Segment Routing DO
Segment Routing DO
Recent activity in IETF and the network community suggest using the Segment Routing (SR)
control plane for large transport networks. That’s because RSVP and LDP can’t address all
of the challenges operators of large scale modern transport networks face. Hence the devel-
DAY ONE: MIGRATING TO
“Hegde, Bowers, and Aelmans lead you through the ins and outs of a Junos migration to Segment Routing
with ease. Their world class knowledge, both theoretical and practical, is a boon to the reader as they add
field-derived insights to each migration stage. I’m ecstatic they’ve written this needed Junos book, and
trust me, you’re in good hands the entire migration.”
John Scudder, IETF Routing Area Director, Juniper Networks Distinguished Engineer
“This is a must-read book for every practitioner focused on using Segment Routing to address the
challenges in provisioning LSPs and distribution of labels in large-scale transport networks. The
book is unique as it focuses on providing concrete suggestions, tips, and tricks with detailed practi-
cal, hands-on examples and case studies. My kudos to the authors for an excellent job in delivering
useful content.” Raj Yavatkar, PhD, Chief Technology Officer, Juniper Networks
“Migrating an existing MPLS network in-service to Segment Routing has a lot of larger and smaller
obstacles, many of them unseen at the first glance. Whether you come from ISIS or OSPF, whether
you are using LDP or RSVP, this book shows you what you need to think about, which options you
have and how to do all of this with Junos. Knowing the authors from several years of common work
at the IETF I can assure you they made this book as efficient and helpful for the task as it can be.”
- Dr. Martin Horneffer, Squad Lead Internet Backbone Architecture, Tier 1 Operator
A Junos® migration guide packed with
IT’S DAY ONE AND YOU HAVE A JOB TO DO:
tips and configurations from field
n Understand how to migrate RSVP to the segment routing control plane.
implementations and production cutovers.
n Make the needed configuration changes on routers running the Junos® OS.
Hegde, Bowers, Aelmans
ISBN 978-1736316030
53000
Juniper Networks Books are focused on network reliability and
Recent activity in IETF and the network community suggest using the Segment Routing (SR)
control plane for large transport networks. That’s because RSVP and LDP can’t address all
of the challenges operators of large scale modern transport networks face. Hence the devel-
DAY ONE: MIGRATING TO
“Hegde, Bowers, and Aelmans lead you through the ins and outs of a Junos migration to Segment Routing
with ease. Their world class knowledge, both theoretical and practical, is a boon to the reader as they add
field-derived insights to each migration stage. I’m ecstatic they’ve written this needed Junos book, and
trust me, you’re in good hands the entire migration.”
John Scudder, IETF Routing Area Director, Juniper Networks Distinguished Engineer
“This is a must-read book for every practitioner focused on using Segment Routing to address the
challenges in provisioning LSPs and distribution of labels in large-scale transport networks. The
book is unique as it focuses on providing concrete suggestions, tips, and tricks with detailed practi-
cal, hands-on examples and case studies. My kudos to the authors for an excellent job in delivering
useful content.” Raj Yavatkar, PhD, Chief Technology Officer, Juniper Networks
“Migrating an existing MPLS network in-service to Segment Routing has a lot of larger and smaller
obstacles, many of them unseen at the first glance. Whether you come from ISIS or OSPF, whether
you are using LDP or RSVP, this book shows you what you need to think about, which options you
have and how to do all of this with Junos. Knowing the authors from several years of common work
at the IETF I can assure you they made this book as efficient and helpful for the task as it can be.”
- Dr. Martin Horneffer, Squad Lead Internet Backbone Architecture, Tier 1 Operator
A Junos® migration guide packed with
IT’S DAY ONE AND YOU HAVE A JOB TO DO:
tips and configurations from field
n Understand how to migrate RSVP to the segment routing control plane.
implementations and production cutovers.
n Make the needed configuration changes on routers running the Junos® OS.
Hegde, Bowers, Aelmans
ISBN 978-1736316030
53000
Juniper Networks Books are focused on network reliability and
Appendices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
iv
© 2021 by Juniper Networks, Inc. All rights reserved. Melchior Aelmans is a Consulting Engineer at Juniper
Juniper Networks and Junos are registered trademarks of Networks, where he has been working with many operators
Juniper Networks, Inc. in the United States and other on the design and evolution of their networks. He has over
countries. The Juniper Networks Logo and the Junos logo, 15 years of experience in various operations and engineering
are trademarks of Juniper Networks, Inc. All other positions with Cloud Providers, Data Centers, and Service
trademarks, service marks, registered trademarks, or Providers. Melchior enjoys evangelizing and discussing
registered service marks are the property of their respective routing protocols, routing security, internet routing and
owners. Juniper Networks assumes no responsibility for any peering, and data center architectures. He also participates
inaccuracies in this document. Juniper Networks reserves in IETF and RIPE, is a regular attendee and presenter at
the right to change, modify, transfer, or otherwise revise this conferences and meetings, is a member of the NANOG
publication without notice. Program Committee, and a board member at the NLNOG
Foundation.
Published by Juniper Networks Books
Authors: Shraddha Hegde, Chris Bowers, and Melchior Author Acknowledgments
Aelmans The authors would like to thank, in random order, Patrick
Technical Reviewers: Ron Bonica, Julian Lucek, Colby Ames, Ron Bonica, Colby Barth, Julian Lucek, and John
Barth Scudder (Juniper Networks) for their valuable contribu-
Editor in Chief: Patrick Ames tions, content, input, review, comments, and emotional
Copyeditor: Nancy Koerbel support.
About the Authors In particular the authors would like to thank the authors of
Shraddha Hegde is a Principal Engineer in Juniper Net- Appendix B and C, Colby Barth and Jordan Stewart, for
works’ Routing Protocols Group. She (co-)authored five providing their insights and allowing us to include their
IETF RFC documents and several internet drafts. Shraddha work in this book.
has 20 years of experience in Networking Domain in the
area of IGP, FRR, Segment Routing, MPLS, and IP Security. Version History: v1, June. 2021
She has vast experience in building and deploying highly 2 3 4 5 6 7 8 9 10
scalable data-communications platforms. Prior to joining Comments, errata: [email protected]
Juniper, Shraddha served as a Systems Architect for a major
telecom equipment vendor.
Make the needed configuration changes on routers running the Junos OS.
Verify segment routing operations on Junos devices.
Introduction
Since the initial publication of the drafts resulting in RFC2205 (RSVP) and
RFC3036 (LDP), RSVP and LDP have been the default choices of implementers for
large wide area networks to distribute labels in MPLS (RFC3031) networks.
In late 2001 RFC3209 was published in order to define RSVP Traffic Engineering
(RSVP-TE), which allowed RSVP to “support the instantiation of explicitly routed
LSPs, with or without resource reservations. It also supports smooth rerouting of
LSPs, preemption, and loop detection” (source RFC3209). Many additional RFCs
have been published over time to tailor RSVP to operators’ needs and demands.
Recent activity in IETF and with implementers suggests using Segment Routing (SR)
technologies for large transport networks. The main challenge with large networks is
distribution and storage of labels, in particular when provisioning backup Label
Switched Paths (LSPs) throughout, as network routers can get saturated with these
transit states.
RSVP and LDP don’t, or partly don’t, address some of the challenges operators of
large scale transport networks face in today’s networks.
Hence a new routing architecture, SR, was developed to not only address current
issues, but perhaps even more importantly, to reduce the variety of protocols used in
networks and thus simplify operations.
While the arguments presented in this book are legitimate reasons not to use RSVP
or LDP protocols for the signaling path throughout the network, and they show that
there are other options available, readers might (incorrectly) conclude the authors do
not believe RSVP or LDP should be used as the label distribution protocol for a
transport network. This is, however, not the case. Ultimately, it is up to individual
operators to decide which protocol is “the best” for their application, a decision that
should be based on business and operational, as well as technical, reasons.
The authors assume the reader has in-depth knowledge of the technologies (RSVP,
LDP, MPLS, and Segment Routing) used in this book and expect the reader to also
have read the Day One books cited in Key Segment Routing Resources.
vii
Terminology
Throughout this book you will come across terms and abbreviations that may be
new to you. Here is how the authors use these terms.
Anycast-SID
An anycast-SID (a type of prefix-SID) corresponds to a prefix that may be advertised
by multiple nodes. Paths constructed using anycast-SIDs can have useful resiliency
properties.
Node-SID
A node-SID (a type of prefix-SID) corresponds to a prefix that should only be adver-
tised by a single node. Knowing that a prefix should only be advertised by a single
node is useful when doing computations to construct paths using prefix-SIDs.
Prefix-SID
A prefix-SID (prefix segment identifier (SID)) is associated with an IP prefix. The
prefix-SID is manually configured from the segment routing global block (SRGB)
range of labels.
SRGB
SRGB is the set of global segments in the SR domain. If a node participates in mul-
tiple SR domains there is one SRGB for each SR domain. In SR-MPLS, SRGB is a
local property of a node and identifies the set of local labels reserved for global seg-
ments. In SR-MPLS, using identical SRGBs on all nodes within the SR domain is
strongly recommended. Doing so eases operations and troubleshooting as the same
label represents the same global segment at each node. In SRv6, the SRGB is the set
of global SRv6 SIDs in the SR domain.
TI-LFA
Topology Independent Loop-Free Alternates (TI-LFA) is a method of computing and
constructing fast-reroute backup paths using SR-MPLS labels. The TI-LFA backup
path for a given destination prefix will correspond to the path that will eventually be
taken by the traffic after the IGP converges (the post-convergence path). It is referred
to as “topology-independent” because, with enough SR-MPLS labels, the post-con-
vergence path can always be constructed, independent of network topology.
Chapter 1
This book uses a single topology to discuss different migration scenarios and to
clarify examples, configurations and show commands. This chapter introduces
you to this baseline topology. We tried to come somewhat close to an actual net-
work, but keep in mind that every network differs so whatever you read in this
book…. don’t try it in a live network without thorough testing!
The brownfield network shown in Figure 1.1 consists of eight nodes initially run-
ning OSPF to provide underlay connectivity. In the Day One lab for this book we
used Juniper MX routers, and over the course of this book we illustrate how this
network can migrate from a plain vanilla OSPF to OSPF-SR, and then to ISIS-SR.
As stated earlier, at the beginning of the Chapter 2 the network runs OSPF as a
starting point.
In all the scenarios you migrate to, you will leverage different control plane proto-
cols. What they all have in common is they all use MPLS as the data plane.
There are several observations of note about the initial configuration of the eight-
node network in Figure 1.1:
The network consists of eight Juniper Networks MX routers.
All routers are running Junos OS 20.2R1, which supports OSPF-SR and ISIS-
SR.
A plain vanilla OSPF is initially used as the IGP. Throughout the book we will
introduce OSPF-SR and ISIS-SR.
LDP is used to distribute the MPLS labels, which are used for forwarding.
The IGP metrics configured on the links are shown in Figure 1.1.
R0, R1, R6, and R7 function as PE nodes. There is a full mesh of IBGP ses-
sions between the four PE nodes.
R2, R3, R4, and R5 are P routers. They only perform MPLS forwarding,
hence they do not need to run BGP or install any of the BGP routes known to
R0, R1, R6, and R7.
In order to keep configurations in the examples ‘simple’, the service traffic
transported across the MPLS core corresponds to IPv4 service prefixes. It is
straightforward to extend these examples to various flavors of VPN service
prefixes.
At R7, the prefix 131.1.1.0/24 is being redistributed into BGP. The prefix
131.1.1.0/24 represents an IPv4 service prefix. In a real deployment, the ser-
vice prefix would be advertised over an EBGP session from an EBGP peer. We
have chosen to simply redistribute the prefix locally to simplify this example.
Family inet is enabled on the IBGP sessions for exchange of IPv4 prefixes be-
tween the PE routers.
On each of the PE nodes, IPv4 service prefix resolves on the LDP route to the
BGP next hop of the service prefix.
10 Chapter 1: Meet the Legacy Network
The output below from R0 shows the OSPF and LDP routes to reach 7.7.7.7,
which is the loopback of R7:
root@R0> show route 7.7.7.7
Figure 1.2 shows all of the interface addresses on the links in the example net-
work. As you can see, the interface subnets are configured following the simple
scheme of 21.X.Y.1(2)/24, where X and Y correspond to two routers that the link
connects: RX and RY. The interface addresses are very useful for understanding
the next hops in the route table.
For example, in the receding output, the next hop of the LDP route to reach
7.7.7.7 is “21.0.2.2 via ge-0/0/1.0, Push 299920”. From the interfaces shown in
Figure 1.2, one can readily see that this next hop corresponds to the interface from
R0 to R2. So this route corresponds to R0 pushing label 299920 on the packet
and sending it out the interface to R2.
Now, if we want to learn the route to the external network represented by destina-
tion 131.1.1.1 as seen from router R0, enter the show command below and note
that the next hop is 21.0.3.2 which is, as we’ve seen before, the link R0-R3:
root@R0> show route 131.1.0/24
In the Junos OS, the default behavior is for a BGP next hop to be resolved using
the route in inet.0 or inet.3 with the lowest route preference. Since the BGP route
131.1.1.0/24 is being received from 7.7.7.7, and the route for 7.7.7.7 with the
lowest preference is the LDP route, the route for 131.1.1.0/24 uses the next hops
(the outgoing interface and MPLS labels) provided by the LDP route.
