Flexible SR-TE Label Stack Allocation for BGP Services
This chapter provides information about the flexible segment routing traffic engineered (SR-TE) label stack allocation for BGP services.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 23.10.R2.
Flexible SR-TE label stack allocation for BGP services is supported on FP4-based platforms in SR OS Release 22.2.R1, and later.
Overview
FP4-based platforms support pushing 12 labels for SR-TE LSPs used in VPRN services and 10 labels for SR-TE LSPs used in EVPN VPLS or EVPN VPWS services. Layer 2 services, such as VPLS or Epipe services require an inner Ethernet header which reduces the space available for the label stack. In the case of R-VPLS or B-VPLS, even less label space is available for the label stack. For R-VPLS, only 9 labels can be pushed, and for B-VPLS, only 6.
Each SR-TE LSP is configured with a maximum transport label stack size, which is the sum of the values for the label stack size and the number of additional FRR labels. The label stack size ranges from 1 to 11 and the number of additional FRR labels ranges from 0 to 4, as follows. By default, the value for the label stack size is 6 and the number of additional FRR labels is 1.
*A:PE-1>config>router>mpls>lsp# max-sr-labels ?
- max-sr-labels <label-stack-size> [additional-frr-labels <labels>]
- no max-sr-labels
<label-stack-size> : [1..11]
<labels> : [0..4]
For VPRN services, the ingress label edge router (ILER) can push 12 labels, including the service label. A maximum of 11 labels remain for the sum of the label stack size and the number of additional FRR labels. The following error is raised because the sum of 10 and 2 exceeds the maximum of 11 labels:
*A:PE-1>config>router>mpls>lsp# max-sr-labels 10 additional-frr-labels 2
MINOR: MPLS #1030 Exceeds the maximum number of Labels allowed - Sum of label-stack-size and
additional-frr-labels cannot exceed max labels (11) allowed per stack
Default egress label stack allocation for BGP services
In addition to the transport labels, the ILER pushes other fields into the packet, such as the service label, control word, Ethernet segment identifier (ESI), OAM labels, hash label, or entropy labels. The service label is present for all types of services, while the other labels depend on the service type. Some of these labels are always computed in the label stack allocation, such as the service label, OAM label, ESI, and control word. The label space for these labels is always reserved when computing the maximum stack; even when no Ethernet segment is used, one label is reserved for an ESI (for the purpose of BGP next hop resolution). Other labels are optional, such as the hash label or the entropy label, which are mutually exclusive. For the entropy label, two labels are required: the entropy label indicator (ELI) and the entropy label (EL) itself. These optional labels are only allocated when the hash or entropy label is configured. Default egress label stack limits for BGP services shows an overview of the default egress label stack limits for BGP services, such as IP-VPN, EVPN-IFL, EVPN VPWS or EVPN VPLS, EVPN-IFF, and EVPN B-VPLS.
Features that reduce the label stack | IP-VPN (VPRN) | EVPN-IFL (VPRN) | EVPN VPLS or EVPN VPWS | EVPN-IFF (R-VPLS) | EVPN B-VPLS (PBB-EVPN) |
---|---|---|---|---|---|
Service label (always allocated) | 1 | 1 | 1 | 1 | 1 |
OAM label (always allocated) | 1 | 1 | 0 | 0 | 0 |
Control word (always allocated) | 0 | 0 | 1 | 1 | 1 |
ESI label (always allocated) | 0 | 0 | 1 | 0 | 0 |
Hash label (only when configured; mutually exclusive with EL) | 1 | 1 | 0 | 0 | 0 |
Entropy EL+ELI (only when configured; mutually exclusive with the hash label) | 2 | 2 | 2 | 2 | 2 |
Number of always-allocated labels | 2 | 2 | 3 | 2 | 2 |
Number of allocated labels, including the options | 4 | 4 | 5 | 4 | 4 |
Number of available labels | 12 | 12 | 10 | 9 | 6 |
Number of available transport labels when no options are configured | 10 | 10 | 7 | 7 | 4 |
Number of available transport labels with options | 8 | 8 | 5 | 5 | 2 |
The label space is always allocated for the first four features: the service label, OAM label, control word, and ESI label.
