MPLS, Segment Routing and SD-WAN in Enterprise Networks
-
Upload
khangminh22 -
Category
Documents
-
view
4 -
download
0
Transcript of MPLS, Segment Routing and SD-WAN in Enterprise Networks
#CLUS
Dhrumil Prajapati (Solutions Architect)
Min Ma (Consulting Systems Engineer)
BRKMPL-2116
Design & Customer Use Cases
MPLS, Segment Routing and SD-WAN in Enterprise Networks
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 3BRKMPL-2116
• Introduction
• Enterprise MPLS (Dhrumil Prajapati)
• Design and Use Cases
• Integrating WAN, Edge and DC
• Deployment Best Practices
• Q&A’s
• Segment Routing & SDWAN (Min Ma)
• Challenges
• Segment Routing Review
• Cisco SDWAN Review
• Anatomy of the Use Case
• Conclusion
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
- CIO of a Fortune 500 Company
“A modern day network should be flexible enough to accommodate any service, anytime, without any impact to other services sharing the same network”
5BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Why do we need MPLS in Enterprise Networks?
• End-to-end segmentation
• Underlay transport agnostic
• Multi-tenancy
• IP overlap during acquisition or mergers
• Link consolidation for large organizations with multiple departments
• Bridge SDA, ACI, SDWAN, Edge segments
• Customized and centralized managed services
6BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Who can benefit from MPLS?
• Managed service providers
• Enterprises looking for lowering transport and operational costs
• Enterprises looking for acquisition or merger
• Enterprises with various Business Units requiring segmentation
• Organizations who are co-hosting facilities at multiple places
• Organizations looking to add services without impacting other services or any downtime
7BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
MPLS Use Case Customer Verticals
• Transportation
• Logistics
• Financial institutions
• Energy sector
• State, Local and Education Departments
• R&D and Manufacturing industries
• Managed service providers
9BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
MPLS Terminology
• PE ≈ Provider Edge Router ≈ MPLS service aggregation router
• P ≈ Provider Router ≈ MPLS transit router
• CE ≈ Customer Edge Router ≈ service gateway router
• RR ≈ Route Reflectors
• LSP ≈ Labelled Switch Path
• Inter-AS Option B ≈ VRF Exchange via eBGP peer at the AS Edge
• Inter-AS Option C ≈ VRF Exchange via eBGP peer at RRs
10BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
DC 1 DC 2
MPLS between Data Centers
11BRKMPL-2116
PE PE
PE PE
P P
PP
BGP AS 65000 BGP AS 65001IPv4 iBGP
MeshIPv4 iBGP
MeshIPv4 eBGP
with MPLS BGP Label + Forwarding
VPNv4 eBGP
BGP LabelLDP Label LDP Label
End-to-end LSP
VRF
VRF
VRF
VRF
VRF VRF
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
VRFVRF
VRF
VRFVRF
VRF
Branch and Data Center Service Segmentation
12BRKMPL-2116
BGP AS 65000 BGP AS 65001
P P
VRF
PE PE
PEPE
VRF
VRF
VRF
VRF
VRF
Multi-VRFWAN/SDWAN
VRF
VRF
Branch 1
VRF
VRF
Branch 2
LSP
VPNv4 eBGP
IPv4 iBGPMesh
IPv4 iBGPMesh
IPv4 eBGPwith MPLS BGP Label + Forwarding
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Branch and Data Center Service Resiliency
13BRKMPL-2116
VRFVRF
VRF
VRFVRF
VRF
BGP AS 65000 BGP AS 65001
P PPE PE
PEPE
VRF
VRF
VRF
VRF
VRF
Multi-VRFWAN/SDWAN
VRF
VRF
Branch 1
VRF
VRF
Branch 2
LSP
VPNv4 eBGP
IPv4 iBGPMesh
IPv4 iBGPMesh
IPv4 eBGPwith MPLS BGP Label + Forwarding
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Link Consolidation using MPLS - Before
14BRKMPL-2116
25% utilized
25% L2 utilized45% L3 utilized
10G L2 Link10G L3 Link
SAN
CORE
DC 1
SAN
CORE
DC 2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Link Consolidation using MPLS - After
15BRKMPL-2116
12% L2/L3utilized
10G L2 Link10G L3 Link100G L3 Link
SAN
DC 1
CORE
SAN
DC 2
CORE
MPLSBackbone
VRFs for L3VPN
Pseudowires for L2 links
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Pre-requisites for MPLS in Enterprise Network
• Architecture and design review
• Placement of PEs
• Placement of Route Reflectors
• MPLS capable hardware and licensing
• Layer 3 underlay
• Redundancy and transport throughput assessment
• MTU
19BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Key Components and steps of MPLS
• Layer 3 underlay – OSPF or ISIS preferred
• /32 loopbacks for all MPLS enabled devices
• Label Distribution Protocol (LDP)
• VRFs
• Route Distinguishers and Route Targets
• MP-BGP peers with VPNV4 address families
• End-to-end Labelled Switched Path (LSP)
20BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
MPLS – Troubleshooting Tips!
