segment routing egress peer engineering · segment routing –egress peer engineering 3 4 as1 as4...
TRANSCRIPT
Clarence Filsfils
Kris Michielsen
Segment RoutingEgress Peer Engineering
Egress Peer Engineering (EPE)
• Egress Peer Engineering introduction
• Configure Egress Peer Engineering on egress nodes
• Advertise BGP Peering Segment IDs in BGP-LS
• Implement Egress Peer Engineering Policy on ingress node
Egress Peer EngineeringIntroduction
(Centralized) Egress Peer Engineering
• Egress Peer Engineering problem statement:“A centralized controller should be able to instruct an ingress PE or a content source within the domain to use a specific egress PE and a specific external interface/neighbor to reach a particular destination.”draft-filsfils-spring-segment-routing-central-epe
(Centralized) Egress Peer Engineering
• Egress Peer Engineering (EPE) functionality can be enabled without requiring a change in the existing BGP network design
– Next-hop-self is OK
– No requirement to distribute peering links in IGP
• EPE functionality is only required at EPE egress border router and EPE controller
(Centralized) Egress Peer Engineering
• A Centralized Controller collects topology information, including the EPE information, and uses that information to compute and implement per-flow traffic steering
• Per-flow Policy state is only created on the ingress node
– ingress node imposes a list of segments to steer a traffic flow along a selected path within the AS, towards a selected egress border router of the AS and towards a specific external peer
Reference Topology
10 11
Reference Topology
1
3
4
AS1 AS4
AS5
AS6
6
2
5
BGP best-path
NodeX:
Loopback: 1.1.1.X/32
Link addresses:
Link X-Y: 99.X.Y.X/24 with X<Y
2nd link X-Y: 77.X.Y.X/24 with X<Y
6.1.1.6/32
BGP destination in AS6:
6.1.1.6/32
AS1 Nodes:
Same SRGB on all:
[16,000-23,999] (default)
Prefix-SID: 16000 + X
Reference Topology
• AS1 has an ingress Node1 and two egress Node2 and Node3
• AS6 advertises a BGP prefix 6.1.1.6/32 to AS4 and AS5
• AS1 peers with AS4 (Node4) and AS5 (Node5)
• Node1’s BGP best path to BGP destination 6.1.1.6/32 in AS6 is via egress Node2 and Node4, AS4
BGP Best Path
3
4
AS1 AS4
AS5
AS6
610 11
2
5
1
RP/0/0/CPU0:xrvr-1#show bgp 6.1.1.6/32
BGP routing table entry for 6.1.1.6/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 4 4
Last Modified: Oct 6 20:02:05.302 for 21:05:04
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
4 6
1.1.1.2 (metric 30) from 1.1.1.2 (1.1.1.2)
Origin IGP, localpref 100, valid, internal, best, group-best
Received Path ID 0, Local Path ID 1, version 4
Path #2: Received by speaker 0
Not advertised to any peer
4 6
1.1.1.3 (metric 30) from 1.1.1.3 (1.1.1.3)
Origin IGP, localpref 100, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Best path via Node2
Segment Routing
4
AS1 AS4
AS5
AS6
610 11
5
Segment
Routing1
Payload
16003
3
2
router isis 1
interface Loopback0
address-family ipv4 unicast
prefix-sid absolute 16003
Segment Routing
• Segment Routing is enabled in AS1
– The examples assume SR is enabled under IS-IS or OSPF
– Prefix-SIDs can also be distributed by BGP (SR BGP), e.g. within a Data Center Fabric
>See “BGP prefix-SID” section
• Egress Node3 advertises prefix-SID 16003 with its loopback address
– All SR nodes in AS1 can reach Node3 using prefix-SID 16003
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5
Segment
Routing
router isis 1
interface Loopback0
address-family ipv4 unicast
prefix-sid absolute 16003
RP/0/0/CPU0:xrvr-1#traceroute 1.1.1.3
Type escape sequence to abort.