For IP-VPN or EVPN IFL VPRN services, only the service label and OAM label can be applied; therefore the transport label stack can have a maximum of 12 – 2 = 10 labels. In the case that the entropy label option is configured, two additional labels are reserved for EL and ELI and the transport label stack can have a maximum of 8 labels. When the hash label option is used, the number of available transport labels is only reduced by 1 and 9 transport labels are available.
For EVPN VPWS or EVPN VPLS services, the service label, control word, and ESI label are always allocated, even when the control word or ESI is not used. The number of available transport labels is 10 – 3 = 7 when no options are used. When the entropy label option is used, the number of available transport labels is further reduced by 2 and only 5 transport labels can be used.
For EVPN-IFF R-VPLS services, the traffic is either bridged traffic containing an ESI label or routed traffic without an ESI label. The ESI label is not accounted for because the routed encapsulation is always larger. For R-VPLS, the ILER can push a maximum of 9 labels, including the service label and control word. The number of available transport labels is 9 – 2 = 7, unless entropy labels are used. When the entropy label option is used, only 7 – 2 = 5 transport labels are available.
For B-VPLS services, the ILER can only push 6 labels, including the service label and control word. The number of available transport labels is only 6 – 2 = 4 when no options are used. When the entropy label option is used, only 4 – 2 = 2 transport labels are available.
SR-TE LSPs are configured with max-sr-labels <..> additional-frr-labels <..>. The number of these configured LSP labels must not exceed the number of available transport labels in the table. The BGP route next hop for the LSP cannot be resolved when the number of available labels is exceeded.
Dynamic egress label stack allocation for BGP services
With dynamic egress label stack allocation per service, SR OS accounts for the service label, but not for the labels that are not used. The dynamic-egress-label-limit command extends the number of available labels in the dynamic egress label stack by not accounting for the labels that are not used. When the dynamic-egress-label-limit command is enabled, the OAM label cannot be used in VPRN services and vprn-ping and vprn-trace are not supported. In EVPN VPWS or EVPN VPLS services, the control word can still be used, as a result, the corresponding label space is allocated. In EVPN VPLS services, the ESI label is only accounted for if the VPLS has a SAP or SDP binding associated to an ES.
Dynamic egress label stack allocation is supported for IP-VPN, EVPN-IFL, EVPN VPWS, EVPN VPLS, EVPN-IFF, and EVPN B-VPLS. Dynamic egress label stack limits for BGP services shows a comparison for the dynamic egress label stack allocation for IP-VPN, EVPN-IFL, EVPN VPLS, and EVPN VPWS, but a similar comparison can be made for EVPN-IFF and EVPN B-VPLS.
Features that reduce the label stack | dynamic-egress-label-limit false | dynamic-egress-label-limit true | |||||
---|---|---|---|---|---|---|---|
IP-VPN (VPRN) | EVPN-IFL (VPRN) | EVPN VPLS EVPN Epipe | IP-VPN (VPRN) | EVPN-IFL (VPRN) | EVPN VPLS EVPN Epipe | ||
Service label | 1 (always allocated) | 1 (always allocated) | 1 (always allocated) | 1 (always allocated) | 1 (always allocated) | 1 (always allocated) | |
OAM label | 1 (always allocated) | 1 (always allocated) | 0 | 0 | 0 | 0 | |
Control word | 0 | 0 | 1 (always allocated) | 0 | 0 | 1 | |
ESI label | 0 | 0 | 1 (always allocated) | 0 | 0 | 1 | |
Hash label (mutually exclusive with EL) | 1 | 1 | 0 | 1 | 0 | 0 | |
Entropy EL+ELI (mutually exclusive with the hash label) | 2 | 2 | 2 | 2 | 2 | 2 | |
Number of always-allocated labels | 2 | 2 | 3 | 1 | 1 | 1 | |
Number of allocated labels, including the options | 4 | 4 | 5 | 3 | 3 | 5 | |
Number of available labels | 12 | 12 | 10 | 12 | 12 | 10 | |
Number of available transport labels when no options are configured | 10 | 10 | 7 | 11 | 11 | 9 | |
Number of available transport labels with options | 8 | 8 | 5 | 9 | 9 | 5 |
When the dynamic-egress-label-limit command is enabled in an IP-VPN or EVPN-IFL service, the OAM label is not used and one additional transport label is available.