• End-to-end LSP is a MUST for traffic to flow. Routing might look okay but need to verify that all packets are sent as labelled packets
• Beware of BGP’s AD
• For a packet to be sent labelled, label needs to be learned from the routing protocol which has the destination route installed in RIB
• For BGP based MPLS forwarding, /32 route is a must on IOS-XR
21BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Tips on MPLS Migration
• Run the design in a lab or a simulator before migrating production environment
• Underlay should be stable and should be passing traffic optimally
• Bring your RRs, and PEs online before migrating any production VRFs and test end-to-end connectivity using test VRF.
• Bring on one VRF at a time on MPLS network; verify and test before proceeding further
• For Inter-AS options C, ensure traffic is flowing optimally through the network and RRs are not becoming transit routers.
22BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
• Challenges
• Segment Routing Review
• Cisco SDWAN Review
• Anatomy of the Use Case
Segment Routing & SDWAN
24BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Challenges
• IP/MPLS networks in enterprises is complex to deploy and manage
• Simplify traffic engineering implementation in WANs
• Traffic engineering based on application identification
• Consolidate end-to-end policy control and management instead of hop-by-hop configuration
25BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Solutions
26BRKMPL-2116
• Segment routing technology eliminates the need for LDP, simplifying the configuration and maintenance of MPLS networks
• The SRTE technology based on SR policy replaces the traditional RSVP-TE
• Simple configuration
"SR Policy" replaces complex tunnel interfaces
• Automated steering
No complex steering
• Scalable
No core state: state in the packet header
• Application Aware Routing Policy provided by the policy-based SDWAN (Viptela) makes deployment of traffic engineering based on application identification very easy
• End-to-End Traffic Engineering Control with SR Policy Controller and SDWAN (Viptela ) Policy Controller
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
The Concept and Practice of SRTE
27BRKMPL-2116
• Segment routing basic knowledge recap
• SR Traffic Engineering based on SR Policy
• Color and endpoint definitions
• Candidate paths and preference
• Binding-SID and automated steering
• Use Case One: Basic SR policy configuration
-Anycast SID, candidate paths and preference
• Use Case Two: Constraint configuration of SR policy
-Affinity attributes and TE metrics
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 28BRKMPL-2116
PE1CE1 P1 P2 P3 P4
P5 P6 P7 PE2 CE2
Service: L3VPN, L2VPN, 6PE, 6VPE, …
Prefix-SIDLoopback0Label 16099
Prefix-SIDLoopback0Label 16007
Ad
jlab
el 2
40
01
Segment 1
Segment 2
Segment 3
Prefix-SIDs are global labelsAdj-SIDs are local labels
16007
24001
16099
16007
24001
16007
16007
16007
24001Prefix-Sid label
Adj-SID label
Deviate from shortest path – Source Routing: Traffic Engineering based on SR
SR Overview - Basic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Topological path to SID-list – Example 1
29BRKMPL-2116
• Desired topological path = 1234
• SID-list = <16002, 16004>
• 16002 brings the packet from 1 to 2 (shortest path from Node1 to Node2)
• 16004 brings the packet from 2 to 4 via 3 (shortest path from Node2 to Node4)
1 2
4 3
20
Default link metric: 10
16002
16004
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Topological path to SID-list – Example 2
30BRKMPL-2116
• Desired topological path = 1234
• SID-list = <16003, 30304>
• 16003 brings the packet from 1 to 3 (shortest path from Node1 to Node3)
• 30304 brings the packet from 3 to 4 using the Adjacency-SID
1 2
4 3
Default link metric: 10
16003
30304
100
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 31BRKMPL-2116
Topological path to SID-list – Example 3
• Note that the derivation of the SID-list to express a topological path only considers IGP metric, not TE metric
• Default forwarding uses shortest IGP metric forwarding entries
• Example: shortest TE metric path is 1234
• Cumulative TE metric is 30
• The IGP metric topology is the same asExample 2 on previous slide resulting SID-list = {16003, 30304}
1 2
4 3
16003
30304
I:100T:10
I:10T:100
Default IGP link metric: I:10Default TE link metric: T:10
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 32BRKMPL-2116
Anycast-SID
• The nodes on Plane1 (blue) advertise Anycast-SID 16111 (1.1.1.111/32)
• The nodes on Plane2 (red) advertise Anycast-SID 16222 (1.1.1.222/32)
• The explicit path on Node1 steers packets via SID-list <16111, 16003>
• The path stays on Plane1, except if both uplinks to Plane1 fail or Plane1 becomes partitioned
1 211
13 14
21
23 24SID-list:< 16111, 16003 > 3
12
22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 33BRKMPL-2116
SR Traffic Engineering based on SR Policy