As observed earlier, our setup is running OSPF at this point. In this chapter we will
enable OSPF-SR so we can start distributing SR information throughout our
network.
The OSPF Extensions for segment routing (OSPF-SR) are standardized in
RFC8665 (https://datatracker.ietf.org/doc/rfc8665/) and are now widely adopted
by most network equipment vendors including Juniper Networks.
It causes OSPF to advertise a SRGB. We will dive into SRGB later on.
It causes OSPF to install forwarding entries related to the SR advertisements it
sends and receives.
IPv4 OSPF-SR support is enabled through MPLS. OSPF creates a given interface,
adjacency, and area per OSPF neighbor. A separate MPLS label is allocated for each
adjacency segment created.
Labels are allocated only when the neighbor moves from init state to up state and
requests the label manager for an unreserved label. The corresponding label transi-
tions are downloaded to the MPLS forwarding table after the label is advertised in
locally-originated LSAs. In case of LAN (shared Ethernet segment) adjacencies,
OSPF neighborship remains in a two-way state for the adjacencies between the des-
ignated router (DR) and others. A separate label is allocated for each of the LAN
neighbors, including the DR-other adjacencies that remain in the two-way state.
The Juniper OSPF implementation enables the network operator to provision the
IPv4 address family node segment index node-SID. This node-SID will be assigned
to a router and used by all other remote routers in the network to index into respec-
tive node segment label blocks (SRGBs). It derives the segment identifier to forward
IPv4 traffic destined for the same router which was assigned as node-SID.
In the configuration statement above, no SRGB is explicitly mentioned, so Junos
dynamically chooses the SRGB. One can see the value of the SRGB that Junos has
assigned dynamically by looking at the show ospf overview output. However, many
network operators choose to explicitly configure the value of the SRGB used in the
network, which is what we have chosen to do in this book as well.
After committing this configuration, you can see the operational state for OSPF’s
SRGB by issuing the show ospf overview command:
regress@R0# run show ospf overview
Instance: master
Router ID: 100.100.100.100
Route table index: 0
LSA refresh time: 50 minutes
SPRING: Enabled
SRGB Config Range :
SRGB Start-Label : 400000, SRGB Index-Range : 5000
SRGB Block Allocation: Success
SRGB Start Index : 400000, SRGB Size : 5000, Label-Range: [ 400000, 404999 ]
Node Segments: Enabled
Ipv4 Index : 100
Post Convergence Backup: Disabled
Area: 0.0.0.0
Stub type: Not Stub
Authentication Type: None
Area border routers: 0, AS boundary routers: 0
Neighbors
Up (in full state): 2
Topology: default (ID 0)
Prefix export count: 0
Full SPF runs: 28
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed
Figure 2.1 SRGB and Node-SID Configuration for OSPF-LDP to OSPF-SR Migration
At this point, all of the routers in the network should be advertising a unique
node-SID value as well as a common SRGB value. Let’s take a quick look at the
effect this has had on different routing tables in the network, focusing on the route
entries involving 7.7.7.7/32, the loopback address of R7.
On R0, take a look at the route installed by OSPF SR in inet.3 to reach 7.7.7.7.
The route is installed by labeled OSPF (L-OSPF) as seen in the output below:
regress@R0> show route 7.7.7.7/32 table inet.3 protocol ospf
The route for 7.7.7.7 on R0 has two ECMP next hops. The traffic is load-balanced
across the R0-R2 interface and the R0-R3 interface. R0 pushes the label 400107
on the outgoing packets. R0 computes the label value 400107 by adding the
prefix-SID index for 7.7.7.7/32 (107) to the common SRGB start label (400000).
In Junos, the default behavior is for a BGP next hop to be resolved using the route
in inet.0 or inet.3 with the lowest route preference. LDP routes are installed with a
route preference of 9 while internal OSPF and L-OSPF routes are both installed
with a route preference of 10.
Let’s verify that the IPv4 service route for 131.1.1.0/24 installed by BGP is still us-
ing the LDP next hops:
regress@R0> show route 131.1.1.0/24
In Chapter 3 we show how one can modify the route preference for LDP so that
L-OSPF routes are preferred over LDP routes. This can be useful in some migra-
tion scenarios. However, in this section, let’s simply deactivate LDP so that we
have only L-OSPF routes to use for forwarding. This will allow us to explore how
SR forwarding works without being distracted by the presence of the LDP routes.
In Chapter 3, we will turn LDP back on in order to explore more fine-grained ap-
proaches to migration.
So let’s deactivate LDP on R0 using:
deactivate protocols ldp
And now let’s verify that the LDP route to 7.7.7.7 on R0 has disappeared, leaving
only the OSPF route in inet.0 and the L-OSPF route in inet.3:
regress@R0> show route 7.7.7.7
Note that the OSPF and L-OSPF routes are both installed with a preference value
of 10. In the case of a preference tie between OSPF and L-OSPF, BGP route resolu-
tion prefers L-OSPF. Let’s verify that the BGP route is being resolved over the L-
OSPF route:
regress@R0> show route 131.1.1.1
Traffic arriving at R2 with label 400107 will leave out the R2-R4 interface with
label 400107. Since we are using the same SRGB on all nodes in the network, it is
easier to track label values across different routers. As can be seen in the next out-
put, traffic arriving at R4 with label 400107 will have that label popped and the
packet will be sent out of interface R4-R7 with the original IP packet exposed:
regress@R4> show route label 400107 table mpls.0
Enabling TI-LFA
In its simplest form, TI-LFA provides protection against the failure of a single link.
The TI-LFA backup path for a particular destination corresponds to the path that
traffic will eventually take once the IGP converges after the failure of a link. This
is referred to as the post-convergence backup path. In order to make traffic follow
the post-convergence path, TI-LFA can use several labels in the label stack that de-
fine the backup path.
The Junos TI-LFA implementation also supports protecting against the possibility
of multiple correlated link failures. These can be configured using the node-protec-
tion, fate-sharing-protection, and SRLG-protection options. However, in this ex-
ample let’s configure TI-LFA to protect against the failure of a single link.
Enable TI-LFA for OSPF on the two interfaces on R0 using the following:
set protocols ospf backup-spf-options use-post-convergence-lfa
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 post-convergence-lfa
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
The first line is needed to activate TI-LFA for OSPF in general and also serves as a
place to configure several options related to TI-LFA. The second and third lines
enable the computation and installation of the link-protecting post-convergence
path on the two interfaces on R0.
The last line changes the maximum-backup-paths parameter used by TI-LFA. By
default, the Junos TI-LFA implementation will only install one backup path, even
when several equal-cost post-convergence backup paths exist. By setting maxi-
mum-backup-paths equal to 8, Junos will install up to eight equal-cost post-con-
vergence backup paths.
Now go ahead and enable TI-LFA on all interfaces on all routers in the testbed.
You can consult the configuration in Appendix A for details.
Applying this configuration will not directly affect the way that traffic flows. It
will only install backup paths that will be used for a short period of time in the
event of failures.
Inet.3 Route to R7
If you look at the network topology in Figure 2.1, you can make sense of this out-
put. For example, there are two shortest paths from R0 to R7: R0->R2->R4->R7
and R0->R3->R5->R7; both have a cost of 3. The two next hops shown for
7.7.7.7/32 correspond to those two shortest paths. When there are multiple equal-
cost shortest paths, the TI-LFA implementation does not install any additional
backup paths (except in some cases involving node-protection or SRLG-protec-
tion.) One can verify that traffic will be load-balanced across the two next hops to
reach 7.7.7.7/32 by looking at the value of the weight in the output of show route
detail:
Since both next hops have the same weight value of 0x1, the traffic will be load-
balanced across interfaces ge-0/0/1.0 and ge-0/0/2.0. If one of those interfaces
goes down, all of the traffic will automatically be sent on to the remaining inter-
face. Therefore, no additional backup path is needed.
20 Chapter 2: Migrating from OSPF-LDP to OSPF-SR
Inet.3 Route to R2
Look at the primary and backup paths to get from R0 to R2. The shortest path
from R0 to R2 is simply across the link R0->R2 with cost of 1. If the link from R0
to R2 were to fail, the shortest path from R0 to R2 would be along the path R0-
>R3->R1->R2. The route for 2.2.2.2/32 can then be understood in this context:
regress@R0> show route 2.2.2.2 table inet.3
This first next hop corresponds to the primary path from R0->R2, going out ge-
0/0/1 directly to R2. The second next hop corresponds to the backup path R0-
>R3->R1->R2. The packet leaves R0 out interface ge-0/0/2.0 to R3 with a label
stack [400101(top),400102]. R3 will send the packet out its interface to R1 with
label stack [400102(top)]. And R1 will send the packet out its interface to R2 with
no label stack.
Let’s verify that R0 will only use the backup path when the R0-R2 interface fails.
This can be done by looking at the value of the weight in the output of a show route
detail command:
The next hop to R3 via ge-0/0/2.0 has weight 0xf000, so it will only be used if the
next hop to R2 via ge-0/0/1.0 becomes unusable.
Inet.3 Route to R4
Next look at the primary and backup paths to get from R0 to R4. The shortest
path from R0 to R4 follows R0->R2->R4 with a cost of 2. This accounts for the
first next hop in the show route output:
regress@R0> show route 4.4.4.4 table inet.3
The other three next hops in the show route output correspond to the three differ-
ent equal-cost backup paths to reach R4 installed by the TI-LFA. If the link from
R0 to R2 were to fail, the three different shortest paths to reach R4 would be R0-
>R3->R1->R2->R4, R0->R3->R5->R6->R4, and R0->R3->R5->R7->R4, each
with cost of 4.
It is a worthwhile exercise to study the network topology in Figure 2.1, and prove
to yourself that the last three outgoing interfaces and label stacks in the show route
output do in fact correspond to post-convergence shortest paths to reach R4 when
the interface to R2 fails.
With the link from R3 to R5 deactivated, the primary path for R0 to reach R7 is
along R0->R2->R4->R7, while the TI-LFA backup path is R0->R3->R1->R2->R4-
>R7. This is now reflected in the inet.3 route to reach 7.7.7.7/32:
regress@R0> show route 7.7.7.7 table inet.3
Importantly, the BGP route for 131.1.1.0/24 has inherited the TI-LFA backup path
to reach R7:
regress@R0> show route 131.1.1.0/24
So the routes that get the service traffic into MPLS tunnels benefit from the hard-
ware level fast-reroute provided by the TI-LFA backup paths.
22 Chapter 2: Migrating from OSPF-LDP to OSPF-SR
Please remember to return the example topology to its original state by activating
the link on R3 to R5 using:
regress@R3# activate interfaces ge-0/0/5.0
MORE? For more details on the implementation of TI-LFA in Junos and other
TI-LFA configuration options, make sure to read Day One: Configuring Segment
Routing with Junos at https://www.juniper.net/documentation/en_US/day-one-
books/DO_InsideSR.zip.
Note that the output shows two entries: 16 and 16(S=0). This allows for different
actions based on the setting of the bottom-of-stack bit (S-bit) in the MPLS header.
These two entries will generally be the same for adjacency-SID entries in the
mpls.0 table, so let’s focus on the entry for 16.
The entry for label 16 has two next hops, corresponding to primary and backup
paths. The forwarding action for the primary path is to pop the incoming label
and send the packet out the interface to R2. The forwarding action for the backup
path will result in the packet being sent along the path R0->R3->R1->R2 in order
to get to R2. This backup path for the adjacency-SID forwarding entry is installed
by the TI-LFA.
You can use MPLS traceroute to verify the actual paths for forwarding to reach
R7 using the OSPF-SR routes. There are two ECMP primary paths from R0 to R7:
R0->R2->R4->R7 and R0->R3->R5->R7. The MPLS traceroute command verifies
both:
regress@R0> traceroute mpls segment-routing ospf 7.7.7.7
Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
You can also run MPLS ping and traceroute commands with an explicit label stack.
Note that this requires the following additional configuration on the router origi-
nating the MPLS ping or traceroute:
regress@R0# set protocols source-packet-routing
You can use the MPLS traceroute with an explicit label stack to validate the for-
warding path for a TI-LFA backup path. For example, you previously saw that the
next hop corresponding to the TI-LFA backup path for the labeled OSPF route to
reach 2.2.2.2/32 is:
to 21.0.3.2 via ge-0/0/2.0, Push 400102, Push 400101(top)
This information can be used to create the following MPLS traceroute command:
regress@R0>traceroute mpls segment-routing spring-te label-stack labels [400102 400101] nexthop-
interface ge-0/0/2.0 nexthop-address 21.0.3.2
Probe options: retries 3, exp 7
Note that MPLS traceroute using an explicit label-stack does not currently support
verifying all ECMP paths. When an incoming label entry has multiple equal-cost
next hops, only one of the next hops in the forwarding path will be explored. Sup-
port for ECMP paths is being added in future releases.
