Mailing List Archive

SR-TE
Anyone have ideas why I can't seem to get traffic to flow via this SR-TE
path? I have configs if you would like to see them.



Seems that the BSID (100) is in the LFIB but I'm not seeing traffic through
it. Also the traceroute on the r10 ce still shows flowing via the dynamic
vanilla SR path via r21. I'd like to have the SR-TE path carry the customer
traffic via r24----r23





RP/0/0/CPU0:r20#sh mpls for

Thu Sep 17 15:14:28.224 CST

Local Outgoing Prefix Outgoing Next Hop Bytes


Label Label or ID Interface Switched


------ ----------- ------------------ ------------ ---------------
------------

100 Pop No ID my-srte-poli point2point 0


16022 16022 SR Pfx (idx 22) Gi0/0/0/0 10.20.1.2 3864764


16024 Pop SR Pfx (idx 24) Gi0/0/0/1 10.20.1.21 0


24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.20.1.2 0


24001 Pop SR Adj (idx 0) Gi0/0/0/1 10.20.1.21 0


24002 Aggregate one: Per-VRF Aggr[V] \



one
2895172236



RP/0/0/CPU0:r20#sh segment-routing traffic-eng policy

Thu Sep 17 15:14:33.523 CST



SR-TE policy database

---------------------



Name: my-srte-policy (Color: 1, End-point: 10.20.0.22)

Status:

Admin: up Operational: up for 00:00:16 (since Sep 17 15:14:17.095)

Candidate-paths:

Preference 1:

Explicit: segment-list my-srte-sidlist-1 (active)

Weight: 0

16024

24002

16022

Attributes:

Binding SID: 100

Allocation mode: explicit

State: programmed

Policy selected: yes

Forward Class: 0





r10 r30

| |

| |

r20-----r21-----r22

| |

| |

r24-------------r23



r10 and r30 are ce's









Aaron

aaron1@gvtc.com



_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
It's been almost 4 yrs since I looked at SR-TE. How are you mapping traffic
to your SR-TE tunnels? Like "auto-route announce"?

On Thu, Sep 17, 2020 at 1:34 PM <aaron1@gvtc.com> wrote:

> Anyone have ideas why I can't seem to get traffic to flow via this SR-TE
> path? I have configs if you would like to see them.
>
>
>
> Seems that the BSID (100) is in the LFIB but I'm not seeing traffic through
> it. Also the traceroute on the r10 ce still shows flowing via the dynamic
> vanilla SR path via r21. I'd like to have the SR-TE path carry the
> customer
> traffic via r24----r23
>
>
>
>
>
> RP/0/0/CPU0:r20#sh mpls for
>
> Thu Sep 17 15:14:28.224 CST
>
> Local Outgoing Prefix Outgoing Next Hop Bytes
>
>
> Label Label or ID Interface Switched
>
>
> ------ ----------- ------------------ ------------ ---------------
> ------------
>
> 100 Pop No ID my-srte-poli point2point 0
>
>
> 16022 16022 SR Pfx (idx 22) Gi0/0/0/0 10.20.1.2 3864764
>
>
> 16024 Pop SR Pfx (idx 24) Gi0/0/0/1 10.20.1.21 0
>
>
> 24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.20.1.2 0
>
>
> 24001 Pop SR Adj (idx 0) Gi0/0/0/1 10.20.1.21 0
>
>
> 24002 Aggregate one: Per-VRF Aggr[V] \
>
>
>
> one
> 2895172236
>
>
>
> RP/0/0/CPU0:r20#sh segment-routing traffic-eng policy
>
> Thu Sep 17 15:14:33.523 CST
>
>
>
> SR-TE policy database
>
> ---------------------
>
>
>
> Name: my-srte-policy (Color: 1, End-point: 10.20.0.22)
>
> Status:
>
> Admin: up Operational: up for 00:00:16 (since Sep 17 15:14:17.095)
>
> Candidate-paths:
>
> Preference 1:
>
> Explicit: segment-list my-srte-sidlist-1 (active)
>
> Weight: 0
>
> 16024
>
> 24002
>
> 16022
>
> Attributes:
>
> Binding SID: 100
>
> Allocation mode: explicit
>
> State: programmed
>
> Policy selected: yes
>
> Forward Class: 0
>
>
>
>
>
> r10 r30
>
> | |
>
> | |
>
> r20-----r21-----r22
>
> | |
>
> | |
>
> r24-------------r23
>
>
>
> r10 and r30 are ce's
>
>
>
>
>
>
>
>
>
> Aaron
>
> aaron1@gvtc.com
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Thanks dip, but a bit confused at this point since I thought SRTE didn’t need tunnel interface at the Head End LSR, and that a policy was what steered traffic into an SRTE Path.