• An SR Policy is uniquely identified by a tuple(head-end, color, end-point)
Head-end: where the SR Policy is instantiated (implemented)
Color: a numerical value to differentiate multiple SRTE Policies between the same pair of nodes
End-point: the destination of the SR Policy
• At a given head-end, an SR Policy is uniquely identified by a tuple (color, end-point) 2 3
7 6
4
1
5
SR Policy
(1, green, 4)Head-end: 1Color: greenEnd-point: 4
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 34BRKMPL-2116
Automated steering
• BGP can automatically steer traffic into an SR Policy based on BGP next-hopand color of a route
• color of a route is specified by its color extended community attribute
• By default:If the BGP next-hop and color of a route match the end-point and color of an SR Policy, then BGP installs the route resolving on the BSID of the SR Policy
• end-point and color uniquely identify an SR Policy on a given head-end
1
2 3
5 4
110.1.1.3/32 (color 10, NH 1.1.1.3)
via SR Policy POL10 (10, 1.1.1.3)
120.1.1.13/32 (color 20, NH 1.1.1.3)
via SR Policy POL20 (20, 1.1.1.3)
110.1.1.3/32
120.1.1.3/32
POL20
POL10
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 35BRKMPL-2116
SR Policy – Candidate Paths
• An SR Policy consists of one or more candidate paths (Cpaths)
• An SR Policy instantiates one single path in RIB/FIB
• A candidate path is either dynamic or explicit
SR Policy Cpath1
Cpath2
Cpathn
...
CandidatePaths
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 36BRKMPL-2116
SR Policy – Candidate Path
• A candidate path is a single segment list (SID-list) or a set of weighted* SID-lists
• Typically, an SR Policy path only contains a single SID-list
• Traffic steered into an SR Policy path is load-shared over all SID-lists of the path
SID = Segment ID*For Weighted Equal Cost Multi-Path (WECMP) load-sharing.
SR Policy
Cpathn
...
Cpath1...
SID-list1m
Weight1m
SID-list11
Weight11
...
SID-listnk
Weightnk
SID-listn1
Weightn1
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 37BRKMPL-2116
Dynamic Path
• A dynamic path expresses an optimization objective and a set of constraints
• The head-end computes a solution to the optimization problem as a SID-list or a set of SID-lists
• When the head-end does not have enough topological information (e.g. multi-domain problem), the head-end may delegate the computation to a PCE
• Whenever the network situation changes, the path is recomputed
...
SID-listk
Weightk
SID-list1
Weight1
Dynamic path
OptimizationObjective
Constraints
computepath
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 38BRKMPL-2116
Explicit Path
• An explicit path is an explicitly specified SID-list or set of SID-lists
Explicit path ...
SID-listk
Weightk
SID-list1
Weight1
SID11 SID12 SID1n
SIDk1 SIDk2 SIDkm
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 39BRKMPL-2116
Candidate Paths
• A candidate path has a preference
• A path is selected for an SR Policy (i.e. it is the preferred path) when the path is valid AND its preference is the best (highest value) among all the candidate paths of the SR Policy
• A candidate path is associated with a single Binding-SID
• A candidate path is valid if it is usable
• A head-end may be informed about candidate paths for an SR Policy (color, end-point) by various means including: local configuration (CLI), netconf, PCEP, or BGP
SR Policy
Cpathn
Preferencen
...
Cpath1
Binding-SIDn
Preference1
Binding-SID1
SID-list1m
...
Weight1m
SID-list11
Weight11
SID-listnk
...
Weightnk
SID-listn1
Weightn1
netconfCLI
PCEPBGP
SRTE
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 40BRKMPL-2116
Path’s source does not influence selection
SR Policy
( Head, Color, End )
SID-list11
<16003,
16004>
Weight 1
SID-list12
<16004>
Weight 4
Cpath1
Pref 110
SID-list21
<16004>Cpath2
Pref 100
Provided by e.g. local configuration
Provided by e.g. BGP SRTE
VA
LID
VA
LID
VA
LID✔ Cpath3
Pref 200
SID-list31
<16005,
16004>
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 41BRKMPL-2116
Selection of a new preferred path
SR Policy
( Head, Color, End )
SID-list21
<16004>Cpath2
Pref 100
Cpath3
Pref 200
SID-list31
<16005,
16004>
Provided by e.g. local configuration
Provided by e.g. BGP SRTE
VA
LID
VA
LID
INV
AL
ID
✔SID-list11
<16003,
16004>
Weight 1
SID-list12
<16004>
Weight 4
Cpath1
Pref 110
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Active SR Policy
• An SR Policy (color, end-point) is active at a head-end as soon as this head-end knows about a valid candidate path for this policy
• An active SR Policy installs a BSID-keyed entry in the forwarding table with the action of steering the packets matching this entry to the SID-list(s) of the SR Policy
42BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 43BRKMPL-2116
• The BSID of an SR Policy is the BSID of the selected path
VA
LID
VA
LID
Binding-SID (BSID) of an SR Policy
SR Policy
Cpathn
Preferencen
Cpath1
Binding-SIDn
Best Pref
Binding-SID1
SID-list1m
...
