In this lab we explore Segment Routing (SR) using Multiprotocol Label Switching as an encoding mechanism.
Segment Routing, also known as “Source Packet Routing in Networking” (SPRING), is a method of routing in which ingress routers prepend instructions to traffic that cause actions to be performed by transit nodes as it travels across a network. This is sometimes as simple as a list of routers a packet must traverse to reach its destination.
Clarence Filsfils writes in Segment Routing Part I about how the inspiration for SR came from the relationship to driving a car. Events like traffic accidents or construction could be simply avoided by listening to a traffic report and driving an alternate route.
Segment Routing provides the ability to encode instructions like this on a per-packet basis and opens the door to a wide range of flexibility. With such fine-grained control, new decisions are possible based on factors like real-time optimal link utilization, congestion mitigation or any number of future software defined networking applications. Another benefit is simplification of the control plane by eliminating the need for additional protocols like Label Distribution Protocol (LDP) and RSVP-TE. Interior routing protocols such as OSPF and IS-IS, are extended to perform the role of distributing global labels, known as Segment Identifiers (SIDs). It also supports the ability to compute Topology-Independent Loop-Free Alternates (TI-LFA) which provide practically instantaneous failover paths without adversely affecting traffic while waiting for route re-convergence.
Clearly this technology brings with it a broad range of new terminology and possibilities that go way beyond the scope of a simple blog article. See Additional Resources for more information about Segment Routing.
Today we are going to focus on implementing a basic SR-MPLS network on three popular platforms: Cisco IOS-XE, Cisco IOS-XR and Juniper Junos OS
Basic steps
- Enable Segment Routing support
- Define a common Segment Routing Global Block (SRGB)
- Configure a global prefix SID
- Verify forwarding
Note: This post contains the bare minimum configuration required to demonstrate Segment Routing. Other properties such as IGP costs, circuit-types, etc should also be considered.
IOS-XR
Enabling Segment Routing
The following configuration enables segment routing and defines the Segment Routing Global Block (SRGB). Define the same block on every device throughout the SR domain.
segment-routing
global-block 16000 23999
!
A quick note about the SRGB: Although the SRGB defined above lists an explicit range of MPLS labels, it is important to know that the actual transmission of label information is always by reference to an index not label. For example, index 1 based on the SRGB above indicates label 16001. However, if a different range were to be defined on an adjacent router, say 32000 to 23999, index 1 would refer to label 32001. This may cause undesirable effects.
For this reason it is critically important to define a unified SRGB across all devices in the Segment Routing domain to ensure the meaning of each label remains uniform within the global block.
Configuring IS-IS
Wide metrics are required. Segment routing can be enabled with or without the
sr-prefer keyword. This option allows for migrating traditional MPLS networks
to segment routing. By omitting the sr-prefer keyword, the forwarding plane
will use any traditional MPLS labels before considering SR.
router isis SRMPLS
net 49.0000.5001.0001.0001.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls sr-prefer
!
interface Loopback0
address-family ipv4 unicast
prefix-sid absolute 16001 explicit-null
!
!
interface GigabitEthernet0/0/0/0
suppressed
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
suppressed
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
suppressed
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/3
suppressed
point-to-point
address-family ipv4 unicast
!
!
!
Configuring the prefix SID
In the above example, the prefix SID (16001) for Loopback0 is assigned under the IS-IS interface configuration. When defining the SID, you will have the option to define it absolutely or by index. As mentioned previously, SIDs are always communicated by reference to index. However, it is recommended to configure the SID by absolute value whenever possible. While it is cosmetic, absolute values allow for easier verification versus cross-referencing the SRGB with a configured index.
A quick note about prefix suppression (suppressed). While unrelated to SR,
this useful tool prevents these networks from appearing unnecessarily in the IGP.
This reduces table size and limits update flooding allowing for more efficient
scaling. However, it is important to remember that any tool sets used on the router
to test connectivity (ping, traceroute, etc) will obviously need to be sourced
from a network that is advertised in the IGP, such as Loopback0.
