Flexible SR-TE Label Stack Allocation for BGP Services

This chapter provides information about the flexible segment routing traffic engineered (SR-TE) label stack allocation for BGP services.

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 23.10.R2.

Flexible SR-TE label stack allocation for BGP services is supported on FP4-based platforms in SR OS Release 22.2.R1, and later.

Overview

FP4-based platforms support pushing 12 labels for SR-TE LSPs used in VPRN services and 10 labels for SR-TE LSPs used in EVPN VPLS or EVPN VPWS services. Layer 2 services, such as VPLS or Epipe services require an inner Ethernet header which reduces the space available for the label stack. In the case of R-VPLS or B-VPLS, even less label space is available for the label stack. For R-VPLS, only 9 labels can be pushed, and for B-VPLS, only 6.

Each SR-TE LSP is configured with a maximum transport label stack size, which is the sum of the values for the label stack size and the number of additional FRR labels. The label stack size ranges from 1 to 11 and the number of additional FRR labels ranges from 0 to 4, as follows. By default, the value for the label stack size is 6 and the number of additional FRR labels is 1.

*A:PE-1>config>router>mpls>lsp# max-sr-labels ?
  - max-sr-labels <label-stack-size> [additional-frr-labels <labels>]
  - no max-sr-labels

 <label-stack-size>   : [1..11]
 <labels>             : [0..4]

For VPRN services, the ingress label edge router (ILER) can push 12 labels, including the service label. A maximum of 11 labels remain for the sum of the label stack size and the number of additional FRR labels. The following error is raised because the sum of 10 and 2 exceeds the maximum of 11 labels:

*A:PE-1>config>router>mpls>lsp# max-sr-labels 10 additional-frr-labels 2
MINOR: MPLS #1030 Exceeds the maximum number of Labels allowed - Sum of label-stack-size and 
additional-frr-labels cannot exceed max labels (11) allowed per stack

Default egress label stack allocation for BGP services

In addition to the transport labels, the ILER pushes other fields into the packet, such as the service label, control word, Ethernet segment identifier (ESI), OAM labels, hash label, or entropy labels. The service label is present for all types of services, while the other labels depend on the service type. Some of these labels are always computed in the label stack allocation, such as the service label, OAM label, ESI, and control word. The label space for these labels is always reserved when computing the maximum stack; even when no Ethernet segment is used, one label is reserved for an ESI (for the purpose of BGP next hop resolution). Other labels are optional, such as the hash label or the entropy label, which are mutually exclusive. For the entropy label, two labels are required: the entropy label indicator (ELI) and the entropy label (EL) itself. These optional labels are only allocated when the hash or entropy label is configured. Default egress label stack limits for BGP services shows an overview of the default egress label stack limits for BGP services, such as IP-VPN, EVPN-IFL, EVPN VPWS or EVPN VPLS, EVPN-IFF, and EVPN B-VPLS.

Table 1. Default egress label stack limits for BGP services
Features that reduce the label stack IP-VPN (VPRN) EVPN-IFL (VPRN) EVPN VPLS or EVPN VPWS EVPN-IFF (R-VPLS) EVPN B-VPLS (PBB-EVPN)
Service label (always allocated) 1 1 1 1 1
OAM label (always allocated) 1 1 0 0 0
Control word (always allocated) 0 0 1 1 1
ESI label (always allocated) 0 0 1 0 0
Hash label (only when configured; mutually exclusive with EL) 1 1 0 0 0
Entropy EL+ELI (only when configured; mutually exclusive with the hash label) 2 2 2 2 2
Number of always-allocated labels 2 2 3 2 2
Number of allocated labels, including the options 4 4 5 4 4
Number of available labels 12 12 10 9 6
Number of available transport labels when no options are configured 10 10 7 7 4
Number of available transport labels with options 8 8 5 5 2

The label space is always allocated for the first four features: the service label, OAM label, control word, and ESI label.

For IP-VPN or EVPN IFL VPRN services, only the service label and OAM label can be applied; therefore the transport label stack can have a maximum of 12 – 2 = 10 labels. In the case that the entropy label option is configured, two additional labels are reserved for EL and ELI and the transport label stack can have a maximum of 8 labels. When the hash label option is used, the number of available transport labels is only reduced by 1 and 9 transport labels are available.

