ISIS Segment Routing¶
Segment routing (SR) is used by the IGP protocols to interconnect network devices. This chapter explains how to configure SR in IS-IS protocol, by using an MPLS dataplane.
IS-IS SR basic configuration¶
The below configuration shows how to enable SR service on the IS-IS instance
of the main VRF.
vsr running config# vrf main
vsr running vrf main# routing interface loop1
vsr running interface loop1# isis area-tag 1
vsr running interface loop1# isis ipv4-routing true
vsr running interface loop1# .. ..
vsr running vrf main# routing isis instance 1
vsr running isis# area-address 49.0002.0000.1979.00
vsr running isis#! segment-routing enabled true
vsr running isis# segment-routing prefix-sid-map 1.1.1.1/32
vsr running prefix-sid-map 1.1.1.1/32# sid-value 100
vsr running vrf main# interface physical eth0
vsr running physical eth0#! ipv4 address 10.125.0.1/24
vsr running physical eth0#! port pci-b0s4
vsr running physical eth0# .. ..
vsr running vrf main# interface loopback loop1
vsr running loopback loop1# ipv4 address 1.1.1.1/32
vsr running loopback loop1#
The SID value has to be configured for each device. A loopback IP address is generally used for that. The prefix SID value is picked up from a global block of MPLS labels. The value is transmitted as an index value in the LSP packets. The indexes received are translated into MPLS labels within the global block configuration of the device.
Note
Using an index value is flexible when remote devices participating in the SR network do not have the same global pool configured. If the global pools are all the same, then the prefix-sid-map can also be configured as an absolute value.
vsr running isis# segment-routing prefix-sid-map 1.1.1.1/32
vsr running prefix-sid-map 1.1.1.1/32# sid-value-type absolute
vsr running prefix-sid-map 1.1.1.1/32# sid-value 16050
The SR global block range can be redefined to align with the pool of other
devices. By default, the lower and the upper bounds are respectively set to
16000 and 23999.
vsr running vrf main# routing isis instance 1
vsr running isis# area-address 49.0002.0000.1979.00
vsr running isis#! segment-routing enabled true
vsr running isis# segment-routing label-blocks
vsr running label-blocks# srgb lower-bound 18000
vsr running label-blocks# srgb upper-bound 19000
vsr running label-blocks#
The following output displays the segment routing nodes, along with the defined label ranges received from LSPs packets.
vsr> show isis segment-routing node
Area 1:
IS-IS L1 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
--------------------------------------------------------------
0002.0000.1979 18000 - 19000 15000 - 15999 SPF 0
0002.0000.1994 18000 - 19000 15000 - 15999 SPF 10
Note
The last column stands for the maximum SID depth (MSD) and defines the maximum number of labels that can be stacked by the SR MPLS dataplane. This option is used by controllers performing traffic engineering and handling adjacency labels. This value can be configured:
vsr running isis# segment-routing msd node-msd 10
vsr running isis#
The following output displays the IS-IS prefix SID values configured on the
network. For instance, to reach the remote 1.1.1.1 IP address, the router
has to pop the 18642 label from the packet, before sending it.
vsr> show isis route prefix-sid
Area 1:
IS-IS L1 IPv4 routing table:
Prefix Metric Interface Nexthop SID Label Op.
----------------------------------------------------------------
2.2.2.2/32 20 eth0 10.125.0.1 642 Pop(18642)
1.1.1.1/32 0 - - - -
[..]
Segment routing setup example¶
The below topology will be used to illustrate segment routing setup made up of
4 devices, and where traffic entering rt1 will be directed to rt4.
The configuration is given below for each device.
