Professional Documents
Culture Documents
SP Partner VT Lab
Powered by
IMPORTANT: This content includes pre-release software, and you may experience issues with some features. The included
documentation was not created or verified by dCloud. Check Cisco dCloud regularly for new releases!
“Segment Routing (SR) leverages the source routing paradigm. A node steers a packet through
an ordered list of instructions, called segments. A segment can represent any instruction,
topological or service-based. A segment can have a local semantic to an SR node or global within
an SR domain. Segment routing allows you to enforce a flow through any topological path and
service chain while maintaining per-flow state only at the ingress node to the SR domain.
Segment routing can be directly applied to the MPLS architecture with no change on the
forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is
encoded as a stack of labels. The segment to process is on the top of the stack. Upon completion
of a segment, the related label is popped from the stack. Segment routing re-uses MPLS
dataplane without any changes. All the segments are represented as MPLS label. It is applicable
to both IPv4 and IPv6 dataplane
Segment Routing can be applied to the IPv6 architecture, with a new type of routing extension
header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an
ordered list of IPv6 addresses in the routing extension header. The segment to process is
indicated by a pointer in the routing extension header. Upon completion of a segment, the pointer
is incremented.”
Global Segment: Any node in the segment-routing domain understands the instruction
associated with a global segment. Any node in the domain installs the related instruction in its
Forwarding Information Base (FIB). Global segments fall in a subspace of the segment (or label)
space called the Segment Routing Global Block (SRGB). The SRGB is usually defined as the
range 16000 to 23999, and all the nodes in a network are allocated the same SRGB; this
stipulation is important to fulfill the requirement for operational simplification. Note that the use of a
common SRGB in all nodes is not a requirement; a different SRGB at every node can be used, if
needed.
Local Segment: The instruction associated with a local segment is supported by only the node
originating it. No other node installs a remote local segment in its FIB.
For example: If node N
allocates segment 29001 to the local forwarding instruction “complete the segment and forward
the packet onto interface I”, then it advertises this local instruction with absolute value 29001. No
other node installs that segment in its segment-routing FIB and hence no conflict can arise
Node and prefix segment are example of Global SID and Adjacency Segment are example of
local SID:
Node Segment: A node segment (or node SID, or N-SID) is associated with a node in
the SR network, and is a globally known within the network. It represents the ECMP-aware
shortest path to the node. A prefix-SID (or P-SID) represents the ECMP-aware IGP shortest path
to the prefix (which is attached to one or more nodes in the network). A node segment is a
segment allocated to a loopback that identifies a specific node.
In following picture, 16005 is the
node segment of router 5, in other words, it’s a segment allocated to a loopback of router 5, so a
packet injected anywhere in the network with top segment 16005 will reach 5 by the shortest-path.
The imposition of the segment happens on the ingress router, at Router 1.
Adjacency Segment
Segment-Routing Control Plane: The job of the SR control plane is to set up the MPLS
forwarding table on each router in such a way to allow this to happen. Extensions to both IS-IS
and OSPF protocols have been made to support segment routing. IS-IS TLV extensions have
been implemented for segment-routing support in IS-IS. The implementation is based on the IETF
draft “draft-ietf-IS-IS-segment-routing-extensions” via new Sub TLV for SR carried in current IP
and IS-IS reachability TLV on LSP. OSPF extensions have been implemented to support segment
Segment Routing (SR) enables a unified, end-to-end, policy-aware network architecture from
servers in the data center, through the WAN, and up to the aggregation. Benefits of SR are
related to operational simplicity, better scale (the SR policy is in the packet), and better utilization
of the installed infrastructure (lower capex)
SR is designed for SDN because it seeks the proper balance between distributed intelligence,
centralized optimization, and application-based policy creation.
Lab Overview
This lab introduces Segment Routing (SR) with MPLS dataplane and traffic engineering with a
manual SRTE tunnel. This lab will provide all attendees first hand experience on how to use
MPLS data plane with no MPLS configuration to use labels r and steer traffic using segment
routing. Attendees will be able to see how SRTE (segment routing traffic engineering) tunnels are
created and traffic is steered.
