Professional Documents
Culture Documents
#CLUS
Introduction
Agenda •
• Conclusion
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
MPLS in Enterprise
Networks
“A modern day network should
be flexible enough to
accommodate any service,
anytime, without any impact to
other services sharing the same
network”
- CIO of a Fortune 500 Company
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Why do we need MPLS in Enterprise Networks?
• End-to-end segmentation
• Underlay transport agnostic
• Multi-tenancy
• IP overlap during acquisition or mergers
• Link consolidation for large organizations with multiple departments
• Bridge SDA, ACI, SDWAN, Edge segments
• Customized and centralized managed services
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Who can benefit from MPLS?
• Managed service providers
• Enterprises looking for lowering transport and operational costs
• Enterprises looking for acquisition or merger
• Enterprises with various Business Units requiring segmentation
• Organizations who are co-hosting facilities at multiple places
• Organizations looking to add services without impacting other
services or any downtime
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Enterprise MPLS Use
Cases
MPLS Use Case Customer Verticals
• Transportation
• Logistics
• Financial institutions
• Energy sector
• State, Local and Education Departments
• R&D and Manufacturing industries
• Managed service providers
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
MPLS Terminology
• PE ≈ Provider Edge Router ≈ MPLS service aggregation router
• P ≈ Provider Router ≈ MPLS transit router
• CE ≈ Customer Edge Router ≈ service gateway router
• RR ≈ Route Reflectors
• LSP ≈ Labelled Switch Path
• Inter-AS Option B ≈ VRF Exchange via eBGP peer at the AS Edge
• Inter-AS Option C ≈ VRF Exchange via eBGP peer at RRs
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
MPLS between Data Centers
VRF VRF
PE P P PE
End-to-end LSP
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Branch and Data Center Service Segmentation
BGP AS 65000 LSP
BGP AS 65001
IPv4 iBGP IPv4 eBGP IPv4 iBGP
Mesh P with MPLS BGP Label + Forwarding P Mesh
PE PE
VRF VRF
PE Multi-VRF PE
WAN/SDWAN
VRF VRF
VRF VRF
Branch 1 Branch 2
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Branch and Data Center Service Resiliency
BGP AS 65000 LSP
BGP AS 65001
IPv4 iBGP IPv4 eBGP IPv4 iBGP
Mesh P with MPLS BGP Label + Forwarding P Mesh
PE PE
VRF VRF
PE Multi-VRF PE
WAN/SDWAN
VRF VRF
VRF VRF
Branch 1 Branch 2
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Link Consolidation using MPLS - Before
DC 1 DC 2
10G L2 Link
10G L3 Link
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Link Consolidation using MPLS - After
DC 1 DC 2
MPLS
Backbone
CORE CORE
Pseudowires for
L2 links
VRFs for L3VPN
10G L2 Link
10G L3 Link
100G L3 Link
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Integrating WAN, Edge
and Data Center
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Deployment Best
Practices
Pre-requisites for MPLS in Enterprise Network
• Architecture and design review
• Placement of PEs
• Placement of Route Reflectors
• MPLS capable hardware and licensing
• Layer 3 underlay
• Redundancy and transport throughput assessment
• MTU
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Key Components and steps of MPLS
• Layer 3 underlay – OSPF or ISIS preferred
• /32 loopbacks for all MPLS enabled devices
• Label Distribution Protocol (LDP)
• VRFs
• Route Distinguishers and Route Targets
• MP-BGP peers with VPNV4 address families
• End-to-end Labelled Switched Path (LSP)
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
MPLS – Troubleshooting Tips!
• End-to-end LSP is a MUST for traffic to flow. Routing might look
okay but need to verify that all packets are sent as labelled packets
• Beware of BGP’s AD
• For a packet to be sent labelled, label needs to be learned from the
routing protocol which has the destination route installed in RIB
• For BGP based MPLS forwarding, /32 route is a must on IOS-XR
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Tips on MPLS Migration
• Run the design in a lab or a simulator before migrating production
environment
• Underlay should be stable and should be passing traffic optimally
• Bring your RRs, and PEs online before migrating any production
VRFs and test end-to-end connectivity using test VRF.