For EVPN VPWS or EVPN VPLS services, the service label, control word, and ESI label are always allocated, even when the control word or ESI is not used. The number of available transport labels is 10 – 3 = 7 when no options are used. When the entropy label option is used, the number of available transport labels is further reduced by 2 and only 5 transport labels can be used.

For EVPN-IFF R-VPLS services, the traffic is either bridged traffic containing an ESI label or routed traffic without an ESI label. The ESI label is not accounted for because the routed encapsulation is always larger. For R-VPLS, the ILER can push a maximum of 9 labels, including the service label and control word. The number of available transport labels is 9 – 2 = 7, unless entropy labels are used. When the entropy label option is used, only 7 – 2 = 5 transport labels are available.

For B-VPLS services, the ILER can only push 6 labels, including the service label and control word. The number of available transport labels is only 6 – 2 = 4 when no options are used. When the entropy label option is used, only 4 – 2 = 2 transport labels are available.

SR-TE LSPs are configured with max-sr-labels <..> additional-frr-labels <..>. The number of these configured LSP labels must not exceed the number of available transport labels in the table. The BGP route next hop for the LSP cannot be resolved when the number of available labels is exceeded.

Dynamic egress label stack allocation for BGP services

With dynamic egress label stack allocation per service, SR OS accounts for the service label, but not for the labels that are not used. The dynamic-egress-label-limit command extends the number of available labels in the dynamic egress label stack by not accounting for the labels that are not used. When the dynamic-egress-label-limit command is enabled, the OAM label cannot be used in VPRN services and vprn-ping and vprn-trace are not supported. In EVPN VPWS or EVPN VPLS services, the control word can still be used, as a result, the corresponding label space is allocated. In EVPN VPLS services, the ESI label is only accounted for if the VPLS has a SAP or SDP binding associated to an ES.

Dynamic egress label stack allocation is supported for IP-VPN, EVPN-IFL, EVPN VPWS, EVPN VPLS, EVPN-IFF, and EVPN B-VPLS. Dynamic egress label stack limits for BGP services shows a comparison for the dynamic egress label stack allocation for IP-VPN, EVPN-IFL, EVPN VPLS, and EVPN VPWS, but a similar comparison can be made for EVPN-IFF and EVPN B-VPLS.

Table 2. Dynamic egress label stack limits for BGP services
Features that reduce the label stack dynamic-egress-label-limit false dynamic-egress-label-limit true
IP-VPN (VPRN) EVPN-IFL (VPRN) EVPN VPLS EVPN Epipe IP-VPN (VPRN) EVPN-IFL (VPRN) EVPN VPLS EVPN Epipe
Service label 1 (always allocated) 1 (always allocated) 1 (always allocated) 1 (always allocated) 1 (always allocated) 1 (always allocated)
OAM label 1 (always allocated) 1 (always allocated) 0 0 0 0
Control word 0 0 1 (always allocated) 0 0 1
ESI label 0 0 1 (always allocated) 0 0 1
Hash label (mutually exclusive with EL) 1 1 0 1 0 0
Entropy EL+ELI (mutually exclusive with the hash label) 2 2 2 2 2 2
Number of always-allocated labels 2 2 3 1 1 1
Number of allocated labels, including the options 4 4 5 3 3 5
Number of available labels 12 12 10 12 12 10
Number of available transport labels when no options are configured 10 10 7 11 11 9
Number of available transport labels with options 8 8 5 9 9 5

When the dynamic-egress-label-limit command is enabled in an IP-VPN or EVPN-IFL service, the OAM label is not used and one additional transport label is available.

For IP-VPN or EVPN-IFL VPRN services, the ILER can push 12 labels and one of these labels is the service label. The remaining 11 labels are available for transport when no options are configured. When entropy labels are configured, 11 – 2 = 9 labels are available for transport.

For EVPN VPWS or EVPN VPLS services, the ILER can push 10 labels and one of these labels is the service label. The control word and ESI label are now considered as options. When no options are configured, 10 – 1 = 9 labels are available for the transport label stack. When the entropy label, control word, and ESI label are configured, only 5 labels are available for the transport label stack.