But, I do see some web sites that mention it both ways… using tunnel interface or using an sr-te policy… So I don’t know why they difference. Is it that some version of XR did it with only a tunnel interface and other versions of XR did it with policy? (heck I even see some that show a static route calling a explicit path option! IOS-XE website)



https://www.lacnic.net/innovaportal/file/4016/1/sr_srte_pce-hands-on.pdf



slide number 28 shows SR-TE policy



https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/segment-routing/configuration/guide/b-seg-routing-cg-asr9k/b-seg-routing-cg-asr9k_chapter_0100.html



shows sr-te on tunnel interface



I was trying on XR 6.3.1 XRv using OSPF as IGP



I have a different virtual lab environment where I have XR 7.0.2 XRv9k and I am going to try it there with IS-IS as IGP



I’ll take any advice from anyone that has info on this.



-Aaron

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Yeah, there are certainly few ways to configure SR-TE. In your example,
How's R10 learning R20 Prefixes? I am assuming that's BGP between PE-CE's
(Is it L3VPN's ??) and PE's are doing next-hop-self. So the R30 prefix is
learned via BGP at R20 with R22 as the next-hop making. You have a tunnel
from R20--> R22 (inferring based on the loopback IP).

I don't have access to a box to check what cli options are available or not
but you can try few things
1) Static route mapping to the destination. Page 59
2) see if there is an auto-route announce option available under policy for
IGP to use the routes via the tunnel destination.

Take a look at this config guide which seems relatively more comprehensive
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-6/segment-routing/configuration/guide/b-segment-routing-cg-asr9000-66x/b-segment-routing-cg-asr9000-66x_chapter_01000.pdf

Page5:
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-2/segment-routing/configuration/guide/b-segment-routing-cg-asr9000-62x/b-seg-routing-cg-asr9000-62x_chapter_01000.pdf


Thanks
Dip

On Fri, Sep 18, 2020 at 8:59 AM <aaron1@gvtc.com> wrote:

> Thanks dip, but a bit confused at this point since I thought SRTE didn’t
> need tunnel interface at the Head End LSR, and that a policy was what
> steered traffic into an SRTE Path.
>
>
>
> But, I do see some web sites that mention it both ways… using tunnel
> interface or using an sr-te policy… So I don’t know why they difference.
> Is it that some version of XR did it with only a tunnel interface and other
> versions of XR did it with policy? (heck I even see some that show a
> static route calling a explicit path option! IOS-XE website)
>
>
>
> https://www.lacnic.net/innovaportal/file/4016/1/sr_srte_pce-hands-on.pdf
>
>
>
> slide number 28 shows SR-TE policy
>
>
>
>
> https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/segment-routing/configuration/guide/b-seg-routing-cg-asr9k/b-seg-routing-cg-asr9k_chapter_0100.html
>
>
>
> shows sr-te on tunnel interface
>
>
>
> I was trying on XR 6.3.1 XRv using OSPF as IGP
>
>
>
> I have a different virtual lab environment where I have XR 7.0.2 XRv9k and
> I am going to try it there with IS-IS as IGP
>
>
>
> I’ll take any advice from anyone that has info on this.
>
>
>
> -Aaron
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
This is likely the key. Apart from defining the SR-TE Policy, you have to map traffic to them, it doesn't happen automatically.

