最近接触了一个案例,其中包含很多的 SR 方面的知识,所以想趁着熟悉记录下来。具体包括了以下的内容:Policy SR-TE、Interface SR-TE、BGP EPE、TE BSID 等。
- SR
- Interface SR TE
- TE BSID
- BGP EPE
- Policy SR TE
#
写在最前面
首先先介绍一下这个环境。
1. AS9929 使能 SR,并建立 PE1 和 PE2 之间的 tunnel 隧道.
2. CE 与 PE 之间使能 BGP EPE,为 CE 与 PE 之间的链路分配标签.
3. CE 与 CE 之间起 Policy 的 SR TE, 其中 segment list 为<EPE label,BSID,EPE label>.
SR #
从一年前接触 SP 这一块开始就听到有人提及到 Segment routing 这项技术,与相对于传统的 LDP 标签分发方式,SR 意味着你可以在你的网络中少配置一种路由协议,不用考虑 IGP 于 LDP 互操新问题;SR TE 相对于 RSVP TE 更是优点多多,例如原生的支持 ECMP,例如 TI-LFA 等。所以运营商在测并部署 SR, 并将原有的 RSVP TE 迁移到 SR TE 中来。 SR 的配置其实很简单,例如在 ISIS 中使能 SR,可以参考以下配置:
RP/0/RSP0/CPU0:PE1#show run router isis xx
Tue Aug 13 05:46:44.186 UTC
router isis xx
is-type level-2-only
net 49.0000.0000.0002.00
address-family ipv4 unicast
metric-style wide <<<< 必须是wide模式,以为只有在wide模式下才有SR相关的TLV
mpls traffic-eng level-2-only
mpls traffic-eng router-id Loopback1
mpls traffic-eng igp-intact
segment-routing mpls sr-prefer <<<< 只需要在AFI下配置该命令,sr-prefer参数是为了在LDP共存网络使用SR标签转发
!
interface Loopback1
address-family ipv4 unicast
prefix-sid absolute 16002 <<<< 为每一个设备loopback接口配置prefix sid,absolute 或者index形式
!
Interface SR-TE #
配置方法可以参考 RSVP TE 的配置,唯一特殊的是需要添加 segment-routing 关键字,如下 :
RP/0/RSP0/CPU0:PE1#show run int tunnel-te 1
Tue Aug 13 05:50:54.801 UTC
interface tunnel-te1
bandwidth 102400
ipv4 unnumbered Loopback1
logging events all
destination 3.3.3.3
binding-sid mpls label 4004 <<< BSID
path-option 100 explicit name test segment-routing <<<<
!
RP/0/RSP0/CPU0:PE1#show run explicit-path
Tue Aug 13 05:50:59.592 UTC
explicit-path name test <<<<显示路径会包含到达目标节点路径上的prefix-sid
index 10 next-label 16004
index 20 next-label 16113
TE BSID #
BSID 的概念其实是用来固定一个 TE tunel 的标签的,如果一个 TE tunel down 了, 而在其 up 起来后为之分配的标签改变了,那么如果我们手写的静态路径用到这个 label,就会失效。通过 BSID 为一个 tunnel 分配固定的标签就可以解决这个问题。
BGP EPE #
EPE 主要是用于多 CE 接入多 PE 时,选择何种 CE 或者 PE 转发路径,例如我们规划流量从某一个 PE 抓发,那么在写静态路径时可以将 CE 与 PE 之间链路的 EPE 标签写进转发路径中去。如图所示,CE 与 PE 之间使能了 EPE feature.
RP/0/RSP0/CPU0:PE1#show run router bgp 9919 neighbor 200.1.12.1
Tue Aug 13 06:06:33.362 UTC
router bgp 9919
neighbor 200.1.12.1
remote-as 100
egress-engineering <<<<<<
address-family ipv4 unicast
route-policy pass in
route-policy pass out
!
