0% found this document useful (0 votes)

478 views128 pages

BRKRST 3009

Uploaded by

Mustafa Hussien

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

478 views128 pages

BRKRST 3009

Uploaded by

Mustafa Hussien

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Troubleshooting

Segment Routing

Luc De Ghein Technical Leader Services

BRKRST-3009
Cisco Spark
Questions?
Use Cisco Spark to chat with the
speaker after the session

How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space

Cisco Spark spaces will be cs.co/ciscolivebot#BRKRST-3009

available until July 3, 2017.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction
• Segment Routing (SR) Recap
• Troubleshooting Control Plane
• Troubleshooting Data Plane
• SR Traffic Engineering (SR-TE)
• ODN
• Ti-LFA
• Micro-loop avoidance
• PCEP (XTC)
• SR BGP EPE
• SR OAM
• Key Takeaways
Introduction
Before We Get Started
• Fair basic knowledge on SR is required
• MPLS and IPv6 in data plane
• This presentation only covers MPLS
• All is IOS-XR
• Latest and greatest
• Similar in IOS

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Stay Up-To-Date

http://www.segment-routing.net/

https://www.linkedin.com/groups/8266623

https://twitter.com/SegmentRouting

https://www.facebook.com/SegmentRouting/

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Introduction
• A segment is an instruction
• with MPLS forwarding: segment = label
• Forwarding is done by MPLS or IPv6
• This session only covers MPLS
• Link-state protocol is needed to advertise
• Segments (Prefix-SID, Adjacency-SID)
• MPLS Label

• Removing the signaling and state (no LDP/ no RSVP-TE)

• Controller/SDN can be used if/when needed

*SID = Segment Identifier

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Segment Routing (SR) Recap
24001 Adj-SID label

SR Overview - Basic 16007 Prefix-Sid label

Service: L3VPN, L2VPN, 6PE, 6VPE, …

16099 Prefix-SID
24001 24001 Loopback0
16007 16007 Label 16099
Segment 1

CE1 PE1 P1 P2 P3 P4

Adj label 24001

Segment 2

16007 Prefix-SID
Loopback0
Label 16007
Prefix-SIDs are global labels
P5 P6 P7 PE2 CE2
Adj-SIDs are local labels
Segment 3 16007

Deviate from shortest path – Source Routing:

Traffic Engineering based on SR Default: PHP at each segment

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Troubleshooting – Control Plane
Bringing up Segment Routing
router isis 1
Enable SR for all areas router ospf 1
net 49.0001.0000.0000.0001.00 metric-style wide segment-routing mpls
address-family ipv4 unicast must be enabled segment-routing forwarding mpls ! On by default
metric-style wide area 0
segment-routing mpls Enable SR interface Loopback0
Enable SR on all forwarding on !
IS-IS IPv4 interfaces interface GigabitEthernet0/0/0/0
interfaces !
Disable SR for area 1 area 1
segment-routing forwarding disable
Disable SR forwarding segment-routing disable
on area 1 interfaces

RP/0/0/CPU0:PE1# show mpls interfaces

Interface LDP Tunnel Static Enabled

-------------------------- -------- -------- -------- --------
GigabitEthernet0/0/0/0 No No No Yes
GigabitEthernet0/0/0/1 No No No Yes
GigabitEthernet0/0/0/2 No No No Yes
GigabitEthernet0/0/0/3 No No No Yes

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Verify SRGB Block
Default SR Global Block: 16,000 – 23,999 (size 8,000)
Dynamic label range: 24,000 – 1,048,575
RP/0/0/CPU0:PE1# show mpls label table detail

Table Label Owner State Rewrite

----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
0 24000 ISIS(A):1 InUse Yes First Adj-SID label (from
(SR Adj Segment IPv4, vers:0, index=1, type=0, intf=Gi0/0/0/1, nh=10.1.6.6) dynamic range)
0 24001 ISIS(A):1 InUse Yes
(SR Adj Segment IPv4, vers:0, index=3, type=0, intf=Gi0/0/0/1, nh=10.1.6.6)
0 24002 ISIS(A):1 InUse Yes
(SR Adj Segment IPv4, vers:0, index=1, type=0, intf=Gi0/0/0/3, nh=10.1.5.6)

RP/0/0/CPU0:PE1# show mpls label range

Range for dynamic labels: Min/Max: 24000/1048575 Dynamic range

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
IGP – LS Database
RP/0/0/CPU0:PE1# show isis database level 2 verbose P1.00 Regular LSP header

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL SR Capabilities
P1.00-00 0x00000017 0xa223 674 0/0/0 I:1 IPv4 capable
Area Address: 49.0001
V:0 no IPv6 capable
NLPID: 0xcc
Hostname: P1 SRGB block
IP Address: 10.100.1.5
Adj-SID
Router Cap: 10.100.1.5, D:0, S:0
Segment Routing: I:1 V:0, SRGB Base: 16000 Range: 8000 F:0 address family IPv4
Metric: 10 IS-Extended PE1.00 B:1 eligible for Backup
Interface IP Address: 10.1.2.5 V:1 adj SID has a Value
Neighbor IP Address: 10.1.2.1
L:1 Local significance
ADJ-SID: F:0 B:1 V:1 L:1 S:0 weight:0 Adjacency-sid:24000
ADJ-SID: F:0 B:0 V:1 L:1 S:0 weight:0 Adjacency-sid:24001 S:0 Set of adjacencies
Weight: 0 amount of load balancing (NA yet)
Metric: 0 IP-Extended 10.100.1.5/32
Prefix-SID Index: 5, Algorithm:0, R:0 N:1 P:0 E:0 V:0 L:0 Prefix-SID
R:0 not Re-advertised
router isis 1 router isis 1 N:1 node SID
interface Loopback0 interface Loopback0
passive passive P:0 PHP on
address-family ipv4 unicast address-family ipv4 unicast E:0 explicit-NULL off
prefix-sid index 5 prefix-sid absolute 16005 V:0 index
L:0 global significance
*Prefix SID always advertised as relative index BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Example of P and R Flags: Multi-Level ISIS
route-policy pass
leak L2 into L1 pass
end-policy
10.100.1.3
!
Prefix-SID 3
router isis 1
PE3 net 49.0001.0000.0000.0009.00
PE1 P1 ABR1 ABR3 P3
address-family ipv4 unicast
metric-style wide
area 49.0001 area 49.0002 mpls traffic-eng level-1-2
router-id Loopback0
Level-1 Level-2 Level-1 propagate level 2 into level 1 route-policy pass
segment-routing mpls
RP/0/0/CPU0:PE1# show isis database ABR1.00-00 verbose
.. Prefix SID
Metric: 40 IP-Extended-Interarea 10.100.1.3/32
Prefix-SID Index: 3, Algorithm:0, R:1 N:1 P:1 E:0 V:0 L:0
Prefix Attribute Flags: X:0 R:1 N:1 R:1 Re-advertised
Source Router ID: 10.100.1.3 P:1 PHP off
…
The R-Flag MUST be set for prefixes that are not local to the router
RP/0/0/CPU0:PE1# trace 10.100.1.3 and either: advertised because of propagation (Level-1 into Level-2);
advertised because of leaking (Level-2 into Level-1); advertised
1 10.1.15.5 [MPLS: Label 16003 Exp 0] 29 msec 29 msec 39 msec
2 10.1.59.9 [MPLS: Label 16003 Exp 0] 29 msec 29 msec 39 msec because of redistribution (e.g.: from another protocol).
3 10.1.129.12 [MPLS: Label 16003 Exp 0] 39 msec 49 msec 29 msec
4 10.1.126.6 [MPLS: Label 16003 Exp 0] 19 msec 19 msec 39 msec
5 10.1.36.3 29 msec * 19 msec no PHP at ABR = LSP is uninterrupted

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Example of E Flag
16003 0 router isis 1
16009 16009 is-type level-1
leak L2 into L1 net 49.0002.0000.0000.0003.00
payload payload address-family ipv4 unicast
10.100.1.3 metric-style wide
mpls traffic-eng level-1
mpls traffic-eng router-id Loopback0
PE1 P1 ABR1 ABR3 P3 PE3 router-id Loopback0
segment-routing mpls
area 49.0001 area 49.0002 !
interface Loopback0
address-family ipv4 unicast
Level-1 Level-2 Level-1
prefix-sid index 3 explicit-null
!

RP/0/0/CPU0:P3# show isis database PE3.00-00 verbose

..
Metric: 10 IP-Extended 10.100.1.3/32 Prefix SID
Prefix-SID Index: 3, Algorithm:0, R:0 N:1 P:1 E:1 V:0 L:0
Prefix Attribute Flags: X:0 R:0 N:1
Source Router ID: 10.100.1.3 E:0 explicit-NULL on

RP/0/0/CPU0:P3# show mpls forwarding labels 16003

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------ LFIB on previous router shows
16003 Exp-Null-v4 SR Pfx (idx 3) Gi0/0/0/1 10.1.36.3 10721
explicit-null label
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Label Persistency – Zombie Labels
• SR adjacency label allocated by LSD
• LSP/LSA with label is flooded
RP/0/0/CPU0:PE1# show mpls label table detail private

Table Label Owner State Rewrite

----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No zombie label – Gi0/0/0/0 is down
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
0 24004 None Zombie Same label will be assigned to
(SR Adj Segment IPv4, vers:0, index=1, type=0, intf=Gi0/0/0/0, nh=10.1.2.5) Gi0/0/0/0 when it comes back up
0 24005 None Zombie
(SR Adj Segment IPv4, vers:0, index=3, type=0, intf=Gi0/0/0/0, nh=10.1.2.5)

RP/0/0/CPU0:PE1# show mpls lsd private

App Mgr:
gbl_nsf_rw_to=1800s (max=1800s)
bgp_hi_pri_bitset=0x0
static_hi_pri_bitset=0x4
Label Mgr:
4 zombie labels lbls=8020, ctxs=8016
zombie=4 (mldp total/hold=0/0), reclaimed=12, re-purposed=0
zombie pool of labels GLRT=Stopped
bottom_up_mode=1, alloc_threshold=6000
4 zombie labels Zombie pools: idx=34; tmr expiring in 24 sec
pool[32] expires within 1800 secs: 4 lbls (0 mldp)
expiry of labels in 30 min …

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Troubleshooting – Data Plane
SR has Regular MPLS Data Plane
• SR has segments: 1 segment represented by 1 label in MPLS label stack
• SR uses the existing MPLS data plane
• No exceptions
• MPLS label operations:
• Push, Pop, and Swap
• We have
• Special labels {0 - 15}
• PHP (default behavior, also for SR)
• explicit-null for IPv4 and IPv6
• Regular labels {16 - 1048575}
• Static labels {16 - 4095}
• SRGB {16000 - 23999} – Prefix-SIDs
• Dynamic range {24000 - 1048575} – includes Adj-SIDs
• QOS propagation (EXP bits)
• Still uniform model, pipe, and short pipe model
• TTL propagation as usual

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
MPLS Label Operation: Push Label(s)
• Push can occur at ingress of MPLS domain
• MPLS label stack added in CEF (FIB) table
• Top label is SR label; other labels can be service labels (e.g. MPLS VPN, BGP-LU, etc.)

• Push can occur at intermediate MPLS (P) router

• MPLS label(s) added in LFIB (e.g. active FRR)
• Label stack added can be up to size supported by the
platform
16003 • Label can be any label (SR Prefix-SID, Adj-SID label, …)
payload payload

R1 R2 R3 R4
IP MPLS
RP/0/0/CPU0:R1# show route 10.100.1.3/32 RP/0/0/CPU0:R1# show cef …

Routing entry for 10.100.1.3/32 “labeled SR” must be present* 10.100.1.3/32, … labeled SR, …
Known via "isis 1", … , labeled SR, …
Routing Descriptor Blocks via 10.1.12.2/32, GigabitEthernet0/0/0/1,…
10.1.15.5, from 10.100.1.3, via GigabitEthernet0/0/0/0 local label 16003 labels imposed {16003}
Route metric is 60

* not for Ti-LFA for link prefixes (see later)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
MPLS Label Operation: Swap Label(s)
• Swap occurs at intermediate MPLS (P) router
• Only top label is swapped
• MPLS label is swapped in LFIB
• Other labels are not touched (EXP bits, TTL)
• Within one SR segment, top label is swapped with same label

16004 16004 • Top label is swapped

16009 16009
payload payload

R1 R2 R3 R4

RP/0/0/CPU0:R2# show mpls forwarding labels 16004

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 10.1.59.9 1420

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
MPLS Label Operation: Pop Label(s)
• Pop occurs at intermediate MPLS (P) router: top label is removed
• By default on penultimate router of one SR segment
• Label stack could become unlabeled
• Label stack can still have other labels
• e.g. when packet is moved from one SR segment to another SR segment
16004 • Top label is popped
16009 16009
payload payload

R1 R2 R3 R4

Segment 1 (label 16004) Segment 2

(label 16009)
RP/0/0/CPU0:R3# show mpls forwarding labels 16004

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16004 Pop SR Pfx (idx 4) Gi0/0/0/3 10.1.46.4 1880280
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Nothing new!
LFIB
RP/0/0/CPU0:P3# show mpls forwarding

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16001 16001 SR Pfx (idx 1) Gi0/0/0/0 10.1.126.12 0
16002 16002 SR Pfx (idx 2) Gi0/0/0/0 10.1.126.12 0 • Special labels {0-15} are
16003 Exp-Null-v4 SR Pfx (idx 3) Gi0/0/0/1 10.1.36.3 43054 still used
16004 16004 SR Pfx (idx 4) Gi0/0/0/1 10.1.36.3 73402
16004 SR Pfx (idx 4) Gi0/0/0/2 10.1.68.8 0 • ECMP, can only be
16005 16005 SR Pfx (idx 5) Gi0/0/0/0 10.1.126.12 0 Prefix-SID
16008 Pop SR Pfx (idx 8) Gi0/0/0/2 10.1.68.8 0
16009 16009 SR Pfx (idx 9) Gi0/0/0/0 10.1.126.12 0
16010 16010 SR Pfx (idx 10) Gi0/0/0/0 10.1.126.12 0
16010 SR Pfx (idx 10) Gi0/0/0/2 10.1.68.8 0
16012 Pop SR Pfx (idx 12) Gi0/0/0/0 10.1.126.12 0
16013 16013 SR Pfx (idx 13) Gi0/0/0/0 10.1.126.12 0
• Data plane makes no
16013 SR Pfx (idx 13) Gi0/0/0/2 10.1.68.8 0
distinction between
24000 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.126.12 0 Prefix-SID and Adj-SID
24003 Pop SR Adj (idx 2) Gi0/0/0/0 10.1.126.12 0
24004 Pop No ID tt1 point2point 0

• Any Adj-SID will

have pop operation
• Binding entry (used
with SR-TE)
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Nothing new!
Load Balancing MPLS Traffic
• Routers will try to load balance on the IP header, even when there is a label stack
• IP traffic is best load-balanced by calculating hash over 3- or 7-tuple*

• PseudoWire traffic is load-balanced by calculating hash over the bottom label (PW
service label)
• Preserving per-flow load balancing

• Flow Aware Transport (FAT) Label can be used

• Endpoints need to support this signaling
• Endpoints classify traffic and pushes a unique flow label for each flow (each PW)
• Load balancing on bottom (FAT) label
• More granular than load balancing

• If many labels are present in label stack and the platform cannot look at/past last
label, there is load balancing on higher label in the stack
Check platform!
* 3- Source IP, Destination IP, Router ID
7- Source IP, Destination IP, Router ID, Source port, Destination port, Protocol, Ingress interface handle

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Pushing Label Stack at Ingress Router

• Considerations
• MTU
• Platform support

• What matters
• The segment list is normally not large
• Binding-SIDs are used

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
interface Loopback0
ipv4 address 10.100.1.4 255.255.255.255
!

