FRRouting added basic Segment Routing support, see Issue 2639 in the FRRouting version 7.x. In this blog is a networking lab setup using the OSPF SR implementation.
This demo shows the Segment Routing working using MPLS data plane and IS-IS. FRRouting 8.3.1 supports following features in context of the IS-IS SR segment routing:
- IPv4
- IPv6
- ECMP
Segment Routing SR used here relies on the MPLS linux kernel modules to be available and loaded in the kernel. Main focus is SR running using MPLS data plane.
Using MPLS dataplane, segments are encoded as a list of MPLS labels. But using IPv6 dataplane, a new header called a Segment Routing Header (SRH) is used. Segments in a SRH are encoded as a list of IPv6 addresses. Read RFC8287 - Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) IGP-Prefix and IGP-Adjacency Segment Identifiers (SIDs) with MPLS Data Planes.
Network topology
Network topology with IP adressing:
lo lo
192.0.2.1 192.0.2.2
2001:db8:1111:: 2001:db8:2222::
+-------+ +-------+
| | eth0 eth0 | | eth2
| R1 |-----------------------------------| R2 |---------------+
| | .1/30 .2/30 | | .17/30 |
+-------+ +-------+ |
eth1 | .14/30 .5/30 | eth1 |
| | |
| | |
| | .18/30 | eth2
| | +-------+
| | | | lo
| | | R5 | 192.0.2.5
| | | | 2001:db8:5555::
| | +-------+
| | .21/30 | eth3
| | |
| | |
eth1 | .13/30 .6/30 | eth1 |
+-------+ +-------+ |
| | .10/30 .9/30 | | .22/30 |
| R4 |-----------------------------------| R3 |----------------+
| | eth0 eth0 | | eth3
+-------+ +-------+
lo lo
192.0.2.4 192.0.2.3
2001:db8:4444:: 2001:db8:3333::
5 routers. Partial mesh network topology. Point-to-point links.
IP address overview:
- FRR1 - 192.0.2.1/2001:db8:1111::/128
- FRR2 - 192.0.2.2/2001:db8:2222::/128
- FRR3 - 192.0.2.3/2001:db8:3333::/128
- FRR4 - 192.0.2.4/2001:db8:4444::/128
- FRR5 - 192.0.2.5/2001:db8:5555::/128
NSAP address overview:
- FRR1 - NET 49.0001.1111.1111.1111.00
- FRR2 - NET 49.0001.2222.2222.2222.00
- FRR3 - NET 49.0001.3333.3333.3333.00
- FRR4 - NET 49.0001.4444.4444.4444.00
- FRR5 - NET 49.0001.5555.5555.5555.00
Setup this topology using the GNS3 network simulator.
Configuration
Current implementation uses the IS-IS SPF algorithm to calculate the network topology. The configuration consists of 2 parts:
- 1st part - Configure IS-IS on routers to get IPv4 and IPv6 reachability in the network
- 2nd part - Enable SR IS-IS MPLS dataplane forwarding
IS-IS process
- Create IS-IS router process and assign a
net
address. - Create lo IPv4/IPv6 address and announce to L2.
- Configure IPv4 point-to-point links between network routers use (/30) transfer networks.
Initial router configuration for FRR1
- Point-to-point topology
- IS-type level-2-only
- Interface lo isis passive
Explanation why lo isis passive, and what it does, in short:
advertise prefix, but do NOT try to establish IS-IS neighborship using the loopback interface-
Initial FRR1 router configuration:
configure
!
hostname FRR1
log syslog
!
router isis 1
is-type level-2-only
net 49.0001.1111.1111.1111.00
log-adjacency-changes
exit
!
interface lo
ip address 192.0.2.1/32
ipv6 address 2001:db8:1111::/128
ipv6 router isis 1
isis passive
exit
!
interface eth0
ip address 10.0.0.1/30
ip router isis 1
ipv6 router isis 1
isis network point-to-point
exit
!
