Verify End-to-End Connectivity across a Segment Routing SP
Available Languages
Contents
Introduction
This document describes the process to verify end-to-end connectivity across a segment routing Service Provider (SP) with Cisco IOS®XR software.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Knowledge of Basic IP Routing
- Knowledge of Cisco IOS and Cisco IOS XR command line
Components Used
The information in this document is based on these software and hardware versions:
- Router with Cisco IOS XR software
- Router with Cisco IOS software
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
The purpose of this document is to demonstrate the basic configuration to create a Segment Routing cloud and how to verify the end-to-end connectivity on Cisco IOS XR routers.
Topology
Network Topology
Initial Verification
BGP Configuration
CE-1
Loopback55 simulates the LAN side of router CE-1. You can advertise this prefix through eBGP to the PE-1 neighbor:
CE-1#show run | section r b
router bgp 65535
bgp router-id 10.1.1.1
bgp log-neighbor-changes
redistribute connected
redistribute eigrp 10
neighbor 172.16.20.2 remote-as 8181
CE-1#show ip bgp neighbors 172.16.20.2 advertised-routes
BGP table version is 25, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.1/32 0.0.0.0 0 32768 ?
*> 10.11.11.11/32 192.168.1.1 10880 32768 ?
*> 10.55.55.55/32 0.0.0.0 0 32768 ?
*> 172.16.20.0/30 0.0.0.0 0 32768 ?
*> 192.168.1.0 0.0.0.0 0 32768 ?
Total number of prefixes 5PE-1
This router received the prefix 10.55.55.55/32 and have connectivity, now is able to advertise it into the Service Provider cloud:
RP/0/RP0/CPU0:PE-1#show run vrf
Fri Jan 27 15:07:10.465 UTC
vrf Yellow
address-family ipv4 unicast
import route-target
200:200
!
export route-target
200:200
!
RP/0/RP0/CPU0:PE-1#show run router bgp
Fri Jan 27 14:54:33.488 UTC
router bgp 8181
bgp router-id 10.2.2.2
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor 10.3.3.3
remote-as 8181
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
!
!
vrf Yellow
rd 200:200
address-family ipv4 unicast
!
neighbor 172.16.20.1
remote-as 65535
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
as-override
!
RP/0/RP0/CPU0:PE-1#show bgp vrf Yellow ipv4 unicast neighbors 172.16.20.1 routes
Fri Jan 27 14:54:48.433 UTC
BGP VRF Yellow, state: Active
BGP Route Distinguisher: 200:200
VRF ID: 0x60000001
BGP router identifier 10.2.2.2, local AS number 8181
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000001 RD version: 73
BGP main routing table version 73
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:200 (default for vrf Yellow)
*> 10.1.1.1/32 172.16.20.1 0 0 65535 ?
*> 10.11.11.11/32 172.16.20.1 10880 0 65535 ?
*> 10.55.55.55/32 172.16.20.1 0 0 65535 ?
*> 172.16.20.0/30 172.16.20.1 0 0 65535 ?
*> 192.168.1.0/24 172.16.20.1 0 0 65535 ?
Processed 5 prefixes, 5 paths
RP/0/RP0/CPU0:PE-1#ping vrf Yellow 10.55.55.55
Fri Jan 27 14:55:06.077 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.55.55, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 msCE-2
Loopback66 simulates the LAN side of CE-2 router. In a similar way as CE-1, this router advertises the prefix via eBGP to neighbor router PE-2.
CE-2#show run | section r b
router bgp 65535
bgp router-id 10.5.5.5
bgp log-neighbor-changes
redistribute connected
redistribute eigrp 10
neighbor 172.16.50.1 remote-as 8181
CE-2#show ip bgp neighbors 172.16.50.1 advertised-routes
BGP table version is 15, local router ID is 10.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.5.5.5/32 0.0.0.0 0 32768 ?
*> 10.22.22.22/32 192.168.4.1 10880 32768 ?
*> 10.66.66.66/32 0.0.0.0 0 32768 ?
*> 172.16.50.0/30 0.0.0.0 0 32768 ?
*> 192.168.4.0 0.0.0.0 0 32768 ?