Labeling which Prefixes? interface Loopback1

!
ipv4 address 10.100.2.4 255.255.255.255

interface Loopback2
ipv4 address 10.100.3.4 255.255.255.255
GE 0/0/0/0 !
interface Loopback3
P1 P2 P3 P4 ipv4 address 10.100.4.4 255.255.255.255
10.1.45.0/24 !
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.45.4 255.255.255.0

Prefix attached to P4 Outgoing label in CEF? router isis 1

Entry in LFIB? net 49.0001.0000.0000.0004.00
address-family ipv4 unicast
Prefix-SID P4 (10.100.1.4/32 & 10.100.2.4/32) Y metric-style wide
router-id Loopback0
segment-routing mpls
Prefix-SID P4 without Node flag Y !
(10.100.3.4/32) interface Loopback0
address-family ipv4 unicast
Loopback prefix without Prefix-SID N prefix-sid absolute 16004
(10.100.4.4/32) !
interface Loopback1
Link prefix connected to P4 (10.1.45.0/24) N address-family ipv4 unicast
prefix-sid absolute 17004
!
interface Loopback2
• So, this is the equivalent of LDP label prefix filtering: only address-family ipv4 unicast
assigning/advertising labels to /32 prefixes (loopback prefixes, used by prefix-sid absolute 18004 n-flag-clear
service, (e.g. L3VPN), so BGP next hop IP addresses) !
interface Loopback3
• Traffic to link prefixes is not labeled! adderss-family ipv4 unicast
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
SR-TE
SR-TE
• Simple, automated, and scalable No signaling protocol
• No core state: state in the packet header
• To tunnel interface: “SR Policy”
No bandwidth
• No headend a-priori configuration: on-demand policy
instantiation
• No headend a-priori steering: on-demand-steering Protection is Ti-LFA
• Flooding by IGP
• Dynamic or explicit path ECMP used
• Explicit-path is defined as list of segments:
• All hops are IP addresses (link/node = loopback)
• All hops are MPLS labels UCMP possible
• Mix of IP addresses/MPLS labels

• PCE/PCC is possible (multi-domain)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
SR-TE
• Forwarding (legacy)
• Autoroute Announce (AA)
• Autoroute Destination • Automated color-based steering
• Static route
• Access-list Based
Forwarding (ABF)

• Constraints
• Color/affinity
• IGP/TE metric
• Measured latency (future)
• Disjoint paths
• Bandwidth with centralized model

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Circuit Optimization versus SR Optimization
R3 R3

R1 R2 R5 R6 R1 R2 R5 R6

R4 R4

R7 R8 R7 R8

• Classic TE is circuit-based • SR native TE

• CSPF: non-ECMP path • ECMP paths, no more circuits
• SID-list: R2 - R3 - R5 - R6 • SID-list: R5 - R6
• Poor ECMP, big SID-list, ATM-like • ECMP, small SID-list, IP optimized

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
SR Policy
• An SR Policy is identified
through the following tuple:
• The head-end where the policy is instantiated/implemented
• The endpoint (i.e.: the destination of the policy)
• The color (an arbitrary numerical value)

• At a given head-end, an SR Policy is fully identified by the <color,

endpoint> tuple
• An endpoint can be specified as an IPv4 or IPv6 address

BRKRST-3122 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Candidate-Path
• 2 options
1. Dynamic: as before with RSVP-TE
2. Explicit:
• SR-TE Policy path can be explicitly specified by configuring an ordered list of IP addresses and/or label values
• The IP addresses in the explicit path will be mapped to label values by the head-end

• Any loopback prefix with associated prefix-SID can be used in path

• If nodes have multiple loopbacks with prefix-SIDs, each of these can be used in the SR-TE Policy path
• Including anycast prefixes/prefix-SIDs

• Result of computation is always a list of segments, so SR labels

• Path-option on tunnel-te needs “segment-routing” keyword at the end, otherwise RSVP-TE is tried

If the first hop in the SR-TE Policy path is adjacency-SID or prefix-SID of

adjacent node
First segment exception Then the label for this first hop is not added in SR-TE Policy rewrite label stack this
hop is only used to select outgoing interface(s)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
SR-TE Configuration (old) No RSVP-TE
TE Head End router: an SR Policy instantiated from a configured tunnel interface

!
like CLI for RSVP-TE tunnel
interface tunnel-te1
ipv4 unnumbered Loopback0
destination 10.100.1.4 always segment-routing needed
path-option 1 dynamic segment-routing
path-option 2 explicit name PE1-PE2 segment-routing without: try RSVP-TE
!
All SR routers
router isis 1
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
Enabling MPLS TE (IGP)
mpls traffic-eng level-2-only
mpls traffic-eng router-id 10.100.1.1
segment-routing mpls
!
mpls traffic-eng
!
segment-routing

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
SR-TE Configuration (new)
SR-TE
segment-routing
traffic-eng SR Policy
policy policy-1
end-point ipv4 1.1.1.4 color 20
binding-sid mpls 1000
candidate-paths
preference 10 Preconfigured path
explicit SID-LIST1
preference 20
dynamic mpls Dynamic path
metric
type latency
affinity
exclude-any red
Preconfigured path
explicit-path name SID-LIST1
index 10 mpls label 16002
index 20 mpls label 30203
index 30 mpls label 16004

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Verify SR Policy
RP/0/0/CPU0:PE1# show segment-routing traffic-eng policy
SR-TE policy database
---------------------
Name: policy-1 (Color: 20, End-point: 1.1.1.4)
Status:
Admin: up Operational: up for 00:08:19 (since Jun 13 21:18:10.469)
Candidate-paths:
Preference 10:
Dynamic: (inactive)
Weight: 0
Preference 20:
Explicit: segment-list SID-LIST1 (active)
Weight: 0
16002 [Prefix-SID, 1.1.1.2]
30203 [Adjacency-SID, 99.2.3.2 - 99.2.3.3]
16004 [Prefix-SID, 1.1.1.4]
Attributes:
Binding SID: 1000 (configured)
Forward Class: 0

FIB @ headend
Incoming label: 1000
Action: pop and push <16002, 30203, 16004>
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Explicit path configuration – Rules
• Ensure the path leads all the way to the destination
• SR Policy end-point explicitly included in path
• SR Policy end-point must be reachable (is verified by TE), if configured as
IP address
• When using Prefix-SIDs:
• It’s easy to skip hops
• But Prefix-SID of tail end must be included

• When using Adj-SIDs:

• Adj-SID has local significance, ensure the packet gets to the advertising node of this
Adj-SID first
• Precede Adj-SID hop by Prefix-SID or Adj-SID to node

Adj-SIDs are not recommended

• They can change (after reboot for example), if specified as label
• No ECMP
• Worse Ti-LFA backup behavior (not using PC path to destination)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
MPLS-enabled Interfaces

RP/0/0/CPU0:PE1# show mpls interfaces

Interface LDP Tunnel Static Enabled

-------------------------- -------- -------- -------- --------
GigabitEthernet0/0/0/0 No Yes No Yes
GigabitEthernet0/0/0/1 No Yes No Yes
GigabitEthernet0/0/0/2 No Yes No Yes
GigabitEthernet0/0/0/3 No Yes No Yes

Enabled by SR configuration
under IGP

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
SR-TE Database
RP/0/0/CPU0:PE1# show mpls traffic-eng segment-routing summary

IGP[0]:: IS-IS 1 level 1 , Strict SPF Disabled

Nodes:
IGP Id: 0000.0000.0001.00, MPLS TE Id: 10.100.1.1
Num of links with sr adj SID : 2
Total number of links : 2

IGP Id: 0000.0000.0002.00, MPLS TE Id: 10.100.1.2

Num of links with sr adj SID : 2
Total number of links : 2

IGP Id: 0000.0000.0003.00, MPLS TE Id: 10.100.1.3

Num of links with sr adj SID : 2
Total number of links : 2

IGP Id: 0000.0000.0004.00, MPLS TE Id: 10.100.1.4

Num of links with sr adj SID : 3
Total number of links : 3

IGP Id: 0000.0000.0005.00, MPLS TE Id: 10.100.1.5

Num of links with sr adj SID : 3
Total number of links : 3

IGP Id: 0000.0000.0006.00, MPLS TE Id: 10.100.1.6

Num of links with sr adj SID : 5
Total number of links : 5
…

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
SR-TE Database router isis 1
net 49.0001.0000.0000.0004.00
RP/0/0/CPU0:PE1# show mpls traffic-eng segment-routing ? address-family ipv4 unicast
metric-style wide
A.B.C.D Show nodes and prefixes related to IP address. mpls traffic-eng level-2-only
isis Show ISIS areas only mpls traffic-eng router-id 10.100.1.4
link Show information related to Adjacency-SID segment-routing mpls
node Show information based on node ID or system ID
!
ospf Show OSPF areas only
prefix Show the Prefix-SID info
interface Loopback0
summary Show Segment-Routing summary information passive
address-family ipv4 unicast
RP/0/0/CPU0:PE1# show mpls traffic-eng segment-routing prefix-sid absolute 16004
!
IGP[0]:: IS-IS 1 level 2 , Strict SPF Disabled
Nodes:
IGP Id: 0000.0000.0001.00, MPLS TE Id: 10.100.1.1
Segment-Routing: SRGB
TE Node-SID Index: 1i
SRGB Info: Start 16000, Size 8000
link entry
Link[0]:Point-to-Point, Nbr IGP Id:0000.0000.0006.00, Nbr Node Id:14, gen:3501
Frag Id:0, Intf Address:10.1.6.1, Intf Id:0
Segment-Routing Adjacency-SIDs: 2 • Adj-SIDs
Adjacency-SID[0]: 24001, Flags: V, L to Nbr:: IGP Id: 0000.0000.0006.00, MPLS TE Id: 10.100.1.6
Adjacency-SID[1]: 24000, Flags: B, V, L to Nbr:: IGP Id: 0000.0000.0006.00, MPLS TE Id: 10.100.1.6
Nbr Intf Address:10.1.6.6, Nbr Intf Id:0 • Adj-SIDs with Backup
TE Metric:10, IGP Metric:10 flag is only advertised if
Ext Admin Group:
Length: 256 bits LFA is configured (as of
Value : 0x:: 6.2.1)
Attribute Names:
Link[1]:Point-to-Point, Nbr IGP Id:0000.0000.0006.00, Nbr Node Id:14, gen:3502
…
Link[2]:Point-to-Point, Nbr IGP Id:0000.0000.0005.00, Nbr Node Id:13, gen:3503
…

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Verifying MPLS TE SR Database
RP/0/0/CPU0:PE1# show mpls traffic-eng segment-routing summary

IGP[0]:: OSPF 1 area 1 , Strict SPF Disabled

Nodes:
IGP Id: 10.100.1.1, MPLS TE Id: 10.100.1.1 MPLS TED should have nodes / links / IP addresses
Num of links with sr adj SID : 2
Total number of links : 2

IGP Id: 10.100.1.5, MPLS TE Id: 10.100.1.5

Num of links with sr adj SID : 3
Total number of links : 3

IGP Id: 10.100.1.7, MPLS TE Id: 10.100.1.7

Num of links with sr adj SID : 3
Total number of links : 3 MPLS TED should be verified on routers in
different areas
IGP Id: 10.100.1.9, MPLS TE Id: 10.100.1.9
Num of links with sr adj SID : 1
Total number of links : 1

Prefix Information:
10.100.1.1/32, SID index: 1, flags: N
10.100.1.3/32, SID index: 3, flags: R, N, P
10.100.1.4/32, SID index: 4, flags: R, N, P
10.100.1.5/32, SID index: 5, flags: N
10.100.1.6/32, SID index: 6, flags: R, N, P
10.100.1.7/32, SID index: 7, flags: N

Total: IGP[0]:: OSPF 1 area 1 , Strict SPF Disabled

Node Count : 5
Adjacency-SID Count: 20
Prefix-SID Count : 12

Grand Total:: Summary of nodes / Prefix-SIDs / Adj-SIDs

Node Count : 5
Adjacency-SID Count: 20
Prefix-SID Count : 12
IGP Areas Count : 1
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Path-Option Troubleshooting Tip
• Possibility to manually switch over to other or newly created path-option

mpls traffic-eng switchover tunnel-te <tun_id> path-option <PO_nr>

RP/0/0/CPU0:PE1# mpls traffic-eng switchover tunnel-te 4 path-option 2

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
SR Policy Verification
RP/0/0/CPU0:PE1#show mpls traffic-eng tunnels 1

Name: tunnel-te1 Destination: 10.100.1.4 Ifhandle:0x70

Signalled-Name: PE1_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, (Segment-Routing) type dynamic (Basis for Setup, path weight 30)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Mon Oct 24 15:15:13 2016 (00:28:23 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Protection: any (default) specify to use only protected
Hop-limit: disabled adjacencies, or only non-protected
Cost-limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear (default) adjacencies, or any (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forward class: 0 (default)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
Loadshare: 0 equal loadshares
Auto-bw: disabled
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
SRLG discovery: Disabled

Segment-Routing Path Info (IS-IS 1 level-2)

• Old = list of ADJ-SIDs (from RSVP-TE
Segment0[Link]: 10.1.2.1 - 10.1.2.5, Label: 24005 CSPF)
Segment1[Link]: 10.1.9.5 - 10.1.9.7, Label: 24019
Segment2[Link]: 10.1.26.7 - 10.1.26.4, Label: 24035 • New and XTC: SR native algorithm
(minimum set of segments)
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
SR Policy

RP/0/0/CPU0:PE1# show isis mpls traffic-eng tunnel

IS-IS 1 Level-1 MPLS Traffic Engineering tunnels

System Id Tunnel Bandwidth Nexthop Metric Mode IPv4/IPv6 IPV4/IPv6 Chkpt ID Type
FA AA
No 'Level-1 IPv4 Unicast TE tunnels' found in IS-IS 1

IS-IS 1 Level-2 MPLS Traffic Engineering tunnels

System Id Tunnel Bandwidth Nexthop Metric Mode IPv4/IPv6 IPV4/IPv6 Chkpt ID Type
FA AA
PE4 tt1 0 10.100.1.4 0 Relative Dis/Dis En/Dis 00000000 SR
P3 tt2 0 10.100.1.7 0 Relative Dis/Dis En/Dis 00000000 SR

Forwarding Adjacency
(not supported for SR-
TE)
Autoroute
Announce

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
SR Policy
RP/0/0/CPU0:PE1# show mpls traffic-eng tunnels 1

Name: tunnel-te1 Destination: 10.100.1.4 Ifhandle:0x70

Signalled-Name: PE1_t1
…

Segment-Routing Path Info (IS-IS 1 level-2) verify that the SR labels are used
Segment0[Link]: 10.1.2.1 - 10.1.2.5, Label: 24005
Segment1[Link]: 10.1.9.5 - 10.1.9.7, Label: 24019
Segment2[Link]: 10.1.26.7 - 10.1.26.4, Label: 24035

ignore segment 0, if Adj-SID, or Prefix-SID of directly

connected next hop router

RP/0/0/CPU0:PE1# traceroute 10.100.1.99

Type escape sequence to abort.