interface eth1
ip address 10.0.0.14/30
ip router isis 1
ipv6 router isis 1
isis network point-to-point
end
write
Configuration steps shown for FRR1, need to be adjusted to match correct settings for other routers in the network topology. Initial configuration for all 5 routers is available below:
- FRR1 initial configuration
- FRR2 initial configuration
- FRR3 initial configuration
- FRR4 initial configuration
- FRR5 initial configuration
Verification
Verify reachability of the IPv4 loopback prefixes:
show ip route
FRR1# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 10.0.0.0/30 [115/20] via 10.0.0.2, eth0 inactive, weight 1, 00:16:10
C>* 10.0.0.0/30 is directly connected, eth0, 00:16:41
I>* 10.0.0.4/30 [115/20] via 10.0.0.2, eth0, weight 1, 00:16:10
I>* 10.0.0.8/30 [115/20] via 10.0.0.13, eth1, weight 1, 00:15:05
I 10.0.0.12/30 [115/20] via 10.0.0.13, eth1 inactive, weight 1, 00:15:05
C>* 10.0.0.12/30 is directly connected, eth1, 00:16:41
I>* 10.0.0.16/30 [115/20] via 10.0.0.2, eth0, weight 1, 00:16:10
I>* 10.0.0.20/30 [115/30] via 10.0.0.2, eth0, weight 1, 00:12:32
* via 10.0.0.13, eth1, weight 1, 00:12:32
C>* 192.0.2.1/32 is directly connected, lo, 00:16:41
I>* 192.0.2.2/32 [115/20] via 10.0.0.2, eth0, label implicit-null, weight 1, 00:15:58
I>* 192.0.2.3/32 [115/30] via 10.0.0.2, eth0, label 16003, weight 1, 00:15:05
* via 10.0.0.13, eth1, label 16003, weight 1, 00:15:05
I>* 192.0.2.4/32 [115/20] via 10.0.0.13, eth1, label implicit-null, weight 1, 00:15:05
I>* 192.0.2.5/32 [115/30] via 10.0.0.2, eth0, label 16005, weight 1, 00:14:43
show ipv6 route
Verify if the IPv6 loopback prefixes are in the routing table:
FRR1# show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 2001:db8:1111::/128 is directly connected, lo, 00:16:38
I>* 2001:db8:2222::/128 [115/20] via fe80::e62:32ff:fe9c:0, eth0, label implicit-null, weight 1, 00:15
I>* 2001:db8:3333::/128 [115/30] via fe80::e2c:92ff:feaa:1, eth1, label 16333, weight 1, 00:15:02
* via fe80::e62:32ff:fe9c:0, eth0, label 16333, weight 1, 00:15:02
I>* 2001:db8:4444::/128 [115/20] via fe80::e2c:92ff:feaa:1, eth1, label implicit-null, weight 1, 00:12
I>* 2001:db8:5555::/128 [115/30] via fe80::e62:32ff:fe9c:0, eth0, label 16555, weight 1, 00:14:40
C * fe80::/64 is directly connected, eth0, 00:32:13
C>* fe80::/64 is directly connected, eth1, 00:32:14
show isis interface
Verify all interfaces are L2, and have network type p2p:
FRR1# show isis interface
Area 1:
Interface CircId State Type Level
eth0 0x0 Up p2p L2
eth2 0x0 Up p2p L2
lo 0x0 Up loopback L2
Area 1 term refers to the NSAP set for the router isis 1 net 49.0001.1111.1111.1111.00
address
AFI set to 49, Area number is set to 0001; System-id is set to 1111.1111.1111, and SEL is set to 00.
show isis hostname
Show the routers in the 0001 Area 1 with Level and the VRF assigned, here default vrf, primary default global routing table:
FRR1# show isis hostname
vrf : default
Level System ID Dynamic Hostname
2 4444.4444.4444 FRR4
2 2222.2222.2222 FRR2
2 3333.3333.3333 FRR3
2 5555.5555.5555 FRR5
* 1111.1111.1111 FRR1
The *
symbol shows the router running the command.
show isis database detail
Every IS-IS router has full visibilty of the area neighbor and its advertised and connected links. Interestingly the TE Router ID is already set per default for IPv4 and IPv6 address family. Notice in the output shown below, only IP information is available in the database, this will change once IS-IS SR is enabled.
