Automated Steering Egress-PE が理解できたので自分のメモ用にアウトプットします。
- 1. Automated Steering Egress-PE
- 2. Topology
- 3. Config
- 4. Automated steering Egress-PE の実装
- 5. 検証
- 6. 参考
1. Automated Steering Egress-PE
Automated Steering は SR-Policy への Traffic の steering を自動化するものです。
少し具体的に言うと、PE で特定 Prefix に応じた Color を判別し、Head-end で Color に応じた Steering をする機能のことです。
今回は、Egress PE で Color assignment を行う場合を検証します。
2. Topology
3. Config
h_N1(主役① PEルータ)
hostname h_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf A
rd 10:1
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.20
vrf A
ipv4 address 198.51.100.1 255.255.255.0
encapsulation dot1q 20
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.1.3.1 255.255.255.0
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 1.1.1.1
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 6.6.6.6
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf A
rd 10:1
address-family ipv4 unicast
!
neighbor 198.51.100.100
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
evpn
evi 100
advertise-mac
!
!
!
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 60 source 10
!
!
!
!
mpls oam
!
segment-routing
traffic-eng
segment-list LOWER
index 10 mpls label 16003
index 20 mpls label 16005
index 30 mpls label 16006
!
segment-list UPPER
index 10 mpls label 16002
index 20 mpls label 16004
index 30 mpls label 16006
!
policy BULE_10
binding-sid mpls 60010
color 10 end-point ipv4 6.6.6.6
candidate-paths
preference 100
explicit segment-list UPPER
!
!
!
!
policy GREEN_20
binding-sid mpls 60020
color 20 end-point ipv4 6.6.6.6
candidate-paths
preference 100
explicit segment-list LOWER
!
!
!
!
!
!
mpls label range table 0 1001001 1001999
end
h_N2(脇役)
hostname h_N2 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 2.2.2.2 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.2.2 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.2 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.2.4.2 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0002.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1002001 1002999 end
h_N3(脇役)
hostname h_N3 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 3.3.3.3 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.3.5.3 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.3 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0003.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 3 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1003001 1003999 end
h_N4(脇役)
hostname h_N4 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 4.4.4.4 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.2.4.4 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.4 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.4.6.4 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.4 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0004.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 4 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1004001 1004999 end
h_N5(脇役)
hostname h_N5 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 5.5.5.5 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.3.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.5.6.5 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0005.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 5 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1005001 1005999 end
h_N6(主役② PEルータ)
hostname h_N6
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf B
rd 10:6
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
!
interface Loopback0
ipv4 address 6.6.6.6 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.4.6.6 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.30
vrf B
ipv4 address 203.0.113.6 255.255.255.0
encapsulation dot1q 30
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.5.6.6 255.255.255.0
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
extcommunity-set opaque BLUE
10
end-set
!
extcommunity-set opaque GREEN
20
end-set
!
route-policy PASS
pass
end-policy
!
route-policy COLOR
if destination in (2.2.2.10/32) then
set extcommunity color BLUE
endif
if destination in (2.2.2.20/32) then
set extcommunity color GREEN
endif
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0006.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 6.6.6.6
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 1.1.1.1
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
route-policy COLOR out
!
address-family l2vpn evpn
!
!
vrf B
rd 10:6
address-family ipv4 unicast
!
neighbor 203.0.113.200
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
evpn
evi 100
advertise-mac
!
!
!
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 10 source 60
!
!
!
!
mpls oam
!