Tracing the route to 10.100.1.99

1 10.1.2.5 [MPLS: Labels 24019/24035 Exp 0] 19 msec 9 msec 9 msec

2 10.1.9.7 [MPLS: Label 24035 Exp 0] 9 msec 9 msec 9 msec
3 10.1.26.4 9 msec * 9 msec

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
SR Policy Not Functional
• Inactive policy
• No valid path found

• Invalid SID list

• It is empty
• The headend is unable to resolve the first SID into one or more outgoing interface(s)
and next-hop(s)
• The headend is unable to resolve any non-first SID expressed as an IP address

• Unreachable
• The headend has no path to the SID in its SR-TE database

• Invalid path
• A Path is invalid as soon as it has no valid SID list

The headend of an SR Policy updates the validity of a

SID list upon network topological change.
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Unequal Cost Multi-Path (UCMP)
• If a set of SID lists is associated with the selected path of the policy, then the
steering is flow and UCMP-based according to the relative weight of each SID
list
SID-list:
{16004, 16006}
1/5
SID-list1: of load
{16004, IGP link cost: 20
16006} 2 4

Weight 1
SR Policy Selected Path 6
1

SID-list2:
3 5
{16006}
Weight 4 4/5
of load SID-list: Default IGP link cost: 10
{16006}

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Min-metric with Margin
• Headend computes a SID list whose segment-routing
cumulated optimized metric is within traffic-eng
policy Policy_1
range of the [shortest-path metric, end-point ipv4 10.1.1.3 color 20
shortest-path metric + margin] binding-sid mpls 1000
candidate-paths
• Margin is expressed in absolute or relative preference 50
value dynamic mpls
metric
• If this is not possible because of the type te
number of SIDs constraint, then the margin 5
solution SID list minimizes the optimized sid-limit 6
metric while meeting the maximum
number of SIDs constraints

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
SR-TE to RSVP-TE SR-TE
segment 1
RSVP-TE
Tunnel

• PE-to-PE PE1 P1 P2 P3 P4 PE3

PE1

explicit-path name PE1-P2

index 10 next-address strict ipv4 unicast 10.100.1.9 P2
index 20 next-label 16
! interface tunnel-te1
interface tunnel-te1 ipv4 unnumbered Loopback0
ipv4 unnumbered Loopback0 autoroute destination 10.100.1.3
autoroute destination 10.100.1.3 destination 10.100.1.3
autoroute destination 10.100.1.9 binding-sid mpls label 16
destination 10.100.1.9 path-option 1 dynamic
path-option 1 explicit name PE1-P2 segment-routing
no “segment-routing”
on path-option
RP/0/0/CPU0:PE1# traceroute vrf one 10.2.100.3

Type escape sequence to abort.

Tracing the route to 10.2.100.3

1 10.1.15.5 [MPLS: Labels 16009/16/24004 Exp 0] 29 msec 39 msec 89 msec

24004 is service (vpnv4) label
2 10.1.59.9 [MPLS: Labels 16/24004 Exp 0] 49 msec 29 msec 49 msec
3 10.1.129.12 [MPLS: Labels 24008/24004 Exp 0] 39 msec 39 msec 29 msec
4 10.1.126.6 [MPLS: Labels 24010/24004 Exp 0] 39 msec 39 msec 29 msec
5 10.1.36.3 29 msec * 29 msec

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Service Disjointness from same headend
SID-list:
segment-routing
<16002, 30203, 16007> traffic-eng
policy POLICY1
IGP link cost: 100 end-point ipv4 10.1.1.7 color 100
2 5 candidate-paths
preference 50
dynamic mpls
metric
1 4 7
type igp
association group 1 type node

3 6 policy POLICY2
IGP link cost: 100 end-point ipv4 10.1.1.7 color 200
candidate-paths
SID-list: preference 50
<16003, 16006, 16007> dynamic mpls
Default IGP link cost: 10 metric
type igp
association group 1 type node

• The headend computes two disjoint paths

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
ODN
On-demand Next-hop (ODN)
BGP
• Automated SR-TE Policy
PCEP PCE S-RR
• Inter-AS & Seamless MPLS: no need
for BGP-LU (RFC3107)
• SLA-aware BGP service
PE1 P1 ABR1 ABR3 P3 PE3

PE2 P2 ABR2 ABR4 P4 PE4

area 1 area 2

• On-demand Next-hop automates and simplifies the service head end configuration
• No SR-TE config on the head end router
• No complex/explicit steering on the service head end for the service
• For example: no autoroute-announce, no static routes

• The SR Policies deployed when needed

• The learning of the service route, initiates the SR Policy, and traffic-to-SR Policy mapping
• Example of a service route: vpnv4 route

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
ODN – On-demand SR Policy
• A service head-end automatically instantiates an SR Policy
to a BGP nhop when required (on-demand), automatically
steering the BGP traffic into this SR Policy
• Color community is used as SLA indicator
• Reminder: an SR policy is defined (endpoint, color)

BGP BGP Color

Next-hop Community

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
ODN Workflow
3 2
4
RD:10.5.5.1/32 RD:10.5.5.1/32
Next-hop PE2 Next-hop PE2
Next-hop PE2
VPN Label VPN Label
ext-comm (color)
Ext-comm (color) Ext-comm (color)
?
S-RR

5 1
10.5.5.1/32
Instantiate SR
Policy for P1 P2
(endpoint, color)

PE1 PE2 CE2

6
P3 BGP tags
prefixes with
Update FIB table ext comm
for 10.5.5.1/32
(color)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
ODN Gotcha’s
• Configure “ipv4 unnumbered mpls traffic-eng Loopback0”

ipv4 unnumbered mpls traffic-eng Loopback0

• T-shooting tip: make sure that there is MPLS reachability:

• Traceroute to ABR / remote PE / ASBR and make sure you see the label(s)

• ODN : less-specific met length >= 1; default-route is not good

• If SR Policy is not up: vpnv4 next-hop is not available

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
SR Policy Example at Headend

ipv4 unnumbered mpls traffic-eng Loopback0

!
route-policy ODN-profile-1
if community matches-any (100:1) then
set mpls traffic-eng attributeset attributes-profile-1
endif
pass
end-policy
!
router bgp 1
neighbor 1.1.1.10
address-family vpnv4 unicast
route-policy ODN-profile-1 in
!
segment-routing ODN SR Policies use p2p-te attribute-set
traffic-eng
attribute-set attributes-profile-1
pce
metric PCE-initiated SR Policies
type te
!

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
ODN Troubleshooting
vpn prefix

• receive vpn prefix PCE S-RR

• next-hop is PE3
• compute SR-TE path according to segment 1 segment 2 segment 3
configured attribute-set V
R
PE1 P1 ABR1 ABR3 P3 PE3 F

PE2 P2 ABR2 ABR4 P4 PE4

RP/0/0/CPU0:PE1# show mpls traffic-eng tunnels brief

TUNNEL NAME DESTINATION STATUS STATE

tunnel-te1 10.100.1.9 up up
tunnel-te2 10.100.1.3 up up
^tunnel-te2000 10.100.1.4 up up
^ = automatically created P2P/P2MP tunnel
Displayed 3 (of 3) heads, 0 (of 0) midpoints, 0 (of 0) tails
Displayed 3 up, 0 down, 0 recovering, 0 recovered heads

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Service Route
RP/0/0/CPU0:PE1# show bgp vpnv4 unicast rd 65000:4 10.2.100.4/32
…
10.100.1.4 T:attributes-profile-1 (metric 7) from 10.100.1.14 (10.100.1.4)
Received Label 24006
Origin incomplete, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 0, version 13
Extended community: RT:100:100
Originator: 10.100.1.4, Cluster list: 10.100.1.14
TE tunnel attribute-set attributes-profile-1, up, registered, binding-label 24007, if-handle 0x000000d0

service traffic is steered onto SR Policy

Recursing on the BSID of the SR Policy
RP/0/0/CPU0:PE1# show cef vrf one 10.2.100.4/32

10.2.100.4/32, version 6, internal 0x5000001 0x0 (ptr 0xa130f054) [1], 0x0 (0x0), 0x208 (0xa1547488)
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via local-label 24007, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa15b0b8c 0x0]
recursion-via-label
next hop VRF - 'default', table - 0xe0000000 Display of resolved path
next hop via 24007/0/21
next hop tt2000 labels imposed {ImplNull 24006}

next hop points to the interface service label (is VPN label here)
representing the SR Policy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
SR-TE Path
RP/0/0/CPU0:PE1# show mpls traffic-eng tunnels 2000

Name: tunnel-te2000 Destination: 10.100.1.4 Ifhandle:0xd0 (auto-tunnel for BGP default)

Signalled-Name: auto_PE1_t2000
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 10, (Segment-Routing) type dynamic pce (Basis for Setup, path weight 6)
…

Segment-Routing Path Info (PCE computed path)

Segment0[Node]: 10.100.1.9, Label: 16009 engineered path per SR-TE policy
Segment1[Node]: 10.100.1.13, Label: 16013
Segment2[Node]: 10.100.1.4, Label: 16004

RP/0/0/CPU0:PE1# traceroute vrf one 10.2.100.4 3 SR labels:

Type escape sequence to abort. 16009 ABR1 label
Tracing the route to 10.2.100.4
16013 ABR3 label
1 10.1.15.5 [MPLS: Labels 16009/16013/16004/24006 Exp 0] 69 msec 29 msec 29 msec
2 10.1.59.9 [MPLS: Labels 16013/16004/24006 Exp 0] 29 msec 29 msec 29 msec 16004 egress PE label
3 10.1.109.10 [MPLS: Labels 16013/16004/24006 Exp 0] 29 msec 29 msec 29 msec
4 10.1.113.13 [MPLS: Labels 16004/24006 Exp 0] 39 msec 29 msec 29 msec
5 10.1.138.8 [MPLS: Labels 16004/24006 Exp 0] 39 msec 39 msec 49 msec
6 10.1.48.4 39 msec * 49 msec

24006 VPN label

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Topology Independent (Ti)-LFA
LFA Recap
• Loop Free Alternate (LFA)
• Algorithm to calculate backup paths for IP (and MPLS)
• No signaling
• Link or node protection, and other tiebreakers
• Topology dependence: sometimes coverage issues
• Ti-LFA
• Algorithm, with similar tiebreakers
• Using segments to force traffic over backup path
• 100% coverage
• Protected traffic is on Post-Convergence (PC) path
• Avoiding another path move at regular convergence after failure
• Not available with LFA

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Ti-LFA Uses PC Path

No Ti-LFA:
Backup R5 Even if Remote-LFA (targeted LDP) is
Direct used with LFA
LFA Directly connected LFA is preferred over
100 100
Remote LFA (can be tweaked with tie-
breakers)
R1
10 R2 D
primary
10 10
With Ti-LFA:
Backup 10
Ti-LFA uses PC
R3 R4
Ti-LFA

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Remote LFA

No Ti-LFA:
2 PQ candidates, at equal cost from R3 PQ node closest to calculating router is
chosen
Here: 2 PQ candidates
If R5 is the PQ node: backup traffic is not
R5
10
R6
on PC

100 100 100

R4
PC R1
10 R2 D
10 100 primary

With Ti-LFA:
R3 Ti-LFA uses PC

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Topology Independent LFA (Ti-LFA)
• Must have LFA enabled!
• Must have Ti-LFA enabled

router isis 1 router ospf 1

is-type level-2-only router-id 10.100.1.1
net 49.0001.0000.0000.0001.00 fast-reroute per-prefix
address-family ipv4 unicast fast-reroute per-prefix ti-lfa enable
metric-style wide address-family ipv4 unicast
segment-routing mpls area 0
! segment-routing forwarding mpls !! On by default
interface Loopback0 segment-routing mpls
address-family ipv4 unicast interface Loopback0
prefix-sid absolute 16001 prefix-sid absolute 16001
! !
! interface GigabitEthernet0/0/0/0
interface GigabitEthernet0/0/0/0 network point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix ti-lfa

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
What is Protected?
• Prefix-SID prefix:
• Ti-LFA backup

• For non-Prefix-SID/link prefix:

• Ti-LFA backup is available (there is no Prefix label)
• Same backup segments are used for Prefix-SID
• While FRR is active, traffic for these prefixes are forwarded with labels, while
when there is no FRR active, the traffic is not labeled!

