0% found this document useful (0 votes)

321 views326 pages

Converged SDN Transport For CCIE SPv5 v202104

Uploaded by

Joël François

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

321 views326 pages

Converged SDN Transport For CCIE SPv5 v202104

Uploaded by

Joël François

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 326

Converged SDN Transport

For CCIE Service Provider v5

Workbook
v202104

© 2021
Joël François, IT Network Architect (CCIE R&S #55635)
https://www.linkedin.com/in/joël-françois-4293b937

Converged SDN Transport for CCIE Service Provider v5 | v202104

Chapter 1: Workbook introduction 5

Chapter 2: Converged SDN Transport 6

Chapter 3: Virtual Lab Setup 9

Chapter 4: CCIE SP Exam Topics 14

Chapter 5: Lab 1 - Unified MPLS with LDP & BGP-LU 16

Chapter 6: Lab 2 - Unified MPLS with SR & BGP-LU 202

Chapter 7: Lab 3 - Transition to Converged SDN Transport 254

Chapter 8: Lab 4 - Converged SDN Transport

Chapter 9: Lab 5 - Network Slicing

Chapter 10: Key Takeaway

Chapter 11: Abbreviations

Chapter 12: Bibliography & References

Converged SDN Transport for CCIE Service Provider v5 | v202104

Chapter 1: Workbook introduction……………………………………………………………………………….….5

Chapter 2: Converged SDN Transport………………………………………………………………………….….6
Value proposition…………………………………………………………………………………………………………………....6
Cisco Network Simplification Journey…………………………………………….………………………….…………8
Summary…………………………………………………………………………………………………………………….…….………8
Chapter 3: Virtual Lab Setup…………………….…………………………………………………………….….…….9
Topology overview……………………………………………………………………………………………………….………...9
Lab environment………………………………………………………………………………………………………………......10
VNF platform & software version……………………………………………………………………………….………11
IP addressing………………………………………………………………………………………………………………….……..12
Chapter 4: CCIE SP Exam Topics…………………………………………………………………………….……..14
Exam Topics covered in the workbook……………………………………………………………………….……..14
Chapter 5: Lab 1 - Unified MPLS with LDP & BGP-LU……………………………………….….…… 16
Objective………………………………………………………………………………………………………………………..……. 16
Target topology……………………………………………………………………………………………………………..…… 16
Task 1: IGP……………………………………………………………………………………………………………………..…… 17
1.1. OSPF in Access-1 domain………………………………………………………………………………………17
1.2. OSPF in Access-2 domain……………………………………………………………………………………...22
1.3. ISIS in Core domain………………………………………………………………………………………………… 27
Task 2: MPLS……………………………………………………………………………………………………………………….. 39
2.1. LDP & R-LFA in Access-1 domain..………………………………….……………………….…………..39
2.2. LDP & R-LFA in Access-2 domain………………………………………………………………….……..50
2.3. LDP & R-LFA in Core domain……………..…………………………………………………….………….. 60
Task 3: Optional Redistribution (if OSPF as Core IGP).........................……………………….……. 73
3.1. Redistribute ASBR Loopback……………………………………...………………………………….……..73
Task 4: BGP Label-Unicast (BGP-LU).……………………………………………………………………………… 76
4.1. Peering between PE and ASBR.………………………………...………………………………….…….. 76
4.2. Peering between ASBR and Transport-RR…………………………….…………………….……..82
4.3. Peering between Transport-RR and Service-RR……...………………………………….……..89
4.4. Path optimization with AIGP.……………………………………...………………………………….…….. 92
4.5. FRR with BGP Add-Path and PIC Edge………………….....………………………….…............102
Task 5: Layer 3 Connectivity……………………………………………………………………………………………. 118
5.1. Customer VRF.………..……………………………………………...……………………………………………. 118
5.2. BGP PE-CE…..………………………………...………………………………….…………………………………. 124
5.3. OSPF PE-CE….………………………………………………………………………………………………………. 130
Task 6: MPLS VPN Services……………………………………………………………………………………………..135
6.1. L3VPN - VPNv4……………………………………………………………………………………………………. 135
6.2. Carrier Ethernet - EVPN and EoMPLS……………………………………………………………….. 144
Task 7: MPLS Traffic Engineering……..……………………………………………………………………………. 166
7.1. MPLS-TE & RSVP………………………………………………………………………………………………….166

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 3 out of 326
Chapter 6: Lab 2 - Unified MPLS with SR & BGP-LU………………………………………............202
Objective……………………………………………………………………………………………………………………………..202
Target topology………………………………………………………………………………………………………………… 202
Task 1: Segment-Routing…..……………………………………………………………………………………………. 203
1.1. SR and TI-LFA in Access 1…………................................................................................... 203
1.2. SR and TI-LFA in Access 2……………................................................................................ 212
1.3. SR and TI-LFA in Core………….......................................................................................... 221
1.4. SR prefer & BGP Prefix-SID…………….............................................................................. 234
Task 2: LDP decommissioning………………………………………………………………………………………… 244
2.1. Remove LDP + Setup SRTE for RED path................................................................... 244
Chapter 7: Lab 3 - Transition to Converged SDN Transport.……………………………………. 261
Objective……………………………………………………………………………………………………………………………..261
Target topology………………………………………………………………………………………………………………….261
Task 1: SDN pre-configuration………..……………………………………………………………………………….262
1.1. BGP-LS and IGP link-state…………………………………………………………………………………..262
1.2. SR-PCE as SDN controller………………………………………………………………………………….. 269
Chapter 8: Lab 4 - Converged SDN Transport…………………………………………………………… 277
Objective……………………………………………………………………………………………………………………………..277
Target topology………………………………………………………………………………………………………………… 277
Task 1: L3VPN over SRTE……………………………………………………………………………………………….. 278
1.1. SRTE for Customer 2…………………………………………………………………………………………… 278
1.2. SRTE for Customer 3………..................................................................................... XXX
Task 2: L2VPN over SRTE………………………………………………………………………………………………..XXX
2.1. VPNv4 over SRTE - Customer 2………………………………………………………………………… XXX
2.2. VPNv4 over SRTE - Customer 3………………………………………………………………………… XXX
Task 3: BGP-LU decommissioning………………………………………………………………………………….XXX
Task 4: Anycast SID…………………………………………………………………………………………………………. XXX
Task 5:
Task 6:
Task 7:
Task 8:
Chapter 9: Lab 5 - Network Slicing
Objective
Target topology
Task 1: VRF, PE-CE
Task 2: VPNv4
Task 3: Automated Steering (AS)
Task 4: SR-TE
Task 5: On-Demand Next-hop (ODN)
Task 6: Flex-Algo
Task 7: Performance-Measurement (PM)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 4 out of 326
Chapter 10: Key Takeaway
Chapter 11: Abbreviations
Chapter 12: Bibliography & References

Converged SDN Transport for CCIE Service Provider v5 | v202104

Main objective is to get hands-on experience by configuring different variations of Unified

MPLS networks. We will start to setup a network based on LDP and BGP-LU, evolving
toward an SDN network relying on Segment-Routing. Many technologies that are required
to pass the CCIE Service Provider v5 exam are covered in this workbook.

Converged SDN Transport (CST) architecture is also presented in next chapter. In April
2021, CST is the latest Cisco operational model that provides simplicity, programmability
and automation for Service Providers. Interestingly, that model fully align with the CCIE
SP exam blueprint. Labs and tasks were written with that model in mind.

The workbook contains 5 labs (Lab 1 to Lab 5) composed of many tasks. All the labs must
be completed sequentially.

Chapter 10 is presenting the key takeaways of all the labs, with a synthesis of the Cisco
network simplification journey we experienced as we go through the implementations.

CML and EVE-NG topology files with initial configuration, software images, diagrams,
tables and figures are provided to follow the labs.

Summary of the covered technologies:

▪ IGP (OSPFv2, ISIS)

▪ MPLS (LDP, SR)
▪ BGP (BGP-LU, BGP-LS)
▪ L3VPN (VPNv4)
▪ Carrier Ethernet (QinQ, Local Bridging, EoMPLS, EVPN-VPWS)
▪ Fast Reroute (BFD, LFA, R-LFA, TI-LFA, BGP PIC Edge, Anycast SID)
▪ Traffic-Engineering (MPLS-TE, RSVP, SR-TE, BGP AS, ODN)
▪ SDN (SR-PCE)
▪ Network Slicing (Flex-Algo)
▪ Automation with NSO (…)

Converged SDN Transport for CCIE Service Provider v5 | v202104

Value proposition

Service Providers are facing the challenge to provide next generation services that can
quickly adapt to market needs. New paradigms such as 5G introduction, video traffic
continuous growth, IoT proliferation and cloud services model require unprecedented
flexibility, elasticity and scale from the network. Increasing bandwidth demands and
decreasing *ARPU put pressure on reducing network cost. At the same time, services need
to be deployed faster and more cost effectively to stay competitive.

Metro Access and Aggregation solutions have evolved from native Ethernet/Layer 2
based, to Unified MPLS to address the above challenges. The Unified MPLS architecture
provides a single converged network infrastructure with a common operational model. It
has great advantages in terms of network convergence, high scalability, high availability,
and optimized forwarding. However, that architectural model is still quite challenging to
manage, especially on large-scale networks, because of the large number of distributed
network protocols involved which increases operational complexity.

Converged SDN Transport design introduces an SDN-ready architecture which evolves

traditional Metro network design towards an SDN enabled, programmable network
capable of delivering all services (Residential, Business, 4G/5G Mobile Backhaul, Video,
IoT) on the premise of simplicity, full programmability, and cloud integration, with
guaranteed service level agreements (SLAs).

*Average Revenue Per User

Converged SDN Transport for CCIE Service Provider v5 | v202104

The Converged SDN Transport design brings tremendous value to Service Providers:

• Fast service deployment and rapid time to market through fully automated service
provisioning and end-to-end network programmability

• Operational simplicity with less protocols to operate and manage

• Smooth migration towards an SDN-ready architecture thanks to backward-

compatibility with existing network protocols and services

• Next generation service creation leveraging guaranteed SLAs

• Enhanced and optimized operations using telemetry/analytics in conjunction with

automation tools

The Converged SDN Transport design is targeted at Service Provider customers who:

• Want to evolve their existing Unified MPLS Network

• Are looking for an SDN ready solution

• Need a simple, scalable design that can support future growth

• Want a future proof architecture built using industry-leading technology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : Cisco Network Simplification Journey

Summary

The Converged SDN Transport design satisfies the following criteria for scalable next-
generation networks:

• Simple: based on Segment Routing as unified forwarding plane and EVPN and
L3VPN as a common BGP based services control plane

• Programmable: Using SR-PCE to program end-to-end multi-domain paths across

the network with guaranteed SLAs

• Automated : Service provisioning is fully automated using NSO and YANG models;
Analytics with model driven telemetry in conjunction with Crosswork Network
Insights to enhance operations and network visibility

More on Cisco website and blog:

https://www.cisco.com/c/en/us/solutions/service-provider/converged-sdn-transport.html

https://xrdocs.io/design/

Converged SDN Transport for CCIE Service Provider v5 | v202104

Topology overview

Below is the main topology we will use as reference throughout the workbook.

The Service Provider’s network consists of 3 IGP domains, including 2 access domains
running OSPF and a dual-plane Core domain running ISIS.

There are 4 customers spread over 8 sites in West and East regions. We will implement
Carrier Ethernet services for customer 1 and 4, and L3VPN services for customer 2 and 3.

Lab topology has 30 NFV platforms in total, including 28 routers and 2 switches. This
represents 48 links and 185 interfaces. NFV platforms are described in upcoming section.

Figure : Lab Topology overview

Converged SDN Transport for CCIE Service Provider v5 | v202104

Lab is setup and validated using Cisco CML (Personal 2.1 40 Node) and EVE-NG Pro
installed as a VM on a ESXI 6.7.0 hypervisor and hosted on a Dell PowerEdge T430.

Once fully loaded, the lab consumes around 8 vCPU and 80GB RAM.

Figure : Resource consumption in CML

For most of the XR devices, choice was to go with IOS XRv rather than XR9000v in the
objective to save overall resources (IOS XRv are able to return IDLE CPU to hypervisor).

There are 2 Access PE running XR9000v. Unlike XRv, XR9000v allows some technologies
to work in dataplane like L2VPN or BFD, etc.

Choice was made to use only physical interfaces to interconnect the routers for scalability
and performance reasons.

Figure : Physical layout with interface IDs

Converged SDN Transport for CCIE Service Provider v5 | v202104

Zone Node Role VNF platform SW Release

Customer West CE-XR41 CE XRv 6.6.3
Customer West CE-XR42 CE XRv 6.6.3
Customer West CE-XR43 CE XRv 6.6.3
Customer West CE-R44 CE CSR1000v 17.3.1a
Customer West SW-1 Switch IOSvL2 15.2 AdvK9
Customer East CE-R51 CE IOSv 15.9(3)M2
Customer East CE-R52 CE IOSv 15.9(3)M2
Customer East CE-R53 CE IOSv 15.9(3)M2
Customer East CE-R54 CE CSR1000v 17.3.1a
Customer East SW-2 Switch IOSvL2 15.2 AdvK9
Access 1 A1-XR21 P XRv 6.6.3
Access 1 A1-XR22 PE XR9000v 7.2.1
Access 1 A1-R23 PE CSR1000v 17.3.1a
Access 2 A2-R31 P CSR1000v 17.3.1a
Access 2 A2-XR32 PE XR9000v 7.2.1
Access 2 A2-R33 PE CSR1000v 17.3.1a
Access 1 / Core C-XR1 ASBR XRv 6.6.3
Access 1 / Core C-XR11 ASBR XRv 6.6.3
Access 2 / Core C-XR6 ASBR / PE XRv 6.6.3
Access 2 / Core C-XR16 ASBR / PE XRv 6.6.3
Core C-XR2 P XRv 6.6.3
Core C-XR3 P XRv 6.6.3
Core C-XR4 P XRv 6.6.3
Core C-XR5 P XRv 6.6.3
Core C-XR12 P XRv 6.6.3
Core C-XR13 P XRv 6.6.3
Core C-XR14 P XRv 6.6.3
Core C-XR15 P XRv 6.6.3
Transport-RR
Core C-XR10 XRv 6.6.3
or PCE
Core C-R110 Service-RR CSR1000v 17.3.1a
Figure : VNF platforms & SW version

Converged SDN Transport for CCIE Service Provider v5 | v202104

Node IPv4 Loopbacks

Zone Node Role Node ID. IPv4 Loopback
Customer West CE-XR41 CE 41 41.41.41.41/32
Customer West CE-XR42 CE 42 42.42.42.42/32
Customer West CE-XR43 CE 43 43.43.43.43/32
Customer West CE-R44 CE 44 N/A
Customer West SW-1 Switch 1 N/A
Customer East CE-R51 CE 51 51.51.51.51/32
Customer East CE-R52 CE 52 52.52.52.52/32
Customer East CE-R53 CE 53 53.53.53.53/32
Customer East CE-R54 CE 54 N/A
Customer East SW-2 Switch 2 N/A
Access 1 A1-XR21 P 21 21.21.21.21/32
Access 1 A1-XR22 PE 22 22.22.22.22/32
Access 1 A1-R23 PE 23 23.23.23.23/32
Access 2 A2-R31 P 31 31.31.31.31/32
Access 2 A2-XR32 PE 32 32.32.32.32/32
Access 2 A2-R33 PE 33 33.33.33.33/32
Access 1 / Core C-XR1 ASBR 1 1.1.1.1/32
Access 1 / Core C-XR11 ASBR 6 11.11.11.11/32
Access 2 / Core C-XR6 ASBR / PE 11 6.6.6.6/32
Access 2 / Core C-XR16 ASBR / PE 16 16.16.16.16/32
Core C-XR2 P 2 2.2.2.2/32
Core C-XR3 P 3 3.3.3.3/32
Core C-XR4 P 4 4.4.4.4/32
Core C-XR5 P 5 5.5.5.5/32
Core C-XR12 P 12 12.12.12.12/32
Core C-XR13 P 13 13.13.13.13/32
Core C-XR14 P 14 14.14.14.14/32
Core C-XR15 P 15 15.15.15.15/32
Transport-
Core C-XR10 RR 10 10.10.10.10/32
or PCE
Core C-R110 Service-RR 110 110.110.110.110/32
Figure : Node IP addressing

Converged SDN Transport for CCIE Service Provider v5 | v202104

Node IP addressing used for transit links:

Zone Node IP
Core 10.X.Y.Z/24
Access 1 20.X.Y.Z/24
Access 2 30.X.Y.Z/24
Customer West 40.X.Y.Z/24
Customer East 50.X.Y.Z/24

X=Lower Node ID
Y=Higher Node ID
Z=Node ID

Converged SDN Transport for CCIE Service Provider v5 | v202104

Exam Topics covered in this workbook

1.2. Border Gateway Protocol

1.2.e Design, deploy, and optimize BGP segments, BGP Labeled Unicast and BGP-LS

1.4. Multiprotocol Label Switching

1.4.d. Design and optimize SR (SRGB and Max Labels Depth)

1.5. MPLS Traffic Engineering

1.5.e. Design, deploy and optimize SR-TE
1.5.f. Design, deploy and optimize PCE and PCEP technology
1.5.g. Design, deploy and optimize Flexible Algorithm

2.2 Large scale MPLS Architecture

2.2.a. Design, deploy and optimize Unified MPLS
2.2.b. Design, deploy and optimize Multi-domain Segment Routing with SR-PCE
2.2.c. Design, deploy and optimize SLA based on IGP/TE metrics and Disjoint Paths

2.3 Carrier Ethernet

2.3.b. Design, deploy, and optimize VPWS, *VPLS and H-VPLS
2.3.c. Design, deploy, and optimize *EVPN, EVPN-VPWS and *EVPN-IRB
2.3.d. Design, deploy, and optimize L2VPN service auto steering into segment routing
policy

2.4 L3VPN
2.4.a. Design, deploy, and optimize L3VPN
2.4.d. Design, deploy, and optimize L3VPN service auto steering into segment routing
policy

3.2 Layer-3 Connectivity

3.2.a. Design, deploy, and optimize PE-CE routing protocols (OSPF, ISIS, and BGP)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 15 out of 326
4.2 Routing/fast convergence
4.2.c. Design, deploy, and optimize BGP convergence - Prefix Independent Convergence
(BGP-PIC)
4.2.e. Design, deploy, and optimize LFA (LFA, Remote LFA and TI-LFA)

6.1. Network Assurance

6.1.e. Design, deploy, and optimize Segment Routing Data Plane monitoring (SR-DPM)
6.1.f. Design, deploy, and optimize IP/MPLS Performance monitoring (TCP, UDP, ICMP
and SR)

Some information in the scope of the lab exam :

o Lab is fully virtualized. XR platforms are XR9000v only.

o In the design section of the exam, this is expected to be tested on Carrier Ethernet
technologies that are not supported in control-plane or data-plane on XR9000v.