Total number of prefixes 5PE-2
This router received prefix 10.66.66.66/32 and now is able to advertise to Service Provider cloud:
RP/0/RP0/CPU0:PE-2#show run vrf
Fri Jan 27 15:07:51.117 UTC
vrf Yellow
address-family ipv4 unicast
import route-target
200:200
!
export route-target
200:200
!
RP/0/RP0/CPU0:PE-2#show run router bgp
Fri Jan 27 14:59:56.957 UTC
router bgp 8181
bgp router-id 10.4.4.4
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor 10.3.3.3
remote-as 8181
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
!
!
vrf Yellow
rd 200:200
address-family ipv4 unicast
!
neighbor 172.16.50.2
remote-as 65535
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
as-override
!
RP/0/RP0/CPU0:PE-2#show bgp vrf Yellow ipv4 unicast neighbors 172.16.50.2 routes
Fri Jan 27 15:00:10.383 UTC
BGP VRF Yellow, state: Active
BGP Route Distinguisher: 200:200
VRF ID: 0x60000001
BGP router identifier 10.4.4.4, local AS number 8181
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000001 RD version: 64
BGP main routing table version 64
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:200 (default for vrf Yellow)
*> 10.5.5.5/32 172.16.50.2 0 0 65535 ?
*> 10.22.22.22/32 172.16.50.2 10880 0 65535 ?
*> 10.66.66.66/32 172.16.50.2 0 0 65535 ?
*> 172.16.50.0/30 172.16.50.2 0 0 65535 ?
*> 192.168.4.0/24 172.16.50.2 0 0 65535 ?
Processed 5 prefixes, 5 paths
RP/0/RP0/CPU0:PE-2#ping vrf Yellow 10.66.66.66
Fri Jan 27 15:00:26.020 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.66.66.66, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/26/120 msRouting Information Status from PE-1,Provider and PE-2
For this demonstration, OSPF is configured as IGP and iBGP.
PE-1
OSPF neighbor is UP and iBGP session to 10.3.3.3 that is Route Reflector.
RP/0/RP0/CPU0:PE-1#show run router ospf
Fri Jan 27 15:09:23.910 UTC
router ospf 1
router-id 10.2.2.2
area 0
!
interface GigabitEthernet0/0/0/1
!
!
!
RP/0/RP0/CPU0:PE-1#show ospf neighbor
Fri Jan 27 15:09:31.435 UTC
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
10.3.3.3 1 FULL/BDR 00:00:37 172.16.30.2 GigabitEthernet0/0/0/1
Neighbor is up for 16:59:30
Total neighbor count: 1
RP/0/RP0/CPU0:PE-1#show bgp vpnv4 unicast summary
Fri Jan 27 15:09:37.760 UTC
BGP router identifier 10.2.2.2, local AS number 8181
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 73
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 73 73 73 73 73 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.3.3.3 0 8181 1010 997 73 0 0 16:24:45 5Provider Router
On this device we can confirm that acts as Route reflector and IBGP session is established with neighbors 10.2.2.2 and 10.4.4.4
RP/0/RP0/CPU0:Provider#show run router ospf
Fri Jan 27 15:19:33.250 UTC
router ospf 1
router-id 10.3.3.3
area 0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
RP/0/RP0/CPU0:Provider#show run router bgp
Fri Jan 27 15:11:08.321 UTC
router bgp 8181
bgp router-id 10.3.3.3
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor-group IBGP
remote-as 8181
update-source Loopback0
!
neighbor 10.2.2.2
use neighbor-group IBGP
address-family vpnv4 unicast
route-policy PASS in
route-reflector-client
route-policy PASS out
next-hop-self
!
!
neighbor 10.4.4.4
use neighbor-group IBGP
address-family vpnv4 unicast
route-policy PASS in
route-reflector-client
route-policy PASS out
next-hop-self
!
RP/0/RP0/CPU0:Provider#show bgp vpnv4 unicast summary
Fri Jan 27 15:11:19.263 UTC
BGP router identifier 10.3.3.3, local AS number 8181
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 25
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 25 25 25 25 25 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.2.2.2 0 8181 998 1011 25 0 0 16:26:27 5
10.4.4.4 0 8181 997 1009 25 0 0 16:24:25 5PE-2
OSPF neighbor is up and IBGP session to 10.3.3.3 that is Route Reflector.