• SR policy segments are protected by Ti-LFA

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Protected/Non-Protected Adj-SID for SR-TE
• For each adjacency two Adj-SIDs can be advertised
• Adj-SID with Backup-flag = 1 (only advertised if Ti-LFA is configured)
• This adj-SID may be protected

• Adj-SID with Backup-flag = 0

• This adj-SID is not protected
• In case of failure, the traffic is switched to other converged path (no FRR)
• Example use-case: TDM based service: If a link fails then the end-to-end path must fail, higher layer provides
redundancy
segment-routing
traffic-eng
• With path-selection for SR Policy, you can select policy POLICY_1
end-point ipv4 1-.1.1.3 color 1
the SR Policy to use (if Adj-SIDs are present): candidate-paths
• Only protected Adj-SIDs preference 50
• Only unprotected Adj-SIDs dynamic mpls pce
unprotected drop traffic is path is invalid
invalidation drop

• The default is to use any Adj-SID, preferring the protected ones

• Routes pointing to a SR Policy do no have backup paths in RIB because tunnel itself has backup

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Protected/Non-Protected Adj-SID
RP/0/0/CPU0:R1# show isis database R1.00-00 verbose

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x0000001b 0x448d 950 0/0/0
Area Address: 49.0001
NLPID: 0xcc
Hostname: R1
IP Address: 10.100.1.1
Router Cap: 10.100.1.1, D:0, S:0
Segment Routing: I:1 V:0, SRGB Base: 16000 Range: 8000

Metric: 10 IS-Extended R2.00

Interface IP Address: 10.1.12.1
Neighbor IP Address: 10.1.12.2
ADJ-SID: F:0 B:1 V:1 L:1 S:0 weight:0 Adjacency-sid:28107 Different labels; one for protected,
ADJ-SID: F:0 B:0 V:1 L:1 S:0 weight:0 Adjacency-sid:28108 one for unprotected Adj-SID

RP/0/0/CPU0:R1# show isis adjacency detail

IS-IS 1 Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
R2 Gi0/0/0/0 *PtoP* Up 24 00:01:24 Yes None None
Area Address: 49.0001
Neighbor IPv4 Address: 10.1.12.2*
Different labels; one for protected, Adjacency SID: 28107
one for unprotected Adj-SID Non-FRR Adjacency SID: 28108
Topology: IPv4 Unicast

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Ti-LFA Protecting Adj-SID
RP/0/0/CPU0:PE1# show isis adjacency GigabitEthernet 0/0/0/0 detail

IS-IS 1 Level-1 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
P1 Gi0/0/0/0 *PtoP* Up 25 2d18h Yes None None
Area Address: 49.0001
Neighbor IPv4 Address: 10.1.15.5*
Adjacency SID: 24002 (protected)
Backup label stack: [16005]
Backup stack size: 1
Backup interface: Gi0/0/0/1
Backup nexthop: 10.1.12.2
Backup node address: 10.100.1.5
Non-FRR Adjacency SID: 24003
Topology: IPv4 Unicast RP/0/0/CPU0:PE1# show isis adjacency GigabitEthernet 0/0/0/0 detail

IS-IS 1 Level-1 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
P1 Gi0/0/0/0 *PtoP* Up 29 2d18h Yes None None
Area Address: 49.0001
Neighbor IPv4 Address: 10.1.15.5*
Adjacency SID: 24002 (protected)
Backup label stack: [16005]
Backup stack size: 1
Backup interface: tt2007
Backup nexthop: 0.0.0.0
Backup node address: 10.100.1.5
Case of 3 or more backup labels: Backup for TE (no backup tunnel)
Backup label stack: [ImpNull, 60004, 16012, 16005]
SR Policy is used Backup stack size: 4
Backup interface: Gi0/0/0/1
Backup nexthop: 10.1.12.2
Backup node address: 10.100.1.5
Non-FRR Adjacency SID: 24003
Topology: IPv4 Unicast
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
LFA Theory: Calculating P-Space & Q-Space

P Q
P space of Router S Q space of Router E

P-space of S and the link SE = Q-space of the E and the link

set of routers that S can reach S E SE = set of routers that can
without passing through the reach the router E without
link SE (including ECMP) passing through the link SE
PQ

PQ
Common router
P&Q

BRKRST-30009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
TI-LFA Selection Preference

• The post-convergence (PC) path is expressed

as a list of segments new

• Typically the shortest list

• Compute and express PC path in a SID-list

* Use only P and Q segments (no more PQ)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
TI-LFA Troubleshooting
• show route <prefix>
• Check for protected/backup path (!)
• “Labeled SR” must be present
• Check outgoing interfaces

• show cef <prefix>

• Check for backup path and backup SR labels

• show isis fast-reroute <prefix> detail

• Check for outgoing interface
• Check for next hop
• Check for P/Q node (single-segment) or P and Q nodes (double-segment)
• “detail” for tie-breakers

• show ospf fast-reroute topology

• show mpls forwarding
• Check for backup path in LFIB (!)

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Ti-LFA Protection Examples

10.100.1.5/32 10.100.1.9/32 10.100.1.12/32 10.100.1.6/32

10 10 10 10
PE1 P1 P5 P7 P3
Prefix-SID 5
10
10 10 10 10
10
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32

10 10 10 100
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

• Example network for the following slides

• A Prefix-SID label is used to get to PQ node (older IOS-XR code)
• A Prefix-SID label is used to get to P node
• An Adj-SID label is used to get to Q node

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
TI-LFA – 0-Segment Example
primary
10.100.1.5/32 10.100.1.9/32 10.100.1.12/32
RIB
10 10 10 10
RP/0/0/CPU0:PE1# show route 10.100.1.5/32
PE1 P1 P5 P7 P3
Routing entry for 10.100.1.5/32
Prefix-SID 5
Known via "isis 1", distance 115, metric 20, labeled SR, type level-1
backup 10 Routing Descriptor Blocks
10 10 10 10.1.15.5, from 10.100.1.5,
10 via GigabitEthernet0/0/0/0, Protected
Route metric is 20
10 10.1.12.2, from 10.100.1.5, via GigabitEthernet0/0/0/1, Backup
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
Route metric is 30
10 10 10 100
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

RP/0/0/CPU0:PE1# show isis fast-reroute 10.100.1.5/32 ISIS

L1 10.100.1.5/32 [20/115]
via 10.1.15.5, GigabitEthernet0/0/0/0, P1, SRGB Base: 16000, Weight: 0
FRR backup via 10.1.12.2, GigabitEthernet0/0/0/1, P2, SRGB Base: 16000, Weight: 0, Metric: 30

RP/0/0/CPU0:PE1# show cef 10.100.1.5/32 FIB

10.100.1.5/32, version 137, labeled SR
local adjacency 10.1.15.5
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.1.15.5/32, GigabitEthernet0/0/0/0, 10 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa16394e0 0xa16393f8]
next hop 10.1.15.5/32
local label 16005 labels imposed {ImplNull}
via 10.1.12.2/32, GigabitEthernet0/0/0/1, 10 dependencies, weight 0, class 0, backup [flags 0x300]
path-idx 1 NHID 0x0 [0xa15fd560 0x0]
next hop 10.1.12.2/32 no additional label
local adjacency
local label 16005 labels imposed {16005}
no P/Q information
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
TI-LFA – Single-Segment Example
primary 10.100.1.9/32 10.100.1.12/32

RIB 10 10 10 10
PE1 P1 P5 P7 P3
RP/0/0/CPU0:P1# show route 10.100.1.9/32
Prefix-SID 5
Routing entry for 10.100.1.9/32
Known via "isis 1", distance 115, metric 20, labeled SR, type level-110
Routing Descriptor Blocks 10 10 10 10
10.1.59.9, from 10.100.1.9, via GigabitEthernet0/0/0/1, Protected backup
Route metric is 20 10
10.1.57.7, from 10.100.1.9, via GigabitEthernet0/0/0/2, Backup (remote) 10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
Remote LFA is 10.100.1.10 P
Route metric is 0 10 10 10 100
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

RP/0/0/CPU0:P1# show isis fast-reroute 10.100.1.9/32

L1 10.100.1.9/32 [20/115]
ISIS
via 10.1.59.9, GigabitEthernet0/0/0/1, P5, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.1.57.7, GigabitEthernet0/0/0/2 P2, SRGB Base: 16000, Weight: 0 one additional label
P node: P6.00 [10.100.1.10], Label: 16010 P
Prefix label: 16009

RP/0/0/CPU0:P1# show cef 10.100.1.9/32 FIB

10.100.1.9/32, version 285, labeled SR
local adjacency 10.1.59.9
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.1.59.9/32, GigabitEthernet0/0/0/1, 13 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa15fd3f8 0xa15fd310]
next hop 10.1.59.9/32
local label 16009 labels imposed {ImplNull}
via 10.1.57.7/32, GigabitEthernet0/0/0/2, 13 dependencies, weight 0, class 0, backup (remote) [flags 0x8300]
path-idx 1 NHID 0x0 [0xa1626338 0x0]
next hop 10.1.57.7/32, P-node 10.100.1.10 PQ there is a P node
local adjacency
local label 16009 labels imposed {16010 16009}
one additional label
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
TI-LFA – Double-Segment Example
10.100.1.5/32 primary 10.100.1.12/32
RIB
10 10 10 10
RP/0/0/CPU0:P5# show route 10.100.1.12 PE1 P1 P5 P7 P3
Routing entry for 10.100.1.12/32 Prefix-SID 5
10
Known via "isis 1", distance 115, metric 20, labeled SR, type level-1
Routing Descriptor Blocks 10 10
10
10.1.129.12, from 10.100.1.12, via GigabitEthernet0/0/0/1, Protected backup 10
Route metric is 20 10
10.1.109.10, from 10.100.1.12, via GigabitEthernet0/0/0/2, Backup (remote) 10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
Remote LFA is 10.100.1.13, 10.100.1.8 P Q
Route metric is 0 10 10 10 100
No advertising protos. PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

RP/0/0/CPU0:P5# show isis fast-reroute 10.100.1.12/32 ISIS

L1 10.100.1.12/32 [20/115]
via 10.1.129.12, GigabitEthernet0/0/0/1, ABR3, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.1.109.10, GigabitEthernet0/0/0/2 ABR2, SRGB Base: 16000, Weight: 0 two additional labels
P node: P8.00 [10.100.1.13], Label: 16013 P
Q node: P4.00 [10.100.1.8], Label: 24007 Q
Prefix label: 16012 24007 is Adj-SID label P8 to P4
RP/0/0/CPU0:P5# show cef 10.100.1.12/32
10.100.1.12/32, version 501, labeled SR FIB
local adjacency 10.1.129.12
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.1.129.12/32, GigabitEthernet0/0/0/1, 15 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa1617310 0xa161729c]
next hop 10.1.129.12/32
local label 16012 labels imposed {ImplNull}
via 10.1.109.10/32, GigabitEthernet0/0/0/2, 15 dependencies, weight 0, class 0, backup (remote) [flags 0x8300]
path-idx 1 NHID 0x0 [0xa165a4a8 0x0]
next hop 10.1.109.10/32, P-node 10.100.1.13, Q-node 10.100.1.8 two additional labels
local adjacency
local label 16012 labels imposed {16013 24007 16012}
Q P
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
TI-LFA – Triple-Segment ???
10.100.1.5/32 10.100.1.9/32 10.100.1.12/32 10.100.1.6/32
Q
10 10 10 10
PE1 P1 P5 P7 P3
Prefix-SID 5
RIB 10 asymmetric
Prefix-SID 6

RP/0/0/CPU0:P5# show route 10.100.1.12/32

10 10 backup link costs 10
Routing entry for 10.100.1.12/32 10
Known via "isis 1", distance 115, metric 20, labeled SR, type level-1 100
Routing Descriptor Blocks
10
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
10.1.129.12, from 10.100.1.12, via GigabitEthernet0/0/0/1
Route metric is 20 no 10
backup path 10 10 P 100 10
Q
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

RP/0/0/CPU0:ABR1# show isis fast-reroute 10.100.1.12/32

L1 10.100.1.12/32 [20/115] ISIS
via 10.1.129.12, GigabitEthernet0/0/0/1, P7, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.1.109.10, GigabitEthernet0/0/0/2 P6, SRGB Base: 16000, Weight: 0
Backup tunnel: requested three additional labels
P node: ABR4.00 [10.100.1.13], Label: 16013 P
Q node: P4.00 [10.100.1.8], Label: 24005 Q
Q node: P3.00 [10.100.1.6], Label: 24003 Q
Prefix label: 16012
FAIL
RP/0/0/CPU0:P5# show cef 10.100.1.12/32 FIB
10.100.1.12/32, version 580, labeled SR
local adjacency 10.1.129.12
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.1.129.12/32, GigabitEthernet0/0/0/1, 10 dependencies, weight 0, class 0 [flags 0x0] no protected path
path-idx 0 NHID 0x0 [0xa165a224 0xa165a3f0]
next hop 10.1.129.12/32
local adjacency no backup path
local label 16012 labels imposed {ImplNull}

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
TI-LFA – Triple (and more)-Segment - Solution
10.100.1.5/32 10.100.1.9/32 10.100.1.12/32 10.100.1.6/32
Q
10 10 10 10
PE1 P1 P5 P7 P3
IOS-XR needs internal SR policy when 10
Prefix-SID 5
asymmetric
Prefix-SID 6

there are more than 3 P/Q nodes 10 10 backup link costs 10

10
100
10
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
P Q
10 10 10 100 10
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

ipv4 unnumbered mpls traffic-eng Loopback0 must have configuration

… for SR internal policy
segment-routing

mpls traffic-eng optional configuration

auto-tunnel p2p
tunnel-id min 1000 max 2000

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
TI-LFA – Triple-Segment
RIB 10.100.1.5/32 10.100.1.9/32 10.100.1.12/32 10.100.1.6/32
RP/0/0/CPU0:P5# show route 10.100.1.12/32 Q
Routing entry for 10.100.1.12/32 10 10 10 10
PE1 P1 P5 P7 P3
Known via "isis 1", distance 115, metric 20, labeled SR, type level-1 Prefix-SID 5
Routing Descriptor Blocks Prefix-SID 6
10 asymmetric
10.1.129.12, from 10.100.1.12, via GigabitEthernet0/0/0/1, Protected 10
Route metric is 20 10 10 10 backup link costs
directly connected, via tunnel-te2002, Backup (Local-LFA) 100
Route metric is 240 10
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
No advertising protos.
P Q
10 10 10 100 10
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