Weight1m
SID-list11
Weight11
SID-listnk
...
Weightnk
SID-listn1
Weightn1
✔
...
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 44BRKMPL-2116
Active SR Policy – FIB entry
2 3
6 5
41
20
Default link metric: 10
10GE
40GE
SR Policy
SID-list:
<16003,
16004>
Selected
Path
BSID:
40104
Forwarding table on Node1
In Out Out_intf Fraction
40104 <16003, 16004> To Node2 100%
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 46BRKMPL-2116
Use Case DC11
R2
R1
R3
R5
R8
R4
R9
R6
R7
R11
R10
R12
R14
R17
R13
R18
R15
R16
DC12 DC21 DC22 DC31 DC32
BR1 BR2
10
20
30
70
50
60
80
90
101
103104
105
106
107
108
109
111112
113
114
115
116
118
119
120121
122
123
125
126
127
128
129
130
131
132
134
135 136 137
40
1 2 34
Core WAN Architecture
(BGP & BGP MPLS/VPNover SR)
DC A
AS65100 AS65200 AS65300
AS65001
BGP SR Policy Controller
Traffic patterns:Type-1 App traffic path priorities: 1>2>3>4Prefer to use red lines and avoid using blue lines between R11-R14-R17
Type-2 App traffic path priorities: 3>4Prefer to use blue lines and avoid using red lines between R2-R5-R8
Aggregation PE
Access PE
Router-id of Node X : 1.1.1.XPrefix-SID index of NodeX : XLink subnet: 10.0.NET.0/24
P
DC B DC C
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Distinguisher:122
Color:10
Endpoint:1.1.1.3
BGP sr-policy neighbor:10.75.53.20
47BRKMPL-2116
SRTE design for type-1 application traffic pattern
Only one SR policy needs to be configured for uplink traffic from access PE to aggregation PE in Anycast SID mode.
For example: Segment list {16100,16003} *Anycast SID:16100*
For downlink traffic, one SR policy with 4 candidate paths with different preferences need to be configured on the aggregate PE router (e.g. R3, R6, R9, etc.)
RP/0/0/CPU0:BR1#show bgp ipv4 sr-policy BGP router identifier 1.1.1.20, local AS number 65001BGP generic scan interval 60 secsNon-stop routing is enabledBGP table state: ActiveTable ID: 0x0 RD version: 36BGP main routing table version 36BGP NSR Initial initsync version 2 (Reached)BGP NSR/ISSU Sync-Group versions 0/0BGP scan interval 60 secsStatus codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork codes: [distinguisher][color][endpoint]/mask
Network Next Hop Metric LocPrf Weight Path*>i[122][10][1.1.1.3]/96
10.75.53.20 100 0 i
Processed 1 prefixes, 1 paths
router bgp 65001address-family ipv4 sr-policy!neighbor 10.75.53.20
remote-as 65001address-family ipv4 sr-policyroute-policy pass-all inroute-policy pass-all out
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 48BRKMPL-2116
Use Case DC11
R2
R1
R3
R5
R8
R4
R9
R6
R7
R11
R10
R12
R14
R17
R13
R18
R15
R16
DC12 DC21 DC22 DC31 DC32
BR1 BR2
10
20
30
70
50
60
80
90
101
103104
105
106
107
108
109
111112
113
114
115
116
118
119
120121
122
123
125
126
127
128
129
130
131
132
134
135 136 137
40
1 2 34
Core WAN Architecture
(BGP & BGP MPLS/VPNover SR)
DC A
AS65100 AS65200 AS65300
AS65001
BGP SR Policy Controller
Aggregation PE
Access PE
P
Anycast SID 16100(R1,R4,R7)
Traffic patterns:Type-1 App traffic path priorities: 1>2>3>4Prefer to use red lines and avoid using blue lines between R11-R14-R17
DC B DC C
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 49BRKMPL-2116
SR policy Configuration-uplink traffic
{"origin": "IGP","username": "admin","endpoint": "1.1.1.3","name": "BR1-X3-N1","color": "10","BGP_SESSION": ["BR1"],"distinguisher": "122","segement_lists": [{
"1": [{"3": {
"node": "1.1.1.100"}
}, {"3": {
"node": "1.1.1.3"}
}],"9": 10