For EVPN-IFF services, the ILER can push 9 labels and one of these labels is the service label. When no options are configured, 9 – 1 = 8 labels are available for the transport label stack. When the control word and entropy label are configured, only 8 – 3 = 5 transport labels are available.

For EVPN B-VPLS services, the ILER can push 6 labels, including the service label. When no options are configured, 6 – 1 = 5 labels are available for the transport label stack. When the control word and entropy label are configured, only 5 – 3 = 2 transport labels are available.

Configuration

The Example topology consists of two nodes in an MPLS network:

Figure 1. Example topology
The initial configuration includes:
  • cards, MDAs, and ports
  • router interfaces
  • SR-ISIS
  • MPLS and RSVP enabled

BGP is configured for the EVPN and VPN-IPv4 address families; on PE-1 as follows:

#  on PE-1:
configure
    router Base
        autonomous-system 64500
        bgp 
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update evpn
            group "internal"
                family evpn vpn-ipv4
                peer-as 64500
                neighbor 192.0.2.2                            # on PE-2: 192.0.2.1
                exit
            exit
            no shutdown

The BGP configuration on PE-2 is similar.

SR-TE LSPs are configured between PE-1 and PE-2, as follows:

#  on PE-1:
configure
    router Base
        mpls
            interface "int-PE-1-PE-2"                       # on PE-2: "int-PE-2-PE-1"
            exit
            path "empty"
                no shutdown
            exit
            path "to-PE-2-strict"                           # on PE-2: "to-PE-1-strict"
                hop 10 192.168.12.2 strict                  # on PE-2: 192.168.12.1
                no shutdown
            exit
            lsp "to-PE-2-empty" sr-te                       # on PE-2: "to-PE-1-empty"
                to 192.0.2.2                                # on PE-2: to 192.0.2.1
                path-computation-method local-cspf
                max-sr-labels 8 additional-frr-labels 2   # 10 labels - suited for VPRN
                primary "empty"
                exit
                no shutdown
            exit
            lsp "to-PE-2-strict" sr-te                       # on PE-2: "to-PE-1-strict"
                to 192.0.2.2                                 # on PE-2: to 192.0.2.1
                path-computation-method local-cspf
                max-sr-labels 8 additional-frr-labels 2    # 10 labels - suited for VPRN
                primary "to-PE-2-strict"                     # on PE-2: "to-PE-1-strict"
                exit
                no shutdown
            exit
            no shutdown
        exit
        rsvp
            no shutdown
        exit

IP-VPN and EVPN-IFL services

For VPRN services, the ILER can push 12 labels: 1 service label, 1 OAM label, and 10 transport labels. VPRN-1 is an IP-VPN with the following configuration:

# on PE-1:
configure
    service
        vprn 1 name "VPRN-1" customer 1 create
            description "VPRN-1 with BGP-IPVPN"
            interface "loopback" create
                address 172.16.1.1/32                    # on PE-2: 172.16.1.2/32
                loopback
            exit
            bgp-ipvpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                            no bgp
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.1:1      # on PE-2: 192.0.2.2:1
                    vrf-target target:64500:1
                    no shutdown
                exit
            exit
            no shutdown

EVPN-IFL VPRN-2 is configured as follows:

# on PE-1:
configure
    service
        vprn 2 name "VPRN-2" customer 1 create
            description "VPRN-2 with EVPN-IFL"
            interface "loopback" create
                address 172.16.2.1/32                    # on PE-2: 172.16.2.2/32
                loopback
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.1:2      # on PE-2: 192.0.2.2:2
                    vrf-target target:64500:2
                    no shutdown
                exit
            exit
            no shutdown

The BGP next hop is resolved for VPRN-1 and VPRN-2, as follows:

*A:PE-1# show router bgp next-hop vpn-ipv4
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (2)                                          --       10
   -- (N)                                                   00h01m45s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (2)                                          --       10
   -- (N)                                                   00h01m45s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The number of user labels is 2 and corresponds to the sum of the service label and OAM label.