• Bring on one VRF at a time on MPLS network; verify and test before
proceeding further
• For Inter-AS options C, ensure traffic is flowing optimally through
the network and RRs are not becoming transit routers.
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Questions?
Segment Routing & SDWAN
• Challenges
• Segment Routing Review
• Cisco SDWAN Review
• Anatomy of the Use Case
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Challenges
• IP/MPLS networks in enterprises is complex to deploy and manage
• Simplify traffic engineering implementation in WANs
• Traffic engineering based on application identification
• Consolidate end-to-end policy control and management instead of
hop-by-hop configuration
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Solutions
• Segment routing technology eliminates the need for LDP, simplifying the configuration
and maintenance of MPLS networks
• The SRTE technology based on SR policy replaces the traditional RSVP-TE
• Simple configuration
"SR Policy" replaces complex tunnel interfaces
• Automated steering
No complex steering
• Scalable
No core state: state in the packet header
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
The Concept and Practice of SRTE
• Segment routing basic knowledge recap
• SR Traffic Engineering based on SR Policy
• Color and endpoint definitions
• Candidate paths and preference
• Binding-SID and automated steering
• Use Case One: Basic SR policy configuration
-Anycast SID, candidate paths and preference
• Use Case Two: Constraint configuration of SR policy
-Affinity attributes and TE metrics
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
SR Overview - Basic 24001 Adj-SID label
16007 Prefix-Sid label
16099 Prefix-SID
24001 24001 Loopback0
16007 Label 16099
Segment 1 16007
CE1 PE1 P1 P2 P3 P4
16007 Prefix-SID
Loopback0
Label 16007
Prefix-SIDs are global labels
P5 P6 P7 PE2 CE2
Adj-SIDs are local labels
Segment 3 16007
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Topological path to SID-list – Example 1
• Desired topological path = 1234
16002
• SID-list = <16002, 16004> 20
1 2
• 16002 brings the packet from 1 to 2 (shortest
path from Node1 to Node2)
16004
• 16004 brings the packet from 2 to 4 via 3 4 3
(shortest path from Node2 to Node4)
Default link metric: 10
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Topological path to SID-list – Example 2
• Desired topological path = 1234 16003
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Topological path to SID-list – Example 3
• Note that the derivation of the SID-list to express a topological path only
considers IGP metric, not TE metric
• Default forwarding uses shortest IGP metric forwarding entries
• Example: shortest TE metric path is 1234
• Cumulative TE metric is 30 16003
• The IGP metric topology is the same as 1 2
Example 2 on previous slide
I:10
resulting SID-list = {16003, 30304} T:100 I:100
T:10
4 3
30304
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Anycast-SID
21 22
11 12
1 2
23 24
SID-list:
< 16111, 16003 > 3
13 14
• The explicit path on Node1 steers packets via SID-list <16111, 16003>
• The path stays on Plane1, except if both uplinks to Plane1 fail or Plane1 becomes partitioned
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
SR Traffic Engineering based on SR Policy
• An SR Policy is uniquely identified by a tuple
(head-end, color, end-point)
Head-end: where the SR Policy is instantiated (implemented)
Color: a numerical value to differentiate multiple SRTE Policies between
the same pair of nodes
End-point: the destination of the SR Policy
• At a given head-end, an
SR Policy is uniquely identified SR Policy
by a tuple (color, end-point) 2 3 4
(1, green, 4)
Head-end: 1
Color: green 1
End-point: 4
7 6 5
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Automated steering
• BGP can automatically steer traffic into an SR Policy based on BGP next-hop
and color of a route
• color of a route is specified by its color extended community attribute
• By default:
If the BGP next-hop and color of a route match the end-point and color of an
SR Policy, then BGP installs the route resolving on the BSID of the SR Policy
• end-point and color uniquely identify an SR Policy
on a given head-end
110.1.1.3/32
POL10 2 3 120.1.1.3/32
SR Policy Cpath1
Cpath2 Candidate
... Paths
Cpathn
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
SR Policy – Candidate Path
• A candidate path is a single segment list (SID-list)
or a set of weighted* SID-lists
• Typically, an SR Policy path only contains a single SID-list
• Traffic steered into an SR Policy SID-list11
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
SID-list1
Optimization
Dynamic Path
Weight1
Objective compute
Dynamic path path ...