For IP-VPN or EVPN-IFL VPRN services, the ILER can push 12 labels and one of these labels is the service label. The remaining 11 labels are available for transport when no options are configured. When entropy labels are configured, 11 – 2 = 9 labels are available for transport.
For EVPN VPWS or EVPN VPLS services, the ILER can push 10 labels and one of these labels is the service label. The control word and ESI label are now considered as options. When no options are configured, 10 – 1 = 9 labels are available for the transport label stack. When the entropy label, control word, and ESI label are configured, only 5 labels are available for the transport label stack.
For EVPN-IFF services, the ILER can push 9 labels and one of these labels is the service label. When no options are configured, 9 – 1 = 8 labels are available for the transport label stack. When the control word and entropy label are configured, only 8 – 3 = 5 transport labels are available.
For EVPN B-VPLS services, the ILER can push 6 labels, including the service label. When no options are configured, 6 – 1 = 5 labels are available for the transport label stack. When the control word and entropy label are configured, only 5 – 3 = 2 transport labels are available.
Configuration
The Example topology consists of two nodes in an MPLS network:
- cards, MDAs, and ports
- router interfaces
- SR-ISIS
- MPLS and RSVP enabled
BGP is configured for the EVPN and VPN-IPv4 address families; on PE-1 as follows:
# on PE-1:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "internal"
family evpn vpn-ipv4
peer-as 64500
neighbor 192.0.2.2 # on PE-2: 192.0.2.1
exit
exit
no shutdown
The BGP configuration on PE-2 is similar.
SR-TE LSPs are configured between PE-1 and PE-2, as follows:
# on PE-1:
configure
router Base
mpls
interface "int-PE-1-PE-2" # on PE-2: "int-PE-2-PE-1"
exit
path "empty"
no shutdown
exit
path "to-PE-2-strict" # on PE-2: "to-PE-1-strict"
hop 10 192.168.12.2 strict # on PE-2: 192.168.12.1
no shutdown
exit
lsp "to-PE-2-empty" sr-te # on PE-2: "to-PE-1-empty"
to 192.0.2.2 # on PE-2: to 192.0.2.1
path-computation-method local-cspf
max-sr-labels 8 additional-frr-labels 2 # 10 labels - suited for VPRN
primary "empty"
exit
no shutdown
exit
lsp "to-PE-2-strict" sr-te # on PE-2: "to-PE-1-strict"
to 192.0.2.2 # on PE-2: to 192.0.2.1
path-computation-method local-cspf
max-sr-labels 8 additional-frr-labels 2 # 10 labels - suited for VPRN
primary "to-PE-2-strict" # on PE-2: "to-PE-1-strict"
exit
no shutdown
exit
no shutdown
exit
rsvp
no shutdown
exit
IP-VPN and EVPN-IFL services
For VPRN services, the ILER can push 12 labels: 1 service label, 1 OAM label, and 10 transport labels. VPRN-1 is an IP-VPN with the following configuration:
# on PE-1:
configure
service
vprn 1 name "VPRN-1" customer 1 create
description "VPRN-1 with BGP-IPVPN"
interface "loopback" create
address 172.16.1.1/32 # on PE-2: 172.16.1.2/32
loopback
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
sr-te
no bgp
exit
resolution filter
exit
route-distinguisher 192.0.2.1:1 # on PE-2: 192.0.2.2:1
vrf-target target:64500:1
no shutdown
exit
exit
no shutdown
EVPN-IFL VPRN-2 is configured as follows:
# on PE-1:
configure
service
vprn 2 name "VPRN-2" customer 1 create
description "VPRN-2 with EVPN-IFL"
interface "loopback" create
address 172.16.2.1/32 # on PE-2: 172.16.2.2/32
loopback
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
route-distinguisher 192.0.2.1:2 # on PE-2: 192.0.2.2:2
vrf-target target:64500:2
no shutdown
exit
exit
no shutdown
The BGP next hop is resolved for VPRN-1 and VPRN-2, as follows:
*A:PE-1# show router bgp next-hop vpn-ipv4
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (2) -- 10
-- (N) 00h01m45s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (2) -- 10
-- (N) 00h01m45s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The number of user labels is 2 and corresponds to the sum of the service label and OAM label.
