vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
vyos-documentation/docs/configuration/protocols/segment-routing.rst

564 lines
22 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. _segment-routing:
###############
Segment Routing
###############
Segment Routing (SR) is a network architecture that is similar to
source-routing.In this architecture, the ingress router adds a list of segments,
known as SIDs, to the packet as it enters the network. These segments represent
different portions of the network path that the packet will take.
The SR segments are portions of the network path taken by the packet, and are
called SIDs. At each node, the first SID of the list is read, executed as a
forwarding function, and may be popped to let the next node read the next SID of
the list. The SID list completely determines the path where the packet is
forwarded.
Segment Routing can be applied to an existing MPLS-based data plane and defines
a control plane network architecture. In MPLS networks, segments are encoded as
MPLS labels and are added at the ingress router. These MPLS labels are then
exchanged and populated by Interior Gateway Protocols (IGPs) like IS-IS or OSPF
which are running on most ISPs.
.. note:: Segment routing defines a control plane network architecture and
can be applied to an existing MPLS based dataplane. In the MPLS networks,
segments are encoded as MPLS labels and are imposed at the ingress router.
MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing
as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has
been tested against Cisco & Juniper routers.however,this deployment is still
EXPERIMENTAL for FRR .
IS-IS SR Configuration
----------------------
Segment routing (SR) is used by the IGP protocols to interconnect network
devices, below configuration shows how to enable SR on IS-IS:
.. note:: ``Known limitations:``
No support for level redistribution (L1 to L2 or L2 to L1)
No support for binding SID
No support for SRLB
Only one SRGB and default SPF Algorithm is supported
.. cfgcmd:: set protocols isis segment-routing global-block <high-label-value
| low-label-value> <label-value>
Set the Segment Routing Global Block i.e. the label range used by MPLS to
store label in the MPLS FIB for Prefix SID. Note that the block size may
not exceed 65535.
.. cfgcmd:: set protocols isis segment-routing local-block <high-label-value
| low-label-value> <label-value>
Set the Segment Routing Local Block i.e. the label range used by MPLS to
store label in the MPLS FIB for Prefix SID. Note that the block size may
not exceed 65535.Segment Routing Local Block, The negative command always
unsets both.
.. cfgcmd:: set protocols isis segment-routing maximum-label-depth <1-16>
Set the Maximum Stack Depth supported by the router. The value depend of
the MPLS dataplane.
.. cfgcmd:: set protocols isis segment-routing prefix <address> index value
<0-65535>
A segment ID that contains an IP address prefix calculated by an IGP in the
service provider core network. Prefix SIDs are globally unique, this value
indentify it
.. cfgcmd:: set protocols isis segment-routing prefix <address> index
<no-php-flag | explicit-null| n-flag-clear>
prefix. The no-php-flag means NO Penultimate Hop Popping that allows SR
node to request to its neighbor to not pop the label. The explicit-null
flag allows SR node to request to its neighbor to send IP packet with the
EXPLICIT-NULL label. The n-flag-clear option can be used to explicitly
clear the Node flag that is set by default for Prefix-SIDs associated to
loopback addresses. This option is necessary to configure Anycast-SIDs.
.. opcmd:: show isis segment-routing node
Show detailed information about all learned Segment Routing Nodes
.. note:: more information related IGP - :ref:`routing-isis`
OSPF SR Configuration
----------------------
Segment routing (SR) is used by the IGP protocols to interconnect network
devices, below configuration shows how to enable SR on OSPF:
.. cfgcmd:: set protocols ospf parameters opaque-lsa
Enable the Opaque-LSA capability (rfc2370),necessary to transport label
on IGP
.. cfgcmd:: set protocols ospf segment-routing global-block <high-label-value
| low-label-value> <label-value>
Set the Segment Routing Global Block i.e. the label range used by MPLS to
store label in the MPLS FIB for Prefix SID. Note that the block size may
not exceed 65535.
.. cfgcmd:: set protocols ospf segment-routing local-block <high-label-value
| low-label-value> <label-value>
Set the Segment Routing Local Block i.e. the label range used by MPLS to
store label in the MPLS FIB for Prefix SID. Note that the block size may
not exceed 65535.Segment Routing Local Block, The negative command always
unsets both.
.. cfgcmd:: set protocols ospf segment-routing maximum-label-depth <1-16>
Set the Maximum Stack Depth supported by the router. The value depend of
the MPLS dataplane.