FRR1# show isis database detail
Area 1:
IS-IS Level-2 link-state database:
LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OL
FRR1.00-00 * 139 0x0000000a 0x8e8e 1010 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR1
TE Router ID: 192.0.2.1
Router Capability: 192.0.2.1 , D:0, S:0
Extended Reachability: 2222.2222.2222.00 (Metric: 10)
Extended Reachability: 4444.4444.4444.00 (Metric: 10)
IPv4 Interface Address: 192.0.2.1
Extended IP Reachability: 10.0.0.0/30 (Metric: 10)
Extended IP Reachability: 10.0.0.12/30 (Metric: 10)
Extended IP Reachability: 192.0.2.1/32 (Metric: 10)
IPv6 Reachability: 2001:db8:1111::/128 (Metric: 10)
FRR2.00-00 159 0x00000007 0x0ef8 495 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR2
TE Router ID: 192.0.2.2
Router Capability: 192.0.2.2 , D:0, S:0
Extended Reachability: 1111.1111.1111.00 (Metric: 10)
Extended Reachability: 3333.3333.3333.00 (Metric: 10)
Extended Reachability: 5555.5555.5555.00 (Metric: 10)
IPv4 Interface Address: 192.0.2.2
Extended IP Reachability: 10.0.0.0/30 (Metric: 10)
Extended IP Reachability: 10.0.0.4/30 (Metric: 10)
Extended IP Reachability: 10.0.0.16/30 (Metric: 10)
Extended IP Reachability: 192.0.2.2/32 (Metric: 10)
IPv6 Reachability: 2001:db8:2222::/128 (Metric: 10)
FRR3.00-00 159 0x00000007 0x4f51 465 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR3
TE Router ID: 192.0.2.3
Router Capability: 192.0.2.3 , D:0, S:0
Extended Reachability: 4444.4444.4444.00 (Metric: 10)
Extended Reachability: 2222.2222.2222.00 (Metric: 10)
Extended Reachability: 5555.5555.5555.00 (Metric: 10)
IPv4 Interface Address: 192.0.2.3
Extended IP Reachability: 10.0.0.8/30 (Metric: 10)
Extended IP Reachability: 10.0.0.4/30 (Metric: 10)
Extended IP Reachability: 10.0.0.20/30 (Metric: 10)
Extended IP Reachability: 192.0.2.3/32 (Metric: 10)
IPv6 Reachability: 2001:db8:3333::/128 (Metric: 10)
FRR4.00-00 139 0x00000007 0x2f0d 414 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR4
TE Router ID: 192.0.2.4
Router Capability: 192.0.2.4 , D:0, S:0
Extended Reachability: 3333.3333.3333.00 (Metric: 10)
Extended Reachability: 1111.1111.1111.00 (Metric: 10)
IPv4 Interface Address: 192.0.2.4
Extended IP Reachability: 10.0.0.8/30 (Metric: 10)
Extended IP Reachability: 10.0.0.12/30 (Metric: 10)
Extended IP Reachability: 192.0.2.4/32 (Metric: 10)
IPv6 Reachability: 2001:db8:4444::/128 (Metric: 10)
FRR5.00-00 139 0x00000007 0x3ff8 466 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR5
TE Router ID: 192.0.2.5
Router Capability: 192.0.2.5 , D:0, S:0
Extended Reachability: 2222.2222.2222.00 (Metric: 10)
Extended Reachability: 3333.3333.3333.00 (Metric: 10)
IPv4 Interface Address: 192.0.2.5
Extended IP Reachability: 10.0.0.16/30 (Metric: 10)
Extended IP Reachability: 10.0.0.20/30 (Metric: 10)
Extended IP Reachability: 192.0.2.5/32 (Metric: 10)
IPv6 Reachability: 2001:db8:5555::/128 (Metric: 10)
5 LSPs
show mpls table
The MPLS table is at this point empty. No LDP labels, no segment routing ID:
show mpls table
Empty MPLS table.
iproute2
Exit vtysh:
exit
Show the ip routing table using iproute2
. Notice the information in the linux kernel IP routing table that are attached to the different paths:
10.0.0.0/30 dev eth0 proto kernel scope link src 10.0.0.1 10.0.0.4/30 nhid 18 via 10.0.0.2 dev eth0 proto isis metric 20 10.0.0.8/30 nhid 17 via 10.0.0.13 dev eth1 proto isis metric 20 10.0.0.12/30 dev eth1 proto kernel scope link src 10.0.0.14 10.0.0.16/30 nhid 18 via 10.0.0.2 dev eth0 proto isis metric 20 10.0.0.20/30 nhid 25 proto isis metric 20 nexthop via 10.0.0.13 dev eth1 weight 1 nexthop via 10.0.0.2 dev eth0 weight 1 192.0.2.2 nhid 18 via 10.0.0.2 dev eth0 proto isis metric 20 192.0.2.3 nhid 25 proto isis metric 20 nexthop via 10.0.0.13 dev eth1 weight 1 nexthop via 10.0.0.2 dev eth0 weight 1 192.0.2.4 nhid 17 via 10.0.0.13 dev eth1 proto isis metric 20
Show the IPv6 show ipv6 routing
table. The IS-IS neighborship is establishe via LL addressing in IPv6. Transfer networks are missing from the routing table, less configuration overhead. This results in smaller routing table and less routing entries:
2001:db8:1111:: dev lo proto kernel metric 256 pref medium 2001:db8:2222:: nhid 19 via fe80::e83:8ff:fee0:0 dev eth0 proto isis metric 20 pref medium 2001:db8:3333:: nhid 26 proto isis metric 20 pref medium nexthop via fe80::e83:8ff:fee0:0 dev eth0 weight 1 nexthop via fe80::e21:b0ff:fe24:1 dev eth1 weight 1 2001:db8:4444:: nhid 20 via fe80::e21:b0ff:fe24:1 dev eth1 proto isis metric 20 pref medium 2001:db8:5555:: nhid 19 via fe80::e83:8ff:fee0:0 dev eth0 proto isis metric 20 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium
At this point IPv4 and IPv6 and ECMP are working using IS-IS. Next step enable IS-IS segment routing.