RP/0/RP0/CPU0:PE-2#show run router ospf
Fri Jan 27 15:12:47.741 UTC
router ospf 1
router-id 10.4.4.4
area 0
!
interface GigabitEthernet0/0/0/2
!
RP/0/RP0/CPU0:PE-2#show ospf neighbor
Fri Jan 27 15:12:55.229 UTC
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
10.3.3.3 1 FULL/DR 00:00:35 172.16.40.1 GigabitEthernet0/0/0/2
Neighbor is up for 17:01:21
Total neighbor count: 1
RP/0/RP0/CPU0:PE-2#show bgp vpnv4 unicast summary
Fri Jan 27 15:13:01.911 UTC
BGP router identifier 10.4.4.4, local AS number 8181
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 64
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 64 64 64 64 64 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.3.3.3 0 8181 1011 998 64 0 0 16:26:08 5
RP/0/RP0/CPU0:PE-2#ping 10.2.2.2 source loopback0
Fri Jan 27 15:13:09.728 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/21/67 ms
RP/0/RP0/CPU0:PE-2#ping 10.3.3.3 source loopback0
Fri Jan 27 15:13:16.696 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/7 msSegment Routing Configuration
PE-1
RP/0/RP0/CPU0:PE-1#show run router ospf
Fri Jan 27 16:15:56.479 UTC
router ospf 1
router-id 10.2.2.2
segment-routing mpls
area 0
segment-routing mpls
interface Loopback0
prefix-sid index 15
! Provider
RP/0/RP0/CPU0:Provider#show run router ospf
Fri Jan 27 16:17:09.471 UTC
router ospf 1
router-id 10.3.3.3
segment-routing mpls
area 0
segment-routing mpls
interface Loopback0
prefix-sid index 16
!PE-2
RP/0/RP0/CPU0:PE-2#show run router ospf
Fri Jan 27 16:18:11.090 UTC
router ospf 1
router-id 10.4.4.4
segment-routing mpls
area 0
segment-routing mpls
interface Loopback0
prefix-sid index 17
!
Final Verifications
CE-1 can reach interface loopback66 located on CE-2 router. The next Traceroute output shows that the packet takes label switch path when destined to 10.66.66.66 prefix. It can also be observed that the label uses the prefix-sid 16017 as it goes through router PE-2:
CE-1#ping 10.66.66.66 source loopback0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.66.66.66, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 9/13/32 ms CE-1#traceroute 10.66.66.66 source loopback0 Type escape sequence to abort. Tracing the route to 10.66.66.66 VRF info: (vrf in name/id, vrf out name/id) 1 172.16.20.2 6 msec 5 msec 5 msec 2 172.16.30.2 [MPLS: Labels 16017/24003 Exp 0] 12 msec 13 msec 16 msec 3 172.16.40.2 [MPLS: Label 24003 Exp 0] 15 msec 13 msec 12 msec 4 172.16.50.2 [AS 8181] 13 msec 11 msec *
As the configuration did not use the absolute option, the labels started at 16000 values and appended the prefix-sid that was configured for Segment Routing.