RP/0/0/CPU0:P5# show isis fast-reroute 10.100.1.12/32

L1 10.100.1.12/32 [20/115]
via 10.1.129.12, GigabitEthernet0/0/0/1, P7, SRGB Base: 16000, Weight: 0 ISIS
Backup path: TI-LFA (link), via 10.1.109.10, GigabitEthernet0/0/0/2 P6, SRGB Base: 16000, Weight: 0
Backup tunnel: tunnel-te2002 three additional labels
P node: P8.00 [10.100.1.13], Label: 16013 P
Q node: P4.00 [10.100.1.8], Label: 24005 Q
Q node: P3.00 [10.100.1.6], Label: 24003 Q
Prefix label: 16012
RP/0/0/CPU0:P5# show cef 10.100.1.12/32 FIB
10.100.1.12/32, version 2915
local adjacency 10.1.129.12
Prefix Len 32, traffic index 0, precedence n/a, priority 15
via 10.1.129.12/32, GigabitEthernet0/0/0/1, 9 dependencies, weight 0, class 0, protected [flags 0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa1620f9c 0xa1620f28]
next hop 10.1.129.12/32
local label 24027 labels imposed {ImplNull}
via 0.0.0.0/32, tunnel-te2002, 9 dependencies, weight 0, class 0, backup (Local-LFA) [flags 0x300] internal SR policy
path-idx 1 NHID 0x0 [0xa15fd788 0x0]
next hop 0.0.0.0/32
local adjacency
local label 24027 labels imposed {16012}
77
TI-LFA – Triple-Segment
10.100.1.5/32 10.100.1.9/32 10.100.1.12/32 10.100.1.6/32
Q
10 10 10 10
PE1 P1 P5 P7 P3
Prefix-SID 5
Prefix-SID 6
10 asymmetric
10 10 backup link costs 10
10
100
10
10.100.1.10/32 10.100.1.13/32 10.100.1.8/32
P Q
10 10 10 100 10
PE2 P2 P6 P8 P4
Prefix-SID 7 Prefix-SID 10 Prefix-SID 13 Prefix-SID 8

SR Policy
RP/0/0/CPU0:P5# show mpls traffic-eng tunnels 2002

Name: tunnel-te2002 Destination: 0.0.0.0 Ifhandle:0xd0 (auto-tunnel for ISIS 1)

Signalled-Name: auto_P5_t2002
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 10, (verbatim Segment-Routing) type explicit (_te2002) (Basis for Setup)
G-PID: 0x0800 (derived from egress interface properties)

Segment-Routing Path Info (IGP information is not used)

Segment0[First Hop]: 10.1.109.10, Label: -
Segment1[ - ]: Label: 16013 P
Segment2[ - ]: Label: 24005 Q
Segment3[ - ]: Label: 24003 Q

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Microloop Avoidance
Microloop Avoidance
• Microloops =
• Traffic moved to PC paths can suffer from microloops
• Microloops are the result of difference of convergence on different routers
• If faster converged router send traffic to not-yet converged router, the result
is a microloop until slower router has converged

10
R2 R3
10 10
10
R1 10 R4 R9
30
40
R5 R6

microloop

Fast Slower
convergence convergence
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Microloop Avoidance: Old and New
• Before Ti-LFA
• Microloop avoidance
• Only for local link-down event
• Microloop avoidance = “use backup path in case of local link-down” + “transition to
PC with a delay”
• Does not address all microloops
• Enabled automatically when Remote LFA is enabled (not needed when directly
connected LFA is available)

• New microloop avoidance no extra SPF needed

• Local and remote – link-down and link-up events
• Still backup for local link-down events
• No backup for local link-up and remote events
• Remote events
• Backup for remote events is not wanted/possible
• At time of learning remote event: compute forced SR path (using SR segments) Stage 1
over new PC
• Regular convergence (same path as stage 1) Stage 2
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Microloop Avoidance - Old
• Only for local link-down event
• Microloop avoidance = “use backup path in case of local link-down” + “transition to PC with a delay”

10
R2 R3
10 10
No directly connected LFA 1
10
R1 2 R4 R7
Only Remote LFA 10 30
3 40
R5 R6
microloop 10 50
avoided

30
R10 R11

Pre-failure: labels {16}, OIF 1

Post failure: labels {19, 200}, OIF 3, non-PC path, encapsulate to PQ node
Post failure, after convergence: labels {17}, OIF 2, PC path

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Microloop Avoidance - New Remote link-down event
* Includes link cost increase
• Local and remote – link-down and link-up events
• Microloop avoidance = {
• Stage 1: At time of learning remote event: compute forced SR path over new PC
• Stage 2: Regular convergence (same path as stage 1) }
16007
Prefix-SID R6 10
16006 R2 R3
28097 Adj-SID R6-R4 10 10
1 near
16007 10
Prefix-SID R7 R1 2 R4 R7
10 30
3 40 far
microloop 16006 R5 R6 16007
avoided 10
28097 28097 50
16007
16007 16007
30
R10 R11

Pre-failure: labels {16007}, OIF 1

Post failure – stage 1: labels {16006, 28097, 16007}, OIF 2, PC path (forced) Stage 1
Post failure – stage 2: labels {16007}, OIF 2, PC path OIF/path did not change
Stage 2

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Microloop Avoidance - New Remote link-up event
* Includes link cost decrease
• Local and remote – link-down and link-up events
• Microloop avoidance = {
• Stage 1: At time of learning remote event: compute forced SR path over new PC
• Stage 2: Regular convergence (same path as stage 1) }
28098
16003 16007
Prefix-SID R3 16007
16003 28098
microloop 10
28098 Adj-SID R3-R4 avoided 16007 16007
R2 R3
16007 10 10
Prefix-SID R7 1 near
10
R1 2 R4 R7
10 30
3 40 far
R5 R6
10 50
16007

30
R10 R11

Pre-failure: labels {16007}, OIF 2

Post failure – stage 1: labels {16003, 28098, 16007}, OIF 1, PC path (forced) Stage 1
Post failure – stage 2: labels {16007}, OIF 1, PC path OIF/path did not change
Stage 2
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Microloop Avoidance CLI
• Old CLI ‘protected’ only for non-SR microloop avoidance
microloop avoidance [protected] ‘protected’ = microloop avoidance only applies to prefixes with a
valid backup path
either local or SR microloop avoidance is enabled
• New CLI
microloop avoidance segment-routing

• Existing command for RIB update delay is used for both local and SR
microloop avoidance feature
microloop avoidance rib-update-delay <delay> Default 5 seconds

o local microloop : the time to keep the traffic on a backup-path

o SR microloop : the time to enforce the traffic on a PC path

ipv4 unnumbered mpls traffic-eng Loopback0 must have automatic instantiation of SR

policies enabled for stage 1
mpls traffic-eng
auto-tunnel p2p
tunnel-id min 1000 max 1999 optional
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Microloop Avoidance
RP/0/0/CPU0:R1# show isis

IS-IS Router: 1
System Id: 0000.0000.0001
Most recent startup mode: Cold Restart
Topologies supported by IS-IS:
IPv4 Unicast
Wait for RIB redistribution complete
Level-2
Metric style (generate/accept): Wide/Wide
Metric: 10
ISPF status: Disabled
Microloop avoidance: Enabled
Configuration: Type: Segment routing, RIB update delay: 60000 msec
State: Active, Duration: 4129 ms, Event Link down, Near: R3.00 Far: R4.00
No protocols redistributed

shows near and far router

RP/0/0/CPU0:R1# show isis spf-log
…
16:22:32.323 FSPF 0 7 2 R3.00-00 LINKBAD PREFIXBAD
…
16:28:24.729 FSPF 0 7 2 R3.00-00 LINKGOOD PREFIX

RP/0/0/CPU0:R1# show isis spf-log detail | include SR uloop

SR uloop: Link Down

SR uloop: No
SR uloop: Link Up

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Microloop Avoidance Active
RP/0/0/CPU0:R1# show cef 10.100.1.7

10.100.1.7/32, version 1773, labeled SR, …

Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 0.0.0.0/32, tunnel-te1004, 9 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xa1641364 0x0]
next hop 0.0.0.0/32
local adjacency
local label 16007 labels imposed {16007} Original (destination) label

RP/0/0/CPU0:R1# show mpls traffic tunnel 1004

Name: tunnel-te1004 Destination: 10.100.1.4 Ifhandle:0x570 (auto-tunnel for OSPF 1)

Signalled-Name: auto_R1_t1004
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, (verbatim Segment-Routing) type explicit (_te1004) (Basis for Setup)

Segment-Routing Path Info (IGP information is not used)

Segment0[First Hop]: 10.1.12.2, Label: -
Segment1[ - ]: Label: 16003 SR added stack for near/far router
Segment2[ - ]: Label: 28098

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Microloop Avoidance Debug
debug isis segment-routing microloop-avoidance (detail)

isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Uloop ON, start evaluation
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Evaluate added link R3.00-R4 (metric 10)
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Unusable R4.00: participant Y overloaded N metric 4294967295 link N
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Unusable link R3.00-R4.00. Event Up
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Evaluated added link R3.00-R4. NULL-NULL-NULL. Links 0 (metric 0)

…
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: SPF starts with SR ULOOP. Link R3.00-R4.00, UP
…
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: Node R4.00 is p2p far end. Add P/Q nodes R3.00/R4.00
…
te_control[1049]: %ROUTING-MPLS_TE-5-LSP_UPDOWN : tunnel-te1010 (signalled-name: auto_R1_t1010, LSP Id: 2) state changed to up
isis[1010]: IPv4 Unicast SR-ULOOP PFX 10.100.1.4/32: 1 path(s) updated with tt1010. Pfx downloadble
isis[1010]: IPv4 Unicast SR-ULOOP PFX 10.100.1.7/32: 1 path(s) updated with tt1010. Pfx downloadble
…

isis[1010]: IPv4 Unicast SR-ULOOP PFX 10.100.1.7/32: Download explicit paths

isis[1010]: IPv4 Unicast SR-ULOOP PFX 10.100.1.4/32: Download explicit paths
…
isis[1010]: Standard (IPv4 Unicast) L2 FSPF SR-ULOOP: SPF starts without SR ULOOP
…

TED = IGP Topology + TE link attributes + SIDs + SRGB

TED 3 4 5
IGP,
BGP-LS, ...
• PCE learns directly by participating in IGP 1 2 6 10
or from BGP-LS 7 8 9

LSP DB3 4 5 PCEP,

• PCE needed for inter-area, inter-AS
BGP-LS, ...
• Head end needs topology of all area’s, 1 2 6 10

domains Stateful 7 8 9
PCE

• PCCs need IP connectivity to PCE(s) programming of

• Important when doing inter-area/inter-AS SR Policy on PCEP
• It’s about getting all of the needed topology up to the PCE head end router
3 4 5
• BGP-LS local vs remote
• Local = distribute IGP-LS info into BGP on PCE
• Remote = PCE has BGP-LS real-time feeds from key routers (usually 1 2 6 10
RRs) in each area/AS/domain
7 8 9
• SR and MPLS traffic engineering must be
enabled on all intermediate routers!
• No RSVP!
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
PCEP

TED 3 4 5
IGP,
BGP-LS, ...
1 2 6 10

7 8 9

LSP DB3 4 5 PCEP,

1 PCRequest BGP-LS, ...
1 2 6 10

Requesting Stateful 7 8 9

End points constraints:

PCE
PCReply
BW 2 providing
Metric (IGP, TE, hop count)
ERO (list of segments)
Affinities
No-path
Priorities
3 4 5
metric
RRO
1 2 6 10
…

7 8 9

DC A1 METRO A WAN METRO B DCB2

DCI1 AGG1 AGG2 DCI2 Spine ToR vPE2
vPE1 ToR Spine SR LSR LSR LSR
17001 16001
SR

16003 18001
PCE PCE SR
SR
PCE

20002 20001
PCE

20001 20002 20003 17002 16002 18002 20003

17901 16901 16902 18901

DCI11 AGG11 AGG12 DCI21

17011
SR

18011
PCE SR SR

16011
SR
PCE
16013
PCE PCE

17901 16901 16902 18901

• XTC not to be considered as a single “god” box: fundamentally distributed

• XTC is closer to RR
• Different vPE’s can use different pairs of XTC’s
• XTC preference can either be based on proximity or service

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
XTC/PCE
pce
address ipv4 10.100.1.11
Local LS There is no need for
router ospf 1 BGP-LS sessions
distribute link-state instance-id 33

XTC (XR Transport Controller)

is IOS-XR router controller!
pce
address ipv4 10.100.1.11
Remote LS: through BGP-LS peering
router ospf 1
distribute link-state instance-id 33
Instance-id needed for multi-domain (one
router bgp 65000 instance-id per domain)
address-family ipv4 unicast
!
address-family link-state link-state
!
neighbor 10.100.1.9 There are BGP-LS sessions
address-family link-state link-state
!
!
!

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Path Computation Client (PCC)
SR Policy on PCC
SR-TE is used
mpls traffic-eng segment-routing
pce traffic-eng
peer source ipv4 10.100.1.1 policy POLICY1
Lower precedence is end-point ipv4 1.1.1.3 color 20
peer ipv4 10.100.1.11
more preferred PCE candidate-paths
precedence 0
! preference 50
peer ipv4 10.100.1.19 dynamic mpls Path computed by PCE
precedence 10 pce
No constraints in this
! PCC does SR metric
example
segment-routing type igp
logging events peer-status PCC is stateful
stateful-client router ospf 1
router-id 10.100.1.1
segment-routing mpls
area 0
interface Loopback0
prefix-sid absolute 16001

• Intermediate router must have MPLS TE enabled, so that TE attributes are sent to PCE
• MPLS TE globally enabled and under IGP
• No RSVP!