* In this version of the workbook, we will only test the Carrier Ethernet technologies that
are supported in both control-plane and data-plane.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Objective

This Unified MPLS design mimics a large scale SP network. We will configure IGP and
LDP along with LFA in each domain, and enable BGP label exchange using RFC-3107 for
BGP peerings between each IGP domain. ASBR are inline-RR reflecting routes to access
PE and set themsleves as the next-hop for routes being reflected. This design is using a
transport-RR located in core domain, which peers and reflects routes to all ASBR routers.
We will first start by using default metric in all domains. Then, we will use different metric
in ISIS Core domain with the goal to test multiple BGP-TE and MPLS-TE scenarios.

Target topology

Figure : Lab 1 - Target Topology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 1.1. OSPF in Access-1 domain

Figure : OSPF 10 in Access-1

Configure OSPF on all routers in Access 1 domain as follows:

▪ Use OSPF Process ID 10.
▪ Statically set the Router-ID to Loopback0.
▪ All OSPF enabled interfaces must be in Area 0.
▪ Do not enable OSPF on any link facing customer.
▪ Don't send OSPF Hellos on Loopback 0.
▪ Change OSPF network type to point-to-point on all transit interfaces.
▪ Reduce the number of LSA that are flooded within Area 0, where the Transit links
must not be advertised.
▪ Once complete, verify all devices within Access-1 have reachability to each other, and
only Loopback are advertised.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access

A1-XR22:
!
router ospf 10
router-id 22.22.22.22
area 0
prefix-suppression
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/0
network point-to-point
!
interface GigabitEthernet0/0/0/1
network point-to-point
!
interface GigabitEthernet0/0/0/2
network point-to-point

A1-R23:
!
router ospf 10
router-id 23.23.23.23
prefix-suppression
passive-interface lo0
!
interface lo0
ip ospf 10 area 0
!
interface range Gi1-3
ip ospf 10 area 0
ip ospf network point-to-point

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 19 out of 326
A1-XR21:
!
router ospf 10
router-id 21.21.21.21
area 0
prefix-suppression
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/0
network point-to-point
!
interface GigabitEthernet0/0/0/1
network point-to-point
!
interface GigabitEthernet0/0/0/2
network point-to-point
!
interface GigabitEthernet0/0/0/3
network point-to-point

ASBR

C-XR1, C-XR11:
!
router ospf 10
router-id X.X.X.X <<< Replace ‘X’ by Node ID
area 0
prefix-suppression
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/2
network point-to-point
!
interface GigabitEthernet0/0/0/3
network point-to-point
!
interface GigabitEthernet0/0/0/4
network point-to-point

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:A1-XR21#sh ospf nei

* Indicates MADJ interface

# Indicates Neighbor awaiting BFD session up

Neighbors for OSPF 10

Neighbor ID Pri State Dead Time Address Interface

1.1.1.1 1 FULL/ - 00:00:34 20.1.21.1 GigabitEthernet0/0/0/0
Neighbor is up for 00:18:13
11.11.11.11 1 FULL/ - 00:00:35 20.11.21.11 GigabitEthernet0/0/0/1
Neighbor is up for 00:14:44
22.22.22.22 1 FULL/ - 00:00:34 20.21.22.22 GigabitEthernet0/0/0/2
Neighbor is up for 00:20:13
23.23.23.23 1 FULL/ - 00:00:37 20.21.23.23 GigabitEthernet0/0/0/3
Neighbor is up for 00:20:13

Total neighbor count: 4

RP/0/0/CPU0:A1-XR21#sh ospf database

OSPF Router with ID (21.21.21.21) (Process ID 10)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 440 0x80000004 0x00376d 4
11.11.11.11 11.11.11.11 438 0x80000004 0x00110c 4
21.21.21.21 21.21.21.21 440 0x80000004 0x00d40a 5
22.22.22.22 22.22.22.22 651 0x80000004 0x0068ed 4
23.23.23.23 23.23.23.23 438 0x80000005 0x008f86 4

Converged SDN Transport for CCIE Service Provider v5 | v202104

O 1.1.1.1/32 [110/2] via 20.1.21.1, 00:09:36, GigabitEthernet0/0/0/0

O 11.11.11.11/32 [110/2] via 20.11.21.11, 00:06:07, GigabitEthernet0/0/0/1
O 22.22.22.22/32 [110/2] via 20.21.22.22, 00:11:36, GigabitEthernet0/0/0/2
O 23.23.23.23/32 [110/2] via 20.21.23.23, 00:11:36, GigabitEthernet0/0/0/3

RP/0/0/CPU0:A1-XR21#sh ospf int brief

* Indicates MADJ interface, (P) Indicates fast detect hold down state
Interfaces for OSPF 10
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 10 0 21.21.21.21/32 1 LOOP 0/0
Gi0/0/0/0 10 0 20.1.21.21/24 1 P2P 1/1
Gi0/0/0/1 10 0 20.11.21.21/24 1 P2P 1/1
Gi0/0/0/2 10 0 20.21.22.21/24 1 P2P 1/1
Gi0/0/0/3 10 0 20.21.23.21/24 1 P2P 1/1

RP/0/0/CPU0:A1-XR21#ping 1.1.1.1 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

RP/0/0/CPU0:A1-XR21#ping 11.11.11.11 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:A1-XR21#ping 22.22.22.22 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

RP/0/0/CPU0:A1-XR21#ping 23.23.23.23 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.23, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/19 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure - OSPF 20 in Access-2

Configure OSPF on all routers in Access 2 domain as follows:

▪ Use OSPF Process ID 20.
▪ Statically set the Router-ID to Loopback0.
▪ All OSPF enabled interfaces must be in Area 0.
▪ Do not enable OSPF on any link facing customer.
▪ Don't send OSPF Hellos on Loopback 0.
▪ Change OSPF network type to point-to-point on all transit interfaces.
▪ Reduce the number of LSA that are flooded within Area 0, where the Transit links
must not be advertised.
▪ Once complete, verify all devices within Access-2 have reachability to each other, and
only Loopback are advertised.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access

A2-XR32:
!
router ospf 20
router-id 32.32.32.32
area 0
prefix-suppression
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/0
network point-to-point
!
interface GigabitEthernet0/0/0/1
network point-to-point
!
interface GigabitEthernet0/0/0/2
network point-to-point

A2-R33:
!
router ospf 20
router-id 33.33.33.33
prefix-suppression
passive-interface lo0
!
interface lo0
ip ospf 20 area 0
!
interface range Gi1-3
ip ospf 20 area 0
ip ospf network point-to-point

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 24 out of 326
A2-R31:
!
router ospf 20
router-id 31.31.31.31
prefix-suppression
passive-interface lo0
!
interface lo0
ip ospf 20 area 0
!
interface range Gi1-4
ip ospf 20 area 0
ip ospf network point-to-point

ASBR

C-XR6, C-XR16:
!
router ospf 20
router-id X.X.X.X <<< Replace ‘X’ by Node ID
area 0
prefix-suppression
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/2
network point-to-point
!
interface GigabitEthernet0/0/0/3
network point-to-point
!
interface GigabitEthernet0/0/0/4
network point-to-point

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-R31#sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
6.6.6.6 0 FULL/ - 00:00:34 30.6.31.6 GigabitEthernet1
16.16.16.16 0 FULL/ - 00:00:37 30.16.31.16 GigabitEthernet2
32.32.32.32 0 FULL/ - 00:00:39 30.31.32.32 GigabitEthernet3
33.33.33.33 0 FULL/ - 00:00:39 30.31.33.33 GigabitEthernet4

A2-R31#sh ip ospf database

OSPF Router with ID (31.31.31.31) (Process ID 20)
Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

6.6.6.6 6.6.6.6 380 0x80000004 0x000F9F 4
16.16.16.16 16.16.16.16 380 0x80000003 0x00EA3D 4
31.31.31.31 31.31.31.31 385 0x80000006 0x00A8AC 5
32.32.32.32 32.32.32.32 400 0x80000004 0x0045C0 4
33.33.33.33 33.33.33.33 386 0x80000005 0x003095 4

A2-R31#sh ip route ospf

<snip>
Gateway of last resort is not set

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/2] via 30.6.31.6, 00:07:25, GigabitEthernet1
16.0.0.0/32 is subnetted, 1 subnets
O 16.16.16.16 [110/2] via 30.16.31.16, 00:07:04, GigabitEthernet2
32.0.0.0/32 is subnetted, 1 subnets
O 32.32.32.32 [110/2] via 30.31.32.32, 00:08:55, GigabitEthernet3
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/2] via 30.31.33.33, 00:08:52, GigabitEthernet4

A2-R31#sh ip ospf int br

Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 20 0 31.31.31.31/32 1 LOOP 0/0
Gi1 20 0 30.6.31.31/24 1 P2P 1/1
Gi2 20 0 30.16.31.31/24 1 P2P 1/1
Gi3 20 0 30.31.32.31/24 1 P2P 1/1
Gi4 20 0 30.31.33.31/24 1 P2P 1/1

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 26 out of 326
A2-R31#ping 6.6.6.6 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 31.31.31.31
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/13 ms

A2-R31#ping 16.16.16.16 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.16.16.16, timeout is 2 seconds:
Packet sent with a source address of 31.31.31.31
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

A2-R31#ping 32.32.32.32 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 32.32.32.32, timeout is 2 seconds:
Packet sent with a source address of 31.31.31.31
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/15 ms

A2-R31#ping 33.33.33.33 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 31.31.31.31
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure - ISIS 1 in Core

Configure ISIS on all routers in Core domain as follows:

▪ Use ISIS instance 1.
▪ Use NET addresses as 49.0100.0000.0000.00XX.00, where XX is the node ID.
▪ Configure ISIS Level-2-only
▪ Configure Loopback0 without activating ISIS on the interface.
▪ Use metric values as shown in the figure.
▪ Enable ISIS Wide Metric.
▪ Do not enable ISIS on any link facing customer.
▪ Change ISIS network type to point-to-point on all transit interfaces.
▪ Advertise only passive interfaces to reduce LSP flooding within the domain.
▪ Once complete, verify all devices within the Core have reachability to each other, and
only Loopback are advertised.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Transport RR

C-XR10:
!
router isis 1
net 49.0100.0000.0000.0010.00
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4

Service RR

C-R110:
!
router isis 1
net 49.0100.0000.0000.0110.00
is-type level-2-only
metric-style wide
log-adjacency-changes
passive-interface Lo0
advertise passive-only
!
int Gi1
ip router isis 1
isis network point-to-point

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1, C-XR6:
!
router isis 1
net 49.0100.0000.0000.000X.00 <<< Replace ‘X’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 50
!
int Gi0/0/0/1
point-to-point
address-family ipv4
metric 100

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 30 out of 326
C-XR11, C-XR16:
!
router isis 1
net 49.0100.0000.0000.00XX.00 <<< Replace ‘XX’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 150
!
int Gi0/0/0/1
point-to-point
address-family ipv4
metric 200

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR3, C-XR5:
!
router isis 1
net 49.0100.0000.0000.000X.00 <<< Replace ‘X’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 100
!
int Gi0/0/0/1
point-to-point
address-family ipv4
!
int Gi0/0/0/2
point-to-point
address-family ipv4
metric 100
!
int Gi0/0/0/4
point-to-point
address-family ipv4

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 32 out of 326
C-XR13, C-XR15:
!
router isis 1
net 49.0100.0000.0000.00XX.00 <<< Replace ‘XX’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 200
!
int Gi0/0/0/1
point-to-point
address-family ipv4
!
int Gi0/0/0/2
point-to-point
address-family ipv4
metric 200
!
int Gi0/0/0/4
point-to-point
address-family ipv4

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR2, C-XR4:
!
router isis 1
net 49.0100.0000.0000.000X.00 <<< Replace ‘X’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 50
!
int Gi0/0/0/1
point-to-point
address-family ipv4
!
int Gi0/0/0/2
point-to-point
address-family ipv4
metric 50
!
int Gi0/0/0/3
point-to-point
address-family ipv4
!
int Gi0/0/0/4
point-to-point
address-family ipv4

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 34 out of 326
C-XR12, C-XR14:
!
router isis 1
net 49.0100.0000.0000.00XX.00 <<< Replace ‘XX’ by Node ID
is-type level-2-only
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
!
int lo0
passive
address-family ipv4 unicast
!
int Gi0/0/0/0
point-to-point
address-family ipv4
metric 150
!
int Gi0/0/0/1
point-to-point
address-family ipv4
!
int Gi0/0/0/2
point-to-point
address-family ipv4
metric 150
!
int Gi0/0/0/4
point-to-point
address-family ipv4

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR2#sh isis nei

IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
C-XR1 Gi0/0/0/0 *PtoP* Up 24 L2 Capable
C-XR4 Gi0/0/0/2 *PtoP* Up 20 L2 Capable
C-XR3 Gi0/0/0/1 *PtoP* Up 23 L2 Capable
C-XR10 Gi0/0/0/3 *PtoP* Up 28 L2 Capable
C-XR12 Gi0/0/0/4 *PtoP* Up 27 L2 Capable

Total neighbor count: 5

RP/0/0/CPU0:C-XR2#show isis database

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
C-XR1.00-00 0x0000000b 0x3fbf 763 /1199 0/0/0
C-XR2.00-00 * 0x0000000b 0x556d 831 /* 0/0/0
C-XR3.00-00 0x0000000a 0x99df 855 /1199 0/0/0
C-XR4.00-00 0x0000000a 0xb9ed 764 /1199 0/0/0
C-XR5.00-00 0x00000009 0xf36b 875 /1199 0/0/0
C-XR6.00-00 0x0000000b 0xe6e1 938 /1199 0/0/0
C-XR10.00-00 0x0000000b 0xad63 714 /1199 0/0/0
C-XR11.00-00 0x0000000b 0xd1b1 929 /1199 0/0/0
C-XR12.00-00 0x00000009 0x3539 785 /1199 0/0/0
C-XR13.00-00 0x00000009 0x6f8f 881 /1199 0/0/0
C-XR14.00-00 0x0000000a 0xd47d 744 /1199 0/0/0
C-XR15.00-00 0x0000000a 0x04de 850 /1199 0/0/0
C-XR16.00-00 0x0000000a 0x034b 796 /1199 0/0/0
C-R110.00-00 0x00000008 0x19fb 608 /1199 0/0/0

Total Level-2 LSP count: 14 Local Level-2 LSP count: 1

Converged SDN Transport for CCIE Service Provider v5 | v202104

i L2 1.1.1.1/32 [115/50] via 10.1.2.1, 00:34:48, GigabitEthernet0/0/0/0

i L2 3.3.3.3/32 [115/10] via 10.2.3.3, 00:48:30, GigabitEthernet0/0/0/1
i L2 4.4.4.4/32 [115/50] via 10.2.4.4, 00:47:30, GigabitEthernet0/0/0/2
i L2 5.5.5.5/32 [115/60] via 10.2.4.4, 00:47:23, GigabitEthernet0/0/0/2
i L2 6.6.6.6/32 [115/100] via 10.2.4.4, 00:31:32, GigabitEthernet0/0/0/2
i L2 10.10.10.10/32 [115/10] via 10.2.10.10, 00:48:30, GigabitEthernet0/0/0/3
i L2 11.11.11.11/32 [115/160] via 10.2.12.12, 00:33:40, GigabitEthernet0/0/0/4
i L2 12.12.12.12/32 [115/10] via 10.2.12.12, 00:47:57, GigabitEthernet0/0/0/4
i L2 13.13.13.13/32 [115/20] via 10.2.12.12, 00:47:49, GigabitEthernet0/0/0/4
[115/20] via 10.2.3.3, 00:47:49, GigabitEthernet0/0/0/1
i L2 14.14.14.14/32 [115/60] via 10.2.4.4, 00:47:02, GigabitEthernet0/0/0/2
i L2 15.15.15.15/32 [115/70] via 10.2.4.4, 00:47:23, GigabitEthernet0/0/0/2
i L2 16.16.16.16/32 [115/210] via 10.2.4.4, 00:46:53, GigabitEthernet0/0/0/2
i L2 110.110.110.110/32 [115/60] via 10.2.4.4, 00:23:01, GigabitEthernet0/0/0/2

RP/0/0/CPU0:C-XR2#show isis interface brief

IS-IS 1 Interfaces
Interface All Adjs Adj Topos Adv Topos CLNS MTU Prio
OK L1 L2 Run/Cfg Run/Cfg L1 L2
----------------- --- --------- --------- --------- ---- ---- --------
Lo0 Yes - - 0/0 1/1 No - - -
Gi0/0/0/0 No - 1 1/1 0/0 Up 1497 - -
Gi0/0/0/1 No - 1 1/1 0/0 Up 1497 - -
Gi0/0/0/2 No - 1 1/1 0/0 Up 1497 - -
Gi0/0/0/3 No - 1 1/1 0/0 Up 1497 - -
Gi0/0/0/4 No - 1 1/1 0/0 Up 1497 - -

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 37 out of 326
RP/0/0/CPU0:C-XR2#ping 10.10.10.10 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

RP/0/0/CPU0:C-XR2#ping 110.110.110.110 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

RP/0/0/CPU0:C-XR2#ping 12.12.12.12 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:C-XR2#ping 4.4.4.4 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:C-XR2#ping 14.14.14.14 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14.14.14.14, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

RP/0/0/CPU0:C-XR2#ping 3.3.3.3 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:C-XR2#ping 13.13.13.13 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.13.13.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/11/39 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 38 out of 326
RP/0/0/CPU0:C-XR2#ping 5.5.5.5 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

RP/0/0/CPU0:C-XR2#ping 15.15.15.15 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 15.15.15.15, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/11/39 ms

RP/0/0/CPU0:C-XR2#ping 1.1.1.1 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:C-XR2#ping 11.11.11.11 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

RP/0/0/CPU0:C-XR2#ping 6.6.6.6 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

RP/0/0/CPU0:C-XR2#ping 16.16.16.16 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.16.16.16, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 2.1. LDP & R-LFA in Access-1 domain

Configure LDP on all routers in Access-1 domain as follows:

▪ Use LDP router-id as Loopback0
▪ Ensure label range for each router is from the range of 20XX00-20XX99,
where “XX” is the node ID.
▪ MPLS LDP Autoconfig
▪ LDP and IGP Synchronization
▪ LDP Session Protection
▪ Enable Local-LFA along with Remote-LFA
▪ Links connected to Customer or Core domain must not have LDP enabled.
▪ Use MPLS OAM (Ping and Traceroute) to test router E2E reachability.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access

A1-XR22:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 10
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 22.22.22.22
mpls label range 202200 202299
mpls ldp session protection
mpls oam
!
! >>> Restart the router for label range to take effect on XR9000v

A1-R23:
!
mpls ldp router-id lo0
mpls ldp session protection
mpls label range 202300 202399
!
mpls ldp discovery targeted-hello accept
!
router ospf 10
fast-reroute per-prefix enable prefix-priority low
fast-reroute per-prefix remote-lfa area 0 tunnel mpls
mpls ldp autoconfig
mpls ldp sync

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 41 out of 326
A1-XR21:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 10
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 21.21.21.21
mpls label range 202100 202199
mpls ldp session protection
mpls oam

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR1:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 10
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 1.1.1.1
mpls label range 200100 200199
mpls ldp session protection
mpls oam

A1-XR11:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 10
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 11.11.11.11
mpls label range 201100 201199
mpls ldp session protection
mpls oam