The student will use XRv to implement segment routing over the MPLS dataplane. Upon
completion of this lab, the student will be able to:
The main objective of this lab is to provide participants exposure to segment routing technology
Participants will configure segment routing on all the nodes
Segment routing labels will be created
Traffic will be preferred using segment routing
MPLS configuration will be removed
Traffic will still continue to have labels via segment routing
Lab Topology:
XRv-2 XRv-5
Gi 0/0/0/1 Gi 0/0/0/0
10.10.2.2 10.10.5.5
10.10.6.6
10.10.1.1
XRv-1 XRv-6
172.16.8.6
Gi 0/0/0/2
Gi 0/1
10.10.3.3 10.10.4.4
Components
VIRL
IOS XRv
Anyconnect
Features
Capable of running a range of virtual machines (VMs) running Cisco operating systems (IOS-XE, IOS
Classic, IOS-XR, and NX-OS)
Segment Segment Routing (SR) enables a unified, end-to-end, policy-aware network architecture from servers
Routing in the data center, through the WAN, and up to the aggregation.
SR is designed for SDN because it seeks the proper balance between distributed intelligence,
centralized optimization, and application-based policy creation.
Other benefits of SR are related to operational simplicity, better scale (the SR policy is in the packet),
and better utilization of the installed infrastructure (lower capex)
Requirements
A Laptop computer with access to the Internet
Anyconnect, VPN software used to connect your desktop into the Virtual Lab
Microsoft Remote Desktop, used to connect into the virtual Lab Desktop
Lab Access
Each participant will have an individual POD to work on. Each POD is dedicated to an individual user, so
there is no impact to other PODs when making changes. You will receive a PoD already started for you
Follow step by step instructions to login into your PoD and complete the lab
Step 1: Go into dCloud to access the Lab session being assigned to you. Click on View Session
Step 2: Look into Session details and scroll down to find out your credentials for VPN Anyconnect
Step 3: Connect to anyconnect VPN dcloud-sjc-anyconnect.cisco.com with the username and password
provided on session details information window
Hit accept when the prompt appears to accept the VPN connection login
Step 4:
Once, the vpn is connected. Use Remote Desktop to connect to the respective POD.
If the RDP icon is not present on the desktop, go to RUN type mstsc to get the remote
desktop screen.
Enter the ip address provided for the POD to connect to the remote client
Accept the connection certificate to login to the Virtual Lab Windows Desktop.
Step 5: Once logged into the Windows desktop, you will see a browser with the Lab Launch Progress.
Verify all 4 steps (1 – 2 – 3 – 4) shown green (status ok). Don´t click on any Launch Control Center or
Command Group !
Step 6: Minimize the browser and click on the MTPuTTY icon to open connections to all devices.
Access all devices by double clicking the device name from the Servers panel on the left-hand
side of the MTPuTTY start page. Username is cisco and password is cisco for all
devices.
The table below contains details on preconfigured devides available for your virtual lab environment
Here is your topology and summary of IP address used at Virtual Lab network
XRv-2 XRv-5
Gi 0/0/0/1 Gi 0/0/0/0
XRv-1 XRv-6
Gi 0/0/0/2
Gi 0/1
Gi 0/0/0/1 Gi 0/0/0/0
Gi 0/0/0/2 Gi 0/0
Step 7: Log into each of your XRv devices with credentials cisco/cisco on all the XR routers (XR1, XR2,
XR3, XR4, XR5, XR6)
Lab verification
Step 1: Explore your virtual devices. Each one is pre-configured with basic configuration
Run the below command to check the XR version running on virtual routers
RP/0/0/CPU0:XR1#show ver brief
Cisco IOS XR Software, Version 6.1.3[Default]
Copyright (c) 2017 by Cisco Systems, Inc.
cisco IOS XRv Series (Intel 686 F6M15S2) processor with 3169791K bytes of memory.
Intel 686 F6M15S2 processor at 2476MHz, Revision 2.174
IOS XRv Chassis
1 Management Ethernet
2 GigabitEthernet
97070k bytes of non-volatile configuration memory.
866M bytes of hard disk.
2321392k bytes of disk0: (Sector size 512 bytes).Verify that OSPF neighbour is
established on all the routers
RP/0/0/CPU0:XR1#show platform
Look into the vRouter interfaces and cdp neighbors. Compare with your topology
Once, the configuration is verified, you may proceed to the next task
Step 2: Verify all routers have OSPF enabled in their interfaces and neighbors are up. Run the below
command to check:
* Indicates MADJ interface, (P) Indicates fast detect hold down state
Step 3: Verify all prefixes (loopbacks) are learnt and installed at routing table
Step 4: Verify all routers have MPLS enabled.Use the below command to verify MPLS interface
How many Labels did you receive from each neighbor ? check using “
Why there are some prefixes with “ImpNull” ? What MPLS Label number is it ? What MPLS
operation is associated to this label received from a peer ?