Tracing the route to 1.1.1.3
1 99.1.10.10 [MPLS: Label 16003 Exp 0] 9 msec 9 msec 9 msec
2 99.10.11.11 [MPLS: Label 16003 Exp 0] 19 msec 9 msec 19 msec
3 99.3.11.3 9 msec 9 msec 9 msec
Traceroute from 1 to 3
1
Payload
16003
BGP Peering Segment
BGP Peering Segment
10 111
AS1 AS4
AS5
3
42
5
30024
• “Pop and Forward to the BGP peer”
• Local Segment
– Dynamically allocated
• Value 300XY (for illustration)
– X is “from”
– Y is “to”
• Signaled by BGP-LS (topology information) to the controller
BGP Peering SID types
• PeerNode SID: to eBGP Peer
– MPLS Dataplane: Pop and Forward on any interface to the peer
• PeerAdj SID: to eBGP Peer via interface
– MPLS Dataplane: Pop and Forward on the related interface
• PeerSet SID: to set of eBGP peers
– MPLS Dataplane: Pop and Forward on any interface to the set of peers
– All the peers in a set might not be in the same AS
– Not available yet
3
10 111
AS1 AS4
AS5
AS6
42
5
Single-hop eBGP
Multi-hop eBGP
BGP Peering SID types
• Example on Node2:
– PeerNode SIDs:
>30,024: Pop and forward to Peer4
>30,025: Pop and Forward to Peer5, on any of the 2 links
– PeerAdj SIDs:
>30,125: Pop and Forward to Peer5 on top link
>30,225: Pop and Forward to Peer5 on bottom link
30,024
30,02530,225
30,125
Egress Peer EngineeringConfiguration
10 11
EPE configuration example
4
AS1 AS4
AS5
AS6
6
5
eBGP
eBGP
Single-hop eBGP
Multi-hop eBGP
1
3
router bgp 1
bgp router-id 1.1.1.2
address-family ipv4 unicast
!
neighbor 1.1.1.5
remote-as 5
ebgp-multihop 255
egress-engineering
description eBGP peer xrvr-5
update-source Loopback0
address-family ipv4 unicast
route-policy bgp_in in
route-policy bgp_out out
!
neighbor 99.2.4.4
remote-as 4
egress-engineering
description eBGP peer xrvr-4
address-family ipv4 unicast
route-policy bgp_in in
route-policy bgp_out out
!
!
!
Node5
loopback
Link to
Node4
2
Egress Peer Engineering configured on egress
• Egress Node2 has EPE configured for all its eBGP peers
• Node2 automatically allocates BGP Peering SIDs for each of its eBGP peers
– PeerNode SID(4): label 30,024
>PeerAdj SID(4_link1): label 30,125
>PeerAdj SID(4_link2): label 30,225
– PeerNode SID(5): label 30,025
• Node2 installs the Peering SIDs in the FIB
– PeerNode SID: Pop and Forward to peer
– PeerAdj SID: Pop and Forward to peer over link
• Node2 advertises the Peering SIDs to the Controller using BGP-LS
EPE PeerNode SID
AS1 AS4
AS5
AS6
610 11
4
3
1
5
eBGP
eBGP
RP/0/0/CPU0:xrvr-2#show bgp egress-engineering
Egress Engineering Peer Set: 99.2.4.4/32 (10b291a4)
Nexthop: 99.2.4.4
Version: 5, rn_version: 5
Flags: 0x00000006
Local ASN: 1
Remote ASN: 4
Local RID: 1.1.1.2
Remote RID: 1.1.1.4
First Hop: 99.2.4.4
NHID: 1
Label: 30024, Refcount: 3
rpc_set: 105cfd34
<continue...>
Link to
Node4
PeerNode SID(4): 30,024
2
Single-hop eBGP
Multi-hop eBGP
30,024
30,02530,225
30,125
EPE PeerNode SID
