SR TE 配置案例

 最近接触了一个案例，其中包含很多的SR方面的知识，所以想趁着熟悉记录下来。具体包括了以下的内容：Policy SR-TE、Interface SR-TE、BGP EPE、TE BSID等。

• SR
• Interface SR TE
• TE BSID
• BGP EPE
• Policy SR TE

写在最前面

首先先介绍一下这个环境。

1. AS9929使能SR，并建立PE1和PE2之间的tunnel隧道.

2. CE与PE之间使能BGP EPE,为CE与PE之间的链路分配标签.

3. CE与CE之间起Policy的SR TE, 其中segment list为<EPE label,BSID,EPE label>.

SR

从一年前接触SP这一块开始就听到有人提及到Segment routing这项技术，与相对于传统的LDP标签分发方式，SR意味着你可以在你的网络中少配置一种路由协议，不用考虑IGP于LDP互操新问题；SR TE相对于RSVP TE更是优点多多，例如原生的支持ECMP，例如TI-LFA等。所以运营商在测并部署SR， 并将原有的RSVP TE迁移到SR TE中来。 SR的配置其实很简单，例如在ISIS中使能SR，可以参考以下配置:

1

RP/0/RSP0/CPU0:PE1#show run router isis xx

2

Tue Aug 13 05:46:44.186 UTC

3

router isis xx

4

 is-type level-2-only

5

 net 49.0000.0000.0002.00

6

 address-family ipv4 unicast

7

  metric-style wide                <<<< 必须是wide模式，以为只有在wide模式下才有SR相关的TLV

8

  mpls traffic-eng level-2-only

9

  mpls traffic-eng router-id Loopback1

10

  mpls traffic-eng igp-intact

11

  segment-routing mpls sr-prefer   <<<< 只需要在AFI下配置该命令，sr-prefer参数是为了在LDP共存网络使用SR标签转发

12

 !

13

 interface Loopback1

14

  address-family ipv4 unicast

15

   prefix-sid absolute 16002       <<<< 为每一个设备loopback接口配置prefix sid，absolute 或者index形式

16

  !

INTERFACE SR-TE

配置方法可以参考RSVP TE的配置，唯一特殊的是需要添加segment-routing 关键字，如下 ：

1

RP/0/RSP0/CPU0:PE1#show run int tunnel-te 1

2

Tue Aug 13 05:50:54.801 UTC

3

interface tunnel-te1

4

 bandwidth 102400

5

 ipv4 unnumbered Loopback1

6

 logging events all

7

 destination 3.3.3.3

8

 binding-sid mpls label 4004        <<< BSID

9

 path-option 100 explicit name test segment-routing    <<<<

10

!

11

​

12

RP/0/RSP0/CPU0:PE1#show run explicit-path 

13

Tue Aug 13 05:50:59.592 UTC

14

explicit-path name test             <<<<显示路径会包含到达目标节点路径上的prefix-sid

15

 index 10 next-label 16004

16

 index 20 next-label 16113

TE BSID

BSID的概念其实是用来固定一个TE tunel的标签的，如果一个TE tunel down了， 而在其up起来后为之分配的标签改变了，那么如果我们手写的静态路径用到这个label，就会失效。通过BSID为一个tunnel分配固定的标签就可以解决这个问题。

BGP EPE

EPE主要是用于多CE接入多PE时，选择何种CE或者PE转发路径，例如我们规划流量从某一个PE抓发，那么在写静态路径时可以将CE与PE之间链路的EPE标签写进转发路径中去。如图所示，CE与PE之间使能了EPE feature.

1

RP/0/RSP0/CPU0:PE1#show run router bgp 9919 neighbor 200.1.12.1

2

Tue Aug 13 06:06:33.362 UTC

3

router bgp 9919

4

 neighbor 200.1.12.1

5

  remote-as 100

6

  egress-engineering     <<<<<<

7

  address-family ipv4 unicast

8

   route-policy pass in

9

   route-policy pass out

10

  !