RP/0/0/CPU0:XR1#traceroute 10.10.6.6
LL!
Path 0 found,
output interface GigabitEthernet0/0/0/0 nexthop 172.16.1.2
source 172.16.1.1 destination 127.0.0.0
0 172.16.1.1 172.16.1.2 MRU 1500 [Labels: 24006 Exp: 0] multipaths 0
L 1 172.16.1.2 172.16.2.5 MRU 1500 [Labels: 24002 Exp: 0] ret code 8 multipaths 1
L 2 172.16.2.5 172.16.5.6 MRU 1500 [Labels: implicit-null Exp: 0] ret code 8 multipaths 1
! 3 172.16.5.6, ret code 3 multipaths 0
L...
Path 1 Unexplorable,
output interface GigabitEthernet0/0/0/1 nexthop 172.16.3.3
source 172.16.3.1 destination 127.0.0.0
0 172.16.3.1 172.16.3.3 MRU 1500 [Labels: 24007 Exp: 0] multipaths 0
L 1 172.16.3.3 172.16.4.4 MRU 1500 [Labels: 24006 Exp: 0] ret code 8 multipaths 1
What is the difference with plain IP Traceroute ? why it doesn´t work ? Enable MPLS OAM !
RP/0/0/CPU0:XR6#conf t
RP/0/0/CPU0:XR6(config)#mpls oam
Step 1: Configure segment routing on all the XR routers under OSPF instance 100 using the below
configuration. We are showing XR1 configuration only, apply the same configuration to XR2, XR3,
XR4, XR4, XR5 and XR6.
Use the below command to check for SR global block in use ( default SR block value is from
16,000 – 23,999)
Notes
• SR label range can NOT start below 16,000
• The default SR global block is : 16,000 - 24,000. Its soft reserved, once we reach OOR LSD can start
using this range 16k-24k for dynamic label allocation
• SRGB configuration is NOT address-family specific because the “SR-Capabilities Sub-TLV” of router
capability TLV defined in is not address-family specific
• If CLI results in enlarging or moving the default SRGB, then it is OK to require a reload but only if there
are clients who have labels in the new range
Before configuring SRGB, administrator needs to make sure that portion of the label base that is being
configured for Segment-Routing is free and is not being used by any other MPLS LSD clients
Step 2: Adj-SID, What SID has been already assigned ? How many ADJ-SID per link ? Check by looking
into
NOTE: Protected and unprotected adjacency-SIDs are allocated for both address families, but the
protected adjacency-SIDs are not actually protected because TI-LFA is not enabled yet. Protected
adjacency-SIDs with active protection are marked with the indication (protected).
Step 3: Node-SID, Now, we are going to assign the node-id to the loopback. We are only going to
show XR1 here. Below are the node-ids for all the XR routers
Prefix-sid-index value is used on all the routers (configured under the loopback addresses). The actual
label value as seen below is (SRGB base + prefix-sid-index). For example label allocated for Router A
loopback address is 16000 +1 i.e 16001. Alternatively “prefix-sid absolute 16001” can be used.
Verify the Router is disseminating information related to Segment Routing via OSPF by looking at
LS age: 1422
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 4.0.0.0
Opaque Type: 4
Opaque ID: 0
Advertising Router: 10.10.1.1
LS Seq Number: 80000001
Checksum: 0x92cb
Length: 52
LS age: 171
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
LS age: 1422
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 8.0.0.4
Opaque Type: 8
Opaque ID: 4
Advertising Router: 10.10.1.1
LS Seq Number: 80000002
Checksum: 0x16e8
Length: 68
LS age: 1422
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 8.0.0.5
Opaque Type: 8
Opaque ID: 5
Advertising Router: 10.10.1.1
LS Seq Number: 80000002
Checksum: 0x6a88
Length: 68
Note: OSPF uses 3 new type (4, 7 and 8) of Opaque LSA to propagate SR information
LSA type 4:
SR-Algorithm TLV (8)
SID/Label Range TLV (9)
LSA type 7 and 8 to advertise SIDs
OSPFv2 Extended Prefix Opaque LSA (type 7)
OSPFv2 Extended Prefix TLV (1)
Prefix SID Sub-TLV (2)
OSPFv2 Extended Link Opaque LSA (type 8)
OSPFv2 Extended Link TLV (1)
Adj-SID Sub-TLV (2)
LAN Adj-SID Sub-TLV (3)
Flag for Extended prefix TLV (embedded in Type 7 opaque LSA) codes ANxxxxxx, A=Attach bit for ABR
and N=Node bit. So what does 0x40 mean for 10.10.1.1 ?
