Friday, May 8, 2020

Segment Routing Explicit Path

Segment routing for traffic engineering (SR-TE) uses a SR policy to steer traffic through the network. An SR-TE policy path is expressed as a list of segments that specifies the path, called a segment ID (SID) list. Each segment is an end-to-end path from the source to the destination and instructs the routers in the network to follow the specified path instead of following the shortest path calculated by the IGP. If a packet is steered into an SR-TE policy, the SID list is pushed on the packet by the head-end. The rest of the network executes the instructions embedded in the SID list. An SR-TE policy is identified as an ordered list (head-end, color, end-point):

1. Head-end - L3: Where the SR-TE policy is instantiated
2. Color - 128 and 129: A numerical value that distinguishes between two or more policies to the same node pairs (Headend – End point)
3. End-point - PE7: The destination of the SR-TE policy.

By the end of the post, we will understand how two different services originating from same PE router can have different path. The paths are created on the basis of the offered SLA.

The basic configuration is used as the same as in the earlier post of Segment Routing On Demand Next Hop for L3VPN (ODN). Below topology is used for reference purpose.



On PE7 we have created two vrf, vrf test and vrf test_without_odn. 100.0.0.7/32 is part of vrf test and 111.0.0.7 is part of vrf test_without_odn. Both are VPNv4 routes. Color 128 is set for 100.0.0.7 and color 129 is set for 111.0.0.7. In this post, we will be creating two explicit SR path policies and instantiate it to same end point which is PE7 but both VPNv4 service prefixes will be having different treatment. This all will be programmed on headend node which is L3.



Below is the output of node L3 beefore explicit path being implemented. The below traceroute is based on the path selected by IGP.
       
RP/0/0/CPU0:L3#traceroute sr-mpls 7.7.7.7/32. From L3, prefix-sid is used to reach PE7.
  0 2.3.0.3 MRU 1500 [Labels: 16007 Exp: 0]
L 1 2.3.0.2 MRU 1500 [Labels: 16007 Exp: 0] 10 ms
L 2 2.5.0.5 MRU 1500 [Labels: 16007 Exp: 0] 0 ms
L 3 5.6.0.6 MRU 1500 [Labels: implicit-null Exp: 0] 10 ms
! 4 6.7.0.7 10 ms
RP/0/0/CPU0:L3#


Under Segment Routing Traffic Engineering, we have created a explicit segment list 142567 which is having the loopback address or node address of each node. By default IGP selects L3-S1-P5-P6-PE7 path but the below explicit segment-list defines L3-S1-L4-S2-P5-P6-PE7 path. This path can be defined by using prefix-sid also. For same destination, one more explicit path is created PATH_TEST_COLOR_129 which is having only SIDs and path is different. So based on offered services, paths can be defined.
       
segment-routing
 traffic-eng
  segment-list 142567
   index 10 address ipv4 1.1.1.1       -> Using Loopback IP address of Nodes
   index 20 address ipv4 4.4.4.4
   index 30 address ipv4 2.2.2.2
   index 40 address ipv4 5.5.5.5
   index 50 address ipv4 6.6.6.6
   index 60 address ipv4 7.7.7.7
  !
  segment-list PATH_TEST_COLOR_129     
   index 10 mpls label 16004  -> Using prefix-sid value of Nodes
   index 20 mpls label 16007
  !
  policy 3-to-7
   color 128 end-point ipv4 7.7.7.7    -> Whenever L3 receives route with end-point 7.7.7.7 with color 128, it used segmen-list 142567
   candidate-paths
    preference 100
     explicit segment-list 142567
    !
    !
   !
  !
  policy L3toL7_Color129
   color 129 end-point ipv4 7.7.7.7
   candidate-paths
    preference 100
     explicit segment-list PATH_TEST_COLOR_129  -> Whenever L3 receives route with end-point 7.7.7.7 with color 129, it used segment-list 142567
     !
RP/0/0/CPU0:L3#


Check the output on L3 and confirms that 100.0.0.7 and 111.0.0.7 are receiving with C:128 adn C:129.
       
RP/0/0/CPU0:L3#show bgp vpnv4 unicast
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf test)
*> 100.0.0.3/32       0.0.0.0                  0         32768 ?
*>i100.0.0.4/32       4.4.4.4                  0    100      0 ?
*>i100.0.0.7/32       7.7.7.7 C:128            0    100      0 ?
Route Distinguisher: 111:111 (default for vrf test_without_odn)
*> 111.0.0.3/32       0.0.0.0                  0         32768 ?
*>i111.0.0.4/32       4.4.4.4                  0    100      0 ?
*>i111.0.0.7/32       7.7.7.7 C:129            0    100      0 ?
RP/0/0/CPU0:L3#


Check the VPNv4 labels for 100.0.0.7(24009) and 111.0.0.7 (24023) on PE7. We will be reciving the same labels on L3 as Rcvd labels.
       