.. cfgcmd:: set protocols ospf segment-routing prefix <address> index value
<0-65535>
A segment ID that contains an IP address prefix calculated by an IGP in the
service provider core network. Prefix SIDs are globally unique, this value
indentify it
.. cfgcmd:: set protocols ospf segment-routing prefix <address> index
<no-php-flag | explicit-null| n-flag-clear>
prefix. The no-php-flag means NO Penultimate Hop Popping that allows SR
node to request to its neighbor to not pop the label. The explicit-null
flag allows SR node to request to its neighbor to send IP packet with the
EXPLICIT-NULL label. The n-flag-clear option can be used to explicitly
clear the Node flag that is set by default for Prefix-SIDs associated to
loopback addresses. This option is necessary to configure Anycast-SIDs.
.. note:: more information related IGP - :ref:`routing-ospf`
Configuration Example
---------------------
we described the configuration SR ISIS / SR OSPF using 2 connected with them to
share label information.
Enable IS-IS with Segment Routing (Experimental)
================================================
**Node 1:**
.. code-block:: none
set interfaces loopback lo address '192.168.255.255/32'
set interfaces ethernet eth1 address '192.0.2.1/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.255/32 index value '1'
set protocols isis segment-routing prefix 192.168.255.255/32 index explicit-null
set protocols mpls interface 'eth1'
**Node 2:**
.. code-block:: none
set interfaces loopback lo address '192.168.255.254/32'
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5254.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.254/32 index value '2'
set protocols isis segment-routing prefix 192.168.255.254/32 index explicit-null
set protocols mpls interface 'eth1'
This gives us MPLS segment routing enabled and labels for far end loopbacks:
.. code-block:: none
Node-1@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
----------------------------------------------------------------------
552 SR (IS-IS) 192.0.2.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
15000 SR (IS-IS) 192.0.2.2 implicit-null
15001 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
15002 SR (IS-IS) 192.0.2.2 implicit-null
15003 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
Node-2@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
---------------------------------------------------------------------
551 SR (IS-IS) 192.0.2.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
15000 SR (IS-IS) 192.0.2.1 implicit-null
15001 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
15002 SR (IS-IS) 192.0.2.1 implicit-null
15003 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
Here is the routing tables showing the MPLS segment routing label operations:
.. code-block:: none
Node-1@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:07:48
I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, label IPv4 Explicit Null, weight 1, 00:03:39
Node-2@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:07:46
I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, label IPv4 Explicit Null, weight 1, 00:03:43
Enable OSPF with Segment Routing (Experimental):
================================================
**Node 1**
.. code-block:: none
set interfaces loopback lo address 10.1.1.1/32
set interfaces ethernet eth0 address 192.168.0.1/24
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.1.1.1/32'
set protocols ospf parameters opaque-lsa
set protocols ospf parameters router-id '10.1.1.1'
set protocols ospf segment-routing global-block high-label-value '1100'
set protocols ospf segment-routing global-block low-label-value '1000'
set protocols ospf segment-routing prefix 10.1.1.1/32 index explicit-null
set protocols ospf segment-routing prefix 10.1.1.1/32 index value '1'
**Node 2**
.. code-block:: none
set interfaces loopback lo address 10.1.1.2/32
set interfaces ethernet eth0 address 192.168.0.2/24
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.1.1.2/32'
set protocols ospf parameters opaque-lsa
set protocols ospf parameters router-id '10.1.1.2'
set protocols ospf segment-routing global-block high-label-value '1100'
set protocols ospf segment-routing global-block low-label-value '1000'
set protocols ospf segment-routing prefix 10.1.1.2/32 index explicit-null
set protocols ospf segment-routing prefix 10.1.1.2/32 index value '2'
This gives us MPLS segment routing enabled and labels for far end loopbacks:
.. code-block:: none
Node-1@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------------
1002 SR (OSPF) 192.168.0.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
15000 SR (OSPF) 192.168.0.2 implicit-null
15001 SR (OSPF) 192.168.0.2 implicit-null
Node-2@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------------
1001 SR (OSPF) 192.168.0.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
15000 SR (OSPF) 192.168.0.1 implicit-null
15001 SR (OSPF) 192.168.0.1 implicit-null
Here is the routing tables showing the MPLS segment routing label operations:
.. code-block:: none
Node-1@vyos:~$ show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
O 10.1.1.1/32 [110/0] is directly connected, lo, weight 1, 00:03:43
O>* 10.1.1.2/32 [110/1] via 192.168.0.2, eth0, label IPv4 Explicit Null, weight 1, 00:03:32
O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:43
Node-2@vyos:~$ show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
O>* 10.1.1.1/32 [110/1] via 192.168.0.1, eth0, label IPv4 Explicit Null, weight 1, 00:03:36
O 10.1.1.2/32 [110/0] is directly connected, lo, weight 1, 00:03:51
O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:51
**************************
Example with Cisco IOS-XR
**************************
When utilizing VyOS in an environment with Cisco IOS-XR gear you can use this
blue print as an initial setup to get MPLS ISIS-SR working between those two
devices.The lab was build using :abbr:`EVE-NG (Emulated Virtual
Environment NG)`.