Flag for Prefix SID Sub-TLV from Extended Prefis TLV (embedded in Type 7 opaque LSA) codes
xNMEVLxx, N=no-PHP, M=MappServer, E=ExpNull, V=value, L=local. So what does 0x00 mean ?
Flag for Adj-SID Sub-TLV in extended Link TLV (embedded in Type 8 opaque LSA) codes BVLSxxx,
B=backup, V=value, L=local, S=adj-set. So what does 0xe0 and 0x60 mean ?
Step 4: Verify, SR prefix has assigned the appropriate Ids in the MPLS table with the below command
Identify from above MPLS labels which are being used by SR. Which one as Prefix/Node SID and which
one as Adjacency SID ?
Step 5: Redo the traceroute operation from XR1 to XR6 to test Segment Routing MPLS data plane
Note the label values carefully in the below output. It will change after step 3. Label values
can very for each POD
RP/0/0/CPU0:XR1#traceroute 10.10.6.6
Why it is still using Labels assigned by LDP and not the SID ?
When LDP and SR both are present LDP LSP is preferred over SR. This is to help migration
from LDP to SR. Command “segment-routing mpls sr-prefer” overrides the default behavior i.e
segment-routing LSPs are preferred even if LDP lsps are present. Please find more details about
SR LDP preference in the following section.
Step6: Now, prefer segment routing over MPLS and assign prefix-sid ( segment id) to the loopback. This is
equivalent to assigning an identifier to a node or a router-id for that node
First, we are going to add configuration to start preferring SR over MPLS. This has to be
added on all the XR routers XR2, XR3, XR4, XR5, XR6
We would notice if we trace 10.10.6.6 again, that it is preferring the SR label instead of
MPLS label. Trace 10.10.6.6 to observe the output
RP/0/0/CPU0:XR1#traceroute 10.10.6.6
Question: is it required to configure “sr-prefer” in all routers in order to see this behavior at XR-1 ??
Step 7: Explore the options available for “segment-routing” under the “ospf router” configuration group as
well as the new “segment-routing” configuration group
RP/0/0/CPU0:XR1(config)#segment-routing
RP/0/0/CPU0:XR1(config-sr)#?
apply-group Apply configuration from a group
apply-group-append Append apply-group configuration from a group
apply-group-remove Remove a group from apply-group configuration
clear Clear the uncommitted configuration
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exclude-group Exclude apply-group configuration from a group
exclude-item Negate a command or set its defaults
exit Exit from this submode
global-block Prefix-SID Global label Block (SRGB)
mapping-server Segment Routing Mapping Server (SRMS)
no Negate a command or set its defaults
pwd Commands used to reach current submode
root Exit to the global configuration mode
show Show contents of configuration
Step 1: we are going to remove mpls ldp auto-config and mpls LDP from al the IOS-XR routers XR1, XR2,
XR3, XR4, XR5, XR6.
We are only showing the steps for XR1 below. The same steps need to be repeated on the other
routers also
no mpls ldp
router ospf 100
area 0
no mpls ldp auto-config
Step 2: After removal of MPLS configurationfrm all the routers, verify, if MPLS is still enabled on the
interfaces although there is no LDP enabled on the interfaces.
Run “show mpls interface” to verify if the interfaces are still enabled for MPLS
RP/0/0/CPU0:XR1#show mpls interfaces
Perform another traceroute to 10.10.6.6 and check if the labels are still being used
RP/0/0/CPU0:XR1#traceroute 10.10.6.6
Check MPLS forwarding table to observe SR labels and SR prefix IDs with the below
command
RP/0/0/CPU0:XR1#show mpls forwarding
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16002 Pop SR Pfx (idx 2) Gi0/0/0/0 172.16.1.2 72832
16003 Pop SR Pfx (idx 3) Gi0/0/0/1 172.16.3.3 71710
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 172.16.3.3 0
16005 16005 SR Pfx (idx 5) Gi0/0/0/0 172.16.1.2 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/0 172.16.1.2 0
16006 SR Pfx (idx 6) Gi0/0/0/1 172.16.3.3 106312
24001 Pop SR Adj (idx 0) Gi0/0/0/0 172.16.1.2 0
24002 Pop SR Adj (idx 0) Gi0/0/0/0 172.16.1.2 0
24003 Pop SR Adj (idx 0) Gi0/0/0/1 172.16.3.3 0
24004 Pop SR Adj (idx 0) Gi0/0/0/1 172.16.3.3 0
In this section, we are going to configure traffic steering via segment routing. We are going to make traffic
go over XR1 – XR3 – XR4 – ASAv – XR6. We are not going to enable MPLS, rather, we will make use of
the segment routing for traffic steering.