The route table for VPRN-1 on PE-1 shows that the BGP VPN-IPv4 route to 172.16.1.2/32 uses an SR-TE tunnel with ID 655362 to PE-2, as follows:
*A:PE-1# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h02m46s 0
loopback 0
172.16.1.2/32 Remote BGP VPN 00h02m42s 170
192.0.2.2 (tunneled:SR-TE:655362) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The route table for VPRN-2 on PE-1 shows that the EVPN-IFL route to 172.16.2.2/32 also uses the SR-TE tunnel with ID 655362 to PE-2, as follows:
*A:PE-1# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Local Local 00h02m46s 0
loopback 0
172.16.2.2/32 Remote EVPN-IFL 00h02m42s 170
192.0.2.2 (tunneled:SR-TE:655362) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following illustrates that the BGP next hop cannot be resolved in a VPRN when the number of labels configured in the SR-TE LSP exceeds 10. In this example, the label stack size is increased to 9, while the number of additional FRR labels remains 2, as follows:
# on PE-1:
configure
router Base
mpls
lsp "to-PE-2-empty" # on PE-2: "to-PE-1-empty"
max-sr-labels 9 additional-frr-labels 2
exit
lsp "to-PE-2-strict" # on PE-2: "to-PE-1-strict"
max-sr-labels 9 additional-frr-labels 2
exit
The following shows that the BGP next hop cannot be resolved for the IP-VPN VPRN-1:
*A:PE-1# show router bgp next-hop vpn-ipv4
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 --
sr-te N LabelStackLimit
-- (2) --
-- (N) 00h00m27s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The route is not programmed in the FIB because of a LabelStackLimit error.
In a similar way, the BGP next hop cannot be resolved for the EPVN-IFL VPRN-2, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 --
sr-te N LabelStackLimit
-- (2) --
-- (N) 00h00m27s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The route table for VPRN-1 does not contain a route to 172.16.1.2/32 anymore; only the local route remains, as follows:
*A:PE-1# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h03m38s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
In a similar way, the route table for VPRN-2 contains only the local route, as follows:
*A:PE-1# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Local Local 00h03m38s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
If the OAM label is not required, the dynamic-egress-label-limit command can be enabled in the VPRN services, as follows:
# on PE-1, PE-2:
configure
service
vprn "VPRN-1"
bgp-ipvpn
mpls
dynamic-egress-label-limit
exit
exit
exit
vprn "VPRN-2"
bgp-evpn
mpls
dynamic-egress-label-limit
exit
exit
exit
The ILER can push 12 labels: 1 service label and 11 transport labels. The BGP next hop can be resolved for VPRN-1, as follows:
*A:PE-1# show router bgp next-hop vpn-ipv4 service-id 1
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (1) -- 10
-- (N) 00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The number of user labels is 1 and only the service label is accounted for.
