Segment routing with BGP-LU prefix SID
Segment routing (SR) allows a router to source route a packet by prepending an SR header containing an ordered list of SIDs. A SID can have a local impact to one particular node or it can have a global impact within the SR domain. With SR-MPLS, each SID is an MPLS label and the complete SID list is a stack of labels in the MPLS header.
Traditionally, the association of the SID with an IP prefix is propagated by an IGP routing protocol. However, in some cases, the SID must be propagated beyond the IGP protocol boundaries. For these cases, you can enable the prefix SID path attribute for BGP-LU to associate an SR-MPLS SID with an IP prefix in a labeled unicast route.
The prefix SID attribute associates a prefix with the advertised SID, representing network-wide instructions to forward packets along the BGP ECMP-aware best path back to the prefix. To advertise the prefix SID attribute in BGP-LU, SR Linux derives the advertised label from the IGP-signaled label index, which has the effect of stitching the BGP segment routing tunnel to the IGP segment routing tunnel. As a result, the segment routing-enabled routers can establish an LSP with a consistent label value end-to-end across IGP domains.
The prefix SID attribute is an optional transitive BGP path attribute with type code 40. This attribute encodes a 32-bit label index into the SRGB space and can provide details about the SRGB space of the originating router. The encoding of this BGP path attribute and its semantics are further described in draft-ietf-idr-bgp-prefix-sid.
SR Linux attaches a meaning to a prefix SID attribute only when it is attached to routes belonging to the labeled unicast IPv4 and labeled unicast IPv6 address families. When attached to routes of unsupported address families, the prefix SID attribute is ignored but still propagated, as with any other optional transitive attribute.
Label assignment and conflicts
A unique label index value is assigned to each unique IPv4 or IPv6 prefix that is advertised with a BGP prefix SID. If label index N1 is assigned to a BGP-advertised prefix P1, and N1 plus the SRGB start label creates a label value that conflicts with another SR programmed entry in the label forwarding information base (LFIB), the conflict situation is addressed according to the following rules:
-
If the conflict is with another BGP route for prefix P2 that was advertised with a prefix SID attribute, all the conflicting BGP routes for P1 and P2 are advertised with a normal BGP-LU label from the dynamic label range.
-
If the conflict is with an IGP route and BGP is attempting to redistribute that IGP route as a label-ipv4 or label-ipv6 route with a route table import policy action that includes the bgp label-allocation prefix sid reuse-igp true option, this is not considered a conflict and BGP uses the IGP-signaled label index to derive its advertised label. This has the effect of stitching the BGP segment routing tunnel to the IGP segment routing tunnel.
Any /32 label-ipv4 or /128 label-ipv6 BGP routes containing a prefix SID attribute are resolvable and used in the same way as /32 label-ipv4 or /128 label-ipv6 routes without a prefix SID attribute. These routes are installed in the route table and tunnel table. These routes can have ECMP next hops and can be used as BGP-LU transport tunnels.
Segment routing with BGP-LU prefix SID topology example
The following figure shows the example topology referenced in the subsequent procedure, which builds on the BGP-LU configurations shown in Seamless MPLS with BGP-LU configuration. The BGP-LU routers along the shortest path advertise consistent labels for prefix 10.0.0.1/32 on AN-1 and for prefix 10.0.0.5/32 on AN-5, providing consistent label usage end-to-end across the multiple IS-IS domains.
In this example, all nodes at minimum have protocols bgp segment-routing-mpls enabled, and are configured with an SR-MPLS SRGB of 16000-16999. The nodes operate as follows:
-
AN-1 advertises its loopback address (10.0.0.1/32) to its neighbor ABR-2 using a statically configured prefix SID label (16101) in SR-ISIS.
Note: On AN-1, BGP-LU is not advertising the AN-1 prefix SID to ABR-2. Instead, this advertisement is handled by SR-ISIS. -
ABR-2 uses a route table import policy to import the AN-1 prefix SID into its BGP RIB, and an export routing policy to export the AN-1 prefix SID to its neighbors. The route table import policy includes the bgp label-allocation prefix-sid reuse-igp action. With this option enabled, ABR-2 derives a BGP-LU label for the AN-1 prefix SID by reusing both the SR-MPLS SRGB and the SR-ISIS label index for AN-1. As a result, BGP-LU advertises the same prefix SID label (16101) toward P-3 as it received from AN-1. These policies result in stitching the BGP-LU path (from P-3 to ABR-2) to the SR-ISIS tunnel (ABR-2 to AN-1).
- To propagate prefix label 16101 from ABR-2 to ABR-4, P-3 uses only BGP-LU, advertising routes to its iBGP neighbors. On P-3, SR-ISIS carries no prefix SID for AN-1. As a result, no import or export policy is required on P-3.
- ABR-4 also uses BGP-LU to advertise the AN-1 prefix SID label 16101 to AN-5.
- After the AN-1 prefix SID is propagated end-to-end, when AN-5 wants to reach AN-1, it can simply apply label 16101 to the packets.
- The basic steps outlined above also apply for AN-5 advertising its loopback address (10.0.0.5/32) and prefix SID label (16105) in the opposite direction toward AN-1. The result being that, when AN-1 wants to reach AN-5, it can apply label 16105 to the packets.
Configuring segment routing with BGP-LU prefix SID
- Configure SR-MPLS in your network.
- Configure BGP-LU.
To configure BGP-LU with prefix SID for segment routing, perform the following steps.
- On the access, ABR, and P nodes, enable segment routing for BGP.
-
On the access nodes, associate a static segment routing local prefix SID label
with the loopback interface.
Note: No dedicated label block for BGP-LU prefix SID labels is required.