SR Segment Routing
Each prefix needs to have a index assigned. Index configured in the SR MUST be a uniq accross the segment routing domain:
configure
!
router isis 1
segment-routing on
segment-routing node-msd 8
segment-routing prefix 192.0.2.1/32 index 3
segment-routing prefix 2001:db8:3333::/128 index 333
end
Segment-routing node-msd 8 sets, this router sets the maximal count of SR labels, labels, network instructions, encoded in the MPLS plane, this router is willing to accept. Inline help says: Maximum Stack Depth for this router.
The default SR global block is set to the default range of 16000 - 23999. 8000 uniqe segments per SR area to assign. This is a SR default out of the box setting across all networking vendors.
Configuration should be adjusted to match the network topology setup. All router fully working configurations are available below:
- FRR1 full configuration
- FRR2 full configuration
- FRR3 full configuration
- FRR4 full configuration
- FRR5 full configuration
Verification
Following commands are used to show the routing protocol information using IS-IS:
show isis database
FRR1# show isis database
Area 1:
IS-IS Level-2 link-state database:
LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OL
FRR1.00-00 * 273 0x0000001b 0x5102 370 0/0/0
FRR2.00-00 290 0x00000017 0x1d7b 384 0/0/0
FRR3.00-00 290 0x00000019 0xefcf 414 0/0/0
FRR4.00-00 242 0x0000000c 0x2351 325 0/0/0
FRR5.00-00 273 0x0000001b 0x70b0 377 0/0/0
5 LSPs
show mpls table
Display MPLS label distribution. Take a look at the Inbound Label ID. It is assigning Labels for IPv4 and IPv6 prefixes. Sements Routing labels using the IPv4 MPLS dataplane.
FRR1# show mpls table
Inbound Label Type Nexthop Outbound Label
------------------------------------------------------------------
15000 SR (IS-IS) 10.0.0.2 implicit-null
15001 SR (IS-IS) fe80::e62:32ff:fe9c:0 implicit-null
15002 SR (IS-IS) 10.0.0.13 implicit-null
15003 SR (IS-IS) fe80::e2c:92ff:feaa:1 implicit-null
16002 SR (IS-IS) 10.0.0.2 implicit-null
16003 SR (IS-IS) 10.0.0.13 16003
16003 SR (IS-IS) 10.0.0.2 16003
16004 SR (IS-IS) 10.0.0.13 implicit-null
16005 SR (IS-IS) 10.0.0.2 16005
16222 SR (IS-IS) fe80::e62:32ff:fe9c:0 implicit-null
16333 SR (IS-IS) fe80::e2c:92ff:feaa:1 16333
16333 SR (IS-IS) fe80::e62:32ff:fe9c:0 16333
16444 SR (IS-IS) fe80::e2c:92ff:feaa:1 implicit-null
16555 SR (IS-IS) fe80::e62:32ff:fe9c:0 16555
Note the Inbound labels prefixed with 15xxx shown in the table. This is the SRLB range label
show isis summary
FRR1# show isis summary
vrf : default
Process Id : 1830
System Id : 1111.1111.1111
Up time : 03:02:23 ago
Number of areas : 1
Area 1:
Net: 49.0001.1111.1111.1111.00
TX counters per PDU type:
P2P IIH: 7682
L2 LSP: 17
L2 CSNP: 2432
L2 PSNP: 11
LSP RXMT: 0
RX counters per PDU type:
P2P IIH: 7671
L2 LSP: 15
L2 CSNP: 2428
L2 PSNP: 12
Level-2:
LSP0 regenerated: 5
LSPs purged: 0
SPF:
minimum interval : 5r
IPv4 route computation:
last run elapsed : 03:00:18 ago
last run duration : 186 usec
run count : 11
IPv6 route computation:
last run elapsed : 03:00:18 ago
last run duration : 68 usec
run count : 11
show isis neighbor detail
FRR1# show isis neighbor detail
Area 1:
FRR2
Interface: eth0, Level: 2, State: Up, Expires in 30s
Adjacency flaps: 1, Last: 1h22m25s ago
Circuit type: L2, Speaks: IPv4, IPv6
SNPA: 2020.2020.2020
Area Address(es):
49.0001
IPv4 Address(es):
10.0.0.2
IPv6 Address(es):
fe80::e83:8ff:fee0:0
