BRKMPL 2116

#CLUS
MPLS, Segment Routing

and SD-WAN in
Enterprise Networks
Design & Customer Use Cases
Dhrumil Prajapati (Solutions Architect)

Min Ma (Consulting Systems Engineer)
BRKMPL-2116
#CLUS
Introduction
Agenda •
• Enterprise MPLS (Dhrumil Prajapati)

• Design and Use Cases
• Integrating WAN, Edge and DC
• Deployment Best Practices
• Q&A’s
• Segment Routing & SDWAN (Min Ma)

• Challenges
• Segment Routing Review
• Cisco SDWAN Review
• Anatomy of the Use Case
• Conclusion
#CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
MPLS in Enterprise
Networks
“A modern day network should
be flexible enough to
accommodate any service,
anytime, without any impact to
other services sharing the same
network”
- CIO of a Fortune 500 Company
Why do we need MPLS in Enterprise Networks?
• End-to-end segmentation
• Underlay transport agnostic
• Multi-tenancy
• IP overlap during acquisition or mergers
• Link consolidation for large organizations with multiple departments
• Bridge SDA, ACI, SDWAN, Edge segments
• Customized and centralized managed services
Who can benefit from MPLS?
• Managed service providers
• Enterprises looking for lowering transport and operational costs
• Enterprises looking for acquisition or merger
• Enterprises with various Business Units requiring segmentation
• Organizations who are co-hosting facilities at multiple places
• Organizations looking to add services without impacting other
services or any downtime
Enterprise MPLS Use
Cases
MPLS Use Case Customer Verticals
• Transportation
• Logistics
• Financial institutions
• Energy sector
• State, Local and Education Departments
• R&D and Manufacturing industries
• Managed service providers
MPLS Terminology
• PE ≈ Provider Edge Router ≈ MPLS service aggregation router
• P ≈ Provider Router ≈ MPLS transit router
• CE ≈ Customer Edge Router ≈ service gateway router
• RR ≈ Route Reflectors
• LSP ≈ Labelled Switch Path
• Inter-AS Option B ≈ VRF Exchange via eBGP peer at the AS Edge
• Inter-AS Option C ≈ VRF Exchange via eBGP peer at RRs
MPLS between Data Centers
BGP AS 65000 BGP AS 65001

IPv4 iBGP IPv4 eBGP IPv4 iBGP
PE Mesh P with MPLS BGP Label + Forwarding
P Mesh PE
VRF VRF
VRF VPNv4 eBGP

VRF
DC 1 DC 2
VRF VRF
LDP Label BGP Label LDP Label
PE P P PE
End-to-end LSP
Branch and Data Center Service Segmentation
BGP AS 65000 LSP
BGP AS 65001
Mesh P with MPLS BGP Label + Forwarding P Mesh
PE PE
VRF VRF
VRF VPNv4 eBGP

VRF
VRF VRF VRF VRF

VRF VRF
VRF VRF
PE Multi-VRF PE
WAN/SDWAN
VRF VRF
VRF VRF
Branch 1 Branch 2
Branch and Data Center Service Resiliency
BGP AS 65000 LSP
BGP AS 65001
Mesh P with MPLS BGP Label + Forwarding P Mesh
PE PE
VRF VRF
VRF VPNv4 eBGP

VRF
VRF VRF VRF

VRF VRF
VRF VRF
PE Multi-VRF PE
WAN/SDWAN
VRF VRF
VRF VRF
Branch 1 Branch 2
Link Consolidation using MPLS - Before
DC 1 DC 2
SAN 25% utilized SAN
CORE 25% L2 utilized CORE

45% L3 utilized
10G L2 Link
10G L3 Link
Link Consolidation using MPLS - After
DC 1 DC 2
SAN 12% L2/L3 SAN