Constraints
SID-listk
Weightk
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Explicit Path
• An explicit path is an explicitly specified SID-list or set of SID-lists
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Candidate Paths SID-list11
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Path’s source does not influence selection
SID-list11
<16003,
16004>
VALID
SR Policy Cpath1 Weight 1
( Head, Color, End ) Pref 110 SID-list12
<16004> Provided by
Weight 4 e.g. local configuration
SID-list21
VALID
Cpath2
<16004>
Pref 100
✔
SID-list31
Provided by
VALID
Cpath3 <16005,
Pref 200
16004> e.g. BGP SRTE
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Selection of a new preferred path
✔
SID-list11
<16003,
16004>
VALID
SR Policy Cpath1 Weight 1
( Head, Color, End ) Pref 110 SID-list12
<16004> Provided by
Weight 4 e.g. local configuration
SID-list21
VALID
Cpath2
<16004>
Pref 100
INVALID
SID-list31
Cpath3 <16005, Provided by
Pref 200
16004> e.g. BGP SRTE
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Active SR Policy
• An SR Policy (color, end-point) is active at a head-end as soon as
this head-end knows about a valid candidate path for this policy
• An active SR Policy installs a BSID-keyed entry in the forwarding
table with the action of steering the packets matching this entry to
the SID-list(s) of the SR Policy
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Binding-SID (BSID) of an SR Policy
• The BSID of an SR Policy is the BSID of the selected path
✔
SID-list11
Weight11
VALID
Cpath1 ...
Best Pref SID-list1m
Binding-SID1 Weight1m
SR Policy
...
Cpathn SID-listn1
Preferencen Weightn1
VALID
...
Binding-SIDn
SID-listnk
Weightnk
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Active SR Policy – FIB entry
20
2 10GE
3
SID-list:
Selected
SR Policy
Path
<16003, 1 4
16004>
BSID: 40GE
40104 6 5
Default link metric: 10
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Use Case
Basic SR policy
configuration
106 P
R5 R14
126 131
70 60 105
121 120
114
Core WAN Architecture 50 119
R2 R8 R11 R17
113
(BGP & BGP MPLS/VPN 40
over SR) 104 125
30
103
R4 R13 130
118
20 123
Router-id of Node X : 1.1.1.X R1 R10
Prefix-SID index of NodeX : X 112
Link subnet: 10.0.NET.0/24 101 111
10 R7 R16
Traffic patterns: 129
Type-1 App traffic path priorities: 1>2>3>4 3
Prefer to use red lines and avoid using blue
1 2
4
lines between R11-R14-R17
134
Type-2 App traffic path priorities: 3>4 BR1 BR2
Access PE
AS65001
Prefer to use blue lines and avoid using red
lines between R2-R5-R8 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
SRTE design for type-1 application traffic pattern
Only one SR policy needs to be configured for uplink traffic from access PE to aggregation PE in Anycast SID mode.
For downlink traffic, one SR policy with 4 candidate paths with different preferences need to be configured on the
aggregate PE router (e.g. R3, R6, R9, etc.)