PCE's peer database: PCE's peer database:

-------------------- --------------------
Peer address: 10.100.1.1 Peer address: 10.100.1.1
State: Up State: Up
Capabilities: Stateful, Segment-Routing, Update Capabilities: Stateful, Segment-Routing, Update
PCEP has been up for: 02:06:56
Peer address: 10.100.1.9 PCEP session ID: local 0, remote 0
State: Up Sending KA every 30 seconds
Capabilities: Stateful, Segment-Routing, Update Minimum acceptable KA interval: 20 seconds
Peer timeout after 120 seconds
Peer address: 10.100.1.12 Statistics:
State: Up Keepalive messages: rx 2 tx 2
Capabilities: Stateful, Segment-Routing, Update Request messages: rx 810 tx 0
Reply messages: rx 0 tx 810
Error messages: rx 0 tx 0
Open messages: rx 1 tx 1
Report messages: rx 5 tx 0
Update messages: rx 0 tx 0
Initiate messages: rx 0 tx 0
Last PCError:
Received: None
Sent: None

Peer address: 10.100.1.9

…

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
PCEP Session Verification - PCC
RP/0/0/CPU0:PE1# show mpls traffic-eng pce peer RP/0/0/CPU0:PE1# show mpls traffic-eng pce peer ipv4 10.100.1.11

Address Precedence State Learned From PCE Address 10.100.1.11

--------------- ------------ ------------ -------------------- State Up
10.100.1.11 0 Up Static config PCEP has been up for: 01:58:58
10.100.1.12 10 TCP Pending Static config Precedence 0
Learned through:
Static Config
Sending KA every 30 s
Time out peer if no KA received for 120 s
Tolerance: Minimum KA 10 s

Stateful
Update capability
Notice the difference in command
Segment Routing capability
for checking the peering if done on
PCE or PCC! KA messages rxed 2 txed 2
PCEReq messages rxed 0, txed 761
PCERep messages rxed 761, txed 0
PCEErr messages rxed 0, txed 0
Last error received: None
Last error sent: None
PCE OPEN messages: rxed 1, txed 1
PCERpt messages rxed 0, txed 5
PCEUpd messages rxed 0, txed 0
PCEInit messages rxed 0, txed 0
PCEP session ID: local 0, remote 0

Average reply time from peer: 14 ms

Minimum reply time from peer: 9 ms
Maximum reply time from peer: 2169 ms
0 requests timed out with this peer
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Verify Topology on PCE
RP/0/0/CPU0: PCE# show pce ipv4 topology ospf summary

PCE's topology database summary: Verify presence of all:

-------------------------------- • Nodes
Showing summary data for OSPF
• Prefix-SIDs
Topology nodes: 6 • Adj-SIDs
Prefixes: 5
Prefix SIDs: 5
Links: 16
Adjacency SIDs: 30
Check the session status
and # of prefixes

RP/0/0/CPU0:PCE# show bgp link-state link-state summary

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Speaker 332 332 332 332 332 0
If BGP is used: verify sessions
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.100.1.9 0 65000 92 75 332 0 0 00:17:16 164
10.100.1.10 0 65000 89 54 332 0 0 00:11:25 164
10.100.1.12 0 65000 89 54 332 0 0 00:11:23 164
10.100.1.13 0 65000 73 4 332 0 0 00:00:08 164

Link[2]: local address 10.1.113.10, remote address 10.1.113.13

Local node:
OSPF router ID: 10.100.1.10 area ID: 0
Remote node: Nodes/links/IP addresses should be in
OSPF router ID: 10.100.1.13 area ID: 0 IPv4 topology on PCE
Metric: IGP 1, TE 1
Bandwidth: Total link 125000000, Reservable 0
Adj SID: 24002 (protected) 24003 (unprotected)
Excluded from CSPF: no
PCE learns this from BGP-LS sessions

..
Link[0]: local address 10.1.123.12, remote address 10.1.123.13
Local node:
OSPF router ID: 10.100.1.12 area ID: 0
Remote node:
OSPF router ID: 10.100.1.13 area ID: 0
Metric: IGP 1, TE 1
Bandwidth: Total link 125000000, Reservable 0
Adj SID: 24002 (protected) 24003 (unprotected)
Excluded from CSPF: no

pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5770 CSPF Path Request. lsp-name: PE1_t2, type:

SR-TE , src: 10.100.1.1 , dst: 10.100.1.3, SP:0, Protected
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.17.1---10.1.17.7
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.12.1---10.1.12.2
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.15.1---10.1.15.5
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.107.7---10.1.107.10
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.59.5---10.1.59.9
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.113.10---10.1.113.13
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.119.9---10.1.119.11
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.129.9---10.1.129.12
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.138.13---10.1.138.8
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.124.12---10.1.124.14
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.126.12---10.1.126.6
pce_server[1114]: DBG-CSPF:dijkstra_dest:2039 Link 10.1.48.8---10.1.48.4
pce_server[1114]: DBG-Error:shortest_single_path:4300 No path found.
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5851 Computation Status: No path found
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5876 No Path Found

debug pce error

RP/0/0/CPU0:PCE# show bgp link-state link-state

BGP router identifier 10.100.1.11, local AS number 65000

BGP ID (0 if
Status codes: s suppressed, not
d damped,
running h history, * valid, > best
OSPF i - internal,
ASN r BGP)
RIB-failure, area-id
S stale, N Nexthop-discard
router-id
Origin codes:
Node information i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, T IP reacheable route, u/U unknown
I Identifier, N local node, R remote node, L link, P prefix
L1/L2 ISIS level-1/level-2, O OSPF, D direct, S static/peer-node
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n nbr-address, o OSPF Route-type, p IP-prefix
d designated router address Link between neighbors 10.100.1.10
Network Next Hop Metric LocPrf Weight Path and 10.100.1.13 (link IP addresses:
10.1.113.10 and 10.1.113.13)
*>i[V][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.2][r10.100.1.6]]/376
10.100.1.12 100 0 i
i 10.100.1.13 100 0 i

*>i[E][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.0][r10.100.1.10]][R[c65000][b0.0.0.0]
[a0.0.0.0][r10.100.1.13]][L[i10.1.113.10][n10.1.113.13]]/792
10.100.1.9 100 0 i
* i 10.100.1.10 100 0 i
* i 10.100.1.12 100 0 i
* i 10.100.1.13 100 0 i
Link information

RP/0/0/CPU0:PCE# show bgp link-state link-state

BGP router identifier 10.100.1.11, local AS number 65000

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, BGP ID (0 if
r RIB-failure, S stale, N Nexthop-discard
not running
Origin codes: i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, BGP)
IP reachable T IP reacheable route, u/U unknown
route OSPF
I Identifier, N local node,area-id
R remote
1 node, L link, P prefix Prefix 10.100.1.6/32
router-id
L1/L2 ISIS
ASN level-1/level-2, O OSPF, D direct, S static/peer-node
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n nbr-address, o OSPF Route-type, p IP-prefix
d designated router address
Network Next Hop Metric LocPrf Weight Path

*>i[T][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.1][r10.100.1.9]][P[o0x02][p10.100.1.6/32]]/488
10.100.1.9 100 0 i
* i 10.100.1.10 100 0 i

OSPF route type 2

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
BGP LS: Node in Detail
RP/0/0/CPU0:PCE# show bgp link-state link-state [V][O][I0x0][N[c65000][b0.0.0.0$
BGP routing table entry for [V][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.2][r10.100.1.6]]/376
Versions:
Process bRIB/RIB SendTblVer
Speaker 234 234 RP/0/0/CPU0:ABR4# show ospf database opaque-area
Paths: (2 available, best #1) adv 10.100.1.10
Not advertised to any peer …
Path #1: Received by speaker 0 LS age: 79
Not advertised to any peer Options: (No TOS-capability, DC)
Local LS Type: Opaque Area Link
10.100.1.12 (metric 3) from 10.100.1.12 (10.100.1.12) Link State ID: 4.0.0.0
Origin IGP, localpref 100, valid, internal, best, group-best Opaque Type: 4
Received Path ID 0, Local Path ID 0, version 234 Opaque ID: 0
Link-state: Local TE Router-ID: 10.100.1.6, SRGB: 16000:8000 Advertising Router: 10.100.1.6
SR-ALG: 0 SR-ALG: 1 …

Router Information TLV: Length: 4

Capabilities:
Graceful Restart Helper Capable
Stub Router Capable
Traffic Engineering enabled area
SR-ALG: 1 SRGB: 16000 (+8000) All capability bits: 0x70000000

Segment Routing Algorithm TLV: Length: 2

Algorithm: 0
Algorithm: 1

Segment Routing Range TLV: Length: 12

Range Size: 8000

SID sub-TLV: Length 3

Label: 16000

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
BGP LS: Link in Detail
RP/0/0/CPU0:PCE# show bgp link-state link-state [E][O][I0x0][N[c65000][b0.0.0.0$ RP/0/0/CPU0:ABR4#show ospf database
BGP routing table entry for opaque-area adv 10.100.1.10
[E][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.0][r10.100.1.10]][R[c65000][b0.0.0.0][a0.0.0.0][ …
r10.100.1.13]][L[i10.1.113.10][n10.1.113.13]]/792 LS age: 1921
Versions: Options: (No TOS-capability, DC)
Process bRIB/RIB SendTblVer LS Type: Opaque Area Link
Speaker 256 256 Link State ID: 8.0.0.3
Paths: (4 available, best #1) Opaque Type: 8
Not advertised to any peer Opaque ID: 3
Path #1: Received by speaker 0 Advertising Router: 10.100.1.10
Not advertised to any peer LS Seq Number: 80000003
Local Checksum: 0x4d68
10.100.1.9 (metric 2) from 10.100.1.9 (10.100.1.9) Length: 68
Origin IGP, localpref 100, valid, internal, best, group-best
Received Path ID 0, Local Path ID 0, version 256 Extended Link TLV: Length: 44
Link-state: Local TE Router-ID: 10.100.1.10, admin-group: 0x00000000 Link-type : 1
max-link-bw (kbits/sec): 1000000, max-reserv-link-bw (kbits/sec): 0 Link ID : 10.100.1.13
max-unreserv-link-bw (kbits/sec): 0 0 0 0 0 0 0 0, Link Data : 10.1.113.10
TE-default-metric: 1 metric: 1, ADJ-SID: 24002(e0) ,
ADJ-SID: 24003(60) Adj sub-TLV: Length: 7
Flags : 0xe0
MTID : 0
Weight : 0
Label : 24002

Adj sub-TLV: Length: 7

Adj-SID: 24003 Adj-SID: 24002 Flags : 0x60
MTID : 0
Weight : 0
Label : 24003
Adj-SID flags in hex
Remote If Address sub-TLV: Length: 4
Neighbor Address: 10.1.113.13

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
BGP LS: Prefix in Detail
RP/0/0/CPU0:PCE# show bgp link-state link-state [T][O][I0x0][N[c65000][b0.0.0.0$
BGP routing table entry for
[T][O][I0x0][N[c65000][b0.0.0.0][a0.0.0.1][r10.100.1.10]][P[o0x02][p10.100.1.6/32]]/488
Versions:
Process bRIB/RIB SendTblVer
Speaker 84 84
Last Modified: Nov 14 16:04:31.364 for 00:30:18 RP/0/0/CPU0:ABR4#show ospf database opaque-
Paths: (2 available, best #1) area adv 10.100.1.10
Not advertised to any peer …
Path #1: Received by speaker 0 LS age: 79
Options: (No TOS-capability, DC)
Not advertised to any peer LS Type: Opaque Area Link
Local Link State ID: 7.0.0.1
10.100.1.9 (metric 2) from 10.100.1.9 (10.100.1.9) Opaque Type: 7
Origin IGP, localpref 100, valid, internal, best, group-best Opaque ID: 1
Received Path ID 0, Local Path ID 0, version 84 Advertising Router: 10.100.1.6
Link-state: Metric: 4, PFX-SID: 6(40/0) LS Seq Number: 80000003
Checksum: 0x2c80
Length: 44

Extended Prefix TLV: Length: 20

Route-type: 1
AF : 0
Flags : 0x40
Prefix-SID: index 6 Prefix : 10.100.1.6/32

SID sub-TLV: Length: 8

Flags : 0x0
MTID : 0
Algo : 0
SID Index : 6

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Reachability of Tail End Router
• A non-default route (0.0.0.0/0) is needed on the head end router for the tail end
router
• Only an issue for inter-area and inter-AS
• Service routes (BGP) need the next hop address to be reachable
• If the next hop address is not reachable, the initiated SR-TE policy is not up
• T-shooting tip: make sure that there is MPLS reachability:
• Traceroute to ABR / remote PE / ASBR
• Verify the labels
• Depends on the network design if all labels/next-hop addresses can be seen (e.g. Seamless MPLS)
• less-specific with length >= 1; default-route is not good
• If SR Policy is not up: vpnv4 next-hop is not available

router static You can configure a static

debug mpls traffic-eng pce path

te_control[1049]: DBG-PCE-PATH[10]: pce_enqueue_path_req_msg:11906: Transmit Req: src 10.100.1.1 dst

10.100.1.9 req_id 38
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:4793: Received RP object
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:4820: Req-ID = 26
te_control[1049]: DBG-PCE-PATH[10]: pce_process_rp_object_tlv:4403: Request has an Path-setup-type TLV Path-
setup-type value: Segment-routing
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:4756: Received Nopath object
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:4772: NOI = 0 C = 0 flags = 0
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:5064: Number of received ERO = 0 from peer
10.100.1.11
te_control[1049]: DBG-PCE-PATH[10]: te_pce_get_out_req_entry:546: out_req_id = 38
te_control[1049]: DBG-PCE-PATH[10]: pce_process_path_reply_msg:5112: Req: path_setup_type: Segment-routing,
src = 10.100.1.1 dst = 10.100.1.9, sender = 0.0.0.0, oID = 38 iID = 37 pcc_req yes

pce_server[1114]: DBG-CSPF:pce_process_path_request:502 Path Request: Compute SR-TE path from 10.100.1.1 to

10.100.1.9
pce_server[1114]: DBG-CSPF:pce_get_sr_te_path:1511 SR Path Computation using Optimized CSPF: association (type
0, id 0, sub-id 0)
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5770 CSPF Path Request. lsp-name: PE1_t1, type: SR-TE ,
src: 10.100.1.1 , dst: 10.100.1.9, SP:0, Protected
pce_server[1114]: DBG-CSPF:pce_cspf_get_path_from_cache:4262 Returning path from cache
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5851 Computation Status: Short Path Success
pce_server[1114]: DBG-CSPF:pce_cspf_srpath_to_listpath:5465 Node not found for address 10.100.1.10
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5872 Returned Path:
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5874 Returned Path Cost = 1
pce_server[1114]: DBG-CSPF:pce_process_path_request:502 Path Request: Compute SR-TE path from 10.100.1.1 to
10.100.1.9
pce_server[1114]: DBG-CSPF:pce_get_sr_te_path:1511 SR Path Computation using Optimized CSPF: association (type
0, id 0, sub-id 0)
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5770 CSPF Path Request. lsp-name: PE1_t1, type: SR-TE ,
src: 10.100.1.1 , dst: 10.100.1.9, SP:0, Protected
pce_server[1114]: DBG-CSPF:pce_cspf_get_path_from_cache:4262 Returning path from cache
pce_server[1114]: DBG-CSPF:pce_cspf_request_path_sr:5851 Computation Status: Short Path Success
pce_server[1114]: DBG-CSPF:pce_cspf_srpath_to_listpath:5465 Node not found for address 10.100.1.10

