SR Srte Pce

SR+SRTE+PCE
LACNIC32 / LACNOG 2019

Agenda
1 Segment Routing Recap
2 Segment Routing Traffic Engineer Fundamentals
3 PCE based SRTE Policy Architecture
4 SR + SRTE + PCE Configuration
5 Lab : SR + Basic SRTE + PCE
© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

What everyone agrees SP (and everyone else) should
do … more or less …
Simplify Automate Virtualize Program
Agile + DevOps
New business capabilities built on the network as the platform;

Enabling customers to achieve business outcomes faster with ruthless
ease
Segment Routing – Technology Overview
Node SID Peering SID (EPE)

Adjacency SID Anycast SID Binding SID
(Prefix SID)
Locally Significant Globally or Locally
Globally Significant Globally Significant Locally Significant
Unidirectional Significant
24123
16001 16003 16005
24010 24035
24012 24034 24010
16002 16004 16006
24024 24045

IGP Prefix Segment
• Shortest-path to the IGP prefix

– Equal Cost MultiPath (ECMP)-aware
16004
• Global Segment
• Label = 16000 + Index
1 2
– Advertised as index 16004
• Distributed by ISIS/OSPF
16004 16004
5
16004
16004
3 4
1.1.1.4/32
16004
All nodes use default SRGB
16,000 – 23,999

IGP Adjacency Segment
• Forward on the IGP adjacency

Adj to 5
• Local Segment 24025

• Advertised as label value
1 2
• Distributed by ISIS/OSPF Adj to 4
24024
5
3 4
All nodes use default SRGB

16,000 – 23,999

Anycast Prefix Segment
• Same prefix advertised

by multiple nodes 100
12
• Traffic is forwarded to 10
2 4
one of the Anycast
1
prefix-SIDs based on 7
best IGP path 13 16100
• If primary node fails, 3 6 5

traffic is auto re-routed
to the other node 11 100
14
DC (BGP-SR) WAN (IGP-SR) PEER

Binding-SID (BSID) is fundamental
• The BSID of the SR Policy selected path is installed in the forwarding table
• Binding Segment is a fundamental building block of SRTE
• The Binding Segment is a local segment
• Each SRTE Policy is associated 1-for-1 with a Binding-SID
• Remote steering SID-
BSID
list
– A packet arriving on the SR Policy head-end with
the BSID as Active Segment (top of label stack) is
steered into the SR Policy associated with the BSID
• Local steering Prefix
– A packet that matches a forwarding entry that
resolves on the BSID of an SR Policy is steered SID-
into that SR Policy BSID
list

Segment Routing – Technology Overview
Globally unique Prefix-SID identifies the router
Locally unique Adjacency-SID identifies link on a router
Simple extension to IS-IS or OSPF to propagate SIDs through the

network
SID is used as label in MPLS-SR
Builds & Maintains ”Segment”

Agenda

Segment Routing TE
Fundamentals

SRTE Ground Rules
New CLI Construct “SRTE Policy” - No more tunnels
Policy Instantiation Different ways to instantiation on Headend
Automated Steering Traffic Steered into policy by using “Color”
External Path Interact with Applications for network transport

Computation programmability

SRTE Policy Identification
• An SR policy is uniquely identified by a tuple
Head End Where the SR Policy is instantiated (implemented) H

Numeric value to differentiate multiple SRTE Policies
Color between the same pair of nodes
C
Endpoint Destination of the SR Policy E

SRTE Policy Identification
H C E
Red
Green
Blue
16001 16003 16005
24010 24035
24012 24034 24010
16002 16004 16006
24024 24045

RSVP-TE vs SR-TE Tunnels
R6
16003
R3
16004 16005
R1 R2 R4 R5
R7
16003 16003
16004 16004 16004
SR Tunnel Path 16005 16005 16005 16005
Data Data Data Data Data Data
Desired Path: T: 100

IN: 16003
R6
T: 100 T: 100 T: 100 T: 100
R3-R4-R5 IN IN: 22002
OUT: 24034
R3
IN: 24034
OUT: 16005
IN: 16005
OUT
OUT: 22002 OUT: 16003
R1 R2 R4 R5
R7
RSVP Tunnel 22002 16003 24034 16005

Path Data Data Data Data Data Data

SR-TE Tunnels Benefits
R6
16003
R3
16004 16005
R1 R2 R4 R5
R7
SR Tunnel 16004
16005
16004
16005
16004
16005 16005
Data Data Data Data Data Data
Path
Using lable stack,
full TE path No Additional state
Implicitly able to
programmed at maintained in Mid-
source (SDN use ECMP
Point (Scalability!!)
friendly!)
SR-TE RSVP-TE
TE state only at head-end Yes No
Engineered for SDN Yes Yes/No
ECMP-capability for TE Yes No

SRTE Policy
SID-List 1-1
Cpath 1, Pref X Weigh 1-1
Binding SID Learnt from:
SID-List 1-2 • Explicit Local
Weigh 1-2 • Dynamic Local
SRTE Policy Cpath 2, Pref Y • Dynamic PCE
Binding SID SID-List 2-1
Weigh 2-1
• Identified by • Programmed in FIB

Unique: • Chosen based on Preference
simultaneously
• Valid if: Any of the SID-list is valid
(Head-End + Color + • Load-balanced based on
• Identified by: Binding SID (Auto)
End-Point) • Weight
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Agenda

Centralized Control for SRTE – Building Blocks
BGP Link State (BGP-LS)
Path Computation Element Protocol (PCEP)
Segment Routing Path Computation Element (SR PCE)
Centralized Knowledge of IGP Database

• IGP Database knowledge contained
in IGP domains
• IGP DB is Distributed into new BGP
NLRI
• BGP Carries the information to
Central Controller 20

BGP Link State - Overview
TE
DB
• Build TE-DB for Multi-area Optimal Path Computation
• Scalable Solution is BGP, not IGP. SR-PCE
• BGP is less chatty

BGP-LS
• Can carry multiple IGP domains
BGP-LS BGP-LS
• BGP-LS is an address-family
• afi=16388, safi=71 RR
• Defined to carry IGP link-state database via BGP

• Supports both IS-IS and OSPF
• Delivers topology information to outside agents
SR PCE Implementation
• SR PCE runs as IOS XR feature

• deployed as a virtual machine (VM) instance on x86 server
• UCS server recommended
• Virtual device Cisco IOS XR XRv 9000
• XRV9000 image
IOS XRv 9000
• VRR License + SR-PCE License
HyperVisor
Physical HW (x86)
Path computation algorithm is the SAME for Headend and PCE.