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Use Case DC A DC B 137 DC C
135 136
DC11 DC12 DC21 DC22 DC31 DC32
106 P
R5 R14
126 131
70 60 105
121 120
114
Core WAN Architecture 50 119
R2 R8 R11 R17
113
(BGP & BGP MPLS/VPN 40
over SR) 104 125
30
103
R4 R13 130
118
Anycast SID 16100 20 123
(R1,R4,R7) R1 R10
112
101 111
10 R7 R16
129
1 2 3
4
Traffic patterns:
134
Type-1 App traffic path priorities: 1>2>3>4 BR1 BR2
Access PE
AS65001
Prefer to use red lines and avoid using blue
lines between R11-R14-R17 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
SR policy Configuration-uplink traffic
BGP SR policy controller
RP/0/0/CPU0:BR1#sh bgp ipv4 sr-policy [122][10][1.1.1.3]/96 {
"origin": "IGP",
BGP routing table entry for [122][10][1.1.1.3]/96 "username": "admin",
"endpoint": "1.1.1.3",
Versions: "name": "BR1-X3-N1",
Process bRIB/RIB SendTblVer "color": "10",
Speaker 36 36 "BGP_SESSION": ["BR1"],
Last Modified: Apr 15 08:10:32.604 for 09:57:18 "distinguisher": "122",
"segement_lists": [{
Paths: (1 available, best #1, not advertised to any peer) "1": [{
Not advertised to any peer "3": {
Path #1: Received by speaker 0 "node": "1.1.1.100"
Not advertised to any peer }
}, {
Local "3": {
10.75.53.20 from 10.75.53.20 (172.17.0.4) "node": "1.1.1.3"
Origin IGP, localpref 100, valid, internal, best, group-best }
Received Path ID 0, Local Path ID 0, version 36 }],
"9": 10
Community: no-advertise }],
Tunnel encap attribute type: 15 (SR policy) "as_path": [],
bsid 9001, preference 400, num of segment-lists 1 "tlv_encoding": "new",
segment-list 1, weight 10 "ADMIN_STATUS": "advertise",
"next_hop": "",
segments: {1.1.1.100} {1.1.1.3} "create_time": 1523802386.820324,
SR policy state is UP, Allocated bsid 9001 "policy_preference": "400",
"binding_sid": "9001",
"_id": {
BSID :9001 "$oid": "5ad36112c13f80000ca534d6"
},
Preference:400 "TYPE": "ipv4_sr_policy",
"local_pref": 100
Segment-list: {1.1.1.100} {1.1.1.3} }
Anycast IP: 1.1.1.100
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
SR policy Configuration-uplink traffic
Define color
RP/0/0/CPU0:BR1#sh bgp
extcommunity-set opaque c10 Status codes: s suppressed, d damped, h history, * valid, > best
10 i - internal, r RIB-failure, S stale, N Nexthop-discard
end-set Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Assign color to specific destination route *>i191.0.1.0/24 1.1.1.3 C:10 0 200 0 65100 i
route-policy sr-policy *i 1.1.1.12 C:10 100 0 65100 i
if destination in (191.0.1.0/24) then *>i191.0.2.0/24 1.1.1.6 C:20 0 200 0 65200 i
set extcommunity color c10 *>i191.0.3.0/24 1.1.1.9 C:30 0 200 0 65300 i
endif *i 1.1.1.18 100 0 65300 i
pass *>i191.0.4.0/24 1.1.1.12 C:40 0 200 0 65100 i
end-policy *i 1.1.1.3 C:40 100 0 65100 i
*>i191.0.5.0/24 1.1.1.6 C:50 100 0 65200 i
*>i191.0.6.0/24 1.1.1.18 0 200 0 65300 i
*i 1.1.1.9 C:60 100 0 65300 i
Color assignment on ingress PE
router bgp 65001 RP/0/0/CPU0:BR1#sh bgp 191.0.1.0/24
bgp router-id 1.1.1.20 Paths: (2 available, best #1)
address-family ipv4 unicast Not advertised to any peer
network 192.0.1.0/24 65100
1.1.1.3 C:10 (bsid:9001) (metric 1021) from 1.1.1.19 (1.1.1.3)
neighbor 1.1.1.19 Origin IGP, metric 0, localpref 200, valid, internal, best, group-best
remote-as 65001 Received Path ID 0, Local Path ID 0, version 402
update-source Loopback0 Community: 300:1
address-family ipv4 unicast Extended community: Color:10
route-policy sr-policy in Originator: 1.1.1.3, Cluster list: 1.1.1.19
route-policy br-comm-set out SR policy color 10, up, registered, bsid 9001
SR policy must be activated #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
SR policy Configuration- uplink traffic
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng policy detail
SR-TE policy database Enable the following command under ISIS/OSPF to feed
--------------------- the SRTE DB on the head-end:
Name: bgp_AP_16 (Color: 10, End-point: 1.1.1.3) router ospf 100
Status:
Admin: up Operational: up for 09:56:47 (since Apr 15 08:10:32.649) distribute link-state
Candidate-paths:
Preference 400:
Explicit: segment-list Autolist_16_1* (active) To confirm the next hop of destination route in the
Weight: 10, Metric Type: IGP forwarding table is the BSID you have assigned.