RP/0/RSP0/CPU0:PE1#show bgp egress-engineering
Tue Aug 13 06:06:50.991 UTC
Egress Engineering Peer Set: 200.1.12.1/32 (1363f018)
Nexthop: 200.1.12.1
Version: 2, rn_version: 2
Flags: 0x00000006
Local ASN: 9919
Remote ASN: 100
Local RID: 2.2.2.1
Remote RID: 114.112.50.60
First Hop: 200.1.12.1
NHID: 2
IFH: 0x6001000
Label: 24002, Refcount: 3 <<<<<
rpc_set: 144c92a4
RP/0/RSP0/CPU0:ASR9910-A#
Policy SR-TE #
CE 上配置 Policy 的 SE-TE,目的节点为对端 CE:
RP/0/RSP0/CPU0:CE1#show run segment-routing
Tue Aug 13 12:59:31.627 UTC
segment-routing
global-block 16000 23999
traffic-eng
segment-list to_QD_CC
index 10 mpls label 24021 <<<EPE label
index 20 mpls label 4004 <<<BSID
index 30 mpls label 24007 <<<EPE label
!
policy SRTE_to_QDCC
color 888 end-point ipv4 5.5.5.5
candidate-paths
preference 100
explicit segment-list to_QD_CC
!
将流量引入该 TE 隧道, 从该 BGP 邻居学来的路由都回被引入到 TE tunel 中 。
router bgp 100
neighbor 5.5.5.5
remote-as 65535
ebgp-multihop 10
update-source Loopback2
address-family vpnv4 unicast
route-policy pass-all in
route-policy set_color out <<<<
next-hop-unchanged
!
RP/0/RSP0/CPU0:CE1#show run extcommunity-set opaque color_888
Tue Aug 13 13:03:04.740 UTC
extcommunity-set opaque color_888 <<<<
888
end-set
!
RP/0/RSP0/CPU0:ASR9001-D-R1#show run route-policy set_color
Tue Aug 13 13:01:31.096 UTC
route-policy set_color
set extcommunity color color_888 <<<<
end-policy
!
验证联通性. #
CE 与 PE 之间的互联链路属于 vrf SZ_CC, CE 与 PE 之间路由协议为 BGP,PE1 与 PE2 之间的起 VPNv4 BGP 邻居关系, 以传递 CE 之间的环回口地址。
RP/0/RSP0/CPU0:CE1#show bgp ipv4 unicast summary
Tue Aug 13 13:08:15.030 UTC
BGP router identifier 114.112.50.60, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 195
BGP main routing table version 195
BGP NSR Initial initsync version 6 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 195 195 195 195 195 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
100.1.12.2 0 9919 7836 7813 195 0 0 5d07h 4
RP/0/RSP0/CPU0:CE1#show bgp ipv4 unicast
Tue Aug 13 13:08:23.432 UTC
BGP router identifier 114.112.50.60, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 195
BGP main routing table version 195
BGP NSR Initial initsync version 6 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 5.5.5.5/32 100.1.12.2 0 9919 65535 ?
CE 与 CE 之间使用换回地址建立 VPNv4 的邻居关系以传递次级 CE 的 VPN 路由:
RP/0/RSP0/CPU0:CE1#show bgp vpnv4 unicast summary
Tue Aug 13 13:11:02.556 UTC
BGP router identifier 114.112.50.60, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 96
BGP NSR Initial initsync version 7 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 96 96 96 96 96 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
5.5.5.5 0 65535 3747 3792 96 0 0 04:44:16 1
RP/0/RSP0/CPU0:CE1#
RP/0/RSP0/CPU0:ASR9001-D-R1#show bgp vpnv4 unicast
Tue Aug 13 13:11:05.518 UTC
BGP router identifier 114.112.50.60, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 96
BGP NSR Initial initsync version 7 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 5.5.5.5:0
*> 33.33.33.33/32 5.5.5.5 C:888 0 0 65535 ?
Route Distinguisher: 114.112.50.60:1 (default for vrf Metro)
*> 22.22.22.22/32 0.0.0.0 0 32768 ?
*> 33.33.33.33/32 5.5.5.5 C:888 0 0 65535 ?