However SR-PCE may offer a broader view and additional North bound capabilities
Agenda
4 SR + SRTE + PCE Configurations

SR + SRTE + PCE Configurations

Segment Routing – Configuration Concepts
• Configured under IGP Routing Protocol

• Requires: Enabling SR & Configuring Prefix-SID
• Configure “Absolute Value” or “Index”
• Optional: Configure SR-Global-Block (SRGB).
• Default 16000 – 23999 (higher in newer versions)
• SRGB & Index advertised using IGP
SRGB Index SID
16000 4 16004
• Result: No LDP Needed for label distribution

Segment Routing Configuration Example – ISIS
Wide Metrics
router isis 1
address-family ipv4 unicast
metric-style wide
segment-routing mpls sr-prefer enable SR IPv4 control plane and SR
MPLS data plane on all ipv4
!
interfaces in this IS-IS instance
interface Loopback0
passive
prefix-sid index 1
! Ipv4 Prefix-SID value for loopback0
(Index translate to 16001 absolute
value)
Segment Routing Configuration Example – OSPF
router ospf 1
enable SR IPv4 control plane and SR
router-id 1.1.1.1
MPLS data plane on all ipv4
segment-routing mpls
interfaces in this IS-IS instance
area 0
interface Loopback0
passive enable
prefix-sid index 1
! Ipv4 Prefix-SID value for loopback0
! (Index translate to 16001 absolute
! value)
Segment Routing Configuration Example
segment-routing
Enable SRTE
traffic-eng
policy POLICY1
color 20 end-point ipv4 1.1.1.4 Local Configured SRTE Policy
binding-sid mpls 1000
candidate-paths
preference 100 Color (C) & End-Point (E)
dynamic mpls
metric
type te Binding SID for Selected C-Path
affinity
exclude-any red Candidate Path List
!
preference 50
explicit segment-list SIDLIST1 Candidate Path Preference
!
segment-list name SIDLIST1
index 10 mpls label 16002
SR-PCE Configuration

BGP Link State Configuration Sample
IS-IS Level 1 IS-IS Level 2 IS-IS Level 1

C
1
ABR ABR
Metro Area 01 Core Network Metro Area 02
SR-
Apps Apps
PCE
Redistribute IGP Link State Advertise via BGP-LS

router isis 100 router bgp 65000
net 49.1921.5500.0004.00 address-family link-state link-state
distribute link-state neighbor 192.168.0.15
remote-as 65000
update-source Loopback0
!
address-family link-state link-state
route-reflector-client

PCEP Client and Server Configuration
IS-IS Level 1 IS-IS Level 2 IS-IS Level 1

C
1
ABR ABR
Metro Area 01 Core Network Metro Area 02
SR-
Apps Apps
PCE
PCE Client Configuration PCE Server Configuration

segment-routing pce
traffic-eng address ipv4 6.1.1.100 à Enable PCE Server
pcc rest à Option, Enable Application Access
source-address ipv4 6.1.1.1
peer ipv4 6.1.1.1 à Optional, required for
pce address ipv4 6.1.1.100 precedence 100
Remote SR Policy
Instantiation

PCE Computed or Instantiated SR Policy Example
Head End Configured, PCE Computed SR

PCE Instantiated SR Policy Example *
Policy Example*
segment-routing pce
traffic-eng segment-routing
policy 25 traffic-eng
color 25 end-point ipv4 192.168.0.15 peer ipv4 192.168.0.25
candidate-paths policy 25
color 25 end-point ipv4 192.168.0.15
preference 100
candidate-paths
dynamic preference 100
pcep dynamic mpls
metric metric
te (could be IGP or Delay as well) type igp
segment-routing RP/0/0/CPU0:PE25#sh segment-routing traffic-eng policy

traffic-eng Name: pcep_25 (Color: 25, End-point: 192.168.0.15)
on-demand color 25 Status:
Admin: up Operational: up for 00:01:44
dynamic Candidate-paths:
metric Auto-policy info:
type te Creator: PCEP

Agenda
2 Segment Routing Traffic Engineer Basics

Lab : SR + Basic SRTE + PCE

Lab Topology Overview
6.1.1.101 6.1.1.100
G0/ 6.1.1.4 RR
SR-PCE1 0
G0 /5 0
6.1.1.2 /7 G0 G0/ 6.1.1.6 6.1.1.8
G0/0 G0/3 G0/0 G0/0 G0/3 G0/0
R2 R4 R6 R8 G0
/3 /3
G0
G0
G0
G0
/2
/4
/2
G0/1
G0/2
G0/1
G0/1
/2
/5
G0
G0
/1
G0
0 G0
6.1.1.1 G0 /0 6.1.1.10
R1 R10
/1
G0
G0
/1
G0/1
G0/2
G0/0
G0/0
G0
G0
/5
G0
/1
/2
G0
G0
/4
/2
G0
/3
/2
G0
/3
G0/3 G0
R3 G0/0 R5 G0/0 G0/1 R7 G0/3 G0/1 R9
6.1.1.3 6.1.1.7 6.1.1.9
Next Hop Self Next Hop Self