IPv4 Adjacency-SID: 15002
IPv6 Adjacency-SID: 15003
FRR3
Interface: eth1, Level: 2, State: Up, Expires in 28s
Adjacency flaps: 1, Last: 1h22m33s ago
Circuit type: L2, Speaks: IPv4, IPv6
SNPA: 2020.2020.2020
Area Address(es):
49.0001
IPv4 Address(es):
10.0.0.13
IPv6 Address(es):
fe80::e21:b0ff:fe24:1
IPv4 Adjacency-SID: 15000
IPv6 Adjacency-SID: 15001
show isis database
Display the database information about the FRR5 router. Notice now the added database information since the addition of SR:
- SRGB
- SR Algorithm
- SR Prefix-SID
- Adjenceny-SID
- Additional FLAGS
This is the database of FRR5 known to FRR1:
FRR1# show isis database detail FRR5.00-00
Area 1:
IS-IS Level-2 link-state database:
LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OL
FRR5.00-00 214 0x00000009 0xed02 777 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: FRR5
TE Router ID: 192.0.2.5
Router Capability: 192.0.2.5 , D:0, S:0
Segment Routing: I:1 V:1, Global Block Base: 16000 Range: 8000
SR Local Block Base: 15000 Range: 1000
SR Algorithm:
0: SPF
Node Maximum SID Depth: 8
Extended Reachability: 2222.2222.2222.00 (Metric: 10)
Adjacency-SID: 15000, Weight: 0, Flags: F:0 B:0, V:1, L:1, S:0, P:0
Adjacency-SID: 15001, Weight: 0, Flags: F:1 B:0, V:1, L:1, S:0, P:0
Extended Reachability: 3333.3333.3333.00 (Metric: 10)
Adjacency-SID: 15002, Weight: 0, Flags: F:0 B:0, V:1, L:1, S:0, P:0
Adjacency-SID: 15003, Weight: 0, Flags: F:1 B:0, V:1, L:1, S:0, P:0
IPv4 Interface Address: 192.0.2.5
Extended IP Reachability: 10.0.0.16/30 (Metric: 10)
Extended IP Reachability: 10.0.0.20/30 (Metric: 10)
Extended IP Reachability: 192.0.2.5/32 (Metric: 10)
Subtlvs:
SR Prefix-SID Index: 5, Algorithm: 0, Flags: NODE PHP
IPv6 Reachability: 2001:db8:5555::/128 (Metric: 10)
Subtlvs:
SR Prefix-SID Index: 555, Algorithm: 0, Flags: NODE PHP
All routers in L2 have full visibility of the Level-2. Each router calculates paths from its own point of view.
show isis topology
The show isis topology command, indicates that using the MPLS dataplane, it does it even for IPv6:
FRR1# show isis topology
Area 1:
IS-IS paths to level-2 routers that speak IP
Vertex Type Metric Next-Hop Interface Parent
FRR1
10.0.0.0/30 IP internal 0 FRR1(4)
10.0.0.12/30 IP internal 0 FRR1(4)
192.0.2.1/32 IP internal 0 FRR1(4)
FRR2 TE-IS 10 FRR2 eth0 FRR1(4)
FRR4 TE-IS 10 FRR4 eth1 FRR1(4)
FRR3 TE-IS 20 FRR2 eth0 FRR2(4)
FRR4 eth1 FRR4(4)
FRR5 TE-IS 20 FRR2 eth0 FRR2(4)
10.0.0.0/30 IP TE 20 FRR2 eth0 FRR2(4)
10.0.0.4/30 IP TE 20 FRR2 eth0 FRR2(4)
10.0.0.16/30 IP TE 20 FRR2 eth0 FRR2(4)
192.0.2.2/32 IP TE 20 FRR2 eth0 FRR2(4)
10.0.0.8/30 IP TE 20 FRR4 eth1 FRR4(4)
10.0.0.12/30 IP TE 20 FRR4 eth1 FRR4(4)
192.0.2.4/32 IP TE 20 FRR4 eth1 FRR4(4)
10.0.0.20/30 IP TE 30 FRR2 eth0 FRR3(4)
FRR4 eth1 FRR5(4)
192.0.2.3/32 IP TE 30 FRR2 eth0 FRR3(4)
FRR4 eth1
192.0.2.5/32 IP TE 30 FRR2 eth0 FRR5(4)
IS-IS paths to level-2 routers that speak IPv6
Vertex Type Metric Next-Hop Interface Parent
FRR1
2001:db8:1111::/128 IP6 internal 0 FRR1(4)
FRR2 TE-IS 10 FRR2 eth0 FRR1(4)
FRR4 TE-IS 10 FRR4 eth1 FRR1(4)
FRR3 TE-IS 20 FRR2 eth0 FRR2(4)
FRR4 eth1 FRR4(4)
FRR5 TE-IS 20 FRR2 eth0 FRR2(4)
2001:db8:2222::/128 IP6 internal 20 FRR2 eth0 FRR2(4)
2001:db8:4444::/128 IP6 internal 20 FRR4 eth1 FRR4(4)
2001:db8:3333::/128 IP6 internal 30 FRR2 eth0 FRR3(4)
FRR4 eth1
2001:db8:5555::/128 IP6 internal 30 FRR2 eth0 FRR5(4)
show isis route
Verify the Label stack output assigned to prefixes.