26 Chapter 2: Migrating from OSPF-LDP to OSPF-SR
Verification of the OSPF-SR forwarding entries can be done with or without the
LDP routes being present. The MPLS ping and traceroute commands that use IP
addresses require a protocol to be specified, so that the correct inet.3 entry can be
used independent of which route is active. As discussed earlier, the mpls.0 routes
installed by LDP and labeled OSPF will use different incoming labels, so there will
be no conflict between mpls.0 routes. Therefore OSPF-SR forwarding paths can be
verified before moving the service traffic from LDP paths onto the newly created
OSPF-SR paths.
Chapter 3
Now let’s look at different methods of migrating the actual service traffic from OS-
PF-LDP to OSPF-SR. The principles introduced in this chapter are initially dis-
cussed in the context of shifting traffic from OSPF-LDP to OSPF-SR. However, the
same principles will be applied to the other service migration scenarios discussed
in this book, such as OSPF-SR to ISIS-SR, and ISIS-LDP to ISIS-SR.
In the previous section we deactivated LDP in order to look at OSPF-SR forward-
ing behavior without the presence of LDP routes. Now we want to activate LDP
again so that we can explore more fine-grained approaches to migration.
Let’s go ahead and activate LDP on R0 using:
activate protocols ldp
After committing, the route table should again have three routes to reach loopback
7.7.7.7 on R7: OSPF in inet.0, L-OSPF in inet.3, and LDP in inet.3:
regress@R0> show route 7.7.7.7
With the default route preference values for OSPF—labeled OSPF, and LDP—we
again expect to see the service prefix 131.1.1.0/24 (which is advertised in BGP
from 7.7.7.7) being resolved using the LDP route:
regress@R0> show route 131.1.1.0/24
The next two sections look at two different methods for controlling how service
traffic uses LDP routes or labeled OSPF routes:
One method is to change the route preference values for LDP and labeled OSPF
routes.
The second method is to use different loopback addresses as the BGP next hops
for the service routes and selectively advertise a given loopback into either LDP
or OSPF-SR.
The Junos implementation has separate configurable values for the OSPF route
preferences: set protocols ospf preference determines the preference value for inet.0
routes installed by OSPF and set protocols ospf labeled-preference determines the
preference value for inet.3 routes installed by labeled OSPF (indicated with
L-OSPF).
29 Shifting Service Traffic from LDP to OSPF-SR Using Route Preference
So now, without further ado, let’s set the route preference for labeled OSPF routes
to be 6, using the following on R0:
set protocols ospf labeled-preference 6
It has had the desired effect of making the labeled OSPF route the active route as
shown here:
regress@R0> show route 7.7.7.7
And you can see next that the service prefix 131.1.1.0/24 is now being resolved
over the labeled OSPF route:
regress@R0> show route 131.1.1.0/24
Note that using route preference to migrate from LDP to SR allows for a very
gradual and controlled migration. A network operator can change the ospf la-
beled-preference on subsets of nodes in the network over the course of a week in
order to look for unexpected behavior in a controlled manner.
In Chapter 6 you will see that the technique of modifying route preferences can
also be used to support SR deployments with legacy LDP nodes.
Now let’s look at that second alternative to changing route preference, so if you’re
following along in a similar lab, please remove the changes to R0 that have been
made in this section using:
delete protocols ospf labeled-preference
30 Chapter 3: Shifting Traffic from OSPF-LDP to OSPF-SR
This configuration caused R7 to advertise that the index value 107 is associated
with 7.7.7.7/32, since this is the prefix corresponding to the router-id on R7.
With this simple node-SID configuration, both LDP and OSPF-SR create MPLS
paths to reach 7.7.7.7. As shown in Chapter 2’s Default Preference of LDP Over
L-OSPF Routes, the active route in inet.3 for 7.7.7.7/32 will determine how the
route for BGP service prefix with next-hop 7.7.7.7 is resolved.
set policy-options policy-statement assign_sid term one then prefix-segment index 507
set policy-options policy-statement assign_sid term one then prefix-segment node-segment
set policy-options policy-statement assign_sid term one then accept
The configuration above uses the familiar Junos policy configuration with new
prefix-segment actions, together with the prefix-segment configuration under proto-
cols ospf source-packet-routing.
Once the above configuration is committed, you can see next that R0 has a labeled
OSPF route in inet.3 for 77.77.77.77/32:
regress@R0> show route 77.77.77.77 table inet.3
Note that this configuration on R7 does not result in 77.77.77.77 being advertised
into LDP, so the only route on R0 for 77.77.77.77 will correspond to the labeled
OSPF route.
R0 has both LDP and L-OSPF routes for 7.7.7.7 but with the current configura-
tion the LDP route is preferred:
regress@R0> show route 7.7.7.7 table inet.3
The final step is to make a particular BGP service route advertised by R7 use
77.77.77.77 as its BGP next hop:
Now a network operator can control which service traffic will use the LDP MPLS
tunnel and which will use the OSPF-SR MPLS tunnel to reach R7, based on the
BGP next hop advertised for the service. This can be used as part of a migration
strategy, or longer term if desired.
32 Chapter 3: Shifting Traffic from OSPF-LDP to OSPF-SR
This results in the node segment flag being set in the prefix-SID advertisement for
77.77.77.77/32. When a prefix-SID advertisement has the node flag set, we usu-
ally refer to it as a node-SID. One should set the node flag for a prefix advertise-
ment when the prefix is expected to only be advertised by one node. The loopback
address 77.77.77.77 should only be advertised by R7, so it meets the requirement
for setting the node flag.
The fact that a particular prefix-SID should only be advertised by one node in the
network is useful when constructing paths using prefix-SIDs. TI-LFA can make
use of information to simplify computations for constructing post-convergence
backup paths.
Chapter 4
Now let’s look at migrating from OSPF-SR to ISIS-SR. For this chapter we start
with the network running only OSPF-SR, add ISIS-SR running in parallel, and
then shift traffic from OSPF-SR to ISIS-SR. In Chapter 6 we’ll discuss migration
from ISIS-LDP to ISIS-SR. For the current chapter, let’s go ahead and deactivate
LDP on all of the routers by using:
deactivate protocols ldp
ISIS-SR Configuration
You want to enable ISIS-SR on all of the nodes. The configurations for all of the
routers can be found in Appendix A.
To quickly review the configuration done on R7:
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/5.0 level 1 disable
set protocols isis interface ge-0/0/5.0 level 2 metric 1
set protocols isis interface ge-0/0/6.0 point-to-point
set protocols isis interface ge-0/0/6.0 level 1 disable
set protocols isis interface ge-0/0/6.0 level 2 metric 1
set protocols isis interface lo0.0 passive
34 Chapter 4: Preparing for a Migration From OSPF-SR to ISIS-SR
You can see a basic Junos OS configuration for level 2 ISIS, without any segment
routing. In this migration example, we want to use the same metrics in ISIS as in
OSPF. Note that you need to configure metric 1 on the ISIS interface to match the
default metric on OSPF interfaces:
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 107
The first two lines of the configuration create an SRGB of size 5000, starting with
label 200000, and advertise that SRGB. The third line generates a node-SID adver-
tisement with index 107 for the loopback address 7.7.7.7/32. The last three lines
enable the installation of TI-LFA backup paths.
In this example we configured ISIS and OSPF to use different SRGBs. ISIS is using
an SRGB of size 5000 and starting label 200000. OSPF is using an SRGB of the
same size and starting at label 400000. This allows us to use the same index val-
ues for the same prefixes, without creating MPLS label conflicts.
The result of the complete configuration is shown in Figure 4.1.
Figure 4.1 SRGB and Node-SID Configuration for OSPF-SR to ISIS-SR Migration
35 ISIS-SR Node-SID Routes
The mpls.0 entries for labels 200107 and 400107 on R2 show how the ISIS-SR
and OSPF-SR MPLS forwarding planes coexist, each using its own SRGB for node
and prefix-SIDs:
root@R2# run show route label 200107
Topologies: Unicast
Restart capable: Yes, Adjacency advertisement: Advertise
IP addresses: 21.2.4.2
Level 2 IPv4 Adj-SID: 36
The output from R2 above shows that ISIS has assigned label value 36 for the ad-
jacency-SID on ge-0/0/3.0 to reach R4.
If you look at the output from that route entry on R2 for incoming label 36, you’ll
see that the primary forwarding action corresponds to popping the label and for-
warding out ge-0/0/3.0. The backup forwarding action (in case ge-0/0/3.0 fails)
gets the packet to R4 via ECMP post-convergence backup paths:
root@R2# run show route label 36
Similarly, the next MPLS traceroute command traces out the two ECMP forward-
ing paths from R0 to R7, using ISIS-SR route entries:
regress@R0> traceroute mpls segment-routing isis 7.7.7.7
Probe options: ttl 64, retries 3, wait 10, paths 16, exp 7, fanout 16
As was shown for OSPF-SR in Chapter 2, you can run MPLS ping and traceroute
commands with an explicit label stack to test the TI-LFA backup path for an ISIS-
SR route. As before, originating an MPLS ping or traceroute with an explicit label
stack requires set protocols source-packet-routing.
The label stack for the TI-LFA backup path to reach R2 can been seen from:
regress@R0> show route 2.2.2.2 table inet.3 protocol isis
FEC-Stack-Sent: SPRING-TE
ttl Label Protocol Address Previous Hop Probe Status
1 3 Static 21.1.3.1 21.0.3.2 Success
FEC-Stack-Sent: SPRING-TE
ttl Label Protocol Address Previous Hop Probe Status
2 3 Static 21.1.2.2 21.1.3.1 Egress
FEC-Stack-Sent: SPRING-TE
Note that MPLS traceroute using an explicit label-stack does not currently sup-
port verifying all ECMP paths.
Chapter 5
Now that you have configured ISIS-SR and verified that the ISIS-SR routes can ac-
tually forward traffic, you are ready to shift the traffic from OSPF-SR to ISIS-SR.
You can apply the same mechanisms discussed in Chapter 3 [chapter_shifting_ldp_
ospf] in this case, too. You can shift traffic from OSPF-SR to ISIS-SR in a very con-
trolled manner using route preference or using multiple loopback addresses.
At this point, a BGP route will resolve on the L-OSPF route (since it has the lowest
preference value.) In order to resolve on the L-ISIS routes, you can set the route
preference for L-ISIS level 2 routes to 7 using the following configuration on R0:
set protocols isis level 2 labeled-preference 7
This makes the L-ISIS route have the lowest preference value among the four
routes for 7.7.7.7 in inet.0 and inet.3, as can be seen in the following output:
regress@R0> show route 7.7.7.7
You can see that the BGP service route advertised by R7 is using the labels pro-
vided by L-ISIS:
regress@R0> show route 131.1.1.0/24
Before moving on to the next section, let’s make sure to undo changes we made to
the default route preference:
delete protocols isis level 2 labeled-preference
41 Shifting Service Traffic from OSPF-SR to ISIS-SR Using Multiple Loopback Addresses
The only difference from the OSPF configuration is that the ISIS configuration re-
uses the existing export statement. After applying the configuration below on R7
to change the BGP next hop:
set routing-options static route 131.2.1.0/24 discard
You can see that the route to reach 131.2.1.0/24 uses label 200707, corresponding
to the ISIS SRGB of 200000 and the node-SID index of 707 advertised by ISIS for
71.71.71.71/32.
Chapter 6
You can see the modified metrics prevent transit traffic on R6 and R7. R6 only
runs LDP, while all other nodes run both LDP and SR. To see how this solution
works in practice, let’s remove any existing OSPF configuration from all nodes and
activate the basic LDP configuration on all nodes. Make sure you have applied the
basic ISIS-SR configuration from Chapter 4[chapter_ospf_sr_isis_sr] on all nodes.
To illustrate the kind of topology where LDP can safely coexist with ISIS-SR with-
out a mapping server, configure the metrics to be 1000 on both sides of R4-R6,
R4-R7, R5-R6, and R5-R7, so that R6 and R7 are not expected to carry any tran-
sit traffic:
R4# set protocols isis interface ge-0/0/5.0 level 2 metric 1000
R4# set protocols isis interface ge-0/0/6.0 level 2 metric 1000
R5# set protocols isis interface ge-0/0/5.0 level 2 metric 1000
R5# set protocols isis interface ge-0/0/6.0 level 2 metric 1000
R6# set protocols isis interface ge-0/0/5.0 level 2 metric 1000
R6# set protocols isis interface ge-0/0/6.0 level 2 metric 1000
R7# set protocols isis interface ge-0/0/5.0 level 2 metric 1000
R7# set protocols isis interface ge-0/0/6.0 level 2 metric 1000
44 Chapter 6: Supporting Legacy LDP-only Nodes In an SR Network
We want to simulate the situation where R6 does not support ISIS-SR. R6 only
runs ISIS with LDP. Do this with the following configuration on R6:
R6# deactivate protocols isis source-packet-routing
With the default route preference values for LDP, ISIS and labeled ISIS on R0, you
can see the following routes in inet.0 and inet.3 for 6.6.6.6 and 7.7.7.7:
regress@R0> show route 6.6.6.6
[edit]
regress@R0> show route 7.7.7.7
At this point, BGP routes with protocol next-hop 6.6.6.6 and 7.7.7.7 should both
be resolving on LDP routes in inet.3. The following output on R0 confirms this:
regress@R0> show route protocol bgp table inet.0
You can start using ISIS-SR paths, where they exist, by changing the labeled ISIS
route preference on R0 for L2 routes from 14 to 7:
R0# set protocols isis level 2 labeled-preference 7
This causes BGP to prefer ISIS-SR routes over LDP routes when both types of
routes go to a destination, but still use LDP routes when ISIS-SR routes are not
available. The effect of this change can be seen in the following output on R0:
regress@R0> show route 6.6.6.6
The solution illustrated above allows LDP-only nodes to coexist with nodes that
run both ISIS-SR and LDP. It is only applicable when the nodes in the LDP-only
domain are not expected to carry traffic between ISIS-SR domains. However, due
to its simplicity of deployment, it is worth considering in some network migration
scenarios.