Today it's done through
1) static routes
2) autoroute announce as mentioned,
3) For traffic using BGP routes using a color BGP community to automatically map traffic to a destination BGP next-hop to a specific SR Policy (used for global routing table, L3VPN, and EVPN)
4) For P2P L2VPN you can define a specific SR Policy to use.

Thanks,
Phil

?On 9/17/20, 4:44 PM, "cisco-nsp on behalf of dip" <cisco-nsp-bounces@puck.nether.net on behalf of diptanshu.singh@gmail.com> wrote:

It's been almost 4 yrs since I looked at SR-TE. How are you mapping traffic
to your SR-TE tunnels? Like "auto-route announce"?

On Thu, Sep 17, 2020 at 1:34 PM <aaron1@gvtc.com> wrote:

> Anyone have ideas why I can't seem to get traffic to flow via this SR-TE
> path? I have configs if you would like to see them.
>
>
>
> Seems that the BSID (100) is in the LFIB but I'm not seeing traffic through
> it. Also the traceroute on the r10 ce still shows flowing via the dynamic
> vanilla SR path via r21. I'd like to have the SR-TE path carry the
> customer
> traffic via r24----r23
>
>
>
>
>
> RP/0/0/CPU0:r20#sh mpls for
>
> Thu Sep 17 15:14:28.224 CST
>
> Local Outgoing Prefix Outgoing Next Hop Bytes
>
>
> Label Label or ID Interface Switched
>
>
> ------ ----------- ------------------ ------------ ---------------
> ------------
>
> 100 Pop No ID my-srte-poli point2point 0
>
>
> 16022 16022 SR Pfx (idx 22) Gi0/0/0/0 10.20.1.2 3864764
>
>
> 16024 Pop SR Pfx (idx 24) Gi0/0/0/1 10.20.1.21 0
>
>
> 24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.20.1.2 0
>
>
> 24001 Pop SR Adj (idx 0) Gi0/0/0/1 10.20.1.21 0
>
>
> 24002 Aggregate one: Per-VRF Aggr[V] \
>
>
>
> one
> 2895172236
>
>
>
> RP/0/0/CPU0:r20#sh segment-routing traffic-eng policy
>
> Thu Sep 17 15:14:33.523 CST
>
>
>
> SR-TE policy database
>
> ---------------------
>
>
>
> Name: my-srte-policy (Color: 1, End-point: 10.20.0.22)
>
> Status:
>
> Admin: up Operational: up for 00:00:16 (since Sep 17 15:14:17.095)
>
> Candidate-paths:
>
> Preference 1:
>
> Explicit: segment-list my-srte-sidlist-1 (active)
>
> Weight: 0
>
> 16024
>
> 24002
>
> 16022
>
> Attributes:
>
> Binding SID: 100
>
> Allocation mode: explicit
>
> State: programmed
>
> Policy selected: yes
>
> Forward Class: 0
>
>
>
>
>
> r10 r30
>
> | |
>
> | |
>
> r20-----r21-----r22
>
> | |
>
> | |
>
> r24-------------r23
>
>
>
> r10 and r30 are ce's
>
>
>
>
>
>
>
>
>
> Aaron
>
> aaron1@gvtc.com
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Yes L3VPN between r20 and r22… redistribute connected /30’s for both sides. Pretty straightforward l3vpn. R10 and r30 (ce’s) can ping each other. The l3vpn over SR-MPLS is working fine. It’s the SR-TE that I am now trying to make work that isn’t quite there yet. At this point I would just like to at least get a one-sided srte tunnel working r20----->r22 for now



I did move my lab over to a Xrv9k 7.0.2 and now seems to be doing better but not quite there yet. I see an sr-te interface now and in the LFIB. But I don’t see this in the routing table just yet. (like I am accustomed to seeing with autoroute announce with MPLS-TE/RSVP-TE)



I’ll have to look at what you sent me to see if I can get this in the routing table since it seems that’s why I’m not steering traffic into it yet…. But I could be wrong.