AS1 AS4
AS5
AS6
610 11
4
3
1
5
eBGP
eBGP
<...continue>
Egress Engineering Peer Set: 1.1.1.5/32 (10b48fec)
Nexthop: 1.1.1.5
Version: 2, rn_version: 2
Flags: 0x00000006
Local ASN: 1
Remote ASN: 5
Local RID: 1.1.1.2
Remote RID: 1.1.1.5
First Hop: 99.2.5.5, 77.2.5.5
NHID: 0, 0
Label: 30025, Refcount: 3
rpc_set: 10c34c24
<continue...>
Node5
loopback
PeerNode SID(5): 30,025
2
Single-hop eBGP
Multi-hop eBGP
30,024
30,02530,225
30,125
EPE PeerAdj SIDs
AS1 AS4
AS5
AS6
610 11
4
1
3 5
eBGP
eBGP
<...continue>
Egress Engineering Peer Set: 99.2.5.5/32 (10d92234)
Nexthop: 99.2.5.5
Version: 3, rn_version: 5
Flags: 0x0000000a
Local ASN: 1
Remote ASN: 5
Local RID: 1.1.1.2
Remote RID: 1.1.1.5
First Hop: 99.2.5.5
NHID: 2
Label: 30125, Refcount: 3
rpc_set: 10e37684
Egress Engineering Peer Set: 77.2.5.5/32 (10c931f0)
Nexthop: 77.2.5.5
Version: 4, rn_version: 5
Flags: 0x0000000a
Local ASN: 1
Remote ASN: 5
Local RID: 1.1.1.2
Remote RID: 1.1.1.5
First Hop: 77.2.5.5
NHID: 4
Label: 30225, Refcount: 3
rpc_set: 10e58fa4
Link1 to
Node5
Link2 to
Node5
PeerAdj SID(5_1): 30,125
2
Single-hop eBGP
Multi-hop eBGP
PeerAdj SID(5_2): 30,225
30,024
30,02530,225
30,125
BGP Peering SIDs in forwarding table
AS1 AS4
AS5
AS6
610 11
4
3
1
5
eBGP
eBGP
RP/0/0/CPU0:xrvr-2#show mpls forwarding
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
30025 Pop No ID Gi0/0/0/1 99.2.5.5 0
Pop No ID Gi0/0/0/2 77.2.5.5 0
30125 Pop No ID Gi0/0/0/1 99.2.5.5 0
30225 Pop No ID Gi0/0/0/2 77.2.5.5 0
30024 Pop No ID Gi0/0/0/0 99.2.4.4 0
PeerNode SID(5)
PeerAdj SID(5_1&2)
PeerNode SID(4)
230,024
30,02530,225
30,125
BGP Peering SIDs in forwarding table
AS1 AS4
AS5
AS6
610 11
4
3
1
5
eBGP
eBGP
30,024
30,02530,225
30,125
RP/0/0/CPU0:xrvr-3#show mpls label table detail
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
<. . .>
0 30025 BGP-VPNv4(A):bgp-default InUse Yes
(L3VPN NH SET, vers:0, 'default':4U, nh_set_id = 0x1 )
0 30125 BGP-VPNv4(A):bgp-default InUse Yes
(L3VPN NH SET, vers:0, 'default':4U, nh_set_id = 0x2 )
0 30225 BGP-VPNv4(A):bgp-default InUse Yes
(L3VPN NH SET, vers:0, 'default':4U, nh_set_id = 0x3 )
0 30024 BGP-VPNv4(A):bgp-default InUse Yes
(L3VPN NH SET, vers:0, 'default':4U, nh_set_id = 0x4 )
<. . .>
RP/0/0/CPU0:xrvr-2#show bgp nexthop-set 1
Resilient per-CE nexthop set, ID 1
Number of nexthops 2, Label 30025, Flags 0x1
Nexthops:
99.2.5.5
77.2.5.5
Reference count 2,
RP/0/0/CPU0:xrvr-2#show bgp nexthop-set 2
Resilient per-CE nexthop set, ID 2
Number of nexthops 1, Label 30125, Flags 0x1
Nexthops:
99.2.5.5
Reference count 2,
2
Label context
BGP Peering SID persistency
• Allocated labels are persistent by using a “label context”
– When an MPLS Application (e.g. EPE) allocates a label, it specifies the context of the label
>EPE label context example on previous slide
– If the eBGP neighbor goes down, the Peering SID label is freed