11

12

RP/0/RSP0/CPU0:PE1#show bgp egress-engineering 

13

Tue Aug 13 06:06:50.991 UTC

14

​

15

 Egress Engineering Peer Set: 200.1.12.1/32 (1363f018)

16

     Nexthop: 200.1.12.1

17

     Version: 2, rn_version: 2

18

       Flags: 0x00000006

19

   Local ASN: 9919

20

  Remote ASN: 100

21

   Local RID: 2.2.2.1

22

  Remote RID: 114.112.50.60

23

   First Hop: 200.1.12.1

24

        NHID: 2

25

         IFH: 0x6001000

26

       Label: 24002, Refcount: 3      <<<<<

27

     rpc_set: 144c92a4

28

RP/0/RSP0/CPU0:ASR9910-A#

POLICY SR-TE

CE上配置Policy的SE-TE，目的节点为对端CE:

1

RP/0/RSP0/CPU0:CE1#show run segment-routing 

2

Tue Aug 13 12:59:31.627 UTC

3

segment-routing

4

 global-block 16000 23999

5

 traffic-eng

6

  segment-list to_QD_CC

7

   index 10 mpls label 24021    <<<EPE label

8

   index 20 mpls label 4004     <<<BSID

9

   index 30 mpls label 24007    <<<EPE label

10

  !

11

  policy SRTE_to_QDCC

12

   color 888 end-point ipv4 5.5.5.5

13

   candidate-paths

14

    preference 100

15

     explicit segment-list to_QD_CC

16

     !

将流量引入该TE 隧道, 从该BGP邻居学来的路由都回被引入到TE tunel中 。

1

router bgp 100

2

 neighbor 5.5.5.5

3

  remote-as 65535

4

  ebgp-multihop 10

5

  update-source Loopback2

6

  address-family vpnv4 unicast

7

   route-policy pass-all in

8

   route-policy set_color out      <<<<

9

   next-hop-unchanged

10

  !

11

RP/0/RSP0/CPU0:CE1#show run extcommunity-set opaque color_888 

12

Tue Aug 13 13:03:04.740 UTC

13

extcommunity-set opaque color_888   <<<<

14

  888

15

end-set

16

!

17

RP/0/RSP0/CPU0:ASR9001-D-R1#show run route-policy set_color 

18

Tue Aug 13 13:01:31.096 UTC

19

route-policy set_color

20

  set extcommunity color color_888   <<<<

21

end-policy

22

!

验证联通性.

CE与PE之间的互联链路属于vrf SZ_CC, CE与PE之间路由协议为BGP，PE1与PE2之间的起VPNv4 BGP邻居关系, 以传递CE之间的环回口地址。

1

RP/0/RSP0/CPU0:CE1#show bgp ipv4 unicast summary 

2

Tue Aug 13 13:08:15.030 UTC

3

BGP router identifier 114.112.50.60, local AS number 100

4

BGP generic scan interval 60 secs

5

Non-stop routing is enabled

6

BGP table state: Active

7

Table ID: 0xe0000000   RD version: 195

8

BGP main routing table version 195

9

BGP NSR Initial initsync version 6 (Reached)

10

BGP NSR/ISSU Sync-Group versions 0/0

11

BGP scan interval 60 secs

12

​

13

BGP is operating in STANDALONE mode.

14

​

15

​

16

Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer

17

Speaker             195        195        195        195         195           0

18

​

19

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd

20

100.1.12.2        0  9919    7836    7813      195    0    0    5d07h          4

21

​

22

RP/0/RSP0/CPU0:CE1#show bgp ipv4 unicast         

23

Tue Aug 13 13:08:23.432 UTC

24

BGP router identifier 114.112.50.60, local AS number 100

25

BGP generic scan interval 60 secs

26

Non-stop routing is enabled

27

BGP table state: Active

28

Table ID: 0xe0000000   RD version: 195

29

BGP main routing table version 195

30

BGP NSR Initial initsync version 6 (Reached)

31

BGP NSR/ISSU Sync-Group versions 0/0

32

BGP scan interval 60 secs

33

​

34

Status codes: s suppressed, d damped, h history, * valid, > best

35

              i - internal, r RIB-failure, S stale, N Nexthop-discard

36

Origin codes: i - IGP, e - EGP, ? - incomplete

37

   Network            Next Hop            Metric LocPrf Weight Path

38

*> 1.1.1.1/32         0.0.0.0                  0         32768 ?