}],"as_path": [],"tlv_encoding": "new","ADMIN_STATUS": "advertise","next_hop": "","create_time": 1523802386.820324,"policy_preference": "400","binding_sid": "9001","_id": {
"$oid": "5ad36112c13f80000ca534d6"},"TYPE": "ipv4_sr_policy","local_pref": 100
}
BSID :9001
Preference:400
Segment-list: {1.1.1.100} {1.1.1.3}
Anycast IP: 1.1.1.100
RP/0/0/CPU0:BR1#sh bgp ipv4 sr-policy [122][10][1.1.1.3]/96
BGP routing table entry for [122][10][1.1.1.3]/96Versions:
Process bRIB/RIB SendTblVerSpeaker 36 36
Last Modified: Apr 15 08:10:32.604 for 09:57:18Paths: (1 available, best #1, not advertised to any peer)
Not advertised to any peerPath #1: Received by speaker 0Not advertised to any peerLocal10.75.53.20 from 10.75.53.20 (172.17.0.4)
Origin IGP, localpref 100, valid, internal, best, group-bestReceived Path ID 0, Local Path ID 0, version 36Community: no-advertiseTunnel encap attribute type: 15 (SR policy)bsid 9001, preference 400, num of segment-lists 1segment-list 1, weight 10segments: {1.1.1.100} {1.1.1.3}
SR policy state is UP, Allocated bsid 9001
BGP SR policy controller
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 50BRKMPL-2116
SR policy Configuration-uplink traffic
extcommunity-set opaque c1010
end-set
router bgp 65001bgp router-id 1.1.1.20address-family ipv4 unicastnetwork 192.0.1.0/24
neighbor 1.1.1.19remote-as 65001update-source Loopback0address-family ipv4 unicastroute-policy sr-policy inroute-policy br-comm-set out
RP/0/0/CPU0:BR1#sh bgpStatus codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path*>i191.0.1.0/24 1.1.1.3 C:10 0 200 0 65100 i* i 1.1.1.12 C:10 100 0 65100 i*>i191.0.2.0/24 1.1.1.6 C:20 0 200 0 65200 i*>i191.0.3.0/24 1.1.1.9 C:30 0 200 0 65300 i* i 1.1.1.18 100 0 65300 i*>i191.0.4.0/24 1.1.1.12 C:40 0 200 0 65100 i* i 1.1.1.3 C:40 100 0 65100 i*>i191.0.5.0/24 1.1.1.6 C:50 100 0 65200 i*>i191.0.6.0/24 1.1.1.18 0 200 0 65300 i* i 1.1.1.9 C:60 100 0 65300 i
RP/0/0/CPU0:BR1#sh bgp 191.0.1.0/24Paths: (2 available, best #1)Not advertised to any peer
651001.1.1.3 C:10 (bsid:9001) (metric 1021) from 1.1.1.19 (1.1.1.3)
Origin IGP, metric 0, localpref 200, valid, internal, best, group-bestReceived Path ID 0, Local Path ID 0, version 402Community: 300:1Extended community: Color:10 Originator: 1.1.1.3, Cluster list: 1.1.1.19SR policy color 10, up, registered, bsid 9001
Define color
route-policy sr-policyif destination in (191.0.1.0/24) thenset extcommunity color c10
endifpassend-policy
Assign color to specific destination route
Color assignment on ingress PE
SR policy must be activated
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Enable the following command under ISIS/OSPF to feed the SRTE DB on the head-end:
router ospf 100
distribute link-state
51BRKMPL-2116
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16003 Gi0/0/0/0 10.0.10.2 384
SR policy Configuration- uplink traffic RP/0/0/CPU0:BR1#sh segment-routing traffic-eng policy detail SR-TE policy database---------------------Name: bgp_AP_16 (Color: 10, End-point: 1.1.1.3)
Status:Admin: up Operational: up for 09:56:47 (since Apr 15 08:10:32.649)
Candidate-paths:Preference 400:
Explicit: segment-list Autolist_16_1* (active)Weight: 10, Metric Type: IGP
16100 [Prefix-SID, 1.1.1.100] 16003 [Prefix-SID, 1.1.1.3]
Attributes:Binding SID: 9001
Allocation mode: explicitState: ProgrammedPolicy selected: yes
Forward Class: 0Distinguisher: 122
Auto-policy info:Creator: BGPIPv6 caps enable: no
RP/0/0/CPU0:BR1#sh cef 191.0.1.0/24 detail .........................