16100 [Prefix-SID, 1.1.1.100]
16003 [Prefix-SID, 1.1.1.3]
Attributes: RP/0/0/CPU0:BR1#sh cef 191.0.1.0/24 detail
Binding SID: 9001 .........................
Allocation mode: explicit via local-label 9001, 3 dependencies, recursive [flags 0x6000]
State: Programmed path-idx 0 NHID 0x0 [0xa160a85c 0x0]
Policy selected: yes recursion-via-label
Forward Class: 0 next hop via 9001/1/21
Distinguisher: 122
Auto-policy info: Load distribution: 0 (refcount 1)
Creator: BGP Hash OK Interface Address
IPv6 caps enable: no 0 Y bgp_AP_16 point2point
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy After the 1st link fails…….
Policy Segment Outgoing Outgoing Next Hop Bytes
Name List Label Interface Switched
------------- --------------- ----------- ------------------- --------------- ------------ Sr policy recalculates the path and
bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/2 10.0.134.2 1120 selects link #2.
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
SR policy Configuration-uplink traffic
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy
Sun Apr 15 18:13:24.311 UTC
Policy Segment Outgoing Outgoing Next Hop Bytes After the 2nd link fails…….
Name List Label Interface Switched
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/1 10.0.123.2 460 Sr policy recalculates the path and
selects link #3.
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1
1 10.0.123.2 [MPLS: Labels 16100/16003 Exp 0] 109 msec 59 msec 49 msec
2 10.0.103.1 [MPLS: Label 16003 Exp 0] 59 msec 49 msec 59 msec
3 10.0.104.2 [MPLS: Label 16003 Exp 0] 49 msec 59 msec 49 msec
4 10.0.60.1 [MPLS: Label 16003 Exp 0] 59 msec 129 msec 49 msec
5 10.0.70.2 49 msec 69 msec 59 msec 3#
6 10.0.90.2 69 msec * 59 msec
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
SR policy Configuration-downlink traffic
Configure policies
from BGP SR
policy controller
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
SR policy Configuration-downlink traffic
RP/0/0/CPU0:X3#sh segment-routing traffic-eng policy detail Name: bgp_AP_28 (Color: 70, End-point: 1.1.1.20)
SR-TE policy database Status:
--------------------- Admin: up Operational: up for 09:38:30 (since Apr 15 08:26:16.728)
Name: bgp_AP_26 (Color: 70, End-point: 1.1.1.20) Candidate-paths:
Status: Preference 200:
Admin: up Operational: up for 09:38:45 (since Apr 15 08:26:02.419) Explicit: segment-list Autolist_28_1* (active)
Candidate-paths: Weight: 10, Metric Type: IGP 3#
Preference 400: 16013 [Prefix-SID, 1.1.1.13]
Explicit: segment-list Autolist_26_1* (active) 24001 [Adjacency-SID, 10.0.123.2 - 10.0.123.1]
Weight: 10, Metric Type: IGP ………
16001 [Prefix-SID, 1.1.1.1] 1#
24000 [Adjacency-SID, 10.0.10.2 - 10.0.10.1]
……… Name: bgp_AP_29 (Color: 70, End-point: 1.1.1.20)
Status:
Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)
Candidate-paths:
Name: bgp_AP_27 (Color: 70, End-point: 1.1.1.20) Preference 100:
Status: Explicit: segment-list Autolist_29_1* (active)
Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891) Weight: 10, Metric Type: IGP
Candidate-paths: 16016 [Prefix-SID, 1.1.1.16] 4#
Preference 300: 24001 [Adjacency-SID, 10.0.129.2 - 10.0.129.1]
Explicit: segment-list Autolist_27_1* (active) 24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
Weight: 10, Metric Type: IGP
16004 [Prefix-SID, 1.1.1.4] ………
24000 [Adjacency-SID, 10.0.101.2 - 10.0.101.1] 2#
24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
………
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
SR policy Configuration-downlink traffic
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy
Policy Segment Outgoing Outgoing Next Hop Bytes
Name List Label Interface Switched
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_26 Autolist_26_1* 16001 Gi0/0/0/0 10.0.70.1 4356 1#
bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 0
bgp_AP_28 Autolist_28_1* 16013 Gi0/0/0/0 10.0.70.1 0
bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
SR policy configuration summary
• Define colors and match BGP or BGP MPLS VPN routes to specific
colors
• Define an SR policy, which can be configured locally or receive BGP
sr policy update messages through the BGP controller.
• color and endpoint
• candidate path with preference
• segment list with weight (option), segment list can be dynamic or explicit
• BSID value (option)
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Use Case
Constraint configuration
of SR policy
(Affinity attributes and TE metrics)
Use Case DC A DC B 137 DC C
135 136
DC11 DC12 DC21 DC22 DC31 DC32
106 P
R5 R14
126 131
70 60 105
121 120
114
Core WAN Architecture 50 119
R2 R8 R11 R17
113
(BGP & BGP MPLS/VPN 40
over SR) 104
30 125
103
R4 R13 130
118
20 123
R1 R10
112
101 111
10 R7 R16
129
1 2 3
4
Type-2 App traffic path priorities: 3>4
Prefer to use blue lines and avoid using red
BR1 BR2
lines between R2-R5,R2-R8 AS65001 134 Access PE
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
SRTE design for type-2 application traffic pattern
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy
SR-TE policy database Configure the SRTE metric value
--------------------- between R2-R5-R8 to be
Name: oa (Color: 40, End-point: 1.1.1.12) greater than the SRTE metric
Status: value between R11-R14-R17,
Admin: up Operational: up for 03:00:42 (since Apr 15 22:36:19.414)
Candidate-paths:
and set the affinity attribute of
Preference 400: the link between R2-R5-R8 to
Constraints: RED.
Affinity:
exclude-any:
Exclude this attribute from the
red
Dynamic (active) constraints of SR policy to make
Weight: 0, Metric Type: TE sure that the link between R2-
16014 [Prefix-SID, 1.1.1.14] R5-R8 can never be selected.
24002 [Adjacency-SID, 10.0.120.2 - 10.0.120.1]
16012 [Prefix-SID, 1.1.1.12]
Attributes:
The affinity of the link #1 and link
Binding SID: 9003 #2 of the access PE is also set
Allocation mode: explicit to RED, so that access PE will
State: Programmed exclude link #1 and #2 when
Policy selected: yes
calculating candidate path.