utilized
MPLS
Backbone
CORE CORE
Pseudowires for
L2 links
VRFs for L3VPN
10G L2 Link
10G L3 Link
100G L3 Link
Integrating WAN, Edge
and Data Center
Deployment Best
Practices
Pre-requisites for MPLS in Enterprise Network
• Architecture and design review
• Placement of PEs
• Placement of Route Reflectors
• MPLS capable hardware and licensing
• Layer 3 underlay
• Redundancy and transport throughput assessment
• MTU
Key Components and steps of MPLS
• Layer 3 underlay – OSPF or ISIS preferred
• /32 loopbacks for all MPLS enabled devices
• Label Distribution Protocol (LDP)
• VRFs
• Route Distinguishers and Route Targets
• MP-BGP peers with VPNV4 address families
• End-to-end Labelled Switched Path (LSP)
MPLS – Troubleshooting Tips!
• End-to-end LSP is a MUST for traffic to flow. Routing might look
okay but need to verify that all packets are sent as labelled packets
• Beware of BGP’s AD
• For a packet to be sent labelled, label needs to be learned from the
routing protocol which has the destination route installed in RIB
• For BGP based MPLS forwarding, /32 route is a must on IOS-XR
Tips on MPLS Migration
• Run the design in a lab or a simulator before migrating production
environment
• Underlay should be stable and should be passing traffic optimally
• Bring your RRs, and PEs online before migrating any production
VRFs and test end-to-end connectivity using test VRF.
• Bring on one VRF at a time on MPLS network; verify and test before
proceeding further
• For Inter-AS options C, ensure traffic is flowing optimally through
the network and RRs are not becoming transit routers.
Questions?
Segment Routing & SDWAN
• Challenges
• Segment Routing Review
• Cisco SDWAN Review
• Anatomy of the Use Case
Challenges
• IP/MPLS networks in enterprises is complex to deploy and manage
• Simplify traffic engineering implementation in WANs
• Traffic engineering based on application identification
• Consolidate end-to-end policy control and management instead of
hop-by-hop configuration
Solutions
• Segment routing technology eliminates the need for LDP, simplifying the configuration
and maintenance of MPLS networks
• The SRTE technology based on SR policy replaces the traditional RSVP-TE
• Simple configuration
"SR Policy" replaces complex tunnel interfaces
• Automated steering
No complex steering
• Scalable
No core state: state in the packet header
• Application Aware Routing Policy provided by the policy-based SDWAN (Viptela)

makes deployment of traffic engineering based on application identification very easy
• End-to-End Traffic Engineering Control with SR Policy Controller and SDWAN (Viptela )
Policy Controller
The Concept and Practice of SRTE
• Segment routing basic knowledge recap
• SR Traffic Engineering based on SR Policy
• Color and endpoint definitions
• Candidate paths and preference
• Binding-SID and automated steering
• Use Case One: Basic SR policy configuration
-Anycast SID, candidate paths and preference
• Use Case Two: Constraint configuration of SR policy
-Affinity attributes and TE metrics
SR Overview - Basic 24001 Adj-SID label
16007 Prefix-Sid label
Service: L3VPN, L2VPN, 6PE, 6VPE, …
16099 Prefix-SID
24001 24001 Loopback0
16007 Label 16099
Segment 1 16007
CE1 PE1 P1 P2 P3 P4
Adj label 24001

Segment 2
16007 Prefix-SID
Loopback0
Label 16007
Prefix-SIDs are global labels
P5 P6 P7 PE2 CE2
Adj-SIDs are local labels
Segment 3 16007
Deviate from shortest path – Source Routing:

Traffic Engineering based on SR
Topological path to SID-list – Example 1
• Desired topological path = 1234
16002
• SID-list = <16002, 16004> 20
1 2
• 16002 brings the packet from 1 to 2 (shortest
path from Node1 to Node2)
16004
• 16004 brings the packet from 2 to 4 via 3 4 3
(shortest path from Node2 to Node4)
Default link metric: 10
• Desired topological path = 1234 16003
• SID-list = <16003, 30304> 1 2

• 16003 brings the packet from 1 to 3 (shortest
path from Node1 to Node3) 100
4 3
• 30304 brings the packet from 3 to 4 using the
Adjacency-SID 30304
• Note that the derivation of the SID-list to express a topological path only
considers IGP metric, not TE metric
• Default forwarding uses shortest IGP metric forwarding entries
• Example: shortest TE metric path is 1234
• Cumulative TE metric is 30 16003
• The IGP metric topology is the same as 1 2
Example 2 on previous slide
I:10
 resulting SID-list = {16003, 30304} T:100 I:100
T:10
4 3
30304
Default IGP link metric: I:10

Default TE link metric: T:10
Anycast-SID
21 22
11 12
1 2
23 24
SID-list:
< 16111, 16003 > 3
13 14
• The nodes on Plane1 (blue) advertise Anycast-SID 16111 (1.1.1.111/32)
• The nodes on Plane2 (red) advertise Anycast-SID 16222 (1.1.1.222/32)
• The explicit path on Node1 steers packets via SID-list <16111, 16003>
• The path stays on Plane1, except if both uplinks to Plane1 fail or Plane1 becomes partitioned
SR Traffic Engineering based on SR Policy
• An SR Policy is uniquely identified by a tuple
(head-end, color, end-point)
Head-end: where the SR Policy is instantiated (implemented)
Color: a numerical value to differentiate multiple SRTE Policies between
the same pair of nodes
End-point: the destination of the SR Policy
• At a given head-end, an
SR Policy is uniquely identified SR Policy
by a tuple (color, end-point) 2 3 4
(1, green, 4)
Head-end: 1
Color: green 1
End-point: 4
7 6 5
Automated steering
• BGP can automatically steer traffic into an SR Policy based on BGP next-hop
and color of a route
• color of a route is specified by its color extended community attribute
• By default:
If the BGP next-hop and color of a route match the end-point and color of an
SR Policy, then BGP installs the route resolving on the BSID of the SR Policy
• end-point and color uniquely identify an SR Policy
on a given head-end
110.1.1.3/32
POL10 2 3 120.1.1.3/32
110.1.1.3/32 (color 10, NH 1.1.1.3)