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:A1-XR21#sh mpls ldp nei

Peer LDP Identifier: 23.23.23.23:0

TCP connection: 23.23.23.23:44521 - 21.21.21.21:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 359/355; Downstream-Unsolicited
Up time: 05:01:14
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/3
Targeted Hello (21.21.21.21 -> 23.23.23.23, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (5)
20.11.23.23 20.21.23.23 20.22.23.23 23.23.23.23
40.23.43.23
IPv6: (0)

Peer LDP Identifier: 1.1.1.1:0

TCP connection: 1.1.1.1:646 - 21.21.21.21:21651
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 355/369; Downstream-Unsolicited
Up time: 04:59:47
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/0
Targeted Hello (21.21.21.21 -> 1.1.1.1, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (6)
1.1.1.1 10.1.2.1 10.1.3.1 20.1.11.1
20.1.21.1 20.1.22.1
IPv6: (0)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 44 out of 326
Peer LDP Identifier: 11.11.11.11:0
TCP connection: 11.11.11.11:646 - 21.21.21.21:43840
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 355/367; Downstream-Unsolicited
Up time: 04:59:37
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/1
Targeted Hello (21.21.21.21 -> 11.11.11.11, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (6)
10.11.12.11 10.11.13.11 11.11.11.11 20.1.11.11
20.11.21.11 20.11.23.11
IPv6: (0)

Peer LDP Identifier: 22.22.22.22:0

TCP connection: 22.22.22.22:34479 - 21.21.21.21:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 331/332; Downstream-Unsolicited
Up time: 04:40:14
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/2
Targeted Hello (21.21.21.21 -> 22.22.22.22, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (5)
20.1.22.22 20.21.22.22 20.22.23.22 22.22.22.22
40.22.42.22
IPv6: (0)

Converged SDN Transport for CCIE Service Provider v5 | v202104

GigabitEthernet0/0/0/0:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
1.1.1.1:0

GigabitEthernet0/0/0/1:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
11.11.11.11:0

GigabitEthernet0/0/0/2:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
22.22.22.22:0

GigabitEthernet0/0/0/3:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
23.23.23.23:0

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 46 out of 326
RP/0/RP0/CPU0:A1-XR22#ping mpls ipv4 11.11.11.11 255.255.255.255 source 22.22.22.22
verbose

Sending 5, 100-byte MPLS Echos to 11.11.11.11/32,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

! size 100, reply addr 20.1.11.11, return code 3
! size 100, reply addr 20.1.11.11, return code 3
! size 100, reply addr 20.1.11.11, return code 3
! size 100, reply addr 20.1.11.11, return code 3
! size 100, reply addr 20.1.11.11, return code 3
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/12 ms

RP/0/RP0/CPU0:A1-XR22#traceroute mpls ipv4 11.11.11.11 255.255.255.255 source

22.22.22.22 verbose

Tracing MPLS Label Switched Path to 11.11.11.11/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

0 20.1.22.22 20.1.22.1 MRU 1500 [Labels: 200112 Exp: 0]
L 1 20.1.22.1 20.1.11.11 MRU 1500 [Labels: implicit-null Exp: 0] 30 ms, ret code 8
! 2 20.1.11.11 17 ms, ret code 3

Converged SDN Transport for CCIE Service Provider v5 | v202104

1.1.1.1/32, version 67, internal 0x1000001 0x30 (ptr 0xdcf60d8) [1], 0x0 (0xe4ebd50), 0xa28
(0xf41b378)
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 20.1.22.1/32, GigabitEthernet0/0/0/2, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xf69d280 0xf69d620]
next hop 20.1.22.1/32
local label 202200 labels imposed {ImplNull}
via 20.21.22.21/32, GigabitEthernet0/0/0/1, 7 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 1 NHID 0x0 [0xf25b440 0x0]
next hop 20.21.22.21/32
remote adjacency
local label 202200 labels imposed {202100}

11.11.11.11/32, version 68, internal 0x1000001 0x30 (ptr 0xdcf6000) [1], 0x0 (0xe4ebba0), 0xa28
(0xf39d0a8)
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 20.22.23.23/32, GigabitEthernet0/0/0/0, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 0 bkup-idx 2 NHID 0x0 [0xf69d198 0x0]
next hop 20.22.23.23/32
local label 202201 labels imposed {202303}
via 20.1.22.1/32, GigabitEthernet0/0/0/2, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf69d368 0x0]
next hop 20.1.22.1/32
local label 202201 labels imposed {200112}
via 20.21.22.21/32, GigabitEthernet0/0/0/1, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 2 bkup-idx 0 NHID 0x0 [0xf69d538 0x0]
next hop 20.21.22.21/32
local label 202201 labels imposed {202101}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 48 out of 326
21.21.21.21/32, version 69, internal 0x1000001 0x30 (ptr 0xdcf5f28) [1], 0x0 (0xe4eba80), 0xa28
(0xf41b148)
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 20.22.23.23/32, GigabitEthernet0/0/0/0, 5 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xf25b310 0x0]
next hop 20.22.23.23/32
remote adjacency
local label 202202 labels imposed {202302}
via 20.21.22.21/32, GigabitEthernet0/0/0/1, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf69d7f0 0xf69d538]
next hop 20.21.22.21/32
local label 202202 labels imposed {ImplNull}

23.23.23.23/32, version 70, internal 0x1000001 0x30 (ptr 0xdcf5e50) [1], 0x0 (0xe4eb9a8), 0xa28
(0xf41b2d8)
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 20.22.23.23/32, GigabitEthernet0/0/0/0, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xf69d8d8 0xf69d198]
next hop 20.22.23.23/32
local label 202203 labels imposed {ImplNull}
via 20.21.22.21/32, GigabitEthernet0/0/0/1, 7 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 1 NHID 0x0 [0xf25b440 0x0]
next hop 20.21.22.21/32
remote adjacency
local label 202203 labels imposed {202103}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 49 out of 326
Remote-LFA in action
Simulate A1-XR21 node failure by temporary shutdown all its interfaces so
that Access-1 domain becomes a Ring topology.

XR21:
!
interface Gi0/0/0/0
shut
interface Gi0/0/0/1
shut
interface Gi0/0/0/2
shut
interface Gi0/0/0/3
shut

RP/0/RP0/CPU0:A1-XR22#sh route 1.1.1.1

Routing entry for 1.1.1.1/32
Known via "ospf 10", distance 110, metric 2, type intra area
Routing Descriptor Blocks
20.22.23.23, from 1.1.1.1, via GigabitEthernet0/0/0/0, Backup (Remote-LFA)
Repair Node(s): 11.11.11.11
Route metric is 2
20.1.22.1, from 1.1.1.1, via GigabitEthernet0/0/0/2, Protected
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A1-XR22#sh route 23.23.23.23

Routing entry for 23.23.23.23/32
Known via "ospf 10", distance 110, metric 2, type intra area
Routing Descriptor Blocks
20.22.23.23, from 23.23.23.23, via GigabitEthernet0/0/0/0, Protected
Route metric is 2
20.1.22.1, from 23.23.23.23, via GigabitEthernet0/0/0/2, Backup (Remote-LFA)
Repair Node(s): 11.11.11.11
Route metric is 2
No advertising protos.

RP/0/0/CPU0:A1-XR21#rollback config last 1

Converged SDN Transport for CCIE Service Provider v5 | v202104

Configure LDP on all routers in Access-2 domain as follows:

▪ Use LDP router-id as Loopback0
▪ Ensure label range for each router is from the range of 30XX00-30XX99,
where “XX” is the node ID.
▪ MPLS LDP Autoconfig
▪ LDP and IGP Synchronization
▪ LDP Session Protection
▪ Enable Local-LFA along with Remote-LFA
▪ Links connected to Customer or Core domain must not have LDP enabled.
▪ Use MPLS OAM (Ping and Traceroute) to test E2E connectivity.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access

A2-XR32:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 20
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 32.32.32.32
mpls label range 303200 303299
mpls ldp session protection
mpls oam
!
! >>> Restart the router for label range to take effect on XR9000v

A2-R33:
!
mpls ldp router-id lo0
mpls ldp session protection
mpls label range 303300 303399
!
mpls ldp discovery targeted-hello accept
!
router ospf 20
mpls ldp autoconfig
mpls ldp sync
fast-reroute per-prefix enable prefix-priority low
fast-reroute per-prefix remote-lfa area 0 tunnel mpls

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 52 out of 326
A2-R31:
!
mpls ldp router-id lo0
mpls ldp session protection
mpls label range 303100 303199
!
mpls ldp discovery targeted-hello accept
!
router ospf 20
mpls ldp autoconfig
mpls ldp sync
fast-reroute per-prefix enable prefix-priority low
fast-reroute per-prefix remote-lfa area 0 tunnel mpls

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR6:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 20
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 6.6.6.6
mpls label range 300600 300699
mpls ldp session protection
mpls oam

A2-XR16:
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router ospf 20
fast-reroute per-prefix
fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
mpls ldp auto-config
mpls ldp sync
!
mpls ldp router-id 16.16.16.16
mpls label range 301600 301699
mpls ldp session protection
mpls oam

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-R31#show mpls ldp nei

Peer LDP Ident: 33.33.33.33:0; Local LDP Ident 31.31.31.31:0
TCP connection: 33.33.33.33.49227 - 31.31.31.31.646
State: Oper; Msgs sent/rcvd: 337/331; Downstream
Up time: 04:42:36
LDP discovery sources:
GigabitEthernet4, Src IP addr: 30.31.33.33
Targeted Hello 31.31.31.31 -> 33.33.33.33, active, passive
Addresses bound to peer LDP Ident:
30.31.33.33 30.32.33.33 30.16.33.33 50.33.53.33
33.33.33.33
Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 31.31.31.31:0
TCP connection: 6.6.6.6.646 - 31.31.31.31.26000
State: Oper; Msgs sent/rcvd: 333/347; Downstream
Up time: 04:41:33
LDP discovery sources:
GigabitEthernet1, Src IP addr: 30.6.31.6
Targeted Hello 31.31.31.31 -> 6.6.6.6, active, passive
Addresses bound to peer LDP Ident:
10.4.6.6 10.5.6.6 30.6.31.6 30.6.32.6
30.6.16.6 6.6.6.6
Peer LDP Ident: 16.16.16.16:0; Local LDP Ident 31.31.31.31:0
TCP connection: 16.16.16.16.646 - 31.31.31.31.19974
State: Oper; Msgs sent/rcvd: 332/347; Downstream
Up time: 04:40:55
LDP discovery sources:
GigabitEthernet2, Src IP addr: 30.16.31.16
Targeted Hello 31.31.31.31 -> 16.16.16.16, active, passive
Addresses bound to peer LDP Ident:
10.14.16.16 10.15.16.16 30.16.31.16 30.16.33.16
30.6.16.16 16.16.16.16
Peer LDP Ident: 32.32.32.32:0; Local LDP Ident 31.31.31.31:0
TCP connection: 32.32.32.32.30338 - 31.31.31.31.646
State: Oper; Msgs sent/rcvd: 334/329; Downstream
Up time: 04:40:24
LDP discovery sources:
GigabitEthernet3, Src IP addr: 30.31.32.32
Targeted Hello 31.31.31.31 -> 32.32.32.32, active, passive
Addresses bound to peer LDP Ident:
32.32.32.32 30.31.32.32 30.32.33.32 30.6.32.32
50.32.52.32

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 55 out of 326
A2-R31#show mpls ldp igp sync
GigabitEthernet1:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 6.6.6.6:0
IGP enabled: OSPF 20
GigabitEthernet2:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 16.16.16.16:0
IGP enabled: OSPF 20
GigabitEthernet3:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 32.32.32.32:0
IGP enabled: OSPF 20
GigabitEthernet4:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 33.33.33.33:0
IGP enabled: OSPF 20

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 56 out of 326
RP/0/RP0/CPU0:A2-XR32#ping mpls ipv4 16.16.16.16 255.255.255.255 source 32.32.32.32
verbose

Sending 5, 100-byte MPLS Echos to 16.16.16.16/32,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

! size 100, reply addr 30.6.16.16, return code 3
! size 100, reply addr 30.6.16.16, return code 3
! size 100, reply addr 30.6.16.16, return code 3
! size 100, reply addr 30.6.16.16, return code 3
! size 100, reply addr 30.6.16.16, return code 3
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/11 ms

RP/0/RP0/CPU0:A2-XR32#traceroute mpls ipv4 16.16.16.16 255.255.255.255 source

32.32.32.32 verbose

Tracing MPLS Label Switched Path to 16.16.16.16/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

0 30.6.32.32 30.6.32.6 MRU 1500 [Labels: 300612 Exp: 0]
L 1 30.6.32.6 30.6.16.16 MRU 1500 [Labels: implicit-null Exp: 0] 19 ms, ret code 8
! 2 30.6.16.16 15 ms, ret code 3

Converged SDN Transport for CCIE Service Provider v5 | v202104

6.6.6.6/32, version 22, internal 0x1000001 0x30 (ptr 0xd903040) [1], 0x0 (0xe249a80), 0xa28
(0xf5b20a8)
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.31.32.31/32, GigabitEthernet0/0/0/0, 7 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xf25b440 0x0]
next hop 30.31.32.31/32
remote adjacency
local label 303200 labels imposed {303100}
via 30.6.32.6/32, GigabitEthernet0/0/0/2, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf6a1198 0xf6a10b0]
next hop 30.6.32.6/32
local label 303200 labels imposed {ImplNull}

16.16.16.16/32, version 23, internal 0x1000001 0x30 (ptr 0xd902f68) [1], 0x0 (0xe249b10), 0xa28
(0xf352100)
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.31.32.31/32, GigabitEthernet0/0/0/0, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 0 bkup-idx 2 NHID 0x0 [0xf6a1280 0x0]
next hop 30.31.32.31/32
local label 303201 labels imposed {303101}
via 30.6.32.6/32, GigabitEthernet0/0/0/2, 4 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf6a10b0 0x0]
next hop 30.6.32.6/32
local label 303201 labels imposed {300612}
via 30.32.33.33/32, GigabitEthernet0/0/0/1, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 2 bkup-idx 0 NHID 0x0 [0xf6a1368 0x0]
next hop 30.32.33.33/32
local label 303201 labels imposed {303301}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 58 out of 326
31.31.31.31/32, version 24, internal 0x1000001 0x30 (ptr 0xd902e90) [1], 0x0 (0xe249a38), 0xa28
(0xf5b20f8)
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.31.32.31/32, GigabitEthernet0/0/0/0, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 0 bkup-idx 1 NHID 0x0 [0xf6a1450 0xf6a1280]
next hop 30.31.32.31/32
local label 303202 labels imposed {ImplNull}
via 30.32.33.33/32, GigabitEthernet0/0/0/1, 4 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 1 NHID 0x0 [0xf25b310 0x0]
next hop 30.32.33.33/32
remote adjacency
local label 303202 labels imposed {303302}

33.33.33.33/32, version 25, internal 0x1000001 0x30 (ptr 0xd902db8) [1], 0x0 (0xe2499a8), 0xa28
(0xf5b2148)
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.31.32.31/32, GigabitEthernet0/0/0/0, 7 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xf25b440 0x0]
next hop 30.31.32.31/32
remote adjacency
local label 303203 labels imposed {303102}
via 30.32.33.33/32, GigabitEthernet0/0/0/1, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf6a1538 0xf6a1368]
next hop 30.32.33.33/32
local label 303203 labels imposed {ImplNull}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 59 out of 326
Remote-LFA in action
Simulate A2-R31 node failure by temporary shutdown all its interfaces so
that Access-2 domain becomes a Ring topology.

A2-R31:
!
int range Gi1-4
shut

RP/0/RP0/CPU0:A2-XR32#sh route 6.6.6.6

Routing entry for 6.6.6.6/32
Known via "ospf 20", distance 110, metric 2, type intra area
Routing Descriptor Blocks
30.6.32.6, from 6.6.6.6, via GigabitEthernet0/0/0/2, Protected
Route metric is 2
30.32.33.33, from 6.6.6.6, via GigabitEthernet0/0/0/1, Backup (Remote-LFA)
Repair Node(s): 16.16.16.16
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A2-XR32#sh route 33.33.33.33

Routing entry for 33.33.33.33/32
Known via "ospf 20", distance 110, metric 2, type intra area
Routing Descriptor Blocks
30.6.32.6, from 33.33.33.33, via GigabitEthernet0/0/0/2, Backup (Remote-LFA)
Repair Node(s): 16.16.16.16
Route metric is 2
30.32.33.33, from 33.33.33.33, via GigabitEthernet0/0/0/1, Protected
Route metric is 2
No advertising protos.

A2-R31:
!
int range Gi1-4
no shut

Converged SDN Transport for CCIE Service Provider v5 | v202104

Configure LDP on all routers in Core domain as follows:

▪ Use LDP router-id as Loopback0
▪ Ensure label range for each router is from the range of 10XX00-10XX99,
where “XX” is the node ID.
▪ MPLS LDP Autoconfig
▪ LDP-IGP Synchronization
▪ LDP Session Protection
▪ Enable Local-LFA along with Remote-LFA (except for C-R10 and C-R110)
▪ Use MPLS OAM (Ping and Traceroute) to test router E2E reachability.