via local-label 9001, 3 dependencies, recursive [flags 0x6000]path-idx 0 NHID 0x0 [0xa160a85c 0x0]recursion-via-labelnext hop via 9001/1/21
Load distribution: 0 (refcount 1)Hash OK Interface Address0 Y bgp_AP_16 point2point
To confirm the next hop of destination route in the forwarding table is the BSID you have assigned.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 52BRKMPL-2116
SR policy Configuration-uplink traffic
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16003 Gi0/0/0/0 10.0.10.2 384
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.11 10.0.10.2 [MPLS: Label 16003 Exp 0] 39 msec 29 msec 39 msec2 10.0.30.2 [MPLS: Label 16003 Exp 0] 39 msec 39 msec 79 msec3 10.0.70.2 79 msec 69 msec 29 msec4 10.0.90.2 39 msec * 29 msec
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/2 10.0.134.2 1120
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.2 1 10.0.134.2 [MPLS: Labels 16100/16003 Exp 0] 49 msec 49 msec 49 msec2 10.0.101.2 [MPLS: Label 16003 Exp 0] 69 msec 59 msec 89 msec3 10.0.104.2 [MPLS: Label 16003 Exp 0] 99 msec 109 msec 109 msec4 10.0.60.1 [MPLS: Label 16003 Exp 0] 49 msec 49 msec 59 msec5 10.0.70.2 49 msec 59 msec 69 msec6 10.0.90.2 59 msec * 59 msec
Type-1 App uplink traffic is sent with link #1.
After the 1st link fails…….
Sr policy recalculates the path and selects link #2.
1#
2#
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 53BRKMPL-2116
SR policy Configuration-uplink traffic RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policySun Apr 15 18:13:24.311 UTCPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/1 10.0.123.2 460
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1 1 10.0.123.2 [MPLS: Labels 16100/16003 Exp 0] 109 msec 59 msec 49 msec2 10.0.103.1 [MPLS: Label 16003 Exp 0] 59 msec 49 msec 59 msec3 10.0.104.2 [MPLS: Label 16003 Exp 0] 49 msec 59 msec 49 msec4 10.0.60.1 [MPLS: Label 16003 Exp 0] 59 msec 129 msec 49 msec5 10.0.70.2 49 msec 69 msec 59 msec6 10.0.90.2 69 msec * 59 msec
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policyPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/2 10.0.134.2 980
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1 1 10.0.134.2 [MPLS: Labels 16100/16003 Exp 0] 69 msec 79 msec 79 msec2 10.0.129.2 [MPLS: Labels 16100/16003 Exp 0] 69 msec 69 msec 69 msec3 10.0.111.1 [MPLS: Label 16003 Exp 0] 159 msec 89 msec 69 msec4 10.0.112.2 [MPLS: Label 16003 Exp 0] 59 msec 69 msec 79 msec5 10.0.50.1 [MPLS: Label 16003 Exp 0] 69 msec 69 msec 59 msec6 10.0.70.2 59 msec 49 msec 49 msec7 10.0.90.2 69 msec * 69 msec
After the 3rd link fails…….
Sr policy recalculates the path and selects link #4.
Sr policy recalculates the path and selects link #3.
After the 2nd link fails…….
3#
4#
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 54BRKMPL-2116
SR policy Configuration-downlink traffic
Configure policies from BGP SR policy controller
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 55BRKMPL-2116
SR policy Configuration-downlink trafficName: bgp_AP_28 (Color: 70, End-point: 1.1.1.20)
Status:Admin: up Operational: up for 09:38:30 (since Apr 15 08:26:16.728)
Candidate-paths:Preference 200:Explicit: segment-list Autolist_28_1* (active)
Weight: 10, Metric Type: IGP16013 [Prefix-SID, 1.1.1.13]24001 [Adjacency-SID, 10.0.123.2 - 10.0.123.1]
………
Name: bgp_AP_29 (Color: 70, End-point: 1.1.1.20)Status:Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)
Candidate-paths:Preference 100:Explicit: segment-list Autolist_29_1* (active)
Weight: 10, Metric Type: IGP16016 [Prefix-SID, 1.1.1.16]24001 [Adjacency-SID, 10.0.129.2 - 10.0.129.1]24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
………
RP/0/0/CPU0:X3#sh segment-routing traffic-eng policy detail SR-TE policy database---------------------Name: bgp_AP_26 (Color: 70, End-point: 1.1.1.20)
Status:Admin: up Operational: up for 09:38:45 (since Apr 15 08:26:02.419)
Candidate-paths:Preference 400:Explicit: segment-list Autolist_26_1* (active)
Weight: 10, Metric Type: IGP16001 [Prefix-SID, 1.1.1.1]24000 [Adjacency-SID, 10.0.10.2 - 10.0.10.1]
………
Name: bgp_AP_27 (Color: 70, End-point: 1.1.1.20)Status:
Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)Candidate-paths:
Preference 300:Explicit: segment-list Autolist_27_1* (active)Weight: 10, Metric Type: IGP
16004 [Prefix-SID, 1.1.1.4]24000 [Adjacency-SID, 10.0.101.2 - 10.0.101.1]24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
………
3#
4#
1#
2#
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 56BRKMPL-2116
SR policy Configuration-downlink traffic
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_26 Autolist_26_1* 16001 Gi0/0/0/0 10.0.70.1 4356 bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 0 bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 0 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 4932 bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 0 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 4846 bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy Policy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 4552
1#
2#
3#
4#
4 candidate paths with different preferences .