- Prefix
192.0.2.3/32
has path cost30
is reachable viaeth0
ANDeth1
(ECMP) and its segement SID is16003
. 16000 + configured index = 16003. - Prefix
2001:db8:3333::/128
has path cost30
is reachable viaeth0
andeth1
(ECMP) and its segment ID (SID) is16333
. 16000 + configured index = 16333.
And this is the output of FRR1:
FRR1# show isis route
Area 1:
IS-IS L2 IPv4 routing table:
Prefix Metric Interface Nexthop Label(s)
-----------------------------------------------------------
10.0.0.0/30 20 eth0 10.0.0.2 -
10.0.0.4/30 20 eth0 10.0.0.2 -
10.0.0.8/30 20 eth1 10.0.0.13 -
10.0.0.12/30 20 eth1 10.0.0.13 -
10.0.0.16/30 20 eth0 10.0.0.2 -
10.0.0.20/30 30 eth0 10.0.0.2 -
eth1 10.0.0.13 -
192.0.2.1/32 0 - - -
192.0.2.2/32 20 eth0 10.0.0.2 implicit-null
192.0.2.3/32 30 eth0 10.0.0.2 16003
eth1 10.0.0.13 16003
192.0.2.4/32 20 eth1 10.0.0.13 implicit-null
192.0.2.5/32 30 eth0 10.0.0.2 16005
IS-IS L2 IPv6 routing table:
Prefix Metric Interface Nexthop Label(s)
------------------------------------------------------------------------------
2001:db8:1111::/128 0 - - -
2001:db8:2222::/128 20 eth0 fe80::e83:8ff:fee0:0 implicit-null
2001:db8:3333::/128 30 eth0 fe80::e83:8ff:fee0:0 16333
eth1 fe80::e21:b0ff:fe24:1 16333
2001:db8:4444::/128 20 eth1 fe80::e21:b0ff:fe24:1 implicit-null
2001:db8:5555::/128 30 eth0 fe80::e83:8ff:fee0:0 16555
show isis segment-routing node
It took me some time to find the command to verify SR operation itself. Following commands are currently available to check IS-IS SR status.
FRR1# show isis segment-routing node
Area 1:
IS-IS L1 SR-Nodes:
IS-IS L2 SR-Nodes:
System ID SRGB SRLB Algorithm MSD
--------------------------------------------------------------
1111.1111.1111 16000 - 23999 15000 - 15999 SPF 8
2222.2222.2222 16000 - 23999 15000 - 15999 SPF 8
3333.3333.3333 16000 - 23999 15000 - 15999 SPF 8
4444.4444.4444 16000 - 23999 15000 - 15999 SPF 8
5555.5555.5555 16000 - 23999 15000 - 15999 SPF 8
show isis route prefix-sid
This is the segment routing table showing assinged SID its next hop interface, metric and the label operation. Label operation naming conventions:
+-------------------+--------------------+
|LDP label operation|SR segment operation|
|-------------------|--------------------|
|PUSH |PUSH |
|SWAP |CONTINUE |
|POP |NEXT |
+-------------------+--------------------+
Notice the Label operations show int the display below and compare it to the table shown:
FRR1# show isis route prefix-sid
Area 1:
IS-IS L2 IPv4 routing table:
Prefix Metric Interface Nexthop SID Label Op.
---------------------------------------------------------------------
10.0.0.0/30 20 eth0 10.0.0.2 - -
10.0.0.4/30 20 eth0 10.0.0.2 - -
10.0.0.8/30 20 eth1 10.0.0.13 - -
10.0.0.12/30 20 eth1 10.0.0.13 - -
10.0.0.16/30 20 eth0 10.0.0.2 - -
10.0.0.20/30 30 eth0 10.0.0.2 - -
eth1 10.0.0.13 - -
192.0.2.1/32 0 - - - -
192.0.2.2/32 20 eth0 10.0.0.2 2 Pop(16002)
192.0.2.3/32 30 eth0 10.0.0.2 3 Swap(16003, 16003)
eth1 10.0.0.13 3 Swap(16003, 16003)
192.0.2.4/32 20 eth1 10.0.0.13 4 Pop(16004)
192.0.2.5/32 30 eth0 10.0.0.2 5 Swap(16005, 16005)
IS-IS L2 IPv6 routing table:
Prefix Metric Interface Nexthop SID Label Op.
