During networking field day service provider 1 there was a ton of talk about segment routing (SR) and ethernet virtual private networks (EVPN). One of the biggest questions was “how do we get there?” and while we won’t examine EVPN in this post (it’s coming in a future post don’t worry) we will look at how you can take advantage of SR while still having large portions of LDP in your network.
The team here at IP architechs works on a lot of MikroTik and whitebox gear so we’ll focus on a deployment using MikroTik and IP infusion.
MPLS and IGP setup
The first thing to accomplish is end to end reachability between the provider edge (PE) routers. MikroTik doesn’t support IS-IS so we will have to perform redistribution between the IS-IS segment and the OSPF segment as seen above.
MPLS only requires the /32s of the loopbacks for functionality so redistribution is limited to the /32 loopbacks of the PE routers.
ip prefix-list LDP-PE-LOOPBACKS seq 10 permit 100.127.2.0/24 eq 32 ! ip prefix-list SR-PE-LOOPBACKS seq 10 permit 100.127.0.0/24 eq 32 ! route-map REDIS-OSPF-TO-ISIS permit 10 match ip address prefix-list LDP-PE-LOOPBACKS ! route-map REDIS-ISIS-TO-OSPF permit 10 match ip address prefix-list SR-PE-LOOPBACKS ! router ospf 1 ospf router-id 100.127.0.2 redistribute isis IPv4-UNDERLAY route-map REDIS-ISIS-TO-OSPF network 100.126.2.0/29 area 0.0.0.0 ! router isis IPv4-UNDERLAY is-type level-1-2 metric-style wide mpls traffic-eng router-id 100.127.0.2 mpls traffic-eng level-1 mpls traffic-eng level-2 capability cspf dynamic-hostname fast-reroute ti-lfa level-1 proto ipv4 fast-reroute ti-lfa level-2 proto ipv4 net 49.0015.1001.2700.0002.00 redistribute ospf level-1-2 route-map REDIS-OSPF-TO-ISIS isis segment-routing global block 16000 23999 segment-routing mpls
ipi-1.lab.jan1.us.ipa.net#ping 100.127.2.0 source-ip 100.127.0.1 Press CTRL+C to exit PING 100.127.2.0 (100.127.2.0) from 100.127.0.1 : 56(84) bytes of data. 64 bytes from 100.127.2.0: icmp_seq=1 ttl=63 time=0.332 ms 64 bytes from 100.127.2.0: icmp_seq=2 ttl=63 time=0.304 ms
Now that we have reachability between the loopbacks we can work on signaling for exchanging labels. Since MikroTik only runs LDP we will have to “stitch” the LDP and segment routing domains together. This is done with a segment routing – LDP mapping server.
This will assign labels to the routes in the LDP label space and distribute them to through the SR domain so we can have an end to end label switched path enabling the use of MPLS services.
segment-routing mapping-server srms preference 100 prefix-sid-map address-family ipv4 100.127.2.0/32 4000 range 256 exit-ms-af exit-ms !
This will start with prefix 100.127.2.0/32 add 4000 to the segment routing global block starting point (16000 as defined) and be able to label the next 256 routes in order. i.e. 100.127.2.1/32 gets the node sid 20001. IPI-2 shows the stitching in action.
ipi-2.lab.jan1.us.ipa.net#show mpls ilm-table Codes: > - installed ILM, * - selected ILM, p - stale ILM K - CLI ILM, T - MPLS-TP, s - Stitched ILM S - SNMP, L - LDP, R - RSVP, C - CRLDP B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI P - SR Policy, U - unknown Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf /VRF Nexthop LSP-Type i> 100.127.0.2/32 1 16102 Nolabel N/A N/A 127.0.0.1 LSP_DEFAULT i> 100.127.0.1/32 2 16101 3 N/A xe48 100.126.0.1 LSP_DEFAULT B> evpn:2 7 16 Nolabel N/A N/A 127.0.0.1 LSP_DEFAULT i> 100.126.0.1/32 4 24320 3 N/A xe48 100.126.0.1 LSP_DEFAULT s i> 100.127.2.0/32 8 20000 3 N/A xe1.2 100.126.2.2 LSP_DEFAULT s L> 100.127.0.1/32 3 25600 3 N/A xe48 100.126.0.1 LSP_DEFAULT i> fe80::3e2c:99ff:fec2:2aa/128 5 24321 3 N/A xe48 fe80::3e2c:99ff:fec2:2aa LSP_DEFAULT
And on IPI-1 we can see that this doesn’t appear “stitched” as it only runs IS-IS SR and not LDP as well as IS-IS SR. Tracing the label-switched path to 100.127.2.0/32 would take us via IPI-2 which does the stitching as seen above.
ipi-1.lab.jan1.us.ipa.net#show mpls ilm-table Codes: > - installed ILM, * - selected ILM, p - stale ILM K - CLI ILM, T - MPLS-TP, s - Stitched ILM S - SNMP, L - LDP, R - RSVP, C - CRLDP B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI P - SR Policy, U - unknown Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf /VRF Nexthop LSP-Type i> 100.127.0.2/32 4 16102 3 N/A xe48 100.126.0.2 LSP_DEFAULT i> 100.127.0.1/32 1 16101 Nolabel N/A N/A 127.0.0.1 LSP_DEFAULT B> evpn:100 5 16 Nolabel N/A N/A 127.0.0.1 LSP_DEFAULT i> 100.126.0.2/32 3 24320 3 N/A xe48 100.126.0.2 LSP_DEFAULT i> 100.127.2.0/32 6 20000 20000 N/A xe48 100.126.0.2 LSP_DEFAULT B> VOICE 2 25024 Nolabel N/A VOICE N/A LSP_DEFAULT i> fe80::3e2c:99ff:fec0:aa/128 7 24321 3 N/A xe48 fe80::3e2c:99ff:fec0:aa LSP_DEFAULT
Here is what the label space looks like from the perspective of the MikroTik-1 as well.
[[email protected]] > mpls remote-bindings print Flags: X - disabled, A - active, D - dynamic # DST-ADDRESS NEXTHOP LABEL PEER 0 AD 100.127.0.1/32 100.126.2.1 25600 100.127.0.2:0 1 AD 100.127.0.2/32 100.126.2.1 impl-null 100.127.0.2:0 2 D 100.126.0.0/29 impl-null 100.127.0.2:0 3 D 100.126.2.0/29 impl-null 100.127.0.2:0
Delivering a service with an L3VPN
Now that there is an end to end label switched path a L3VPN is built between IPI-1 and MikroTik-1. A common service to put in a L3VPN is voice which is the name of the vrf above.
router bgp 65000 neighbor 100.127.2.0 remote-as 65000 neighbor 100.127.2.0 update-source lo ! address-family vpnv4 unicast neighbor 100.127.2.0 activate exit-address-family ! address-family ipv4 vrf VOICE redistribute connected exit-address-family !
/routing bgp peer add address-families=vpnv4 name=OCNOS1 nexthop-choice=force-self \ remote-address=100.127.0.1 remote-as=65000 update-source=Lo0
ipi-1.lab.jan1.us.ipa.net# ping 192.168.2.1 vrf VOICE Press CTRL+C to exit PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.577 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.287 ms 64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=0.278 ms
If it were not for the SR-LDP mapping server this functionality would not be possible. This can jumpstart your transition to segment routing.
Be sure to check back soon for more on segment routing and EVPN in the future. If you noticed there are already labels for EVPN in the ilm-table output.