Before moving on to the Chapter 7, remember to undo the temporary metric
changes that were made to the example topology and remember to activate ISIS-
SR on R6.
Chapter 7
SRGB is a range of label values reserved for segment routing. SRGB and index val-
ues are used to derive the actual label values for a prefix. Segment routing allows
for SRGB to be different on every node. This flexibility allows for the possibility of
different hardware platforms using different SRGB in the same network.
In Junos 17.2 and onwards, SRGB configuration is supported. The previous ver-
sions used local label block configurations that dynamically allocated label blocks
for segment routing. This mechanism had challenges such as the dynamic label
block allocation varying on every restart, and the label block allocated to SR was
not deterministic.
Now that the label manager is supported in 17.2 onwards, the label manager does
not make any hard partitioning of label types for LSI, block labels, and dynamic
labels. On platforms that do not specify fixed LSI labels, the entire label range of
16-999999 is available for all the applications. Effectively, this means that any
block from this 16-999999 range can be used for SRGB.
There are various advantages of configuring SRGB:
The label block is deterministic and does not change.
Nodes assigned with anycast-SID can use the same SRGB. This helps with sim-
plified SR label stack construction.
Deterministic labels help with easier debugging in case of problems in the net-
work.
48 Chapter 7: A Deep Dive Into SRGBs
PTX: 16-999999
On QFX switches the SRGB feature is not qualified. Basic SR with dynamic block
allocation has been qualified. Technically, the QFX 5k range of devices should be
able to support 16-999999 label range. Configuring SRGB on a node requires MX
and PTX devices to be running in enhanced services mode. When this mode is en-
abled for the first time, the router must be rebooted.
This output does not show the effective label blocks for LSI, Block, and Dynamic.
This implies that the new label manager has not been running.
Enable new the label manager by configuring enhanced-ip mode.
set chassis network-services enhanced-ip
Configure SRGB in OSPF:
set protocols ospf source-packet-routing srgb index-range 5000 start-label 400000
Without a reboot the label manager will remain in the old, partitioned mode and
the SRGB allocation will fail:
[edit]
regress@R3# run show ospf overview
Instance: master
Router ID: 3.3.3.3
Route table index: 0
LSA refresh time: 50 minutes
SPRING: Enabled
SRGB Config Range :
49 Configuring SRGB for the First Time
Re-verification of MPLS label usage implies that the device has not been rebooted:
regress@R3# run show mpls label usage
Label space Total Available Applications
LSI 69609 69609 (100.00%) BGP/LDP VPLS with no-tunnel-services, BGP L3VPN with vrf-table-
label
Block 199936 199936 (100.00%) BGP/LDP VPLS with tunnel-services, BGP L2VPN
Dynamic 487936 487924 (100.00%) RSVP, LDP, PW, L3VPN, RSVP-P2MP, LDP-P2MP, MVPN, EVPN, BGP
Static 48576 48576 (100.00%) Static LSP, Static PW
After configuring enhanced-ip mode, the router needs to be rebooted. Go ahead and
reboot the device and verify the label usage:
regress@R0> show mpls label usage
Label space Total Available Applications
LSI 999984 999977 (100.00%) BGP/LDP VPLS with no-tunnel-services, BGP L3VPN with vrf-table-
label
Block 999984 999977 (100.00%) BGP/LDP VPLS with tunnel-services, BGP L2VPN
Dynamic 999984 999977 (100.00%) RSVP, LDP, PW, L3VPN, RSVP-P2MP, LDP-P2MP, MVPN, EVPN, BGP
Static 48576 48576 (100.00%) Static LSP, Static PW
Effective Ranges
Range name Shared with Start End
Dynamic 16 999999
Static 1000000 1048575
Configured Ranges
Range name Shared with Start End
Dynamic 16 999999
Static 1000000 1048575
Note the differences when the new configurable label manager is in use as com-
pared to the legacy label manager. The new label manager has the effective con-
figurable label range which is available from 16-999999 as indicated under
“Effective Ranges.” SRGB blocks can be picked from within this block.
Verify that the OSPF SRGB allocation has been successful:
regress@R3# run show ospf overview
Instance: master
Router ID: 3.3.3.3
50 Chapter 7: A Deep Dive Into SRGBs
When there are dynamic label allocation protocols such as LDP, RSVP, and BGP-
LU running in the network, these protocols might have allocated labels from the
older dynamic label range.
SRGB allocation will be successful only when the configured SRGB does not con-
flict with any of the allocated labels. It is recommended to set the node for over-
load and disable NSR and graceful restart for LDP, RSVP, and BGP before the
reboot. This will ensure that when the router reboots it will first reserve the config-
ured SRGB and then allocate labels for the dynamic label protocol outside of
SRGB range. If NSR/graceful restart is enabled, the individual protocol procedures
may try to allocate the previously allocated labels, which may lead to conflicts.
Operational Considerations
Every protocol has a separate SRGB configuration under the protocols <x> stanza:
set protocols ospf source-packet-routing srgb index-range 5000 start-label 400000
When the per-protocol SRGB is configured, all protocols like OSPF/ISIS/BGP ad-
vertise the SRGB from the configured value under each protocol stanza.
51 SRGB Configuration Without Reboot
If a shared SRGB is configured under the protocol MPLS stanza, every protocol
will use the same SRGB in its protocol advertisements. When both shared and per-
protocol SRGB are configured, the per-protocol SRGB will override the shared
SRGB. If a shared SRGB is used, the operator has to ensure the indices for prefixes
do not overlap across protocols.
If there is a conflict within the protocol, protocol mechanisms will detect the con-
flict but if the conflict is across protocols such a conflict is not easily detected and
reported.
Per-protocol SRGB is very useful when the networks are getting merged or migrat-
ed. If two networks that were under different administration running two different
IGPs come under single administration, per-protocol SRGB configuration can be
used on common nodes to allow for merging the network while still maintaining
the individual IGP configurations in each domain.
Size of SRGB
Choosing the size of the SRGB is an important planning exercise. The size should
be chosen in consideration of future network growth. Changing SRGB configura-
tions requires the router to be moved to a maintenance state. Repeated changes to
the SRGB size should be avoided in order to reduce maintenance windows. Keep-
ing SRGB uniform across the network has advantages so operators should account
for SRGB range supported on all vendors in a multi-vendor network. Juniper MX
and PTX devices have opened up label space from 16-999999 and are most flex-
ible in terms of SRGB range availability.
Verify show mpls label usage to confirm the router has already been rebooted
since the new label manager was turned on and the new label manager is effec-
tive.
Ensure no other label allocation protocol is running.
If these conditions are met, SRGB can be safely configured without requiring
reboot.
52 Chapter 7: A Deep Dive Into SRGBs
If there are other dynamic label allocation protocols like LDP, RSVP and BGP-LU ,
OSPF-SR, or ISIS-SR running on the router, then the operator is strongly recom-
mended to reboot the device to avoid conflicts. If the operator can ensure a certain
label range is available and not conflicting with any of the already allocated labels,
then SRGB can be configured without reboot.
In case SRGB allocation fails due to conflicts, operators can clear the conflicting
labels by deactivating the protocol or adjacency for which the conflicting label is
allocated. After freeing the conflicting labels, the below command can be used to
re-trigger SRGB allocation:
request mpls label-range reserve
Chapter 8
SR traffic counters provide the ability to build a traffic matrix for SR traffic. SR
traffic counters can be reaped from the routers with streaming telemetry. The de-
tails on how to configure sensors in ISIS and use jtimon collector to collect the traf-
fic counters is explained in detail within Day One: Inside Segment Routing,
https://www.juniper.net/documentation/en_US/day-one-books/DO_InsideSR.zip.
When the network is being migrated to SR, the SR counters will provide details of
the SR-specific traffic, and the LDP or RSVP traffic will be counted separately by
respective protocol counters. In this chapter we will learn some details about the
type of counters supported in ISIS SR. We will also see how these counters can be
used to build the traffic matrix. We will discuss some challenges typically faced
with SR. Figure 8.1 illustrates the lab topology with ISIS-SR enabled as well as the
SRGB and the indices.
Per-SID egress
Per-interface-per-member-link egress
Per-interface-per-member-link ingress
Per-SID ingress counters provide the transit MPLS traffic towards a particular des-
tination on a particular router. The counters are identified by the label towards the
destination. For example, on R0, the transit traffic towards R7 counted in the per-
SID ingress counter named “200107”. The label is derived based on the SRGB
configured on that router. In the lab topology, the same SRGB is configured on all
nodes. Suppose R3 is configured with SRGB of start label 600000 and size 5000,
the transit traffic on this router R3 will be identified with a sensor with name
600107. When there are ECMP next hops to 7.7.7.7, aggregate traffic towards
7.7.7.7 will be counted in this sensor. Fine-grained counters such as per-SID-per-
Interface sensors are not supported at the time of writing this book.
Per-SID egress counters provide the traffic counters for the IP traffic that gets en-
capsulated in MPLS headers on the routers. This is referred to as IP->MPLS traffic.
These counters are identified with the IP address of the remote PE to which the
MPLS encapsulation is done. For example, let’s take a case of traffic going from
R0 to R7. R0 is an ingress router that encapsulates incoming IP traffic into MPLS.
The traffic for R7 is counted using the per-SID egress counter named “L-
ISIS-7.7.7.7”. Similarly, traffic headed to 6.6.6.6 is counted using the sensor
named “L-ISIS-6.6.6.6”. Similar to per-SID ingress counters, ECMP traffic is
counted in aggregate and per-SID-per-interface granularity counters are not
supported.
In order to build the demand matrix from R0 to R7, the per-SID egress counter
“L-ISIS-7.7.7.7” and per-SID ingress counter for “200107” should be added to-
gether to get total traffic.
Per-interface-per-memberlink egress counter provides total outgoing SR traffic on
an interface. Similarly, the per-interface-per-memberlink ingress counter provides
total incoming SR traffic on an interface. The counters are streamed on a per mem-
ber-link granularity in case of an AE bundle link. The per-interface-per-member-
link egress counter is useful during migrations. It is useful in determining the total
SR traffic on an interface and feed that consumed traffic into “available traffic”
from RSVP. The per-interface-per-memberlink egress counter is used to collect to-
tal SR traffic when the SR-auto bandwidth feature is enabled.
Per-interface-per-memberlink ingress counters provide total incoming SR traffic
on an interface. The traffic is counted on a per-memberlink granularity for an AE
55 Basic Show Command to Show Counters On PFE
bundle link. This counter can be used to compare against the per-interface-per-
memberlink egress counter and can be used to detect SR traffic drops.
Some operators measure the per-VRF traffic on internal P devices using netflow.
Netflow makes use of the firewall filters to look up the bottom-most MPLS label in
the packet or to look up the IP headers of the original packet and count the traffic
for the VRF. In the case of LDP/RSVP, the position of the VPN label from the top
of the MPLS header is fixed in most cases. In the case of SR, the position of VPN
labels may not be fixed if FRR protection is in force. TI-LFA can impose arbitrary
numbers of labels so the total number of MPLS labels on the packet is not fixed.
Netflow firewall filters may not be able to read past the arbitrary number of labels
to reach VPN labels. In certain cases, if the number of labels Netflow has to read is
beyond a certain number, that may not be supported.
In the case of SR networks, it is recommended to measure the VPN traffic on CE-
PE interfaces.
Ping packets originated from R0 will not be accounted for statistics. Data packets
that hit the next hops in the PFE will be accounted.
For this exercise let’s temporarily modify the routes to simulate data traffic on R0.
On R2 create a static route for 121.1.1.1 to point towards R0 and force the data
packets through R0 to verify the counters.
From R2, send 10 packets for prefix 121.1.1.1 via R0.
When traffic is received on R0, it is still an IP packet and will hit the BGP route
that resolves an ISIS-SR route:
56 Chapter 8: Segment Routing Traffic Counters
On R0, let us look at the IP->MPLS counters for the sensor L-ISIS-6.6.6.6. We do
not have CLI support to display the statistics, but we can directly check the coun-
ters by logging into the PFE. This mechanism is not recommended for a produc-
tion environment but can be used for debugging purposes in a lab:
regress@R0>request pfe execute command "show agent sensor" target fpc0 | grep "ip-mpls" |no-more
2733067753 ip-mpls 5000(203)
regress@R0# request pfe execute command "show agent sensor id 2733067753" target fpc0 | no-more
SENT: Ukern command: show agent sensor id 2733067753
You can see that the PFE shows ten packets for the sensor “L-ISIS-6.6.6.6” on
which the traffic is flowing.