E2E (R1 ßà R10) L3VPN Service
6.1.1.101 6.1.1.100
XTC1 RR
G0/
/0
G0
0
G0
/6
6.1.1.2 6.1.1.6 6.1.1.8
G0
/7
G0/0 G0/3 G0/0 G0/0 G0/3 G0/0
R2 R4 R6 R8 G0
/3 /3
G0
G0
G0
G0
/2
/4
/2
G0/1
G0/2
G0/1
G0/1
/2
/5
G0
G0
G0
/1
6.1.1.1 /1 G0 6.1.1.10
G0 /0
Access Core Access
R1 ISIS L1 R10
ISIS L1 ISIS L2
/1
G0
G0
/0
G0/1
G0/2
G0/0
G0/0
G0
/5
G0
G0
/1
/2
G0
G0
/4
G0
/3
/2
/2
G0
/3
G0/3 G0
R3 G0/0 R5 G0/0 G0/1 R7 G0/3 G0/1 R9
6.1.1.3 6.1.1.9
G0/6
6.1.1.7
int gig 0/0/0/2

int gig 0/0/0/2
G0/0
vrf C-Blue
vrf C-Blue
ipv4 address 1.0.0.6 /24 XTC2 ipv4 address 2.0.0.6 /24
6.1.1.102

Task 1: Check ISIS Routing Table
• Notice that we don’t have connectivity between R1 and R10.
• The purpose of this lab exercise is to establish this connectivity using SR-MPLS End to End
RP/0/0/CPU0:R1#sh route ipv4 | in 6.1.1.

L 6.1.1.1/32 is directly connected, 23:54:08, Loopback0 RP/0/0/CPU0:R1#ping 6.1.1.10 source 6.1.1.1
Type escape sequence to abort.
i L1 6.1.1.2/32 [115/10] via 192.1.2.2, 23:53:59, GigabitEthernet0/0/0/1
Sending 5, 100-byte ICMP Echos to 6.1.1.10, timeout is 2
seconds:
.....
Success rate is 0 percent (0/5)
i ia 6.1.1.101/32 [115/30] via 192.1.3.3, 23:49:40, GigabitEthernet0/0/0/0
RP/0/0/CPU0:R10#sh route ipv4 | in 6.1.1.

i L1 6.1.1.6/32 [115/20] via 192.8.10.8, 23:43:15, GigabitEthernet0/0/0/0 RP/0/0/CPU0:R1#ping vrf C-Blue 2.0.0.6
i L1 6.1.1.7/32 [115/20] via 192.8.10.8, 23:43:15, GigabitEthernet0/0/0/0 Type escape sequence to abort.
i L1 6.1.1.8/32 [115/10] via 192.8.10.8, 23:43:15, GigabitEthernet0/0/0/0 Sending 5, 100-byte ICMP Echos to 2.0.0.6, timeout is 2
i L1 6.1.1.9/32 [115/10] via 192.9.10.9, 23:43:15, GigabitEthernet0/0/0/1 seconds:
L 6.1.1.10/32 is directly connected, 23:43:24, Loopback0 .....
i ia 6.1.1.101/32 [115/40] via 192.8.10.8, 23:43:15, GigabitEthernet0/0/0/0 Success rate is 0 percent (0/5)

Task 2: Check MPLS/LDP/L3VPN forwarding plane
R2 R4 R6 R8
Access Core Access
R1 ISIS L1 ISIS L2 ISIS L1 R10
R3 R5 R7 R9
RP/0/0/CPU0:R1#sh mpls for RP/0/0/CPU0:R10#sh mpls for

Local Outgoing Prefix Outgoing Next Hop Local Outgoing Prefix Outgoing Next Hop
Label Label or ID Interface Label Label or ID Interface
------ ----------- ------------------ ------------ --------------- ------ ----------- ------------------ ------------ ---------
24000 Aggregate C-Blue: Per-VRF Aggr[V] \ 24000 Unlabelled 6.1.1.101/32 Gi0/0/0/0 192.8.10.8
C-Blue Unlabelled 6.1.1.101/32 Gi0/0/0/1 192.9.10.9
24001 Unlabelled 6.1.1.101/32 Gi0/0/0/0 192.1.3.3 24001 Unlabelled 6.1.1.102/32 Gi0/0/0/0 192.8.10.8
Unlabelled 6.1.1.101/32 Gi0/0/0/1 192.1.2.2 Unlabelled 6.1.1.102/32 Gi0/0/0/1 192.9.10.9
24002 Unlabelled 6.1.1.102/32 Gi0/0/0/0 192.1.3.3 24002 Aggregate C-Blue: Per-VRF Aggr[V] \
Unlabelled 6.1.1.102/32 Gi0/0/0/1 192.1.2.2 C-Blue
RP/0/0/CPU0:R1#sh bgp vpnv4 unicast RP/0/0/CPU0:R10#sh bgp vpnv4 unicast

<snip> <snip>
Network Next Hop Metric LocPrf Weight Path Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1 (default for vrf C-Blue) Route Distinguisher: 65000:1 (default for vrf C-Blue)
*> 1.0.0.0/24 0.0.0.0 0 32768 ? * i 1.0.0.0/24 6.1.1.1 0 100 0 ?
* i2.0.0.0/24 6.1.1.10 0 100 0 ? * i 6.1.1.1 0 100 0 ?
* i 6.1.1.10 0 100 0 ? *> 2.0.0.0/24 0.0.0.0 0 32768 ?