rt1
rt1 running config# / vrf main interface physical eth3 port pci-b0s6
rt1 running config# / vrf main interface physical eth3 ipv4 address 10.125.0.1/24
rt1 running config# / vrf main interface physical eth1 port pci-b0s4
rt1 running config# / vrf main interface physical eth1 ipv4 address 10.100.0.1/24
rt1 running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
rt1 running config# / vrf main routing interface loop1 isis area-tag 1
rt1 running config#! / vrf main routing interface loop1 isis ipv4-routing true
rt1 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt1 running config#! / vrf main routing interface eth3 isis area-tag 1
rt1 running config#! / vrf main routing interface eth3 isis ipv4-routing true
rt1 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt1 running config#! / vrf main routing isis instance 1 is-type level-1
rt1 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
rt1 running config# / vrf main routing isis instance 1 segment-routing enabled true
rt1 running config# / vrf main routing isis instance 1 segment-routing label-blocks srgb lower-bound 1000 upper-bound 10000
rt1 running config# / vrf main routing isis instance 1 segment-routing label-blocks srlb lower-bound 32000 upper-bound 32999
rt1 running config# / vrf main routing isis instance 1 segment-routing msd node-msd 8
rt1 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 1.1.1.1/32 sid-value 11
rt1 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 1.1.1.1/32 last-hop-behavior no-php
rt2
rt2 running config# / vrf main interface physical eth1 port pci-b0s4
rt2 running config# / vrf main interface physical eth1 ipv4 address 10.125.0.2/24
rt2 running config# / vrf main interface physical eth2 port pci-b0s5
rt2 running config# / vrf main interface physical eth2 ipv4 address 10.126.0.2/24
rt2 running config# / vrf main interface loopback loop1 ipv4 address 2.2.2.2/32
rt2 running config# / vrf main routing interface loop1 isis area-tag 1
rt2 running config#! / vrf main routing interface loop1 isis ipv4-routing true
rt2 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth1 isis area-tag 1
rt2 running config#! / vrf main routing interface eth1 isis ipv4-routing true
rt2 running config#! / vrf main routing interface eth1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth2 isis area-tag 1
rt2 running config#! / vrf main routing interface eth2 isis ipv4-routing true
rt2 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt2 running config#! / vrf main routing isis instance 1 is-type level-1
rt2 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.2222.00
rt2 running config# / vrf main routing isis instance 1 segment-routing enabled true
rt2 running config# / vrf main routing isis instance 1 segment-routing label-blocks srgb lower-bound 1000 upper-bound 10000
rt2 running config# / vrf main routing isis instance 1 segment-routing label-blocks srlb lower-bound 30000 upper-bound 30999
rt2 running config# / vrf main routing isis instance 1 segment-routing msd node-msd 8
rt2 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 2.2.2.2/32 sid-value 22
rt2 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 2.2.2.2/32 last-hop-behavior no-php
rt3
rt3 running config# / vrf main interface physical eth3 port pci-b0s6
rt3 running config# / vrf main interface physical eth3 ipv4 address 10.127.0.3/24
rt3 running config# / vrf main interface physical eth2 port pci-b0s5
rt3 running config# / vrf main interface physical eth2 ipv4 address 10.126.0.3/24
rt3 running config# / vrf main interface loopback loop1 ipv4 address 3.3.3.3/32
rt3 running config# / vrf main routing interface loop1 isis area-tag 1
rt3 running config#! / vrf main routing interface loop1 isis ipv4-routing true
rt3 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth2 isis area-tag 1
rt3 running config#! / vrf main routing interface eth2 isis ipv4-routing true
rt3 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth3 isis area-tag 1
rt3 running config#! / vrf main routing interface eth3 isis ipv4-routing true
rt3 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt3 running config#! / vrf main routing isis instance 1 is-type level-1
rt3 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.3333.00
rt3 running config# / vrf main routing isis instance 1 segment-routing enabled true
rt3 running config# / vrf main routing isis instance 1 segment-routing label-blocks srgb lower-bound 1000 upper-bound 10000
rt3 running config# / vrf main routing isis instance 1 segment-routing label-blocks srlb lower-bound 33000 upper-bound 33999
rt3 running config# / vrf main routing isis instance 1 segment-routing msd node-msd 8
rt3 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 3.3.3.3/32 sid-value 33
rt3 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 3.3.3.3/32 last-hop-behavior no-php
rt4
rt4 running config# / vrf main interface physical eth2 port pci-b0s5
rt4 running config# / vrf main interface physical eth2 ipv4 address 10.127.0.4/24
rt4 running config# / vrf main interface physical eth1 port pci-b0s4
rt4 running config# / vrf main interface physical eth1 ipv4 address 10.200.0.4/24
rt4 running config# / vrf main interface loopback loop1 ipv4 address 4.4.4.4/32
rt4 running config# / vrf main routing interface loop1 isis area-tag 1
rt4 running config#! / vrf main routing interface loop1 isis ipv4-routing true
rt4 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt4 running config#! / vrf main routing interface eth2 isis area-tag 1
rt4 running config#! / vrf main routing interface eth2 isis ipv4-routing true
rt4 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt4 running config#! / vrf main routing isis instance 1 is-type level-1
rt4 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.4444.00
rt4 running config# / vrf main routing isis instance 1 segment-routing enabled true
rt4 running config# / vrf main routing isis instance 1 segment-routing label-blocks srgb lower-bound 1000 upper-bound 10000
rt4 running config# / vrf main routing isis instance 1 segment-routing label-blocks srlb lower-bound 31000 upper-bound 31999
rt4 running config# / vrf main routing isis instance 1 segment-routing msd node-msd 8
rt4 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 4.4.4.4/32 sid-value 44
rt4 running config# / vrf main routing isis instance 1 segment-routing prefix-sid-map 4.4.4.4/32 last-hop-behavior no-php
The below command dumps the devices that participate in the SR topology:
rt1> show isis segment-routing node
Area 1:
IS-IS L1 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
-------------------------------------------------------------
0007.e901.1111 1000 - 10000 32000 - 32999 SPF 8
0007.e901.2222 1000 - 10000 30000 - 30999 SPF 8
0007.e901.3333 1000 - 10000 33000 - 33999 SPF 8
0007.e901.4444 1000 - 10000 31000 - 31999 SPF 8
IS-IS L2 SR-Nodes:
The MPLS labels is provisioned with the prefix SIDs configured on each
device. The last entry is the local adjacency label provisioned on the ‘eth3’
interface to reach the rt2 device next to the rt1 device.