– Label Switch Database (LSD) holds on to the freed label (with its context) for some time (~30min)
– If the eBGP neighbor comes up, a label is requested with the label context (same context if same neighbor recovered)
– If LSD still has the label with that context, it will return that label
• Label persistency will not survive a full reboot
BGP Peering SIDsin BGP-LS
Advertising BGP Peering SIDs in BGP-LS
AS1
3
2
Controller
BGP-LS
• BGP-LS carries internal topology information as well as external connectivity (EPE) information
– See “BGP-LS” section for more details
• Egress Peer Engineering enabled egress nodes automatically advertise their BGP Peering SIDs in BGP-LS
– Each EPE egress node must have a BGP-LS session directly to the Controller or via a RR
• Controller can use the BGP-LS information to compute and implement per-flow traffic steering
Advertising BGP Peering SIDs in BGP-LS
AS1 AS4
AS5
AS6
610 11
4
3
1
2
5Controller
Note: An IOS XR router is acting as “Controller”
BGP-LS
RP/0/0/CPU0:xrvr-10#show bgp link-state link-stateBGP router identifier 1.1.1.10, local AS number 1
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, T IP reacheable route, u/U unknown
I Identifier, N local node, R remote node, L link, P
prefix
L1/L2 ISIS level-1/level-2, O OSPF, D direct, S
static/peer-node
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n nbr-address, o OSPF Route-type, p IP-
prefix
d designated router address
Network Next Hop Metric LocPrf Weight Path
*>i[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c4][q1.1.1.4]][L[i99.2.4.2]
[n99.2.4.4]]/600
1.1.1.2 100 0 i
*>i[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5][q1.1.1.5]][L[i1.1.1.2][
n1.1.1.5]]/600
1.1.1.2 100 0 i
*>i[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5][q1.1.1.5]][L[i99.2.5.2]
[n99.2.5.5]]/600
1.1.1.2 100 0 I
<...>
BGP-LS routes on ControllerRP/0/0/CPU0:xrvr-10#show bgp link-state link-state
[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5][q1.1.1.5]][L
[i1.1.1.2][n1.1.1.5]]/600 detail
BGP routing table entry for
[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5][q1.1.1.5]][L
[i1.1.1.2][n1.1.1.5]]/600
NLRI Type: Link
Protocol: BGP
Identifier: 0x0
Local Node Descriptor:
AS Number: 1
BGP Identifier: 0.0.0.0
BGP Router Identifier: 1.1.1.2
Remote Node Descriptor:
AS Number: 5
BGP Router Identifier: 1.1.1.5
Link Descriptor:
Local Interface Address IPv4: 1.1.1.2
Neighbor Interface Address IPv4: 1.1.1.5
Versions:
Process bRIB/RIB SendTblVer
Speaker 5 5
Flags: 0x04000001+0x00000000;
Last Modified: Oct 6 20:14:51.140 for 1d00h
<continue...>
<...continue>
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0x4000000001060005, import: 0x20
Not advertised to any peer
Local
1.1.1.2 (metric 20) from 1.1.1.2 (1.1.1.2)
Origin IGP, localpref 100, valid, internal, best,