In a similar way, the BGP next hop can be resolved for VPRN-2 and the number of user labels is 1, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 2
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (1) -- 10
-- (N) 00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The following shows that the dynamic-egress-label-limit command is enabled for IP-VPN VPRN-1:
*A:PE-1# show service id "VPRN-1" bgp-ipvpn
===============================================================================
Service 1 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.1:1
Oper RD Type : configured
Route Target : target:64500:1
Route Target Impor: None
Route Target Expor: None
Domain-Id : None
Dyn Egr Lbl Limit : Enabled
Auto-Bind Tunnel
Resolution : filter Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: sr-te
===============================================================================
The following shows that the dynamic-egress-label-limit command is enabled for EVPN-IFL VPRN-2:
*A:PE-1# show service id "VPRN-2" bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.1:2
Oper Route Dist. : 192.0.2.1:2
Oper RD Type : configured
Route Target : target:64500:2
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : None
Dyn Egr Lbl Limit : Enabled
EVI : 0
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : filter Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Bgp Instance : 1
Filter Tunnel Types: sr-te
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
EVPN VPWS services
Epipe-3 is configured as follows:
# on PE-1:
configure
service
epipe 3 name "Epipe-3" customer 1 create
bgp 1
exit
bgp-evpn
local-attachment-circuit ac-1 create # on PE-2: ac-2
eth-tag 1 # on PE-2: eth-tag 2
exit
remote-attachment-circuit ac-2 create # on PE-2: ac-1
eth-tag 2 # on PE-2: eth-tag 1
exit
evi 3
mpls bgp 1
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
sap 1/1/c10/1:3 create
description "SAP to CE"
no shutdown
exit
no shutdown
Layer 2 services, such as EVPN VPWS or EVPN VPLS services, cannot have the same number of labels in the stack as for VPRN services. A LabelStackLimit error causes Epipe-3 to be in an operationally down state, as follows:
*A:PE-1# show service service-using epipe
===============================================================================
Services [epipe]
===============================================================================
ServiceId Type Adm Opr CustomerId Service Name
-------------------------------------------------------------------------------
3 Epipe Up Down 1 Epipe-3
-------------------------------------------------------------------------------
Matching Services : 1
-------------------------------------------------------------------------------
===============================================================================
The following output shows that the BGP next hop cannot be resolved because of a LabelStackLimit error. By default, the number of user labels is 3 and accounts for 1 for the service label, 1 for the ESI label, and 1 for the control word, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 3
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 --
sr-te N LabelStackLimit
-- (3) --
-- (N) 00h00m07s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
For EVPN VPWS and EVPN VPLS services, the ILER can push 10 labels, including the service label, ESI label, and control word; therefore, the sum of the label stack size and the additional FRR labels cannot exceed 10 – 3 = 7 transport labels. However, when the service is configured with dynamic-egress-label-limit, only the service label must be accounted for and the number of transport labels can be 10 – 1 = 9. The SR-TE LSPs are configured with a label stack size of 9 and without additional FRR labels; the Epipe service is configured with dynamic-egress-label-limit, as follows:
# on PE-1:
configure
router Base
mpls
lsp "to-PE-2-empty" # on PE-2: "to-PE-1-empty"
max-sr-labels 9 additional-frr-labels 0
exit
lsp "to-PE-2-strict" # on PE-2: "to-PE-1-strict"
max-sr-labels 9 additional-frr-labels 0
exit
exit
exit
service
epipe "Epipe-3"
bgp-evpn
mpls
dynamic-egress-label-limit
exit
The BGP next hop is now resolved and the route is programmed in the FIB. The number of user labels is 1 for the service label, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 3