mpls label range table 0 1006001 1006999
end
h_CE1(準主役① CEルータ)
hostname CE1 ! no ip domain lookup ! interface Loopback0 ip address 100.100.100.100 255.255.255.255 ! interface Loopback110 ip address 1.1.1.10 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.100 255.255.255.0 ! interface GigabitEthernet1.20 encapsulation dot1Q 20 ip address 198.51.100.100 255.255.255.0 ! router bgp 100 bgp router-id 100.100.100.100 bgp log-neighbor-changes network 1.1.1.10 mask 255.255.255.255 neighbor 198.51.100.1 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
h_CE2(準主役② CEルータ)
hostname CE2 ! no ip domain lookup ! interface Loopback0 ip address 200.200.200.200 255.255.255.255 ! interface Loopback210 ip address 2.2.2.10 255.255.255.255 ! interface Loopback220 ip address 2.2.2.20 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.200 255.255.255.0 ! interface GigabitEthernet1.30 encapsulation dot1Q 30 ip address 203.0.113.200 255.255.255.0 ! router bgp 200 bgp router-id 200.200.200.200 bgp log-neighbor-changes network 2.2.2.10 mask 255.255.255.255 network 2.2.2.20 mask 255.255.255.255 neighbor 203.0.113.6 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
4. Automated steering Egress-PE の実装
L3VPN が実装されている前提で話を進めます。
→ Single-Domain SR-TE その6(LxVPN over SR)完了した状態からスタートします。
※ L2VPN が定義されていますが、削除するのが面倒だったので残しているだけです。
実装の流れは、① Egress PEルータで extended community を定義します。② Egress PEルータで route-policy を定義します。③ Head-End で explicit Path を定義し、
④ SR-TEのポリシーを定義します。⑤ 最後に経路(Candidate-paths)の候補を③で指定した path list から選択します。
4.1 PEルータ(End-point)
4.1.1 extended community 定義
① extended community を以下のように定義します。
BLUE:10
GREEN:20
RP/0/RP0/CPU0:h_N6(config)#? extcommunity-set Define an extended community set RP/0/RP0/CPU0:h_N6(config)#extcommunity-set ? opaque MLDP opaque types RP/0/RP0/CPU0:h_N6(config)#extcommunity-set opaque ? WORD Opaque type extcommunity set name RP/0/RP0/CPU0:h_N6(config)#extcommunity-set opaque BLUE RP/0/RP0/CPU0:h_N6(config-ext)#? <1-4294967295> 32-bit decimal number RP/0/RP0/CPU0:h_N6(config-ext)#10 RP/0/RP0/CPU0:h_N6(config-ext)#end-set RP/0/RP0/CPU0:h_N6(config)#extcommunity-set opaque GREEN RP/0/RP0/CPU0:h_N6(config-ext)#20 RP/0/RP0/CPU0:h_N6(config-ext)#end-set RP/0/RP0/CPU0:h_N6(config)#
4.1.2 route-policy 定義
① Prefix に応じた Color を付与する route-policy を定義します。
RP/0/RP0/CPU0:h_N6(config)#route-policy COLOR RP/0/RP0/CPU0:h_N6(config-rpl)#? if Begin if-statement <cr> RP/0/RP0/CPU0:h_N6(config-rpl)#if ? destination Destination address in the route RP/0/RP0/CPU0:h_N6(config-rpl)#if destination ? in Member of a set RP/0/RP0/CPU0:h_N6(config-rpl)#if destination in ? ( Begin inline prefix set RP/0/RP0/CPU0:h_N6(config-rpl)#if destination in (2.2.2.10/32) ? then Then clause RP/0/RP0/CPU0:h_N6(config-rpl)#if destination in (2.2.2.10/32) then RP/0/RP0/CPU0:h_N6(config-rpl-if)#? set Set a route attribute RP/0/RP0/CPU0:h_N6(config-rpl-if)#set ? extcommunity BGP extended community attribute RP/0/RP0/CPU0:h_N6(config-rpl-if)#set extcommunity ? color BGP Color extended community RP/0/RP0/CPU0:h_N6(config-rpl-if)#set extcommunity color ? BLUE Opaque type extcommunity set name GREEN Opaque type extcommunity set name WORD Opaque type extcommunity set name RP/0/RP0/CPU0:h_N6(config-rpl-if)#set extcommunity color BLUE RP/0/RP0/CPU0:h_N6(config-rpl-if)#endif RP/0/RP0/CPU0:h_N6(config-rpl)#if destination in (2.2.2.20/32) then RP/0/RP0/CPU0:h_N6(config-rpl-if)#set extcommunity color GREEN RP/0/RP0/CPU0:h_N6(config-rpl-if)#endif RP/0/RP0/CPU0:h_N6(config-rpl)#end-policy RP/0/RP0/CPU0:h_N6(config)#commit Sat May 27 22:20:46.568 UTC RP/0/RP0/CPU0:h_N6(config)#