group-best
Received Path ID 0, Local Path ID 1, version 5
Link-state: Peer-SID: 30025
BGP-LS entry Peer Node-SID
from Node2
for peer Node5
“Protocol ID” field
“Identifier” field“AS Number” TLV
“BGP-LS ID” TLV
“BGP Router-ID” TLV
“AS Number” TLV
“BGP Router-ID” TLV
BGP session local address
BGP session peer address
BGP-LS routes on ControllerRP/0/0/CPU0:xrvr-10#show bgp link-state link-state
[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5]
[q1.1.1.5]][L[i99.2.5.2][n99.2.5.5]]/600 detail
BGP routing table entry for
[E][B][I0x0][N[c1][b0.0.0.0][q1.1.1.2]][R[c5][q1.1.1.5]][L
[i99.2.5.2][n99.2.5.5]]/600
NLRI Type: Link
Protocol: BGP
Identifier: 0x0
Local Node Descriptor:
AS Number: 1
BGP Identifier: 0.0.0.0
BGP Router Identifier: 1.1.1.2
Remote Node Descriptor:
AS Number: 5
BGP Router Identifier: 1.1.1.5
Link Descriptor:
Local Interface Address IPv4: 99.2.5.2
Neighbor Interface Address IPv4: 99.2.5.5
Versions:
Process bRIB/RIB SendTblVer
Speaker 4 4
Flags: 0x04000001+0x00000000;
Last Modified: Oct 6 20:14:51.140 for 1d00h
<continue...>
<...continue>
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0x4000000001060005, import: 0x20
Not advertised to any peer
Local
1.1.1.2 (metric 20) from 1.1.1.2 (1.1.1.2)
Origin IGP, localpref 100, valid, internal, best,
group-best
Received Path ID 0, Local Path ID 1, version 4
Link-state: Peer-Adj-SID: 30125
BGP-LS entry Peer Adj-SID
from Node2
for peer Node5
“Protocol ID” field
“Identifier” field“AS Number” TLV
“BGP-LS ID” TLV
“BGP Router-ID” TLV
“AS Number” TLV
“BGP Router-ID” TLV
BGP session local address
BGP session peer address
Programming EPE Policyon ingress
Controller programs ingress node
• Controller can program the ingress Node1 to steer traffic to 6.1.1.6/32 via egress Node3 and AS5 (peer 5), using:
– BGP Segment Routing TE (BGP SR-TE)
– Segment Routing Traffic Engineering (SR-TE)
>PCEP
>CLI/XML
– BGP-LU (RFC3107)
>Currently limited to imposition of two labels: prefix-SID to egress node and EPE label (PeerNode SID or PeerAdj SID)
– Other: host, netconf, …AS1 AS4
AS5
AS6
6 10 11
BGP-LS
Controller
1
3
4 2
5
6.1.1.6/32
Program ingress nodeBGP SR-TE
Program ingress node – BGP SR-TE
• Describe BGP SRTE
Program ingress nodeSR-TE
Program ingress node – SR-TE
• Instantiate SR-TE Policy with EPE label as last hop
– Instantiation can be done using CLI/XML, PCEP
• SR-TE allows to steer the traffic in the local domain towards a specific egress node and out to a specific external peer
• See “SR-TE” section for more details
Segment Routing – Egress Peer Engineering
AS1 AS4
AS5
AS6
610
4
3
2
5
SR-TE Policy
1
6.1.1.6/32
11
explicit-path name EPE_VIA_3_5
index 10 next-address strict ipv4 unicast 1.1.1.11 !! Node11
index 20 next-address strict ipv4 unicast 1.1.1.3 !! Node3
index 30 next-label 30035 !! PeerNode SID to 5
!