via SR Policy POL10 (10, 1.1.1.3)
120.1.1.13/32 (color 20, NH 1.1.1.3)
1
via SR Policy POL20 (20, 1.1.1.3)
POL20 5 4
SR Policy – Candidate Paths
• An SR Policy consists of one or more candidate paths (Cpaths)
SR Policy Cpath1
Cpath2 Candidate
... Paths
Cpathn
• An SR Policy instantiates one single path in RIB/FIB

• A candidate path is either dynamic or explicit
SR Policy – Candidate Path
• A candidate path is a single segment list (SID-list)
or a set of weighted* SID-lists
• Typically, an SR Policy path only contains a single SID-list
• Traffic steered into an SR Policy SID-list11
path is load-shared over all Weight11

Cpath1 ...
SID-lists of the path
SID-list1m
Weight1m
SR Policy ...
SID-listn1
Weightn1
Cpathn ...
SID-listnk
Weightnk
SID = Segment ID
*For Weighted Equal Cost Multi-Path (WECMP) load-sharing.
SID-list1
Optimization
Dynamic Path
Weight1
Objective compute
Dynamic path path ...
Constraints
SID-listk
Weightk
• A dynamic path expresses

an optimization objective and a set of constraints
• The head-end computes a solution to the optimization problem as a SID-list or
a set of SID-lists
• When the head-end does not have enough topological information (e.g. multi-
domain problem), the head-end may delegate the computation to a PCE
• Whenever the network situation changes, the path is recomputed
Explicit Path
• An explicit path is an explicitly specified SID-list or set of SID-lists
SID-list1 SID11 SID12 SID1n

Weight1
Explicit path ...
SID-listk SIDk1 SIDk2 SIDkm
Weightk
Candidate Paths SID-list11
• A candidate path has a preference Weight11

Cpath1 ...
• A path is selected for an SR Policy (i.e. it is the Preference1 SID-list1m
preferred path) when the path is valid AND its SR Policy Binding-SID1 Weight1m
preference is the best (highest value) among all ...
the candidate paths of the SR Policy Cpathn SID-listn1
• A candidate path is associated with a single Preferencen Weightn1
Binding-SID Binding-SIDn ...

SID-listnk
• A candidate path is valid if it is usable Weightnk
• A head-end may be informed about candidate

paths for an SR Policy (color, end-point) by
various means including: local configuration (CLI), BGP PCEP
netconf, PCEP, or BGP
CLI SRTE netconf
Path’s source does not influence selection
SID-list11
<16003,
16004>
VALID
SR Policy Cpath1 Weight 1
( Head, Color, End ) Pref 110 SID-list12
<16004> Provided by
Weight 4 e.g. local configuration
SID-list21
VALID
Cpath2
<16004>
Pref 100
✔
SID-list31
Provided by
VALID
Cpath3 <16005,
Pref 200
16004> e.g. BGP SRTE
Selection of a new preferred path
✔
SID-list11
<16003,
16004>
VALID
SR Policy Cpath1 Weight 1
( Head, Color, End ) Pref 110 SID-list12
<16004> Provided by
Weight 4 e.g. local configuration
SID-list21
VALID
Cpath2
<16004>
Pref 100
INVALID
SID-list31
Cpath3 <16005, Provided by
Pref 200
16004> e.g. BGP SRTE
Active SR Policy
• An SR Policy (color, end-point) is active at a head-end as soon as
this head-end knows about a valid candidate path for this policy
• An active SR Policy installs a BSID-keyed entry in the forwarding
table with the action of steering the packets matching this entry to
the SID-list(s) of the SR Policy
Binding-SID (BSID) of an SR Policy
• The BSID of an SR Policy is the BSID of the selected path
✔
SID-list11
Weight11
VALID
Cpath1 ...
Best Pref SID-list1m
Binding-SID1 Weight1m
SR Policy
...
Cpathn SID-listn1
Preferencen Weightn1
VALID
...
Binding-SIDn
SID-listnk
Weightnk
Active SR Policy – FIB entry
20
2 10GE
3
SID-list:
Selected
SR Policy
Path
<16003, 1 4
16004>
BSID: 40GE
40104 6 5
Forwarding table on Node1

In Out Out_intf Fraction
40104 <16003, 16004> To Node2 100%
Use Case
Basic SR policy
configuration
（Anycast SID, candidate paths and

preference)
Use Case DC A DC B 137 DC C
135 136
DC11 DC12 DC21 DC22 DC31 DC32
AS65100 AS65200 AS65300