SR policy will switch TE pathautomatically once detected candidate path is invalid
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
• Define colors and match BGP or BGP MPLS VPN routes to specific colors
• Define an SR policy, which can be configured locally or receive BGP sr policy update messages through the BGP controller.
• color and endpoint
• candidate path with preference
• segment list with weight (option), segment list can be dynamic or explicit
• BSID value (option)
57
SR policy configuration summary
BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 59BRKMPL-2116
Use Case DC11
R2
R1
R3
R5
R8
R4
R9
R6
R7
R11
R10
R12
R14
R17
R13
R18
R15
R16
DC12 DC21 DC22 DC31 DC32
BR1 BR2
10
20
30
70
50
60
80
90
101
103104
105
106
107
108
109
111112
113
114
115
116
118
119
120121
122
123
125
126
127
128
129
130
131
132
134
135 136 137
40
1 2 34
Core WAN Architecture
(BGP & BGP MPLS/VPNover SR)
DC A
AS65100 AS65200 AS65300
AS65001
BGP SR Policy Controller
Aggregation PE
Access PE
P
Type-2 App traffic path priorities: 3>4Prefer to use blue lines and avoid using red lines between R2-R5,R2-R8
DC B DC C
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 60BRKMPL-2116
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy SR-TE policy database---------------------Name: oa (Color: 40, End-point: 1.1.1.12)Status:
Admin: up Operational: up for 03:00:42 (since Apr 15 22:36:19.414)Candidate-paths:
Preference 400:Constraints:
Affinity:exclude-any:red
Dynamic (active)Weight: 0, Metric Type: TE16014 [Prefix-SID, 1.1.1.14]24002 [Adjacency-SID, 10.0.120.2 - 10.0.120.1]16012 [Prefix-SID, 1.1.1.12]
Attributes:Binding SID: 9003Allocation mode: explicitState: ProgrammedPolicy selected: yes
Forward Class: 0
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng forwarding policy Mon Apr 16 01:37:39.859 UTCPolicy Segment Outgoing Outgoing Next Hop Bytes Name List Label Interface Switched ------------- --------------- ----------- ------------------- --------------- ------------oa dynamic 16014 Gi0/0/0/2 10.0.134.1 10868
SRTE design for type-2 application traffic pattern
3#
Configure the SRTE metric value between R2-R5-R8 to be greater than the SRTE metric value between R11-R14-R17, and set the affinity attribute of the link between R2-R5-R8 to RED.
Exclude this attribute from the constraints of SR policy to make sure that the link between R2-R5-R8 can never be selected.
The affinity of the link #1 and link #2 of the access PE is also set to RED, so that access PE will exclude link #1 and #2 when calculating candidate path.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 61BRKMPL-2116
SRTE design for type-2 application traffic pattern
RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1
1 10.0.134.1 [MPLS: Labels 16014/24002/16012 Exp 0] 59 msec 49 msec 49 msec2 10.0.123.2 [MPLS: Labels 16014/24002/16012 Exp 0] 49 msec 59 msec 59 msec3 10.0.125.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 49 msec 49 msec4 10.0.120.1 [MPLS: Label 16012 Exp 0] 49 msec 59 msec 49 msec5 10.0.121.2 49 msec 49 msec 59 msec6 10.0.122.2 59 msec * 59 msec
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy SR-TE policy database---------------------Name: oa (Color: 40, End-point: 1.1.1.12)Status:
Admin: up Operational: up for 03:06:39 (since Apr 15 22:36:19.414)Candidate-paths:
Preference 400:Constraints:Affinity:exclude-any:red
Dynamic (active)Weight: 0, Metric Type: TE
16017 [Prefix-SID, 1.1.1.17]24002 [Adjacency-SID, 10.0.119.2 - 10.0.119.1]16012 [Prefix-SID, 1.1.1.12]
………
RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1
1 10.0.129.2 [MPLS: Labels 16017/24002/16012 Exp 0] 89 msec 39 msec 39 msec2 10.0.130.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 39 msec 39 msec3 10.0.119.1 [MPLS: Label 16012 Exp 0] 39 msec 59 msec 49 msec4 10.0.121.2 49 msec 39 msec 39 msec5 10.0.122.2 29 msec * 39 msec
After shutdown the link
between R11-R14
Head-end PE calculate new SR
candidate path based on affinity
constraint and TE metric
3# 4#
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 63BRKMPL-2116