Task 3: Enable SR, Configure Prefix SID
R2 R4 R6 R8
Access Core Access
R3 R5 R7 R9
R1 Configuration R10 Configuration
segment-routing segment-routing
global-block 16000 17000 global-block 16000 17000
router isis 100 router isis 100

address-family ipv4 unicast RP/0/0/CPU0:R2#sh mpls for address-family ipv4 unicast
segment-routing mpls sr-prefer Local Outgoing Prefix Outgoing Next Hop Bytes segment-routing mpls sr-prefer
Label Label or ID Interface Switched
router isis 100 ------ ----------- ------------------ ------------ --------------- --------- router isis 100
interface Loopback0 16003 Pop SR Pfx (idx 3) Gi0/0/0/2 10.0.0.14 0 interface Loopback0
address-family ipv4 unicast 16004 Pop SR Pfx (idx 4) Gi0/0/0/0 10.0.0.18 1776000 address-family ipv4 unicast
prefix-sid index 1 16005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.0.0.22 4820350 prefix-sid index 10
24000 Pop SR Adj (idx 0) Gi0/0/0/1 10.0.0.22 0
24001 Pop SR Adj (idx 2) Gi0/0/0/1 10.0.0.22 0
24008 Pop SR Adj (idx 0) Gi0/0/0/3 198.18.2.31 0
24009 Pop SR Adj (idx 2) Gi0/0/0/3 198.18.2.31 0
24010 Pop SR Adj (idx 0) Gi0/0/0/2 10.0.0.14 0

Task 4: Verify SR Forwarding Table
RP/0/0/CPU0:R1# sh mpls forwarding RP/0/0/CPU0:R1# sh cef 6.1.1.4

Sun Feb 17 00:32:31.065 UTC
6.1.1.4/32, version 325, labeled SR, internal 0x1000001 0x83 (ptr
Local Outgoing Prefix Outgoing Next Hop 0xde09540) [1], 0x0 (0xdfce3a8), 0xa28 (0xee090f0)
Label Label or ID Interface Updated Feb 17 00:31:47.949
------ ----------- ------------------ ------------ --------------- - remote adjacency to GigabitEthernet0/0/0/0
-16002 Pop SR Pfx (idx 2) Gi0/0/0/1 192.1.2.2 Prefix Len 32, traffic index 0, precedence n/a, priority 1
0 via 198.18.2.70/32, GigabitEthernet0/0/0/0, 6 dependencies, weight 0,
16003 Pop SR Pfx (idx 3) Gi0/0/0/0 192.1.3.3 0 class 0 [flags 0x0]
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 192.1.3.3 0 path-idx 0 NHID 0x0 [0xeb76bf0 0x0]
16004 SR Pfx (idx 4) Gi0/0/0/1 192.1.2.2 0 next hop 198.18.2.70/32
16005 16005 SR Pfx (idx 5) Gi0/0/0/0 192.1.3.3 0 remote adjacency
16005 SR Pfx (idx 5) Gi0/0/0/1 192.1.2.2 0 local label 16004 labels imposed {16004}
16101 16101 SR Pfx (idx 101) Gi0/0/0/0 192.1.3.3 0 via 198.18.3.70/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0,
16101 SR Pfx (idx 101) Gi0/0/0/1 192.1.2.2 class 0 [flags 0x0]
500 path-idx 1 NHID 0x0 [0xeb76c80 0x0]
16102 16102 SR Pfx (idx 102) Gi0/0/0/0 192.1.3.3 0 next hop 198.18.3.70/32
16102 SR Pfx (idx 102) Gi0/0/0/1 192.1.2.2 0 remote adjacency
24000 Aggregate C-Blue: Per-VRF Aggr[V] \ local label 16004 labels imposed {16004}
C-Blue 0
24001 Pop SR Adj (idx 0) Gi0/0/0/1 192.1.2.2 0 RP/0/RP0/CPU0:R1#traceroute sr-mpls 6.1.1.4/32 source 6.1.1.1
24002 Pop SR Adj (idx 2) Gi0/0/0/1 192.1.2.2 0 0 198.18.3.31 MRU 1500 [Labels: 16004 Exp: 0]
24003 Pop SR Adj (idx 0) Gi0/0/0/0 192.1.3.3 0 L 1 198.18.3.70 MRU 1500 [Labels: implicit-null Exp: 0] 18 ms
24004 Pop SR Adj (idx 2) Gi0/0/0/0 192.1.3.3 0 ! 2 10.0.0.30 15 ms

Task 5: VRF Connectivity
RP/0/0/CPU0:R1#sh bgp vpnv4 unicast RP/0/0/CPU0:R10#sh bgp vpnv4 unicast

<snip> <snip>
*> 1.0.0.0/24 0.0.0.0 0 32768 ? * i 1.0.0.0/24 6.1.1.1 0 100 0 ?
* i2.0.0.0/24 6.1.1.10 0 100 0 ? *> 2.0.0.0/24 0.0.0.0 0 32768 ?
RP/0/0/CPU0:R1#sh route vrf C-Blue RP/0/0/CPU0:R10#sh route vrf C-Blue

<snip> <snip>
C 1.0.0.0/24 is directly connected, 1d02h, Gig/0/0/0/2 C 2.0.0.0/24 is directly connected, 1d02h, Gig/0/0/0/2
L 1.0.0.6/32 is directly connected, 1d02h, Gig 0/0/0/2 L 2.0.0.6/32 is directly connected, 1d02h, Gig 0/0/0/2
RP/0/0/CPU0:R1#ping 6.1.1.10 source 6.1.1.1 RP/0/0/CPU0:R1#ping vrf C-Blue 2.0.0.6

Type escape sequence to abort. Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.1.1.10, timeout is Sending 5, 100-byte ICMP Echos to 2.0.0.6, timeout is 2
2 seconds: seconds:
..... .....
Success rate is 0 percent (0/5) Success rate is 0 percent (0/5)

SR-PCE1 RR
R2 R4 R6 R8
Access Core Access
R3 R5 SR-PCE2
R7 R9
RP/0/RP0/CPU0:R1#sh bgp vpnv4 unicast

Route Distinguisher: 65000:1 (default for vrf C-Blue)
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0/24 0.0.0.0 0 32768 ?
* i2.0.0.0/24 6.1.1.10 0 100 0 ?
* i 6.1.1.10 0 100 0 ?
RP/0/RP0/CPU0:R1#sh bgp all all summary

