In this post, we will go a further step to segment routing. In our previous post, we have expained what segment-routing is and how to build it under IS-IS. Steering traffic means you can re-direct any traffic according to its labels towards any router.
Segment-routing provides a label per router, we say segment id. So each router of mpls will have its own labels. At the headend of mpls, ingress router, you can create a policy and design a path to reach egress router. In order to design this path, we will need to add label-stack to packets. These label stack is actually instructions. For example if it is like [900002 900003], it means packet will be forwarded to 900002 router then 900003. This routing will be done by using mpls lfib route table.
There are 4 policy at below condifiguration. As you will see, there is binding sid under each endpoint of policy. This means, if packet comes with this label, that policy will be applied. Maybe you can receive routes via BGP with extended community of color, then colored policy will be applied. As you see , you manipulate the traffic.
We will start traffic from A1 interface to A2 interface for test. A1 has a static label which is 1000010. So packet will come to PE1 and PE1 will see 1000010 on packet. Accorrding to LFIB, it will toward traffic to policy which we defined as below. First policy has endpoint 192.168.12.2 which is interface of A2.
Configuration: Policy
router traffic-engineering
segment-routing
rib system-colored-tunnel-rib
!
policy endpoint 192.168.12.2 color 10
binding-sid 1000010
!
path-group preference 100
segment-list label-stack 900005 900002
!
policy endpoint 192.168.22.2 color 20
binding-sid 1000020
!
path-group preference 100
segment-list label-stack 900004 900002
!
policy endpoint 192.168.100.2 color 10
binding-sid 1000012
!
path-group preference 100
segment-list label-stack 900003 900002
!
policy endpoint 192.168.100.2 color 20
binding-sid 1000022
!
path-group preference 100
segment-list label-stack 900004 900002
router-id ipv4 192.168.100.1
Check LFIB on Ingress
Now, A1 sends packet with label 1000010. So PE1 will send it to tunnel SR policy. SR says it will have label stack [ 900005 900003]. 900005 is P5 router. 900003 is P6 router.
Checking 1000010 LFIB of PE1
1000010 is pop on table. Why? Because 900005 is next router of PE1 and 900005 says label will be popped.
PE1#sh mpls lfib route 1000010
MPLS forwarding table (Label [metric] Vias) - 1 routes
MPLS next-hop resolution allow default route: False
...
ST 1000010 [1], SR-TE Policy 192.168.12.2, color 10
via SR-TE tunnel index 9, weight 1, pop
payload autoDecide, ttlMode uniform, dscpMode uniform, apply egress-acl
via 192.168.15.5, Ethernet6, label 900002
PE1#
Checking 900005 LFIB of PE1
Clearly it shows it will pop and send to next router P5. Packet will have 90002 label since there is label-stack of SR policy.
PE1#sh mpls lfib route 900005
MPLS forwarding table (Label [metric] Vias) - 1 routes
MPLS next-hop resolution allow default route: False
...
IP 900005 [1], 192.168.100.5/32
via M, 192.168.15.5, pop
payload autoDecide, ttlMode uniform, apply egress-acl
interface Ethernet6
Checking 900002 LFIB on P5
It swaps to again 900002 to reach PE2. So P6 will get labeled 900002
P5#show mpls lfib route 900002
MPLS forwarding table (Label [metric] Vias) - 1 routes
MPLS next-hop resolution allow default route: False
...
IP 900002 [1], 192.168.100.2/32
via M, 192.168.56.6, swap 900002
payload autoDecide, ttlMode uniform, apply egress-acl
interface Ethernet2
Checking 900002 LFIB on P6
Since penultimate hop popping behavior, P6 will pop and sends packet with unlabeld to PE2. PE2 will forward packet to A2.
P6#show mpls lfib route 900002
...
IP 900002 [1], 192.168.100.2/32
via M, 192.168.26.1, pop
payload autoDecide, ttlMode uniform, apply egress-acl
interface Ethernet2