XRv-2 XRv-5
Gi 0/0/0/1 Gi 0/0/0/0
10.10.2.2 10.10.5.5
10.10.6.6
10.10.1.1
XRv-1 XRv-6
172.16.8.6
Gi 0/0/0/2
Gi 0/1
10.10.3.3 10.10.4.4
Traffic over the tunnel can be steered either dynamically or explicitly. Since, we are showing, how we can
use Segment Routing Traffic Engineering to steer the traffic, we will be using the explicit path
Note: On this Lab you are going to use the old way to configure a SR-TE path, by using a Tunnel-TE
interface. On recent releases (6.3) SR-TE path will be referered as SR-Policy paths (aligned with draft-
filsfils-spring-segment-routing-policy) and will be configured by using a new SR CLI (“traffic-engineer”
under “segment-routing” configuration group)
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-3/segment-
routing/configuration/guide/b-segment-routing-cg-asr9000-63x/b-segment-routing-cg-asr9000-
63x_chapter_01110.html
Step 1: we are going to enable MPLS traffic engineering on all the routers XR1, XR2, XR3, XR4, XR5,
XR6
This is a important step. If traffic engineering process is not enabled on any of the
routers, TE-Tunnel wouldn’t come up
mpls traffic-eng
router ospf 100
mpls traffic-eng router-id loopback 0
area 0
mpls traffic-eng
Step 2: Check that mpls traffic engineering is enabled on every router and segment routing is in use. Use
“show mpls traffic-eng segment routing summary” to validate the status of the output.
o We should see all the loopback listed as well as the SR index values we configured in
section 2
Prefix Information:
10.10.1.1/32, SID index: 1, flags: N
10.10.2.2/32, SID index: 2, flags: N
10.10.3.3/32, SID index: 3, flags: N
10.10.4.4/32, SID index: 4, flags: N
10.10.5.5/32, SID index: 5, flags: N
10.10.6.6/32, SID index: 6, flags: N
Grand Total::
Node Count : 6
Adjacency-SID Count: 28
Prefix-SID Count : 6
IGP Areas Count : 1
Segment-Routing:
TE Node-SID Index: 1
SRGB Info: Start 16000, Size 8000
Step 3: In this step, explicit path will be defined to steer traffic through the desired path ( XR1 – XR3 –
XR4 – ASAv – XR6).
Use the below steps to define explicit path for the traffic engineering tunnel at XR1. Verify
we are using the right IPs
explicit-path name SRTE
index 10 next-address strict ipv4 unicast 10.10.3.3
index 20 next-address strict ipv4 unicast 10.10.4.4
index 30 next-address strict ipv4 unicast 172.16.8.6
Step 4: After explicit path is defined, next step is to create the tunnel at XR-1 and attach the explicit path to
this tunnel destined to XR-6
int tunnel-te 16
ipv4 unnumbered loopback 0
destination 10.10.6.6
path-option 1 explicit name SRTE segment-routing
autoroute announce
Check the TE tunnel status to make sure path is valid. It should have a field “Binding SID”.
What type of Adj SID was selected for the path between XR-4 and XR-6 ? protected or unprotected ?
Step 6: Force the SR-TE Path to use a protected Adj-SI between XR-4 and XR-6, and check again
RP/0/RSP1/CPU0:XR-1(config)#int tunnel-te 16
RP/0/RSP1/CPU0:XR-1(config-if)#path-selection segment-routing adjacency ?
protected Use only protected adjacencies
unprotected Use only unprotected adjacencies
Step 7 Binding SID: Router allocates a locally significant binding SID label (static/dynamic) for each
RSVP/SR TE tunnel interface, which can be used to enforce traffic engineering (TE) policy using RSVP-TE
or SR-TE label switching path (LSP) tunnel. If the topmost label of an incoming packet is the binding SID,
the packet is steered to the appropriate LSP tunnel. As such, a SID can be used by an upstream router to
steer traffic originating from a downstream router into the appropriate TE path.