Configuration on ASBR:
▪ Don’t configure label range on ASBR (done in previous tasks)
▪ Don’t configure LDP router-id on ASBR (done in previous tasks)
▪ Don’t configure LDP Session Protection on ASBR (done in previous tasks)
▪ Don’t configure MPLS OAM on ASBR (done in previous tasks)

Converged SDN Transport for CCIE Service Provider v5 | v202104

Transport RR

C-XR10:
!
mpls ldp router-id 10.10.10.10
mpls label range 101000 101099
mpls ldp session protection
mpls oam
!
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
mpls ldp sync

Service RR

C-R110:
!
mpls ldp router-id lo0
mpls ldp session protection
mpls label range 110100 110199 <<< Label range adjusted for Node ID 110
!
router isis 1
mpls ldp autoconfig
mpls ldp sync

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1, C-XR11, C-XR6, C-XR16:

!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
!
interface Gi0/0/0/1
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR3, C-XR13, C-XR5, C-XR15:

!
mpls ldp router-id X.X.X.X <<< Adapt with associated Node ID
mpls label range 10XX00 10XX99 <<< Adapt with associated Node ID
mpls ldp session protection
mpls oam
!
mpls ldp address-family ipv4 discovery targeted-hello accept
!
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
!
interface Gi0/0/0/1
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
!
interface Gi0/0/0/2
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
!
interface Gi0/0/0/4
address-family ipv4 unicast
mpls ldp sync
fast-reroute per-prefix level 2
fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR2, C-XR12, C-XR4, C-XR14:

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 65 out of 326
C-XR2, C-XR4:
!
router isis 1
!
interface Gi0/0/0/3
address-family ipv4 unicast
mpls ldp sync
no fast-reroute

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR2#show mpls ldp nei

Peer LDP Identifier: 3.3.3.3:0

TCP connection: 3.3.3.3:23542 - 2.2.2.2:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 120/118; Downstream-Unsolicited
Up time: 01:24:45
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/1
Targeted Hello (2.2.2.2 -> 3.3.3.3, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (5)
3.3.3.3 10.1.3.3 10.2.3.3 10.3.5.3
10.3.13.3
IPv6: (0)

Peer LDP Identifier: 1.1.1.1:0

TCP connection: 1.1.1.1:646 - 2.2.2.2:24801
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 118/121; Downstream-Unsolicited
Up time: 01:24:45
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/0
Targeted Hello (2.2.2.2 -> 1.1.1.1, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (6)
1.1.1.1 10.1.2.1 10.1.3.1 20.1.11.1
20.1.21.1 20.1.22.1
IPv6: (0)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 67 out of 326
Peer LDP Identifier: 10.10.10.10:0
TCP connection: 10.10.10.10:32915 - 2.2.2.2:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 119/114; Downstream-Unsolicited
Up time: 01:24:45
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/3
Targeted Hello (2.2.2.2 -> 10.10.10.10, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (2)
10.2.10.10 10.10.10.10
IPv6: (0)

Peer LDP Identifier: 4.4.4.4:0

TCP connection: 4.4.4.4:22774 - 2.2.2.2:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 117/117; Downstream-Unsolicited
Up time: 01:24:16
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/2
Targeted Hello (2.2.2.2 -> 4.4.4.4, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (6)
4.4.4.4 10.2.4.4 10.4.5.4 10.4.6.4
10.4.14.4 10.4.110.4
IPv6: (0)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 68 out of 326
Peer LDP Identifier: 12.12.12.12:0
TCP connection: 12.12.12.12:29088 - 2.2.2.2:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 117/116; Downstream-Unsolicited
Up time: 01:23:33
LDP Discovery Sources:
IPv4: (2)
GigabitEthernet0/0/0/4
Targeted Hello (2.2.2.2 -> 12.12.12.12, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (5)
10.2.12.12 10.11.12.12 10.12.13.12 10.12.14.12
12.12.12.12
IPv6: (0)

Converged SDN Transport for CCIE Service Provider v5 | v202104

GigabitEthernet0/0/0/0:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
1.1.1.1:0

GigabitEthernet0/0/0/1:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
3.3.3.3:0

GigabitEthernet0/0/0/2:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
4.4.4.4:0

GigabitEthernet0/0/0/3:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
10.10.10.10:0

GigabitEthernet0/0/0/4:
VRF: 'default' (0x60000000)
Sync delay: Disabled
Sync status: Ready
Peers:
12.12.12.12:0

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 70 out of 326
RP/0/0/CPU0:C-XR1#ping mpls ipv4 16.16.16.16 255.255.255.255 source 1.1.1.1 verbose

Sending 5, 100-byte MPLS Echos to 16.16.16.16/32,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

! size 100, reply addr 10.14.16.16, return code 3
! size 100, reply addr 10.14.16.16, return code 3
! size 100, reply addr 10.14.16.16, return code 3
! size 100, reply addr 10.14.16.16, return code 3
! size 100, reply addr 10.14.16.16, return code 3
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/30 ms

RP/0/0/CPU0:C-XR1#traceroute mpls ipv4 16.16.16.16 255.255.255.255 source 1.1.1.1 verbose

Tracing MPLS Label Switched Path to 16.16.16.16/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

0 10.1.2.1 10.1.2.2 MRU 1500 [Labels: 100207 Exp: 0]
L 1 10.1.2.2 10.2.4.4 MRU 1500 [Labels: 100403 Exp: 0] 10 ms, ret code 8
L 2 10.2.4.4 10.4.14.14 MRU 1500 [Labels: 101400 Exp: 0] 20 ms, ret code 8
L 3 10.4.14.14 10.14.16.16 MRU 1500 [Labels: implicit-null Exp: 0] 20 ms, ret code 8
! 4 10.14.16.16 10 ms, ret code 3

Converged SDN Transport for CCIE Service Provider v5 | v202104

IS-IS 1 IPv4 Unicast FRR summary

Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 4 0 4
Some paths protected 0 0 0 0 0
Unprotected 0 0 9 0 9
Protection coverage 0.00% 0.00% 30.77% 0.00% 30.77%

RP/0/0/CPU0:C-XR2#show isis fast-reroute

IS-IS 1 IPv4 Unicast FRR backups

Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1)

df - level 1 default (closest attached router), su - summary null
C - connected, S - static, R - RIP, B - BGP, O - OSPF
E - EIGRP, A - access/subscriber, M - mobile, a - application
i - IS-IS (redistributed from another instance)
D - Downstream, LC - Line card disjoint, NP - Node protecting
P - Primary path, SRLG - SRLG disjoint, TM - Total metric via backup

Maximum parallel path count: 8

L2 1.1.1.1/32 [50/115]
via 10.1.2.1, GigabitEthernet0/0/0/0, C-XR1, Weight: 0
No FRR backup
L2 3.3.3.3/32 [10/115]
via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, Weight: 0
Backup path: R-LFA, via C-XR13 [13.13.13.13], via 10.2.12.12, GigabitEthernet0/0/0/4 C-
XR12, Weight: 0, Metric: 20
L2 4.4.4.4/32 [50/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup
L2 5.5.5.5/32 [60/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup
L2 6.6.6.6/32 [100/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 72 out of 326
L2 10.10.10.10/32 [10/115]
via 10.2.10.10, GigabitEthernet0/0/0/3, C-XR10, Weight: 0
No FRR backup
L2 11.11.11.11/32 [160/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, Weight: 0
Backup path: R-LFA, via C-XR13 [13.13.13.13], via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3,
Weight: 0, Metric: 20
L2 12.12.12.12/32 [10/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, Weight: 0
Backup path: R-LFA, via C-XR13 [13.13.13.13], via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3,
Weight: 0, Metric: 20
L2 13.13.13.13/32 [20/115]
via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, Weight: 0
Backup path: LFA, via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, Weight: 0, Metric: 20
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, Weight: 0
Backup path: LFA, via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, Weight: 0, Metric: 20
L2 14.14.14.14/32 [60/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup
L2 15.15.15.15/32 [70/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup
L2 16.16.16.16/32 [210/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup
L2 110.110.110.110/32 [60/115]
via 10.2.4.4, GigabitEthernet0/0/0/2, C-XR4, Weight: 0
No FRR backup

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 3.1. Redistribute ASBR Loopback

If we were using OSPF as Core IGP, meaning a single Loopback on ASBR for
both OSPF+LDP and BGP+Label LSPs, we would need to redistribute ASBR
Loopback into OSPF Core domain. This is because Loopback cannot belong
to multiple OSPF processes at the same time.

Network we built so far is using ISIS as Core IGP domain so we don’t need to redistribute
any ASBR Loopback. In this task, we are using OSPF in Core domain configured as Process
100, just as an example.

Figure : ASBR redistribution in OSPF Core

Redistribute ASBR Loopback as follows:

▪ Ensure to redistribute only ASBR Loopback in OSPF Core using
▪ Consider using OSPF Process 100
▪ Use route-policy to achieve this task
▪ Use router hostname as route-policy name

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1:
!
route-policy C-XR1
if destination in (1.1.1.1/32) then
pass
endif
end-policy
!
router ospf 100
redistribute connected route-policy C-XR1

C-XR11:
!
route-policy C-XR11
if destination in (11.11.11.11/32) then
pass
endif
end-policy
!
router ospf 100
redistribute connected route-policy C-XR11

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 75 out of 326
C-XR6:
!
route-policy C-XR6
if destination in (6.6.6.6/32) then
pass
endif
end-policy
!
router ospf 100
redistribute connected route-policy C-XR6

C-XR16:
!
route-policy C-XR16
if destination in (16.16.16.16/32) then
pass
endif
end-policy
!
router ospf 100
redistribute connected route-policy C-XR16

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 4.1. Peering between PE and ASBR

Figure : BGP-LU PE and ASBR

Configure BGP on all routers as follows:

▪ Refer to above Figure to achieve this task.
▪ Use BGP AS 100.
▪ Set BGP router-id to be the Node ID.
▪ Enable BGP label exchange using RFC-3107 on all peerings.
▪ Use Neighbor-group on ASBR.
▪ Advertise PE Loopback centrally on ASBR, with network command.
▪ Once complete, verify peering operational status is OK.

Converged SDN Transport for CCIE Service Provider v5 | v202104

ASBR are reflecting routes to Access PE and they set themselves as the
next-hop for routes being reflected. Because of this, they are considered as
“inline-RR” as they are in the forwarding path.

ASBR

C-XR1,C-XR11:
!
router bgp 100
bgp router-id X.X.X.X <<< Node ID
ibgp policy out enforce-modifications
address-family ipv4 unicast
network 22.22.22.22/32
network 23.23.23.23/32
allocate-label all
!
neighbor-group BGP-LU
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast
route-reflector-client
next-hop-self
!
neighbor 22.22.22.22
use neighbor-group BGP-LU
!
neighbor 23.23.23.23
use neighbor-group BGP-LU

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 78 out of 326
C-XR6,C-XR16:
!
router bgp 100
bgp router-id X.X.X.X <<< Node ID
ibgp policy out enforce-modifications
address-family ipv4 unicast
network 32.32.32.32/32
network 33.33.33.33/32
allocate-label all
!
neighbor-group BGP-LU
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast
route-reflector-client
next-hop-self
!
neighbor 32.32.32.32
use neighbor-group BGP-LU
!
neighbor 33.33.33.33
use neighbor-group BGP-LU

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22:
!
router bgp 100
bgp router-id 22.22.22.22
address-family ipv4 unicast
allocate-label all
!
neighbor 1.1.1.1
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast
!
neighbor 11.11.11.11
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast

A1-R23:
!
router bgp 100
bgp router-id 23.23.23.23
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source lo0
neighbor 11.11.11.11 remote-as 100
neighbor 11.11.11.11 update-source lo0
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-label
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-label

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
router bgp 100
bgp router-id 32.32.32.32
address-family ipv4 unicast
allocate-label all
!
neighbor 6.6.6.6
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast
!
neighbor 16.16.16.16
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast

A2-R33:
!
router bgp 100
bgp router-id 33.33.33.33
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source lo0
neighbor 16.16.16.16 remote-as 100
neighbor 16.16.16.16 update-source lo0
!
address-family ipv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-label
neighbor 16.16.16.16 activate
neighbor 16.16.16.16 send-label

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access PE are not receiving any prefixes yet.

BGP peerings are UP, transport between ASBR are still not in place.

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

1.1.1.1 0 100 241 217 50 0 0 03:34:28 0
11.11.11.11 0 100 243 217 50 0 0 03:34:25 0

A1-R23#sh bgp ipv4 unicast summary | b Neighbor

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

1.1.1.1 4 100 241 239 45 0 0 03:33:45 0
11.11.11.11 4 100 243 241 45 0 0 03:33:49 0

RP/0/RP0/CPU0:A2-XR32#sh bgp ipv4 labeled-unicast summary | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

6.6.6.6 0 100 243 218 44 0 0 03:35:57 0
16.16.16.16 0 100 243 218 44 0 0 03:35:59 0

A2-R33#sh bgp ipv4 unicast summary | b Neighbor

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

6.6.6.6 4 100 253 250 41 0 0 03:46:02 0
16.16.16.16 4 100 253 251 41 0 0 03:45:53 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure - BGP-LU ASBR & Transport-RR

Configure BGP as follows:

▪ Refer to above Figure to achieve this task.
▪ C-XR10 as Route-Reflector
▪ ASBR are Route-Reflector client of C-XR10
▪ Advertise C-XR10 Loopback into BGP
▪ Verify that each PE is receiving prefixes from other PE and from Transport-RR
▪ Verify that Transport-RR is receiving prefixes from all PE
▪ Verify PE-to-PE connectivity (Ping and Traceroute)

Converged SDN Transport for CCIE Service Provider v5 | v202104

ASBR

C-XR1, C-XR11, C-XR6, C-XR16:

!
router bgp 100
!
neighbor 10.10.10.10
remote-as 100
update-source lo0
address-family ipv4 labeled-unicast

Transport-RR

C-XR10:
!
router bgp 100
bgp router-id 10.10.10.10
address-family ipv4 unicast
allocate-label all
network 10.10.10.10/32
!
neighbor-group BGP-LU
remote-as 100
update-source Loopback0
address-family ipv4 labeled-unicast
route-reflector-client
!
neighbor 1.1.1.1
use neighbor-group BGP-LU
!
neighbor 11.11.11.11
use neighbor-group BGP-LU
!
neighbor 6.6.6.6
use neighbor-group BGP-LU
!
neighbor 16.16.16.16
use neighbor-group BGP-LU

Converged SDN Transport for CCIE Service Provider v5 | v202104

All PE and Transport-RR prefixes are received as expected. Some BGP

prefixes are noted as “r RIB-failures” (visible only on XE routers). Those
prefixes are already present in the RIB. They are learned from their local
OSPF domain (AD 110) which has a lower admin distance than iBGP (AD
200). Notice that those “r RIB-failures” are not shown on IOS XR.

A1-R23#sh bgp ipv4 unicast | b Network

* i 10.10.10.10/32 1.1.1.1 0 100 0i

*>i 11.11.11.11 0 100 0i
r>i 22.22.22.22/32 1.1.1.1 2 100 0i
ri 11.11.11.11 3 100 0i
r i 23.23.23.23/32 1.1.1.1 3 100 0i
r>i 11.11.11.11 2 100 0i
*>i 32.32.32.32/32 11.11.11.11 2 100 0i
*i 1.1.1.1 2 100 0i
*>i 33.33.33.33/32 11.11.11.11 2 100 0i
*i 1.1.1.1 2 100 0i
*>i 110.110.110.110/32
11.11.11.11 41 100 0i
*i 1.1.1.1 41 100 0i

A1-R23#sh ip bgp rib-failure

Network Next Hop RIB-failure RIB-NH Matches

22.22.22.22/32 1.1.1.1 Higher admin distance n/a
23.23.23.23/32 11.11.11.11 Higher admin distance n/a

Converged SDN Transport for CCIE Service Provider v5 | v202104

Network Next Hop Metric LocPrf Weight Path

*>i 10.10.10.10/32 16.16.16.16 0 100 0i
*i 6.6.6.6 0 100 0i
*>i 22.22.22.22/32 16.16.16.16 2 100 0i
*i 6.6.6.6 2 100 0i
*>i 23.23.23.23/32 16.16.16.16 2 100 0i
*i 6.6.6.6 2 100 0i
r i 32.32.32.32/32 16.16.16.16 3 100 0i
r>i 6.6.6.6 2 100 0i
r>i 33.33.33.33/32 16.16.16.16 2 100 0i
ri 6.6.6.6 3 100 0i

A2-R33#sh ip bgp rib-failure

Network Next Hop RIB-failure RIB-NH Matches

32.32.32.32/32 6.6.6.6 Higher admin distance n/a
33.33.33.33/32 16.16.16.16 Higher admin distance n/a

Converged SDN Transport for CCIE Service Provider v5 | v202104

Network Next Hop Metric LocPrf Weight Path

*>i10.10.10.10/32 1.1.1.1 0 100 0i
*i 11.11.11.11 0 100 0i
*>i22.22.22.22/32 1.1.1.1 2 100 0i
*i 11.11.11.11 3 100 0i
* i23.23.23.23/32 1.1.1.1 3 100 0i
*>i 11.11.11.11 2 100 0i
*>i32.32.32.32/32 1.1.1.1 2 100 0i
*i 11.11.11.11 2 100 0i
*>i33.33.33.33/32 1.1.1.1 2 100 0i
*i 11.11.11.11 2 100 0i

RP/0/RP0/CPU0:A2-XR32#sh bgp ipv4 labeled-unicast | b Network

Network Next Hop Metric LocPrf Weight Path

*>i10.10.10.10/32 6.6.6.6 0 100 0i
*i 16.16.16.16 0 100 0i
*>i22.22.22.22/32 6.6.6.6 2 100 0i
*i 16.16.16.16 2 100 0i
*>i23.23.23.23/32 6.6.6.6 2 100 0i
*i 16.16.16.16 2 100 0i
*>i32.32.32.32/32 6.6.6.6 2 100 0i
*i 16.16.16.16 3 100 0i
* i33.33.33.33/32 6.6.6.6 3 100 0i
*>i 16.16.16.16 2 100 0i
*>i110.110.110.110/32 6.6.6.6 41 100 0i
*i 16.16.16.16 41 100 0i

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 87 out of 326
With actual Metric in place, PE to PE traffic sent from A1-XR22 to A2-XR32
take the expected path. In below outputs, we see BGP-LU transport labels
allocated by the 2 ASBR to reach A2-XR32.

RP/0/RP0/CPU0:A1-XR22#traceroute 32.32.32.32 source lo0 numeric

1 20.1.22.1 [MPLS: Label 200116 Exp 0] 21 msec 26 msec 20 msec

2 10.1.2.2 [MPLS: Labels 100210/300614 Exp 0] 19 msec 23 msec 21 msec
3 10.2.4.4 [MPLS: Labels 100404/300614 Exp 0] 22 msec 20 msec 19 msec
4 10.4.6.6 [MPLS: Label 300614 Exp 0] 32 msec 21 msec 21 msec
5 30.6.32.32 31 msec * 24 msec

Transport Label allocated by LDP

Transport Label allocated by BGP

RP/0/0/CPU0:C-XR6#sh bgp ipv4 labeled-unicast labels | b Network

Network Next Hop Rcvd Label Local Label

*>i10.10.10.10/32 10.10.10.10 3 300606
*>i22.22.22.22/32 1.1.1.1 200113 300616
*>i23.23.23.23/32 11.11.11.11 201115 300617
*> 32.32.32.32/32 30.6.32.32 nolabel 300614
*> 33.33.33.33/32 30.6.31.31 nolabel 300615
*i 16.16.16.16 301614 300615

RP/0/0/CPU0:C-XR6#show mpls label table

Table Label Owner State Rewrite

----- ------- ------------------------------- ------ -------
<snip>
0 300614 LDP(A) InUse Yes
BGP-VPNv4(A):bgp-default InUse No

Converged SDN Transport for CCIE Service Provider v5 | v202104

Network Next Hop Rcvd Label Local Label

*>i10.10.10.10/32 10.10.10.10 3 200102
*> 22.22.22.22/32 20.1.22.22 nolabel 200113
*> 23.23.23.23/32 20.1.21.21 nolabel 200115
*i 11.11.11.11 201115 200115
*>i32.32.32.32/32 6.6.6.6 300614 200116
*>i33.33.33.33/32 16.16.16.16 301614 200117
*>i110.110.110.110/32 10.10.10.10 101012 200111

RP/0/0/CPU0:C-XR1#show mpls label table

Table Label Owner State Rewrite

----- ------- ------------------------------- ------ -------
<snip>
0 200116 BGP-VPNv4(A):bgp-default InUse No

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure - BGP-LU Transport-RR and Service-RR

Configure BGP as follows:

▪ Refer to above Figure to achieve this task.
▪ C-R110 node id as BGP router-id
▪ C-XR10 as route-reflector
▪ C-R110 ass route-reflector client
▪ Advertise C-R110 Loopback on C-XR10
▪ Once complete, verify all PE have connectivity with Service-RR

Converged SDN Transport for CCIE Service Provider v5 | v202104

Transport-RR

C-XR10:
!
router bgp 100
address-family ipv4 unicast
network 110.110.110.110/32
!
neighbor 110.110.110.110
use neighbor-group BGP-LU

Service-RR

C-R110:
!
router bgp 100
bgp router-id 110.110.110.110
no bgp default ipv4-unicast
neighbor 10.10.10.10 remote-as 100
neighbor 10.10.10.10 update-source Loopback0
!
address-family ipv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-label

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.1 0 100 1371 1394 41 0 0 22:43:21 2
6.6.6.6 0 100 1372 1394 41 0 0 22:43:20 2
11.11.11.11 0 100 1371 1394 41 0 0 22:43:22 2
16.16.16.16 0 100 1372 1394 41 0 0 22:43:19 2
110.110.110.110 0 100 1494 1385 41 0 0 22:35:03 0

C-R110#sh bgp ipv4 unicast sum | b Neighbor

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.10.10 4 100 1386 1495 46 0 0 22:35:51 6

RP/0/RP0/CPU0:A1-XR22#ping 110.110.110.110 source lo0

Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/14/18 ms

A1-R23#ping 110.110.110.110 source lo0

Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 23.23.23.23
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/16/21 ms

RP/0/RP0/CPU0:A2-XR32#ping 110.110.110.110 source lo0

Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/19 ms

A2-R33#ping 110.110.110.110 source lo0

Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 33.33.33.33
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/14/25 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : New Metric in Core

Configure BGP as follows:

▪ Refer to above Figure to achieve this task.
▪ Apply the new Metric in Core domain.
▪ Configure AIGP for all PE Loopback.
▪ Advertise PE Loopback using redistribution and RPL.
▪ Before do any change, first verify end-to-end path from A1-XR22 to A2-XR32, and
verify BGP path for A2-XR32.
▪ Then after changing the Metric, again verify end-to-end path from A1-XR22 to A2-
XR32, and verify BGP path for A2-XR32.
▪ Finally after setting-up AIGP, verify end-to-end path from A1-XR22 to A2-XR32, and
verify BGP path for A2-XR32.