I’m unsure if I need to do bgp tweaks as Phil has suggested and I’ve also read. I’m wondering if I just need to someone make the bgp next hop for the L3VPN to be more attractively reachable via the SRTE Path vice the IGP least cost path.



RP/0/RP0/CPU0:r20#sh mpls for

Fri Sep 18 16:01:08.827 CDT

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched

------ ----------- ------------------ ------------ --------------- ------------

100 Pop No ID srte_c_1_ep_ point2point 0

16021 Pop SR Pfx (idx 21) Gi0/0/0/0 10.20.1.2 0

16022 16022 SR Pfx (idx 22) Gi0/0/0/0 10.20.1.2 334015

16023 16023 SR Pfx (idx 23) Gi0/0/0/1 10.20.1.21 0

16024 Pop SR Pfx (idx 24) Gi0/0/0/1 10.20.1.21 0

24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.20.1.2 0

24001 Aggregate one: Per-VRF Aggr[V] \

one 1669272

24002 Pop SR Adj (idx 0) Gi0/0/0/1 10.20.1.21 0

24009 24002 SR TE: 6 [TE-INT] Gi0/0/0/1 10.20.1.21 0 <<<---------------



RP/0/RP0/CPU0:r20#show ip int br

Fri Sep 18 16:03:25.282 CDT



Interface IP-Address Status Protocol Vrf-Name

srte_c_1_ep_10.20.0.22 10.20.0.20 Up Up default <<<-------------------

Loopback0 10.20.0.20 Up Up default

MgmtEth0/RP0/CPU0/0 unassigned Up Up default

GigabitEthernet0/0/0/0 10.20.1.1 Up Up default

GigabitEthernet0/0/0/1 10.20.1.22 Up Up default

GigabitEthernet0/0/0/2 1.0.0.1 Up Up one

GigabitEthernet0/0/0/3 unassigned Up Up default



Show interfaces…..

srte_c_1_ep_10.20.0.22 is up, line protocol is up

Interface state transitions: 1

Hardware is Tunnel-TE

Internet address is 10.20.0.20/32

MTU 1500 bytes, BW 0 Kbit

reliability 255/255, txload Unknown, rxload Unknown

Encapsulation TUNNEL, loopback not set,

Last link flapped 02:23:10

Last input never, output never

Last clearing of "show interface" counters never

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 total input drops

Unknown drops for unrecognized upper-level protocol

Received Unknown broadcast packets, Unknown multicast packets

0 packets output, 0 bytes, 0 total output drops

Output Unknown broadcast packets, Unknown multicast packets



*** not in the routing table yet…



RP/0/RP0/CPU0:r20#sh route | be Gate

Fri Sep 18 16:06:07.810 CDT

Gateway of last resort is not set



L 10.20.0.20/32 is directly connected, 04:51:44, Loopback0

O 10.20.0.21/32 [110/2] via 10.20.1.2, 04:50:47, GigabitEthernet0/0/0/0

O 10.20.0.22/32 [110/3] via 10.20.1.2, 02:49:18, GigabitEthernet0/0/0/0

O 10.20.0.23/32 [110/3] via 10.20.1.21, 04:40:42, GigabitEthernet0/0/0/1

O 10.20.0.24/32 [110/2] via 10.20.1.21, 04:40:48, GigabitEthernet0/0/0/1

C 10.20.1.0/30 is directly connected, 04:51:44, GigabitEthernet0/0/0/0

L 10.20.1.1/32 is directly connected, 04:51:44, GigabitEthernet0/0/0/0

O 10.20.1.4/30 [110/2] via 10.20.1.2, 02:49:18, GigabitEthernet0/0/0/0

O 10.20.1.8/30 [110/3] via 10.20.1.2, 02:49:18, GigabitEthernet0/0/0/0

[110/3] via 10.20.1.21, 02:49:18, GigabitEthernet0/0/0/1

C 10.20.1.20/30 is directly connected, 04:51:44, GigabitEthernet0/0/0/1

L 10.20.1.22/32 is directly connected, 04:51:44, GigabitEthernet0/0/0/1

O 10.20.1.24/30 [110/2] via 10.20.1.21, 04:40:47, GigabitEthernet0/0/0/1

L 127.0.0.0/8 [0/0] via 0.0.0.0, 04:51:45









From: dip <diptanshu.singh@gmail.com>
Sent: Friday, September 18, 2020 11:53 AM
To: Aaron <aaron1@gvtc.com>
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] SR-TE