109 128
Aggregation PE
R6 R15
108
90 122
BGP SR Policy 116
127
132
80
Controller R3 R12
115
107 R9 R18
106 P
R5 R14
126 131
70 60 105
121 120
114
Core WAN Architecture 50 119
R2 R8 R11 R17
113
(BGP & BGP MPLS/VPN 40
over SR) 104 125
30
103
R4 R13 130
118
20 123
Router-id of Node X : 1.1.1.X R1 R10
Prefix-SID index of NodeX : X 112
Link subnet: 10.0.NET.0/24 101 111
10 R7 R16
Traffic patterns: 129
Type-1 App traffic path priorities: 1>2>3>4 3
Prefer to use red lines and avoid using blue
1 2
4
lines between R11-R14-R17
134
Type-2 App traffic path priorities: 3>4 BR1 BR2
Access PE
AS65001
Prefer to use blue lines and avoid using red
lines between R2-R5-R8 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
SRTE design for type-1 application traffic pattern
 Only one SR policy needs to be configured for uplink traffic from access PE to aggregation PE in Anycast SID mode.
For example: Segment list {16100,16003} *Anycast SID:16100*
 For downlink traffic, one SR policy with 4 candidate paths with different preferences need to be configured on the
aggregate PE router (e.g. R3, R6, R9, etc.)
RP/0/0/CPU0:BR1#show bgp ipv4 sr-policy Distinguisher:122

BGP router identifier 1.1.1.20, local AS number 65001
BGP generic scan interval 60 secs Color:10
Non-stop routing is enabled Endpoint:1.1.1.3
BGP table state: Active
Table ID: 0x0 RD version: 36 BGP sr-policy
BGP main routing table version 36 neighbor:10.75.53.20
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard router bgp 65001
Origin codes: i - IGP, e - EGP, ? - incomplete address-family ipv4 sr-policy
Network codes: [distinguisher][color][endpoint]/mask !
Network Next Hop Metric LocPrf Weight Path neighbor 10.75.53.20
*>i[122][10][1.1.1.3]/96 remote-as 65001
10.75.53.20 100 0i address-family ipv4 sr-policy
route-policy pass-all in
Processed 1 prefixes, 1 paths route-policy pass-all out
135 136
AS65100 AS65200 AS65300