The route table for VPRN-1 on PE-1 shows that the BGP VPN-IPv4 route to 172.16.1.2/32 uses an SR-TE tunnel with ID 655362 to PE-2, as follows:

*A:PE-1# show router service-name "VPRN-1" route-table

===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.1.1/32                                 Local   Local     00h02m46s  0
       loopback                                                     0
172.16.1.2/32                                 Remote  BGP VPN   00h02m42s  170
       192.0.2.2 (tunneled:SR-TE:655362)                            10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The route table for VPRN-2 on PE-1 shows that the EVPN-IFL route to 172.16.2.2/32 also uses the SR-TE tunnel with ID 655362 to PE-2, as follows:

*A:PE-1# show router service-name "VPRN-2" route-table

===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.2.1/32                                 Local   Local     00h02m46s  0
       loopback                                                     0
172.16.2.2/32                                 Remote  EVPN-IFL  00h02m42s  170
       192.0.2.2 (tunneled:SR-TE:655362)                            10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The following illustrates that the BGP next hop cannot be resolved in a VPRN when the number of labels configured in the SR-TE LSP exceeds 10. In this example, the label stack size is increased to 9, while the number of additional FRR labels remains 2, as follows:

#  on PE-1:
configure
    router Base
        mpls
            lsp "to-PE-2-empty"                    # on PE-2: "to-PE-1-empty"
                max-sr-labels 9 additional-frr-labels 2
            exit
            lsp "to-PE-2-strict"                   # on PE-2: "to-PE-1-strict"
                max-sr-labels 9 additional-frr-labels 2
            exit

The following shows that the BGP next hop cannot be resolved for the IP-VPN VPRN-1:

*A:PE-1# show router bgp next-hop vpn-ipv4
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   --
   sr-te                                           N        LabelStackLimit
   -- (2)                                          --
   -- (N)                                                   00h00m27s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The route is not programmed in the FIB because of a LabelStackLimit error.

In a similar way, the BGP next hop cannot be resolved for the EPVN-IFL VPRN-2, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   --
   sr-te                                           N        LabelStackLimit
   -- (2)                                          --
   -- (N)                                                   00h00m27s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The route table for VPRN-1 does not contain a route to 172.16.1.2/32 anymore; only the local route remains, as follows:

*A:PE-1# show router service-name "VPRN-1" route-table

===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.1.1/32                                 Local   Local     00h03m38s  0
       loopback                                                     0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

In a similar way, the route table for VPRN-2 contains only the local route, as follows:

*A:PE-1# show router service-name "VPRN-2" route-table

===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.2.1/32                                 Local   Local     00h03m38s  0
       loopback                                                     0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

If the OAM label is not required, the dynamic-egress-label-limit command can be enabled in the VPRN services, as follows:

# on PE-1, PE-2:
configure
    service
        vprn "VPRN-1" 
            bgp-ipvpn
                mpls
                    dynamic-egress-label-limit
                exit
            exit
        exit
        vprn "VPRN-2" 
            bgp-evpn
                mpls
                    dynamic-egress-label-limit
                exit
            exit
        exit

The ILER can push 12 labels: 1 service label and 11 transport labels. The BGP next hop can be resolved for VPRN-1, as follows:

*A:PE-1# show router bgp next-hop vpn-ipv4 service-id 1
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (1)                                          --       10
   -- (N)                                                   00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The number of user labels is 1 and only the service label is accounted for.

In a similar way, the BGP next hop can be resolved for VPRN-2 and the number of user labels is 1, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (1)                                          --       10
   -- (N)                                                   00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The following shows that the dynamic-egress-label-limit command is enabled for IP-VPN VPRN-1:

*A:PE-1# show service id "VPRN-1" bgp-ipvpn

===============================================================================
Service 1 BGP-IPVPN MPLS Information
===============================================================================
Admin State       : Up                  Oper State        : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : None
Oper Route Dist   : 192.0.2.1:1
Oper RD Type      : configured
Route Target      : target:64500:1
Route Target Impor: None
Route Target Expor: None
Domain-Id         : None
Dyn Egr Lbl Limit : Enabled

Auto-Bind Tunnel
Resolution        : filter              Strict Tnl Tag    : False
ECMP              : 1                   Flex Algo FB      : False
Weighted ECMP     : False
BGP Instance      : 1
Filter Tunnel Type: sr-te
===============================================================================

The following shows that the dynamic-egress-label-limit command is enabled for EVPN-IFL VPRN-2:

*A:PE-1# show service id "VPRN-2" bgp-evpn

===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State        : Up                     Oper State     : Up
VRF Import         : None
VRF Export         : None
Route Dist.        : 192.0.2.1:2
Oper Route Dist.   : 192.0.2.1:2
Oper RD Type       : configured
Route Target       : target:64500:2
Route Target Import: None
Route Target Export: None
Default Route Tag  : None
Domain-Id          : None
Dyn Egr Lbl Limit  : Enabled
EVI                : 0

Advertise          : Disabled
Weighted ECMP      : Disabled

Auto-Bind Tunnel
Resolution         : filter                 Strict Tnl Tag : False
ECMP               : 1                      Flex Algo FB   : False
Bgp Instance       : 1
Filter Tunnel Types: sr-te

Tunnel Encap
MPLS               : True                   MPLSoUDP       : False
===============================================================================

EVPN VPWS services

Epipe-3 is configured as follows:

#  on PE-1:
configure
    service
        epipe 3 name "Epipe-3" customer 1 create
            bgp 1
            exit
            bgp-evpn
                local-attachment-circuit ac-1 create      # on PE-2: ac-2
                    eth-tag 1                             # on PE-2: eth-tag 2
                exit
                remote-attachment-circuit ac-2 create     # on PE-2: ac-1
                    eth-tag 2                             # on PE-2: eth-tag 1
                exit
                evi 3
                mpls bgp 1
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                        exit
                        resolution filter
                    exit
                    no shutdown
                exit
            exit
            sap 1/1/c10/1:3 create
                description "SAP to CE"
                no shutdown
            exit
            no shutdown

Layer 2 services, such as EVPN VPWS or EVPN VPLS services, cannot have the same number of labels in the stack as for VPRN services. A LabelStackLimit error causes Epipe-3 to be in an operationally down state, as follows:

*A:PE-1# show service service-using epipe

===============================================================================
Services [epipe]
===============================================================================
ServiceId    Type      Adm  Opr  CustomerId Service Name
-------------------------------------------------------------------------------
3            Epipe     Up   Down 1          Epipe-3
-------------------------------------------------------------------------------
Matching Services : 1
-------------------------------------------------------------------------------
===============================================================================

The following output shows that the BGP next hop cannot be resolved because of a LabelStackLimit error. By default, the number of user labels is 3 and accounts for 1 for the service label, 1 for the ESI label, and 1 for the control word, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 3
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   --
   sr-te                                           N        LabelStackLimit
   -- (3)                                          --
   -- (N)                                                   00h00m07s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

For EVPN VPWS and EVPN VPLS services, the ILER can push 10 labels, including the service label, ESI label, and control word; therefore, the sum of the label stack size and the additional FRR labels cannot exceed 10 – 3 = 7 transport labels. However, when the service is configured with dynamic-egress-label-limit, only the service label must be accounted for and the number of transport labels can be 10 – 1 = 9. The SR-TE LSPs are configured with a label stack size of 9 and without additional FRR labels; the Epipe service is configured with dynamic-egress-label-limit, as follows:

# on PE-1:
configure
    router Base
        mpls
            lsp "to-PE-2-empty"                            # on PE-2: "to-PE-1-empty"
                max-sr-labels 9 additional-frr-labels 0
            exit
            lsp "to-PE-2-strict"                           # on PE-2: "to-PE-1-strict"
                max-sr-labels 9 additional-frr-labels 0
            exit
        exit
    exit
    service
        epipe "Epipe-3"
            bgp-evpn
                mpls
                    dynamic-egress-label-limit
                exit

The BGP next hop is now resolved and the route is programmed in the FIB. The number of user labels is 1 for the service label, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 3
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (1)                                          --       10
   -- (N)                                                   00h01m21s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

Epipe-3 is now in an operationally up state, as follows:

*A:PE-1# show service service-using epipe

===============================================================================
Services [epipe]
===============================================================================
ServiceId    Type      Adm  Opr  CustomerId Service Name
-------------------------------------------------------------------------------
3            Epipe     Up   Up   1          Epipe-3
-------------------------------------------------------------------------------
Matching Services : 1
-------------------------------------------------------------------------------
===============================================================================

From Epipe-3 on PE-1, the BGP EVPN-MPLS destination 192.0.2.2 can be reached via an SR-TE tunnel with ID 655362, as follows:

*A:PE-1# show service id "Epipe-3" evpn-mpls

===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address                         Egr Label               Last Change
                                     Transport:Tnl-id
-------------------------------------------------------------------------------
192.0.2.2                           524284                  02/15/2024 07:58:36
                                    sr-te:655362
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
---snip---

EVPN VPLS services

On PE-1 and PE-2, EVPN VPLS "VPLS-4" is configured:

# on PE-1:
configure
    service
        vpls 4 name "VPLS-4" customer 1 create
            bgp 1
            exit
            bgp-evpn
                evi 4
                mpls bgp 1
                    ingress-replication-bum-label
                    ecmp 2
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                        exit
                        resolution filter
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            sap 1/1/c10/1:4 create
                description "SAP to CE-41"        # on PE-2: "SAP to CE-42"
                no shutdown
            exit
            no shutdown

The maximum number of transport labels in EVPN VPLS services is the same as for EVPN VPWS services. By default, the ILER can push a maximum of 10 – 3 = 7 transport labels. The SR-TE LSPs are configured with a label stack size of 9 labels; therefore, a LabelStackLimit error occurs and the BGP next hop cannot be resolved. The number of user labels is 3 and accounts for 1 for the service label, 1 for the ESI label, and 1 for the control word, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 4
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   --
   sr-te                                           N        LabelStackLimit
   -- (3)                                          --
   -- (N)                                                   00h00m26s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The number of available transport labels can be increased when dynamic-egress-label-limit is enabled on PE-1 and PE-2, as follows:

# on PE-1, PE-2:
configure
    service
        vpls "VPLS-4" 
            bgp-evpn
                mpls
                    dynamic-egress-label-limit

With this configuration, only the service label is accounted for and the number of user labels is reduced to 1. The BGP next hop can be resolved, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 4
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   -- (1)                                          --       10
   -- (N)                                                   00h04m32s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The following EVPN-MPLS destinations are established in VPLS-4 on PE-1:

*A:PE-1# show service id "VPLS-4" evpn-mpls

===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address                     Transport:Tnl     Egr Label  Oper  Mcast  Num
                                                             State        MACs
-------------------------------------------------------------------------------
192.0.2.2                       sr-te:655362      524282     Up    bum    0
192.0.2.2                       sr-te:655362      524283     Up    none   1
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
===============================================================================
---snip---

EVPN-IFF services

The R-VPLS configuration on PE-1 is as follows:

# on PE-1:
configure
    service
        vpls 6 name "R-VPLS-6" customer 1 create
            description "R-VPLS 6 - broadcast domain 1"
            allow-ip-int-bind
            exit
            stp
                shutdown
            exit
            sap 1/1/c10/1:6 create
                description "SAP to CE-61"
                no shutdown
            exit
            no shutdown
        exit
        vprn 66 name "ip-vrf-66" customer 1 create
            interface "int-sbd-600" create            # toward PE-2
                address 10.0.6.1/24
                mac 00:00:00:00:60:01
                vpls "sbd-600"
                exit
            exit
            interface "int-R-VPLS-6" create           # toward BD 1 with local CEs
                address 172.16.6.1/24
                mac 00:00:00:16:06:01
                vrrp 1 passive
                    backup 172.16.6.254
                    ping-reply
                    traceroute-reply
                exit
                vpls "R-VPLS-6"
                exit
            exit
            no shutdown
        exit
        vpls 600 name "sbd-600" customer 1 create
            description "supplementary broadcast domain R-VPLS 600"
            allow-ip-int-bind
            exit
            bgp
                route-distinguisher 192.0.2.1:600
            exit
            bgp-evpn
                ip-route-advertisement
                evi 600
                mpls bgp 1
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                        exit
                        resolution filter
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit
        

The R-VPLS configuration on PE-2 is similar.