② BGP の neighbor の outbound 方向に route-policy を適用します。
∵ neighbor から Color Assignment をしている Egress PE への方向であるためです。
RP/0/RP0/CPU0:h_N6#conf Sat May 27 22:33:45.123 UTC RP/0/RP0/CPU0:h_N6(config)#router bgp 10 RP/0/RP0/CPU0:h_N6(config-bgp)#neighbor 1.1.1.1 RP/0/RP0/CPU0:h_N6(config-bgp-nbr)#address-family vpnv4 unicast RP/0/RP0/CPU0:h_N6(config-bgp-nbr-af)#route-policy COLOR out RP/0/RP0/CPU0:h_N6(config-bgp-nbr-af)#show Sat May 27 22:34:46.212 UTC router bgp 10 neighbor 1.1.1.1 address-family vpnv4 unicast route-policy COLOR out ! ! ! RP/0/RP0/CPU0:h_N6(config-bgp-nbr-af)#commit Sat May 27 22:34:49.060 UTC RP/0/RP0/CPU0:h_N6(config-bgp-nbr-af)#end RP/0/RP0/CPU0:h_N6#
4.2 PEルータ(Head-end)
4.2.1 explicit Path の定義
① Segment Routing を定義します。
RP/0/RP0/CPU0:h_N1(config)# segment-routing Segment Routing
② Segment Routing で Traffic Engineering を定義します。
RP/0/RP0/CPU0:h_N1(config-sr)#? traffic-eng Segment Routing Traffic Engineering
③ Segment-list configuration でSegment-list名(任意:UPPER)を定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te)#? segment-list Segment-list configuration RP/0/RP0/CPU0:h_N1(config-sr-te)#segment-list ? name Segment-list name WORD Identifying name for segment-list RP/0/RP0/CPU0:h_N1(config-sr-te)#segment-list UPPER
④ SR-TEで経路を明示的に定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#? index Next entry index RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index ? <1-65535> Index number RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 ? mpls MPLS configuration RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls ? label MPLS label configuration RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls label ? <0-1048575> MPLS label value RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls label 16002
上の方を流す UPPER:N1→N2→N4→N6 と下の方を流す LOWER:N1→N3→N5→N6 を作ります。
segment-routing traffic-eng segment-list LOWER index 10 mpls label 16003 index 20 mpls label 16005 index 30 mpls label 16006 ! segment-list UPPER index 10 mpls label 16002 index 20 mpls label 16004 index 30 mpls label 16006 ! ! !
4.2.2 SR-TE Policy の定義
SR-TE Policy を以下のように定義します。
UPPER
a) ポリシー名 :BULE_10
b) B-SID(任意):60010
c) color :10
d) Tail-End :6.6.6.6(h_N6)
LOWER
a) ポリシー名 :GREEN_20
b) B-SID(任意):60020
c) color :20
d) Tail-End :6.6.6.6(h_N6)
SR-TEは、a)ポリシー名とc)カラー、d)Tail-Endの指定が必須です。
① 先ずはポリシー名を定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te)#policy ? WORD Identifying name for policy with max 59 characters RP/0/RP0/CPU0:h_N1(config-sr-te)#policy BULE_10
② B-SID(binding-sid)は任意設定です。 ※ SR-TE Policy自体に割り当てられたSIDをB-SID(binding-sid)と呼びます。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? binding-sid Binding Segment Identifier RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid ? mpls MPLS label RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid mpls ? <16-1048575> MPLS label RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid mpls 60010
③ 次にカラーとTail-Endを指定します。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? color Specify color for policy RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color ? <1-4294967295> Color value RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 10 ? end-point Policy endpoint RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 10 end-point ? ipv4 IPv4 address RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 10 end-point ipv4 ? A.B.C.D IPv4 endpoint address RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 10 end-point ipv4 6.6.6.6 ? <cr>
なお、Automate Steering の場合は autoroute が不要になります。
4.2.3 Candidate-paths の定義