Address Family: VPNv4 Unicast
-----------------------------
<snip>
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
6.1.1.4 0 65001 472 467 11 0 0 07:40:21 1
6.1.1.5 0 65001 474 467 11 0 0 07:40:20 1
Address Family: IPv4 Labeled-unicast

------------------------------------
6.1.1.4 0 65001 472 467 16 0 0 07:40:21 2
6.1.1.5 0 65001 474 467 16 0 0 07:40:20 2

Task 6.1: Configure BGP to Allocate labels for IPv4
R2 R4 R6 R8
Access Core Access
R3 R5 SR-PCE2
R7 R9
• We will configure R1 and R10 to advertise their loopbacks so that they both learn each other’s SR labels/SID through BGP.
router bgp 65001 router bgp 65001

address-family ipv4 unicast address-family ipv4 unicast
network 6.1.1.1/32 network 6.1.1.10/32
allocate-label all allocate-label all
• Once the configuration is done, did you notice the following message pop up on inline Route Reflectors (R4, R5, R6, R7)
RP/0/0/CPU0:R4#RP/0/0/CPU0:Feb 19 03:42:51.450 UTC: ipv4_rib[1154]: %ROUTING-RIB-3-LABEL_ERR_ADD : Add local-

label 24014 (2) for table 0xe0000000, prefix 6.1.1.1/32, by proto bgp client 23 bgp node0_0_CPU0 - existing
label 16001 added by proto-id 4 client 15
RP/0/0/CPU0:R6#RP/0/0/CPU0:Feb 19 03:47:28.142 UTC: ipv4_rib[1154]: %ROUTING-RIB-3-LABEL_ERR_ADD : Add local-

label 24011 (2) for table 0xe0000000, prefix 6.1.1.10/32, by proto bgp client 20 bgp node0_0_CPU0 - existing
label 16010 added by proto-id 7 client 22

• Check if R1 and R10 could see each other’s Loopbacks in BGP/Global routing table and subsequently “valid”
VPN routes in VRF as well
On R1 On R10
RP/0/0/CPU0:R1#sh bgp RP/0/0/CPU0:R10# sh bgp

*> 6.1.1.1/32 0.0.0.0 0 32768 i *>i6.1.1.1/32 6.1.1.6 0 100 0 i
*>i6.1.1.10/32 6.1.1.4 0 100 0 i * i 6.1.1.7 0 100 0 i
* i 6.1.1.5 0 100 0 i *> 6.1.1.10/32 0.0.0.0 0 32768 i
*>i6.1.1.101/32 6.1.1.4 0 100 0 i *>i6.1.1.101/32 6.1.1.6 0 100 0 i
* i 6.1.1.5 0 100 0 i * i 6.1.1.7 0 100 0 i
*>i6.1.1.102/32 6.1.1.4 0 100 0 i *>i6.1.1.102/32 6.1.1.6 0 100 0 i
* i 6.1.1.5 0 100 0 i * i 6.1.1.7 0 100 0 i
On R1 On R10
RP/0/0/CPU0:R1# sh bgp vpnv4 unicast RP/0/0/CPU0:R10# sh bgp vpnv4 unicast

*> 1.0.0.0/24 0.0.0.0 0 32768 ? *>i1.0.0.0/24 6.1.1.1 0 100 0 ?
*>i2.0.0.0/24 6.1.1.10 0 100 0 ? * i 6.1.1.1 0 100 0 ?
* i 6.1.1.10 0 100 0 ? *> 2.0.0.0/24 0.0.0.0 0 32768 ?
Even though routes are valid, ping between vpn and “ping sr-mpls” between R1/R10 Loopbacks will fail. This is due to
error message received on inline RRs in the previous step. Check next slide for more details
RP/0/0/CPU0:R1# ping sr-mpls 6.1.1.10/32 source 6.1.1.1 RP/0/0/CPU0:R10# ping sr-mpls 6.1.1.1/32 source 6.1.1.10
Type escape sequence to abort. Type escape sequence to abort.
NNNNN NNNNN
Success rate is 0 percent (0/5) Success rate is 0 percent (0/5)

Task 6.2: Configure BGP to Allocate the SR Label for IPv4

route-policy SID($SID) route-policy SID($SID)
set label-index $SID set label-index $SID
end-policy end-policy

address-family ipv4 unicast address-family ipv4 unicast
network 6.1.1.1/32 route-policy SID(1) network 6.1.1.10/32 route-policy SID(10)
allocate-label all allocate-label all
RP/0/RP0/CPU0:R4# sh bgp 6.1.1.1 RP/0/0/CPU0:R6# sh bgp 6.1.1.1

BGP routing table entry for 6.1.1.1/32 BGP routing table entry for 6.1.1.1/32
Versions: Versions:
Process bRIB/RIB SendTblVer Process bRIB/RIB SendTblVer
Speaker 15 15 Speaker 16 16
Local Label: 16001 <<<<<<<<This is the right BGP SR SID Local Label: 16001
<snip> <snip>
6.1.1.4 (metric 10) from 6.1.1.100 (6.1.1.1)
RP/0/0/CPU0:R4# sh bgp 6.1.1.10 Received Label 16001
BGP routing table entry for 6.1.1.10/32 <snip>
Versions:
Process bRIB/RIB SendTblVer RP/0/0/CPU0:R6# sh bgp 6.1.1.10
Speaker 14 14 BGP routing table entry for 6.1.1.10/32
Local Label: 16010 Versions:
<snip> Process bRIB/RIB SendTblVer
6.1.1.6 (metric 10) from 6.1.1.100 (6.1.1.10) Speaker 15 15
Received Label 16010 Local Label: 16010

Task 7: Connectivity
R2 R4 R6 R8
Access Core Access
R5L3VPN Service Verification (Expected