This field should match with the outgoing mpls-te tunnel interface 16. Run the below commands
to validate this behavior
Step 8: Verify the routing table on XR1 is using TE16 as next hop for 10.10.6.6
Step 9: Now, if we do the trace again, we expect traffic to pass via XR1 – XR3 – XR4 – ASAv – XR6.
RP/0/0/CPU0:XR1#traceroute 10.10.6.6
1 * * *
2 * * *
3 172.16.8.6 0 msec * 0 msec
SR TI-LFA Protection
This lab explores the Segment Routing (SR) Topology Independent Loop-Free Alternative (TI-
LFA) functionality. The lab illustrates that TI-LFA can protect traffic flows against link failure This
scenario demonstrates how to configure TI-LFA link protection and verify the TI-LFA backup path.
During the lab, the protection of a traffic flow is examined hop by hop. Using this method, multiple
types of TI-LFA repair paths are encountered.
TI-LFA computes backup paths for all destinations. TI-LFA not only protects SR carried traffic, but
also plain IP traffic can be protected, only imposing a SR label stack when a failure occurs. TI-LFA
protects LDP-carried traffic as well, but that is outside of the scope of this lab.
Step 1: Enable TI-LFA on all nodes in this environment. It can be done per OSPF Area or per
interface,
This configuration enables TI-LFA for both address families. TI-LFA computes backup paths for all
destinations (per-prefix). TI-LFA calculates the loop-free post-convergence path to each
destination and install on forwarding table to use in case of link failure.
Step 2: Verify backup path in RIB. OSPF installs the backup path in RIB to reach each
destination marked as. RIB contains the primary path (Protected) and backup path
(Backup) marked as (!)
RP/0/0/CPU0:XR1#show route
Notice that the output of the show route 10.10.2.2 command displays the backup path for
10.10.2.2/32 as FRR backup. Traffic is steered towards XRv-3 (Gi0/0/0/1).
XRv-1, for a failure of the link to XRv2, goes via Xrv-3. XRv-3 provides a Loop-Free Alternate
(LFA) path to destination XRv-2.
XRv-2 XRv-5
Gi 0/0/0/1 Gi 0/0/0/0
10.10.6.6
10.10.1.1
XRv-1 XRv-6
172.16.8.6
Gi 0/0/0/2
Gi 0/1
10.10.3.3 10.10.4.4
TI-LFA computes the post-convergence path on XRv-1 for destination Xrv-2 by computing the IGP
shortest path to Xrv-2 on the topology with the link XRv-1 to XRv-2 removed. TI-LFA then
computes the segment-list required to steer the packets on that backup path and finds that one
intermediate nodes is needed: xrvr-6 (the PQ-node). So ther TI-LFA computation on XRFv-1 for
destination Xrv-2 (post-convergence path) results in two additional labels to be imposed on
protected packets. steered on the backup path:
10.10.2.2/32, version 87, internal 0x1000001 0x81 (ptr 0xa1421ef4) [1], 0x0
(0xa13ed4f4), 0xa28 (0xa17b80d4)
Updated May 27 02:03:28.792
local adjacency 172.16.1.2
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xa12b6fcc) reference count 3, flags 0x1400068, source rib (7), 0
backups
[3 type 4 flags 0x8401 (0xa159d500) ext 0x0 (0x0)]
LW-LDI[type=1, refc=1, ptr=0xa13ed4f4, sh-ldi=0xa159d500]
gateway array update type-time 1 May 27 02:03:28.792
LDI Update time May 27 02:03:28.792
LW-LDI-TS May 27 02:03:28.792
via 172.16.1.2/32, GigabitEthernet0/0/0/0, 10 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa0c9c6b0 0xa0c9c5c8]
next hop 172.16.1.2/32
local label 16002 labels imposed {ImplNull}
via 172.16.3.3/32, GigabitEthernet0/0/0/1, 10 dependencies, weight 0, class 0, backup
(remote) [flags 0x8300]
path-idx 1 NHID 0x0 [0xa10e449c 0x0]
next hop 172.16.3.3/32, PQ-node 10.10.6.6
local adjacency
local label 16002 labels imposed {16006 16002}
Notice that not only incoming unlabeled IP traffic is protected (as shown in the CEF entry)
but also incoming labeled traffic. The output of show mpls forwarding displays the
primary path and backup path for packets with the prefix-SID label of xrvr-2, 16002
Step 3 Protected Adj-SID: By enabling TI-LFA on a link, the adjacency-SIDs of that link are also
protected.