Candidate-paths を以下のように定義します。
UPPER
a) preference :100
b) explicit path :BLUE_10
LOWER
a) preference :100
b) explicit path :GREEN_20
preference と指定する経路リストをセットで指定します。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? candidate-paths Candidate-paths configuration RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#candidate-paths RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#? preference Policy path-option preference entry RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#preference ? <1-65535> Path-option preference RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#preference 100 RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#? explicit Preconfigured path RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit ? segment-list Specify Segment-list RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit segment-list ? EXPLICIT_LIST Identifying name for segment-list WORD Identifying name for segment-list RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit segment-list BLUE_10
5. 検証
① Egress PE で Color Assignment して advertise している状況を確認します。
RP/0/RP0/CPU0:h_N6#show bgp vpnv4 unicast advertised
Sun May 28 09:56:21.754 UTC
★ Route Distinguisher: 10:6
★ 2.2.2.10/32 is advertised to 1.1.1.1
Path info:
neighbor: 203.0.113.200 neighbor router id: 200.200.200.200
valid external best import-candidate
Received Path ID 0, Local Path ID 1, version 7
Attributes after inbound policy was applied:
next hop: 203.0.113.200
MET ORG AS EXTCOMM
origin: IGP neighbor as: 200 metric: 0
aspath: 200
extended community: RT:200:1
★ Attributes after outbound policy was applied:
next hop: 6.6.6.6
MET ORG AS EXTCOMM
origin: IGP neighbor as: 200 metric: 0
aspath: 200
★ extended community: RT:200:1 Color:10
★ Route Distinguisher: 10:6
★ 2.2.2.20/32 is advertised to 1.1.1.1
Path info:
neighbor: 203.0.113.200 neighbor router id: 200.200.200.200
valid external best import-candidate
Received Path ID 0, Local Path ID 1, version 8
Attributes after inbound policy was applied:
next hop: 203.0.113.200
MET ORG AS EXTCOMM
origin: IGP neighbor as: 200 metric: 0
aspath: 200
extended community: RT:200:1
★ Attributes after outbound policy was applied:
next hop: 6.6.6.6
MET ORG AS EXTCOMM
origin: IGP neighbor as: 200 metric: 0
aspath: 200
★ extended community: RT:200:1 Color:20
RP/0/RP0/CPU0:h_N6#
★部を見て分かる通り Prefix に応じた Color が付与されていることが分かります。
route-policy の方向は、outbound policy was applied となっています。
② Head-end 側でも Egress PE で指定した Prefix 毎に Color が付与されていることを確認します。
RP/0/RP0/CPU0:h_N1#show bgp vpnv4 unicast
Sun May 28 09:59:46.009 UTC
BGP router identifier 1.1.1.1, local AS number 10
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 36
BGP NSR Initial initsync version 8 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10:1 (default for vrf A)
*> 1.1.1.10/32 198.51.100.100 0 0 100 i
★ *>i2.2.2.10/32 6.6.6.6 C:10 0 100 0 200 i
★ *>i2.2.2.20/32 6.6.6.6 C:20 0 100 0 200 i
Route Distinguisher: 10:6
*>i2.2.2.10/32 6.6.6.6 C:10 0 100 0 200 i
*>i2.2.2.20/32 6.6.6.6 C:20 0 100 0 200 i
Processed 5 prefixes, 5 paths
RP/0/RP0/CPU0:h_N1#
RD 10:1 の vrf A でも指定の Prefix に応じた Color が付与されていることが確認できます。
③ Head-end で Color に応じて Steering している様子を確認します。
Color 10 つまり CE2 の Prefix 2.2.2.10/32 が Provider NW 内を指定した segment-list UPPER で steeringしている様子を確認できます。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng policy color 10 detail
Sun May 28 10:13:25.663 UTC
SR-TE policy database
---------------------
★ Color: 10, End-point: 6.6.6.6
★ Name: srte_c_10_ep_6.6.6.6
Status:
★ Admin: up Operational: up for 11:14:27 (since May 27 22:58:58.615)