Cisco SD-WAN (Viptela) Review• Applying SDN Principles Onto The Wide Area Network
APIs
3rd PartyAutomation
vManage
vSmart Controllers
vBond
4GMPLS
INET
vAnalytics
Data Centre Campus Branch SOHOCloud
vEdge Routers
Management/Orchestration Plane
Control Plane
Data Plane
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 64BRKMPL-2116
OMP Update: Reachability – IP Subnets, TLOCs Security – Encryption Keys Policy – Data/App-route Policies
BGP, OSPF, Connected, Static
BFD
IPSec Tunnel
OMP
DTLS/TLS Tunnel
Transport1
Transport2VPN1
A
VPN2
B
VPN1
C
VPN2
D
BGP, OSPF, Connected, Static
vSmart
OMPUpdate
OMPUpdate
vEdge vEdge
Subnets Subnets
TLOCs TLOCs
PoliciesOMP
UpdateOMP
Update
Fabric Operation Walk-Through
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 65BRKMPL-2116
Application Aware Routing Policy app-route-policy _corpVPN_AppRoutePolicyVPN10vpn-list corpVPNsequence 41matchapp-list Office365
!action
sla-class CriticalData preferred-color mpls
backup-sla-preferred-color biz-internet!!sequence 51matchapp-list YouTube
!action
sla-class VoiceVideoSLA preferred-color biz-internet
backup-sla-preferred-color mpls!!sequence 61matchapp-list HTTPS
!action
sla-class BestEffort preferred-color biz-internet
backup-sla-preferred-color biz-internet!!default-action sla-class BestEffort
!
listsvpn-list corpVPNvpn 10
tloc-list DC-TLOCStloc 10.1.0.1 color mpls encap ipsectloc 10.1.0.1 color biz-internet encap ipsectloc 10.1.0.2 color mpls encap ipsectloc 10.1.0.2 color biz-internet encap ipsectloc 10.2.0.1 color mpls encap ipsectloc 10.2.0.1 color biz-internet encap ipsectloc 10.2.0.2 color mpls encap ipsectloc 10.2.0.2 color biz-internet encap ipsec
apply-policysite-list AllBranchesapp-route-policy
_corpVPN_AppRoutePolicyVPN10!site-list AllDCapp-route-policy
_corpVPN_AppRoutePolicyVPN10!
app-list HTTPSapp-family webapp-family webmail
!app-list Office365
app office365!
app-list YouTubeapp youtubeapp youtube_hd
!site-list AllBranchessite-id 300-499
!site-list AllDCsite-id 100site-id 200
!
policysla-class BestEffortloss 20latency 200!sla-class CriticalDataloss 5latency 80jitter 5!
sla-class VoiceVideoSLAloss 1latency 50jitter 2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 66BRKMPL-2116
Use Case
R3 R6 R9 R12
R1 R4 R13 R16
R15 R18
BR1 BR2
DC21 DC22
BV1
BS1
BV2
BS2
BGP&BGP/MPLS VPN over SRTE
DV1
DS1
DV2
DS2
Color1
Site 100TLOC: 1.1.1.100
Color2 Color1
Color2
Site 100TLOC: 1.1.1.101
Site 200TLOC: 1.1.1.200
Site 200TLOC: 1.1.1.201
Color1
Color1
Color2
Color2
Traffic pattern:Type-3 App traffic-engineering path selection based on DPITLOC Color1 over Red plane, TLOC Color2 over Blue plane
Type-1 & Type-2Type-3
Type-1 & Type-2
Type-3
DV1
BV1
Color1 Color2
Color1 Color2
Site 100TLOC: 1.1.1.100
Site 200TLOC: 1.1.1.200
SRTE Tunnel
IPSEC Tunnel
vEdge
app1 app2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS 67BRKMPL-2116
Cisco SDWAN Key Takeaways
• SR Traffic Engineering based on SR Policy is simpler than any previous technology
• It allows enterprises to easily deploy traffic engineering on a large scale
• Cisco SDWAN (Viptela) solution makes it easy to implement traffic engineering based on application identification
• We can use them together to solve complex traffic engineering needs
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Cisco Webex Teams
Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session
Find this session in the Cisco Events App
Click “Join the Discussion”
Install Webex Teams or go directly to the team space
Enter messages/questions in the team space
How
Webex Teams will be moderated by the speaker until June 18, 2018.
cs.co/ciscolivebot#BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
1
2
3
4
68
Complete your online session evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Give us your feedback to be entered into a Daily Survey Drawing.
Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.
69BRKMPL-2116
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
Demos in the Cisco campus
Walk-in self-paced
labs
Meet the engineer
1:1 meetings
Related sessions
Continue your education
70BRKMPL-2116