Label  Type        Nexthop   Outbound Label
 -----------------------------------------------------
 600            SR-TE       10.125.0.2  1033/1044
 [..]

With multiple SR policies having a unique BSID, the isolation is guaranteed for MPLS traffic.

Triggered policies

The below drawing illustrates a topology involving multiple PEs connected with BGP. SR policies need to be implemented locally between each BGP node.

../../../../_images/srte_multi.svg

Using BGP triggered policies to ease segment routing policing

The use case depicts colored BGP routes; associated traffic needs to follow a defined SR policy relying on flex algorithm instead of the regular routing rules provided by the main SPF algorithm of the IGP.

Using the configurations proposed in Flex Algo Candidate-path configuration chapter will work, but will not be scalable from the configuration perspective.

The proposed solution relies on using a template policy. It consists of a policy indexed by color that includes a Flex Algorithm candidate path. When BGP receives a colored route with a given next hop, and that color matches the color of the policy-template, then a dynamic SR policy will be instantiated for the given next hop and color.

The below configuration is proposed:

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# flex-algorithm import isis instance 1
rt1 running traffic-engineering# triggered-policies policy-template color 5
rt1 running policy-template color 5# name for_color_5
rt1 running policy-template color 5# candidate-path 30 name fa129 type flex-algorithm algorithm 129
rt1 running policy-template color 5#

Each dynamic policy will be defined with a configured color, and the next-hop resulting from the incoming BGP update. In addition, a binding SID value will be associated with that policy, obtained from label values ranging from 24000 to 25999. When triggered-policies is used, this label range is statically reserved for this usage; anyway, it can be reconfigured by using the following command:

rt1

rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# flex-algorithm import isis instance 1
rt1 running traffic-engineering# triggered-policies policy-template color 5
rt1 running traffic-engineering# triggered-policies binding-sid-range lower-bound 17000 upper-bound 17500
rt1 running traffic-engineering#