39

*> 5.5.5.5/32         100.1.12.2                             0 9919 65535 ?

CE与CE之间使用换回地址建立VPNv4的邻居关系以传递次级CE的VPN路由:

1

RP/0/RSP0/CPU0:CE1#show bgp vpnv4 unicast summary 

2

Tue Aug 13 13:11:02.556 UTC

3

BGP router identifier 114.112.50.60, local AS number 100

4

BGP generic scan interval 60 secs

5

Non-stop routing is enabled

6

BGP table state: Active

7

Table ID: 0x0   RD version: 0

8

BGP main routing table version 96

9

BGP NSR Initial initsync version 7 (Reached)

10

BGP NSR/ISSU Sync-Group versions 0/0

11

BGP scan interval 60 secs

12

​

13

BGP is operating in STANDALONE mode.

14

​

15

​

16

Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer

17

Speaker              96         96         96         96          96           0

18

​

19

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd

20

5.5.5.5           0 65535    3747    3792       96    0    0 04:44:16          1

21

​

22

RP/0/RSP0/CPU0:CE1#

23

RP/0/RSP0/CPU0:ASR9001-D-R1#show bgp vpnv4 unicast         

24

Tue Aug 13 13:11:05.518 UTC

25

BGP router identifier 114.112.50.60, local AS number 100

26

BGP generic scan interval 60 secs

27

Non-stop routing is enabled

28

BGP table state: Active

29

Table ID: 0x0   RD version: 0

30

BGP main routing table version 96

31

BGP NSR Initial initsync version 7 (Reached)

32

BGP NSR/ISSU Sync-Group versions 0/0

33

BGP scan interval 60 secs

34

​

35

Status codes: s suppressed, d damped, h history, * valid, > best

36

              i - internal, r RIB-failure, S stale, N Nexthop-discard

37

Origin codes: i - IGP, e - EGP, ? - incomplete

38

   Network            Next Hop            Metric LocPrf Weight Path

39

40

Route Distinguisher: 5.5.5.5:0

41

*> 33.33.33.33/32     5.5.5.5 C:888            0             0 65535 ?

42

Route Distinguisher: 114.112.50.60:1 (default for vrf Metro)

43

*> 22.22.22.22/32     0.0.0.0                  0         32768 ?

44

*> 33.33.33.33/32     5.5.5.5 C:888            0             0 65535 ?

45

​

46

Processed 4 prefixes, 4 paths

次级CE流量通过Policy SR TE的segment list转发到对端CE：

1

RP/0/RSP0/CPU0:CE1#traceroute vrf Metro 33.33.33.33 source 22.22.22.22

2

Tue Aug 13 13:13:01.548 UTC

3

​

4

Type escape sequence to abort.

5

Tracing the route to 33.33.33.33

6

​

7

 1  200.1.12.2 [MPLS: Labels 4004/24007/24000 Exp 0] 3 msec  1 msec  1 msec 

8

 2  10.1.24.4 [MPLS: Labels 16113/24007/24000 Exp 0] 1 msec  1 msec  1 msec 

9

 3  10.1.34.3 [MPLS: Labels 24007/24000 Exp 0] 1 msec  1 msec  1 msec 

10

 4  200.1.35.5 3 msec  *  2 msec 

11

RP/0/RSP0/CPU0:CE1#

12

​

13

RP/0/RSP0/CPU0:CE1#traceroute vrf Metro 33.33.33.33 source 22.22.22.22

14

Tue Aug 13 13:13:01.548 UTC

15

​

16

Type escape sequence to abort.