rt1> show mpls table
Inbound Label Type Nexthop Outbound Label
---------------------------------------------------------------------
1011 SR (IS-IS) lo -
1022 SR (IS-IS) 10.125.0.2 1022
1033 SR (IS-IS) 10.125.0.2 1033
1044 SR (IS-IS) 10.125.0.2 1044
32000 SR (IS-IS) 10.125.0.2 implicit-null
32001 SR (IS-IS) fe80::dced:1ff:fe0a:e8cb implicit-null
If the BGP service is configured between the rt1 and the rt4 devices,
then the BGP routes will inherit the prefix SIDs values to reach
each other.
rt1
rt1 running config# / vrf main routing bgp as 65500
rt1 running config# / vrf main routing bgp router-id 1.1.1.1
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 remote-as 65500
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 update-source loop1
rt1 running config# / vrf main routing bgp address-family ipv4-unicast network 10.100.0.0/24
rt4
rt4 running config# / vrf main routing bgp as 65500
rt4 running config# / vrf main routing bgp router-id 4.4.4.4
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 remote-as 65500
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 update-source loop1
rt4 running config# / vrf main routing bgp address-family ipv4-unicast network 10.200.0.0/24
rt1> show ipv4-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, N - NHRP, T - Table
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
B> 10.200.0.0/24 [200/0] via 4.4.4.4 (recursive), weight 1, 00:00:02
* via 10.125.0.2, eth3, label 1044, weight 1, 00:00:02
1 routes displayed.
Interconnect L3VPN networks¶
A similar topology is used to depict how an SR network conveys some L3VPN
traffic. The rt1 and rt4 devices are used to interconnect two L3VRFs
located behind each of the devices.
The below configuration is added to the configuration of the above chapter. The configuration in the Segment routing setup example can be extended as follows:
rt1
rt1 running config# del / vrf main interface physical eth1
rt1 running config# del / vrf main routing bgp
rt1 running config# / vrf main routing bgp as 65500
rt1 running config# / vrf main routing bgp router-id 1.1.1.1
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 remote-as 65500
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 update-source loop1
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 address-family ipv4-unicast enabled false
rt1 running config# / vrf main routing bgp neighbor 4.4.4.4 address-family ipv4-vpn enabled true
rt1 running config# / vrf main routing bgp address-family ipv4-unicast network 10.100.0.0/24
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 table-id 10
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 interface physical eth1 port pci-b0s4
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 interface physical eth1 ipv4 address 10.100.0.1/24
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast redistribute connected
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export vpn true
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export label 103
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export route-target 65500:1
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export route-distinguisher 65500:1
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn import vpn true
rt1 running network 10.100.0.0/24#! / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn import route-target 65500:1 route-target 65500:4
rt1 running network 10.100.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast network 10.100.0.0/24
rt4
rt4 running config# del / vrf main interface physical eth1
rt4 running config# del / vrf main routing bgp
rt4 running config# / vrf main routing bgp as 65500
rt4 running config# / vrf main routing bgp router-id 4.4.4.4
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 remote-as 65500
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 update-source loop1
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 address-family ipv4-unicast enabled false
rt4 running config# / vrf main routing bgp neighbor 1.1.1.1 address-family ipv4-vpn enabled true
rt4 running config# / vrf main routing bgp address-family ipv4-unicast network 10.200.0.0/24
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 table-id 10
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 interface physical eth1 port pci-b0s4
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 interface physical eth1 ipv4 address 10.200.0.1/24
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast redistribute connected
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export vpn true
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export label 102
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export route-target 65500:4
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn export route-distinguisher 65500:4
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn import vpn true
rt4 running network 10.200.0.0/24#! / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast l3vpn import route-target 65500:1 route-target 65500:4
rt4 running network 10.200.0.0/24# / vrf main l3vrf l3vrf1 routing bgp address-family ipv4-unicast network 10.200.0.0/24
An L3VPN route is learnt on the rt1 device to reach the 10.200.0.0/24
network. To reach the rt4 device, the SR label is used to calculate
the route where traffic between the L3VRFs will be steered:
rt1> show ipv4-routes l3vrf l3vrf1 protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, N - NHRP, T - Table
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF l3vrf1:
B> 10.200.0.0/24 [200/0] via 4.4.4.4 (l3vrf default) (recursive), label 102, weight 1, 00:00:00
* via 10.125.0.2, eth3 (l3vrf default), label 1044/102, weight 1, 00:00:00
1 routes displayed.