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:39
Neighbor is up for 11:21:19
Number of DBD retrans during last exchange 0
Index 1/1, retransmission queue length 0, number of retransmission 10
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 1, maximum is 3
Last retransmission scan time is 0 msec, maximum is 0 msec
LS Ack list: NSR-sync pending 0, high water mark 0
Adjacency SID Label: 24010, Protected
Unprotected Adjacency SID Label: 24011
The adjacency-SID for the adjacency of Xrv-1 to XRv-2 (24010) is protected via the link to
XRv-3. Verify the backup path in the MPLS forwarding table.The backup path goes via PQ-
node XRv-6. Verify adjacency protection in the MPLS forwarding table.
Packets Switched: 0
The IPv4 protected adjacency-SID for the adjacency to XRv-2 is 24010 in the output.
Notice that the MPLS forwarding entry of the adjacency-SID shows the primary path and
the backup path. The backup path for an adjacency-SID steers the traffic to the remote end
of the link. In this case, XRv-1 imposes the prefix-SID of XRv-6 y XRv-2 on protected
packets.
References
Learn more about Segment Routing by doing extra vLabs at dCloud !
Cisco Segment Routing (SR) is a network technology that provides enhanced packet-
forwarding behavior while minimizing the need for maintaining awareness of mass volumes
of network state. This technology is currently running on the VIRL 293 Sandbox. This
demonstration, Cisco Segment Routing v3, showcases some of the functionality of Cisco
SR.
Demonstrate the use of Segment Routing in IOS XR (lab) - Show the configuration and
verification of Segment Routing using IS-IS as the control plane and MPLS as the data
plane.
Demonstrate the use of segment routing in a VPNv4/VPNv6 over IPv4/MPLS network
with IS-IS - Show how MPLS services can be carried over a Segment Routing Network
with IS-IS. Show the simplicity of Segment Routing technology.
Demonstrate how segment routing can coexist and interwork with LDP - Show how
Segment Routing can be introduced in legacy networks using LDP. Show how legacy LDP
devices can be integrated in a Segment Routing network.
Demonstrate the use of ISIS unicast multi-topology applied to segment routing as a
Traffic Engineering tool - Show how Segment Routing combined with ISIS multi-topology
for unicast can help to solve specific use-cases: CoS-based routing and Path disjointness.
For Cos-based routing, separate paths can be established for different traffic classes using
Segment Routing. Path disjointness enables routing devices to steer traffic along disjoint
paths using Segment Routing. Notice: The ISIS multi-topology unicast with Segment
Routing feature is a prototype and is not committed to any release.
Demonstrate the use of segment routing in a VPNv4/VPNv6 over IPv4/MPLS network
with OSPF - Show how MPLS services can be carried over a Segment Routing Network
with OSPF. Show the simplicity of Segment Routing technology.
Demonstrate the functionality of Topology Independent LFA using segment routing -
Show how Segment Routing provides a simple automated method to provide fast-reroute
protection for link failures in any topology. The SR/LDP interworking functionality allows
users to introduce TI-LFA in a network that contains legacy LDP devices
This lab provides information about Segment Routing Traffic Engineering (SRTE) and
demonstrates how SRTE leverages Segment Routing (SR) functionality to provide end-to-end,
inter-domain traffic steering.
In this lab, you will learn how to specify inter-domain explicit paths using both old configuration
commands and new SRTE-specific configuration commands. Explore the IOS XR-based Path
Computation Element (PCE) XR Transport Controller (XTC). Learn how XTC receives topology
and SID information through IGP or BGP link-state (BGP-LS) and handles path computations
through PCEP. Fundamentally, the XTC deployment model is distributed similarly to BGP route
reflector (RR) deployments. You can also use XTC to compute dynamic paths for locally
configured SR policies.
This lab also shows how to automatically instantiate SR policies for services by attaching a BGP
community to the service prefixes by using on-demand next-hop (ODN). The service in this lab is
a VPNv4 service. These SR policies can be instantiated to provide scalable inter-domain, best-
effort reachability or provide a policy-aware, end-to-end inter-domain path for the service traffic.
XTC also computes inter-domain disjoint paths, even from distinct head-ends, by simply indicating
which paths must be disjoint.