----------------------------------------------------------------------------------------
2001:db8:1111::/128 0 - - - -
2001:db8:2222::/128 20 eth0 fe80::e83:8ff:fee0:0 222 Pop(16222)
2001:db8:3333::/128 30 eth0 fe80::e83:8ff:fee0:0 333 Swap(16333, 16333)
eth1 fe80::e21:b0ff:fe24:1 333 Swap(16333, 16333)
2001:db8:4444::/128 20 eth1 fe80::e21:b0ff:fe24:1 444 Pop(16444)
2001:db8:5555::/128 30 eth0 fe80::e83:8ff:fee0:0 555 Swap(16555, 16555)
Conclusion, the label operation is executed correctly, but the output shown using MPLS dataplane might still be hardcoded in the linux kernel, probably the reason why POP
label operation is displayed, instead of the formaly correct NEXT
operation.
The MPLS label distribution is done using the IGP, here IS-IS SR. LDP is not used. Following commands will show empty output, since no LDP is working:
show mpls ldp binding
show mpls ldp interface
SR is the control plane and MPLS is the data plane.
Verify the routing table using linux iproute2
tool. Look at the added encap mpls
and the SID 16003
via dev
ethX:
10.0.0.0/30 dev eth0 proto kernel scope link src 10.0.0.1 10.0.0.4/30 nhid 18 via 10.0.0.2 dev eth0 proto isis metric 20 10.0.0.8/30 nhid 17 via 10.0.0.13 dev eth1 proto isis metric 20 10.0.0.12/30 dev eth1 proto kernel scope link src 10.0.0.14 10.0.0.16/30 nhid 18 via 10.0.0.2 dev eth0 proto isis metric 20 10.0.0.20/30 nhid 25 proto isis metric 20 nexthop via 10.0.0.13 dev eth1 weight 1 i nexthop via 10.0.0.2 dev eth0 weight 1 192.0.2.2 nhid 30 via 10.0.0.2 dev eth0 proto isis metric 20 192.0.2.3 nhid 49 proto isis metric 20 nexthop encap mpls 16003 via 10.0.0.2 dev eth0 weight 1 nexthop encap mpls 16003 via 10.0.0.13 dev eth1 weight 1 192.0.2.4 nhid 51 via 10.0.0.13 dev eth1 proto isis metric 20 192.0.2.5 nhid 57 encap mpls 16005 via 10.0.0.2 dev eth0 proto isis metric 20
This output of the routing table, will not display like shown above is the linux tool route
would be used here.
This is output of the IP routing table using the route -n
command. A lot of the "new" IP information is missing compared to the upper output. Now this is good example to why route
command on linux is deprecated, and iproute2
should be always used instead.
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.252 U 0 0 0 eth0 10.0.0.4 10.0.0.2 255.255.255.252 UG 20 0 0 eth0 10.0.0.8 10.0.0.13 255.255.255.252 UG 20 0 0 eth1 10.0.0.12 0.0.0.0 255.255.255.252 U 0 0 0 eth1 10.0.0.16 10.0.0.2 255.255.255.252 UG 20 0 0 eth0 10.0.0.20 10.0.0.2 255.255.255.252 UG 20 0 0 eth0 192.0.2.2 10.0.0.2 255.255.255.255 UGH 20 0 0 eth0 192.0.2.3 10.0.0.2 255.255.255.255 UGH 20 0 0 eth0 192.0.2.4 10.0.0.13 255.255.255.255 UGH 20 0 0 eth1 192.0.2.5 10.0.0.2 255.255.255.255 UGH 20 0 0 eth0 198.51.100.0 10.0.0.2 255.255.255.252 UG 20 0 0 eth0 198.51.100.4 0.0.0.0 255.255.255.252 U 0 0 0 eth3
not implemented yet
This is a tech demo, and in experimental state. It lacks some advanced features, A short overview of the not running features with a short explanation how they could be used in a SR running backbone:
L1 L2 redistribution
- No support for level redistribution (IS-IS L1 to L2 redistribution)
The network lab is runningis-type level2-only
. IS-IS runs in the default setting L1 and L2 databases at same time. L1 routers receive only the default route in a L1-L2 design, and do not have the full visibility of the network, like the L2 routers have. For the IS-IS SR lab the L2-only setting is mandatory to be able to run SR. L1 IS-IS is out of scope .