Processed 4 prefixes, 4 paths
次级 CE 流量通过 Policy SR TE 的 segment list 转发到对端 CE:
RP/0/RSP0/CPU0:CE1#traceroute vrf Metro 33.33.33.33 source 22.22.22.22
Tue Aug 13 13:13:01.548 UTC
Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 200.1.12.2 [MPLS: Labels 4004/24007/24000 Exp 0] 3 msec 1 msec 1 msec
2 10.1.24.4 [MPLS: Labels 16113/24007/24000 Exp 0] 1 msec 1 msec 1 msec
3 10.1.34.3 [MPLS: Labels 24007/24000 Exp 0] 1 msec 1 msec 1 msec
4 200.1.35.5 3 msec * 2 msec
RP/0/RSP0/CPU0:CE1#
RP/0/RSP0/CPU0:CE1#traceroute vrf Metro 33.33.33.33 source 22.22.22.22
Tue Aug 13 13:13:01.548 UTC
Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 200.1.12.2 [MPLS: Labels 4004/24007/24000 Exp 0] 3 msec 1 msec 1 msec
2 10.1.24.4 [MPLS: Labels 16113/24007/24000 Exp 0] 1 msec 1 msec 1 msec
3 10.1.34.3 [MPLS: Labels 24007/24000 Exp 0] 1 msec 1 msec 1 msec
4 200.1.35.5 3 msec * 2 msec
RP/0/RSP0/CPU0:ASR9001-D-R1#
RP/0/RSP0/CPU0:ASR9001-D-R1#
RP/0/RSP0/CPU0:ASR9001-D-R1#show cef vrf Metro 33.33.33.33
Tue Aug 13 13:13:31.357 UTC
33.33.33.33/32, version 37, internal 0x5000001 0x0 (ptr 0x9de49df4) [1], 0x0 (0x0), 0x208 (0x9e27c344)
Updated Aug 13 08:26:51.380
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via local-label 24022, 3 dependencies, recursive, bgp-ext [flags 0x6020]
path-idx 0 NHID 0x0 [0x9e35ed88 0x0]
recursion-via-label
next hop VRF - 'default', table - 0xe0000000
next hop via 24022/0/21
next hop srte_c_888_e labels imposed {ImplNull 24000}
RP/0/RSP0/CPU0:CE1#show segment-routing traffic-eng policy
Tue Aug 13 13:14:01.437 UTC
SR-TE policy database
---------------------
Color: 888, End-point: 5.5.5.5
Name: srte_c_888_ep_5.5.5.5
Status:
Admin: up Operational: up for 5d06h (since Aug 8 06:47:23.502)
Candidate-paths:
Preference: 100 (configuration) (active)
Name: SRTE_to_QDCC
Requested BSID: dynamic
Explicit: segment-list to_QD_CC (valid)
Weight: 1, Metric Type: TE
24021
4004
24007
Attributes:
Binding SID: 24022
Forward Class: 0
Steering BGP disabled: no
IPv6 caps enable: yes
RP/0/RSP0/CPU0:CE1#show bgp vrf Metro 33.33.33.33/32 detail
Tue Aug 13 13:14:54.055 UTC
BGP routing table entry for 33.33.33.33/32, Route Distinguisher: 114.112.50.60:1
Versions:
Process bRIB/RIB SendTblVer
Speaker 96 96
Flags: 0x00001001+0x00000000;
Last Modified: Aug 13 08:26:50.892 for 04:48:03
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0x4000000005060001, import: 0x80
Not advertised to any peer
65535
5.5.5.5 C:888 (bsid:24022) from 5.5.5.5 (5.5.5.5)
Received Label 24000
Origin incomplete, metric 0, localpref 100, valid, external, best, group-best, import-candidate, imported
Received Path ID 0, Local Path ID 1, version 96
Extended community: Color:888 RT:3001:3001
Origin-AS validity: not-found
SR policy color 888, up, not-registered, bsid 24022
Source AFI: VPNv4 Unicast, Source VRF: default, Source Route Distinguisher: 5.5.5.5:0