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (1) -- 10
-- (N) 00h01m21s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
Epipe-3 is now in an operationally up state, as follows:
*A:PE-1# show service service-using epipe
===============================================================================
Services [epipe]
===============================================================================
ServiceId Type Adm Opr CustomerId Service Name
-------------------------------------------------------------------------------
3 Epipe Up Up 1 Epipe-3
-------------------------------------------------------------------------------
Matching Services : 1
-------------------------------------------------------------------------------
===============================================================================
From Epipe-3 on PE-1, the BGP EVPN-MPLS destination 192.0.2.2 can be reached via an SR-TE tunnel with ID 655362, as follows:
*A:PE-1# show service id "Epipe-3" evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address Egr Label Last Change
Transport:Tnl-id
-------------------------------------------------------------------------------
192.0.2.2 524284 02/15/2024 07:58:36
sr-te:655362
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
---snip---
EVPN VPLS services
On PE-1 and PE-2, EVPN VPLS "VPLS-4" is configured:
# on PE-1:
configure
service
vpls 4 name "VPLS-4" customer 1 create
bgp 1
exit
bgp-evpn
evi 4
mpls bgp 1
ingress-replication-bum-label
ecmp 2
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
sap 1/1/c10/1:4 create
description "SAP to CE-41" # on PE-2: "SAP to CE-42"
no shutdown
exit
no shutdown
The maximum number of transport labels in EVPN VPLS services is the same as for EVPN VPWS services. By default, the ILER can push a maximum of 10 – 3 = 7 transport labels. The SR-TE LSPs are configured with a label stack size of 9 labels; therefore, a LabelStackLimit error occurs and the BGP next hop cannot be resolved. The number of user labels is 3 and accounts for 1 for the service label, 1 for the ESI label, and 1 for the control word, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 4
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 --
sr-te N LabelStackLimit
-- (3) --
-- (N) 00h00m26s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The number of available transport labels can be increased when dynamic-egress-label-limit is enabled on PE-1 and PE-2, as follows:
# on PE-1, PE-2:
configure
service
vpls "VPLS-4"
bgp-evpn
mpls
dynamic-egress-label-limit
With this configuration, only the service label is accounted for and the number of user labels is reduced to 1. The BGP next hop can be resolved, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 4
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
-- (1) -- 10
-- (N) 00h04m32s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The following EVPN-MPLS destinations are established in VPLS-4 on PE-1:
*A:PE-1# show service id "VPLS-4" evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address Transport:Tnl Egr Label Oper Mcast Num
State MACs
-------------------------------------------------------------------------------
192.0.2.2 sr-te:655362 524282 Up bum 0
192.0.2.2 sr-te:655362 524283 Up none 1
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
===============================================================================
---snip---
EVPN-IFF services
The R-VPLS configuration on PE-1 is as follows:
# on PE-1:
configure
service
vpls 6 name "R-VPLS-6" customer 1 create
description "R-VPLS 6 - broadcast domain 1"
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c10/1:6 create
description "SAP to CE-61"
no shutdown
exit
no shutdown
exit
vprn 66 name "ip-vrf-66" customer 1 create
interface "int-sbd-600" create # toward PE-2
address 10.0.6.1/24
mac 00:00:00:00:60:01
vpls "sbd-600"
exit
exit
interface "int-R-VPLS-6" create # toward BD 1 with local CEs
address 172.16.6.1/24
mac 00:00:00:16:06:01
vrrp 1 passive
backup 172.16.6.254
ping-reply
traceroute-reply
exit
vpls "R-VPLS-6"
exit
exit
no shutdown
exit
vpls 600 name "sbd-600" customer 1 create
description "supplementary broadcast domain R-VPLS 600"
allow-ip-int-bind
exit
bgp
route-distinguisher 192.0.2.1:600
exit
bgp-evpn
ip-route-advertisement
evi 600
mpls bgp 1
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
The R-VPLS configuration on PE-2 is similar.