Yeah, there are certainly few ways to configure SR-TE. In your example, How's R10 learning R20 Prefixes? I am assuming that's BGP between PE-CE's (Is it L3VPN's ??) and PE's are doing next-hop-self. So the R30 prefix is learned via BGP at R20 with R22 as the next-hop making. You have a tunnel from R20--> R22 (inferring based on the loopback IP).



I don't have access to a box to check what cli options are available or not but you can try few things

1) Static route mapping to the destination. Page 59

2) see if there is an auto-route announce option available under policy for IGP to use the routes via the tunnel destination.



Take a look at this config guide which seems relatively more comprehensive

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-6/segment-routing/configuration/guide/b-segment-routing-cg-asr9000-66x/b-segment-routing-cg-asr9000-66x_chapter_01000.pdf



Page5:

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-2/segment-routing/configuration/guide/b-segment-routing-cg-asr9000-62x/b-seg-routing-cg-asr9000-62x_chapter_01000.pdf





Thanks

Dip



On Fri, Sep 18, 2020 at 8:59 AM <aaron1@gvtc.com <mailto:aaron1@gvtc.com> > wrote:

Thanks dip, but a bit confused at this point since I thought SRTE didn’t need tunnel interface at the Head End LSR, and that a policy was what steered traffic into an SRTE Path.



But, I do see some web sites that mention it both ways… using tunnel interface or using an sr-te policy… So I don’t know why they difference. Is it that some version of XR did it with only a tunnel interface and other versions of XR did it with policy? (heck I even see some that show a static route calling a explicit path option! IOS-XE website)



https://www.lacnic.net/innovaportal/file/4016/1/sr_srte_pce-hands-on.pdf



slide number 28 shows SR-TE policy



https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/segment-routing/configuration/guide/b-seg-routing-cg-asr9k/b-seg-routing-cg-asr9k_chapter_0100.html



shows sr-te on tunnel interface



I was trying on XR 6.3.1 XRv using OSPF as IGP



I have a different virtual lab environment where I have XR 7.0.2 XRv9k and I am going to try it there with IS-IS as IGP



I’ll take any advice from anyone that has info on this.



-Aaron

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Yes, works! Thanks Phil and dip for your input.

"autoroute include all" seemed to be the missing ingredient for cli manual srte steering... I'm not sure if it has any downsides at this point, but for what I have, it's working.

Finally got the auto-generated te-tunnel interface to show up in the route table...

also, learned that the auto-created srte interface name is...

srte_c_1_ep_10.20.0.22

which means...

srte color 1 endpoint 10.20.0.22

and now I see traffic hitting that lfib entry

also there's now an interesting additional lfib entry for my endpoint that points to the srte tunnel interface

here's the ce to ce traffic now showing triple mpls tagged via the srte tunnel

ce1#traceroute 1.1.1.2
Type escape sequence to abort.
Tracing the route to 1.1.1.2
VRF info: (vrf in name/id, vrf out name/id)
1 1.0.0.1 8 msec 2 msec 2 msec
2 10.20.1.21 [MPLS: Labels 16023/16022/24001 Exp 0] 40 msec 38 msec 38 msec
3 10.20.1.25 [MPLS: Labels 16022/24001 Exp 0] 41 msec 41 msec 38 msec
4 10.20.1.9 39 msec 38 msec 42 msec
5 1.1.1.2 89 msec * 88 msec