interface tunnel-te1
ipv4 unnumbered Loopback0
autoroute destination 6.1.1.6
destination 1.1.1.3
path-option 1 explicit name EPE_VIA_3_5 segment-routing
Peer 5: label 30,035
Destination and traffic steering
• In the example on previous slide, the SRTE destination is chosen to be the egress Node3 and the traffic is steered into the SRTE Policy by using autoroute destination
steering traffic with destination 6.1.1.6/32 into SRTE Policy
• Other steering mechanisms are possible
– See “SR-TE traffic steering section”
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5Controller
RP/0/0/CPU0:xrvr-1#show mpls traffic-eng tunnels 1
Name: tunnel-te1 Destination: 1.1.1.3 Ifhandle:0x780
Signalled-Name: xrvr-1_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, (Segment-Routing) type explicit EPE_VIA_3_5 (Basis for Setup)
<...>
Segment-Routing Path Info (IS-IS 1 level-2)
Segment0[Node]: 1.1.1.11, Label: 16011
Segment1[Node]: 1.1.1.3, Label: 16003
Segment2[ - ]: Label: 30035
RP/0/0/CPU0:xrvr-1#show mpls forwarding tunnels detail
Tunnel Outgoing Outgoing Next Hop Bytes
Name Label Interface Switched
------------- ----------- ------------ --------------- ------------
tt1 (SR) 16011 Gi0/0/0/0 99.1.10.10 480
Updated: Oct 8 09:37:19.892
Version: 35, Priority: 2
Label Stack (Top -> Bottom): { 16011 16003 30035 }
NHID: 0x0, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 14/26, MTU: 1500
Packets Switched: 15
Interface Handle: 0x00000780, Local Label: 24005
Forwarding Class: 0, Weight: 0
Packets/Bytes Switched: 38/1064
tunnel-te1 label stack
1
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5Controller
RP/0/0/CPU0:xrvr-1#show route 6.1.1.6/32
Routing entry for 6.1.1.6/32
Known via "application", distance 2, metric 30 (connected)
Installed Oct 8 08:23:56.033 for 00:05:25
Routing Descriptor Blocks
directly connected, via tunnel-te1
Route metric is 30
No advertising protos.
RP/0/0/CPU0:xrvr-1#show cef 6.1.1.6/32
6.1.1.6/32, version 111, attached, internal 0x1000041 0x0 (ptr 0xa14840f4) [1],
0x0 (0xa14696c8), 0xa20 (0xa151f208)
Updated Oct 8 08:23:56.053
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via tunnel-te1, 5 dependencies, weight 0, class 0 [flags 0x8]
path-idx 0 NHID 0x0 [0xa0f033a0 0x0]
local adjacency
labels imposed {None} Only impose tunnel-te1 labels
1
Egress Peer Engineering – data plane
AS1 AS4
AS5
AS6
610 11
3
42
5Controller
Payload
30035
PayloadPayload
30035
16003
16011
RP/0/0/CPU0:xrvr-1#traceroute 6.1.1.6 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 6.1.1.6
1 99.1.10.10 [MPLS: Labels 16011/16003/30035 Exp 0] 39 msec 19 msec 19 msec
2 99.10.11.11 [MPLS: Labels 16003/30035 Exp 0] 19 msec 19 msec 29 msec
3 99.3.11.3 [MPLS: Label 30035 Exp 0] 19 msec 19 msec 29 msec
4 99.3.5.5 19 msec 19 msec 19 msec
5 99.5.6.6 19 msec 19 msec 29 msec
1 Peer 5: label 30,035
Program ingress nodeBGP-LU (RFC3107)
Controller programs ingress nodeBGP-LU (RFC3107)
• Controller sends a more preferred BGP-LU path update to ingress Node1
– NLRI: the destination prefix to engineer: e.g. 6.1.1.6/32
– Nhop: the selected egress border router: 3
– Label: the selected egress peerNode SID: 30,035
– AS path: reflecting the valid AS path of the selected
– Some BGP policy to ensure it is selected as best by the ingress router
10 11
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
6
2
5Controller
1
BGP-LU
RFC31076.1.1.6/32
10 11
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
6
2
5Controller
1
BGP-LU
RFC3107
route-policy I_AM_CONTROLLER
if destination in (6.1.1.6) then
set next-hop 1.1.1.3
set label 30035
set local-preference 1000
endif
end-policy
!
router bgp 1
bgp router-id 1.1.1.10
address-family ipv4 unicast
network 6.1.1.6/32
allocate-label all
!
neighbor 1.1.1.1
remote-as 1
update-source Loopback0
address-family ipv4 labeled-unicast
route-policy I_AM_CONTROLLER out
!
