Vinit's Tech Blog

Life has meaning as long as you keep learning.

Configuring Segment Routing on Nexus 9000

In previous post, we learnt about basic fundamentals of Segment Routing (SR), why its relevant and how to migrate from LDP to SR on XE and IOS-XR devices. In this post, we are going to focus on how to configure SR on Nexus 9000 / Nexus 9000v image. The Demo in this post is based on N9000v image but the configuration is relevant for real hardware as well.

Configuring SR on Nexus 9000 can be broken down into few simple steps:

  • Install MPLS feature-set
  • Enable MPLS feature-set
  • Enable MPLS Segment-Routing feature
  • Configure segment-routing globally and assign the Prefix-SID for the loopback
  • Enable segment-routing under IGP (OSPF / IS-IS)

For demonstration, examine the below topology:

Before beginning with SR configuration on Nexus switches, its important to note that in SR, the prefix-SIDs are index values allocated from the Segment Routing Global Block (SRGB). These indexes are exchanged via the IGP and thus every node in the network participating in SR allocates the same label. The label value allocation for the prefix-SID is simply 16000 + Index value. Will learn more about this after enabling SR in the network.

In the above topology, all the nodes are running IS-IS as IGP and each node loopback (192.168.x.x/32 where x is the node number) is allocated x as the index value. In simple words, NX-1 will have a loopback 0 with IP 192.168.1.1/32 and will be allocated prefix-SID value of 16001, similarly, NX-2 will have loopback IP 192.168.2.2/32 and will be allocated the prefix-SID value of 16002.

NX-1
install feature-set mpls
feature-set mpls
feature isis
feature mpls segment-routing

router isis SR
net 49.0000.0000.0001.00
is-type level-2
address-family ipv4 unicast
segment-routing mpls
router-id loopback0

interface loopback0
ip router isis SR

interface Ethernet1/1
isis network point-to-point
ip router isis SR

segment-routing mpls
   connected-prefix-sid-map
       address-family ipv4
           1.1.1.1/32 absolute 16001

Similarly, rest of the devices in the topology can be configured with IS-IS, SR and their respective prefix-sid-maps. As defined in IETF draft IS-IS Segment Routing Extensions, the prefix-SIDs are exchanged using the IGP (OSPF or IS-IS) extensions.

In this case, we are using TLV-135 which is exchanged with IS-IS LSP update. Looking closely at the Figure below, we can see that for the prefix 1.1.1.1/32, the SID label index is 0x00000001.

 Thus, when the IS-IS adjacency comes up, each device in the IS-IS domain knows about the prefix-SIDs in the topology and has allocated the same label based on the same SRGB block.

Note: It is recommended to have the same SRGB block across the network.

Another important configuration for making sure successful forwarding of SR labelled packets to be forwarded across the network is to have the interfaces enabled with the command "mpls ip forwarding". This command ensures that the MPLS is enabled on the interface and thus ensuring successful forwarding of labelled packets.

Once configured, we can now verify the IS-IS adjacency and SR labels.

NX-1
NX-1# show isis adjacency
IS-IS process: SR VRF: default
IS-IS adjacency database:
Legend: '!': No AF level connectivity in given topology
System ID SNPA Level State Hold Time Interface
NX-3 N/A 2 UP 00:00:23 Ethernet1/1

NX-1# show mpls switching
Legend:
(P)=Protected, (F)=FRR active, (*)=more labels in stack.

IPV4:
In-Label Out-Label FEC name Out-Interface Next-Hop
VRF default
16002 16002 2.2.2.2/32 Eth1/1 10.1.3.3
16003 Pop Label 3.3.3.3/32 Eth1/1 10.1.3.3
16004 16004 4.4.4.4/32 Eth1/1 10.1.3.3
16005 16005 5.5.5.5/32 Eth1/1 10.1.3.3
16006 16006 6.6.6.6/32 Eth1/1 10.1.3.3

ADJ_SID:
In-Label Out-Label FEC name Out-Interface Next-Hop
16 3 10.1.3.3 Eth1/1 10.1.3.3

Block Label-Range
1 16000 - 23999
NX-1# show isis segment-routing sids
SID database for ISIS-SR VRF default
SID Prefix Flags
1 1.1.1.1/32 local
2 2.2.2.2/32
3 3.3.3.3/32
4 4.4.4.4/32
5 5.5.5.5/32
6 6.6.6.6/32

As we can see from the command output of show isis segment-routing sids, the prefixes are assigned SID indexes which are added to 16000 to get the labels for prefix-SIDs. At this point, we should be able to successfully ping 6.6.6.6/32 from NX-1 loopback0 interface.

NX-1# ping 6.6.6.6 source-interface lo0
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=252 time=114.348 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=252 time=9.882 ms
64 bytes from 6.6.6.6: icmp_seq=2 ttl=252 time=20.517 ms
64 bytes from 6.6.6.6: icmp_seq=3 ttl=252 time=7.922 ms
64 bytes from 6.6.6.6: icmp_seq=4 ttl=252 time=7.969 ms
--- 6.6.6.6 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 7.922/32.127/114.348 ms

Hope this post was useful.

 

Comments are closed