During migration, if multiple loopbacks are used on the remote router, per-SID
egress counters for both loopback addresses should be added together to get the
aggregate traffic from R1 to R6
There may be some transit traffic going towards R6 on R0.
This traffic is accounted as part of the per-SID ingress counter.
For this exercise, we temporarily made some topology modifications to simulate
transit traffic towards R6 to go via R0. On R2 we brought down interfaces to-
wards R3, R4, and R5 and forced the traffic with destination R6 to go towards
R0.
Now we enable bgp-igp-both-ribs on R2 to place L-ISIS routes in inet.0. This is re-
quired to enable ping to use L-ISIS routes in inet.0:
regress@R0> set protocols mpls traffic-engineering bgp-igp-both-ribs
[edit]
regress@R2# run show route 6.6.6.6
Ping packets are sent to 6.6.6.6 and on R0 you can see transit traffic for label
200106:
regress@R2# run ping 6.6.6.6
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=61 time=6.615 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=61 time=7.244 ms
64 bytes from 6.6.6.6: icmp_seq=2 ttl=61 time=15.247 ms
64 bytes from 6.6.6.6: icmp_seq=3 ttl=61 time=8.364 ms
64 bytes from 6.6.6.6: icmp_seq=4 ttl=61 time=9.919 ms
^C
--- 6.6.6.6 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 6.615/9.478/15.247/3.095 ms
regress@R0> request pfe execute command "show agent sensor" target fpc0 | grep "per-sid" |no-more
3442950488 per-sid 5000(0)
regress@R0> request pfe execute command "show agent sensor id 3442950488" target fpc0 | no-more
SENT: Ukern command: show agent sensor id 3442950488
In Segment Routing, a prefix segment follows the least-cost path from its source to
its destination. The IGP calculates and identifies the least-cost path. A network op-
erator can configure multiple prefix segments ending on the same destination.
Flexible algorithm (flex-algo) is a mechanism that allows network operators to
influence how the IGP calculates the least cost path for each prefix segment. There-
fore, each prefix segment can traverse a unique path to the destination. This chap-
ter explores how flex-algo supports Traffic Engineering (TE) in our network.
Those who are less familiar with flex-algo might find the following resources
useful:
Day One: Inside Segment Routing, written By Anurag Khare and Colby
Barth: https://www.juniper.net/documentation/en_US/day-one-books/DO_In-
sideSR.zip
IGP Flexible Algorithms (Flex-Algo) blog written by Ron Bonica:
https://blogs.juniper.net/en-us/industry-solutions-and-trends/igp-flexible-algo-
rithms-flex-algo
In SR, TE paths can be built by stacking node-SIDs and adj-SIDs. The path con-
sisting of only adj-SIDs can be arbitrarily long and hit the label stack depth limita-
tion on the ingress PE router hardware.
Node-SIDs are most commonly used to compress the label stacks. While com-
pressing the label-stacks with node-SIDs, the compute engine ensures that the
compressed path also satisfies all the constraints of the TE path. Until the network
and the explicit path computation engine converge completely when there is a fail-
ure, the node-SIDs may traverse a path that does not satisfy TE constraints.
Many use cases such as data sovereignty require the TE constraints to be strictly
met at all times. Certain customer traffic requirements avoid passing through
nodes and links located in certain geographical regions and these constraints need
to be strictly honored at all times, even when there are failures. Flex-algo solves
this use case very efficiently. Flex-algo topology is built with all nodes that adver-
tise a particular flex-algo and satisfy constraints described in flexible algorithm
definition (FAD). The paths will be built only within this topology. Nodes and
links outside of this topology will not be visible for the flex-algo SPF computation.
This mechanism provides a very effective way of isolating the nodes and links. The
backup paths computed for the flex-algo routes will also be within the flex-algo
topology and hence honor the constraints.
MORE? The details of flex-algo configurations are covered in Day One: Inside
Segment Routing, https://www.juniper.net/documentation/en_US/day-one-books/
DO_InsideSR.zip
This chapter focuses on how to migrate services onto flex-algo. In the later part of
this chapter we will also cover some of the operational aspects of flex-algo.
Flex-Algo Configuration
Figure 9.1 depicts the lab topology used for this chapter. The links are configured
with a TE metric. Flex-algo 133 is enabled on all nodes. The flex-algo SIDs for R0,
R1, and etc., is set to 300, 301, and etc. as shown in the topology diagram of Fig-
ure 9.1.
R0 is chosen as the FAD server in this topology and R0 has configurations for the
FAD. In a deployed network, it is recommended to configure two or more FAD
servers to ensure redundancy. Restricting flex-algo definition to only a few nodes
ensures that the other routers only need to configure flex-algo participation. This
minimizes the possibility of configuration errors that could arise if the FAD needs
to be configured on all nodes in a large network.
61 Flex-Algo Configuration
Note that the flex-algo SIDs must have the node-segment bit enabled on them as
shown in the last line of the configuration sample. This will ensure the TI-LFA
compressed paths for the flex-algo routes can use these flex-algo SIDs for compres-
sion. The rationale for this is described in detail in section TI_LFA of this chapter.
Flex-algo is enabled on ISIS with the configuration:
set protocols isis source-packet-routing flex-algorithm 133
With this configuration, ISIS advertises the algorithm sub-TLV for algorithm 133
and the flex-algo SIDs corresponding to 133. If the Node is a FAD server, it also
advertises the FAD sub-TLV. All nodes participating in the flex-algo 133 compute
the SPF paths based on te-metric (based on the FAD definition) and create MPLS
routes.
The transit routes get downloaded into mpls.0 table. The routes in mpls.0 table
will get downloaded to the FIB as well. The ingress routes will get created in inet-
color.0 table.
Inetcolor.0 table is a tunnel table similar to inet.3. The routes in inetcolor.0 do not
get downloaded to FIB until some service prefix resolves on these routes.
62 Chapter 9: Separating Routing Planes with Flex-Algo
Once flex-algo is configured on all the routers the inetcolor.0 table is built as
shown here:
regress@R0> show route table inetcolor.0
1.1.1.1-133<c>/64
*[L-ISIS/14] 00:00:54, metric 12
> to 21.0.2.2 via ge-0/0/1.0, Push 200301
to 21.0.3.2 via ge-0/0/2.0, Push 200301
2.2.2.2-133<c>/64
*[L-ISIS/14] 00:00:45, metric 1
> to 21.0.2.2 via ge-0/0/1.0
to 21.0.3.2 via ge-0/0/2.0, Push 200302
3.3.3.3-133<c>/64
*[L-ISIS/14] 00:20:03, metric 11
> to 21.0.2.2 via ge-0/0/1.0, Push 200303
to 21.0.3.2 via ge-0/0/2.0
4.4.4.4-133<c>/64
*[L-ISIS/14] 00:00:31, metric 12
> to 21.0.2.2 via ge-0/0/1.0, Push 200304
to 21.0.3.2 via ge-0/0/2.0, Push 200304
5.5.5.5-133<c>/64
*[L-ISIS/14] 00:00:27, metric 2
> to 21.0.2.2 via ge-0/0/1.0, Push 200305
to 21.0.3.2 via ge-0/0/2.0, Push 200305
6.6.6.6-133<c>/64
*[L-ISIS/14] 00:00:22, metric 13
> to 21.0.2.2 via ge-0/0/1.0, Push 200306
to 21.0.3.2 via ge-0/0/2.0, Push 200306
7.7.7.7-133<c>/64
*[L-ISIS/14] 00:00:18, metric 3
> to 21.0.2.2 via ge-0/0/1.0, Push 200307
to 21.0.3.2 via ge-0/0/2.0, Push 200307
Note that the routes in inetcolor.0 are suffixed with the color 133 and the prefix
length is 64 bits. By default, flex-algo routes use the algorithm number as color.
The color can be modified with this configuration in the flex-algorithm definition:
set routing-options flex-algorithm 133 color 100
Traceroute can be used to further to verify the exact path traversed to R4 in flex-
algo 133. In the next traceroute command to R4 with 200304 in the label-stack con-
firms that the path taken from R0 to R4 is R0->R2->R3-R4 and
R0->R2->R5->R4.
Note that the per-prefix load balancing policies need to be configured to get the
ECMP paths:
set routing-options forwarding-table export pplb
set policy-options policy-statement pplb term t1 then load-balance per-packet
set policy-options policy-statement pplb term t1 then accept
FEC-Stack-Sent: SPRING-TE
ttl Label Protocol Address Previous Hop Probe Status
3 3 Static 21.3.4.2 21.2.3.2 Egress
FEC-Stack-Sent: SPRING-TE
Native flex-algo based MPLS ping and traceroute are also supported in future re-
leases. This mechanism can be used to verify flex-algo paths when the intermediate
routers support FEC validation. In Junos, this MPLS ping and traceroute uses the
same FEC definition that is defined in RFC 8287 for prefix-SIDs:
regress@R0> ping mpls segment-routing isis 4.4.4.4 algorithm 133
!!!!!
--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
MPLS ping and traceroute mechanisms can be used either to manually validate the
paths or for debugging purposes. Applications can be built using the output of tra-
ceroute to verify whether the expected path is being taken in the forwarding plane.
65 Protection for Flex-Algo Paths (TI_LFA _Flex-algo)
Note that for 2.2.2.2 in flex-algo 133 topology, R0->R2 is the primary and backup
is via R1->R3->R2. Note also that the TI-LFA path uses SIDs that have the N-bit
set. The flex-algo SIDs advertised from each node should have the “node-segment”
for TI-LFA computation to correctly pick-up flex-algo SIDs for building a backup
path.
Migrating to Flex-Algo
All the nodes that participate in the flex-algo must be upgraded and configured to
participate in the flex-algo. The routers that cannot be upgraded and do not sup-
port flex-algo will not participate in the flex-algo topology.
There are various ways in which service traffic can be mapped onto the flex-algo or
TE paths. Color-based steering is one such mechanism that is supported in current
releases. In future releases, CBF (CoS-based forwarding) and FBF (filter-based for-
warding) will also be supported.
Color-based steering mechanisms use color extended community in the BGP ser-
vice prefix to steer the traffic onto a particular flex-algo. On the egress node, a col-
or extended community is configured and associated with a BGP service prefix.
Color resolution should be enabled so that the BGP service prefix can resolve on
the inetcolor.0 table. This can be achieved in two ways:
extended-nexthop-color
resolution-map policy
Using extended-nexthop-color
For BGP service family inet unicast and inet6 unicast, enabling extended-nexthop-
color on the BGP session on both sides will enable the resolution on the inetcolor.0
table:
set protocols bgp group R6 family inet unicast extended-nexthop-color
A BGP import policy is configured on R0 that adds a red color community to the
VPN prefix and sets the resolution-map to rmap-1. In the resolution-map rmap_1 the
mode is set to ip-color mode. This ensures the VPN prefix resolves on inetcolor.0
with color 133:
regress@R0# run show route 99.1.1.0
Note that the VPN prefix is using the flex-algo label 200307 to send the traffic,
which is flex-algo 133 SID for R7.
Fallback Mechanisms
In certain use cases, when the flex-algo path is not available the operator might
prefer to send the traffic on the best effort path instead of dropping the traffic. This
can be achieved by copying the L-ISIS or the LDP routes into the inetcolor.0 using
ribgroups copy.
In our lab we’ll configure ribgroups for ISIS and copy the inet.3 routes into inet-
color.0. This ensures that when there is no flex-algo route for a prefix, it will take
the best effort ISIS SPF path.