109 128
Aggregation PE
R6 R15
108
90 122
BGP SR Policy 116
127
132
80
Controller R3 R12
115
107 R9 R18
106 P
R5 R14
126 131
70 60 105
121 120
114
R2 R8 R11 R17
113
over SR) 104 125
30
103
R4 R13 130
118
Anycast SID 16100 20 123
(R1,R4,R7) R1 R10
112
101 111
10 R7 R16
129
1 2 3
4
Traffic patterns:
134
Type-1 App traffic path priorities: 1>2>3>4 BR1 BR2
Access PE
AS65001
Prefer to use red lines and avoid using blue
lines between R11-R14-R17 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
SR policy Configuration-uplink traffic
BGP SR policy controller
RP/0/0/CPU0:BR1#sh bgp ipv4 sr-policy [122][10][1.1.1.3]/96 {
"origin": "IGP",
BGP routing table entry for [122][10][1.1.1.3]/96 "username": "admin",
"endpoint": "1.1.1.3",
Versions: "name": "BR1-X3-N1",
Process bRIB/RIB SendTblVer "color": "10",
Speaker 36 36 "BGP_SESSION": ["BR1"],
Last Modified: Apr 15 08:10:32.604 for 09:57:18 "distinguisher": "122",
"segement_lists": [{
Paths: (1 available, best #1, not advertised to any peer) "1": [{
Not advertised to any peer "3": {
Path #1: Received by speaker 0 "node": "1.1.1.100"
Not advertised to any peer }
}, {
Local "3": {
10.75.53.20 from 10.75.53.20 (172.17.0.4) "node": "1.1.1.3"
Origin IGP, localpref 100, valid, internal, best, group-best }
Received Path ID 0, Local Path ID 0, version 36 }],
"9": 10
Community: no-advertise }],
Tunnel encap attribute type: 15 (SR policy) "as_path": [],
bsid 9001, preference 400, num of segment-lists 1 "tlv_encoding": "new",
segment-list 1, weight 10 "ADMIN_STATUS": "advertise",
"next_hop": "",
segments: {1.1.1.100} {1.1.1.3} "create_time": 1523802386.820324,
SR policy state is UP, Allocated bsid 9001 "policy_preference": "400",
"binding_sid": "9001",
"_id": {
BSID :9001 "$oid": "5ad36112c13f80000ca534d6"
},
Preference:400 "TYPE": "ipv4_sr_policy",
"local_pref": 100
Segment-list: {1.1.1.100} {1.1.1.3} }
Anycast IP: 1.1.1.100
Define color
RP/0/0/CPU0:BR1#sh bgp
extcommunity-set opaque c10 Status codes: s suppressed, d damped, h history, * valid, > best
10 i - internal, r RIB-failure, S stale, N Nexthop-discard
end-set Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Assign color to specific destination route *>i191.0.1.0/24 1.1.1.3 C:10 0 200 0 65100 i
route-policy sr-policy *i 1.1.1.12 C:10 100 0 65100 i
if destination in (191.0.1.0/24) then *>i191.0.2.0/24 1.1.1.6 C:20 0 200 0 65200 i
set extcommunity color c10 *>i191.0.3.0/24 1.1.1.9 C:30 0 200 0 65300 i
endif *i 1.1.1.18 100 0 65300 i
pass *>i191.0.4.0/24 1.1.1.12 C:40 0 200 0 65100 i
end-policy *i 1.1.1.3 C:40 100 0 65100 i
*>i191.0.5.0/24 1.1.1.6 C:50 100 0 65200 i
*>i191.0.6.0/24 1.1.1.18 0 200 0 65300 i
*i 1.1.1.9 C:60 100 0 65300 i
Color assignment on ingress PE
router bgp 65001 RP/0/0/CPU0:BR1#sh bgp 191.0.1.0/24
bgp router-id 1.1.1.20 Paths: (2 available, best #1)
address-family ipv4 unicast Not advertised to any peer
network 192.0.1.0/24 65100
1.1.1.3 C:10 (bsid:9001) (metric 1021) from 1.1.1.19 (1.1.1.3)
neighbor 1.1.1.19 Origin IGP, metric 0, localpref 200, valid, internal, best, group-best
remote-as 65001 Received Path ID 0, Local Path ID 0, version 402
update-source Loopback0 Community: 300:1
address-family ipv4 unicast Extended community: Color:10
route-policy sr-policy in Originator: 1.1.1.3, Cluster list: 1.1.1.19
route-policy br-comm-set out SR policy color 10, up, registered, bsid 9001
SR policy must be activated #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
SR policy Configuration- uplink traffic
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng policy detail
SR-TE policy database Enable the following command under ISIS/OSPF to feed
--------------------- the SRTE DB on the head-end:
Name: bgp_AP_16 (Color: 10, End-point: 1.1.1.3) router ospf 100
Status:
Admin: up Operational: up for 09:56:47 (since Apr 15 08:10:32.649) distribute link-state
Candidate-paths:
Preference 400:
Explicit: segment-list Autolist_16_1* (active) To confirm the next hop of destination route in the
Weight: 10, Metric Type: IGP forwarding table is the BSID you have assigned.
16100 [Prefix-SID, 1.1.1.100]
16003 [Prefix-SID, 1.1.1.3]
Attributes: RP/0/0/CPU0:BR1#sh cef 191.0.1.0/24 detail
Binding SID: 9001 .........................
Allocation mode: explicit via local-label 9001, 3 dependencies, recursive [flags 0x6000]
State: Programmed path-idx 0 NHID 0x0 [0xa160a85c 0x0]
Policy selected: yes recursion-via-label
Forward Class: 0 next hop via 9001/1/21
Distinguisher: 122
Auto-policy info: Load distribution: 0 (refcount 1)
Creator: BGP Hash OK Interface Address
IPv6 caps enable: no 0 Y bgp_AP_16 point2point
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy

Policy Segment Outgoing Outgoing Next Hop Bytes
Name List Label Interface Switched
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_16 Autolist_16_1* 16003 Gi0/0/0/0 10.0.10.2 384
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy Type-1 App uplink traffic is sent with
Policy Segment Outgoing Outgoing Next Hop Bytes link #1.
------------- --------------- ----------- ------------------- --------------- ------------
RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1

1 10.0.10.2 [MPLS: Label 16003 Exp 0] 39 msec 29 msec 39 msec
3 10.0.70.2 79 msec 69 msec 29 msec
4 10.0.90.2 39 msec * 29 msec 1#
RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy After the 1st link fails…….
------------- --------------- ----------- ------------------- --------------- ------------ Sr policy recalculates the path and
bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/2 10.0.134.2 1120 selects link #2.