R3 R1 ßà R10 MPLS and R7 to Pass Now) R9
• Ping between R1 and R10, for MPLS as well as for L3VPN to check connectivity
RP/0/RP0/CPU0:R1#ping sr-mpls 6.1.1.10/32 sou 6.1.1.1
Sending 5, 100-byte MPLS Echos to 6.1.1.10/32,
timeout is 2 seconds, send interval is 0 msec:
RP/0/RP0/CPU0:R1#traceroute sr-mpls 6.1.1.10/32 source 6.1.1.1
!!!!!
Success rate is 100 percent (5/5),
0 192.1.2.1 MRU 1500 [Labels: 16004/16010 Exp: 0/0]
L 1 192.1.2.2 MRU 1500 [Labels: implicit-null/16010 Exp: 0/0] 6 ms
L 2 192.2.4.4 MRU 1500 [Labels: 16010 Exp: 0] 15 ms
RP/0/RP0/CPU0:R1#ping vrf C-Blue 2.0.0.6 L 3 192.4.7.7 MRU 1500 [Labels: 16010 Exp: 0] 16 ms
. 4 *
Sun Feb 17 01:24:38.600 UTC
! 5 192.8.10.10 26 ms
Sending 5, 100-byte ICMP Echos to 2.0.0.6, timeout is 2 sec
!!!!!
Success rate is 100 percent (5/5),
RP/0/0/CPU0:R10#ping sr-mpls 6.1.1.1/32 source 6.1.1.10 RP/0/0/CPU0:R10#ping vrf C-Blue 1.0.0.6

Sending 5, 100-byte MPLS Echos to 6.1.1.1/32, Sending 5, 100-byte ICMP Echos to 1.0.0.6, timeout is 2 seconds:
!!!!! !!!!!

Segment Routing Traffic Engineering - Lab
0 Configure & Validate BGP-LS
1 Configure PCE Server
2 Configure PCE Client-Server
Bringing it all together:

3 Configure and Compute SRTE
Policy Using SR-PCE

Task 8.1: Configure BGP LS on Routers
SR-PCE1 RR
2 4
R2 R4 6
R6 8
R8
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
SR-PCE2
Make sure R4 and R5 distributes Instance-id is needed for SR-PCE to distinguish topologies belonging Make sure R6 and R7 distributes
only L1 routers with instance-id to different domains. Otherwise certain algorithms may operate only L1 routers with instance-id
incorrectly. Future SR-PCE releases may use ISIS domain-id for this
101 purpose. 110
On R4,R5 R4/R5 On R6,R7 R6/R7
router isis 100 router isis 100

distribute link-state instance-id 101 level 1 distribute link-state instance-id 110 level 1

address-family link-state link-state address-family link-state link-state
neighbor-group INLINE_RRC neighbor-group INLINE_RRC
address-family link-state link-state address-family link-state link-state

Task 8.2: Configure BGP LS on Routers
• Configure BGP-LS on all Route Reflectors (RR, R4, R5, R6, R7) and XTC (XTC1 and XTC2)
SR-PCE1 RR
2 4
R2 R4 6
R6 8
R8
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
SR-PCE2
Make sure SR-PCE distributes
RR should reflect BGP-LS AF to SR-PCE ingests L2 toplogy directly, via distribute link-state directive. only L2 routers with instance-id
SR-PCEs L1 topologies received via BGP-LS 220
router bgp 65001 RR Config SR-PCE1/

address-family link-state link-state SR-PCE2
neighbor-group RRC router isis 100
address-family link-state link-state distribute link-state instance-id 200 level 2
route-reflector-client
neighbor 6.1.1.101 router bgp 65001
use neighbor-group RRC
!
neighbor 6.1.1.102
use neighbor-group RRC neighbor 6.1.1.100

Task 9: BGP-LS on Router - Verify
SR-PCE1 RR
2 4
R2 R4 6
R6 8
R8
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
SR-PCE2
RR
RP/0/0/CPU0:RR#sh bgp link-state link-state summary
6.1.1.4 0 65001 2834 2782 1075 0 0 00:04:44 61
6.1.1.5 0 65001 2839 2781 1075 0 0 00:04:42 61
6.1.1.6 0 65001 2841 2781 1075 0 0 00:04:42 61
6.1.1.7 0 65001 2842 2781 1075 0 0 00:04:42 61
6.1.1.101 0 65001 2637 2781 1075 0 0 00:04:44 0
6.1.1.102 0 65001 2636 2780 1075 0 0 00:04:44 0
RP/0/0/CPU0:SR-PCE1#sh bgp link-state link-state summary SR-PCE1/

SR-PCE2
6.1.1.100 0 65001 2779 2635 209 0 0 00:02:17 122

Task 10: BGP LS Advertise TE Attributes
• On one of SR-PCEs or RR use the following show commands for verification:

• Show bgp link-state link-state
• Show bgp link link [full route] (use one of the routes shown through above command)
• No TE attributes being advertised with the link-state information

Example Only
show bgp link link
[E][L1][I0x65][N[c65001][b0.0.0.0][s1921.5500.0001.00]][R[c65001][b0.0.0.0][s1921.5500.0002.00]][L[i192.1.2.1][n192.1.2.2]]/
696
<snip>
Local
6.1.1.4 (metric 10) from 6.1.1.100 (6.1.1.4)
Origin IGP, localpref 100, valid, internal, best, group-best
Received Path ID 0, Local Path ID 1, version 259
Originator: 6.1.1.4, Cluster list: 6.1.1.100
Link-state: MSD: Type 1 Value 10, Remote TE Router-ID:
6.1.1.2 metric: 10, ADJ-SID: 24002(30) , Link Delay: 10 us Flags: 0x00
Min Delay: 10 us Max Delay: 10 us Flags: 0x00, Delay Variation: 0 us