For R-VPLS services, the ILER can push a maximum of 9 labels, including the service label and control word. By default, a maximum of 7 transport labels can be pushed. When dynamic-egress-label-limit is enabled in the R-VPLS, a maximum of 8 transport labels are available. The SR-TE LSPs are configured with a label stack size of 8 labels and dynamic-egress-label-limit is enabled in R-VPLS "sbd-600", as follows:
# on PE-1:
configure
router Base
mpls
lsp "to-PE-2-empty" # on PE-2: lsp "to-PE-1-empty"
max-sr-labels 8 additional-frr-labels 0
exit
lsp "to-PE-2-strict" # on PE-2: lsp "to-PE-1-strict"
max-sr-labels 8 additional-frr-labels 0
exit
exit
exit
service
vpls "sbd-600"
bgp-evpn
mpls
dynamic-egress-label-limit
exit
exit
The BGP next hop can be resolved in R-VPLS "sbd-600", as follows:
*A:PE-1# show router bgp next-hop evpn service-id 600
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
rvpls (1) -- 10
-- (N) 00h00m58s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The following EVPN-MPLS destination is established in R-VPLS "sbd-600":
*A:PE-1# show service id "sbd-600" evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address Transport:Tnl Egr Label Oper Mcast Num
State MACs
-------------------------------------------------------------------------------
192.0.2.2 sr-te:655362 524286 Up bum 1
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
---snip---
EVPN PBB services
The configuration for B-VPLS and I-VPLS is as follows:
# on PE-1:
configure
service
vpls 500 name "B-VPLS-500" customer 1 b-vpls create
service-mtu 2000
pbb
source-bmac 00:00:00:00:00:01
exit
bgp
exit
bgp-evpn
evi 500
mpls bgp 1
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vpls 5 name "I-VPLS-5" customer 1 i-vpls create
pbb
backbone-vpls 500
exit
exit
stp
shutdown
exit
sap 1/1/c10/1:5 create
description "SAP to CE-51" # on PE-2: SAP to CE-52
no shutdown
exit
no shutdown
exit
The SR-TE LSPs are configured with a label stack size of 8 labels; therefore, a LabelStackLimit error occurs for the B-VPLS and the BGP next hop cannot be resolved, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 500
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 --
sr-te N LabelStackLimit
bvpls (2) --
-- (N) 00h01m13s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
The LER can only push maximum 6 labels for the B-VPLS, including the service label and the control word. By default, only 4 transport labels are available when no options are used. When dynamic-egress-label-limit is enabled in the B-VPLS, only the service label is accounted for and maximum 5 labels are available for transport. The SR-TE LSPs are configured with a label stack size of 5 and dynamic-egress-label-limit is enabled in the B-VPLS:
# on PE-1:
configure
router Base
mpls
lsp "to-PE-2-empty" # on PE-2: LSP "to-PE-1-empty"
max-sr-labels 5 additional-frr-labels 0
exit
lsp "to-PE-2-strict" # on PE-2: LSP "to-PE-1-strict"
max-sr-labels 5 additional-frr-labels 0
exit
exit
exit
service
vpls "B-VPLS-500"
bgp-evpn
mpls
dynamic-egress-label-limit
exit
The BGP next hop can now be resolved for the B-VPLS, as follows:
*A:PE-1# show router bgp next-hop evpn service-id 500
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
===============================================================================
BGP VPN Next Hop
===============================================================================
VPN Next Hop Owner
Autobind FibProg Reason
Labels (User-labels) FlexAlgo Metric
Admin-tag-policy (strict-tunnel-tagging) Last Mod.
-------------------------------------------------------------------------------
192.0.2.2 SR_TE
sr-te Y
bvpls (1) -- 10
-- (N) 00h00m10s
-------------------------------------------------------------------------------
Next Hops : 1
===============================================================================
In B-VPLS-500 on PE-1, the EVPN-MPLS destination 192.0.2.2 can be reached via an SR-TE tunnel with ID 655362, as follows:
*A:PE-1# show service id "B-VPLS-500" evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address Transport:Tnl Egr Label Oper Mcast Num
State MACs
-------------------------------------------------------------------------------
192.0.2.2 sr-te:655362 524279 Up bum 1
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
---snip---
Conclusion
Flexible SR-TE label stack allocation can increase the number of available transport labels in services when OAM labels, ESI labels, or control word are not used.