1 10.0.134.2 [MPLS: Labels 16100/16003 Exp 0] 49 msec 49 msec 49 msec
5 10.0.70.2 49 msec 59 msec 69 msec 2#
6 10.0.90.2 59 msec * 59 msec
Sun Apr 15 18:13:24.311 UTC
Policy Segment Outgoing Outgoing Next Hop Bytes After the 2nd link fails…….
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_16 Autolist_16_1* 16100 Gi0/0/0/1 10.0.123.2 460 Sr policy recalculates the path and
selects link #3.
5 10.0.70.2 49 msec 69 msec 59 msec 3#
6 10.0.90.2 69 msec * 59 msec

Policy Segment Outgoing Outgoing Next Hop Bytes After the 3rd link fails…….
------------- --------------- ----------- ------------------- --------------- ------------
Sr policy recalculates the path and
selects link #4.
6 10.0.70.2 59 msec 49 msec 49 msec
7 10.0.90.2 69 msec * 69 msec
4#
SR policy Configuration-downlink traffic
Configure policies
from BGP SR
policy controller
RP/0/0/CPU0:X3#sh segment-routing traffic-eng policy detail Name: bgp_AP_28 (Color: 70, End-point: 1.1.1.20)
SR-TE policy database Status:
--------------------- Admin: up Operational: up for 09:38:30 (since Apr 15 08:26:16.728)
Name: bgp_AP_26 (Color: 70, End-point: 1.1.1.20) Candidate-paths:
Status: Preference 200:
Admin: up Operational: up for 09:38:45 (since Apr 15 08:26:02.419) Explicit: segment-list Autolist_28_1* (active)
Candidate-paths: Weight: 10, Metric Type: IGP 3#
Preference 400: 16013 [Prefix-SID, 1.1.1.13]
Explicit: segment-list Autolist_26_1* (active) 24001 [Adjacency-SID, 10.0.123.2 - 10.0.123.1]
Weight: 10, Metric Type: IGP ………
16001 [Prefix-SID, 1.1.1.1] 1#
24000 [Adjacency-SID, 10.0.10.2 - 10.0.10.1]
……… Name: bgp_AP_29 (Color: 70, End-point: 1.1.1.20)
Status:
Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891)
Candidate-paths:
Name: bgp_AP_27 (Color: 70, End-point: 1.1.1.20) Preference 100:
Status: Explicit: segment-list Autolist_29_1* (active)
Admin: up Operational: up for 00:05:16 (since Apr 15 17:59:30.891) Weight: 10, Metric Type: IGP
Candidate-paths: 16016 [Prefix-SID, 1.1.1.16] 4#
Preference 300: 24001 [Adjacency-SID, 10.0.129.2 - 10.0.129.1]
Explicit: segment-list Autolist_27_1* (active) 24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
Weight: 10, Metric Type: IGP
16004 [Prefix-SID, 1.1.1.4] ………
24000 [Adjacency-SID, 10.0.101.2 - 10.0.101.1] 2#
24002 [Adjacency-SID, 10.0.134.2 - 10.0.134.1]
………
RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_26 Autolist_26_1* 16001 Gi0/0/0/0 10.0.70.1 4356 1#

4 candidate paths with
Name List Label Interface Switched different preferences .
------------- --------------- ----------- ------------------- --------------- ------------
bgp_AP_27 Autolist_27_1* 16004 Gi0/0/0/0 10.0.70.1 4932 2# SR policy will switch TE path
bgp_AP_29 Autolist_29_1* 16016 Gi0/0/0/0 10.0.70.1 0 automatically once detected
candidate path is invalid
------------- --------------- ----------- ------------------- --------------- ------------

------------- --------------- ----------- ------------------- --------------- ------------
SR policy configuration summary
• Define colors and match BGP or BGP MPLS VPN routes to specific
colors
• Define an SR policy, which can be configured locally or receive BGP
sr policy update messages through the BGP controller.
• color and endpoint
• candidate path with preference
• segment list with weight (option), segment list can be dynamic or explicit
• BSID value (option)
Use Case
Constraint configuration
of SR policy
(Affinity attributes and TE metrics)
135 136
AS65100 AS65200 AS65300

109 128
Aggregation PE
R6 R15
108
90
122
BGP SR Policy 116
127
132
80
Controller R3 R12
115
107 R9 R18
106 P
R5 R14
126 131
70 60 105
121 120
114
R2 R8 R11 R17
113
over SR) 104
30 125
103
R4 R13 130
118
20 123
R1 R10
112
101 111
10 R7 R16
129
1 2 3
4
Type-2 App traffic path priorities: 3>4
Prefer to use blue lines and avoid using red
BR1 BR2
lines between R2-R5,R2-R8 AS65001 134 Access PE
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy
SR-TE policy database Configure the SRTE metric value
--------------------- between R2-R5-R8 to be
Name: oa (Color: 40, End-point: 1.1.1.12) greater than the SRTE metric
Status: value between R11-R14-R17,
Admin: up Operational: up for 03:00:42 (since Apr 15 22:36:19.414)
Candidate-paths:
and set the affinity attribute of
Preference 400: the link between R2-R5-R8 to
Constraints: RED.
Affinity:
exclude-any:
Exclude this attribute from the
red
Dynamic (active) constraints of SR policy to make
Weight: 0, Metric Type: TE sure that the link between R2-
16014 [Prefix-SID, 1.1.1.14] R5-R8 can never be selected.
24002 [Adjacency-SID, 10.0.120.2 - 10.0.120.1]
16012 [Prefix-SID, 1.1.1.12]
Attributes:
The affinity of the link #1 and link
Binding SID: 9003 #2 of the access PE is also set
Allocation mode: explicit to RED, so that access PE will
State: Programmed exclude link #1 and #2 when
Policy selected: yes
calculating candidate path.
Forward Class: 0