Task 10.1: Configure BGP LS Advertise TE Attributes
• Configure on R1 and R10:
conf
router isis 100
distribute link-state
mpls traffic-eng level-1-2
mpls traffic-eng router-id Loopback0
commit
end
• Ensure that all the routers have this configuration

(R1/R2/R3/R4/R5/R6/R7/R8/R9/R1/SR-PCE1/SR-PCE2) :
Without TE information advertised along with the link-state in BGP-LS, SR-PCE won’t be able to compute policy paths

Task 10.1: Validate BGP LS Advertise TE Attributes
• Repeat show bgp link link command from 2 slides back

• Now TE attributes are being advertised with the link-state information
Example Only
show bgp link link
[E][L1][I0x65][N[c65001][b0.0.0.0][s1921.5500.0001.00]][R[c65001][b0.0.0.0][s1921.5500.0002.00]][L[i192.1.2.1][n192.1.2.2]]/
696
<snip>
Local
6.1.1.4 (metric 10) from 6.1.1.100 (6.1.1.4)
Origin IGP, localpref 100, valid, internal, best, group-best
Received Path ID 0, Local Path ID 1, version 259
Originator: 6.1.1.4, Cluster list: 6.1.1.100
Link-state: MSD: Type 1 Value 10, Local TE Router-ID:
6.1.1.1 Remote TE Router-ID: 6.1.1.2, admin-group: 0x00000000
max-link-bw (kbits/sec): 1000000, max-reserv-link-bw (kbits/sec): 0
max-unreserv-link-bw (kbits/sec): 0 0 0 0 0 0 0 0,
TE-default-metric: 10 metric: 10, ADJ-SID: 24002(30)
Link Delay: 10 us Flags: 0x00, Min Delay: 10 us Max Delay: 10 us Flags: 0x00
Delay Variation: 0 us


Policy Using SR-PCE

Task 11: Enable SR-PCE Functionality and Verify Operation
SR-PCE1
RR
2 4
R2 R4 6
R6 8
R8
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
On SR-PCE1
pce
address ipv4 6.1.1.101
rest
!
!
RP/0/0/CPU0:SR-PCE1#show pce ipv4 prefix

RP/0/0/CPU0:SR-PCE1#sh pce ipv4 path source 6.1.1.1
destination 6.1.1.10
PCE's prefix database:
----------------------
Path:
Node 1
----:
TE router ID: 6.1.1.1
Hop0: 192.1.2.1
Host name: R1
Hop1: 192.2.4.2
ISIS system ID: 1921.5500.0001 level-1 ASN: 65001
Hop2: 192.4.6.4
Advertised Prefixes:
Hop3: 192.6.8.6
6.1.1.1
Hop4: 192.8.10.8
<snip>


Policy Using SR-PCE

Task 12: Configure R1 and R10 as PCC
R1 R1
segment-routing RP/0/RP0/CPU0:R1#show segment-routing traffic-eng pcc ipv4 peer

traffic-eng
pcc PCC's peer database:
source-address ipv4 6.1.1.1 --------------------
pce address ipv4 6.1.1.101 precedence 100
Peer address: 6.1.1.101, Precedence: 100, (best PCE)
State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation
R10
SR-PCE1
segment-routing RP/0/0/CPU0:SR-PCE1#sh pce ipv4 peer

traffic-eng
pcc PCE's peer database:
source-address ipv4 6.1.1.10 --------------------
pce address ipv4 6.1.1.101 precedence 100 Peer address: 6.1.1.1
State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation
Peer address: 6.1.1.10

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation


3 Configure and Compute
SRTE Policy Using SR-PCE

Task 13: Configure Slice Color (BGP Ext Community)
2 4
R2 R4 6
R6 8
R8
6.1.1.1
6.1.1.10
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
• On R1 and R10: Configure Route Policy to set color 2 for Matching Traffic
• Associate the color extended community with routes in VPNv4.
R1 and R10 R1 R10

On R1* On R10*
On R1 and R10
extcommunity-set opaque COLOR_2
2
end-set
neighbor 6.1.1.4 neighbor 6.1.1.6
address-family vpnv4 unicast address-family vpnv4 unicast
route-policy SET_COLOR_2 route-policy SET_COLOR_2 in route-policy SET_COLOR_2 in
set extcommunity color COLOR_2
end-policy
neighbor 6.1.1.5 neighbor 6.1.1.7
address-family vpnv4 unicast address-family vpnv4 unicast
route-policy SET_COLOR_2 in route-policy SET_COLOR_2 in
* Route can also be colored directly on VRF service configuration for

better control/scalability

2 4
R2 R4 6
R6 8
R8
6.1.1.1 6.1.1.10
1
R1 10
R10
3
R3 5
R5 7
R7 9
R9
RP/0/0/CPU0:R1#sh bgp vrf C-Blue 2.0.0.0 R1 RP/0/0/CPU0:R10#sh bgp vrf C-Blue 1.0.0.0 R10
<snip> <snip>
6.1.1.10 (metric 20) from 6.1.1.4 (6.1.1.10) 6.1.1.1 (metric 20) from 6.1.1.6 (6.1.1.1)
Received Label 24004 Received Label 24000
<snip> <snip>
Extended community: Color:2 RT:65000:1 Extended community: Color:2 RT:65000:1
<snip> <snip>
6.1.1.10 (metric 20) from 6.1.1.5 (6.1.1.10) 6.1.1.10 (metric 20) from 6.1.1.5 (6.1.1.10)
Received Label 24004 Received Label 24004
<snip> <snip>
Extended community: Color:2 RT:65000:1 Extended community: Color:2 RT:65000:1
<snip> <snip>