!
!
Using IOS XR as
Controller using BGP-LU.
This is the configuration
used to do that
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5Controller
BGP-LU
RFC3107
RP/0/0/CPU0:xrvr-1#show bgp 6.1.1.6/32
BGP routing table entry for 6.1.1.6/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 8 8
Local Label: 24004
Last Modified: Oct 8 09:15:04.302 for 00:10:05
Paths: (3 available, best #3)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
4 6
1.1.1.2 (metric 30) from 1.1.1.2 (1.1.1.2)
Origin IGP, localpref 100, valid, internal, group-best
Received Path ID 0, Local Path ID 0, version 0
Path #2: Received by speaker 0
Not advertised to any peer
4 6
1.1.1.3 (metric 30) from 1.1.1.3 (1.1.1.3)
Origin IGP, localpref 100, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Path #3: Received by speaker 0
Not advertised to any peer
Local
1.1.1.3 (metric 30) from 1.1.1.10 (1.1.1.10)
Received Label 30035
Origin IGP, metric 0, localpref 1000, valid, internal, best, group-best
Received Path ID 0, Local Path ID 1, version 8
New best path: via Node3, peer 5
1
Segment Routing – Egress Peer Engineering
• Ingress Node1 pushes label stack on packets to 6.1.1.6/32{prefix-SID(egress Node3); peerNode-SID(AS5 peer 5)}= {16,003; 30,035}
• Traffic steering on Node1 is per BGP destination
– Example: for traffic destined to 6.1.1.6/32 impose {16,003; 30,035}
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5Controller
BGP-LU
RFC3107
RP/0/0/CPU0:xrvr-1#show cef 6.1.1.6/326.1.1.6/32, version 121, internal 0x5000001 0x0 (ptr 0xa14840f4) [1],
0x0 (0xa14696c8), 0xa08 (0xa151f208)
Updated Oct 8 09:15:04.093
Prefix Len 32, traffic index 0, precedence n/a, priority 4
via 1.1.1.3/32, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa15877f4 0x0]
recursion-via-/32
next hop 1.1.1.3/32 via 16003/0/21
local label 24004
next hop 99.1.10.10/32 Gi0/0/0/0 labels imposed {16003 30035}
peerNode-SID(AS5 peer 5)
prefix-SID(egress Node3)
1
Payload
30035
16003
Payload
30035
Payload
Peer 5: label 30,035
Segment Routing – Egress Peer Engineering
3
4
AS1 AS4
AS5
AS6
610 11
2
5Controller
BGP-LU
RFC3107
RP/0/0/CPU0:xrvr-1#traceroute 6.1.1.6 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 6.1.1.6
1 99.1.10.10 [MPLS: Labels 16003/30035 Exp 0] 19 msec 19 msec 19 msec
2 99.10.11.11 [MPLS: Labels 16003/30035 Exp 0] 19 msec 19 msec 29 msec
3 99.3.11.3 [MPLS: Label 30035 Exp 0] 19 msec 19 msec 19 msec
4 99.3.5.5 19 msec 19 msec 19 msec
5 99.5.6.6 29 msec 19 msec 19 msec
1
Payload
30035
16003
Payload
30035
Payload
Peer 5: label 30,035
IETF
IETF
• The Egress Peer Engineering implementation will follow the IETF drafts
– https://tools.ietf.org/html/draft-ietf-spring-segment-routing-central-epe
– https://tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe
• It currently (5.3.2) follows https://tools.ietf.org/html/draft-previdi-idr-bgpls-segment-routing-epe-02
draft-ietf-idr-bgpls-segment-routing-epe
• The BGP Peer Segments are distributed in BGP-LS using the existing Link-Type NLRI
– New Protocol ID (7)
– New (sub-)TLVs are defined for BGP EPE
• Format of (existing) Link NLRI Type:0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link-Type NLRI
• Protocol-ID: 7 (BGP EPE)
• Identifier:
– “Both OSPF and IS-IS MAY run multiple routing protocol instances over the same link. See [RFC6822] and [RFC6549]. These instances define independent "routing universes". The 64-Bit 'Identifier' field is used to identify the "routing universe" where the NLRI belongs.”