Configure a rib group to set the import RIB to copy routes from inet.3 to
inetcolor.0:
set routing-options rib-groups isis_inet3to_inetcolor import-rib [ inet.3 inetcolor.0]
Verify that ISIS-SR routes identified by protocol L-ISIS are copied into the inet-
color.0 table:
regress@R0# run show route table inetcolor.0
1.1.1.1-0<c>/32
*[L-ISIS/14] 00:00:42, metric 2
> to 21.0.2.2 via ge-0/0/1.0, Push 200101
to 21.0.3.2 via ge-0/0/2.0, Push 200101
69 Fallback Mechanisms
1.1.1.1-133<c>/64
*[L-ISIS/14] 00:00:42, metric 12
> to 21.0.2.2 via ge-0/0/1.0, Push 200301
2.2.2.2-0<c>/32
*[L-ISIS/14] 00:00:42, metric 1
> to 21.0.2.2 via ge-0/0/1.0
2.2.2.2-133<c>/64
*[L-ISIS/14] 00:00:42, metric 1
> to 21.0.2.2 via ge-0/0/1.0
3.3.3.3-0<c>/32
*[L-ISIS/14] 00:00:42, metric 1
> to 21.0.3.2 via ge-0/0/2.0
to 21.0.2.2 via ge-0/0/1.0, Push 200103, Push 200101(top)
3.3.3.3-133<c>/64
*[L-ISIS/14] 00:00:42, metric 11
> to 21.0.2.2 via ge-0/0/1.0, Push 200303
4.4.4.4-0<c>/32
*[L-ISIS/14] 00:00:42, metric 2
> to 21.0.2.2 via ge-0/0/1.0, Push 200104
4.4.4.4-133<c>/64
*[L-ISIS/14] 00:00:42, metric 12
> to 21.0.2.2 via ge-0/0/1.0, Push 200304
5.5.5.5-0<c>/32
*[L-ISIS/14] 00:00:42, metric 2
> to 21.0.3.2 via ge-0/0/2.0, Push 200105
to 21.0.2.2 via ge-0/0/1.0, Push 200105, Push 200101(top)
5.5.5.5-133<c>/64
*[L-ISIS/14] 00:00:42, metric 2
> to 21.0.2.2 via ge-0/0/1.0, Push 200305
6.6.6.6-0<c>/32
*[L-ISIS/14] 00:00:42, metric 3
> to 21.0.2.2 via ge-0/0/1.0, Push 200106
to 21.0.3.2 via ge-0/0/2.0, Push 200106
6.6.6.6-133<c>/64
*[L-ISIS/14] 00:00:42, metric 12
> to 21.0.2.2 via ge-0/0/1.0, Push 200306
7.7.7.7-0<c>/32
*[L-ISIS/14] 00:00:42, metric 3
> to 21.0.2.2 via ge-0/0/1.0, Push 200107
to 21.0.3.2 via ge-0/0/2.0, Push 200107
7.7.7.7-133<c>/64
*[L-ISIS/14] 00:00:42, metric 3
> to 21.0.2.2 via ge-0/0/1.0, Push 200307
Note that the L-ISIS routes are copied into the inetcolor.0 table with color being 0
and prefix length being 32. Setting a fallback mechanism ensures that when there
is no route in one of the flex-algo topologies for a certain destination, the traffic
follows the best effort ISIS path. Note that the example topology we have taken
with flex-algo 133 configured on all nodes, the fallback mechanism may not offer
any great benefit because when there are failures, the low latency flex-algo 133 will
converge onto the next available lowest latency path. The fallback mechanisms are
very useful when flex-algo is used to separate routing planes. If there is a failure in
one plane and the plane is completely partitioned, the fallback mechanism will en-
sure traffic will be forwarded on the best effort path and not dropped.
70 Chapter 9: Separating Routing Planes with Flex-Algo
Troubleshooting Flex-Algo
When something goes wrong, there should be enough information captured in dis-
plays to help troubleshoot and find the root cause. This is especially true when a
new feature is introduced into the network. Let’s discuss what can go wrong and
how to determine the root cause in Junos.
Junos has the display command for each flex-algo as shown here:
egress@R0# run show isis spring flex-algorithm flex-algorithm-id 133
Flex Algo: 133
Level: 2, Color: 133, Participating, FAD supported
Winner: R0, Metric: 2, Calc: 0, Prio: 0, FAD supported
Spf Version: 50
Participation toggles: 1
Last Route add: 0
Last Route rem: 0
Last Route chg: 0
Last Route fail: 0
Last Route def: 0
Total Route add: 16
Total Route rem: 0
Total Route chg: 21
Total Route fail: 0
Total Route def: 0
Topo refresh count: 2
Full SPFs: 49, Partial SPFs: 1
IS-IS Flex Algo 133 level 2 SPF log:
Start time Elapsed (secs) Count Reason
Wed Nov 25 22:08:33 0.000460 1 Periodic SPF
Wed Nov 25 22:11:15 0.000250 38 Reconfig
Wed Nov 25 22:14:59 0.000453 1 Reconfig
Wed Nov 25 22:15:10 0.000270 20 Updated LSP R3.00-00
Wed Nov 25 22:15:15 0.000224 12 Updated LSP R3.00-00
Wed Nov 25 22:15:19 0.000307 11 Updated LSP R4.00-00
Wed Nov 25 22:15:24 0.000330 6 Updated LSP R6.00-00
Wed Nov 25 22:15:28 0.000215 3 Updated LSP R6.00-00
Wed Nov 25 22:16:55 0.000343 1 Reconfig
Wed Nov 25 22:19:35 0.000344 2 Reconfig
Wed Nov 25 22:20:05 0.000396 3 Reconfig
Wed Nov 25 22:25:53 0.000345 4 Reconfig
Wed Nov 25 22:26:04 0.000224 3 Updated LSP R1.00-00
Wed Nov 25 22:26:11 0.000337 3 Updated LSP R2.00-00
Wed Nov 25 22:26:17 0.000245 3 Updated LSP R3.00-00
Wed Nov 25 22:26:23 0.000309 2 Updated LSP R4.00-00
Wed Nov 25 22:26:27 0.000302 2 Updated LSP R5.00-00
Wed Nov 25 22:26:33 0.000316 3 Updated LSP R6.00-00
Wed Nov 25 22:26:36 0.000294 2 Updated LSP R7.00-00
Wed Nov 25 22:37:33 0.000501 2 Updated LSP R6.00-00
Wed Nov 25 22:47:08 0.000381 1 Reconfig
Wed Nov 25 22:47:53 0.000400 1 Reconfig
Wed Nov 25 23:01:18 0.000473 1 Periodic SPF
Wed Nov 25 23:15:46 0.000298 1 Periodic SPF
Wed Nov 25 23:29:04 0.000248 1 Periodic SPF
71 Troubleshooting Flex-Algo
Okay, let’s look at some possible problems and how to use the information in this
display to identify these problems.
Everything in IGP revolves around SPF computations. With flex-algo, IGP per-
forms multiple SPF computations, once each for each flex-algo. It is very useful to
have a display that shows how many times SPF was triggered and the reason for
the SPF trigger for each flex-algo. Note that a change in a certain flex-algo topol-
ogy will result in a SPF computation in the default topology and that particular
topology. The flex-algo topologies that are not impacted by the change will not
trigger SPF. This show command shows the SPF log for the flex-algo:
egress@R0# run show isis spring flex-algorithm flex-algorithm-id 133
…….
…..
The above display shows the SPF history log for flex-algo 133. It records the time
SPF was triggered and the reason for the trigger along with total time taken for the
SPF computation. This information is very helpful in debugging any SPF related
problems in a flex-algo.
Route Changes
Route changes in a network are another important parameter. It is useful to be
able to have an insight into route changes that are taking place on a node. Con-
tinuously churning routes can cause unwanted load on the CPU. Junos has display
information that records route changes and thus provides the ability to detect
route churn on flex-algo routes:
73 Troubleshooting Flex-Algo
The SPF version specifies the number of times SPF was done on this topology. Par-
ticipation toggles indicate if this node oscillated being part of flex-algo and not be-
ing part of flex-algo. The fields with “Last” tags indicate the route changes that
occurred in last SPF run and Fields tagged with “Total” indicate the cumulative
route changes due to all SPF runs. The “Topo refresh count” field indicates the
number of times the flex-algo topology has been updated. This field is useful to
debug if the flex-algo topology changes are being accounted for the SPF runs. Full
SPFs and Partial SPFs indicate the number of SPFs since the inception of the
flex-algo.
MPLS Routes
-----------
74 Chapter 9: Separating Routing Planes with Flex-Algo
You can see that the output shows three different tables. The IPv4/IPv6 table
shows the pure IP routes for the flex-algo 133. These routes are not downloaded to
any RIB by default.
MPLS Routes shows the routes that get downloaded into mpls.0 tables for this flex-
algo. IPv4/IPv6 MPLS Routes shows the labeled routes that get downloaded into
inetcolor.0
[edit]
regress@R0#
On R2, 10 packets will be counted for the label 200306. This can be verified using
PFE commands:
request pfe execute command "show agent sensor" target fpc0 | grep "per-sid" |no-more
3442950488 per-sid 5000(0)
regress@R0> request pfe execute command "show agent sensor id 3442950488" target fpc0 | no-more
This chapter’s topology runs ISIS as the IGP, LDP at the edge, and RSVP in the
core, all according to the following metrics:
Routers R0, R1, R2, R3 are running LDP.
Routers R2, R3, R4, R5 are ‘super cores’ and have RSVP enabled.
RSVP LSPs are established between routers R2, R3, R4, and R5.
When many large networks have similar deployments, they run RSVP in the inner
(super) core, LDP at the edge, and then tunnel LDP over the RSVP core (LDPoRS-
VP). This solution reduces the number of full mesh RSVP LSPs.
Now let’s migrate this network to SRoRSVP and remove LDP from the network.
The network currently looks like Figure 10.1.
78 Chapter 10: Migrating LDP Over RSVP Transport to SR Over RSVP
There are two LSPs configured in the super core; the Red LSP and the Blue LSP:
The Red RSVP LSP spans R2->R3->R4
Enable ISIS-SR
Shift traffic to SR
As expected, both LSPs are up. The next step is to verify traffic initiated from, or
routed via, R2 towards R6 is indeed using the RSVP tunnels. In order to do so let’s
take a look at the routing table:
regress@R2# run show route protocol ldp
As you can observe from the output, you can reach R6 (6.6.6.6) via both LSPs:
6.6.6.6/32 *[LDP/9] 00:12:49, metric 1
> to 21.2.3.2 via ge-0/0/2.0, label-switched-path red_lsp
to 21.2.5.2 via ge-0/0/4.0, label-switched-path blue_lsp
Also, observing the routing table you can now see the following:
inet.3: 20 destinations, 33 routes (7 active, 0 holddown, 17 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 [L-ISIS/14] 00:00:05, metric 1
> to 21.1.2.1 via ge-0/0/1.0
to 21.0.2.1 via ge-0/0/0.0, Push 200101, Push 200103(top)
3.3.3.3/32 [L-ISIS/14] 00:00:05, metric 2
> to 21.0.2.1 via ge-0/0/0.0, Push 200103
to 21.1.2.1 via ge-0/0/1.0, Push 200103
82 Chapter 10: Migrating LDP Over RSVP Transport to SR Over RSVP
MORE? Further reading on ISIS traffic engineering shortcuts can be found in the
following resources:
https://www.juniper.net/documentation/en_US/junos/topics/reference/configu-
ration-statement/traffic-engineering-edit-protocols-isis.html
https://www.juniper.net/documentation/en_US/junos/topics/reference/configu-
ration-statement/shortcuts-edit-protocols-isis.html
https://www.juniper.net/documentation/en_US/junos/topics/example/isis-traf-
fic-engineering.html
Shortcuts are enabled on a per-node basis. You do not need to coordinate with
other nodes. Let’s enable some shortcuts for labeled ISIS by issuing:
set protocols isis traffic-engineering family inet-mpls shortcuts
Notice that the next hops of the L-ISIS routes are changed to the LSPs. This is in
line with what’s expected.
TIP Shortcuts can be enabled for different address families in the ISIS configu-
ration: set protocols isis traffic-engineering family inet shortcuts will shortcut
ISIS IP routes; set protocols isis traffic-engineering family inet-mpls shortcuts will
shortcut only L-ISIS SID routes.
Again, verify the ISIS routes on R2. Note that ISIS routes are now stitched to
RSVP:
regress@R2# run show route table inet.3
NOTE The remaining part of this chapter assumes both family inet shortcuts and
family inet-mpls shortcuts are enabled.
MPLS Ping
Use mpls ping functionality to diagnose the state of label-switched paths (LSPs),
Layer 2 and Layer 3 VPNs, and Layer 2 circuits. You can ping an MPLS endpoint
using various options. You can send variations of ICMP echo request packets to
the specified MPLS endpoint.
When you use the ping MPLS task from Junos operating as the inbound (ingress)
node at the entry point of an LSP or VPN, the routing platform sends probe pack-
ets into the LSP or VPN. Depending on how the LSP or VPN outbound (egress)
node at the remote endpoint of the connection replies to the probes, you can deter-
mine the connectivity of the LSP or VPN.
Each probe is an echo request sent to the LSP or VPN exit point as an MPLS pack-
et with a UDP payload. If the outbound node receives the echo request, it checks
the contents of the probe and returns a value in the UDP payload of the response
packet. If the initiator receives the response packet, it reports a successful ping re-
sponse. Responses that take longer than two seconds are identified as failed
probes.
MORE? Further good reading on mpls ping at the Juniper TechLibrary: https://
www.juniper.net/documentation/en_US/junos-space-apps/connectivity-services-
director2.0/topics/concept/ping-mpls-for-csd.html
Note that path 2 via ge-0/0/2.0, destination 127.0.1.64, the traffic is load-balanced
across red_lsp and blue_lsp on R2. The paths for 6.6.6.6 for LDP and L-ISIS
match with each other.
NOTE Always make sure you fully understand the impact on the whole routing
ecosystem when changing, lowering, or increasing the preference of routes as this
potentially influences other routes as well. Make sure to thoroughly test this
upfront in your lab before making these changes in the production network.
After changing the preference let’s see how 6.6.6.6 now resolves in inet.3:
[edit]
regress@R0# run show route 6.6.6.6
[edit]
As expected, the route to 6.6.6.6 is now preferred over ISIS-SR.
Chapter 11
In some scenarios it isn’t possible to upgrade parts of the network from LDP to SR.
Segment Routing Traffic Engineering (SR-TE) offers options to transport LDP over
it: (https://www.juniper.net/documentation/en_US/junos/topics/concept/tunneling-
ldp-over-srte.html).