RP/0/0/CPU0:PE7#show bgp vpnv4 unicast labels
   Network            Next Hop        Rcvd Label      Local Label
Route Distinguisher: 100:100 (default for vrf test)
*>i100.0.0.3/32       3.3.3.3         24000           nolabel
*>i100.0.0.4/32       4.4.4.4         24000           nolabel
*> 100.0.0.7/32       0.0.0.0         nolabel         24009
Route Distinguisher: 111:111 (default for vrf test_without_odn)
*>i111.0.0.4/32       4.4.4.4         24009           nolabel
*> 111.0.0.7/32       0.0.0.0         nolabel         24023


Below output shows the SR-TE policies are attached to both colors destined to same end point:7.7.7.7
       
RP/0/0/CPU0:L3#show segment-routing traffic-eng policy
SR-TE policy database
---------------------
Name: 3-to-7 (Color: 128, End-point: 7.7.7.7)      -> Color 128
  Status:
    Admin: up  Operational: up for 00:59:27 
  Candidate-paths:
    Preference 100:
      Path Metrics:
        Margin Absolute: 0
        Margin Relative: 0%
        Maximum SID Depth: 10
      Explicit: segment-list 142567 (active)
        Weight: 1, Metric Type: TE
          16001 [Prefix-SID, 1.1.1.1]
          16004 [Prefix-SID, 4.4.4.4]
          16002 [Prefix-SID, 2.2.2.2]
          16005 [Prefix-SID, 5.5.5.5]
          16006 [Prefix-SID, 6.6.6.6]
          16007 [Prefix-SID, 7.7.7.7]
  Attributes:
    Binding SID: 24006                         -> Local Binding SID is used
      Allocation mode: dynamic
      State: Programmed
      Policy selected: yes
    Forward Class: 0
    Steering BGP disabled: no
    IPv6 caps enable: no

Name: L3toL7_Color129 (Color: 129, End-point: 7.7.7.7)        -> Color 129
  Status:
    Admin: up  Operational: up for 00:02:55        
  Candidate-paths:
    Preference 100:
      Path Metrics:
        Margin Absolute: 0
        Margin Relative: 0%
        Maximum SID Depth: 10
      Explicit: segment-list PATH_TEST_COLOR_129 (active)
        Weight: 1, Metric Type: TE
          16004 [Prefix-SID, 4.4.4.4]
          16007
  Attributes:
    Binding SID: 24009                          -> Local Binding SID is used
      Allocation mode: dynamic
      State: Programmed
      Policy selected: yes
    Forward Class: 0
    Steering BGP disabled: no
    IPv6 caps enable: no
RP/0/0/CPU0:L3#
Below is the output of MPLS forwarding table.
       
RP/0/0/CPU0:L3#show mpls forwarding
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  Aggregate   test: Per-VRF Aggr[V]   \
                                      test                         8880
24006  Pop         No ID              3-to-7       point2point     0    ->In the FIB, SR-TE is attached to vrf and showing local Binding SID value of 24006
24007  Aggregate   test_without_odn: Per-VRF Aggr[V]   \
                                      test_without_odn             2852
24009  Pop         No ID              L3toL7_Color point2point     0    ->In the FIB, SR-TE is attached to vrf and showing local binding SID value of 24006
RP/0/0/CPU0:L3#


Let's do the tracerout of vrf test 100.0.0.7 and see what type of path it is taking.
       
RP/0/0/CPU0:L3#traceroute vrf test 100.0.0.7
 1  1.3.0.1 [MPLS: Labels 16004/16002/16005/16006/16007/24009 Exp 0] 19 msec  29 msec  9 msec
 2  1.4.0.4 [MPLS: Labels 16002/16005/16006/16007/24009 Exp 0] 19 msec  9 msec  19 msec
 3  2.4.0.2 [MPLS: Labels 16005/16006/16007/24009 Exp 0] 9 msec  9 msec  9 msec
 4  2.5.0.5 [MPLS: Labels 16006/16007/24009 Exp 0] 9 msec  9 msec  9 msec
 5  5.6.0.6 [MPLS: Labels 16007/24009 Exp 0] 9 msec  9 msec  9 msec
 6  6.7.0.7 9 msec  *  9 msec
RP/0/0/CPU0:L3#


Let's do the tracerout of vrf test_without_odn 111.0.0.7 and see what type of path it is taking.
       
RP/0/0/CPU0:L3#traceroute vrf test_without_odn 111.0.0.7
 1  2.3.0.2 [MPLS: Labels 16004/16007/24023 Exp 0] 19 msec  19 msec  9 msec
 2  2.4.0.4 [MPLS: Labels 16007/24023 Exp 0] 19 msec  9 msec  9 msec
 3  2.4.0.2 [MPLS: Labels 16007/24023 Exp 0] 19 msec  19 msec  9 msec
 4  2.5.0.5 [MPLS: Labels 16007/24023 Exp 0] 9 msec  9 msec  9 msec
 5  5.6.0.6 [MPLS: Labels 16007/24023 Exp 0] 9 msec  9 msec  9 msec
 6  6.7.0.7 9 msec  *  39 msec
RP/0/0/CPU0:L3#


Above both traceroutes shows that for single PE, we have two different paths and both the paths are mapped to different services. So with the help of SR-TE we can create service aware paths which can be mapped to the network as per the offered SLA.

People who read this post also read :



No comments: