MPLS, Segment Routing and SD-WAN in Enterprise Networks

#CLUS

Dhrumil Prajapati (Solutions Architect)

Min Ma (Consulting Systems Engineer)

BRKMPL-2116

Design & Customer Use Cases

MPLS, Segment Routing and SD-WAN in Enterprise Networks

Agenda

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 3BRKMPL-2116

• Introduction

• Enterprise MPLS (Dhrumil Prajapati)

• Design and Use Cases

• Integrating WAN, Edge and DC

• Deployment Best Practices

• Q&A’s

• Segment Routing & SDWAN (Min Ma)

• Challenges

• Segment Routing Review

• Cisco SDWAN Review

• Anatomy of the Use Case

• Conclusion

MPLS in Enterprise Networks

#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

- CIO of a Fortune 500 Company

“A modern day network should be flexible enough to accommodate any service, anytime, without any impact to other services sharing the same network”

5BRKMPL-2116

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS

Why do we need MPLS in Enterprise Networks?

• End-to-end segmentation

• Underlay transport agnostic

• Multi-tenancy

• IP overlap during acquisition or mergers

• Link consolidation for large organizations with multiple departments

• Bridge SDA, ACI, SDWAN, Edge segments

• Customized and centralized managed services

6BRKMPL-2116


Who can benefit from MPLS?

• Managed service providers

• Enterprises looking for lowering transport and operational costs

• Enterprises looking for acquisition or merger

• Enterprises with various Business Units requiring segmentation

• Organizations who are co-hosting facilities at multiple places

• Organizations looking to add services without impacting other services or any downtime

7BRKMPL-2116

Enterprise MPLS Use Cases


MPLS Use Case Customer Verticals

• Transportation

• Logistics

• Financial institutions

• Energy sector

• State, Local and Education Departments

• R&D and Manufacturing industries

• Managed service providers

9BRKMPL-2116


MPLS Terminology

• PE ≈ Provider Edge Router ≈ MPLS service aggregation router

• P ≈ Provider Router ≈ MPLS transit router

• CE ≈ Customer Edge Router ≈ service gateway router

• RR ≈ Route Reflectors

• LSP ≈ Labelled Switch Path

• Inter-AS Option B ≈ VRF Exchange via eBGP peer at the AS Edge

• Inter-AS Option C ≈ VRF Exchange via eBGP peer at RRs

10BRKMPL-2116


DC 1 DC 2

MPLS between Data Centers

11BRKMPL-2116

PE PE

PE PE

P P

PP

BGP AS 65000 BGP AS 65001IPv4 iBGP

MeshIPv4 iBGP

MeshIPv4 eBGP

with MPLS BGP Label + Forwarding

VPNv4 eBGP

BGP LabelLDP Label LDP Label

End-to-end LSP

VRF

VRF

VRF

VRF

VRF VRF


VRFVRF

VRF

VRFVRF

VRF

Branch and Data Center Service Segmentation

12BRKMPL-2116

BGP AS 65000 BGP AS 65001

P P

VRF

PE PE

PEPE

VRF

VRF

VRF

VRF

VRF

Multi-VRFWAN/SDWAN

VRF

VRF

Branch 1

VRF

VRF

Branch 2

LSP

VPNv4 eBGP

IPv4 iBGPMesh

IPv4 iBGPMesh

IPv4 eBGPwith MPLS BGP Label + Forwarding


Branch and Data Center Service Resiliency

13BRKMPL-2116

VRFVRF

VRF

VRFVRF

VRF

BGP AS 65000 BGP AS 65001

P PPE PE

PEPE

VRF

VRF

VRF

VRF

VRF

Multi-VRFWAN/SDWAN

VRF

VRF

Branch 1

VRF

VRF

Branch 2

LSP

VPNv4 eBGP

IPv4 iBGPMesh

IPv4 iBGPMesh

IPv4 eBGPwith MPLS BGP Label + Forwarding


Link Consolidation using MPLS - Before

14BRKMPL-2116

25% utilized

25% L2 utilized45% L3 utilized

10G L2 Link10G L3 Link

SAN

CORE

DC 1

SAN

CORE

DC 2


Link Consolidation using MPLS - After

15BRKMPL-2116

12% L2/L3utilized

10G L2 Link10G L3 Link100G L3 Link

SAN

DC 1

CORE

SAN

DC 2

CORE

MPLSBackbone

VRFs for L3VPN

Pseudowires for L2 links

Integrating WAN, Edge and Data Center

Deployment Best Practices


Pre-requisites for MPLS in Enterprise Network

• Architecture and design review

• Placement of PEs

• Placement of Route Reflectors

• MPLS capable hardware and licensing

• Layer 3 underlay

• Redundancy and transport throughput assessment

• MTU

19BRKMPL-2116


Key Components and steps of MPLS

• Layer 3 underlay – OSPF or ISIS preferred

• /32 loopbacks for all MPLS enabled devices

• Label Distribution Protocol (LDP)

• VRFs

• Route Distinguishers and Route Targets

• MP-BGP peers with VPNV4 address families

• End-to-end Labelled Switched Path (LSP)

20BRKMPL-2116


MPLS – Troubleshooting Tips!

• End-to-end LSP is a MUST for traffic to flow. Routing might look okay but need to verify that all packets are sent as labelled packets

• Beware of BGP’s AD

• For a packet to be sent labelled, label needs to be learned from the routing protocol which has the destination route installed in RIB

• For BGP based MPLS forwarding, /32 route is a must on IOS-XR

21BRKMPL-2116


Tips on MPLS Migration

• Run the design in a lab or a simulator before migrating production environment

• Underlay should be stable and should be passing traffic optimally

• Bring your RRs, and PEs online before migrating any production VRFs and test end-to-end connectivity using test VRF.

• Bring on one VRF at a time on MPLS network; verify and test before proceeding further

• For Inter-AS options C, ensure traffic is flowing optimally through the network and RRs are not becoming transit routers.

22BRKMPL-2116

Questions?


• Challenges

• Segment Routing Review

• Cisco SDWAN Review

• Anatomy of the Use Case

Segment Routing & SDWAN

24BRKMPL-2116


Challenges

• IP/MPLS networks in enterprises is complex to deploy and manage

• Simplify traffic engineering implementation in WANs

• Traffic engineering based on application identification

• Consolidate end-to-end policy control and management instead of hop-by-hop configuration

25BRKMPL-2116


Solutions

26BRKMPL-2116

• Segment routing technology eliminates the need for LDP, simplifying the configuration and maintenance of MPLS networks

• The SRTE technology based on SR policy replaces the traditional RSVP-TE

• Simple configuration

"SR Policy" replaces complex tunnel interfaces

• Automated steering

No complex steering

• Scalable

No core state: state in the packet header

• Application Aware Routing Policy provided by the policy-based SDWAN (Viptela) makes deployment of traffic engineering based on application identification very easy

• End-to-End Traffic Engineering Control with SR Policy Controller and SDWAN (Viptela ) Policy Controller


The Concept and Practice of SRTE

27BRKMPL-2116

• Segment routing basic knowledge recap

• SR Traffic Engineering based on SR Policy

• Color and endpoint definitions

• Candidate paths and preference

• Binding-SID and automated steering

• Use Case One: Basic SR policy configuration

-Anycast SID, candidate paths and preference

• Use Case Two: Constraint configuration of SR policy

-Affinity attributes and TE metrics


PE1CE1 P1 P2 P3 P4

P5 P6 P7 PE2 CE2

Service: L3VPN, L2VPN, 6PE, 6VPE, …

Prefix-SIDLoopback0Label 16099

Prefix-SIDLoopback0Label 16007

Ad

jlab

el 2

40

01

Segment 1

Segment 2

Segment 3

Prefix-SIDs are global labelsAdj-SIDs are local labels

16007

24001

16099

16007

24001

16007

16007

16007

24001Prefix-Sid label

Adj-SID label

Deviate from shortest path – Source Routing: Traffic Engineering based on SR

SR Overview - Basic


Topological path to SID-list – Example 1

29BRKMPL-2116

• Desired topological path = 1234

• SID-list = <16002, 16004>

• 16002 brings the packet from 1 to 2 (shortest path from Node1 to Node2)

• 16004 brings the packet from 2 to 4 via 3 (shortest path from Node2 to Node4)

1 2

4 3

20

Default link metric: 10

16002

16004



30BRKMPL-2116

• Desired topological path = 1234

• SID-list = <16003, 30304>

• 16003 brings the packet from 1 to 3 (shortest path from Node1 to Node3)

• 30304 brings the packet from 3 to 4 using the Adjacency-SID

1 2

4 3


16003

30304

100



• Note that the derivation of the SID-list to express a topological path only considers IGP metric, not TE metric

• Default forwarding uses shortest IGP metric forwarding entries

• Example: shortest TE metric path is 1234

• Cumulative TE metric is 30

• The IGP metric topology is the same asExample 2 on previous slide resulting SID-list = {16003, 30304}

1 2

4 3

16003

30304

I:100T:10

I:10T:100

Default IGP link metric: I:10Default TE link metric: T:10


Anycast-SID

• The nodes on Plane1 (blue) advertise Anycast-SID 16111 (1.1.1.111/32)

• The nodes on Plane2 (red) advertise Anycast-SID 16222 (1.1.1.222/32)

• The explicit path on Node1 steers packets via SID-list <16111, 16003>

• The path stays on Plane1, except if both uplinks to Plane1 fail or Plane1 becomes partitioned

1 211

13 14

21

23 24SID-list:< 16111, 16003 > 3

12

22


SR Traffic Engineering based on SR Policy

• An SR Policy is uniquely identified by a tuple(head-end, color, end-point)

Head-end: where the SR Policy is instantiated (implemented)

Color: a numerical value to differentiate multiple SRTE Policies between the same pair of nodes

End-point: the destination of the SR Policy

• At a given head-end, an SR Policy is uniquely identified by a tuple (color, end-point) 2 3

7 6

4

1

5

SR Policy

(1, green, 4)Head-end: 1Color: greenEnd-point: 4


Automated steering

• BGP can automatically steer traffic into an SR Policy based on BGP next-hopand color of a route

• color of a route is specified by its color extended community attribute

• By default:If the BGP next-hop and color of a route match the end-point and color of an SR Policy, then BGP installs the route resolving on the BSID of the SR Policy

• end-point and color uniquely identify an SR Policy on a given head-end

1

2 3

5 4

110.1.1.3/32 (color 10, NH 1.1.1.3)

via SR Policy POL10 (10, 1.1.1.3)

120.1.1.13/32 (color 20, NH 1.1.1.3)

via SR Policy POL20 (20, 1.1.1.3)

110.1.1.3/32

120.1.1.3/32

POL20

POL10


SR Policy – Candidate Paths

• An SR Policy consists of one or more candidate paths (Cpaths)

• An SR Policy instantiates one single path in RIB/FIB

• A candidate path is either dynamic or explicit

SR Policy Cpath1

Cpath2

Cpathn

...

CandidatePaths


SR Policy – Candidate Path

• A candidate path is a single segment list (SID-list) or a set of weighted* SID-lists

• Typically, an SR Policy path only contains a single SID-list

• Traffic steered into an SR Policy path is load-shared over all SID-lists of the path

SID = Segment ID*For Weighted Equal Cost Multi-Path (WECMP) load-sharing.

SR Policy

Cpathn

...

Cpath1...

SID-list1m

Weight1m

SID-list11

Weight11

...

SID-listnk

Weightnk

SID-listn1

Weightn1


Dynamic Path

• A dynamic path expresses an optimization objective and a set of constraints

• The head-end computes a solution to the optimization problem as a SID-list or a set of SID-lists

• When the head-end does not have enough topological information (e.g. multi-domain problem), the head-end may delegate the computation to a PCE

• Whenever the network situation changes, the path is recomputed

...

SID-listk

Weightk

SID-list1

Weight1

Dynamic path

OptimizationObjective

Constraints

computepath


Explicit Path

• An explicit path is an explicitly specified SID-list or set of SID-lists

Explicit path ...

SID-listk

Weightk

SID-list1

Weight1

SID11 SID12 SID1n

SIDk1 SIDk2 SIDkm


Candidate Paths

• A candidate path has a preference

• A path is selected for an SR Policy (i.e. it is the preferred path) when the path is valid AND its preference is the best (highest value) among all the candidate paths of the SR Policy

• A candidate path is associated with a single Binding-SID

• A candidate path is valid if it is usable

• A head-end may be informed about candidate paths for an SR Policy (color, end-point) by various means including: local configuration (CLI), netconf, PCEP, or BGP

SR Policy

Cpathn

Preferencen

...

Cpath1

Binding-SIDn

Preference1

Binding-SID1

SID-list1m

...

Weight1m

SID-list11

Weight11

SID-listnk

...

Weightnk

SID-listn1

Weightn1

netconfCLI

PCEPBGP

SRTE


Path’s source does not influence selection

SR Policy

( Head, Color, End )

SID-list11

<16003,

16004>

Weight 1

SID-list12

<16004>

Weight 4

Cpath1

Pref 110

SID-list21

<16004>Cpath2

Pref 100

Provided by e.g. local configuration

Provided by e.g. BGP SRTE

VA

LID

VA

LID

VA

LID✔ Cpath3

Pref 200

SID-list31

<16005,

16004>


Selection of a new preferred path

SR Policy

( Head, Color, End )

SID-list21

<16004>Cpath2

Pref 100

Cpath3

Pref 200

SID-list31

<16005,

16004>

Provided by e.g. local configuration

Provided by e.g. BGP SRTE

VA

LID

VA

LID

INV

AL

ID

✔SID-list11

<16003,

16004>

Weight 1

SID-list12

<16004>

Weight 4

Cpath1

Pref 110


Active SR Policy

• An SR Policy (color, end-point) is active at a head-end as soon as this head-end knows about a valid candidate path for this policy

• An active SR Policy installs a BSID-keyed entry in the forwarding table with the action of steering the packets matching this entry to the SID-list(s) of the SR Policy

42BRKMPL-2116


• The BSID of an SR Policy is the BSID of the selected path

VA

LID

VA

LID

Binding-SID (BSID) of an SR Policy

SR Policy

Cpathn

Preferencen

Cpath1

Binding-SIDn

Best Pref

Binding-SID1

SID-list1m

...

Weight1m

SID-list11

Weight11

SID-listnk

...

Weightnk

SID-listn1

Weightn1

✔

...


Active SR Policy – FIB entry

2 3

6 5

41

20


10GE

40GE

SR Policy

SID-list:

<16003,

16004>

Selected

Path

BSID:

40104

Forwarding table on Node1

In Out Out_intf Fraction

40104 <16003, 16004> To Node2 100%

Use Case

Basic SR policy configuration

（Anycast SID, candidate paths and preference)


Use Case DC11

R2

R1

R3

R5

R8

R4

R9

R6

R7

R11

R10

R12

R14

R17

R13

R18

R15

R16

DC12 DC21 DC22 DC31 DC32

BR1 BR2

10

20

30

70

50

60

80

90

101

103104

105

106

107

108

109

111112

113

114

115

116

118

119

120121

122

123

125

126

127

128

129

130

131

132

134

135 136 137

40

1 2 34

Core WAN Architecture

(BGP & BGP MPLS/VPNover SR)

DC A

AS65100 AS65200 AS65300

AS65001

BGP SR Policy Controller

Traffic patterns:Type-1 App traffic path priorities: 1>2>3>4Prefer to use red lines and avoid using blue lines between R11-R14-R17

Type-2 App traffic path priorities: 3>4Prefer to use blue lines and avoid using red lines between R2-R5-R8

Aggregation PE

Access PE

Router-id of Node X : 1.1.1.XPrefix-SID index of NodeX : XLink subnet: 10.0.NET.0/24

P

DC B DC C


Distinguisher:122

Color:10

Endpoint:1.1.1.3

BGP sr-policy neighbor:10.75.53.20

47BRKMPL-2116

SRTE design for type-1 application traffic pattern

Only one SR policy needs to be configured for uplink traffic from access PE to aggregation PE in Anycast SID mode.

For example: Segment list {16100,16003} *Anycast SID:16100*

For downlink traffic, one SR policy with 4 candidate paths with different preferences need to be configured on the aggregate PE router (e.g. R3, R6, R9, etc.)

RP/0/0/CPU0:BR1#show bgp ipv4 sr-policy BGP router identifier 1.1.1.20, local AS number 65001BGP generic scan interval 60 secsNon-stop routing is enabledBGP table state: ActiveTable ID: 0x0 RD version: 36BGP main routing table version 36BGP NSR Initial initsync version 2 (Reached)BGP NSR/ISSU Sync-Group versions 0/0BGP scan interval 60 secsStatus codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork codes: [distinguisher][color][endpoint]/mask

Network Next Hop Metric LocPrf Weight Path*>i[122][10][1.1.1.3]/96

10.75.53.20 100 0 i

Processed 1 prefixes, 1 paths

router bgp 65001address-family ipv4 sr-policy!neighbor 10.75.53.20

remote-as 65001address-family ipv4 sr-policyroute-policy pass-all inroute-policy pass-all out


Use Case DC11

R2

R1

R3

R5

R8

R4

R9

R6

R7

R11

R10

R12

R14

R17

R13

R18

R15

R16


BR1 BR2

10

20

30

70

50

60

80

90

101

103104

105

106

107

108

109

111112

113

114

115

116

118

119

120121

122

123

125

126

127

128

129

130

131

132

134

135 136 137

40

1 2 34



DC A

AS65100 AS65200 AS65300

AS65001


Aggregation PE

Access PE

P

Anycast SID 16100(R1,R4,R7)

Traffic patterns:Type-1 App traffic path priorities: 1>2>3>4Prefer to use red lines and avoid using blue lines between R11-R14-R17

DC B DC C


SR policy Configuration-uplink traffic

{"origin": "IGP","username": "admin","endpoint": "1.1.1.3","name": "BR1-X3-N1","color": "10","BGP_SESSION": ["BR1"],"distinguisher": "122","segement_lists": [{

"1": [{"3": {

"node": "1.1.1.100"}

}, {"3": {

"node": "1.1.1.3"}

}],"9": 10

}],"as_path": [],"tlv_encoding": "new","ADMIN_STATUS": "advertise","next_hop": "","create_time": 1523802386.820324,"policy_preference": "400","binding_sid": "9001","_id": {

"$oid": "5ad36112c13f80000ca534d6"},"TYPE": "ipv4_sr_policy","local_pref": 100

}

BSID :9001

Preference:400

Segment-list: {1.1.1.100} {1.1.1.3}

Anycast IP: 1.1.1.100

RP/0/0/CPU0:BR1#sh bgp ipv4 sr-policy [122][10][1.1.1.3]/96

BGP routing table entry for [122][10][1.1.1.3]/96Versions:

Process bRIB/RIB SendTblVerSpeaker 36 36

Last Modified: Apr 15 08:10:32.604 for 09:57:18Paths: (1 available, best #1, not advertised to any peer)

Not advertised to any peerPath #1: Received by speaker 0Not advertised to any peerLocal10.75.53.20 from 10.75.53.20 (172.17.0.4)

Origin IGP, localpref 100, valid, internal, best, group-bestReceived Path ID 0, Local Path ID 0, version 36Community: no-advertiseTunnel encap attribute type: 15 (SR policy)bsid 9001, preference 400, num of segment-lists 1segment-list 1, weight 10segments: {1.1.1.100} {1.1.1.3}

SR policy state is UP, Allocated bsid 9001

BGP SR policy controller



extcommunity-set opaque c1010

end-set

router bgp 65001bgp router-id 1.1.1.20address-family ipv4 unicastnetwork 192.0.1.0/24

neighbor 1.1.1.19remote-as 65001update-source Loopback0address-family ipv4 unicastroute-policy sr-policy inroute-policy br-comm-set out

RP/0/0/CPU0:BR1#sh bgpStatus codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path*>i191.0.1.0/24 1.1.1.3 C:10 0 200 0 65100 i* i 1.1.1.12 C:10 100 0 65100 i*>i191.0.2.0/24 1.1.1.6 C:20 0 200 0 65200 i*>i191.0.3.0/24 1.1.1.9 C:30 0 200 0 65300 i* i 1.1.1.18 100 0 65300 i*>i191.0.4.0/24 1.1.1.12 C:40 0 200 0 65100 i* i 1.1.1.3 C:40 100 0 65100 i*>i191.0.5.0/24 1.1.1.6 C:50 100 0 65200 i*>i191.0.6.0/24 1.1.1.18 0 200 0 65300 i* i 1.1.1.9 C:60 100 0 65300 i

RP/0/0/CPU0:BR1#sh bgp 191.0.1.0/24Paths: (2 available, best #1)Not advertised to any peer

651001.1.1.3 C:10 (bsid:9001) (metric 1021) from 1.1.1.19 (1.1.1.3)

Origin IGP, metric 0, localpref 200, valid, internal, best, group-bestReceived Path ID 0, Local Path ID 0, version 402Community: 300:1Extended community: Color:10 Originator: 1.1.1.3, Cluster list: 1.1.1.19SR policy color 10, up, registered, bsid 9001

Define color

route-policy sr-policyif destination in (191.0.1.0/24) thenset extcommunity color c10

endifpassend-policy

Assign color to specific destination route

Color assignment on ingress PE

SR policy must be activated


Enable the following command under ISIS/OSPF to feed the SRTE DB on the head-end:

router ospf 100

distribute link-state

51BRKMPL-2116

RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16003 Gi0/0/0/0 10.0.10.2 384

SR policy Configuration- uplink traffic RP/0/0/CPU0:BR1#sh segment-routing traffic-eng policy detail SR-TE policy database---------------------Name: bgp_AP_16 (Color: 10, End-point: 1.1.1.3)

Status:Admin: up Operational: up for 09:56:47 (since Apr 15 08:10:32.649)

Candidate-paths:Preference 400:

Explicit: segment-list Autolist_16_1* (active)Weight: 10, Metric Type: IGP

16100 [Prefix-SID, 1.1.1.100] 16003 [Prefix-SID, 1.1.1.3]

Attributes:Binding SID: 9001

Allocation mode: explicitState: ProgrammedPolicy selected: yes

Forward Class: 0Distinguisher: 122

Auto-policy info:Creator: BGPIPv6 caps enable: no

RP/0/0/CPU0:BR1#sh cef 191.0.1.0/24 detail .........................

via local-label 9001, 3 dependencies, recursive [flags 0x6000]path-idx 0 NHID 0x0 [0xa160a85c 0x0]recursion-via-labelnext hop via 9001/1/21

Load distribution: 0 (refcount 1)Hash OK Interface Address0 Y bgp_AP_16 point2point

To confirm the next hop of destination route in the forwarding table is the BSID you have assigned.




RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.11 10.0.10.2 [MPLS: Label 16003 Exp 0] 39 msec 29 msec 39 msec2 10.0.30.2 [MPLS: Label 16003 Exp 0] 39 msec 39 msec 79 msec3 10.0.70.2 79 msec 69 msec 29 msec4 10.0.90.2 39 msec * 29 msec


RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.2 1 10.0.134.2 [MPLS: Labels 16100/16003 Exp 0] 49 msec 49 msec 49 msec2 10.0.101.2 [MPLS: Label 16003 Exp 0] 69 msec 59 msec 89 msec3 10.0.104.2 [MPLS: Label 16003 Exp 0] 99 msec 109 msec 109 msec4 10.0.60.1 [MPLS: Label 16003 Exp 0] 49 msec 49 msec 59 msec5 10.0.70.2 49 msec 59 msec 69 msec6 10.0.90.2 59 msec * 59 msec

Type-1 App uplink traffic is sent with link #1.

After the 1st link fails…….

Sr policy recalculates the path and selects link #2.

1#

2#


SR policy Configuration-uplink traffic RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policySun Apr 15 18:13:24.311 UTCPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/1 10.0.123.2 460

RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1 1 10.0.123.2 [MPLS: Labels 16100/16003 Exp 0] 109 msec 59 msec 49 msec2 10.0.103.1 [MPLS: Label 16003 Exp 0] 59 msec 49 msec 59 msec3 10.0.104.2 [MPLS: Label 16003 Exp 0] 49 msec 59 msec 49 msec4 10.0.60.1 [MPLS: Label 16003 Exp 0] 59 msec 129 msec 49 msec5 10.0.70.2 49 msec 69 msec 59 msec6 10.0.90.2 69 msec * 59 msec

RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policyPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/2 10.0.134.2 980

RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1 1 10.0.134.2 [MPLS: Labels 16100/16003 Exp 0] 69 msec 79 msec 79 msec2 10.0.129.2 [MPLS: Labels 16100/16003 Exp 0] 69 msec 69 msec 69 msec3 10.0.111.1 [MPLS: Label 16003 Exp 0] 159 msec 89 msec 69 msec4 10.0.112.2 [MPLS: Label 16003 Exp 0] 59 msec 69 msec 79 msec5 10.0.50.1 [MPLS: Label 16003 Exp 0] 69 msec 69 msec 59 msec6 10.0.70.2 59 msec 49 msec 49 msec7 10.0.90.2 69 msec * 69 msec

After the 3rd link fails…….



After the 2nd link fails…….

3#

4#


SR policy Configuration-downlink traffic

Configure policies from BGP SR policy controller


SR policy Configuration-downlink trafficName: bgp_AP_28 (Color: 70, End-point: 1.1.1.20)


Candidate-paths:Preference 200:Explicit: segment-list Autolist_28_1* (active)

Weight: 10, Metric Type: IGP16013 [Prefix-SID, 1.1.1.13]24001 [Adjacency-SID, 10.0.123.2 - 10.0.123.1]

………

Name: bgp_AP_29 (Color: 70, End-point: 1.1.1.20)Status:Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)


Weight: 10, Metric Type: IGP16016 [Prefix-SID, 1.1.1.16]24001 [Adjacency-SID, 10.0.129.2 - 10.0.129.1]24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]

………

RP/0/0/CPU0:X3#sh segment-routing traffic-eng policy detail SR-TE policy database---------------------Name: bgp_AP_26 (Color: 70, End-point: 1.1.1.20)



Weight: 10, Metric Type: IGP16001 [Prefix-SID, 1.1.1.1]24000 [Adjacency-SID, 10.0.10.2 - 10.0.10.1]

………

Name: bgp_AP_27 (Color: 70, End-point: 1.1.1.20)Status:

Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)Candidate-paths:

Preference 300:Explicit: segment-list Autolist_27_1* (active)Weight: 10, Metric Type: IGP

16004 [Prefix-SID, 1.1.1.4]24000 [Adjacency-SID, 10.0.101.2 - 10.0.101.1]24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]

………

3#

4#

1#

2#


SR policy Configuration-downlink traffic

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_26 Autolist_26_1* 16001 Gi0/0/0/0 10.0.70.1 4356 bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 0 bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 0 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 4932 bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 0 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 4846 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 4552

1#

2#

3#

4#

4 candidate paths with different preferences .

SR policy will switch TE pathautomatically once detected candidate path is invalid


• Define colors and match BGP or BGP MPLS VPN routes to specific colors

• Define an SR policy, which can be configured locally or receive BGP sr policy update messages through the BGP controller.

• color and endpoint

• candidate path with preference

• segment list with weight (option), segment list can be dynamic or explicit

• BSID value (option)

57

SR policy configuration summary

BRKMPL-2116

Use Case

Constraint configuration of SR policy

(Affinity attributes and TE metrics)


Use Case DC11

R2

R1

R3

R5

R8

R4

R9

R6

R7

R11

R10

R12

R14

R17

R13

R18

R15

R16


BR1 BR2

10

20

30

70

50

60

80

90

101

103104

105

106

107

108

109

111112

113

114

115

116

118

119

120121

122

123

125

126

127

128

129

130

131

132

134

135 136 137

40

1 2 34



DC A

AS65100 AS65200 AS65300

AS65001


Aggregation PE

Access PE

P

Type-2 App traffic path priorities: 3>4Prefer to use blue lines and avoid using red lines between R2-R5,R2-R8

DC B DC C


RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy SR-TE policy database---------------------Name: oa (Color: 40, End-point: 1.1.1.12)Status:


Preference 400:Constraints:

Affinity:exclude-any:red

Dynamic (active)Weight: 0, Metric Type: TE16014 [Prefix-SID, 1.1.1.14]24002 [Adjacency-SID, 10.0.120.2 - 10.0.120.1]16012 [Prefix-SID, 1.1.1.12]

Attributes:Binding SID: 9003Allocation mode: explicitState: ProgrammedPolicy selected: yes

Forward Class: 0

RP/0/0/CPU0:BR2#sh segment-routing traffic-eng forwarding policy Mon Apr 16 01:37:39.859 UTCPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------oa dynamic 16014 Gi0/0/0/2 10.0.134.1 10868


3#

Configure the SRTE metric value between R2-R5-R8 to be greater than the SRTE metric value between R11-R14-R17, and set the affinity attribute of the link between R2-R5-R8 to RED.

Exclude this attribute from the constraints of SR policy to make sure that the link between R2-R5-R8 can never be selected.

The affinity of the link #1 and link #2 of the access PE is also set to RED, so that access PE will exclude link #1 and #2 when calculating candidate path.



RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1

1 10.0.134.1 [MPLS: Labels 16014/24002/16012 Exp 0] 59 msec 49 msec 49 msec2 10.0.123.2 [MPLS: Labels 16014/24002/16012 Exp 0] 49 msec 59 msec 59 msec3 10.0.125.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 49 msec 49 msec4 10.0.120.1 [MPLS: Label 16012 Exp 0] 49 msec 59 msec 49 msec5 10.0.121.2 49 msec 49 msec 59 msec6 10.0.122.2 59 msec * 59 msec

RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy SR-TE policy database---------------------Name: oa (Color: 40, End-point: 1.1.1.12)Status:


Preference 400:Constraints:Affinity:exclude-any:red

Dynamic (active)Weight: 0, Metric Type: TE

16017 [Prefix-SID, 1.1.1.17]24002 [Adjacency-SID, 10.0.119.2 - 10.0.119.1]16012 [Prefix-SID, 1.1.1.12]

………

RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1

1 10.0.129.2 [MPLS: Labels 16017/24002/16012 Exp 0] 89 msec 39 msec 39 msec2 10.0.130.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 39 msec 39 msec3 10.0.119.1 [MPLS: Label 16012 Exp 0] 39 msec 59 msec 49 msec4 10.0.121.2 49 msec 39 msec 39 msec5 10.0.122.2 29 msec * 39 msec

After shutdown the link

between R11-R14

Head-end PE calculate new SR

candidate path based on affinity

constraint and TE metric

3# 4#

Use Case

Application Aware Routing Policy

(The policy-based SDWAN (Viptela) )


Cisco SD-WAN (Viptela) Review• Applying SDN Principles Onto The Wide Area Network

APIs

3rd PartyAutomation

vManage

vSmart Controllers

vBond

4GMPLS

INET

vAnalytics

Data Centre Campus Branch SOHOCloud

vEdge Routers

Management/Orchestration Plane

Control Plane

Data Plane


OMP Update: Reachability – IP Subnets, TLOCs Security – Encryption Keys Policy – Data/App-route Policies

BGP, OSPF, Connected, Static

BFD

IPSec Tunnel

OMP

DTLS/TLS Tunnel

Transport1

Transport2VPN1

A

VPN2

B

VPN1

C

VPN2

D

BGP, OSPF, Connected, Static

vSmart

OMPUpdate

OMPUpdate

vEdge vEdge

Subnets Subnets

TLOCs TLOCs

PoliciesOMP

UpdateOMP

Update

Fabric Operation Walk-Through


Application Aware Routing Policy app-route-policy _corpVPN_AppRoutePolicyVPN10vpn-list corpVPNsequence 41matchapp-list Office365

!action

sla-class CriticalData preferred-color mpls

backup-sla-preferred-color biz-internet!!sequence 51matchapp-list YouTube

!action

sla-class VoiceVideoSLA preferred-color biz-internet

backup-sla-preferred-color mpls!!sequence 61matchapp-list HTTPS

!action

sla-class BestEffort preferred-color biz-internet

backup-sla-preferred-color biz-internet!!default-action sla-class BestEffort

!

listsvpn-list corpVPNvpn 10

tloc-list DC-TLOCStloc 10.1.0.1 color mpls encap ipsectloc 10.1.0.1 color biz-internet encap ipsectloc 10.1.0.2 color mpls encap ipsectloc 10.1.0.2 color biz-internet encap ipsectloc 10.2.0.1 color mpls encap ipsectloc 10.2.0.1 color biz-internet encap ipsectloc 10.2.0.2 color mpls encap ipsectloc 10.2.0.2 color biz-internet encap ipsec

apply-policysite-list AllBranchesapp-route-policy

_corpVPN_AppRoutePolicyVPN10!site-list AllDCapp-route-policy

_corpVPN_AppRoutePolicyVPN10!

app-list HTTPSapp-family webapp-family webmail

!app-list Office365

app office365!

app-list YouTubeapp youtubeapp youtube_hd

!site-list AllBranchessite-id 300-499

!site-list AllDCsite-id 100site-id 200

!

policysla-class BestEffortloss 20latency 200!sla-class CriticalDataloss 5latency 80jitter 5!

sla-class VoiceVideoSLAloss 1latency 50jitter 2


Use Case

R3 R6 R9 R12

R1 R4 R13 R16

R15 R18

BR1 BR2

DC21 DC22

BV1

BS1

BV2

BS2

BGP&BGP/MPLS VPN over SRTE

DV1

DS1

DV2

DS2

Color1

Site 100TLOC: 1.1.1.100

Color2 Color1

Color2

Site 100TLOC: 1.1.1.101

Site 200TLOC: 1.1.1.200

Site 200TLOC: 1.1.1.201

Color1

Color1

Color2

Color2

Traffic pattern:Type-3 App traffic-engineering path selection based on DPITLOC Color1 over Red plane, TLOC Color2 over Blue plane

Type-1 & Type-2Type-3

Type-1 & Type-2

Type-3

DV1

BV1

Color1 Color2

Color1 Color2

Site 100TLOC: 1.1.1.100

Site 200TLOC: 1.1.1.200

SRTE Tunnel

IPSEC Tunnel

vEdge

app1 app2


Cisco SDWAN Key Takeaways

• SR Traffic Engineering based on SR Policy is simpler than any previous technology

• It allows enterprises to easily deploy traffic engineering on a large scale

• Cisco SDWAN (Viptela) solution makes it easy to implement traffic engineering based on application identification

• We can use them together to solve complex traffic engineering needs


Cisco Webex Teams

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session

Find this session in the Cisco Events App

Click “Join the Discussion”

Install Webex Teams or go directly to the team space

Enter messages/questions in the team space

How

Webex Teams will be moderated by the speaker until June 18, 2018.

cs.co/ciscolivebot#BRKMPL-2116

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

1

2

3

4

68

Complete your online session evaluation


Give us your feedback to be entered into a Daily Survey Drawing.

Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

69BRKMPL-2116

http://www.ciscolive.com/us

http://www.ciscolive.com/Online


Demos in the Cisco campus

Walk-in self-paced

labs

Meet the engineer

1:1 meetings

Related sessions

Continue your education

70BRKMPL-2116

Thank you

#CLUS

MPLS, Segment Routing and SD-WAN in Enterprise Networks

Documents

Transcript of MPLS, Segment Routing and SD-WAN in Enterprise Networks