RP/0/RP0/CPU0:PE-1#show cef 10.3.3.3/32
Fri Jan 27 21:32:42.813 UTC
10.3.3.3/32, version 43, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6a00) [1], 0x600 (0xe593918), 0xa20 (0xee6e4b8)
Updated Jan 26 23:21:30.314
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fbda8) reference count 3, flags 0x68, source rib (7), 0 backups
[3 type 4 flags 0x8401 (0xeeb1648) ext 0x0 (0x0)]
LW-LDI[type=1, refc=1, ptr=0xe593918, sh-ldi=0xeeb1648]
gateway array update type-time 1 Jan 26 23:21:30.314
LDI Update time Jan 26 23:21:30.315
LW-LDI-TS Jan 26 23:21:30.315
via 172.16.30.2/32, GigabitEthernet0/0/0/1, 8 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xf427148 0xf4271e0]
next hop 172.16.30.2/32
remote adjacency
local label 16016 labels imposed {ImplNull}
Load distribution: 0 (refcount 3)
Hash OK Interface Address
0 Y GigabitEthernet0/0/0/1 remote
RP/0/RP0/CPU0:PE-1#show cef 10.4.4.4/32
Fri Jan 27 21:29:36.990 UTC
10.4.4.4/32, version 45, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f65c0) [1], 0x600 (0xe593e70), 0xa28 (0xee6e508)
Updated Jan 26 23:21:47.181
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fbe90) reference count 3, flags 0x68, source rib (7), 0 backups
[2 type 5 flags 0x8401 (0xeeb16a8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe593e70, sh-ldi=0xeeb16a8]
gateway array update type-time 1 Jan 26 23:21:47.182
LDI Update time Jan 26 23:21:47.182
LW-LDI-TS Jan 26 23:21:47.182
via 172.16.30.2/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xf4271e0 0x0]
next hop 172.16.30.2/32
remote adjacency
local label 16017 labels imposed {16017}
Load distribution: 0 (refcount 2)
Hash OK Interface Address
0 Y GigabitEthernet0/0/0/1 remote From the other side, CE-2 can also reach loopback55 located on CE-1 router:
CE-2#ping 10.55.55.55 source loopback66
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.55.55, timeout is 2 seconds:
Packet sent with a source address of 10.66.66.66
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/12/15 ms
CE-2#traceroute 10.55.55.55 source loopback66
Type escape sequence to abort.
Tracing the route to 10.55.55.55
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.50.1 6 msec 5 msec 4 msec
2 172.16.40.1 [MPLS: Labels 16015/24003 Exp 0] 9 msec 16 msec 10 msec
3 172.16.30.1 [MPLS: Label 24003 Exp 0] 10 msec 13 msec 8 msec
4 172.16.20.1 [AS 8181] 11 msec 7 msec * MPLS Labels
On the next output we can confirm that Segment routing labels are used to switch the traffic end-to-end.
RP/0/RP0/CPU0:PE-1#show mpls forwarding
Fri Jan 27 20:32:13.697 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16016 Pop SR Pfx (idx 16) Gi0/0/0/1 172.16.30.2 126880
16017 16017 SR Pfx (idx 17) Gi0/0/0/1 172.16.30.2 17292
24000 Pop SR Adj (idx 0) Gi0/0/0/1 172.16.30.2 0
24001 Aggregate 172.16.20.0/30[V] Yellow 11384
24002 Unlabelled 192.168.1.0/24[V] Gi0/0/0/0 172.16.20.1 0
24003 Unlabelled 10.55.55.55/32[V] Gi0/0/0/0 172.16.20.1 0
24004 Unlabelled 10.11.11.11/32[V] Gi0/0/0/0 172.16.20.1 0
24005 Unlabelled 10.1.1.1/32[V] Gi0/0/0/0 172.16.20.1 0 RP/0/RP0/CPU0:Provider#show mpls forwarding Fri Jan 27 20:33:14.878 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16015 Pop SR Pfx (idx 15) Gi0/0/0/1 172.16.30.1 151687 16017 Pop SR Pfx (idx 17) Gi0/0/0/2 172.16.40.2 147701 24000 Pop SR Adj (idx 0) Gi0/0/0/1 172.16.30.1 0 24001 Pop SR Adj (idx 0) Gi0/0/0/2 172.16.40.2 0
RP/0/RP0/CPU0:PE-2#show mpls forwarding
Fri Jan 27 20:33:49.201 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16015 16015 SR Pfx (idx 15) Gi0/0/0/2 172.16.40.1 25304
16016 Pop SR Pfx (idx 16) Gi0/0/0/2 172.16.40.1 128619
24000 Pop SR Adj (idx 0) Gi0/0/0/2 172.16.40.1 0
24001 Aggregate 172.16.50.0/30[V] Yellow 1200
24002 Unlabelled 192.168.4.0/24[V] Gi0/0/0/3 172.16.50.2 0
24003 Unlabelled 10.66.66.66/32[V] Gi0/0/0/3 172.16.50.2 0
24004 Unlabelled 10.5.5.5/32[V] Gi0/0/0/3 172.16.50.2 0
24005 Unlabelled 10.22.22.22/32[V] Gi0/0/0/3 172.16.50.2 0 Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
30-Jan-2023 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)