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Inter-area SR-TE Policy PCE must have LS
RP/0/0/CPU0:PE1# show mpls traffic-eng tunnels 2 database from all area’s
Name: tunnel-te2 Destination: 10.100.1.3 Ifhandle:0x90 e.g. multi-area link from
Signalled-Name: PE1_t2
Status: ABR router to PCE
Admin: up Oper: up Path: valid Signalling: connected

path option 1, (Segment-Routing) type dynamic pce (Basis for Setup, path weight 4)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Mon Nov 14 09:43:09 2016 (00:53:34 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Protection: any (default)
Hop-limit: disabled
Cost-limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forward class: 0 (default)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
…
Segment-Routing Path Info (PCE computed path) ABR
Segment0[Node]: 10.100.1.10, Label: 16010
Segment1[Node]: 10.100.1.8, Label: 16008 P
Segment2[Link]: 10.1.38.8 - 10.1.38.3, Label: 24004 Egress PE

Name: tunnel-te2 Destination: 10.100.1.3 Ifhandle:0x90

Signalled-Name: PE1_t2
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 1, (Segment-Routing) type dynamic pce (Basis for Setup, path weight 3)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Tue Nov 15 08:01:16 2016 (04:22:58 ago)
Config Parameters: Detail keyword gives you:
…
SNMP Index: 9
Binding SID
Binding SID: 24007
History:
Tunnel has been up for: 00:03:25 (since Tue Nov 15 12:20:49 UTC 2016)
Current LSP:
Uptime: 00:03:25 (since Tue Nov 15 12:20:49 UTC 2016)
Prior LSP:
ID: 2 Path Option: 1
Removal Trigger: path tear
Current LSP Info:
Instance: 3, Signaling Area: PCE computed path
Uptime: 00:03:25 (since Tue Nov 15 12:20:49 UTC 2016)
Soft Preemption: None
SRLGs: not collected
Path Info:
Segment-Routing Path Info (PCE computed path)
Segment0[Node]: 10.100.1.10, Label: 16010 Detail keyword gives you:
Segment1[Node]: 10.100.1.3, Label: 16003 Forwarding statistics
Persistent Forwarding Statistics:
Out Bytes: 0
Out Packets: 0
Displayed 1 (of 2) heads, 0 (of 0) midpoints, 0 (of 0) tails
Displayed 1 up, 0 down, 0 recovering, 0 recovered heads

PCE's tunnel database: This command can be used on PCE for any
---------------------- source and destination and provides the path
PCC 10.100.1.1:
Filter on head end router No LSP/policy needs to be actually
Tunnel Name: PE1_t2
LSPs: requested/present!
LSP[0]:
source 10.100.1.1, destination 10.100.1.3, tunnel ID 2, LSP ID 2
State: Admin up, Operation up
Setup type: Segment Routing
Binding SID: 24009
PCEP information:
plsp-id 3, flags: D:1 S:0 R:0 A:1 O:1
Reported path:
Metric type: TE, Accumulated Metric 4
SID[0]: Node, Label 16010, Address 10.100.1.10 RP/0/0/CPU0:PCE# show pce ipv4 path source
SID[1]: Node, Label 16008, Address 10.100.1.8 10.100.1.1 destination 10.100.1.4
SID[2]: Adj, Label 24004, Address: local 10.1.38.8 remote 10.1.38.3
Computed path: Path:
Computed Time: Mon Nov 14 10:39:36 2016 (00:03:02 ago) ----:
Metric type: TE, Accumulated Metric 4 Hop0: 10.1.15.1
SID[0]: Node, Label 16010, Address 10.100.1.10 Hop1: 10.1.59.5
SID[1]: Node, Label 16008, Address 10.100.1.8 Hop2: 10.1.69.9
SID[2]: Adj, Label 24004, Address: local 10.1.38.8 remote 10.1.38.3 Hop3: 10.1.46.6

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
SR BGP EPE
Egress Peer Engineering (EPE)
• Controller instructs ingress PE to use a specific egress PE and egress peer
• External interface
• eBGP neighbor

• EPE functionality is needed only at egress PE and controller

• Controller:
• gathers topology info + EPE info (through BGP-LS)
• Compute and implement per-flow traffic steering

• Delivery:
• SR-TE (PCEP/CLI/XML)
• NetConf
• BGP-LU (RFC3017)
• …

• Ingress PE creates a lists of segments per flow, indicating intra-AS path + egress hop

neighbor 10.2.46.6 PCE

eBGP AS 65002
remote-as 65002
egress-engineering P1 ASBR1 ASBR3
address-family ipv4 unicast 192.168.1.1/32

route-policy pass in
route-policy pass out PE1 ASBR5

!
! AS 65004
P2 ASBR2 ASBR4
AS 65001
neighbor 10.100.1.7
remote-as 65003 AS 65003
ebgp-multihop 2
egress-engineering eBGP multihop
update-source Loopback0 • PeerNode SID: to eBGP Peer
address-family ipv4 unicast • MPLS Dataplane: Pop and Forward on any interface to the peer
route-policy pass in
route-policy pass out • PeerAdj SID: to eBGP Peer via interface
! • MPLS Dataplane: Pop and Forward on the related interface
!
• PeerSet SID: to set of eBGP peers
• MPLS Dataplane: Pop and Forward on any interface to the set of peers
• All the peers in a set might not be in the same AS
• Not available yet
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Egress Router & Controller
RP/0/0/CPU0:ASBR1# show bgp egress-engineering RP/0/0/CPU0:ASBR2# show bgp egress-engineering

Egress Engineering Peer Set: 10.2.47.7/32 Egress Engineering Peer Set: 10.2.56.6/32 (12632fd4)
Nexthop: 10.2.56.6
Nexthop: 10.2.47.7 Version: 2, rn_version: 2
Version: 13, rn_version: 13 Flags: 0x00000006 To ASBR3
Flags: 0x0000000a Local ASN: 65001
Local ASN: 65001 Remote ASN: 65002
Remote ASN: 65003 Local RID: 10.100.1.5
Local RID: 10.100.1.4 Remote RID: 10.100.1.6
Remote RID: 10.100.1.7 First Hop: 10.2.56.6
First Hop: 10.2.47.7
1 next hop
NHID: 2
NHID: 5 IFH: 0x60
Label: 28104, Refcount: 3 PeerAdj-SID Label: 24003, Refcount: 3
PeerAdj-SID
…
Egress Engineering Peer Set: 10.100.1.7/32 Egress Engineering Peer Set: 10.2.57.7/32 (12632f30)
Nexthop: 10.2.57.7
Nexthop: 10.100.1.7 Version: 3, rn_version: 3
Version: 11, rn_version: 13 Flags: 0x00000006
Flags: 0x00000006 Local ASN: 65001
Local ASN: 65001 Remote ASN: 65003
Remote ASN: 65003 Local RID: 10.100.1.5
Local RID: 10.100.1.4 Remote RID: 10.100.1.7
Remote RID: 10.100.1.7 multiple next hops First Hop: 10.2.57.7
First Hop: 10.2.47.7, 10.2.147.7 NHID: 1
NHID: 0, 0 IFH: 0x80
Label: 28103, Refcount: 3 PeerNode-SID Label: 24004, Refcount: 3 PeerAdj-SID

Peer-Node-SID and Peer-Adj-SID labels

are installed as local labels on ASBRs
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
EPE Example: BGP SR-TE
• Instantiate SR-TE Policy with EPE label
as last hop
best path eBGP AS 65002
• Instantiation can be done using
P1 ASBR1 ASBR3
192.168.1.1/32
CLI/XML, PCEP
• SR-TE Policy steers the traffic in the
PE1 ASBR5
local domain towards a specific egress
P2 ASBR2 ASBR4
AS 65004 node and out to a specific external peer
AS 65001
AS 65003
SR-TE Policy
!
explicit-path name PE1-ASBR2-ASBR3
index 10 next-address strict ipv4 unicast 10.100.1.3 ! P2
index 20 next-address strict ipv4 unicast 10.100.1.5 ! ASBR2
index 30 next-label 24003 PeerNode-SID label
! ASBR2 to ASBR3
interface tunnel-te1
ipv4 unnumbered Loopback0
autoroute destination 192.168.1.1
Steering traffic onto
destination 10.100.1.4 SR-TE Policy
path-option 1 explicit name PE1-ASBR2-ASBR3 segment-routing
!

P1 ASBR1 ASBR3 Routing entry for 192.168.1.1/32

192.168.1.1/32 Known via "te-client", distance 2, metric 0 (connected)
Installed Jun 22 09:09:45.088 for 4d17h
PE1 ASBR5
Routing Descriptor Blocks
directly connected, via tunnel-te1
Route metric is 0
AS 65004 No advertising protos.
P2 ASBR2 ASBR4
AS 65001
RP/0/0/CPU0:PE1# show cef 192.168.1.1/32
AS 65003 192.168.1.1/32, version 197, attached, internal 0x1000041 0x0 (ptr
0xa12cc064) [1], 0x0 (0xa12b1b48), 0xa20 (0xa151f230)
Updated Jun 22 09:09:45.108
RP/0/0/CPU0:PE1# show mpls forwarding tunnels 1 detail Prefix Len 32, traffic index 0, precedence n/a, priority 3
Tunnel Outgoing Outgoing Next Hop Bytes via tunnel-te1, 5 dependencies, weight 0, class 0 [flags 0x8]
Name Label Interface Switched path-idx 0 NHID 0x0 [0xa15d5618 0x0]
------------- ----------- ------------ --------------- ------------ local adjacency
labels imposed {None} Only impose SR Policy
tt1 (SR) 16005 Gi0/0/0/1 10.1.13.3 768
Updated: Jun 22 08:59:02.373 labels
Path Flags: 0x400 [ BKUP-IDX:1 (0x0) ]
Version: 110, Priority: 2 RP/0/0/CPU0:PE1# show mpls traffic-eng tunnels 1
Label Stack (Top -> Bottom): { 16005 24003 } …
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 1, Weight: 0 Segment-Routing Path Info (OSPF 1 area 0)
MAC/Encaps: 14/22, MTU: 1500 Segment0[Node]: 10.100.1.3, Label: 16003
Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x00000060) Segment1[Node]: 10.100.1.5, Label: 16005
Segment2[ - ]: Label: 24003

P1 ASBR1 ASBR3
192.168.1.1/32

PE1 ASBR5

AS 65004
P2 ASBR2 ASBR4
AS 65001
AS 65003

RP/0/0/CPU0:PE1# traceroute 192.168.1.1

Type escape sequence to abort.

Tracing the route to 192.168.1.1

1 10.1.13.3 [MPLS: Labels 16005/24003 Exp 0] 19 msec 9 msec 9 msec

2 10.1.35.5 [MPLS: Label 24003 Exp 0] 9 msec 0 msec 9 msec
3 10.2.56.6 9 msec 9 msec 9 msec
4 10.3.68.8 19 msec * 9 msec

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
SR Operations, Administration, and
Maintenance (OAM)
NIL-FEC
• Nil FEC (defined in RFC4379), specifies that no explicit FEC (Control Plane) is
associated with the label
• Typically used to carry labels in reserved range (explicit-null or router alert) for
diagnostic purpose
• Ping and traceroute
• But very powerful tool to check any combination of segments on any path!
• Does not carry any information to identify the intended target
• The packet may be forwarded wrongly somewhere, but still make it
• No control plane validation is performed at originator or responder

• This was an interim solution

• Can force traffic over non-least cost path

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
NIL-FEC Example User specifies:
Outgoing label stack (one or more labels)
10
Outgoing interface
R2 R3 Next-hop interface address
10 10
10
R1 R4 R7
10 1000
10 Specify outgoing interface and next hop
R5 R6

RP/0/0/CPU0:R1# trace mpls nil-fec labels 16006,28097,16007 output interface gigabitEthernet 0/0/0/1 nexthop 10.1.15.5

Tracing MPLS Label Switched Path with Nil FEC with labels [16006,28097,16007], timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface, Specify segments as list of labels in comma
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, separated list (first label is top label)
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0 28097 is adj-SID label from R6 to R4
Type escape sequence to abort.

0 10.1.15.1 MRU 1500 [Labels: 16006/28097/16007/explicit-null Exp: 0/0/0/0]

L 1 10.1.15.5 MRU 1500 [Labels: implicit-null/28097/16007/explicit-null Exp: 0/0/0/0] 10 ms
L 2 10.1.56.6 MRU 1500 [Labels: implicit-null/16007/explicit-null Exp: 0/0/0] 0 ms
L 3 10.1.46.4 MRU 1500 [Labels: implicit-null/explicit-null Exp: 0/0] 10 ms
! 4 10.1.47.7 10 ms

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
SR OAM (Work-in-Progress)
• Ping, traceroute for Prefix SIDs and Adj-SIDs for IGP
ping mpls ipv4 10.1.1.1/32
• Regular MPLS OAM works for SR traceroute mpls ipv4 10.1.1.1/32

• OAM gives you extra (above normal ping and traceroute):

• Consistency check
• Path discovery
• MPLS traffic black hole
• Path divergence detection
• Premature IP header exposition
• Can detect inconsistencies between control plane and forwarding