Here's my whole config for the Headend SRTE tunnel policy

conf
router ospf 1
distribute link-state
!
segment-routing
traffic-eng
segment-list name my-srte-sidlist-2
index 1 address ipv4 10.20.0.24
index 2 address ipv4 10.20.0.23
index 3 address ipv4 10.20.0.22
!
policy my-srte-policy
binding-sid mpls 100
color 1 end-point ipv4 10.20.0.22
autoroute include all
candidate-paths
preference 1
explicit segment-list my-srte-sidlist-2
commit


r10 r30
| |
| |
r20-----r21-----r22
| |
| |
r24-------------r23

10.20.0.x - loopback ip's
x = router number

ce r10 is 1.0.0.0/30
ce r30 is 1.1.1.0/30

RP/0/RP0/CPU0:r20#sh route | be Gate
Fri Sep 18 22:53:43.336 CDT
Gateway of last resort is not set

L 10.20.0.20/32 is directly connected, 11:39:19, Loopback0
O 10.20.0.21/32 [110/2] via 10.20.1.2, 11:38:22, GigabitEthernet0/0/0/0
O 10.20.0.22/32 [110/3] via 10.20.0.22, 00:01:38, srte_c_1_ep_10.20.0.22 <<<----------------------
O 10.20.0.23/32 [110/3] via 10.20.1.21, 11:28:18, GigabitEthernet0/0/0/1
O 10.20.0.24/32 [110/2] via 10.20.1.21, 11:28:24, GigabitEthernet0/0/0/1
C 10.20.1.0/30 is directly connected, 11:39:20, GigabitEthernet0/0/0/0
L 10.20.1.1/32 is directly connected, 11:39:20, GigabitEthernet0/0/0/0
O 10.20.1.4/30 [110/2] via 10.20.1.2, 09:36:54, GigabitEthernet0/0/0/0
O 10.20.1.8/30 [110/3] via 10.20.0.22, 00:01:38, srte_c_1_ep_10.20.0.22 <<<----------------------
[110/3] via 10.20.1.21, 00:01:38, GigabitEthernet0/0/0/1
C 10.20.1.20/30 is directly connected, 11:39:20, GigabitEthernet0/0/0/1
L 10.20.1.22/32 is directly connected, 11:39:20, GigabitEthernet0/0/0/1
O 10.20.1.24/30 [110/2] via 10.20.1.21, 11:28:23, GigabitEthernet0/0/0/1
L 127.0.0.0/8 [0/0] via 0.0.0.0, 11:39:20

RP/0/RP0/CPU0:r20#sh mpls for
Fri Sep 18 23:04:39.183 CDT
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
100 Pop No ID srte_c_1_ep_ point2point 0
16021 Pop SR Pfx (idx 21) Gi0/0/0/0 10.20.1.2 0
16022 16022 SR Pfx (idx 22) Gi0/0/0/0 10.20.1.2 1028
16023 16023 SR Pfx (idx 23) Gi0/0/0/1 10.20.1.21 0
16024 Pop SR Pfx (idx 24) Gi0/0/0/1 10.20.1.21 0
24000 Pop SR Adj (idx 0) Gi0/0/0/0 10.20.1.2 0
24001 Aggregate one: Per-VRF Aggr[V] \
one 1744516
24002 Pop SR Adj (idx 0) Gi0/0/0/1 10.20.1.21 0
24004 16023 SR TE: 22 [TE-INT] Gi0/0/0/1 10.20.1.21 3648 <<<----------------------
24011 Pop 10.20.0.22/32 srte_c_1_ep_ 10.20.0.22 3936 <<<----------------------

the L3VPN cef entry on the headend for the ce traffic is....

RP/0/RP0/CPU0:r20#sh cef vrf one 1.1.1.0/30
Fri Sep 18 23:05:33.909 CDT
1.1.1.0/30, version 5, internal 0x5000001 0x0 (ptr 0xdef99e4) [1], 0x0 (0xe0bcc68), 0xa08 (0xe8a2368)
Updated Sep 18 11:25:40.565
Prefix Len 30, traffic index 0, precedence n/a, priority 3
via 10.20.0.22/32, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xd2cc890 0x0]
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
next hop 10.20.0.22/32 via 24011/0/21
next hop 10.20.0.22/32 srte_c_1_ep_ labels imposed {ImplNull 24001} <<<----------------------


- aaron


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Also, it works with these explicit paths as well... learned a few things
here, you can blackhole your traffic if you don't know your SID's... I used
an adjacency sid from my previous eve-ng lab on my diagram, and I forgot
that I had moved to a new lab, when I stood up the new lab, the adjacency
sids were different, 24001 instead of 24002 on my of my transit
links...between r24 and r23...