.. figure:: /_static/images/vyos-sr-isis.png
:alt: ISIS-SR network
ISIS-SR example network
The below configuration is used as example where we keep focus on
VyOS-P1/VyOS-P2/XRv-P3 which we share the settings.
Configuration
=============
VyOS-P1:
========
.. code-block:: none
set interfaces dummy dum0 address '192.0.2.1/32'
set interfaces ethernet eth1 address '192.0.2.5/30'
set interfaces ethernet eth1 mtu '8000'
set interfaces ethernet eth3 address '192.0.2.21/30'
set interfaces ethernet eth3 mtu '8000'
set protocols isis interface dum0 passive
set protocols isis interface eth1 network point-to-point
set protocols isis interface eth3 network point-to-point
set protocols isis level 'level-2'
set protocols isis log-adjacency-changes
set protocols isis metric-style 'wide'
set protocols isis net '49.0000.0000.0000.0001.00'
set protocols isis segment-routing maximum-label-depth '8'
set protocols isis segment-routing prefix 192.0.2.1/32 index value '1'
set protocols mpls interface 'eth1'
set protocols mpls interface 'eth3'
set system host-name 'P1-VyOS'
XRv-P3:
=======
.. code-block:: none
hostname P3-VyOS
interface Loopback0
ipv4 address 192.0.2.3 255.255.255.255
!
interface GigabitEthernet0/0/0/1
mtu 8014
ipv4 address 192.0.2.6 255.255.255.252
!
interface GigabitEthernet0/0/0/2
mtu 8014
ipv4 address 192.0.2.18 255.255.255.252
!
router isis VyOS
is-type level-2-only
net 49.0000.0000.0000.0003.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 3
!
!
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv4 unicast
!
!
!
VyOS-P2:
========
.. code-block:: none
set interfaces dummy dum0 address '192.0.2.2/32'
set interfaces ethernet eth2 address '192.0.2.17/30'
set interfaces ethernet eth2 mtu '8000'
set interfaces ethernet eth3 address '192.0.2.26/30'
set interfaces ethernet eth3 mtu '8000'
set protocols isis interface dum0 passive
set protocols isis interface eth2 network point-to-point
set protocols isis interface eth3 network point-to-point
set protocols isis level 'level-2'
set protocols isis log-adjacency-changes
set protocols isis metric-style 'wide'
set protocols isis net '49.0000.0000.0000.0002.00'
set protocols isis segment-routing maximum-label-depth '8'
set protocols isis segment-routing prefix 192.0.2.2/32 index value '2'
set protocols mpls interface 'eth2'
set protocols mpls interface 'eth3'
set system host-name 'P2-VyOS'
This gives us MPLS segment routing enabled and labels forwarding :
.. code-block:: none
vyos@P1-VyOS:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------------------
15000 SR (IS-IS) 192.0.2.6 implicit-null
15001 SR (IS-IS) 192.0.2.22 implicit-null
15002 SR (IS-IS) fe80::5200:ff:fe04:3 implicit-null
16002 SR (IS-IS) 192.0.2.6 16002
16003 SR (IS-IS) 192.0.2.6 implicit-null
16011 SR (IS-IS) 192.0.2.22 implicit-null
vyos@P2-VyOS:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
-------------------------------------------------------
15000 SR (IS-IS) 192.0.2.18 implicit-null
16001 SR (IS-IS) 192.0.2.18 16001
16003 SR (IS-IS) 192.0.2.18 implicit-null
16011 SR (IS-IS) 192.0.2.18 16011
RP/0/0/CPU0:P3-VyOS#show mpls forwarding
Tue Mar 28 17:47:18.928 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/1 192.0.2.5 0
16002 Pop SR Pfx (idx 2) Gi0/0/0/2 192.0.2.17 0
16011 16011 SR Pfx (idx 11) Gi0/0/0/1 192.0.2.5 0
24000 Pop SR Adj (idx 1) Gi0/0/0/1 192.0.2.5 0
24001 Pop SR Adj (idx 3) Gi0/0/0/1 192.0.2.5 0
24002 Pop SR Adj (idx 1) Gi0/0/0/2 192.0.2.17 0
24003 Pop SR Adj (idx 3) Gi0/0/0/2 192.0.2.17 0
VyOS is able to check MSD per devices:
.. code-block:: none
vyos@P1-VyOS:~$ show isis segment-routing node
Area VyOS:
IS-IS L1 SR-Nodes:
IS-IS L2 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
---------------------------------------------------------------
0000.0000.0001 16000 - 23999 15000 - 15999 SPF 8
0000.0000.0002 16000 - 23999 15000 - 15999 SPF 8
0000.0000.0003 16000 - 23999 0 - 4294967295 SPF 10
0000.0000.0011 16000 - 23999 15000 - 15999 SPF 8
vyos@P2-VyOS:~$ show isis segment-routing node
Area VyOS:
IS-IS L1 SR-Nodes:
IS-IS L2 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
---------------------------------------------------------------
0000.0000.0001 16000 - 23999 15000 - 15999 SPF 8
0000.0000.0002 16000 - 23999 15000 - 15999 SPF 8
0000.0000.0003 16000 - 23999 0 - 4294967295 SPF 10
0000.0000.0011 16000 - 23999 15000 - 15999 SPF 8
Here is the routing tables showing the MPLS segment routing label operations:
.. code-block:: none
vyos@P1-VyOS:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I>* 192.0.2.2/32 [115/30] via 192.0.2.6, eth1, label 16002, weight 1, 1d03h18m
I>* 192.0.2.3/32 [115/10] via 192.0.2.6, eth1, label implicit-null, weight 1, 1d03h18m
I 192.0.2.4/30 [115/20] via 192.0.2.6, eth1 inactive, weight 1, 1d03h18m
I>* 192.0.2.11/32 [115/20] via 192.0.2.22, eth3, label implicit-null, weight 1, 1d02h47m
I>* 192.0.2.16/30 [115/20] via 192.0.2.6, eth1, weight 1, 1d03h18m
I 192.0.2.20/30 [115/20] via 192.0.2.22, eth3 inactive, weight 1, 1d02h48m
I>* 192.0.2.24/30 [115/30] via 192.0.2.6, eth1, weight 1, 1d03h18m
vyos@P2-VyOS:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I>* 192.0.2.1/32 [115/30] via 192.0.2.18, eth2, label 16001, weight 1, 1d03h17m
I>* 192.0.2.3/32 [115/10] via 192.0.2.18, eth2, label implicit-null, weight 1, 1d03h17m
I>* 192.0.2.4/30 [115/20] via 192.0.2.18, eth2, weight 1, 1d03h17m
I>* 192.0.2.11/32 [115/40] via 192.0.2.18, eth2, label 16011, weight 1, 1d02h47m
I 192.0.2.16/30 [115/20] via 192.0.2.18, eth2 inactive, weight 1, 1d03h17m
I>* 192.0.2.20/30 [115/30] via 192.0.2.18, eth2, weight 1, 1d03h17m
RP/0/0/CPU0:P3-VyOS#show route isis
Tue Mar 28 18:19:16.417 UTC
i L2 192.0.2.1/32 [115/20] via 192.0.2.5, 1d03h, GigabitEthernet0/0/0/1
i L2 192.0.2.2/32 [115/20] via 192.0.2.17, 1d03h, GigabitEthernet0/0/0/2
i L2 192.0.2.11/32 [115/30] via 192.0.2.5, 1d02h, GigabitEthernet0/0/0/1
i L2 192.0.2.20/30 [115/20] via 192.0.2.5, 1d03h, GigabitEthernet0/0/0/1
i L2 192.0.2.24/30 [115/20] via 192.0.2.17, 1d03h, GigabitEthernet0/0/0/2
Ping between VyOS-P1 / VyOS-P2 to confirm reachability:
.. code-block:: none
vyos@P1-VyOS:~$ ping 192.0.2.2 source-address 192.0.2.1
PING 192.0.2.2 (192.0.2.2) from 192.0.2.1 : 56(84) bytes of data.
64 bytes from 192.0.2.2: icmp_seq=1 ttl=63 time=3.47 ms
64 bytes from 192.0.2.2: icmp_seq=2 ttl=63 time=2.06 ms
64 bytes from 192.0.2.2: icmp_seq=3 ttl=63 time=3.90 ms
64 bytes from 192.0.2.2: icmp_seq=4 ttl=63 time=3.87 ms
^C
--- 192.0.2.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 2.064/3.326/3.903/0.748 ms
vyos@P2-VyOS:~$ ping 192.0.2.1 source-address 192.0.2.2
PING 192.0.2.1 (192.0.2.1) from 192.0.2.2 : 56(84) bytes of data.
64 bytes from 192.0.2.1: icmp_seq=1 ttl=63 time=2.91 ms
64 bytes from 192.0.2.1: icmp_seq=2 ttl=63 time=3.23 ms
64 bytes from 192.0.2.1: icmp_seq=3 ttl=63 time=2.91 ms
64 bytes from 192.0.2.1: icmp_seq=4 ttl=63 time=2.85 ms
^C
--- 192.0.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 2.846/2.972/3.231/0.151 ms
Reference in New Issue View Git Blame Copy Permalink