Binding SID
- No support for Binding SID (Segment ID)
Binding SID is a path instruction for a tunnel interface, TE interface.
- Send packet to the SID
- Forward packet using SR-TE policy
Both upper instructions in this send destination are united using one binding SID, the Binding SID works like a symlink for a network function. This implies MPLS-TE working or here SR-TE. A path instruction for a Binding SID would be insterted by a central controller, not the manual manner in the CLI. Not used in this netlab.
SRMS
Segment Routing Message Server
- No support for SRMS Segment Routing Preference TLV
SRMS is used in networks, where LDP only routers need to be reachable from SR domain. LDP is not used here.
SRLB
Segment Routing Local Block
- No support for SRLB
The SR Local Block TLV. A SR node assigns lables from range 15000 - 15999 to local links. This is done by every node. In the netlab FRRouting assings SRLB's. Not sure how this particular entry is meant, perhaps SRLB are not fully implemented according to the RFC, this is my personal speculation. Verify the debug output show below:
debug isis sr-events
SRLB `ISIS-Sr (1): Got new SRLB [15000/15999]. Take a close look what at the debug output and notice what isis does with the 15xxx prefixed labels of the SRLB. Another hint that some code is already there. and
This is a debug isis sr-events
command output. The router FRR2 has been shutdown. The sequence of sr events shown int the /var/log/messages
file. Use tail -f /var/log/messages
to watch the debugging output appearing interactively:
Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15000 for interface eth0 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15001 for interface eth0 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15004 for interface eth0 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15006 for interface eth0 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15005 for interface eth1 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15007 for interface eth1 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16002 for prefix 192.0.2.2/32 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16003 for prefix 192.0.2.3/32 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16004 for prefix 192.0.2.4/32 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16005 for prefix 192.0.2.5/32 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16222 for prefix 2001:db8:2222::/128 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16333 for prefix 2001:db8:3333::/128 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16444 for prefix 2001:db8:4444::/128 Nov 10 12:58:10 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16555 for prefix 2001:db8:5555::/128 Nov 10 12:58:11 FRR1 daemon.debug isisd[1832]: [ZGTBT-7CBRV] ISIS-Sr (1): delete label 16002 for prefix 192.0.2.2/32 Nov 10 12:58:11 FRR1 daemon.debug isisd[1832]: [ZGTBT-7CBRV] ISIS-Sr (1): delete label 16222 for prefix 2001:db8:2222::/128
SR debug events after FRR2 has been powered on:
Nov 10 13:02:10 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Primary Adjacency SID Nov 10 13:02:10 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15000 for interface eth0 Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Primary Adjacency SID Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15001 for interface eth0 Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15004 for interface eth0 Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15005 for interface eth0 Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16002 for prefix 192.0.2.2/32 Nov 10 13:02:12 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16222 for prefix 2001:db8:2222::/128 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15004 for interface eth0 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [SZEFX-K7QHS] ISIS-Sr (1): Delete Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Delete label 15005 for interface eth0 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15004 for interface eth0 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15005 for interface eth1 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15006 for interface eth0 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [M10RP-EXYDD] ISIS-Sr (1): Add Backup Adjacency SID Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [JHS07-MXHFV] |- Add label 15007 for interface eth1 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16002 for prefix 192.0.2.2/32 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16003 for prefix 192.0.2.3/32 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16004 for prefix 192.0.2.4/32 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16005 for prefix 192.0.2.5/32 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16222 for prefix 2001:db8:2222::/128 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16333 for prefix 2001:db8:3333::/128 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16444 for prefix 2001:db8:4444::/128 Nov 10 13:02:13 FRR1 daemon.debug isisd[1832]: [XQ9NN-675DD] ISIS-Sr (1): update label 16555 for prefix 2001:db8:5555::/128
Routers FRR1 and FRR2 are directly connected. Interactive configuration debugging in FRRouting is explained in FRRouting routing protocol debugging article.
Further reading
Basic tutorials using SR can found at the official website. Detailed configuration steps and examples of IS-IS segment routing can be found is the official documentation. Everything related to building a working FRRouting GNS3 appliance and how to configure it is explained in previous blog entry.
See also
- Building 64bit alpine linux GNS3 FRRouting appliance
- FRRouting basic IS-IS router configuration
- FRRouting SR Segment Routing tech demo
- FRRouting routing protocol debugging
- FRR
References
- IS-IS - Routing Protocol - Wikipedia
- FRRouting - Version 8.3.1 release notes
- FRRouting - official ISIS SR documentation
- RFC8402 - Segment Routing Architecture
- RFC8287 - Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) IGP-Prefix and IGP-Adjacency Segment Identifiers (SIDs) with MPLS Data Planes
- Segment Routing Global Block - SRGB