Converged SDN Transport for CCIE Service Provider v5 | v202104

With actual Metric in place, traffic sent from A1-XR22 to A2-XR32 take the
expected path as shown in below figure. Notice traffic may also be ECMP in
access domains where we are using default metric everywhere.

Figure : Path - No Metric change

RP/0/RP0/CPU0:A1-XR22#traceroute 32.32.32.32 source lo0 numeric

1 20.1.22.1 [MPLS: Label 200116 Exp 0] 24 msec 20 msec 21 msec

2 10.1.2.2 [MPLS: Labels 100210/300614 Exp 0] 23 msec 19 msec 15 msec
3 10.2.4.4 [MPLS: Labels 100404/300614 Exp 0] 18 msec 18 msec 21 msec
4 10.4.6.6 [MPLS: Label 300614 Exp 0] 20 msec 18 msec 16 msec
5 30.6.32.32 32 msec * 29 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ BGP best path to A2-XR32 is via C-XR1 and is originated by C-XR6.

▪ Best path is via C-XR1 because it has a lowest IGP metric to BGP next-hop (2)
compared to path via C-XR11 (3).

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast 32.32.32.32/32 | b Paths

Paths: (2 available, best #1)

Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
1.1.1.1 (metric 2) from 1.1.1.1 (6.6.6.6)
Received Label 200116
Origin IGP, metric 2, localpref 100, valid, internal, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 50
Originator: 6.6.6.6, Cluster list: 1.1.1.1, 10.10.10.10
Path #2: Received by speaker 0
Not advertised to any peer
Local
11.11.11.11 (metric 3) from 11.11.11.11 (6.6.6.6)
Received Label 201116
Origin IGP, metric 2, localpref 100, valid, internal, labeled-unicast
Received Path ID 0, Local Path ID 0, version 0
Originator: 6.6.6.6, Cluster list: 11.11.11.11, 10.10.10.10

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR11, C-XR16:
!
router isis 1
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
metric 1

C-XR12, C-XR14:
!
router isis 1
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
metric 1
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
metric 1

Converged SDN Transport for CCIE Service Provider v5 | v202104

With new Metric in place in Core domain, traffic is now using another path
as shown in below figure. However this path is sub-optimal as it is not
using C-XR11_C-XR12 and C-XR14_C-XR16 links, which both have a
better cost. Notice traffic may also be ECMP in Access domains where we
are using default metric everywhere.

Figure : Path - New Metric

RP/0/RP0/CPU0:A1-XR22#traceroute 32.32.32.32 source lo0 numeric

1 20.1.22.1 [MPLS: Label 200116 Exp 0] 56 msec 23 msec 24 msec

2 10.1.2.2 [MPLS: Labels 100210/300614 Exp 0] 24 msec 24 msec 23 msec
3 10.2.12.12 [MPLS: Labels 101211/300614 Exp 0] 24 msec 22 msec 22 msec
4 10.12.14.14 [MPLS: Labels 101406/300614 Exp 0] 22 msec 23 msec 22 msec
5 10.4.14.4 [MPLS: Labels 100404/300614 Exp 0] 22 msec 22 msec 24 msec
6 10.4.6.6 [MPLS: Label 300614 Exp 0] 22 msec 22 msec 33 msec
7 30.6.32.32 33 msec * 32 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ BGP best path to A2-XR32 is still via C-XR1 and is still originated by C-XR6.
▪ Best path is via C-XR1 because it has a lowest IGP metric to BGP next-hop (2)
compared to path via C-XR11 (3).

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast 32.32.32.32/32 | b Paths

Paths: (2 available, best #1)

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1,C-XR11:
!
prefix-set PE_ACC_1_PSET
22.22.22.22/32,
23.23.23.23/32
end-set
!
route-policy PE_ACC_1_RPL
if destination in PE_ACC_1_PSET then
set aigp-metric igp-cost
endif
end-policy
!
router bgp 100
address-family ipv4 unicast
no network 22.22.22.22/32
no network 23.23.23.23/32
redistribute ospf 10 route-policy PE_ACC_1_RPL

C-XR6,C-XR16:
!
prefix-set PE_ACC_2_PSET
32.32.32.32/32,
33.33.33.33/32
end-set
!
route-policy PE_ACC_2_RPL
if destination in PE_ACC_2_PSET then
set aigp-metric igp-cost
endif
end-policy
!
router bgp 100
address-family ipv4 unicast
no network 32.32.32.32/32
no network 33.33.33.33/32
redistribute ospf 20 route-policy PE_ACC_2_RPL

Converged SDN Transport for CCIE Service Provider v5 | v202104

With new Metric in place in Core domain and with AIGP enabled for all PE
Loopbacks, traffic is now using a new optimized path as shown in below
diagram. Now the path is optimal as it is using C-XR11_C-XR12 and C-
XR14_C-XR16 links, which both have a very low cost. Notice traffic may
also be ECMP in Access domains where we are using default metric
everywhere.

Figure : Path - New Metric + AIGP

RP/0/RP0/CPU0:A1-XR22#traceroute 32.32.32.32 source lo0 numeric

1 20.1.22.1 [MPLS: Labels 200112/201116 Exp 0] 33 msec

20.21.22.21 28 msec
20.1.22.1 23 msec
2 20.1.11.11 [MPLS: Label 201116 Exp 0] 23 msec 24 msec
20.11.23.11 30 msec
3 10.11.12.12 [MPLS: Labels 101212/301615 Exp 0] 23 msec 23 msec 26 msec
4 10.12.14.14 [MPLS: Labels 101400/301615 Exp 0] 25 msec 22 msec 21 msec
5 10.14.16.16 [MPLS: Label 301615 Exp 0] 22 msec 20 msec 24 msec
6 30.16.33.33 [MPLS: Label 303303 Exp 0] 24 msec 24 msec 24 msec
7 30.32.33.32 26 msec * 36 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 100 out of 326
➢ BGP best path to A2-XR32 is now via C-XR11 and now originated by C-XR16.
➢ This is because Path #2 has a lower Accumulated IGP Metric (6) than Path#1 (65).

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast 32.32.32.32/32 | b Paths

Paths: (2 available, best #2)

Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
1.1.1.1 (metric 2) from 1.1.1.1 (16.16.16.16)
Received Label 200116
Origin incomplete, metric 3, localpref 100, aigp metric 65, valid, internal, labeled-unicast
Received Path ID 0, Local Path ID 0, version 0
Originator: 16.16.16.16, Cluster list: 1.1.1.1, 10.10.10.10
Total AIGP metric 67
Path #2: Received by speaker 0
Not advertised to any peer
Local
11.11.11.11 (metric 3) from 11.11.11.11 (16.16.16.16)
Received Label 201116
Origin incomplete, metric 3, localpref 100, aigp metric 6, valid, internal, best, group-best,
labeled-unicast
Received Path ID 0, Local Path ID 1, version 61
Originator: 16.16.16.16, Cluster list: 11.11.11.11, 10.10.10.10
Total AIGP metric 9

➢ IGP metric to BGP next-hop is still compared between Path #1 (2) and Path #2 (3).
➢ Path via C-XR1 still has the lowest IGP metric. Now that AIGP is used, it comes before
IGP metric in BGP best path process, hence Path #2 via C-XR11 is preferred.

New BGP best path process when AIGP is used:

1. Weight
2. Highest Local-Pref
3. Lowest AIGP Cost
4. Shortest AS-PATH
5. Lowest origin code (IGP/EGP/incomplete)
6. Lowest MED
7. Prefer eBGP over iBGP
8. Lowest IGP metric to the BGP next-hop

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 101 out of 326
➢ This can also be confirmed by comparing the 2 paths, and see the best-path reason:

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast 32.32.32.32/32 bestpath-compare | b

Paths

Paths: (2 available, best #2)

Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0x4080000000020005, import: 0x20
Not advertised to any peer
Local
1.1.1.1 (metric 2) from 1.1.1.1 (16.16.16.16), if-handle 0x00000000
Received Label 200116
Origin incomplete, metric 3, localpref 100, aigp metric 65, valid, internal, labeled-unicast
Received Path ID 0, Local Path ID 0, version 0
Originator: 16.16.16.16, Cluster list: 1.1.1.1, 10.10.10.10
Total AIGP metric 67
Higher AIGP metric than best path (path #2)
Path #2: Received by speaker 0
Flags: 0x4080000009060005, import: 0x20
Not advertised to any peer
Local
11.11.11.11 (metric 3) from 11.11.11.11 (16.16.16.16), if-handle 0x00000000
Received Label 201116
Origin incomplete, metric 3, localpref 100, aigp metric 6, valid, internal, best, group-best,
labeled-unicast
Received Path ID 0, Local Path ID 1, version 61
Originator: 16.16.16.16, Cluster list: 11.11.11.11, 10.10.10.10
Total AIGP metric 9
best of local AS, Overall best

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : FRR with BGP Add-Path and PIC Edge

Configure BGP as follows:

▪ Refer to above Figure to achieve this task.
▪ Focus on traffic from A1-XR22 to A2-XR32.
▪ Provide Full path diversity and FRR end-to-end, as follows:
o Send and Receive all additional paths on all inline-RR (ASBR)
o Send and Receive all additional paths on Transport-RR
o Receive all additional paths on all PE
o Enable PIC Edge on all ASBR and PE
▪ Once configuration is complete, ensure FRR is working on all ASBR and PE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

By default, RR hides redundant paths to routers because it runs its own

best-path algorithm and reflects the best path to all its RR-clients. To
overcome this limitation, we need to enable path diversity on RR, by
configuring additional-paths receive and send capabilities on RR, and also
on its RR-clients.

ASBR (inline-RR)

C-XR1, C-XR11, C-XR6, C-XR16:

!
route-policy ADD-PATH_RPL
set path-selection backup 1 install advertise
end-policy
!
router bgp 100
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy ADD-PATH_RPL

Transport-RR

C-XR10:
!
route-policy ADD-PATH_RPL
set path-selection all advertise
end-policy
!
router bgp 100
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy ADD-PATH_RPL

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22, A2-XR32:
!
route-policy ADD-PATH_RPL
set path-selection backup 1 install
end-policy
!
router bgp 100
address-family ipv4 unicast
additional-paths receive
additional-paths selection route-policy ADD-PATH_RPL

➢ After the changes are done on XR, we need to flap BGP sessions (clear bgp *).
➢ This is needed to negotiate the additional capabilities on the session.

A1-R23:
!
router bgp 100
address-family ipv4
bgp additional-paths receive
bgp additional-paths select all
bgp additional-paths install
neighbor 1.1.1.1 additional-paths receive
neighbor 11.11.11.11 additional-paths receive

A1-R33:
!
router bgp 100
address-family ipv4
bgp additional-paths receive
bgp additional-paths select all
bgp additional-paths install
neighbor 6.6.6.6 additional-paths receive
neighbor 16.16.16.16 additional-paths receive

➢ On XE nodes, BGP sessions flap automatically during the change.

➢ This is needed to negotiate the additional capabilities on the session.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR1#sh bgp ipv4 labeled-unicast | b Network

Network Next Hop Metric LocPrf Weight Path
*>i10.10.10.10/32 10.10.10.10 0 100 0i
*> 22.22.22.22/32 20.1.22.22 2 32768 ?
*i 11.11.11.11 3 100 0?
*> 23.23.23.23/32 20.1.21.21 3 32768 ?
*i 11.11.11.11 2 100 0?
*>i32.32.32.32/32 16.16.16.16 3 100 0?
*i 6.6.6.6 2 100 0?
*>i33.33.33.33/32 16.16.16.16 2 100 0?
*i 6.6.6.6 3 100 0?
*>i110.110.110.110/32 10.10.10.10 41 100 0i

RP/0/0/CPU0:C-XR11#sh bgp ipv4 labeled-unicast | b Network

Network Next Hop Metric LocPrf Weight Path
*>i10.10.10.10/32 10.10.10.10 0 100 0i
*> 22.22.22.22/32 20.11.21.21 3 32768 ?
*i 1.1.1.1 2 100 0?
*> 23.23.23.23/32 20.11.23.23 2 32768 ?
*i 1.1.1.1 3 100 0?
*>i32.32.32.32/32 16.16.16.16 3 100 0?
*i 6.6.6.6 2 100 0?
*>i33.33.33.33/32 16.16.16.16 2 100 0?
*i 6.6.6.6 3 100 0?
*>i110.110.110.110/32 10.10.10.10 41 100 0i

RP/0/0/CPU0:C-XR6#sh bgp ipv4 labeled-unicast | b Network

Network Next Hop Metric LocPrf Weight Path
*>i10.10.10.10/32 10.10.10.10 0 100 0i
*>i22.22.22.22/32 11.11.11.11 3 100 0?
*i 1.1.1.1 2 100 0?
*>i23.23.23.23/32 11.11.11.11 2 100 0?
*i 1.1.1.1 3 100 0?
*> 32.32.32.32/32 30.6.32.32 2 32768 ?
*i 16.16.16.16 3 100 0?
*> 33.33.33.33/32 30.6.31.31 3 32768 ?
*i 16.16.16.16 2 100 0?
*>i110.110.110.110/32 10.10.10.10 41 100 0i

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 106 out of 326
RP/0/0/CPU0:C-XR16#sh bgp ipv4 labeled-unicast | b Network
Network Next Hop Metric LocPrf Weight Path
*>i10.10.10.10/32 10.10.10.10 0 100 0i
*>i22.22.22.22/32 11.11.11.11 3 100 0?
*i 1.1.1.1 2 100 0?
*>i23.23.23.23/32 11.11.11.11 2 100 0?
*i 1.1.1.1 3 100 0?
*> 32.32.32.32/32 30.16.31.31 3 32768 ?
*i 6.6.6.6 2 100 0?
*> 33.33.33.33/32 30.16.33.33 2 32768 ?
*i 6.6.6.6 3 100 0?
*>i110.110.110.110/32 10.10.10.10 41 100 0i

RP/0/0/CPU0:C-XR1#sh bgp ipv4 labeled-unicast 32.32.32.32/32 | b Paths

Paths: (2 available, best #1)

Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
16.16.16.16 (metric 62) from 10.10.10.10 (16.16.16.16)
Received Label 301615
Origin incomplete, metric 3, localpref 100, aigp metric 3, valid, internal, best, group-best,
labeled-unicast
Received Path ID 1, Local Path ID 1, version 149
Originator: 16.16.16.16, Cluster list: 10.10.10.10
Total AIGP metric 65
Path #2: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
6.6.6.6 (metric 121) from 10.10.10.10 (6.6.6.6)
Received Label 300614
Origin incomplete, metric 2, localpref 100, aigp metric 2, valid, internal, backup, add-path,
labeled-unicast
Received Path ID 2, Local Path ID 3, version 149
Originator: 6.6.6.6, Cluster list: 10.10.10.10
Total AIGP metric 123

Converged SDN Transport for CCIE Service Provider v5 | v202104

Paths: (2 available, best #1)

Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
16.16.16.16 (metric 3) from 10.10.10.10 (16.16.16.16)
Received Label 301615
Origin incomplete, metric 3, localpref 100, aigp metric 3, valid, internal, best, group-best,
labeled-unicast
Received Path ID 1, Local Path ID 1, version 181
Originator: 16.16.16.16, Cluster list: 10.10.10.10
Total AIGP metric 6
Path #2: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
6.6.6.6 (metric 62) from 10.10.10.10 (6.6.6.6)
Received Label 300614
Origin incomplete, metric 2, localpref 100, aigp metric 2, valid, internal, backup, add-path,
labeled-unicast
Received Path ID 2, Local Path ID 2, version 181
Originator: 6.6.6.6, Cluster list: 10.10.10.10
Total AIGP metric 64

Converged SDN Transport for CCIE Service Provider v5 | v202104

Paths: (2 available, best #1)

Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.10.10
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.10.10
Local
30.6.32.32 from 0.0.0.0 (6.6.6.6)
Origin incomplete, metric 2, localpref 100, weight 32768, aigp metric 2, valid, redistributed,
best, group-best
Received Path ID 0, Local Path ID 1, version 50
Total AIGP metric 2
Path #2: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
16.16.16.16 (metric 2) from 10.10.10.10 (16.16.16.16)
Received Label 301615
Origin incomplete, metric 3, localpref 100, aigp metric 3, valid, internal, backup, add-path,
labeled-unicast
Received Path ID 1, Local Path ID 4, version 137
Originator: 16.16.16.16, Cluster list: 10.10.10.10
Total AIGP metric 5

Converged SDN Transport for CCIE Service Provider v5 | v202104

Paths: (2 available, best #1)

Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.10.10
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.10.10.10
Local
30.16.31.31 from 0.0.0.0 (16.16.16.16)
Origin incomplete, metric 3, localpref 100, weight 32768, aigp metric 3, valid, redistributed,
best, group-best
Received Path ID 0, Local Path ID 1, version 51
Total AIGP metric 3
Path #2: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.3
Local
6.6.6.6 (metric 2) from 10.10.10.10 (6.6.6.6)
Received Label 300614
Origin incomplete, metric 2, localpref 100, aigp metric 2, valid, internal, backup, add-path,
labeled-unicast
Received Path ID 2, Local Path ID 4, version 145
Originator: 6.6.6.6, Cluster list: 10.10.10.10
Total AIGP metric 4