All these explicit paths work...

all prefix/node sids...

segment-list name my-srte-sidlist-2
index 1 mpls label 16024
index 2 mpls label 16023
index 3 mpls label 16022

combination of prefix/node sids and an adjacency sid...

segment-list name my-srte-sidlist-2
index 1 mpls label 16024
index 2 mpls label 24001
index 3 mpls label 16022

an ip address, and adj sid, and a prefix/node sid... the ip address for the
first segment is apparently is an IOS-XR trick that resolves the ip to the
prefix sid of that hop...

segment-list name my-srte-sidlist-2
index 1 address ipv4 10.20.0.24
index 2 mpls label 24001
index 3 mpls label 16022

an ip address a couple hops away but is in the igp direction that I desire,
and adj sid on the link to the last hop...

segment-list name my-srte-sidlist-2
index 1 address ipv4 10.20.0.23
index 2 mpls label 24000

all those work for my desired SRTE path... the all result in the ce traffic
taking the atypical anti-igp path... some result in different mpls tagging,
but, all cases end up being 3 tags and follow the correct, desired path.

Here's the trace of that last sedment-list (ip to 10.20.0.23, and adj sid
24000)...

ce1#traceroute 1.1.1.2
Type escape sequence to abort.
Tracing the route to 1.1.1.2
VRF info: (vrf in name/id, vrf out name/id)
1 1.0.0.1 47 msec 41 msec 41 msec
2 10.20.1.21 [MPLS: Labels 16023/24000/24001 Exp 0] 229 msec 229 msec 215
msec
3 10.20.1.25 [MPLS: Labels 24000/24001 Exp 0] 238 msec 211 msec 227 msec
4 10.20.1.9 230 msec 225 msec 222 msec
5 1.1.1.2 314 msec * 302 msec


-Aaron


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
oh wow, i brought down a link accidentally today in my lab (between r24 and
r23) and i discovered something quite interesting (or concerning)

an srte tunnel can progress in a direction and actually hairpin back on
itself!

is this news to anyone else? i'm pretty sure that rsvp-te didn't allow for
looping ero's... and I wonder if it was disallowed due to signalling that
was able to track on the ero/rro?

notice the hops

traceroute source is r10 and destination is r30

r10#traceroute 1.1.1.2
Type escape sequence to abort.
Tracing the route to 1.1.1.2
VRF info: (vrf in name/id, vrf out name/id)
1 1.0.0.1 47 msec 37 msec 39 msec
2 10.20.1.21 [MPLS: Labels 16023/16022/24002 Exp 0] 257 msec 251 msec 257
msec
3 10.20.1.22 [MPLS: Labels 16023/16022/24002 Exp 0] 268 msec 250 msec 244
msec
4 10.20.1.2 [MPLS: Labels 16023/16022/24002 Exp 0] 257 msec 249 msec 148
msec
5 10.20.1.6 [MPLS: Labels 16023/16022/24002 Exp 0] 122 msec 109 msec 111
msec
6 10.20.1.10 [MPLS: Labels 16022/24002 Exp 0] 118 msec 111 msec 111 msec
7 10.20.1.9 116 msec 111 msec 117 msec
8 1.1.1.2 197 msec * 191 msec


r10 - initiates traceroute to r30
r20 - l3vpn then inserts traffic into srte path and pushes sid stack
r24 - sid 1
r23 - sid 2
r22 - sid 3 - egress l3vpn
r30 - destination of traceroute

so the traceroute above shows the traffic flowing like this...

r10--->r20--->r24--->r20(again)--->r21--->r22--->r23--->r22(again)--->r30


r10 r30
| |
| |
r20-----r21-----r22
| |
| |
r24------X------r23


i put an X where I accidentally brought down the connection

RP/0/RP0/CPU0:r20#sh segment-routing traffic-eng policy
Sun Sep 20 00:09:51.167 CDT