– Default: 0
– Configurable: 2-65535
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
router isis 2
is-type level-2-only
net 49.0002.0000.0000.0003.00
distribute bgp-ls instance-id 255
BGP-LS Link-Type NLRI
• Local Node Descriptors:
– Mandatory TLVs:
>BGP Router ID (TLV 516), contains the BGP Identifier of the local BGP EPE node
>Autonomous System Number (TLV 512), contains the local ASN or local confederation identifier (ASN) if confederations are used
>BGP-LS Identifier (TLV 513)
– Optional TLVs:
>Member-ASN (TLV 517), contains the ASN of the confederation member (when BGP confederations are used)
>Other Node Descriptors as defined in ietf-idr-ls-distribution
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link-Type NLRI
• Remote Node Descriptors:
– Mandatory TLVs:
>BGP Router ID (TLV 516), contains the BGP Identifier of the peer node
>Autonomous System Number (TLV 512), contains the peer ASN or the peer confederation identifier (ASN), if confederations are used
– Optional TLVs:
>Member-ASN (TLV 517), contains the ASN of the confederation member (when BGP confederations are used)
>Other Node Descriptors as defined in ietf-idr-ls-distribution
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link-Type NLRI
• Link Descriptors:
– Contain the addresses and interface identifiers used by the BGP session
– As defined in ietf-idr-ls-distribution
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link-Type NLRI
• Link Descriptors for Peer Node Segment NLRI:
– IPv4 Interface Address (TLV 259), contains the BGP session IPv4 local address.
– IPv4 Neighbor Address (TLV 260), contains the BGP session IPv4 peer address.
– IPv6 Interface Address (TLV 261), contains the BGP session IPv6 local address.
– IPv6 Neighbor Address (TLV 262), contains the BGP session IPv6 peer address.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link-Type NLRI
• Link Descriptors for Peer Adjacency Segment NLRI:
– Link Local/Remote Identifiers (TLV 258), contains the 4-octet Link Local Identifier followed by the 4-octet value 0 indicating the Link Remote Identifier is unknown [RFC5307].
– IPv4 Neighbor Address (TLV 260), contains the IPv4 address of the peer interface used by the BGP session.
– IPv6 Neighbor Address (TLV 262), contains the IPv6 address of the peer interface used by the BGP session.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Protocol-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier |
| (64 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Local Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Remote Node Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Link Descriptors //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP-LS Link Attributes
• The following BGP-LS Attributes TLVs are used with the Link NLRI:
– Adjacency Segment ID (TLV 1099)
>Defined in gredler-idr-bgp-ls-segment-routing-extension
– Peer Segment ID (TLV 1036): SID representing the peer of the BGP session.
>The format is the same as defined for the Adj-SID
– Peer Set Segment ID (TLV 1037): SID representing the group the peer is part of.
>The format is the same as defined for the Adj-SID
– In addition, BGP-LS Link Attributes, as defined in ietf-idr-ls-distribution, MAY be inserted in order to advertise the characteristics of the link.
Thank you.Thank you.
References
• https://tools.ietf.org/html/draft-filsfils-spring-segment-routing-central-epe
• https://tools.ietf.org/html/draft-previdi-idr-bgpls-segment-routing-epe
Backup