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast | b Network

Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.10/32 0.0.0.0 0 32768 i
* i22.22.22.22/32 1.1.1.1 2 100 0?
*>i 11.11.11.11 3 100 0?
* i23.23.23.23/32 1.1.1.1 3 100 0?
*>i 11.11.11.11 2 100 0?
* i32.32.32.32/32 6.6.6.6 2 100 0?
*>i 16.16.16.16 3 100 0?
* i33.33.33.33/32 6.6.6.6 3 100 0?
*>i 16.16.16.16 2 100 0?
*> 110.110.110.110/32 10.2.10.2 41 32768 i

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast 32.32.32.32/32 | b Paths

Paths: (2 available, best #2)

Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.1
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
110.110.110.110
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.1
Local, (Received from a RR-client)
6.6.6.6 (metric 81) from 6.6.6.6 (6.6.6.6)
Received Label 300614
Origin incomplete, metric 2, localpref 100, aigp metric 2, valid, internal, add-path, labeled-
unicast
Received Path ID 1, Local Path ID 2, version 123
Total AIGP metric 83
Path #2: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.1
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
110.110.110.110
Local, (Received from a RR-client)
16.16.16.16 (metric 22) from 16.16.16.16 (16.16.16.16)
Received Label 301615
Origin incomplete, metric 3, localpref 100, aigp metric 3, valid, internal, best, group-best,
labeled-unicast
Received Path ID 1, Local Path ID 1, version 123
Total AIGP metric 25

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 111 out of 326
Verifications - Check additionaly path capabilities - between
Transport-RR and ASBR

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast neighbors 1.1.1.1 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: advertised and received
Additional-paths Receive: advertised and received

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast neighbors 11.11.11.11 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: advertised and received
Additional-paths Receive: advertised and received

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast neighbors 6.6.6.6 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: advertised and received
Additional-paths Receive: advertised and received

RP/0/0/CPU0:C-XR10#sh bgp ipv4 labeled-unicast neighbors 16.16.16.16 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: advertised and received
Additional-paths Receive: advertised and received

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast neighbors 1.1.1.1 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: received
Additional-paths Receive: advertised and received

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast neighbors 11.11.11.11 | b AF-

dependent
AF-dependent capabilities:
Additional-paths Send: received
Additional-paths Receive: advertised and received

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast neighbors 6.6.6.6 | b AF-dependent

AF-dependent capabilities:
Additional-paths Send: received
Additional-paths Receive: advertised and received

RP/0/RP0/CPU0:A1-XR22#sh bgp ipv4 labeled-unicast neighbors 16.16.16.16 | b AF-

dependent
AF-dependent capabilities:
Additional-paths Send: received
Additional-paths Receive: advertised and received

Converged SDN Transport for CCIE Service Provider v5 | v202104

PE - RIB and CEF

RP/0/RP0/CPU0:A1-XR22#sh route 32.32.32.32/32

Routing entry for 32.32.32.32/32
Known via "bgp 100", distance 200, metric 9, [ei]-bgp (AIGP metric)
Number of pic paths 1 , type internal
Installed Apr 17 15:26:06.963 for 17:34:05
Routing Descriptor Blocks
1.1.1.1, from 1.1.1.1, BGP backup path
Route metric is 67
11.11.11.11, from 11.11.11.11
Route metric is 9
No advertising protos.

RP/0/RP0/CPU0:A1-XR22#sh cef 32.32.32.32/32

32.32.32.32/32, version 672, internal 0x5000001 0x40 (ptr 0xdcf4560) [1], 0x0 (0xe4ebc30), 0xa08
(0xf5bd288)
Updated Apr 17 15:26:06.967
Prefix Len 32, traffic index 0, precedence n/a, priority 4
via 1.1.1.1/32, 4 dependencies, recursive, backup [flags 0x6100]
path-idx 0 NHID 0x0 [0xde3d570 0x0]
recursion-via-/32
next hop 1.1.1.1/32 via 202200/0/21
local label 202206
next hop 20.1.22.1/32 Gi0/0/0/2 labels imposed {ImplNull 200116}
via 11.11.11.11/32, 4 dependencies, recursive [flags 0x6000]
path-idx 1 NHID 0x0 [0xde3d210 0x0]
recursion-via-/32
next hop 11.11.11.11/32 via 202201/0/21
local label 202206
next hop 20.22.23.23/32 Gi0/0/0/0 labels imposed {202303 201116}
next hop 20.1.22.1/32 Gi0/0/0/2 labels imposed {200112 201116}
next hop 20.21.22.21/32 Gi0/0/0/1 labels imposed {202101 201116}

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR1#sh route 32.32.32.32/32

Routing entry for 32.32.32.32/32
Known via "bgp 100", distance 200, metric 65, [ei]-bgp (AIGP metric)
Number of pic paths 1 , type internal
Installed Apr 17 15:26:12.773 for 17:38:38
Routing Descriptor Blocks
6.6.6.6, from 10.10.10.10, BGP backup path
Route metric is 123
16.16.16.16, from 10.10.10.10
Route metric is 65
No advertising protos.

RP/0/0/CPU0:C-XR1#sh cef 32.32.32.32/32

32.32.32.32/32, version 881, internal 0x5000001 0x0 (ptr 0xa1431b48) [1], 0x0 (0xa14138c8),
0xa08 (0xa1a02178)
Updated Apr 17 15:26:12.794
Prefix Len 32, traffic index 0, precedence n/a, priority 4
via 6.6.6.6/32, 2 dependencies, recursive, backup [flags 0x6100]
path-idx 0 NHID 0x0 [0xa17cb170 0x0]
recursion-via-/32
next hop 6.6.6.6/32 via 200110/0/21
local label 200116
next hop 10.1.2.2/32 Gi0/0/0/0 labels imposed {100210 300614}
via 16.16.16.16/32, 3 dependencies, recursive [flags 0x6000]
path-idx 1 NHID 0x0 [0xa17cb288 0x0]
recursion-via-/32
next hop 16.16.16.16/32 via 200109/0/21
local label 200116
next hop 10.1.2.2/32 Gi0/0/0/0 labels imposed {100207 301615}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 115 out of 326
RP/0/0/CPU0:C-XR11#sh route 32.32.32.32/32
Routing entry for 32.32.32.32/32
Known via "bgp 100", distance 200, metric 6, [ei]-bgp (AIGP metric)
Number of pic paths 1 , type internal
Installed Apr 17 15:26:13.744 for 17:45:04
Routing Descriptor Blocks
6.6.6.6, from 10.10.10.10, BGP backup path
Route metric is 64
16.16.16.16, from 10.10.10.10
Route metric is 6
No advertising protos.

RP/0/0/CPU0:C-XR11#sh cef 32.32.32.32/32

32.32.32.32/32, version 1203, internal 0x5000001 0x0 (ptr 0xa1415abc) [1], 0x0 (0xa13f7c38),
0xa08 (0xa1a6e358)
Updated Apr 17 15:26:13.763
Prefix Len 32, traffic index 0, precedence n/a, priority 4
via 6.6.6.6/32, 2 dependencies, recursive, backup [flags 0x6100]
path-idx 0 NHID 0x0 [0xa17cafcc 0x0]
recursion-via-/32
next hop 6.6.6.6/32 via 201111/0/21
local label 201116
next hop 10.11.12.12/32 Gi0/0/0/0 labels imposed {101211 300614}
via 16.16.16.16/32, 3 dependencies, recursive [flags 0x6000]
path-idx 1 NHID 0x0 [0xa17cb5d0 0x0]
recursion-via-/32
next hop 16.16.16.16/32 via 201110/0/21
local label 201116
next hop 10.11.12.12/32 Gi0/0/0/0 labels imposed {101212 301615}

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ As we reach Access 2 domain, BGP is no more relevant. LFA (and ECMP if applicable)
takeover to provide FRR mechanism to targeted prefix.

ASBR

RP/0/0/CPU0:C-XR6#sh route 32.32.32.32/32

Routing entry for 32.32.32.32/32
Known via "ospf 20", distance 110, metric 2, type intra area
Installed Apr 15 17:35:06.702 for 2d15h
Routing Descriptor Blocks
30.6.31.31, from 32.32.32.32, via GigabitEthernet0/0/0/2, Backup (Local-LFA)
Route metric is 3
30.6.32.32, from 32.32.32.32, via GigabitEthernet0/0/0/3, Protected
Route metric is 2
No advertising protos.

RP/0/0/CPU0:C-XR6#sh cef 32.32.32.32/32

32.32.32.32/32, version 354, internal 0x1000001 0x0 (ptr 0xa1415a30) [1], 0x0 (0xa13f7b98),
0xa28 (0xa19cd0b8)
Updated Apr 17 15:26:13.054
local adjacency 30.6.32.32
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.6.31.31/32, GigabitEthernet0/0/0/2, 8 dependencies, weight 0, class 0, backup (Local-
LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xa187f3d0 0x0]
next hop 30.6.31.31/32
local adjacency
local label 300614 labels imposed {303103}
via 30.6.32.32/32, GigabitEthernet0/0/0/3, 2 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xa1a792a0 0xa1a79600]
next hop 30.6.32.32/32
local label 300614 labels imposed {ImplNull}

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 117 out of 326
RP/0/0/CPU0:C-XR16#sh route 32.32.32.32/32
Routing entry for 32.32.32.32/32
Known via "ospf 20", distance 110, metric 3, type intra area
Installed Apr 15 17:35:06.343 for 2d15h
Routing Descriptor Blocks
30.16.31.31, from 32.32.32.32, via GigabitEthernet0/0/0/2, Protected, ECMP-Backup (Local-
LFA)
Route metric is 3
30.16.33.33, from 32.32.32.32, via GigabitEthernet0/0/0/3, Protected, ECMP-Backup (Local-
LFA)
Route metric is 3
30.6.16.6, from 32.32.32.32, via GigabitEthernet0/0/0/4, Protected
Route metric is 3
No advertising protos.

RP/0/0/CPU0:C-XR16#sh cef 32.32.32.32/32

32.32.32.32/32, version 430, internal 0x1000001 0x0 (ptr 0xa1431a30) [1], 0x0 (0xa1413bc0),
0xa28 (0xa1a3208c)
Updated Apr 17 15:26:13.485
local adjacency 30.16.31.31
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 30.16.31.31/32, GigabitEthernet0/0/0/2, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 0 bkup-idx 1 NHID 0x0 [0xa19c5330 0x0]
next hop 30.16.31.31/32
local label 301615 labels imposed {303103}
via 30.16.33.33/32, GigabitEthernet0/0/0/3, 4 dependencies, weight 0, class 0, protected,
ECMP-backup (Local-LFA) [flags 0x600]
path-idx 1 bkup-idx 0 NHID 0x0 [0xa19c5210 0x0]
next hop 30.16.33.33/32
local label 301615 labels imposed {303303}
via 30.6.16.6/32, GigabitEthernet0/0/0/4, 4 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 2 bkup-idx 0 NHID 0x0 [0xa19c5570 0x0]
next hop 30.6.16.6/32
local label 301615 labels imposed {300614}

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 5.1. Customer VRF

Figure : Layer 3 VRF, RD, RT

Setup customer VRF as follows:

▪ Refer to the figure to achieve this task.
▪ Add vrf “cust-2” with below RT and RD parameters:
o RT : 100:2232
o RD on A1-XR22 : 100:22
o RD on A1-XR32 : 100:32
▪ Add vrf “cust-3” with below RT and RD parameters:
o RT is 100:2233
o RD on A1-R23 : 100:23
o RD on A2-R33 : 100:33
▪ Assign vrf “cust-2” on below links:
o A1-XR22 - CE-XR42
o A2-XR32 - CE-XR52
▪ Assign vrf “cust-3” on below links:
o A1-R23 - CE-XR43
o A2-R33 - CE-XR53
▪ Once complete, verify VRF status and IP connectivity between PE and CE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1

A1-XR22:
!
vrf cust-2
address-family ipv4 unicast
import route-target
100:2232
!
export route-target
100:2232
!
interface Gi0/0/0/3
no ipv4 address
vrf cust-2
ipv4 address 40.22.42.22/24

A1-R23:
!
vrf definition cust-3
rd 100:23
route-target both 100:2333
address-family ipv4
!
interface Gi4
vrf forwarding cust-3
ip address 40.23.43.23 255.255.255.0

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
vrf cust-2
address-family ipv4 unicast
import route-target
100:2232
!
export route-target
100:2232
!
interface Gi0/0/0/3
no ipv4 address
vrf cust-2
ipv4 address 50.32.52.32/24

A2-R33:
!
vrf definition cust-3
rd 100:33
route-target both 100:2333
address-family ipv4
!
interface Gi4
vrf forwarding cust-3
ip address 50.33.53.33 255.255.255.0

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#sh vrf cust-2 detail

VRF cust-2; RD not set; VPN ID not set <<< RD set in BGP config
VRF mode: Regular
Description not set
Interfaces:
GigabitEthernet0/0/0/3
Address family IPV4 Unicast
Import VPN route-target communities:
RT:100:2232
Export VPN route-target communities:
RT:100:2232
No import route policy
No export route policy
Address family IPV6 Unicast
No import VPN route-target communities
No export VPN route-target communities
No import route policy
No export route policy

RP/0/RP0/CPU0:A2-XR32#sh vrf cust-2 detail

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 122 out of 326
A1-R23#sh vrf detail
VRF cust-3 (VRF Id = 1); default RD 100:23; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Gi4
Address family ipv4 unicast (Table ID = 0x1):
Flags: 0x0
Export VPN route-target communities
RT:100:2333
Import VPN route-target communities
RT:100:2333
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active
Address family ipv6 multicast not active

A2-R33#sh vrf detail

VRF cust-3 (VRF Id = 1); default RD 100:33; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Gi4
Address family ipv4 unicast (Table ID = 0x1):
Flags: 0x0
Export VPN route-target communities
RT:100:2333
Import VPN route-target communities
RT:100:2333
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active
Address family ipv6 multicast not active

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 123 out of 326
RP/0/RP0/CPU0:A1-XR22#ping vrf cust-2 40.22.42.42
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.22.42.42, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

RP/0/RP0/CPU0:A2-XR32#ping vrf cust-2 50.32.52.52

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.32.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/10 ms

A1-R23#ping vrf cust-3 40.23.43.43

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.23.43.43, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

A2-R33#ping vrf cust-3 50.33.53.53

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.33.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : BGP PE-CE

Configure BGP PE-CE as follows:

▪ Refer to the figure to achieve this task.
▪ Establish eBGP between customer PE and CE as follows:
o Use AS 45 on CE
o Set BGP router-id on CE
o Advertise CE Loopback0 in BGP
▪ Account for AS number which is the same of both customer CE sites.
▪ Once complete, ensure PE receive CE Loopback in cust-2 VRF table.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1

A1-XR22:
!
route-policy PASS
pass
end-policy
!
router bgp 100
address-family ipv4 unicast
address-family vpnv4 unicast
!
vrf cust-2
rd 100:22
address-family ipv4 unicast
!
neighbor 40.22.42.42
remote-as 45
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
as-override

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 126 out of 326
CE-XR42:
!
route-policy PASS
pass
end-policy
!
router bgp 45
bgp router-id 42.42.42.42
address-family ipv4 unicast
network 42.42.42.42/32
!
neighbor 40.22.42.22
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
route-policy PASS
pass
end-policy
!
router bgp 100
address-family ipv4 unicast
address-family vpnv4 unicast
!
vrf cust-2
rd 100:32
address-family ipv4 unicast
!
neighbor 50.32.52.52
remote-as 45
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
as-override

CE-XR52:
!
router bgp 45
bgp router-id 52.52.52.52
neighbor 50.32.52.32 remote-as 100
network 52.52.52.52 mask 255.255.255.255

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#sh bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i

RP/0/RP0/CPU0:A1-XR22#sh bgp vpnv4 unicast vrf cust-2 42.42.42.42/32

BGP routing table entry for 42.42.42.42/32, Route Distinguisher: 100:22
Versions:
Process bRIB/RIB SendTblVer
Speaker 7 7
Local Label: 202209
Last Modified: Apr 19 06:05:40.819 for 01:14:04
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
45
40.22.42.42 from 40.22.42.42 (42.42.42.42)
Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 7
Extended community: RT:100:2232

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 129 out of 326
RP/0/RP0/CPU0:A2-XR32#sh bgp vpnv4 unicast vrf cust-2 | b Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:32 (default for vrf cust-2)
*> 52.52.52.52/32 50.32.52.52 0 0 45 i

RP/0/RP0/CPU0:A2-XR32#sh bgp vpnv4 unicast vrf cust-2 52.52.52.52/32

BGP routing table entry for 52.52.52.52/32, Route Distinguisher: 100:32
Versions:
Process bRIB/RIB SendTblVer
Speaker 3 3
Local Label: 303209
Last Modified: Apr 19 06:03:53.376 for 01:17:19
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
45
50.32.52.52 from 50.32.52.52 (52.52.52.52)
Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 3
Extended community: RT:100:2232

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure - OSPF PE-CE

Configure OSPF PE-CE as follows:

▪ Refer to the figure to achieve this task.
▪ Configure OSPF on CE as follows:
o Use Node ID as OSPF router-id
o Use OSPF process 1
o Advertise Loopback0
▪ Configure OSPF on PE as follows:
o Use OSPF process 23 on A1-R23
o Use OSPF process 33 on A1-R33
▪ Only Customer Loopback are allowed to be advertised into MP-BGP.
▪ Once complete, ensure PE receive CE Loopback in cust-3 VRF table.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1

A1-R23:
!
router ospf 23 vrf cust-3
network 40.23.43.43 0.0.0.0 area 0
redistribute bgp 100 subnets
!
int Gi4
ip ospf 23 area 0
!
ip prefix-list LOOPBACK_PLIST seq 5 permit 0.0.0.0/0 ge 32
!
route-map LOOPBACK_RMAP permit 10
match ip address prefix-list LOOPBACK_PLIST
!
router bgp 100
address-family ipv4 vrf cust-3
redistribute ospf 23 match internal external nssa route-map LOOPBACK_RMAP

CE-XR43:
!
router ospf 1
router-id 43.43.43.43
area 0
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/1

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R33:
!
router ospf 33 vrf cust-3
network 50.33.53.53 0.0.0.0 area 0
redistribute bgp 100 subnets
!
int Gi4
ip ospf 33 area 0
!
ip prefix-list LOOPBACK_PLIST seq 5 permit 0.0.0.0/0 ge 32
!
route-map LOOPBACK_RMAP permit 10
match ip address prefix-list LOOPBACK_PLIST
!
router bgp 100
address-family ipv4 vrf cust-3
redistribute ospf 33 match internal external nssa route-map LOOPBACK_RMAP

CE-R53:
!
router ospf 1
router-id 53.53.53.53
network 50.33.53.33 0.0.0.0 area 0
network 53.53.53.53 0.0.0.0 area 0
passive-interface lo0
!
int Gi0/1
ip ospf 1 area 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#sh bgp vpnv4 unicast all

BGP table version is 3, local router ID is 23.23.23.23
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:23 (default for vrf cust-3)
*> 43.43.43.43/32 40.23.43.43 2 32768 ?