Mon Apr 16 01:37:39.859 UTC
3#
------------- --------------- ----------- ------------------- --------------- ------------
oa dynamic 16014 Gi0/0/0/2 10.0.134.1 10868
RP/0/0/CPU0:BR2#sh segment-routing traffic-eng policy
SR-TE policy database
---------------------
Name: oa (Color: 40, End-point: 1.1.1.12)
Status: Head-end PE calculate new SR
After shutdown the link Admin: up Operational: up for 03:06:39 (since Apr 15 22:36:19.414)
Candidate-paths: candidate path based on affinity
between R11-R14 Preference 400: constraint and TE metric
Constraints:
Affinity:
exclude-any:
red
Dynamic (active)
Weight: 0, Metric Type: TE
16017 [Prefix-SID, 1.1.1.17]
24002 [Adjacency-SID, 10.0.119.2 - 10.0.119.1]
16012 [Prefix-SID, 1.1.1.12]
………
RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1 RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1

3# 4#
1 10.0.134.1 [MPLS: Labels 16014/24002/16012 Exp 0] 59 msec 49 msec 49 msec 1 10.0.129.2 [MPLS: Labels 16017/24002/16012 Exp 0] 89 msec 39 msec 39 msec
2 10.0.123.2 [MPLS: Labels 16014/24002/16012 Exp 0] 49 msec 59 msec 59 msec 2 10.0.130.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 39 msec 39 msec
3 10.0.125.2 [MPLS: Labels 24002/16012 Exp 0] 49 msec 49 msec 49 msec 3 10.0.119.1 [MPLS: Label 16012 Exp 0] 39 msec 59 msec 49 msec
4 10.0.120.1 [MPLS: Label 16012 Exp 0] 49 msec 59 msec 49 msec 4 10.0.121.2 49 msec 39 msec 39 msec
5 10.0.121.2 49 msec 49 msec 59 msec 5 10.0.122.2 29 msec * 39 msec
6 10.0.122.2 59 msec * 59 msec
Use Case
Application Aware
Routing Policy
(The policy-based SDWAN (Viptela) )
Cisco SD-WAN (Viptela) Review
• Applying SDN Principles Onto The Wide Area Network
vManage
APIs
Management/
Orchestration Plane
3rd Party
vAnalytics
Automation
vBond
vSmart Controllers
Control Plane
MPLS 4G
INET
vEdge Routers
Data Plane
Cloud Data Centre Campus Branch SOHO
Fabric Operation Walk-Through
OMP Update:
vSmart  Reachability – IP Subnets, TLOCs
OMP  Security – Encryption Keys
DTLS/TLS Tunnel  Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update
vEdge vEdge
Transport1
TLOCs TLOCs
VPN1 VPN2 Transport2 VPN1 VPN2
BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static
Subnets Subnets
Application Aware Routing Policy app-route-policy
_corpVPN_AppRoutePolicyVPN10
vpn-list corpVPN
app-list HTTPS sequence 41
app-family web match
app-family webmail app-list Office365
! !
app-list Office365 action
app office365 sla-class CriticalData preferred-color
! mpls
app-list YouTube backup-sla-preferred-color biz-internet
app youtube !
app youtube_hd !
! sequence 51
site-list AllBranches match
site-id 300-499 app-list YouTube
! !
site-list AllDC action
site-id 100 sla-class VoiceVideoSLA preferred-
site-id 200 color biz-internet
!
backup-sla-preferred-color mpls
!
!
policy sequence 61
sla-class BestEffort match
loss 20 app-list HTTPS
latency 200 !
! action
sla-class CriticalData sla-class BestEffort preferred-color
loss 5 biz-internet
latency 80 backup-sla-preferred-color biz-internet
apply-policy tloc-list DC-TLOCS
jitter 5 !
site-list AllBranches tloc 10.1.0.1 color mpls encap ipsec
! !
app-route-policy tloc 10.1.0.1 color biz-internet encap ipsec
sla-class VoiceVideoSLA default-action sla-class BestEffort
_corpVPN_AppRoutePolicyVPN10 tloc 10.1.0.2 color mpls encap ipsec
loss 1 !
! tloc 10.1.0.2 color biz-internet encap ipsec
latency 50
site-list AllDC tloc 10.2.0.1 color mpls encap ipsec
jitter 2 lists
app-route-policy tloc 10.2.0.1 color biz-internet encap ipsec
_corpVPN_AppRoutePolicyVPN10 tloc 10.2.0.2 color mpls encap ipsec vpn-list corpVPN
! tloc 10.2.0.2 color biz-internet encap vpn 10
ipsecCisco and/or its affiliates.
#CLUS BRKMPL-2116 © 2018 All rights reserved. Cisco Public 65
Use Case Type-3 Type-1 & Type-2
Traffic pattern:
Type-3 App traffic-engineering path selection based on DPI
TLOC Color1 over Red plane, TLOC Color2 over Blue plane
DS1 DS2
Site 100
TLOC: 1.1.1.100 Site 100
DV1 Color2 Color1 DV2 TLOC: 1.1.1.101
app1 app2
Color1 Color2 Site 100

