Let’s see Segment routing in action in this blog particularly on IOS-XR. Segment routing is quite new concept which is picking pace these days. In my earlier blog I listed the differences between Segment routing and RSVP-TE and SR can replace it and there are certain areas where it may not be able to help however L3VPN and L2VPN Traffic Engineering is surely one area where it can be used and in this blog we will use SR as TE while configuring the L2VPN.
For this we will take NCS5508 as our router platform in below topology where we will configure the L2VPN SR-TE between NCS5508-1 to NCS5508-3 via NCS5508-8.
Let’s see the SR config first.
SR beauty is that there is no special protocol needed to run it. SR Labels will be advertised in OSPF/ISIS and these protocols have been uplifted to carry them. SR Labels are carried in Type 10 Opaque area LSA as TLV.
If you are familiar with OSPF config in IOS-XR, most of the config below looks similar to you as we have just enabled OSPF under area0 and added interfaces under it.
However there are 3 configs highlighted in RED which we have enabled for Segment routing.
RP/0/RP0/CPU0:ncs5508-1#show running-config router ospf router ospf 1 nsr distribute link-state segment-routing mpls nsf ietf segment-routing sr-prefer area 0 mpls traffic-eng interface Loopback0 passive enable prefix-sid index 1 explicit-null ! interface HundredGigE0/1/0/0 cost 1 network point-to-point ! interface FortyGigE0/2/0/8 cost 4 network point-to-point ! interface FortyGigE0/2/0/10 cost 4 network point-to-point ! interface FortyGigE0/2/0/18 cost 4 network point-to-point ! ! mpls traffic-eng router-id Loopback0 !
segment-routing mpls , this command causes OSPF to originate RI LSA, Extended Prefix and Extended Link LSAs. It enables MPLS on all interfaces in area(s) enabled for SR and programs SR MPLS labels for forwarding.
segment-routing sr-prefer is used to set the preference of segment routing (SR) labels over label distribution protocol (LDP) labels in case both are available towards destination in your network.
prefix-sid index 1 explicit-null — A prefix SID is associated with an IP prefix. The prefix SID is manually configured from the segment routing global block (SRGB) range of labels. The prefix segment steers the traffic along the shortest path to its destination. A node SID is a special type of prefix SID that identifies a specific node. It is configured under the loopback interface with the loopback address of the node as the prefix. The prefix SID is globally unique within the segment routing domain.
Let’s verify it
RP/0/RP0/CPU0:ncs5508-1#show ospf sid-database SID Database for ospf 1 with ID 192.168.0.1 SID Prefix/Mask -------- ------------------ 1 192.168.0.1/32 (L) 2 192.168.0.2/32 3 192.168.0.3/32 4 192.168.0.4/32 5 192.168.0.5/32 6 192.168.0.6/32 7 192.168.0.7/32 8 192.168.0.8/32
In the same way we have configured the Node-SID as same index as last octet on lo0 interface.
RP/0/RP0/CPU0:ncs5508-1#show ospf database opaque-area 192.168.0.1/32 OSPF Router with ID (192.168.0.1) (Process ID 1) Type-10 Opaque Link Area Link States (Area 0)
LS age: 782 Options: (No TOS-capability, DC) LS Type: Opaque Area Link Link State ID: 126.96.36.199 Opaque Type: 7 Opaque ID: 1 Advertising Router: 192.168.0.1 LS Seq Number: 800006fa Checksum: 0xed8b Length: 44 Extended Prefix TLV: Length: 20 Route-type: 1 AF : 0 Flags : 0x40 Prefix : 192.168.0.1/32 SID sub-TLV: Length: 8 Flags : 0x50 MTID : 0 Algo : 0 SID Index : 1
RP/0/RP0/CPU0:ncs5508-1#show mpls forwarding
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
—— ———– —————— ———— ————— ————
16002 Exp-Null-v4 SR Pfx (idx 2) Hu0/1/0/0 188.8.131.52 0 16003 16003 SR Pfx (idx 3) Hu0/1/0/0 184.108.40.206 0 16004 Exp-Null-v4 SR Pfx (idx 4) Fo0/2/0/8 220.127.116.11 0 16005 16005 SR Pfx (idx 5) Fo0/2/0/8 18.104.22.168 6421133 16006 16006 SR Pfx (idx 6) Hu0/1/0/0 22.214.171.124 0 16006 SR Pfx (idx 6) Fo0/2/0/8 126.96.36.199 0 16007 16007 SR Pfx (idx 7) Hu0/1/0/0 188.8.131.52 0 16008 Exp-Null-v4 SR Pfx (idx 8) Fo0/2/0/18 184.108.40.206 0
Now let’s create a Segment routed TE EVPN based P2P L2 Circuit. 🙂
Ideally we know that Controller is needed to play with Segment routed labels and Controller can insert the appropriate labels required for TE however if you don’t have Controller, you can configure the path by explicitly giving the path through which traffic will be going.
