Migrating core protocols is a significant operational challenge. A successful transition requires a strategic, phased approach: enabling the new protocol in parallel, gradually steering traffic by tuning route preferences (AD), and decommissioning legacy protocols only after the environment has stabilized.
SR to LDP require a SR Mapping server and Mapping client for it to switch traffic between SR and LDP and vice versa.
Mapping server – control plane(role is to advertise the LDP prefix into SR-ISIS domain)
Mapping Client – Data Plane. Receives the advertisement from Mapping server and interprets each SR mapping advertisements to a prefix SID.
We can configure more than one mapping server and Mapping client.
mapping clients are the router facing LDP domain or we can also configure the routers in the SR domain as Mapping client.
MC create stitching points between LDP FECs and SR Prefix-SIDs (Node-SIDs) for the same prefix.
Topology:
We will enable LDP between PE5 and PE1 and PE6 and PE2, PE1,ASBR1 &2 and PE2 will be enabled with SR-ISIS only.
PE1 and PE2 act as a Mapping Client.
LDP configuration in PE1,PE5,PE6 and PE2.
LDP sesion between PE5 and PE1
MPLS table verification
Verification in PE1: PE1 is a mapping client it is enabled with LDP and SR-ISIS
Lets map the LDP prefix 1.0.0.5/32 and 1.0.0.6/32 with 2005 and 2006 respectively.
Configuration# Mapping server configuration in ASBR1
Advertise the SR mappings for the LDP prefixes PE5 and PE6
*A:ASBR1>config>router>isis# info
----------------------------------------------
area-id 49.0010
segment-routing
prefix-sid-range global
mapping-server
sid-map node-sid index 2005 prefix 10.0.0.5/32
sid-map node-sid index 2006 prefix 10.0.0.6/32
no shutdown
exit
no shutdown
exit
After the MS advertisement Mapping Client MC now interpret those advertisement and create the stitching points between LDP and SR.
As per out topology, PE5 and PE6 can function as MC.
LDP uses export-tunnel-table command under ldp to redistribute the SR-ISS to LDP using an export policy. LDP process the monitor the policy and if it matches the policy with SR-ISIS /32 prefix it will program the LDP entry and advertise the LDP FEC for it.
Advertising SR only prefix to LDP from PE1 and PE2 towards PE5 and PE6.
Tunnel table on PE5 before the policy
Configuring the policy to redistribute the LDP FEC to SR-ISIS
/configure router ldp export-tunnel-table "sr-ldp"
we have completed the SRMS configuration now the Prefixes are advertised in SR-ISIS database.
SRMS provide the network wide policy and uses export-tunnel-table LDP with no refernce policy. Whenever /32 LDP destination matches the SRMS prefix then its program that prefix to corresponding LDP tunnel endpoint. Only required configuration is export-tunnel-table ldp command within the segment-routing context is the only required configuration
/configure router isis <instance number> segment-routing export-tunnel-table ldp
*A:PE1# configure router isis 1 segment-routing export-tunnel-table ldp
After the configuration i couldnot find the ldp prefix in PE1 later identified that I used the wrong IP subnet in the mapping server. Later changed it
*A:ASBR1>config>router>isis>segm-rtng>map-serv# info
----------------------------------------------
sid-map node-sid index 2005 prefix 10.0.0.5/32
sid-map node-sid index 2006 prefix 10.0.0.6/32
no shutdown
----------------------------------------------
SRGB block we configured earlier to use start label with 20000 but I used 2000 which is a mistake,
I had to correct it to make it work.
#--------------------------------------------------
echo "MPLS Label Range Configuration"
#--------------------------------------------------
mpls-labels
sr-labels start 20000 end 20099
exit
#--------------------------------------------------
Route is available in tunnel table but not able to ping from ASBR1 to PE5 but ping is working between PE5 and PE1.
Ping is working from PE1 to PE5 using LDP FEC
Lets do some more troubleshooting to identify the cause and enable the end to end forwarding plane working
Enabled mpls on the router interfaces now the PE1 to ASBR is working but when I initiate a ping from ASBR to PE1 is not working.
Also I used different area id in ASBR 1 and 2 so changed it to match the PE1 area id.
later i concluded oam ping is not working as I am testing in virtual SR-SIM I am able to ping the ip address. So, to verify the theory lets create a bgp session between PE5 and ASBR1 and create the VPRN between them to check the SR-ISIS and LDP data plane working properly.
ASBR1
MP-BGP configuration
A:ASBR1>config>router>bgp# info
----------------------------------------------
router-id 11.0.0.1
group "ibgp"
family ipv4 vpn-ipv4
type internal
neighbor 1.0.0.5
local-address 11.0.0.1
peer-as XXXX
exit
exit
no shutdown
----------------------------------------------
*A:ASBR1>config>router>bgp#
PE05:
*A:PE5>config>service>vprn# /configure router bgp
*A:PE5>config>router>bgp# info
----------------------------------------------
router-id 1.0.0.5
group "ibgp"
family ipv4 vpn-ipv4
type internal
local-address 1.0.0.5
neighbor 11.0.0.1
peer-as XXXX
exit
exit
no shutdown
----------------------------------------------
*A:PE5>config>router>bgp#
*A:PE5>config>router>bgp# /configure service vprn 1
*A:PE5>config>service>vprn# info
----------------------------------------------
interface "loopback" create
address 100.0.0.1/32
loopback
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 100:100
vrf-target target:100:100
no shutdown
exit
exit
no shutdown
----------------------------------------------
*A:PE5>config>service>vprn#
*A:ASBR1>config>router>bgp# /configure service vprn 1
*A:ASBR1>config>service>vprn# info
----------------------------------------------
interface "loopback" create
address 100.0.0.2/32
loopback
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
sr-isis
exit
resolution filter
exit
route-distinguisher 100:100
vrf-target target:100:100
no shutdown
exit
exit
no shutdown
----------------------------------------------
*A:ASBR1>config>service>vprn#
Verifying VPN Route table
Ping initiated between PE5 and ASBR1 VPRN 1
Internetworking between SR and LDP is working as expected.
PE1 and PE2 configured to advertise the PE5 and PE6 vice versa in LDP. But noticed the routes not available in tunnel table.
1.0.0.6/32 is not available in PE5
lets enable the end to end between traffic flow between PE5 to PE6 traffic via SR-ISIS domain.
PE5 (LDP) => PE1 (SR-ISIS/LDP) => ASBR1 (SR-ISIS) => ASBR2(SR-ISIS) ==> PE2 (SR-ISIS/LDP) => PE6(LDP)
While check the route table in PE5 and PE6 for each other routes identified that link between PE5 and PE6 enabled while doing some configuration changes in the topology which I missed to disable it.
After shutting the port down LDP routes installed in both routers
Success this time .. Sema end to end data traffic is working
Comments
Post a Comment