DV1
DC21 DC22 TLOC: 1.1.1.100
IPSEC Tunnel
Color1 Color2
R3 R6 R9 R12 R15 R18
BGP&BGP/MPLS VPN over SRTE

SRTE
Tunnel
R1 R4 R13 R16
BR1 BR2
Color1 Color2
Color1 Color2
Color2 Color1
BV1 BV2
vEdge Site 200 Site 200
Type-1 & Type-2 Site 200 BV1
TLOC: 1.1.1.200 TLOC: 1.1.1.200
TLOC: 1.1.1.201
BS1 BS2
Type-3 #CLUS BRKMPL-2116 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Cisco SDWAN Key Takeaways
• SR Traffic Engineering based on SR Policy is simpler than any previous

technology
• It allows enterprises to easily deploy traffic engineering on a large
scale
• Cisco SDWAN (Viptela) solution makes it easy to implement traffic
engineering based on application identification
• We can use them together to solve complex traffic engineering needs
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKMPL-2116

by the speaker until June 18, 2018.
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Complete your online session evaluation
Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
Thank you
#CLUS
#CLUS

BRKMPL 2116

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKMPL 2116

Uploaded by

Copyright:

Available Formats

#CLUS

MPLS, Segment Routing

Dhrumil Prajapati (Solutions Architect)

• Enterprise MPLS (Dhrumil Prajapati)

• Segment Routing & SDWAN (Min Ma)

BGP AS 65000 BGP AS 65001

VRF VPNv4 eBGP

VRF VPNv4 eBGP

VRF VRF VRF VRF

VRF VPNv4 eBGP

VRF VRF VRF

SAN 25% utilized SAN

CORE 25% L2 utilized CORE

SAN 12% L2/L3 SAN

• Application Aware Routing Policy provided by the policy-based SDWAN (Viptela)

Service: L3VPN, L2VPN, 6PE, 6VPE, …

Adj label 24001

Deviate from shortest path – Source Routing:

• SID-list = <16003, 30304> 1 2

Default IGP link metric: I:10

• The nodes on Plane1 (blue) advertise Anycast-SID 16111 (1.1.1.111/32)

• The nodes on Plane2 (red) advertise Anycast-SID 16222 (1.1.1.222/32)

110.1.1.3/32 (color 10, NH 1.1.1.3)

• An SR Policy instantiates one single path in RIB/FIB

path is load-shared over all Weight11

• A dynamic path expresses

SID-list1 SID11 SID12 SID1n

• A candidate path has a preference Weight11

• A candidate path is associated with a single Preferencen Weightn1

Binding-SID Binding-SIDn ...

• A head-end may be informed about candidate

Forwarding table on Node1

40104 <16003, 16004> To Node2 100%

（Anycast SID, candidate paths and

AS65100 AS65200 AS65300

For example: Segment list {16100,16003} *Anycast SID:16100*

RP/0/0/CPU0:BR1#show bgp ipv4 sr-policy Distinguisher:122

AS65100 AS65200 AS65300

RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy

RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.1

RP/0/0/CPU0:BR1#traceroute 191.0.1.1 source 192.0.1.2

RP/0/0/CPU0:BR1#sh segment-routing traffic-eng forwarding policy

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy

RP/0/0/CPU0:X3#sh segment-routing traffic-eng forwarding policy

AS65100 AS65200 AS65300

RP/0/0/CPU0:BR2#sh segment-routing traffic-eng forwarding policy

RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1 RP/0/0/CPU0:BR2#traceroute 191.0.4.1 source 192.0.2.1

Color1 Color2 Site 100

R3 R6 R9 R12 R15 R18

BGP&BGP/MPLS VPN over SRTE

• SR Traffic Engineering based on SR Policy is simpler than any previous

Webex Teams will be moderated cs.co/ciscolivebot#BRKMPL-2116

Give us your feedback to be entered

You might also like

For example: Segment list {16100,16003} Anycast SID:16100