Candidate-paths:
Preference: 100 (configuration) (active)
★ Name: BULE_10
★ Requested BSID: 60010
Protection Type: protected-preferred
Maximum SID Depth: 10
Explicit: segment-list UPPER (valid)
Weight: 1, Metric Type: TE
★ 16002
★ 16004
★ 16006
LSPs:
LSP[0]:
LSP-ID: 2 policy ID: 3 (active)
★ Local label: 1001009
State: Programmed
Binding SID: 60010
Attributes:
Binding SID: 60010
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
RP/0/RP0/CPU0:h_N1#
Color 10:BLUE は segment-list UPPER(N1→N2:16002→N4:16004→N6:16006)を経由することが分かります。
④ Local label: 1001009 に注目して LFIB を確認してもラベルスタックの様子が確認できます。
RP/0/RP0/CPU0:h_N1#show mpls forwarding labels 1001009 detail
Sun May 28 11:01:45.626 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
★ 1001009 16004 SR TE: 3 [TE-INT] Gi0/0/0/0 10.1.2.2 768
Updated: May 27 22:58:58.621
Version: 52, Priority: 2
★ Label Stack (Top -> Bottom): { 16004 16006 }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/12, MTU: 1500
Outgoing Interface: GigabitEthernet0/0/0/0 (ifhandle 0x01000018)
Packets Switched: 24
RP/0/RP0/CPU0:h_N1#
⑤ 次に Color 20 つまり CE2 の Prefix 2.2.2.20/32 についてトラフィックを steering する様子を確認します。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng policy color 20 detail
Sun May 28 10:19:57.739 UTC
SR-TE policy database
---------------------
★ Color: 20, End-point: 6.6.6.6
★ Name: srte_c_20_ep_6.6.6.6
Status:
★ Admin: up Operational: up for 03:33:43 (since May 28 06:46:14.410)
Candidate-paths:
Preference: 100 (configuration) (active)
★ Name: GREEN_20
★ Requested BSID: 60020
Protection Type: protected-preferred
Maximum SID Depth: 10
Explicit: segment-list LOWER (valid)
Weight: 1, Metric Type: TE
★ 16003
★ 16005
★ 16006
LSPs:
LSP[0]:
LSP-ID: 2 policy ID: 4 (active)
★ Local label: 1001008
State: Programmed
Binding SID: 60020
Attributes:
Binding SID: 60020
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
RP/0/RP0/CPU0:h_N1#
Color 20:GREEN は segment-list LOWER(N1→N3:16003→N5:16005→N6:16006)を経由することが分かります。
⑥ Local label: 1001008 に注目して LFIB を確認してもラベルスタックの様子が確認できます。
RP/0/RP0/CPU0:h_N1#show mpls forwarding labels 1001008 detail
Sun May 28 11:05:39.769 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
★ 1001008 16005 SR TE: 4 [TE-INT] Gi0/0/0/2 10.1.3.3 768
Updated: May 28 06:46:14.410
Version: 63, Priority: 2
★ Label Stack (Top -> Bottom): { 16005 16006 }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/12, MTU: 1500
Outgoing Interface: GigabitEthernet0/0/0/2 (ifhandle 0x01000030)
Packets Switched: 24
RP/0/RP0/CPU0:h_N1#
⑦ traceroute することで Prefix に応じて経路が変化している様子を確認します。
CE1#traceroute 2.2.2.10 source loopback 110 Type escape sequence to abort. Tracing the route to 2.2.2.10 VRF info: (vrf in name/id, vrf out name/id) 1 198.51.100.1 6 msec 2 msec 1 msec 2 10.1.2.2 [MPLS: Labels 16004/16006/1006006 Exp 0] 11 msec 4 msec 4 msec 3 10.2.4.4 [MPLS: Labels 16006/1006006 Exp 0] 5 msec 3 msec 2 msec 4 10.4.6.6 [MPLS: Label 1006006 Exp 0] 6 msec 4 msec 3 msec 5 203.0.113.200 4 msec * 12 msec CE1# CE1#traceroute 2.2.2.20 source loopback 110 Type escape sequence to abort. Tracing the route to 2.2.2.20 VRF info: (vrf in name/id, vrf out name/id) 1 198.51.100.1 3 msec 1 msec 1 msec 2 10.1.3.3 [MPLS: Labels 16005/16006/1006005 Exp 0] 7 msec 4 msec 4 msec 3 10.3.5.5 [MPLS: Labels 16006/1006005 Exp 0] 6 msec 3 msec 3 msec 4 10.5.6.6 [MPLS: Label 1006005 Exp 0] 4 msec 3 msec 3 msec 5 203.0.113.200 3 msec * 4 msec CE1#
6. 参考
① Automated Steering www.cisco.com
② Segment Routing Automated Steering
y-network.jp
次回は、Automated steering(Ingress PE)について記事を書きます。
最後までお読みいただきありがとうございました!