A1-R23#sh bgp vpnv4 unicast all 43.43.43.43

BGP routing table entry for 100:23:43.43.43.43/32, version 3
Paths: (1 available, best #1, table cust-3)
Not advertised to any peer
Refresh Epoch 1
Local
40.23.43.43 (via vrf cust-3) from 0.0.0.0 (23.23.23.23)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:100:2333 OSPF DOMAIN ID:0x0005:0x000000170200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:40.23.43.23:0
rx pathid: 0, tx pathid: 0x0
Updated on Apr 22 2021 06:51:15 UTC

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 134 out of 326
A2-R33#sh bgp vpnv4 unicast all
BGP table version is 3, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:33 (default for vrf cust-3)
*> 50.33.53.0/24 0.0.0.0 0 32768 ?
*> 53.53.53.53/32 50.33.53.53 2 32768 ?

A2-R33#sh bgp vpnv4 unicast all 53.53.53.53/32

BGP routing table entry for 100:33:53.53.53.53/32, version 3
Paths: (1 available, best #1, table cust-3)
Not advertised to any peer
Refresh Epoch 1
Local
50.33.53.53 (via vrf cust-3) from 0.0.0.0 (33.33.33.33)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:100:2333 OSPF DOMAIN ID:0x0005:0x000000210200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:50.33.53.33:0
rx pathid: 0, tx pathid: 0x0
Updated on Apr 22 2021 07:04:52 UTC

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 6.1. L3VPN - VPNv4

Figure : L3VPN - VPNv4

Configure VPNv4 neighborship as follows:

▪ Refer to the figure to achieve this task.
▪ Peer all PE with Service-RR (C-R110) as follows:
o Use Peer-Group on RR
▪ Customer 3 (cust-3 vrf) prefixes must be receive as OSPF internal ‘O’
o Add and use Lo123 - 123.123.123.123/32 on A1-R23.
o Add and use Lo133 - 133.133.133.133/32 on A1-R33.
o Ensure Loopbacks 123 and 133 are not received on CE.
▪ Only Customer Loopback must be received on CE.
▪ Ensure RR and PE receive all customer prefixes, and verify end-to-end connectivity for
Customer 2 and 3.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Service RR

C-R110:
!
router bgp 100
!
neighbor iBGP peer-group
neighbor iBGP remote-as 100
neighbor iBGP update-source lo0
!
neighbor 22.22.22.22 peer-group iBGP
neighbor 23.23.23.23 peer-group iBGP
neighbor 32.32.32.32 peer-group iBGP
neighbor 33.33.33.33 peer-group iBGP
!
address-family vpnv4
neighbor iBGP send-community extended
neighbor iBGP route-reflector-client
neighbor 22.22.22.22 activate
neighbor 23.23.23.23 activate
neighbor 32.32.32.32 activate
neighbor 33.33.33.33 activate

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22, A2-XR32:
!
router bgp 100
address-family vpnv4 unicast
!
neighbor 110.110.110.110
remote-as 100
update-source lo0
address-family vpnv4 unicast

A1-R23, A2-R33:
!
router bgp 100
no bgp default ipv4-unicast
neighbor 110.110.110.110 remote-as 100
neighbor 110.110.110.110 update-source lo0
!
address-family vpnv4 unicast
neighbor 110.110.110.110 activate
neighbor 110.110.110.110 send-community extended

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-R110#sh bgp vpnv4 unicast all | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22
*>i 42.42.42.42/32 22.22.22.22 0 100 0 45 i
Route Distinguisher: 100:23
*>i 40.23.43.0/24 23.23.23.23 0 100 0?
*>i 43.43.43.43/32 23.23.23.23 2 100 0?
Route Distinguisher: 100:32
*>i 52.52.52.52/32 32.32.32.32 0 100 0 45 i
Route Distinguisher: 100:33
*>i 50.33.53.0/24 33.33.33.33 0 100 0?
*>i 53.53.53.53/32 33.33.33.33 2 100 0?

RP/0/RP0/CPU0:A1-XR22#sh bgp vpnv4 unicast sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
110.110.110.110 0 100 111 95 9 0 0 01:31:46 1

RP/0/RP0/CPU0:A2-XR32#sh bgp vpnv4 unicast sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
110.110.110.110 0 100 111 96 5 0 0 01:32:05 1

A1-R23#sh bgp vpnv4 unicast all sum | b Neighbor

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
110.110.110.110 4 100 123 120 7 0 0 01:44:31 2

A2-R33#sh bgp vpnv4 unicast all sum | b Neighbor

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
110.110.110.110 4 100 123 122 7 0 0 01:45:04 2

RP/0/0/CPU0:CE-XR42#sh ip route bgp

B 52.52.52.52/32 [20/0] via 40.22.42.22, 01:34:59

Converged SDN Transport for CCIE Service Provider v5 | v202104

CE-XR43:
!
prefix-set ONLY_LOOPBACK_PSET
0.0.0.0/0 ge 32
end-set
!
prefix-set DENY_ALL_PSET
0.0.0.0/0 le 32
end-set
!
route-policy ONLY_LOOPBACK_RPL
if destination in ONLY_LOOPBACK_PSET then
pass
else
if destination in DENY_ALL_PSET then
drop
endif
endif
end-policy
!
!
router ospf 1
area 0
distribute-list route-policy ONLY_LOOPBACK_RPL in

CE-R53:
!
ip prefix-list ONLY_LOOPBACK_PLIST permit 0.0.0.0/0 ge 32
ip prefix-list ONLY_LOOPBACK_PLIST deny 0.0.0.0/0 le 32
!
router ospf 1
distribute-list prefix ONLY_LOOPBACK_PLIST in

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 140 out of 326
Only customer host routes are received on CE. But those prefixes are
received as OSPF External ‘O E2’, and this is not what we want. Thoses
prefixes must be OSPF internal ‘O’. To achieve that goal, an OSPF Sham-
Link is setup in next section.

RP/0/0/CPU0:CE-XR43#sh route ospf

O E2 53.53.53.53/32 [110/2] via 40.23.43.23, 02:18:27, GigabitEthernet0/0/0/1

CE-R53#sh ip route ospf | b Gateway

43.0.0.0/32 is subnetted, 1 subnets
O E2 43.43.43.43 [110/2] via 50.33.53.33, 02:18:27, GigabitEthernet0/1

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 141 out of 326
➢ First, we add new vrf Loopbacks used as endpoints of the sham-link tunnel.
➢ Then, we configure OSPF sham-link and advertise sham-link Loopbacks into MP-BGP.

A1-R23:
!
interface Lo123
vrf forwarding cust-3
ip address 123.123.123.123 255.255.255.255
!
access-list 2 permit 123.123.123.123
access-list 2 permit 133.133.133.133
!
route-map TO_CUST-3_RMAP deny 10
match ip address 2
route-map TO_CUST-3_RMAP permit 20
!
router ospf 23 vrf cust-3
area 0 sham-link 123.123.123.123 133.133.133.133
redistribute bgp 100 route-map TO_CUST-3_RMAP
!
ip prefix-list LOOPBACK_PLIST seq 5 permit 0.0.0.0/0 ge 32
!
route-map LOOPBACK_RMAP permit 10
match ip address prefix-list LOOPBACK_PLIST
!
router bgp 100
address-family ipv4 vrf cust-3
network 123.123.123.123 mask 255.255.255.255
redistribute ospf 23 match internal external nssa-external route-map LOOPBACK_RMAP

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 142 out of 326
A1-R33:
!
interface Lo133
vrf forwarding cust-3
ip address 133.133.133.133 255.255.255.255
!
access-list 2 permit 123.123.123.123
access-list 2 permit 133.133.133.133
!
route-map TO_CUST-3_RMAP deny 10
match ip address 2
route-map TO_CUST-3_RMAP permit 20
!
router ospf 33 vrf cust-3
area 0 sham-link 133.133.133.133 123.123.123.123
redistribute bgp 100 route-map TO_CUST-3_RMAP
!
ip prefix-list LOOPBACK_PLIST seq 5 permit 0.0.0.0/0 ge 32
!
route-map LOOPBACK_RMAP permit 10
match ip address prefix-list LOOPBACK_PLIST
!
router bgp 100
address-family ipv4 vrf cust-3
network 133.133.133.133 mask 255.255.255.255
redistribute ospf 23 match internal external nssa-external route-map LOOPBACK_RMAP

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 143 out of 326
➢ Now, customer host routes are received as OSPF internal ‘O’, and as expected, Sham-
Link loopbacks are not received on CE.

RP/0/0/CPU0:CE-XR43#sh route ospf

O 53.53.53.53/32 [110/4] via 40.23.43.23, 00:46:33, GigabitEthernet0/0/0/1

RP/0/0/CPU0:CE-XR43#sh route 53.53.53.53/32

Routing entry for 53.53.53.53/32
Known via "ospf 1", distance 110, metric 4, type intra area
Installed Apr 22 17:36:36.493 for 00:48:20
Routing Descriptor Blocks
40.23.43.23, from 53.53.53.53, via GigabitEthernet0/0/0/1
Route metric is 4
No advertising protos.

CE-R53#sh ip route ospf | b Gateway

43.0.0.0/32 is subnetted, 1 subnets
O 43.43.43.43 [110/4] via 50.33.53.33, 00:49:27, GigabitEthernet0/1

CE-R53#sh ip route 43.43.43.43

Routing entry for 43.43.43.43/32
Known via "ospf 1", distance 110, metric 4, type intra area
Last update from 50.33.53.33 on GigabitEthernet0/1, 00:50:12 ago
Routing Descriptor Blocks:
* 50.33.53.33, from 43.43.43.43, 00:50:12 ago, via GigabitEthernet0/1
Route metric is 4, traffic share count is 1

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : Carrier Ethernet - EVPN & EoMPLS

Implement Carrier Ethernet services as follows:

▪ Refer to the figure to achieve this task.
▪ Configure EVPN for Customer 1 with below parameters:
o Implement EVPN-VPWS
o Use Service-RR to signal EVPN pseudowire to Access PE.
o Use EVPN EVI 2.
o Use Ethernet Tag 5 on A1-XR22 and Tag 10 on A1-XR32.
o Use “dot1q” encapsulation on AC.
▪ Configure EoMPLS for Customer 4 with below parameters :
o Implement EoMPLS Vlan-based
o Use VC ID 10 for Pseudowire
o Use Service instance 10 on both PE and CE
o Use “QinQ” encapsulation on AC.
• Service (Outer) vlan is 10 and Customer (Inner) vlans are 100 and 120.
o Configure switches “SW1” and “SW2” with below parameters:
• VTP domain is CST, VTP mode is Transparent
• Add : vlan 100 & Svi 192.168.100.x/24; vlan 120 and Svi 192.168.120.x/24;
vlan 140 and Svi 192.168.140.x/24, where x is the Switch ID.
• Use Dot1q Trunk between switches and CEs.
▪ Verify connectivity between CE and between switches in all vlans.

Converged SDN Transport for CCIE Service Provider v5 | v202104

EVPN BGP

C-R110:
!
router bgp 100
address-family l2vpn evpn
neighbor iBGP send-community both
neighbor iBGP route-reflector-client
neighbor 22.22.22.22 activate
neighbor 32.32.32.32 activate
exit-address-family

A1-XR22, A2-XR32:
!
router bgp 100
address-family l2vpn evpn
!
neighbor 110.110.110.110
address-family l2vpn evpn

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22:
!
interface GigabitEthernet0/0/0/4.10 l2transport
encapsulation dot1q 50
rewrite ingress tag pop 1 symmetric <<< Pop Customer vlan 50 before send traffic in PW
!
l2vpn
xconnect group evpn_vpws
p2p evpn1
interface Gi0/0/0/4.10
neighbor evpn evi 2 target 10 source 5 <<< Ethernet Tag (AC ID) is 5

A2-XR32:
!
interface GigabitEthernet0/0/0/4.10 l2transport
encapsulation dot1q 50
rewrite ingress tag pop 1 symmetric <<< Pop Customer vlan 50 before send traffic in PW
!
l2vpn
xconnect group evpn_vpws
p2p evpn1
interface Gi0/0/0/4.10
neighbor evpn evi 2 target 5 source 10 <<< Ethernet Tag (AC ID) is 10

Converged SDN Transport for CCIE Service Provider v5 | v202104

CE-XR41:
!
interface GigabitEthernet0/0/0/0.50
encapsulation dot1q 50
ipv4 address 192.168.50.41 255.255.255.0

CE-R51:
!
interface Gi0/0.50
encapsulation dot1q 50
ip address 192.168.50.51 255.255.255.0

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Verify EFP interface status and encapsulation on the PEs

RP/0/RP0/CPU0:A1-XR22#sh ethernet tags Gi0/0/0/4.10 detail

GigabitEthernet0/0/0/4.10 is up, service is L2
Interface MTU is 1518, switched L2 MTU is 1514
Outer Match: Dot1Q VLAN 50
Local traffic encap: Dot1Q VLAN 50
Pop 1 tags, push none

RP/0/RP0/CPU0:A2-XR32#sh ethernet tags Gi0/0/0/4.10 detail

GigabitEthernet0/0/0/4.10 is up, service is L2
Interface MTU is 1518, switched L2 MTU is 1514
Outer Match: Dot1Q VLAN 50
Local traffic encap: Dot1Q VLAN 50
Pop 1 tags, push none

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ EVPN routes show the Ethernet segments with their associated Ethernet Tag.
➢ Customer 1 sites in our design are Single-homed. This is why Ethernet Segment is
identified by a unique zero Ethernet Segment Identifier (ESI). If customer were Multi-
homed sites, Ethernet Segment would be identified by a unique non-zero ESI.

C-R110#sh bgp l2vpn evpn detail

Route Distinguisher: 22.22.22.22:2

Route Distinguisher: 32.32.32.32:2

BGP routing table entry for [1][32.32.32.32:2][00000000000000000000][10]/23, version 33
Paths: (1 available, best #1, table EVPN-BGP-Table)
Advertised to update-groups:
3
Refresh Epoch 1
Local, (Received from a RR-client)
32.32.32.32 (metric 24) (via default) from 32.32.32.32 (32.32.32.32)
Origin IGP, localpref 100, valid, internal, best
Rcvd Label: 303212, Local Label: None
Extended Community: RT:100:2 0x604:2:98304000
rx pathid: 0, tx pathid: 0x0
Updated on Apr 27 2021 18:53:49 UTC

• A1-XR22 uses Ethernet Tag (AC ID) 5

• A2-XR32 uses Ethernet Tag (AC ID) 10

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 150 out of 326
C-R110#sh bgp l2vpn evpn evi route-type ?
<1-8> L2VPN EVPN NLRI route-type
ethernet-ad Ethernet Auto-Discovery route-type
ethernet-segment Ethernet Ethernet Segment route-type
inclusive-mcast Ethernet Inclusive Multicast route-type
ip-prefix Ethernet IP Prefix route-type
mac-advertisement Ethernet MAC Advertisment route-type
mcast-join-sync Multicast Join Sync route-type
mcast-leave-sync Multicast Leave Sync route-type
selective-mcast Selective Multicast Ethernet Tag route-type

➢ EVPN BGP table on the Route-Reflector by specifying EVI route-type “1”

C-R110#sh bgp l2vpn evpn evi route-type 1

BGP routing table entry for [1][22.22.22.22:2][00000000000000000000][5]/23, version 30
Paths: (1 available, best #1, table EVPN-BGP-Table)
Advertised to update-groups:
3
Refresh Epoch 1
Local, (Received from a RR-client)
22.22.22.22 (metric 25) (via default) from 22.22.22.22 (22.22.22.22)
Origin IGP, localpref 100, valid, internal, best
Rcvd Label: 202211, Local Label: None
Extended Community: RT:100:2 0x604:2:98304000
rx pathid: 0, tx pathid: 0x0
net: 0x7F9A43C8D2F0, path: 0x7F9A43C9D498, pathext: 0x7F9A43CAD610
flags: net: 0x0, path: 0x3, pathext: 0x81
attribute: 0x7F9A43C7D258, ref: 3
Updated on Apr 27 2021 18:53:44 UTC
BGP routing table entry for [1][32.32.32.32:2][00000000000000000000][10]/23, version 33
Paths: (1 available, best #1, table EVPN-BGP-Table)
Advertised to update-groups:
3
Refresh Epoch 1
Local, (Received from a RR-client)
32.32.32.32 (metric 24) (via default) from 32.32.32.32 (32.32.32.32)
Origin IGP, localpref 100, valid, internal, best
Rcvd Label: 303212, Local Label: None
Extended Community: RT:100:2 0x604:2:98304000
rx pathid: 0, tx pathid: 0x0
net: 0x7F9A43C8D478, path: 0x7F9A43C9D578, pathext: 0x7F9A43CAD6D0
flags: net: 0x0, path: 0x3, pathext: 0x81
attribute: 0x7F9A43C7D258, ref: 3
Updated on Apr 27 2021 18:53:49 UTC

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect detail

Group evpn_vpws, XC evpn1, state is up; Interworking none

AC: GigabitEthernet0/0/0/4.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [50, 50]
MTU 1500; XC ID 0x2; interworking none
Statistics:
packets: received 26, sent 27
bytes: received 2636, sent 2754
drops: illegal VLAN 0, illegal length 0
EVPN: neighbor 32.32.32.32, PW ID: evi 2, ac-id 10, state is up ( established )
XC ID 0xa0000003
Encapsulation MPLS
Source address 22.22.22.22
Encap type Ethernet, control word disabled
Sequencing not set
Ignore MTU mismatch: Disabled
Transmit MTU zero: Disabled
LSP : Up

EVPN Local Remote

------------ ------------------------------ -----------------------------
Label 202211 303212
MTU 1500 1500
Control word disabled disabled
AC ID 5 10
EVPN type Ethernet Ethernet

------------ ------------------------------ -----------------------------

Create time: 26/04/2021 14:13:47 (1d22h ago)
Last time status changed: 27/04/2021 18:53:48 (18:08:48 ago)
Last time PW went down: 27/04/2021 18:53:48 (18:08:48 ago)
Statistics:
packets: received 27, sent 26
bytes: received 2754, sent 2636

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show mpls forwarding labels 202211 detail

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
202211 Pop PW(EVI=2 AC-ID=10) Gi0/0/0/4.10 point2point 2010
Updated: Apr 27 18:53:43.279
Path Flags: 0x8 [ ]
Label Stack (Top -> Bottom): { }
MAC/Encaps: 0/0, MTU: 0
Packets Switched: 20

RP/0/RP0/CPU0:A2-XR32#show mpls forwarding labels 303212 detail

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
303212 Pop PW(EVI=2 AC-ID=5) Gi0/0/0/4.10 point2point 1920
Updated: Apr 27 18:53:48.722
Path Flags: 0x8 [ ]
Label Stack (Top -> Bottom): { }
MAC/Encaps: 0/0, MTU: 0
Packets Switched: 20

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:CE-XR41#ping 192.168.50.51

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.51, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 19/23/29 ms

➢ Following capture is done on link between A2-XR32 and CE-R51.