Verification
Verify MPLS forwarding is enabled on the expected interfaces:
RP/0/0/CPU0:R1#sh mpls interfaces
Sat Jun 18 05:04:54.306 UTC
Interface LDP Tunnel Static Enabled
-------------------------- -------- -------- -------- --------
GigabitEthernet0/0/0/0 No No No Yes
GigabitEthernet0/0/0/1 No No No Yes
GigabitEthernet0/0/0/2 No No No Yes
GigabitEthernet0/0/0/3 No No No Yes
Verify the MPLS LFIB is populated with the appropriate SIDs:
RP/0/0/CPU0:R1#sh mpls forwarding
Sat Jun 18 05:05:11.655 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16002 Pop SR Pfx (idx 2) Gi0/0/0/0 10.1.12.2 648
16003 Pop SR Pfx (idx 3) Gi0/0/0/1 10.1.13.3 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.1.12.2 0
16004 SR Pfx (idx 4) Gi0/0/0/1 10.1.13.3 0
16005 Pop SR Pfx (idx 5) Gi0/0/0/2 10.1.15.5 648
16006 16006 SR Pfx (idx 6) Gi0/0/0/0 10.1.12.2 120
16007 Pop SR Pfx (idx 7) Gi0/0/0/3 10.1.17.7 1306
16008 16008 SR Pfx (idx 8) Gi0/0/0/0 10.1.12.2 41800
[abbreviated]
Perform a traceroute and watch for the expected traffic labeling:
RP/0/0/CPU0:R1#traceroute 10.0.255.8 source loop0
Sat Jun 18 05:05:56.722 UTC
Type escape sequence to abort.
Tracing the route to 10.0.255.8
1 10.1.12.2 [MPLS: Label 16008 Exp 0] 9 msec 0 msec 0 msec
2 10.0.255.8 0 msec 0 msec 0 msec
IOS-XE
Enabling Segment Routing
segment-routing mpls
global-block 16000 23999
!
connected-prefix-sid-map
address-family ipv4
10.0.255.6/32 absolute 16006 range 1
exit-address-family
!
!
The top-level segment-routing mpls stanza contains configuration for the SRGB
and any pre-defined prefix SIDs. The standard SR-MPLS global block range of
16000 through 23999 is demonstrated here as well as the unique prefix SID for
this router’s loopback address.
Again, configuring absolute instead indexed labels are recommended for the ease of reference.
Configuring IS-IS
router isis SRMPLS
net 49.0006.5001.0014.0000.00
metric-style wide
segment-routing mpls
!
Configuring IS-IS is straightforward. The example above shows a complete basic IS-IS
configuration for area 49.0006. Wide metrics are required. The
segment-routing mpls statement enables SR-MPLS support for IOS-XE. The final
step is to verify that any other SR-MPLS neighbor interfaces are configured for
IS-IS.
interface GigabitEthernet1
ip router isis SRMPLS
!
No direct MPLS configuration is needed.
Verification
Verify the expected interfaces are operational for MPLS. This should automatically include any interfaces configured by an IGP running SR.
R4# sh mpls interfaces
Interface IP Tunnel BGP Static Operational
GigabitEthernet1 No No No No Yes
GigabitEthernet2 No No No No Yes
GigabitEthernet3 No No No No Yes
Verify the MPLS forwarding table contains local adjacency SIDs and any expected prefix SIDs from the IS-IS neighbors:
R4# sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.2.24.2-A 0 Gi1 10.2.24.2
17 Pop Label 10.2.24.2-A 0 Gi1 10.2.24.2
18 Pop Label 10.4.46.6-A 0 Gi3 10.4.46.6
19 Pop Label 10.3.34.3-A 0 Gi2 10.3.34.3
20 Pop Label 10.3.34.3-A 0 Gi2 10.3.34.3
21 Pop Label 10.4.48.8-A 0 Gi4 10.4.48.8
16001 16001 10.0.255.1/32 0 Gi1 10.2.24.2
16001 10.0.255.1/32 0 Gi2 10.3.34.3
16002 Pop Label 10.0.255.2/32 0 Gi1 10.2.24.2
16003 Pop Label 10.0.255.3/32 0 Gi2 10.3.34.3
16005 16005 10.0.255.5/32 0 Gi2 10.3.34.3
16006 Pop Label 10.0.255.6/32 0 Gi3 10.4.46.6
16007 16007 10.0.255.7/32 0 Gi2 10.3.34.3
16008 Pop Label 10.0.255.8/32 0 Gi4 10.4.48.8
Traceroute to confirm end-to-end MPLS forwarding:
R6# traceroute 10.0.255.7 source loop0
Type escape sequence to abort.
Tracing the route to 10.0.255.7
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.26.2 [MPLS: Label 16007 Exp 0] 4 msec
10.4.46.4 [MPLS: Label 16007 Exp 0] 14 msec
10.2.26.2 [MPLS: Label 16007 Exp 0] 14 msec
2 10.3.34.3 [MPLS: Label 16007 Exp 0] 123 msec
10.1.12.1 [MPLS: Label 16007 Exp 0] 18 msec
10.3.34.3 [MPLS: Label 16007 Exp 0] 3 msec
3 10.1.17.7 7 msec
10.3.37.7 4 msec *
The above traceroute shows an example of multiple paths to R7’s loopback (10.0.255.7). Each router uses the prefix SID (MPLS label 16007) to reach R7.
