Segment Routing: Explicit Traffic Engineering Policies

Segment Routing: Explicit Traffic Engineering Policies

We have a shiny new Segment-Routing MPLS core, and one of the many available features this brings is enhanced Traffic Engineering. Here we will run through one such example implementation of a SR Traffic Engineering (SR-TE) policy...


Overview

We have the below example topology, in which a CPE device is announcing two prefixes to us, X.X.X.X/X and Y.Y.Y.Y/Y:

-

As you can see, we will be "colouring" the two prefixes, Red and Blue, with traffic engineering policies to ensure that all traffic from Router B to each prefix takes diverse routing paths through the network.

Blue will route explicitly to Router D, and then route out of an explicitly defined interface to Router A. Red, however, will route explicitly to Router C, and will then route out of an explicitly defined interface towards Router A.

In order to structure these explicit routing instructions, we use Segment IDs (SIDs). We have two types of SID defined in the above topology:

  • Node-SID: Globally unique, specific to an SR device
  • Adjacency-SID: Locally unique, specific to a SR interface

Configuration

Our PCE has it's address defined, as well as a password configured that PCE Clients must authenticate with:

configure terminal
 pce
  address ipv4 <PCE Address>
  password <Password>

And other Segment Routing hosts likewise have an association to the PCE configured:

configure terminal
 segment-routing
   pcc
    pce address ipv4 <PCE Address>
     precedence 1
     password <Password>

End routers A and B will need to be configured with the PCE address, and must have the extended communities present that translate to the policies we will be configuring:

configure terminal
 extcommunity-set opaque RED
   1
 end-set
 extcommunity-set opaque RED
  2
 end-set

Likewise, the mid-path routers C and D must have the necessary local Adjacency-SIDs configured on the associated interfaces in your IGP, ISIS in our case:

configure terminal
 router isis <Process Tag>
  interface <SR interface>
   address-family ipv4 unicast
    adjacency-sid index 4
    commit

Now we can create and push the traffic engineering policies on the Segment Routing Policy Control Engine (SR-PCE). We will create the segment-lists with the label path that traffic must follow:

configure terminal
 pce
  segment-routing
   traffic-eng
    segment-list name RED_ROUTE
     index 10 mpls label 16101 !Router C Node-SID
     index 20 mpls label 15004 !Router C Adjacency-SID
     index 30 mpls label 16127 !Router A Node-SID
    segment-list name BLUE_ROUTE
     index 10 mpls label 16104 !Router D Node-SID
     index 20 mpls label 15004 !Router D Adjacency-SID
     index 30 mpls label 16127 !Router A Node-SID

In the Segment-List, you will see that we are stipulating the first label hop as a Node-SID, then the Adjacency-SID of the interface on that device that the traffic must route through. We can then declare the end-device Node-SID as the last hop in the path.

Next, we will need to configure the Traffic Engineering Peer for Router B, and the associated policies. Configure the below on the PCE:

pce
 segment-routing
  traffic-eng
   peer ipv4 <Router B Address>
    policy RED
     color 1 end-point ipv4 <Router A Address>
     candidate-paths
      preference 100
       explicit segment-list RED_ROUTE
    policy BLUE
     color 2 end-point ipv4 <Router A Address>
     candidate-paths
      preference 100
       explicit segment-list BLUE_ROUTE

We are now ready to configure the CPE. Build the necessary route-policies for colouring the prefixes:

configure terminal

prefix-set BLUE
  X.X.X.X/X
end-set

prefix-set RED
  Y.Y.Y.Y/Y
end-set

extcommunity-set opaque RED
  1
end-set

extcommunity-set opaque BLUE
  2
end-set

route-policy COLOURING
  if destination in RED then
    set extcommunity color RED
  elseif destination in BLUE then
    set extcommunity color BLUE
  else
    pass
  endif
end-policy

And we can now bring up the BGP session from the CPE to Router A. On the CPE, apply the COLOURING route-policy outbound:

router bgp <CPE AS>
 address-family ipv4 unicast
  network X.X.X.X/X
  network Y.Y.Y.Y/Y
 neighbor <Router A Address>
  remote-as <Remote AS>
  address-family ipv4 unicast
   route-policy COLOURING out
   send-extended-community-ebgp

And Router A, to complete the BGP session establishment:

router bgp <Local AS>
 neighbor <CPE Address>
  remote-as <CPE AS>

We are now done configuring!


Verification

We can see that the BGP session is now established:

RP/0/RSP0/CPU0:Router-A#show bgp neighbor <CPE Address>
Fri Dec  7 17:48:51.058 GMT

BGP neighbor is <CPE Address>
 Remote AS <CPE AS>, local AS <Local AS>, external link
 Remote router ID <CPE Address>
  BGP state = Established, up for 00:00:05

And we are receiving our prefixes:

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network     Next Hop    Metric  LocPrf Weight Path
*> X.X.X.X/X  <CPE Address>   0        0 <Local AS> <CPE AS> i
*> Y.Y.Y.Y/Y  <CPE Address>   0        0 <Local AS> <CPE AS> i

Looking on Router B, we can see the the PCE has pushed the newly created policies:

RP/0/RSP0/CPU0:Router-B#show segment-routing traffic-eng policy 

SR-TE policy database
---------------------

Color: 1, End-point: <Router A Address>
  Name: srte_c_1_ep_<Router A Address>
  Status:
    Admin: up  Operational: down for 00:02:56
  Candidate-paths:
    Preference: 100 (PCEP)
      Name: RED
      Requested BSID: dynamic
      PCC info:
        Symbolic name: RED
        PLSP-ID: 1
      Dynamic (pce <PCE Address>) (valid)
        Metric Type: TE,   Path Accumulated Metric: 0 
          16001 [Prefix-SID, <Router C Address>]
          15004 [Adjacency-SID, <Router C Address>]
          16004 [Prefix-SID, <Router D Address>]
  Attributes:
    Forward Class: 0
    Steering BGP disabled: no
    IPv6 caps enable: no

Color: 2, End-point: <Router A Address>
  Name: srte_c_2_ep_<Router A Address>
  Status:
    Admin: up  Operational: down for 00:02:56
  Candidate-paths:
    Preference: 100 (PCEP)
      Name: BLUE
      Requested BSID: dynamic
      PCC info:
        Symbolic name: BLUE
        PLSP-ID: 2
      Dynamic (pce <PCE Address>) (valid)
        Metric Type: TE,   Path Accumulated Metric: 0 
          16004 [Prefix-SID, <Router D Address>]
  Attributes:
    Forward Class: 0
    Steering BGP disabled: no
    IPv6 caps enable: no

And a traceroute from Router B to each prefix shows we are correctly routing along the corresponding engineered path:

RP/0/RSP0/CPU0:Router-B#traceroute X.X.X.X

Tracing the route to X.X.X.X

2  <Router D Address>                      3 msec  *  3 msec
3  <CPE Address>                           5 msec  *  5 msec
 
RP/0/RSP0/CPU0:Router-B#traceroute Y.Y.Y.Y

Tracing the route to Y.Y.Y.Y

3  <Router C Address>                      4 msec  *  4 msec
7  <Router D Address>                      11 msec * 11 msec
8  <CPE Address>                           13 msec * 13 msec

Success, routing to our two prefixes are each taking their respective explicit paths!


This has been a quick run through of an example implementation of Segment Routing Traffic Engineering. I will be continuing to study and test these technologies and use-cases as we progress with phasing in Segment Routing into our MPLS Core.

Thanks for reading!

Related Article