For R-VPLS services, the ILER can push a maximum of 9 labels, including the service label and control word. By default, a maximum of 7 transport labels can be pushed. When dynamic-egress-label-limit is enabled in the R-VPLS, a maximum of 8 transport labels are available. The SR-TE LSPs are configured with a label stack size of 8 labels and dynamic-egress-label-limit is enabled in R-VPLS "sbd-600", as follows:

# on PE-1:
configure
    router Base
        mpls
            lsp "to-PE-2-empty"                  # on PE-2: lsp "to-PE-1-empty"
                max-sr-labels 8 additional-frr-labels 0
            exit
            lsp "to-PE-2-strict"                 # on PE-2: lsp "to-PE-1-strict"
                max-sr-labels 8 additional-frr-labels 0
            exit
        exit
    exit
    service
        vpls "sbd-600" 
            bgp-evpn
                mpls
                    dynamic-egress-label-limit
                exit
            exit

The BGP next hop can be resolved in R-VPLS "sbd-600", as follows:

*A:PE-1# show router bgp next-hop evpn service-id 600
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   rvpls  (1)                                      --       10
   -- (N)                                                   00h00m58s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The following EVPN-MPLS destination is established in R-VPLS "sbd-600":

*A:PE-1# show service id "sbd-600" evpn-mpls

===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address                     Transport:Tnl     Egr Label  Oper  Mcast  Num
                                                             State        MACs
-------------------------------------------------------------------------------
192.0.2.2                       sr-te:655362      524286     Up    bum    1
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
---snip---

EVPN PBB services

The configuration for B-VPLS and I-VPLS is as follows:

# on PE-1:
configure
     service
         vpls 500 name "B-VPLS-500" customer 1 b-vpls create
            service-mtu 2000
            pbb
                source-bmac 00:00:00:00:00:01
            exit
            bgp
            exit
            bgp-evpn
                evi 500
                mpls bgp 1
                    auto-bind-tunnel
                        resolution-filter
                            sr-te
                        exit
                        resolution filter
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit
        vpls 5 name "I-VPLS-5" customer 1 i-vpls create
            pbb
                backbone-vpls 500
                exit
            exit
            stp
                shutdown
            exit
            sap 1/1/c10/1:5 create
                description "SAP to CE-51"            # on PE-2: SAP to CE-52
                no shutdown
            exit
            no shutdown
        exit

The SR-TE LSPs are configured with a label stack size of 8 labels; therefore, a LabelStackLimit error occurs for the B-VPLS and the BGP next hop cannot be resolved, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 500
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   --
   sr-te                                           N        LabelStackLimit
   bvpls  (2)                                      --
   -- (N)                                                   00h01m13s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

The LER can only push maximum 6 labels for the B-VPLS, including the service label and the control word. By default, only 4 transport labels are available when no options are used. When dynamic-egress-label-limit is enabled in the B-VPLS, only the service label is accounted for and maximum 5 labels are available for transport. The SR-TE LSPs are configured with a label stack size of 5 and dynamic-egress-label-limit is enabled in the B-VPLS:

# on PE-1:
configure
    router Base
        mpls
            lsp "to-PE-2-empty"                        # on PE-2: LSP "to-PE-1-empty"
                max-sr-labels 5 additional-frr-labels 0
            exit
            lsp "to-PE-2-strict"                       # on PE-2: LSP "to-PE-1-strict"
                max-sr-labels 5 additional-frr-labels 0
            exit
        exit
    exit
    service
        vpls "B-VPLS-500" 
            bgp-evpn
                mpls
                    dynamic-egress-label-limit
                exit

The BGP next hop can now be resolved for the B-VPLS, as follows:

*A:PE-1# show router bgp next-hop evpn service-id 500
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================

===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop                                                Owner
   Autobind                                        FibProg  Reason
   Labels (User-labels)                            FlexAlgo Metric
   Admin-tag-policy (strict-tunnel-tagging)                 Last Mod.
-------------------------------------------------------------------------------
192.0.2.2                                                   SR_TE
   sr-te                                           Y
   bvpls  (1)                                      --       10
   -- (N)                                                   00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================

In B-VPLS-500 on PE-1, the EVPN-MPLS destination 192.0.2.2 can be reached via an SR-TE tunnel with ID 655362, as follows:

*A:PE-1# show service id "B-VPLS-500" evpn-mpls

===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address                     Transport:Tnl     Egr Label  Oper  Mcast  Num
                                                             State        MACs
-------------------------------------------------------------------------------
192.0.2.2                       sr-te:655362      524279     Up    bum    1
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
---snip---

Conclusion

Flexible SR-TE label stack allocation can increase the number of available transport labels in services when OAM labels, ESI labels, or control word are not used.