Task 14: Configure an “On-Demand” SRTE Policy
R1 R10
segment-routing segment-routing
traffic-eng traffic-eng
on-demand color 2 on-demand color 2
dynamic dynamic
pcep pcep
! !
metric metric
type igp type igp
R1 R10
RP/0/0/CPU0:R1#sh segment-routing traffic-eng policy RP/0/0/CPU0:R10#sh segment-routing traffic-eng policy
SR-TE policy database SR-TE policy database
--------------------- ---------------------
Name: bgp_AP_5 (Color: 2, End-point: 6.1.1.10) Name: bgp_AP_3 (Color: 2, End-point: 6.1.1.1)
Status: Status:
Admin: up Operational: up Admin: up Operational: up
Candidate-paths: Candidate-paths:
Preference 100: Preference 100:
Path Metrics: Path Metrics:
Margin Absolute: 0 Margin Absolute: 0
Margin Relative: 0% Margin Relative: 0%
Maximum SID Depth: 10 Maximum SID Depth: 10
Dynamic (pce 6.1.1.101) (active) Dynamic (pce 6.1.1.101) (active)
Metric Type: IGP, Path Accumulated Metric: 50 Metric Type: IGP, Path Accumulated Metric: 50
16004 [Prefix-SID, 6.1.1.4] 16006 [Prefix-SID, 6.1.1.6]
Attributes: Attributes:
Binding SID: 24012 Binding SID: 24010
Allocation mode: dynamic Allocation mode: dynamic
State: Programmed State: Programmed
Policy selected: yes Policy selected: yes
Forward Class: 0 Forward Class: 0
Steering BGP disabled: no Steering BGP disabled: no
IPv6 caps enable: yes IPv6 caps enable: yes
Distinguisher: 0 Distinguisher: 0
Auto-policy info: Auto-policy info:
Creator: BGP Creator: BGP

On Demand Next hop based reachability verification through ping
R2 R4 R6 R8
Access Core Access
R3 R5 R7 R9
R1 ßà R10 MPLS and L3VPN Service Verification
• Ping between R1 and R10, for MPLS as well as for L3VPN to check connectivity through On-Demand Next Hop
RP/0/0/CPU0:R1#ping sr-mpls 6.1.1.10/32 source 6.1.1.1
RP/0/0/CPU0:R1#trace vrf C-Blue 2.0.0.6
Sending 5, 100-byte MPLS Echos to 6.1.1.10/32,
!!!!!
Tracing the route to 2.0.0.6
RP/0/0/CPU0:R10#ping sr-mpls 6.1.1.1/32 source 6.1.1.10 1 192.1.2.2 [MPLS: Labels 16004/16006/16010/24000 Exp 0]
Sending 5, 100-byte MPLS Echos to 6.1.1.1/32, 2 192.2.4.4 [MPLS: Labels 16006/16010/24000 Exp 0]
!!!!! 3 192.4.6.6 [MPLS: Labels 16010/24000 Exp 0]
4 192.6.8.8 [MPLS: Labels 16010/24000 Exp 0]
RP/0/0/CPU0:R1#ping vrf C-Blue 2.0.0.6 5 192.8.10.10 59 msec * 39 msec
Sending 5, 100-byte ICMP Echos to 2.0.0.6, timeout is 2 seconds:
!!!!! RP/0/0/CPU0:R10# trace vrf C-Blue 1.0.0.6
RP/0/0/CPU0:R10#ping vrf C-Blue 1.0.0.6
Tracing the route to 1.0.0.6
Sending 5, 100-byte ICMP Echos to 1.0.0.6, timeout is 2 seconds:
!!!!!
1 192.8.10.8 [MPLS: Labels 16006/16004/16001/24000 Exp 0]
2 192.6.8.6 [MPLS: Labels 16004/16001/24000 Exp 0]
3 192.4.6.4 [MPLS: Labels 16001/24000 Exp 0]
4 192.2.4.2 [MPLS: Labels 16001/24000 Exp 0]
5 192.1.2.1 39 msec * 49 msec

SR Srte Pce

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SR Srte Pce

Uploaded by

Copyright:

Available Formats

SR+SRTE+PCE

LACNIC32 / LACNOG 2019

1 Segment Routing Recap

2 Segment Routing Traffic Engineer Fundamentals

3 PCE based SRTE Policy Architecture

4 SR + SRTE + PCE Configuration

5 Lab : SR + Basic SRTE + PCE

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

Simplify Automate Virtualize Program

New business capabilities built on the network as the platform;

Node SID Peering SID (EPE)

16001 16003 16005

24012 24034 24010

16002 16004 16006

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

• Shortest-path to the IGP prefix

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

• Forward on the IGP adjacency

• Local Segment 24025

All nodes use default SRGB

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

• Same prefix advertised

• If primary node fails, 3 6 5

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

Globally unique Prefix-SID identifies the router

Locally unique Adjacency-SID identifies link on a router

Simple extension to IS-IS or OSPF to propagate SIDs through the

SID is used as label in MPLS-SR

Builds & Maintains ”Segment”

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

1 Segment Routing Recap

2 Segment Routing Traffic Engineer Fundamentals

3 PCE based SRTE Policy Architecture

4 SR + SRTE + PCE Configuration

5 Lab : SR + Basic SRTE + PCE

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

New CLI Construct “SRTE Policy” - No more tunnels

Policy Instantiation Different ways to instantiation on Headend

Automated Steering Traffic Steered into policy by using “Color”

External Path Interact with Applications for network transport

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

• An SR policy is uniquely identified by a tuple

Head End Where the SR Policy is instantiated (implemented) H

Endpoint Destination of the SR Policy E

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

16001 16003 16005

24012 24034 24010

16002 16004 16006

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

Desired Path: T: 100

RSVP Tunnel 22002 16003 24034 16005

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

• Identified by • Programmed in FIB

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial

1 Segment Routing Recap

2 Segment Routing Traffic Engineer Fundamentals

3 PCE based SRTE Policy Architecture

4 SR + SRTE + PCE Configuration

5 Lab : SR + Basic SRTE + PCE

© 2018 Cisco an d /o r its affiliate s. A ll righ ts re se rve d . Cisco Co n fid e n tial