-
On the ABR nodes, configure a
route
table import
policy
to import the prefix SIDs with the reuse-igp true option and
apply the
route
table import policy to the BGP RIB.
Note: When reusing the label index from the IGP, BGP-LU prefix SID label values are drawn from the SRGB defined as part of the SR-MPLS configuration (and not from the label block defined in the BGP-LU configuration).
- On the ABR nodes, configure an export routing policy to export prefix SIDs from the BGP RIB, and apply the export policy to the applicable BGP peer groups or neighbors.
- As required, block propagation of prefix SIDs outside of the segment routing domain where they apply.
Segment routing with BGP-LU prefix SID configurations
The example configurations that follow apply for AN-1 and ABR-2 to advertise a prefix SID for 10.0.0.1/32. Similar configurations (not shown) are required for AN-5 and ABR-4 to advertise a prefix SID for 10.0.0.5/32.
Enable segment routing for BGP on all nodes
The following example enables segment routing using the bgp segment-routing-mpls command.
--{ candidate shared default }--[ ]--
All-nodes# info network-instance default protocols bgp
network-instance default {
protocols {
bgp {
segment-routing-mpls {
admin-state enable
}
}
}
}Associate local prefix SID label with the loopback interface on the access node (AN-1 shown)
The following example associates local prefix SID label 101 with the loopback interface lo0.0 on AN-1.
--{ candidate shared default }--[ ]--
AN-1# info interface lo0
interface lo0 {
admin-state enable
subinterface 0 {
ipv4 {
address 10.0.0.1/32 {
}
}
}
}
--{ candidate shared default }--[ ]--
AN-1# info network-instance default interface lo0.0
network-instance default {
interface lo0.0 {
interface-ref {
interface lo0
subinterface 0
}
}
}
--{ candidate shared default }--[ ]--
AN-1# info network-instance default segment-routing
network-instance default {
segment-routing {
mpls {
local-prefix-sid 1 {
interface lo0.0
ipv4-label-index 101
}
}
}
}
Configure the ABR route table import policy (ABR-2 shown)
The following example defines a route table import policy for importing prefix 10.0.0.1/32 into the BGP RIB on ABR-2 using the routing-policy command. It also sets the bgp label-allocation prefix-sid reuse-igp action, which directs BGP-LU to use the IGP-signaled label-index to derive its advertised label. This has the effect of stitching the BGP segment routing tunnel to the IGP segment routing tunnel.
The example also applies the route table import policy to the BGP RIB on ABR-2 using the bgp rib-management command to populate the local BGP-LU table with the segment routing label for prefix 10.0.0.1/32.
--{ candidate shared default }--[ ]--
ABR-2# info routing-policy
routing-policy {
policy import-prefix-sid-2 {
statement 10 {
match {
prefix-set 10.0.0.1/32
}
action {
policy-result accept
bgp {
label-allocation {
prefix-sid {
reuse-igp true
}
}
}
}
}
}
}
--{ candidate shared default }--[ ]--
ABR-2# info network-instance default protocols bgp rib-management
network-instance default {
protocols {
bgp {
rib-management {
table ipv4-labeled-unicast {
route-table-import import-prefix-sid-2
}
}
}
}
}Configure the export routing policy for the ABRs (ABR-2 shown)
The following example defines a policy for ABR-2 to export prefix 10.0.0.1/32 to BGP neighbors using the routing-policy command. It applies the policy on ABR-2 using the bgp neighbor command. It also configures BGP group iBGP with BGP-LU enabled, and applies the group to the peer.
The policy advertises the segment routing label for prefix 10.0.0.1/32 from the ABR-2 BGP-LU table to neighbor P-3 (192.0.2.3).
--{ candidate shared default }--[ ]--
ABR-2# info routing-policy
routing-policy {
policy export-prefix-sid-1 {
statement 10 {
match {
prefix-set 10.0.0.1/32
}
action {
policy-result accept
}
}
}
}
--{ candidate shared default }--[ ]--
ABR-2# info network-instance default protocols bgp
network-instance default {
protocols {
bgp {
group iBGP {
afi-safi ipv4-labeled-unicast {
admin-state enable
}
}
neighbor 192.0.2.3 {
peer-as 64496
peer-group ABRs
export-policy [
export-prefix-sid-1
]
}
}
}
}Block propagation of prefix SIDs
By default, the prefix SID attribute propagates without restriction. To prevent the prefix SID from propagating outside the segment routing domain where it is applicable, use the network-instance protocols bgp [group | neighbor] optional-attributes block-prefix-sid command. The command removes the prefix SID attribute from all routes sent to and received from the iBGP and eBGP peers included in the scope of the command.
The following example blocks the propagation of prefix SIDs to and from BGP neighbor 192.0.2.10 (not shown in the topology diagram).
--{ + candidate shared default }--[ ]--
Any-node# info network-instance default protocols bgp neighbor 192.0.2.10
network-instance default {
protocols {
bgp {
neighbor 192.0.2.10 {
optional-attributes {
block-prefix-sid true
}
}
}
}
}Diplay the prefix SID path attribute
To display the path attributes of the advertised BGP-LU routes, including the prefix-sid attribute, use the info from state bgp-rib attr-sets attr-set command. The following example shows the BGP-LU path attributes advertised from ABR-2 to P-3. In this example, the info from state command is entered from the network-instance context.
--{ candidate shared default }--[ network-instance default ]--
P-3# info from state bgp-rib attr-sets attr-set <attr-id>
origin igp
atomic-aggregate false
next-hop 192.0.2.2
med 0
local-pref 100
prefix-sid {
tlv label-index {
label-index {
label-index 101
}
}
tlv srgb-originator {
srgb-originator {
srgb [
16000:1000
]
}
}
}