This chapter looks at such a scenario where R0, R1, R6, and R7 can’t be upgraded
and so we’ll enable SR on the core routers (R2, R3, R4, and R5) only and then
transport LDP over it.
Tunneling LDP over SR-TE is beneficial because it:
Enables seamless migration of LDP over SR-TE in the core network.
In this case there are some routers (R0, R1, R6, and R7) in the network that do not
support SR capabilities and we want to continue using those routers (running
LDP) without a need for an upgrade. In such scenarios, the LDP over SR-TE tun-
neling feature provides the interoperability benefit of using the routers that are not
SR capable (running LDP) with routers that are SR capable (running SR-TE).
The LDP LSPs are tunneled through the SR-TE network, enabling interworking of
LDP LSPs with SR-TE LSPs. For example, if you have LDP domains on the pro-
vider edge network and SR-TE in the core network, then you can connect the LDP
domains over SR-TE, as shown in Figure 11.1. You can continue to have IGP
(OSPF or IS-IS) in the traffic engineered core and in the surrounding LDP domains.
Tunneling LDP over SR-TE provides consistency that coexists with both LDP LSPs
and SR-TE LSPs.
You can also tunnel LDP over SR-TE between LDP domains connected to inter-
region core networks. For example, if you have multiple regional LDP domains
connected to the regional SR-TE core networks you can tunnel LDP across the in-
ter-region SR-TE core networks.
Note that there is no L-ISIS route to 3.3.3.3. This is because the next hop is going
towards R0 and R1, which are not SR capable. You can observe that the LDP
routes are created for 3.3.3.3:
regress@R2# run show route 3.3.3.3
Using mpls ping and traceroute you can verify that the SR paths are installed cor-
rectly. Review how to do this in the previous chapters.
Now configure the SR-TE LSP taking the path R2->R3->R4 using static adjacency
SIDs (adj-SIDs). The advantage of using static adj-SID is that it will remain stable
and does not change when a link flap occurs.
We define static adj-SIDs on R2 and R3 so that we can build a path from R2->R3-
>R4. Static adj-SIDs can be protected or unprotected. While advertising protected
static adjacency SIDs, make sure protection is enabled on the link.
93 Configuring SR-TE LSPs
NOTE These examples show the configuration using static SR-TE but the same
could be done with Juniper Paragon Pathfinder (formerly NorthStar Controller)
with PCEP. See this link for further details: https://www.juniper.net/us/en/prod-
ucts-services/network-automation/paragon-pathfinder/.
regress@R2# run show route 4.4.4.4
NOTE Keep in mind that preference is important here: SR-TE and RSVP can be
configured with relative preferences. The tunnel source that has the highest
preference will be chosen to shortcut and when not configured the next preferred
source will be used.
95 Enable LDP Over SR-TE (LDPoSR-TE)
You can see that the LDP and the ISIS routes are now stitched onto the spring-te
tunnel. In other words, you have successfully enabled LDPoSR-TE.
R0 Configuration:
regress@R0> show configuration interfaces |display set
R1 configuration:
regress@R1> show configuration interfaces |display set
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 description ConnectedToR2
set interfaces ge-0/0/1 unit 0 vlan-id 12
set interfaces ge-0/0/1 unit 0 family inet address 21.1.2.1/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 0 description ConnectedToR3
set interfaces ge-0/0/2 unit 0 vlan-id 13
set interfaces ge-0/0/2 unit 0 family inet address 21.1.3.1/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set interfaces lo0 unit 0 family iso address 47.0005.0019.2168.1101.00
R2 Configuration:
regress@R2> show configuration interfaces |display set
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 description ConnectedToR0
set interfaces ge-0/0/0 unit 0 vlan-id 2
set interfaces ge-0/0/0 unit 0 family inet address 21.0.2.2/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 description ConnectedToR1
set interfaces ge-0/0/1 unit 0 vlan-id 12
set interfaces ge-0/0/1 unit 0 family inet address 21.1.2.2/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 0 description ConnectedToR3
set interfaces ge-0/0/2 unit 0 vlan-id 23
set interfaces ge-0/0/2 unit 0 family inet address 21.2.3.1/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/3 unit 0 description ConnectedToR4
set interfaces ge-0/0/3 unit 0 vlan-id 24
set interfaces ge-0/0/3 unit 0 family inet address 21.2.4.1/24
set interfaces ge-0/0/3 unit 0 family iso
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/4 unit 0 description ConnectedToR5
set interfaces ge-0/0/4 unit 0 vlan-id 25
set interfaces ge-0/0/4 unit 0 family inet address 21.2.5.1/24
set interfaces ge-0/0/4 unit 0 family iso
set interfaces ge-0/0/4 unit 0 family mpls
R3 Configuration:
regress@R3> show configuration interfaces |display set
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 description ConnectedToR0
set interfaces ge-0/0/0 unit 0 vlan-id 3
set interfaces ge-0/0/0 unit 0 family inet address 21.0.3.2/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
R4 Configuration:
regress@R4> show configuration interfaces |display set
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 0 description ConnectedToR4
set interfaces ge-0/0/2 unit 0 vlan-id 24
set interfaces ge-0/0/2 unit 0 family inet address 21.2.4.2/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/3 unit 0 description ConnectedToR4
set interfaces ge-0/0/3 unit 0 vlan-id 34
set interfaces ge-0/0/3 unit 0 family inet address 21.3.4.2/24
set interfaces ge-0/0/3 unit 0 family iso
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/4 unit 0 description ConnectedToR5
set interfaces ge-0/0/4 unit 0 vlan-id 45
set interfaces ge-0/0/4 unit 0 family inet address 21.4.5.1/24
set interfaces ge-0/0/4 unit 0 family iso
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces ge-0/0/5 vlan-tagging
101 Legacy Network Configuration
R5 Configuration:
regress@R5> show configuration interfaces |display set
R6 Configuration:
regress@R6> show configuration interfaces |display set
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 description ConnectedToR0
set interfaces ge-0/0/0 unit 0 vlan-id 6
set interfaces ge-0/0/0 unit 0 family inet address 21.0.6.2/24
set interfaces ge-0/0/0 unit 0 family inet address 121.1.1.1/24
set interfaces ge-0/0/0 unit 0 family inet address 121.2.1.1/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/5 vlan-tagging
set interfaces ge-0/0/5 unit 0 description ConnectedToR4
set interfaces ge-0/0/5 unit 0 vlan-id 46
set interfaces ge-0/0/5 unit 0 family inet address 21.4.6.2/24
103 Legacy Network Configuration
R7 Configuration:
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 description ConnectedToR0
set interfaces ge-0/0/0 unit 0 vlan-id 7
set interfaces ge-0/0/0 unit 0 family inet address 21.0.7.2/24
set interfaces ge-0/0/0 unit 0 family inet address 131.1.1.1/24
set interfaces ge-0/0/0 unit 0 family inet address 131.2.1.1/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/5 vlan-tagging
set interfaces ge-0/0/5 unit 0 description ConnectedToR4
set interfaces ge-0/0/5 unit 0 vlan-id 47
set interfaces ge-0/0/5 unit 0 family inet address 21.4.7.2/24
set interfaces ge-0/0/5 unit 0 family iso
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 unit 0 description ConnectedToR5
set interfaces ge-0/0/6 unit 0 vlan-id 57
set interfaces ge-0/0/6 unit 0 family inet address 21.5.7.2/24
set interfaces ge-0/0/6 unit 0 family iso
set interfaces ge-0/0/6 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 47.0005.0019.2168.1107.00
Enabling OSPF-SR
Router R0 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 100
Router R1 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 101
Router R2 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 102
Router R3 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 103
106 Appendix A: Baseline Lab Configuration
Router R4 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 104
Router R5 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 105
Router R6 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 106
Router R7 Configuration:
set chassis network-services enhanced-ip
set protocols ospf source-packet-routing srgb start-label 400000
set protocols ospf source-packet-routing srgb index-range 5000
set protocols ospf source-packet-routing node-segment ipv4-index 107
Router R0 Configuration:
set protocols ospf area 0 interface ge-0/0/1.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R1 Configuration:
set protocols ospf area 0 interface ge-0/0/1.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R2 Configuration:
set protocols ospf area 0 interface ge-0/0/0.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/1.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/3.0 post-convergence-lfa
107 Enabling TI-LFA protection
Router R3 Configuration:
set protocols ospf area 0 interface ge-0/0/0.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/3.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/4.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/5.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R4 Configuration:
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/3.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/4.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/5.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/6.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R5 Configuration:
set protocols ospf area 0 interface ge-0/0/2.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/3.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/4.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/5.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/6.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R6 Configuration:
set protocols ospf area 0 interface ge-0/0/5.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/6.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
Router R7 Configuration:
set protocols ospf area 0 interface ge-0/0/5.0 post-convergence-lfa
set protocols ospf area 0 interface ge-0/0/6.0 post-convergence-lfa
set protocols ospf backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
108 Appendix A: Baseline Lab Configuration
Router R6 Configuration:
set interfaces lo0.0 family inet address 66.66.66.66/32
set policy-options policy-statement sid_assign_policy term one from route-filter 66.66.66.66/32 exact
set policy-options policy-statement sid_assign_policy term one then prefix-segment index 606
set policy-options policy-statement sid_assign_policy term one then accept
set protocols ospf source-packet-routing prefix-segment sid_assign_policy
Router R7 Configuration:
set policy-options policy-statement bgp_export_policy term one from route-
filter 131.1.0.0/16 orlonger
R0 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
109 Enabling ISIS-SR and TI-LFA Protection
R1 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 101
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 2 post-convergence-lfa
set protocols isis interface all level 1 disable
set protocols isis interface fxp0.0 disable
R2 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 102
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface ge-0/0/4.0 point-to-point
set protocols isis interface all level 1 disable
set protocols isis interface fxp0.0 disable
R3 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 103
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface ge-0/0/3.0 level 2 metric 10
set protocols isis interface ge-0/0/4.0 point-to-point
set protocols isis interface ge-0/0/4.0 level 2 metric 100
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface all level 1 disable
set protocols isis interface fxp0.0 disable
R4 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 104
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface ge-0/0/3.0 level 2 metric 100
set protocols isis interface ge-0/0/4.0 point-to-point
set protocols isis interface ge-0/0/4.0 level 2 metric 10
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/6.0 point-to-point
set protocols isis interface all level 1 disable
set protocols isis interface fxp0.0 disable
R5 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 105
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 2 metric 100
111 Enabling ISIS-SR and TI-LFA Protection
R6 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 106
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/6.0 point-to-point
R7 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 107
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/6.0 point-to-point
R0 Configurations:
set services analytics streaming-server jvision-server8 remote-address 100.1.1.2
set services analytics streaming-server jvision-server8 remote-port 2000
set services analytics export-profile export-common local-address 100.1.1.1
set services analytics export-profile export-common local-port 1000
set services analytics export-profile export-common reporting-rate 5
set services analytics export-profile export-common format gpb
set services analytics export-profile export-common transport udp
set services analytics sensor per-sid server-name jvision-server8
set services analytics sensor per-sid export-name export-common
set services analytics sensor per-sid polling-interval 5
set services analytics sensor per-sid resource /junos/services/segment-routing/sid/usage/
set services analytics sensor mpls server-name jvision-server8
set services analytics sensor mpls export-name export-common
set services analytics sensor mpls resource /junos/services/label-switched-path/usage/
Flex-Algo Configurations
R0 Configuration:
set routing-options flex-algorithm 133 definition metric-type te-metric
set routing-options flex-algorithm 133 definition spf
R1 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
set policy-options policy-statement flex_sid_policy term one from route-filter 1.1.1.1/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 301 node-segment
R2 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
R3 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
set policy-options policy-statement flex_sid_policy term one from route-filter 3.3.3.3/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 303 node-segment
R4 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
set policy-options policy-statement flex_sid_policy term one from route-filter 4.4.4.4/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 304 node-segment
R5 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
114 Appendix A: Baseline Lab Configuration
set policy-options policy-statement flex_sid_policy term one from route-filter 5.5.5.5/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 305 node-segment
R6 Configuration:
set protocols bgp group R6 family inet unicast extended-nexthop-color
set policy-options policy-statement flex_sid_policy term one from route-filter 6.6.6.6/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 306 node-segment
R7 Configuration:
set protocols isis source-packet-routing flex-algorithm 133
set protocols isis export flex_sid_policy
set protocols isis traffic-engineering advertisement always
set policy-options policy-statement flex_sid_policy term one from route-filter 7.7.7.7/32 exact
set policy-options policy-statement flex_sid_policy term one then prefix-
segment algorithm 133 index 307 node-segment
Configurations on R0:
set routing-instances vrf-red instance-type vrf
set routing-instances vrf-red route-distinguisher 10.1.1.1:1
set routing-instances vrf-red vrf-import VPN-A-import
set routing-instances vrf-red vrf-export VPN-A-export
Configurations on R7:
set routing-instances vrf-red instance-type vrf
set routing-instances vrf-red interface ge-0/0/1.0
set routing-instances vrf-red route-distinguisher 10.1.1.1:1
set routing-instances vrf-red vrf-import VPN-A-import
set routing-instances vrf-red vrf-export VPN-A-export
set routing-instances vrf-red vrf-target target:100:1
deactivate routing-instances vrf-red vrf-target
set routing-instances vrf-red vrf-table-label
commit
116 Appendix A: Baseline Lab Configuration
R0 Configuration:
regress@R0> show configuration protocols isis|display set
R1 Configuration:
regress@R1> show configuration protocols isis |display set
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface ge-0/0/1.0 level 2 metric 1
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 2 metric 1
set protocols isis interface all level 1 disable
117 Baseline LDPoRSVP Configuration
R2 Configuration:
regress@R2> show configuration protocols isis|display set
set protocols isis level 2 wide-metrics-only
set protocols isis traffic-engineering family inet shortcuts
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface ge-0/0/0.0 level 2 metric 1
R3 Configuration:
regress@R3> show configuration protocols isis |display set
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface ge-0/0/0.0 level 2 metric 1
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 2 metric 1
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface ge-0/0/3.0 level 2 metric 10
set protocols isis interface ge-0/0/4.0 point-to-point
set protocols isis interface ge-0/0/4.0 level 2 metric 100
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/5.0 level 2 metric 1
set protocols isis interface all level 1 disable
set protocols isis interface fxp0.0 disable
set protocols isis interface lo0.0
R4 Configuration:
regress@R4> show configuration protocols isis|display set
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 2 metric 1
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface ge-0/0/3.0 level 2 metric 100
119 Baseline LDPoRSVP Configuration
R5 Configuration:
regress@R5> show configuration protocols isis|display set
R6 Configuration:
regress@R6> show configuration protocols isis|display set
set protocols isis level 2 wide-metrics-only
120 Appendix A: Baseline Lab Configuration
R7 Configuration:
shregress@R7> show configuration protocols isis |display set
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/5.0 point-to-point
set protocols isis interface ge-0/0/5.0 level 2 metric 1
set protocols isis interface ge-0/0/6.0 point-to-point
set protocols isis interface ge-0/0/6.0 level 2 metric 1
121 Enabling ISIS-SR and Stitching to RSVP
R0 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa
set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link ingress
set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link egress
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 100
R1 Configuration:
set protocols isis backup-spf-options use-post-convergence-lfa
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 101
R2 Configuration:
regress@R2> show configuration protocols isis|display set
set protocols isis backup-spf-options use-post-convergence-lfa
R3 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 103
R4 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 104
R5 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 105
R6 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 106
123 LDPoSRTE Configurations
R7 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 107
LDPoSRTE Configurations
Base configuration is the same as the previous chapter, enabling ISIS SR on R2, R3,
R4, and R5.