Forward Class: 0
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
SRTE design for type-2 application traffic pattern
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy
SR-TE policy database
---------------------
Name: oa (Color: 40, End-point: 1.1.1.12)
Status: Head-end PE calculate new SR
After shutdown the link Admin: up Operational: up for 03:06:39 (since Apr 15 22:36:19.414)
Candidate-paths: candidate path based on affinity
between R11-R14 Preference 400: constraint and TE metric
Constraints:
Affinity:
exclude-any:
red
Dynamic (active)
Weight: 0, Metric Type: TE
16017 [Prefix-SID, 1.1.1.17]
24002 [Adjacency-SID, 10.0.119.2 - 10.0.119.1]
16012 [Prefix-SID, 1.1.1.12]
………
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Use Case
Application Aware
Routing Policy
(The policy-based SDWAN (Viptela) )
Cisco SD-WAN (Viptela) Review
• Applying SDN Principles Onto The Wide Area Network
vManage
APIs
Management/
Orchestration Plane
3rd Party
vAnalytics
Automation
vBond
vSmart Controllers
Control Plane
MPLS 4G
INET
vEdge Routers
Data Plane
Cloud Data Centre Campus Branch SOHO
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Fabric Operation Walk-Through
OMP Update:
vSmart Reachability – IP Subnets, TLOCs
OMP Security – Encryption Keys
DTLS/TLS Tunnel Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update
vEdge vEdge
Transport1
TLOCs TLOCs
VPN1 VPN2 Transport2 VPN1 VPN2
BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static
Subnets Subnets
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Application Aware Routing Policy app-route-policy
_corpVPN_AppRoutePolicyVPN10
vpn-list corpVPN
app-list HTTPS sequence 41
app-family web match
app-family webmail app-list Office365
! !
app-list Office365 action
app office365 sla-class CriticalData preferred-color
! mpls
app-list YouTube backup-sla-preferred-color biz-internet
app youtube !
app youtube_hd !
! sequence 51
site-list AllBranches match
site-id 300-499 app-list YouTube
! !
site-list AllDC action
site-id 100 sla-class VoiceVideoSLA preferred-
site-id 200 color biz-internet
!
backup-sla-preferred-color mpls
!
!
policy sequence 61
sla-class BestEffort match
loss 20 app-list HTTPS
latency 200 !
! action
sla-class CriticalData sla-class BestEffort preferred-color
loss 5 biz-internet
latency 80 backup-sla-preferred-color biz-internet
apply-policy tloc-list DC-TLOCS
jitter 5 !
site-list AllBranches tloc 10.1.0.1 color mpls encap ipsec
! !
app-route-policy tloc 10.1.0.1 color biz-internet encap ipsec
sla-class VoiceVideoSLA default-action sla-class BestEffort
_corpVPN_AppRoutePolicyVPN10 tloc 10.1.0.2 color mpls encap ipsec
loss 1 !
! tloc 10.1.0.2 color biz-internet encap ipsec
latency 50
site-list AllDC tloc 10.2.0.1 color mpls encap ipsec
jitter 2 lists
app-route-policy tloc 10.2.0.1 color biz-internet encap ipsec
_corpVPN_AppRoutePolicyVPN10 tloc 10.2.0.2 color mpls encap ipsec vpn-list corpVPN
! tloc 10.2.0.2 color biz-internet encap vpn 10
ipsecCisco and/or its affiliates.
#CLUS BRKMPL-2116 © 2018 All rights reserved. Cisco Public 65
Use Case Type-3 Type-1 & Type-2
Traffic pattern:
Type-3 App traffic-engineering path selection based on DPI
TLOC Color1 over Red plane, TLOC Color2 over Blue plane
DS1 DS2
Site 100
TLOC: 1.1.1.100 Site 100
DV1 Color2 Color1 DV2 TLOC: 1.1.1.101
app1 app2
IPSEC Tunnel
Color1 Color2
R1 R4 R13 R16
BR1 BR2
Color1 Color2
Color1 Color2
Color2 Color1
BV1 BV2
vEdge Site 200 Site 200
Type-1 & Type-2 Site 200 BV1
TLOC: 1.1.1.200 TLOC: 1.1.1.200
TLOC: 1.1.1.201
BS1 BS2
Type-3 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Cisco SDWAN Key Takeaways
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Complete your online session evaluation
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Thank you
#CLUS
#CLUS