SR-TE policy database
---------------------

Color: 1, End-point: 10.20.0.22
Name: srte_c_1_ep_10.20.0.22
Status:
Admin: up Operational: up for 00:20:10 (since Sep 19 23:49:40.492)
Candidate-paths:
Preference: 1 (configuration) (active)
Name: my-srte-policy
Requested BSID: 100
Explicit: segment-list my-srte-sidlist-2 (valid)
Weight: 1, Metric Type: TE
16024 [Prefix-SID, 10.20.0.24]
16023 [Prefix-SID, 10.20.0.23]
16022 [Prefix-SID, 10.20.0.22]
Attributes:
Binding SID: 100
Forward Class: Not Configured
Steering BGP disabled: yes
IPv6 caps enable: yes


RP/0/RP0/CPU0:r20#sh run segment-routing
Sun Sep 20 00:14:33.060 CDT
segment-routing
traffic-eng
segment-list my-srte-sidlist-2
index 1 address ipv4 10.20.0.24
index 2 address ipv4 10.20.0.23
index 3 address ipv4 10.20.0.22
!
policy my-srte-policy
binding-sid mpls 100
color 1 end-point ipv4 10.20.0.22
autoroute
include all
!
candidate-paths
preference 1
explicit segment-list my-srte-sidlist-2

-Aaron

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Somehow the email got messed up... to be clear, the traffic was flowing like
this...


r10--->r20--->r24--->r20(again)--->r21--->r22--->r23--->r22(again)--->r30


r10 r30
| |
| |
r20-----r21-----r22
| |
| |
r24------X------r23

i put an X where I accidentally brought down the connection

here was the segment list configured in the srte policy...

segment-list my-srte-sidlist-2
index 1 address ipv4 10.20.0.24
index 2 address ipv4 10.20.0.23
index 3 address ipv4 10.20.0.22


-Aaron



_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Trying again...formatting the router hops in a different way as the email is
getting messed up

r10 r30
| |
| |
r20-----r21-----r22
| |
| |
r24------X------r23


i put an X where I accidentally brought down the connection

traceroute started on r10 and destined for r30...

r10--->

r20--->

r24--->

r20(again)--->

r21--->

r22--->

r23--->

r22(again)--->

r30


here was the segment list configured in the srte policy...

segment-list my-srte-sidlist-2
index 1 address ipv4 10.20.0.24
index 2 address ipv4 10.20.0.23
index 3 address ipv4 10.20.0.22


-Aaron



_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: SR-TE [ In reply to ]
Aaron, not surprised here. In case of SR-TE, all the labels are imposed at
the headend (R20) and headend does the validation to make sure the explicit
path is still valid (If you would have specified the adjacency label for
the link R24->R23 then the path would have become invalid after the link
down). In your case, since you have the loopbacks defined which will
translate to Node-Sid's for the routers, So after the link between R24-R23
got removed from the topology, R24 LFIB is pointing towards R20 to reach
R23 which is the next-label imposed on your label stack.

On Sat, Sep 19, 2020 at 11:06 PM <aaron1@gvtc.com> wrote:

> Trying again...formatting the router hops in a different way as the email
> is
> getting messed up
>
> r10 r30
> | |
> | |
> r20-----r21-----r22
> | |
> | |
> r24------X------r23
>
>
> i put an X where I accidentally brought down the connection
>
> traceroute started on r10 and destined for r30...
>
> r10--->
>
> r20--->
>
> r24--->
>
> r20(again)--->
>
> r21--->
>
> r22--->
>
> r23--->
>
> r22(again)--->
>
> r30
>
>
> here was the segment list configured in the srte policy...
>
> segment-list my-srte-sidlist-2
> index 1 address ipv4 10.20.0.24
> index 2 address ipv4 10.20.0.23
> index 3 address ipv4 10.20.0.22
>
>
> -Aaron
>
>
>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/