So we will start with l2vpn xconnect taking edge interface on NCS5508-1 and assigning a EVPN EVI 1100 with source and target ac-id (attachment circuit id) and associate it with pw-class which we will define in next step.
RP/0/RP0/CPU0:ncs5508-1#show running-config l2vpn xconnect group evpn-vpws p2p vpws1 l2vpn xconnect group evpn-vpws p2p vpws1 interface HundredGigE0/2/0/2.1100 neighbor evpn evi 1100 target 11003 source 11001 pw-class vpws1-class ! ! ! !
Pw-class is associated with sr-te policy to steer traffic through the network. An SR-TE policy path is expressed as a list of segments that specifies the path, called a segment ID (SID) list. Each segment is an end-to-end path from the source to the destination, and instructs the routers in the network to follow the specified path instead of the shortest path calculated by the IGP
RP/0/RP0/CPU0:ncs5508-1#show running-config l2vpn pw-class vpws1-class l2vpn pw-class vpws1-class encapsulation mpls preferred-path sr-te policy vpws1-policy ! ! !
RP/0/RP0/CPU0:ncs5508-1#show running-config segment-routing traffic-eng policy vpws1-policy segment-routing traffic-eng policy vpws1-policy color 10 end-point ipv4 192.168.0.3 candidate-paths preference 200 dynamic metric type te ! ! ! preference 300 explicit segment-list vpws1-path ! ! ! ! ! !
So in our policy, we have defined one preferred path which is dynamic and if that fails it should failover to explicitly configured segment list defined via path vpws1-path.
RP/0/RP0/CPU0:ncs5508-1#show running-config segment-routing traffic-eng segment-list vpws1-path segment-routing traffic-eng segment-list vpws1-path index 10 address ipv4 220.127.116.11 index 20 address ipv4 18.104.22.168 ! ! !
So if we see currently the route towards NCS5508-3, it’s going via IGP Route and not taking our defined list which is expected.
RP/0/RP0/CPU0:ncs5508-1#show route 192.168.0.3 Wed Jun 27 14:49:59.487 UTC
Routing entry for 192.168.0.3/32 Known via "ospf 1", distance 110, metric 3, labeled SR, type intra area Installed Jun 27 14:47:18.930 for 00:02:40 Routing Descriptor Blocks 22.214.171.124, from 192.168.0.3, via HundredGigE0/1/0/0 Route metric is 3 No advertising protos.
So let’s see our L2VPN status.
RP/0/RP0/CPU0:ncs5508-1#show l2vpn xconnect group evpn-vpws detail
Group evpn-vpws, XC vpws1, state is up; Interworking none AC: HundredGigE0/2/0/2.1100, state is up Type VLAN; Num Ranges: 1 Rewrite Tags:  VLAN ranges: [1100, 1100] MTU 9016; XC ID 0x1000001; interworking none Statistics: packets: received 157064234, sent 157063216 bytes: received 234968088320, sent 234966565392 drops: illegal VLAN 0, illegal length 0 EVPN: neighbor 192.168.0.3, PW ID: evi 1100, ac-id 11003, state is up ( established ) XC ID 0xc0000001 Encapsulation MPLS Source address 192.168.0.1 Encap type Ethernet, control word disabled Sequencing not set Preferred path Active : SR TE vpws1-policy, Statically configured, fallback enabled Tunnel : Up EVPN Local Remote ------------ ------------------------------ ----------------------------- Label 64007 64006 MTU 9016 9016 Control word disabled disabled AC ID 11001 11003 EVPN type Ethernet Ethernet
So if we go n shut the primary dynamic path we can see the forwarding table moves over to our segment-list defined for label 16003 which is for NCS5508-3.
RP/0/RP0/CPU0:ncs5508-1#config t Wed Jun 27 14:58:04.096 UTC RP/0/RP0/CPU0:ncs5508-1(config)#int HundredGigE0/1/0/0 RP/0/RP0/CPU0:ncs5508-1(config-if)#shutdown RP/0/RP0/CPU0:ncs5508-1(config-if)#commit
RP/0/RP0/CPU0:ncs5508-1#show mpls forwarding Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16002 16002 SR Pfx (idx 2) Fo0/2/0/18 126.96.36.199 0 16003 16003 SR Pfx (idx 3) Fo0/2/0/18 188.8.131.52 0
So thats all, i hope you like the blog and let me know your feedback.