• OAM was expanded with SR OAM

• Only prefix-SID for now
• Only new Target FEC Stack TLV for SR is added
ping sr-mpls 10.1.1.1/32 fec-type igp <isis/ospf>
traceroute sr-mpls 10.1.1.1/32 fec-type igp <isis/ospf>
ping mpls ipv4 10.1.1.1/32 fec-type generic
traceroute mpls ipv4 10.1.1.1/32 fec-type generic
BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Debugging SR OAM
debug mpls oam packet
debug mpls oam tlv

lspv_server[1103]: [3] DBG-Pkt: : IP len:[96], hdr length:[24]

lspv_server[1103]: [3] DBG-Pkt: : IPv4 pkt rcvd, src:[10.1.17.1], dst:[127.0.0.1], ptr:[0x12277e74], size:[96]
…
lspv_server[1103]: [1] DBG-Pkt: : Echo packet received: rx interface:[0x80], src:[10.1.17.1], dst:[127.0.0.1],
lspv_server[1103]: [1] DBG-Pkt: : MPLS TTL not expired on the packet at depth 0
lspv_server[1103]: [1] DBG-Pkt: : Getting rx info
lspv_server[1103]: [1] DBG-TLV: : Echo Hdr decode: version:[1], msg type:[1], reply mode:[2],
lspv_server[1103]: [1] DBG-TLV: : return_code:[0], return_subcode:[0], sender handle:[6a1],
lspv_server[1103]: [1] DBG-TLV: : sequence number:[1],
lspv_server[1103]: [1] DBG-TLV: : timestamp sent:[DBD7F37A.5A6FE82F (09:14:34.353 UTC Thu Nov 17 2016)],
lspv_server[1103]: [1] DBG-TLV: : timestamp rcvd:[00000000.00000000 (00:00:00.000 UTC Thu Jan 1 1970)]
lspv_server[1103]: [1] DBG-TLV: : Vendor Private, tlvtype:[0xfc00], tlvlength:[0xc]
lspv_server[1103]: [1] DBG-TLV: : Cisco ext Enterprise TLV decode: size:[12]
lspv_server[1103]: [1] DBG-TLV: : type:[1], length:[4], tlv revision:[0x4]
lspv_server[1103]: [1] DBG-TLV: : Target FEC Stack, tlvtype:[0x1], tlvlength:[0xc]
lspv_server[1103]: [1] DBG-TLV: : Target FEC Stack decode
lspv_server[1103]: [1] DBG-TLV: : SR IGP IPv4 Prefix SID decode: dest_addr:[10.100.1.3/32], Protocol: OSPF
lspv_server[1103]: [1] DBG-TLV: : Echo packet decoded assuming tlv version:[4]
lspv_server[1103]: [1] DBG-TLV: : Starting TFS validation, ls_depth:[1], num tfs:[1]
lspv_server[1103]: [1] DBG-TLV: : num_implicit_null:[0], rx_info->num_labels:[0]
lspv_server[1103]: [1] DBG-TLV: : j:[0], label val:[3], rx lhdrp:[0x0], rx labels added:[0]
lspv_server[1103]: [1] DBG-TLV: : FEC Validation, fs-depth:[1], fec_status:[2], fec-rc:[0],
lspv_server[1103]: [1] DBG-TLV: : mapping retcode:[1], best_rc_old:[3], best_rc:[3]

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Key Takeaway’s
• SR is simpler to troubleshoot than LDP
• No changes in MPLS forwarding
• Ti-LFA
• Built from same fundaments as LFA
• But much better and much easier

• SR-TE is simpler than RSVP-TE

• But know what labels to expect in the label stack
• Controller
• Understand basic PCEP
• Understand BGP-LS if used

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Other Breakout Sessions and Book
• Sessions
• Introduction to Segment Routing - BRKRST-2124
• Segment Routing Migration Strategies and Case
Studies – BRKSPG-2540
• Segment Routing: Technology deep-dive and
advanced use cases - BRKRST-3122
• Multicast and Segment Routing - BRKIPM-2249

• https://www.amazon.com/dp/B01I58LSUO

BRKRST-3009 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Online.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions

BRKRST 3045
No ratings yet
BRKRST 3045
108 pages
Firewall Architectures in The Data Centre and Internet Edge
No ratings yet
Firewall Architectures in The Data Centre and Internet Edge
140 pages
Overview of Cisco GETVPN Configuration
No ratings yet
Overview of Cisco GETVPN Configuration
46 pages
LTRDCN 3077
No ratings yet
LTRDCN 3077
58 pages
BGP Troubleshooting
No ratings yet
BGP Troubleshooting
188 pages
BRKRST 2022 PDF
No ratings yet
BRKRST 2022 PDF
122 pages
BRKCRS 1452
No ratings yet
BRKCRS 1452
90 pages
Cisco SD - Wan
No ratings yet
Cisco SD - Wan
170 pages
Brkccie 9592
No ratings yet
Brkccie 9592
150 pages
350-901 Exam: Free Q&As for Cisco
100% (1)
350-901 Exam: Free Q&As for Cisco
588 pages
9780133929492
No ratings yet
9780133929492
21 pages
BRKSDN-2777 (2019)
No ratings yet
BRKSDN-2777 (2019)
152 pages
BRKRST 2096
No ratings yet
BRKRST 2096
137 pages
Data Center Networking Overview Guide
No ratings yet
Data Center Networking Overview Guide
46 pages
Segment Routing Overview
No ratings yet
Segment Routing Overview
5 pages
Assurance (10%)
No ratings yet
Assurance (10%)
85 pages
Brksec 3690
No ratings yet
Brksec 3690
134 pages
CCIE Enterprise Infrastructure Exam Topics
No ratings yet
CCIE Enterprise Infrastructure Exam Topics
8 pages
BRKNMS 2426
No ratings yet
BRKNMS 2426
99 pages
Brkaci-2000 (2018)
No ratings yet
Brkaci-2000 (2018)
59 pages
BRKCRS 2663
No ratings yet
BRKCRS 2663
88 pages
ACI Best Practice Configurations
No ratings yet
ACI Best Practice Configurations
15 pages
Devnet 2367
No ratings yet
Devnet 2367
24 pages
BRKDCN 3020
No ratings yet
BRKDCN 3020
104 pages
Cisco SD-WAN Hub & Spoke Policy Guide
No ratings yet
Cisco SD-WAN Hub & Spoke Policy Guide
34 pages
ACI MultiSite Forwarding CheatSheet
No ratings yet
ACI MultiSite Forwarding CheatSheet
2 pages
Advanced Concepts of DMVPN BRKSEC-4054
No ratings yet
Advanced Concepts of DMVPN BRKSEC-4054
120 pages
003 Routing Enarsi
No ratings yet
003 Routing Enarsi
455 pages
BGP Implementation Guide for Service Providers
No ratings yet
BGP Implementation Guide for Service Providers
189 pages
Link State Protocol - OSPF
No ratings yet
Link State Protocol - OSPF
22 pages
Preview-9781587052859 A26058227
No ratings yet
Preview-9781587052859 A26058227
49 pages
BRKSPG 2206
No ratings yet
BRKSPG 2206
89 pages
Cisco Catalyst and Nexus Campus Qos Design
No ratings yet
Cisco Catalyst and Nexus Campus Qos Design
95 pages
Understanding Cisco HSRP Configuration
No ratings yet
Understanding Cisco HSRP Configuration
28 pages
Routing-Bits Handbook SP V3: Read/Download
0% (1)
Routing-Bits Handbook SP V3: Read/Download
3 pages
BRKEWN-2016 Design and Deployment of Wireless For Branch and Remote Offices
No ratings yet
BRKEWN-2016 Design and Deployment of Wireless For Branch and Remote Offices
109 pages
BGP Troubleshoting
No ratings yet
BGP Troubleshoting
176 pages
BRKSPG 2904 ASR 9000IOS XR Hardware Architecture QOS EVC IOS XR Configuration and Troubleshooting 2014 Milan 2 Hours
No ratings yet
BRKSPG 2904 ASR 9000IOS XR Hardware Architecture QOS EVC IOS XR Configuration and Troubleshooting 2014 Milan 2 Hours
165 pages
L2VPN over Segment Routing TE Policy
No ratings yet
L2VPN over Segment Routing TE Policy
50 pages
BRKMPL 2115
No ratings yet
BRKMPL 2115
93 pages
BRKCRS 2103
No ratings yet
BRKCRS 2103
212 pages
Port Channels and LACP Configuration Guide
No ratings yet
Port Channels and LACP Configuration Guide
68 pages
BRKCRS 3810
No ratings yet
BRKCRS 3810
143 pages
Cisco Data Center Networking Guide
No ratings yet
Cisco Data Center Networking Guide
418 pages
FTD Configuration Manual
No ratings yet
FTD Configuration Manual
82 pages
Cisco Press Cisco IP Telephony Volume 1 CIPT1 Student Guide V4 1 PDF
No ratings yet
Cisco Press Cisco IP Telephony Volume 1 CIPT1 Student Guide V4 1 PDF
158 pages
Brkens 2816
No ratings yet
Brkens 2816
74 pages
Security Full Scale Labs
No ratings yet
Security Full Scale Labs
699 pages
MP BGP Vxlan Aci Demo
No ratings yet
MP BGP Vxlan Aci Demo
30 pages
Cisco ACI Microsegmentation
No ratings yet
Cisco ACI Microsegmentation
11 pages
Brkaci 1001 PDF
No ratings yet
Brkaci 1001 PDF
162 pages
7 Brkens 2821
No ratings yet
7 Brkens 2821
46 pages
NJ SDWAN - Workbook v9.0
No ratings yet
NJ SDWAN - Workbook v9.0
22 pages
VXLAN BGP-EVPN for Data Centre Networks
No ratings yet
VXLAN BGP-EVPN for Data Centre Networks
132 pages
BRKRST 3009
No ratings yet
BRKRST 3009
131 pages
BRKSPG 3624
No ratings yet
BRKSPG 3624
108 pages
BRKMPL-2177 - Empower Your Network With Segment Routing and MPLS Network Migration - SR-TE Vs MPLS-TE (2024)
No ratings yet
BRKMPL-2177 - Empower Your Network With Segment Routing and MPLS Network Migration - SR-TE Vs MPLS-TE (2024)
51 pages
Segment Routing MPLS Guide
No ratings yet
Segment Routing MPLS Guide
46 pages
BRKMPL 2135
No ratings yet
BRKMPL 2135
144 pages
Segment Routing-Cisco Live
100% (1)
Segment Routing-Cisco Live
78 pages
Ruta Estatica - Cap2
No ratings yet
Ruta Estatica - Cap2
61 pages
Mpls Enabled Applications Emerging Developments and New Technologies 3Rd Edition
No ratings yet
Mpls Enabled Applications Emerging Developments and New Technologies 3Rd Edition
2 pages
BRKRST-2315 (2019) - Definitive IS-IS
No ratings yet
BRKRST-2315 (2019) - Definitive IS-IS
178 pages
Cisco Live
No ratings yet
Cisco Live
98 pages
DNA Install Guide
No ratings yet
DNA Install Guide
128 pages
Python Basics with Handcalcs
100% (2)
Python Basics with Handcalcs
255 pages
Application Engineered Routing Overview
No ratings yet
Application Engineered Routing Overview
69 pages
Network Automation The Secret 1667693521
100% (1)
Network Automation The Secret 1667693521
105 pages
Cisco DNA-C Getting Started Implementation Readiness
No ratings yet
Cisco DNA-C Getting Started Implementation Readiness
50 pages
FPD Upgrade Guide for Cisco IOS XR
No ratings yet
FPD Upgrade Guide for Cisco IOS XR
6 pages
Huawei CloudEngine S6330 H Series Switches Brochure - 2
No ratings yet
Huawei CloudEngine S6330 H Series Switches Brochure - 2
8 pages
B Tesla-Release-2 5 8
No ratings yet
B Tesla-Release-2 5 8
42 pages
Configure IP Unicast Routing Guide
No ratings yet
Configure IP Unicast Routing Guide
26 pages
Cisco MTU Configuration Guide
No ratings yet
Cisco MTU Configuration Guide
1 page
BGP: Frequently Asked Questions
No ratings yet
BGP: Frequently Asked Questions
14 pages
Cisco BGP Protocol Guide
No ratings yet
Cisco BGP Protocol Guide
18 pages
Overview of Computer Networking Concepts
No ratings yet
Overview of Computer Networking Concepts
11 pages
03 UCCX Integration With CUCM
100% (1)
03 UCCX Integration With CUCM
24 pages
Chapter4 - Assembly & Bit Manipulation
No ratings yet
Chapter4 - Assembly & Bit Manipulation
9 pages
DSpace Backup and Import Guide
No ratings yet
DSpace Backup and Import Guide
20 pages
Websense ESGA v76 201 Student Guide
No ratings yet
Websense ESGA v76 201 Student Guide
202 pages
OPC Tunnel-AC500 Freelance
100% (1)
OPC Tunnel-AC500 Freelance
17 pages
USB and ACPI Device Identifiers
No ratings yet
USB and ACPI Device Identifiers
3 pages
Reset Root and GRUB Password Guide
No ratings yet
Reset Root and GRUB Password Guide
9 pages
Red Hat Admin: Kickstart & Grep
No ratings yet
Red Hat Admin: Kickstart & Grep
43 pages
Pegasus2 Installation Guide For Windows v1.0
No ratings yet
Pegasus2 Installation Guide For Windows v1.0
31 pages
IP DECT Installation Guide: NDA-31474 Issue 1.01
No ratings yet
IP DECT Installation Guide: NDA-31474 Issue 1.01
230 pages
Chapter - 2 Introduction To HADOOP
No ratings yet
Chapter - 2 Introduction To HADOOP
34 pages
Cost Optimization for Amazon DynamoDB
No ratings yet
Cost Optimization for Amazon DynamoDB
12 pages
MCQs on Computer Fundamentals
No ratings yet
MCQs on Computer Fundamentals
6 pages
Digital Literacy: MS Word Shortcuts
No ratings yet
Digital Literacy: MS Word Shortcuts
15 pages
Deploy Folder Redirection With Offline Files
No ratings yet
Deploy Folder Redirection With Offline Files
8 pages
Shift Register Notes
No ratings yet
Shift Register Notes
5 pages
Essential Computer Concepts Explained
No ratings yet
Essential Computer Concepts Explained
11 pages
ARM Instruction Set: Branch & Control
No ratings yet
ARM Instruction Set: Branch & Control
30 pages
Operating Systems Course Overview
No ratings yet
Operating Systems Course Overview
2 pages
Chapter - 5
No ratings yet
Chapter - 5
51 pages
CHO - Operating System - Jan-June 2023
No ratings yet
CHO - Operating System - Jan-June 2023
7 pages
Big Data Analysis: Fundamentals & Applications
No ratings yet
Big Data Analysis: Fundamentals & Applications
42 pages
Bugreport Gale - Global TP1A.220624.014 2025 08 07 20 34 59 Dumpstate - Log 24515
No ratings yet
Bugreport Gale - Global TP1A.220624.014 2025 08 07 20 34 59 Dumpstate - Log 24515
2 pages
MD5 Algorithm for Developers
No ratings yet
MD5 Algorithm for Developers
32 pages
Process Creation & Process Termination
No ratings yet
Process Creation & Process Termination
13 pages
Giddens Kizzie Offer Letter
No ratings yet
Giddens Kizzie Offer Letter
2 pages
Arduino - Wikipedia PDF
No ratings yet
Arduino - Wikipedia PDF
14 pages
How Do I Configure Active Directory Integration With The DC Agent On My Barracuda Web Filter
No ratings yet
How Do I Configure Active Directory Integration With The DC Agent On My Barracuda Web Filter
8 pages
Motherboards Tuf z270 Mark 2
No ratings yet
Motherboards Tuf z270 Mark 2
70 pages