R2 Configuration:
regress@R2> show configuration protocols isis|display set
set protocols isis backup-spf-options use-post-convergence-lfa
R3 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 103
R4 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 104
R5 Configuration:
set protocols isis source-packet-routing sensor-based-stats per-sid ingress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
set protocols isis source-packet-routing srgb start-label 200000
set protocols isis source-packet-routing srgb index-range 5000
set protocols isis source-packet-routing node-segment ipv4-index 105
Appendix B: LDP to SR Migration Using SR-TE
Policy
By Colby Barth and Jordan Stewart, Juniper Networks
This appendix explores how to incrementally migrate from LDP to SR using SR-
TE policies. The end result is not just migration to “segment routing” but a migra-
tion to using SR-TE policies that set a foundation for taking advantage of many of
SR’s innovations.
The topology shown in Figure B.1 is used here. The network is using ISIS for inter-
nal reachability advertisements and LDP as the label distribution protocol.
You can see that a new L-ISIS route has been added to the inet.3 RIB but by de-
fault, LDP is still preferred due to its better route preference than the newly added
SR route. Notice that the SR route pushes label 106 for packets to reach R6, this
will be an interesting detail later.
126 Appendix B: LDP to SR Migration Using SR-TE Policy
Now, back to adding that SR-TE-policy. Let’s add a policy on R1 to R6. We’ll le-
verage a dynamic computation service by adding the compute keyword to the pri-
mary segment-list, (see Figure B.3). Dynamic compute can refer to local
compute-profiles in the event more sophisticated constraint-based paths are
desired.
Notice that the SPRING-TE route is now preferred, but to the better protocol prefer-
ence, and it’s using the same prefix SID/label as the L-ISIS route. Thus it’s taking
the shortest path just like the L-ISIS route, and just like the LDP tunnel did. Now
we have incrementally migrated to using segment-routing for all packets from R1 to
R6. This process can be repeated on a destination-by-destination basis as needed.
But what if you want to be more granular?
Now let’s have another look at that same route, 1.1.1.6, on R1:
regress@R1# run show route table inet.3 1.1.1.6
Notice the route is now gone from inet.3 and has been put into the inetcolor.0 RIB.
It still uses the same node SID/label as the original L-ISIS route:
regress@R1# run show route table inetcolor.0
1.1.1.6-123<c>/64
*[SPRING-TE/8] 00:01:48, metric 1, metric2 30
> to 10.1.12.2 via ge-0/0/1.0, Push 106
Now you can add a BGP extended color community to a prefix/service-route that
results in that route resolving over inetcolor.0 routes with the same color instead of
inet.3. As mentioned before, this would facilitate a migration on a service-route
by service-route basis.
That covers two options for incremental transition from LDP to segment-routing
using SR-TE policies. But what about automation? Could the manual creation of
many SR-TE policies present a somewhat cumbersome barrier?
Let’s add the following dynamic-tunnels template to the configuration to trigger the
dynamic creation of the SR-TE policies:
[edit routing-options]
dynamic-tunnels {
dyn-sr-te-lsps {
spring-te {
source-routing-path-template {
sr-te-template color 123;
}
destination-networks {
1.1.1.0/24;
The configuration results in the dynamic creation of shortest path SR-TE policies
when service routes arrive from the service route protocol next hops. You can see
that the dynamic-tunnels have been created as they are maintained in a dynamic-
tunnel database:
regress@R1> show dynamic-tunnels database terse
*- Signal Tunnels #- PFE-down
Table: inetcolor.0
Destination-network: 1.1.1.0-0<c>/24
Destination Source Next-hop Type Status
1.1.1.6-123<c>/64 -
1.1.1.6:64:sr-te-temp spring-te Established
1.1.1.7-123<c>/64 -
1.1.1.7:64:sr-te-temp spring-te Established
And further, now you can also bring up the SPRING-TE routes in inetcolor.0 as done
in the previous examples. Since this example included service routes from R7, you
also see a route to 1.1.1.7 with the label 107 corresponding to the SID advertised
via segment-routing IGP extensions:
regress@R1> show route table inetcolor.0
1.1.1.0-0<c>/24
*[Tunnel/305] 2d 21:12:26
Tunnel
1.1.1.6-123<c>/64
*[SPRING-TE/8] 00:01:48, metric 1, metric2 30
> to 10.1.12.2 via ge-0/0/1.0, Push 106
1.1.1.7-123<c>/64
*[SPRING-TE/8] 00:01:49, metric 1, metric2 30
> to 10.1.12.2 via ge-0/0/1.0, Push 107
Summary
This short appendix explored a few scenarios for incrementally migrating from
LDP to SR using SR-TE policies. It covered the relative priorities between route
entries of different protocols, service-mapping with BGP extended community col-
ors, and, finally, how to automate the creation of SR-TE policies. The end result is
not just a migration to SR but also setting a foundation to take advantage of many
of SR’s innovations in the TE space.
Appendix C: SR Auto-bandwidth Using Express-
Segments
By Colby Barth and Jordan Stewart, Juniper Networks
Let’s start by looking at a pretty simple MPLS auto-bandwidth deployment de-
picted in Figure C.1. The network topology is the classic Fish Network and the
operator has chosen to deploy MPLS auto-bandwidth so that the resources of the
network can be used efficiently based on the incoming traffic towards network
destinations.
There are two LSPs configured on R1; one to R6 and another to R7. The LSPs are
configured as auto-bandwidth LSPs. The #/# values on each link in Figure C.6
represent the IGP/TE metrics of the links.
132 Appendix C: SR Auto-bandwidth Using Express-Segments
The MPLS LSPs use the local TED, shown in Figure C.2, to calculate routes for the
LSPs. Notice that all the nodes and links of the topology shown in Figure C.1
above are represented in the local TED. The IGP and TE metrics are deployed
symmetrically and equally, as depicted in Figure C.1 above, so as to represent the
distance between routers for facilitating least delay routing. The IGP and TE met-
rics can be seen in the detailed view of each of the TE-link in the local TED, shown
in Figure C.2.
Note that there are two TED instances in Junos:
Default Traffic Engineering TED Instance: This is populated by ISIS, OSPF, and
BGP-LS (via TED-export policy), and is used by the compute-engine that com-
putes RSVP-TE paths.
L3-Unicast Topology instance: This is populated by ISIS, OSPF, BGP-LS (via
TEDexport policy), BGP-EPE and express-segments, and the DB is used by the
compute-engine that computes SR-TE paths.
Here’s the local traffic-engineering database:
regress@R1> show ted link topology-type traffic-engineering
ID ->ID LocalPath LocalBW
R1.00(1.1.1.1) R3.00(1.1.1.3)
0 0bps
R1.00(1.1.1.1) R2.00(1.1.1.2) 0 0bps
R2.00(1.1.1.2) R1.00(1.1.1.1)
0 0bps
R2.00(1.1.1.2) R5.00(1.1.1.5)
0 0bps
R3.00(1.1.1.3) R1.00(1.1.1.1)
0 0bps
R3.00(1.1.1.3) R4.00(1.1.1.4)
0 0bps
<truncated>
133 Creating a Customized Topology with Express-segments
Express-segment templates for calling the policy and creating the te-links
red;
}
}
segment-set auto-create-blue {
membership-policy all-lsps;
template {
blue;
}
}
traffic-engineering;
You can see in the next output of show express-segments the adj-SID/label assigned
to the te-link along with the symbolic name, link IDs, etc. You can also see the
newly created l3-unicast topology database that contains these express-segment
te-links and a detailed view of one reveals the inherited attributes from the under-
lay paths and the manually assigned colors:
regress@R1> show express-segments
To Segment Link Status Elapsed Segment
Label LocalID Time Name
-- ------- ------- ------ ------- -------
1.1.1.6 26 2147483659 Up (T) 16:44:32 auto-create-blue-1.1.1.6
1.1.1.7 28 2147483661 Up (T) 16:44:32 auto-create-blue-1.1.1.7
1.1.1.6 27 2147483660 Up (T) 16:44:32 auto-create-red-1.1.1.6
1.1.1.7 29 2147483662 Up (T) 16:44:32 auto-create-red-1.1.1.7
NOTE In the compute-profile you need to disable label compression, since in this
example R1 does not have a prefix SID for R6 because no SR IGP extensions have
been enabled in the network.
You can now look at the resulting SR policy in more detail to see what has been
calculated. Notice that a single segment-list has been computed and the top-most
label is 27. Label: 27 is the label that was assigned to the express-segment shown
before. The calculated metrics are also those inherited by the express-segment:
regress@R1> show spring-traffic-engineering lsp name to-r6-red detail
Name: to-r6-red
Tunnel-source: Static configuration
To: 1.1.1.6-10<c>
State: Up
Path: sl1
Outgoing interface: NA
Auto-translate status: Disabled Auto-translate result: N/A
Compute Status:Enabled , Compute Result:success , Compute-Profile Name:default-red
Total number of computed paths: 1
Computed-path-index: 1
BFD status: N/A BFD name: N/A
TE metric: 132, IGP metric: 30; Metric optimized by type: TE
computed segments count: 1
137 Ingress SR-TE Policy Creation
You can also look at the resulting SPRING-TE route, added to the inetcolor.0 RIB, to
verify that service route resolution is as expected. In the following output you can
see that something looks different! Why is the label operation not ‘push 27’?
regress@R1> show route table inetcolor.0
1.1.1.6-10<c>/64
*[SPRING-TE/8] 03:22:55, metric 1, metric2 30
> to 10.1.12.2 via ge-0/0/1.0, Push 21
The Push 21 operation for the SPRING-TE route is using the express-segment that is an
abstraction of the underlay MPLS LSP from R1 to R6 (Figure C.4). If you look at
the MPLS LSP and the mpls.0 RIB you can see where the label 21 comes from.
1.1.1.6
From: 1.1.1.1, State: Up, ActiveRoute: 0, LSPname: to-r6, LSPid: 7
<snip>
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)
10.1.12.2 S 10.1.25.2 S 10.1.56.2 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt):
10.1.12.2(Label=21) 10.1.25.2(Label=23) 10.1.56.2(Label=3)
138 Appendix C: SR Auto-bandwidth Using Express-Segments
Summary
Junos express-segments, https://datatracker.ietf.org/doc/draft-saad-sr-fa-link/, of-
fer a powerful migration option through underlay topology abstraction. Abstrac-
tion allows the use of a policy to represent the potential ability to interconnect
many endpoints. Thus, abstraction does not necessarily offer all possible connec-
tivity options, but presents a view of potential connectivity according to the poli-
cies that determine how the domain’s administrator wants to allow the domain
resources to be used.