Junos
chassis {
network-services enhanced-ip;
}
The routing engine must be restarted before other SR configuration will function:
[email protected]> restart routing
Enable MPLS and ISO (for IS-IS) on each of the backbone interfaces:
ge-0/0/0 {
description R1;
unit 0 {
family inet {
address 10.1.12.2/24;
}
family iso;
family mpls;
}
}
ge-0/0/1 {
description R4;
unit 0 {
family inet {
address 10.2.24.2/24;
}
family iso;
family mpls;
}
}
ge-0/0/2 {
description R6;
unit 0 {
family inet {
address 10.2.26.2/24;
}
family iso;
family mpls;
}
}
ge-0/0/3 {
description R8;
unit 0 {
family inet {
address 10.2.28.2/24;
}
family iso;
family mpls;
}
}
protocols {
mpls {
interface ge-0/0/0.0;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface ge-0/0/3.0;
}
}
Next configure basic IS-IS and Segment Routing:
protocols {
isis {
source-packet-routing {
srgb start-label 16000 index-range 16999;
node-segment ipv4-index 2;
}
interface ge-0/0/0.0
interface ge-0/0/1.0
interface ge-0/0/2.0
interface ge-0/0/3.0
interface lo0.0;
}
}
Note the index-range versus an absolute label range (i.e. 16000-23999). The
node-segment ipv4-index 2 statement configures this node’s SID as 16002. The
identifier is based off the SRGB defined as the index-range.
Verification
Verify the appropriate interfaces are MPLS enabled:
[email protected]> show mpls interface
Interface State Administrative groups (x: extended)
ge-0/0/0.0 Up <none>
ge-0/0/1.0 Up <none>
ge-0/0/2.0 Up <none>
ge-0/0/3.0 Up <none>
Validate the MPLS label table:
[email protected]> show route table mpls.0
mpls.0: 41 destinations, 41 routes (41 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
[abbreviated]
16001 *[L-ISIS/14] 08:02:38, metric 20
> to 10.1.12.1 via ge-0/0/0.0, Swap 0
16001(S=0) *[L-ISIS/14] 07:43:41, metric 20
> to 10.1.12.1 via ge-0/0/0.0, Pop
16003 *[L-ISIS/14] 07:58:11, metric 20
to 10.1.12.1 via ge-0/0/0.0, Swap 16003
> to 10.2.24.4 via ge-0/0/1.0, Swap 16003
16004 *[L-ISIS/14] 08:04:36, metric 20
> to 10.2.24.4 via ge-0/0/1.0, Pop
16004(S=0) *[L-ISIS/14] 07:43:41, metric 20
> to 10.2.24.4 via ge-0/0/1.0, Pop
16005 *[L-ISIS/14] 07:58:10, metric 20
> to 10.1.12.1 via ge-0/0/0.0, Swap 16005
16006 *[L-ISIS/14] 07:59:08, metric 20
> to 10.2.26.6 via ge-0/0/2.0, Pop
16006(S=0) *[L-ISIS/14] 07:58:11, metric 20
> to 10.2.26.6 via ge-0/0/2.0, Pop
16007 *[L-ISIS/14] 07:58:50, metric 30
> to 10.1.12.1 via ge-0/0/0.0, Swap 16007
16008 *[L-ISIS/14] 07:58:41, metric 10
> to 10.2.28.8 via ge-0/0/3.0, Pop
16008(S=0) *[L-ISIS/14] 07:58:11, metric 10
> to 10.2.28.8 via ge-0/0/3.0, Pop
Traceroute to confirm end-to-end MPLS forwarding:
[email protected]> traceroute mpls segment-routing isis 10.0.255.5 source 10.0.255.8
Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
source 10.0.255.8
ttl Label Protocol Address Previous Hop Probe Status
1 16005 ISIS 10.2.28.2 (null) Success
FEC-Stack-Sent: ISIS
ttl Label Protocol Address Previous Hop Probe Status
2 10.1.12.1 10.2.28.2 No reply
3 10.0.255.5 (null) Egress
FEC-Stack-Sent: ISIS
Path 1 via ge-0/0/0.0 destination 127.0.0.64
ttl Label Protocol Address Previous Hop Probe Status
1 16005 ISIS 10.4.48.4 (null) Success
FEC-Stack-Sent: ISIS
ttl Label Protocol Address Previous Hop Probe Status
2 16005 Unknown 10.3.34.3 10.4.48.4 Success
FEC-Stack-Sent: ISIS
ttl Label Protocol Address Previous Hop Probe Status
3 3 ISIS 10.3.35.5 10.3.34.3 Egress
FEC-Stack-Sent: ISIS
Path 2 via ge-0/0/1.0 destination 127.0.1.64