This lab provides information about Segment Routing Traffic Engineering (SRTE) and
demonstrates how SRTE leverages Segment Routing (SR) functionality to provide end-to-end,
inter-domain traffic steering.
In this lab, you will learn how to specify inter-domain explicit paths using both old configuration
commands and new SRTE-specific configuration commands. Explore the IOS XR-based Path
Computation Element (PCE) XR Transport Controller (XTC). Learn how XTC receives topology
and SID information through IGP or BGP link-state (BGP-LS) and handles path computations
through PCEP. Fundamentally, the XTC deployment model is distributed similarly to BGP route
reflector (RR) deployments. You can also use XTC to compute dynamic paths for locally
configured SR policies.
This lab also shows how to automatically instantiate SR policies for services by attaching a BGP
community to the service prefixes by using on-demand next-hop (ODN). The service in this lab is
a VPNv4 service. These SR policies can be instantiated to provide scalable inter-domain, best-
effort reachability or provide a policy-aware, end-to-end inter-domain path for the service traffic.
XTC also computes inter-domain disjoint paths, even from distinct head-ends, by simply indicating
which paths must be disjoint.
Cisco Segment Routing VPNv4 and VPNv6 over IPv4 ISIS SR MPLS
Lab v1
https://dcloud2-sjc.cisco.com/content/demo/13814
This lab demonstrates how to use Segment Routing (SR) in a VPNv4/VPNv6 over IPv4/MPLS
network. The VPN prefixes automatically leverage the SR information of their BGP next hop. SR
applied to the MPLS data plane enables the ability to tunnel services, such as VPN, VPLS, and
VPWS, from an ingress Provider Edge (PE) to an egress PE, without any protocol other than ISIS
or OSPF. LDP and RSVP-TE signaling protocols are not required. By allocating one prefix
segment per PE, the SR IGP control plane automatically builds the required MPLS forwarding
constructs from any PE to any PE.
This lab demonstrates how to use Segment Routing (SR) in a VPNv4/VPNv6 over IPv4/MPLS
network. The VPN prefixes automatically leverage the SR information of their BGP next hop. SR
applied to the MPLS data plane enables the ability to tunnel services, such as VPN, VPLS, and
VPWS, from an ingress Provider Edge (PE) to an egress PE, without any protocol other than ISIS
or OSPF. LDP and RSVP-TE signaling protocols are not required. By allocating one prefix
segment per PE, the SR IGP control plane automatically builds the required MPLS forwarding
constructs from any PE to any PE.
This lab explores the Segment Routing (SR) Topology Independent Loop-Free Alternative (TI-
LFA) functionality. During the demonstration, the protection of a traffic flow is examined hop by
hop. Using this method, multiple types of TI-LFA repair paths are encountered.
TI-LFA not only protects SR-carried traffic, but it also protects plain IP traffic, only imposing an SR
label stack when a failure occurs. TI-LFA protects LDP-carried traffic as well, but that is outside of
the scope of this demonstration.
The demonstration illustrates that TI-LFA can protect traffic flows against link failures, but also
against node failures and local Shared Risk Link Groups (SRLG) failures.
This lab explores the use of BGP prefix-SIDs in an inter-AS setup. L3VPN inter-AS option C is
used in the setup. BGP prefix-SIDs provide inter-AS connectivity between the Provider Edges
(PEs) as well as between the route reflectors (RR s) in the different autonomous systems (AS).
The classical L3VPN inter-AS option C functionality is then applied to the network. BGP prefix-SID
functionality automatically interworks between a Segment Routing (SR) enabled and a non-SR
enabled AS.
This lab requires familiarity with the Cisco® networking architecture and routing fundamentals.
This lab explores how to use Segment Routing (SR) in an LDP coexistence-internetworking
environment and how to migrate an LDP-based network to an SR-based network.
The Cisco WAN Automation Engine (WAE) is a powerful, flexible, software-defined networking
(SDN) platform. It abstracts and simplifies your WAN environment while making it fully open and
programmable. WAE network-modeling technology enables real-time analysis of traffic needs and
traffic placement in complex WAN topologies.
This is a sandbox intended for self-study, and it provides a variety of scenarios that interact with
numerous components of WAE. You will interact with the WAE platform across a set of APIs and
technologies, including Cisco Network Services Orchestrator (NSO), Segment Routing, MPLS,
PCEP, and BGP-LS.