17

Tracing the route to 33.33.33.33

18

​

19

 1  200.1.12.2 [MPLS: Labels 4004/24007/24000 Exp 0] 3 msec  1 msec  1 msec 

20

 2  10.1.24.4 [MPLS: Labels 16113/24007/24000 Exp 0] 1 msec  1 msec  1 msec 

21

 3  10.1.34.3 [MPLS: Labels 24007/24000 Exp 0] 1 msec  1 msec  1 msec 

22

 4  200.1.35.5 3 msec  *  2 msec 

23

RP/0/RSP0/CPU0:ASR9001-D-R1#

24

RP/0/RSP0/CPU0:ASR9001-D-R1#

25

RP/0/RSP0/CPU0:ASR9001-D-R1#show cef vrf Metro 33.33.33.33

26

Tue Aug 13 13:13:31.357 UTC

27

33.33.33.33/32, version 37, internal 0x5000001 0x0 (ptr 0x9de49df4) [1], 0x0 (0x0), 0x208 (0x9e27c344)

28

 Updated Aug 13 08:26:51.380

29

 Prefix Len 32, traffic index 0, precedence n/a, priority 3

30

   via local-label 24022, 3 dependencies, recursive, bgp-ext [flags 0x6020]

31

    path-idx 0 NHID 0x0 [0x9e35ed88 0x0]

32

    recursion-via-label

33

    next hop VRF - 'default', table - 0xe0000000

34

    next hop via 24022/0/21

35

     next hop srte_c_888_e labels imposed {ImplNull 24000}

36

37

RP/0/RSP0/CPU0:CE1#show segment-routing traffic-eng policy 

38

Tue Aug 13 13:14:01.437 UTC

39

​

40

SR-TE policy database

41

---------------------

42

​

43

Color: 888, End-point: 5.5.5.5

44

  Name: srte_c_888_ep_5.5.5.5

45

  Status:

46

    Admin: up  Operational: up for 5d06h (since Aug  8 06:47:23.502)

47

  Candidate-paths:

48

    Preference: 100 (configuration) (active)

49

      Name: SRTE_to_QDCC

50

      Requested BSID: dynamic

51

      Explicit: segment-list to_QD_CC (valid)

52

        Weight: 1, Metric Type: TE

53

          24021

54

          4004

55

          24007

56

  Attributes:

57

    Binding SID: 24022

58

    Forward Class: 0

59

    Steering BGP disabled: no

60

    IPv6 caps enable: yes

61

62

​

63

​

64

RP/0/RSP0/CPU0:CE1#show bgp vrf Metro 33.33.33.33/32 detail 

65

Tue Aug 13 13:14:54.055 UTC

66

BGP routing table entry for 33.33.33.33/32, Route Distinguisher: 114.112.50.60:1

67

Versions:

68

  Process           bRIB/RIB  SendTblVer

69

  Speaker                 96          96

70

    Flags: 0x00001001+0x00000000; 

71

Last Modified: Aug 13 08:26:50.892 for 04:48:03

72

Paths: (1 available, best #1)

73

  Not advertised to any peer

74

  Path #1: Received by speaker 0

75

  Flags: 0x4000000005060001, import: 0x80

76

  Not advertised to any peer

77

  65535

78

    5.5.5.5 C:888 (bsid:24022) from 5.5.5.5 (5.5.5.5)

79

      Received Label 24000 

80

      Origin incomplete, metric 0, localpref 100, valid, external, best, group-best, import-candidate, imported

81

      Received Path ID 0, Local Path ID 1, version 96

82

      Extended community: Color:888 RT:3001:3001 

83

      Origin-AS validity: not-found

84

      SR policy color 888, up, not-registered, bsid 24022

85

​

86

      Source AFI: VPNv4 Unicast, Source VRF: default, Source Route Distinguisher: 5.5.5.5:0

the blog from Xuxing's blog.

Link:  http://imxing.cn/?p=76