➢ Traffic going through this link is tagged using Vlan 50 with 802.1Q (0x8100)
encapsulation.

➢ ARP cache on CE shows the MAC address on the remote end.

RP/0/0/CPU0:CE-XR41#sh arp

-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address Age Hardware Addr State Type Interface
192.168.50.41 - 5254.0012.f76e Interface ARPA GigabitEthernet0/0/0/0.50
192.168.50.51 02:01:19 5254.001b.9a50 Dynamic ARPA GigabitEthernet0/0/0/0.50

Converged SDN Transport for CCIE Service Provider v5 | v202104

EoMPLS vlan-based

A2-R23, A2-R33:
!
pseudowire-class VC_2333_VLAN
encapsulation mpls
interworking vlan
!
int Gi5
service instance 10 ethernet
encapsulation dot1q 10 second-dot1q 100,120 <<< QinQ traffic going to CE
xconnect X.X.X.X 10 pw-class VC_2333_VLAN <<< X.X.X.X is the remote PE

CE with Local bridging

CE-R44, CE-R54:
!
int Gi1
no shut
service instance 10 ethernet
encapsulation dot1q 10 second-dot1q 100,120 <<< QinQ traffic going to PE
rewrite ingress tag pop 1 symmetric <<< Pop Outer vlan 10 before send traffic to switch
bridge-domain 10
!
int Gi2
no shut
service instance 10 ethernet
encapsulation dot1q 100,120
bridge-domain 10
!
bridge-domain 10

Converged SDN Transport for CCIE Service Provider v5 | v202104

SW1, SW2:
!
vtp mode transparent
vtp domain CST
!
vlan 100, 120, 140
!
Int gi0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan100
ip address 192.168.100.x 255.255.255.0 <<< X is the Switch ID
!
interface Vlan120
ip address 192.168.120.x 255.255.255.0 <<< X is the Switch ID
!
interface Vlan100
ip address 192.168.140.x 255.255.255.0 <<< X is the Switch ID

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Verify EFP interface status and encapsulation on the PEs

A1-R23#sh ethernet service instance id 10 interface Gi5 det

Service Instance ID: 10
Service Instance Type: Static
Associated Interface: GigabitEthernet5
Associated EVC:
L2protocol drop
CE-Vlans:
Encapsulation: dot1q 10 vlan protocol type 0x8100 second-dot1q 100,120,140 vlan protocol type
0x8100
Interface Dot1q Tunnel Ethertype: 0x8100
State: Up
EFP Statistics:
Pkts In Bytes In Pkts Out Bytes Out
157022 19154578 156875 19136644

A2-R33#sh ethernet service instance id 10 interface Gi5 det

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show mpls l2transport vc detail

Local interface: Gi5 up, line protocol up, Ethernet:10 up

Interworking type is Eth VLAN
Destination address: 33.33.33.33, VC ID: 10, VC status: up
Output interface: Gi3, imposed label stack {201117 303304}
Preferred path: not configured
Default path: active
Next hop: 20.11.23.11
Create time: 15:27:15, last status change time: 15:27:15
Last label FSM state change time: 15:27:15
Signaling protocol: LDP, peer 33.33.33.33:0 up
Targeted Hello: 23.23.23.23(LDP Id) -> 33.33.33.33, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 202330, remote 303304
Group ID: local 10, remote 10
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
SSO Descriptor: 33.33.33.33/10, local label: 202330
Dataplane:
SSM segment/switch IDs: 12359/8262 (used), PWID: 36
VC statistics:
transit packet totals: receive 60276, send 60277
transit byte totals: receive 8679312, send 8920564
transit packet drops: receive 0, seq error 0, send 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 158 out of 326
➢ R23 has a targeted LDP session with R33. Requirement is to enable the routers to
access LDP targeted hellos. This was already done earlier in Remote LFA task.

A1-R23#show mpls ldp discovery

Local LDP Identifier:

23.23.23.23:0
Discovery Sources:
Interfaces:
GigabitEthernet1 (ldp): xmit/recv
LDP Id: 22.22.22.22:0
GigabitEthernet2 (ldp): xmit/recv
LDP Id: 21.21.21.21:0
GigabitEthernet3 (ldp): xmit/recv
LDP Id: 11.11.11.11:0
Targeted Hellos:
23.23.23.23 -> 22.22.22.22 (ldp): active/passive, xmit/recv
LDP Id: 22.22.22.22:0
23.23.23.23 -> 21.21.21.21 (ldp): active/passive, xmit/recv
LDP Id: 21.21.21.21:0
23.23.23.23 -> 11.11.11.11 (ldp): active/passive, xmit/recv
LDP Id: 11.11.11.11:0
23.23.23.23 -> 33.33.33.33 (ldp): active/passive, xmit/recv
LDP Id: 33.33.33.33:0

➢ Alternatively, this output shows VC status with MPLS labels with interworking mode.

A1-R23#sh l2vpn service xconnect all detail

Legend: St=State XC St=State in the L2VPN Service Prio=Priority

UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
Interworking: vlan
pw100012 right 33.33.33.33:10(MPLS) 0 UP UP
Local VC label 202330
Remote VC label 303304
pw-class: VC_2333_VLAN

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface
202300 201105 1.1.1.1/32 0 Gi3 20.11.23.11
202100 1.1.1.1/32 0 Gi2 20.21.23.21
202200 1.1.1.1/32 1222 Gi1 20.22.23.22
202301 Pop Label 22.22.22.22/32 22842631 Gi1 20.22.23.22
202302 Pop Label 21.21.21.21/32 14111298 Gi2 20.21.23.21
202303 Pop Label 11.11.11.11/32 14840672 Gi3 20.11.23.11
202304 No Label 43.43.43.43/32[V] \
2952 Gi4 40.23.43.43
202306 Pop Label 123.123.123.123/32[V] \
0 aggregate/cust-3
202307 No Label 50.33.53.0/24 0 drop
202328 No Label l2ckt(22) 66152 none point2point
202330 No Label l2ckt(36) 8679312 Gi5 point2point

A1-R23#show mpls forwarding-table labels 202330 detail

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface
202330 No Label l2ckt(36) 8681112 Gi5 point2point
MAC/Encaps=0/0, MRU=0, Label Stack{}
No output feature configured

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Test pseudowire VC 10

A1-R23#ping mpls pseudowire 33.33.33.33 10 verbose

Sending 5, 72-byte MPLS Echos to 33.33.33.33,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

! size 72, reply addr 30.16.33.33, return code 3[Labels: 303304 Exp: 0]
Rx Interface: 0x1E102121
local 23.23.23.23 remote 33.33.33.33 vc id 10
! size 72, reply addr 30.16.33.33, return code 3[Labels: 303304 Exp: 0]
Rx Interface: 0x1E102121
local 23.23.23.23 remote 33.33.33.33 vc id 10
! size 72, reply addr 30.16.33.33, return code 3[Labels: 303304 Exp: 0]
Rx Interface: 0x1E102121
local 23.23.23.23 remote 33.33.33.33 vc id 10
! size 72, reply addr 30.16.33.33, return code 3[Labels: 303304 Exp: 0]
Rx Interface: 0x1E102121
local 23.23.23.23 remote 33.33.33.33 vc id 10
! size 72, reply addr 30.16.33.33, return code 3[Labels: 303304 Exp: 0]
Rx Interface: 0x1E102121
local 23.23.23.23 remote 33.33.33.33 vc id 10

Success rate is 100 percent (5/5), round-trip min/avg/max = 18/28/43 ms

Total Time Elapsed 190 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 161 out of 326
A1-R23#traceroute mpls pseudowire 33.33.33.33 10 segment source 23.23.23.23 verbose

Tracing MS-PW segments within range [1-1] peer address 33.33.33.33 and timeout 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

! 1 30.16.33.33 21 ms, ret code 3 [Labels: 303304 Exp: 0]
Rx Interface: 30.16.33.33
local 23.23.23.23 remote 33.33.33.33 vc id 10

Converged SDN Transport for CCIE Service Provider v5 | v202104

sw1#debug ip icmp
ICMP packet debugging is on

sw1#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/29/37 ms

sw1#
*May 1 12:14:56.582: ICMP: echo reply rcvd, src 192.168.100.2, dst 192.168.100.1, topology
BASE, dscp 0 topoid 0
*May 1 12:14:56.604: ICMP: echo reply rcvd, src 192.168.100.2, dst 192.168.100.1, topology
BASE, dscp 0 topoid 0
*May 1 12:14:56.643: ICMP: echo reply rcvd, src 192.168.100.2, dst 192.168.100.1, topology
BASE, dscp 0 topoid 0
*May 1 12:14:56.682: ICMP: echo reply rcvd, src 192.168.100.2, dst 192.168.100.1, topology
BASE, dscp 0 topoid 0

sw1#ping 192.168.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.120.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/26/37 ms
sw1#
*May 1 12:16:09.498: ICMP: echo reply rcvd, src 192.168.120.2, dst 192.168.120.1, topology
BASE, dscp 0 topoid 0
*May 1 12:16:09.529: ICMP: echo reply rcvd, src 192.168.120.2, dst 192.168.120.1, topology
BASE, dscp 0 topoid 0
*May 1 12:16:09.550: ICMP: echo reply rcvd, src 192.168.120.2, dst 192.168.120.1, topology
BASE, dscp 0 topoid 0
*May 1 12:16:09.574: ICMP: echo reply rcvd, src 192.168.120.2, dst 192.168.120.1, topology
BASE, dscp 0 topoid 0

sw1#ping 192.168.140.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.140.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Converged SDN Transport for CCIE Service Provider v5 | v202104

CE-R44#show bridge-domain 10

Bridge-domain 10 (2 ports in all)

State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
GigabitEthernet1 service instance 10
GigabitEthernet2 service instance 10
AED MAC address Policy Tag Age Pseudoport
0 5254.0018.8064 forward dynamic 263 GigabitEthernet1.EFP10
0 5254.000E.808C forward dynamic 277 GigabitEthernet2.EFP10
0 5254.000E.8078 forward dynamic 266 GigabitEthernet2.EFP10
0 5254.0018.8078 forward dynamic 266 GigabitEthernet1.EFP10
0 5254.000E.8064 forward dynamic 263 GigabitEthernet2.EFP10

• SW-1 and SW-2 MAC in vlan 100 and 120 are learned in the bridge-domain.
• SW-1 MAC in vlan 140 is learned, but SW-2 MAC in vlan 140 is not learned.

➢ MAC addresses of all Svi.

sw1#sh int vlan100 | i address is

Hardware is Ethernet SVI, address is 5254.000e.8064 (bia 5254.000e.8064)
Internet address is 192.168.100.1/24

sw1#sh int vlan120 | i address is

Hardware is Ethernet SVI, address is 5254.000e.8078 (bia 5254.000e.8078)
Internet address is 192.168.120.1/24

sw1#sh int vlan140 | i address is

Hardware is Ethernet SVI, address is 5254.000e.808c (bia 5254.000e.808c)
Internet address is 192.168.140.1/24

sw-2#sh int vlan100 | i address is

Hardware is Ethernet SVI, address is 5254.0018.8064 (bia 5254.0018.8064)
Internet address is 192.168.100.2/24

sw-2#sh int vlan120 | i address is

Hardware is Ethernet SVI, address is 5254.0018.8078 (bia 5254.0018.8078)
Internet address is 192.168.120.2/24

sw-2#sh int vlan140 | i address is

Hardware is Ethernet SVI, address is 5254.0018.808c (bia 5254.0018.808c)
Internet address is 192.168.140.2/24

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 164 out of 326
o As seen previously, IP reachablity is working in vlan 100 & 120, but not in vlan 140.
o This is because, vlan 140 is not defined as inner vlan on QinQ Links.

➢ Let’s add vlan 140 as second dot1q inner tag.

CE-R44, CE-R54:
!
interface GigabitEthernet1
service instance 10 ethernet
encapsulation dot1q 10 second-dot1q 100,120,140

A1-R23, A2-R33:
!
interface GigabitEthernet5
service instance 10 ethernet
encapsulation dot1q 10 second-dot1q 100,120,140

➢ Now reachability with SW2 in vlan140 is working.

SW1#ping 192.168.140.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.140.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 25/29/36 ms

SW1#
*May 1 13:56:43.787: ICMP: echo reply rcvd, src 192.168.140.2, dst 192.168.140.1, topology
BASE, dscp 0 topoid 0
*May 1 13:56:43.814: ICMP: echo reply rcvd, src 192.168.140.2, dst 192.168.140.1, topology
BASE, dscp 0 topoid 0
*May 1 13:56:43.841: ICMP: echo reply rcvd, src 192.168.140.2, dst 192.168.140.1, topology
BASE, dscp 0 topoid 0
*May 1 13:56:43.876: ICMP: echo reply rcvd, src 192.168.140.2, dst 192.168.140.1, topology
BASE, dscp 0 topoid 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

CE-R44#show bridge-domain 10

Bridge-domain 10 (2 ports in all)

State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
GigabitEthernet1 service instance 10
GigabitEthernet2 service instance 10
AED MAC address Policy Tag Age Pseudoport
0 5254.0018.8064 forward dynamic 287 GigabitEthernet1.EFP10
0 5254.000E.808C forward dynamic 281 GigabitEthernet2.EFP10
0 5254.000E.8078 forward dynamic 284 GigabitEthernet2.EFP10
0 5254.0018.8078 forward dynamic 284 GigabitEthernet1.EFP10
0 5254.0018.808C forward dynamic 282 GigabitEthernet1.EFP10
0 5254.000E.8064 forward dynamic 287 GigabitEthernet2.EFP10

➢ Below capture is done on the AC link between CE-R44 and A1-R23.

➢ It shows how QinQ operates, with the customer traffic (vlan 140) being encapsulated
with an outer dot1q tag (vlan 10).

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 7.1. MPLS-TE & RSVP

Figure : MPLS-TE and RSVP

Implement MPLS-TE and RSVP as follows:

▪ Refer to the figure to achieve this task.
▪ Customer 1 and 2 need to configure the RED path with below parameters:
o Enable MPLS-TE support in all domains on all routers.
o Enable support for MPLS-TE and for RSVP on all transit interfaces.
o Ensure to reserve 75% of bandwidth on all RSVP interfaces and 50Mb on Tunnels.
o Unnumber each Tunnel with the router’s Loopback0.
o Configure Autoroute Announce on Tunnels.
o Configure an explicit-path for RED traffic and a dynamic fallback path.
o Ensure headends can reoptimize automatically after 30 seconds existing TE LSPs
in search for a better path when the MPLS TE network is becoming UP again.
▪ Configure an MPLS TE tunnel from A2-R33 to A2-R31 for FRR as follows:
o Unnumber the tunnel with A2-R33’s Loopback0.
o Set tunnel destination as A2-R31 Loopback0.
o Set tunnel’s path option to explicitely avoid the link between A2-R33 to A2-R31.
o Configure BFD signaling between A2-R33 to A2-R31 to detect a link failure
between them in less than one second.
o A2-XR32 TE tunnel to C-XR6 should be Fast Rerouted if the link between A2-R33
to A2-R31 is down.
▪ Verify end-to-end L3VPN and L2VPN connectivity between West and East CE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

In earlier BGP-LU tasks, we implement AIGP in the objective to optimize the end-to-end
path computation to account the accumulated IGP metrics of each domain. To verify that,
we configured low metrics in Core domain, where BGP-LU next-hop changed from C-XR1
and C-XR6 to C-XR11 and C-XR16.

RED traffic must transit via C-XR6 and then via C-XR1. This means that prior to setup
MPLS TE tunnels, we first have to make C-XR6 and C-XR1 the preferred BGP next-hop to
reach our final destination A1-XR22. As a solution, we will configure Local-Preference
which is a better BGP attribute than AIGP in regards to the BGP bestpath selection.

The figure shows 3 MPLS TE tunnels in total. With the Unified MPLS network actually in
place, transport labels are allocated by LDP and BGP-LU. As the domains do not have IGP
knowledge of the other domains, this is not possible to configure a single MPLS-TE LSP
from East PE to West PE.

MPLS-TE tunnel are unidirectional. In real case scenarios, it would makes sense to
configure 2 tunnels, 1 in each direction. In this task, we are using only one unidirectional
path from East to West. This is enough for our tests.

Converged SDN Transport for CCIE Service Provider v5 | v202104

BGP Traffic-Engineering

➢ Makes C-XR6 the preferred exit point for A1-XR32 to reach A1-XR22.

A2-XR32:
!
route-policy LP
if destination in (22.22.22.22/32) then
set local-preference 200
else
pass
endif
end-policy
!
router bgp 100
neighbor 6.6.6.6
remote-as 100
update-source Loopback0
address-family ipv4 labeled-unicast
route-policy LP in

RP/0/RP0/CPU0:A2-XR32#sh bgp ipv4 unicast | b Network

Network Next Hop Metric LocPrf Weight Path
<snip>
* i22.22.22.22/32 6.6.6.6 2 200 0?
*>i 6.6.6.6 3 200 0?
*i 16.16.16.16 3 100 0?
*i 16.16.16.16 2 100 0?
<snip>

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR6:
!
route-policy LP
if destination in (22.22.22.22/32) and next-hop in (1.1.1.1) then
set local-preference 200
else
pass
endif
end-policy
!
router bgp 100
neighbor 10.10.10.10
address-family ipv4 labeled-unicast
route-policy LP in

RP/0/0/CPU0:C-XR6#sh bgp ipv4 unicast | b Network

Network Next Hop Metric LocPrf Weight Path
*>i10.10.10.10/32 10.10.10.10 0 100 0i
* i22.22.22.22/32 11.11.11.11 3 100 0?
*>i 1.1.1.1 2 200 0?
*>i23.23.23.23/32 11.11.11.11 2 100 0?
*i 1.1.1.1 3 100 0?
*> 32.32.32.32/32 30.6.32.32 2 32768 ?
*i 16.16.16.16 3 100 0?
*> 33.33.33.33/32 30.6.31.31 3 32768 ?
*i 16.16.16.16 2 100 0?
*>i110.110.110.110/32 10.10.10.10 41 100 0i

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Access 2 - ASBR

C-XR6, C-XR16:
!
router ospf 20
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
int Gi0/0/0/2
int Gi0/0/0/3
int Gi0/0/0/4
!
rsvp
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/3
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/4
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
router ospf 20
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
reoptimize 30
int Gi0/0/0/0
int Gi0/0/0/1
int Gi0/0/0/2
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
!
explicit-path name A2-XR32_To_C-XR6
index 1 next-address ipv4 unicast 33.33.33.33
index 2 next-address ipv4 unicast 31.31.31.31
index 3 next-address ipv4 unicast 6.6.6.6
!
interface Tunnel-te1
ipv4 unnumbered lo0
destination 6.6.6.6
path-option 1 explicit name A2-XR32_To_C-XR6
path-option 2 dynamic
signalled-bandwidth 50000
fast-reroute
autoroute announce

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 172 out of 326
A2-R33: (PLR - Point of Local Repair)
!
mpls traffic-eng tunnels
!
router ospf 20
mpls traffic-eng area 0
mpls traffic-eng router-id lo0
!
int range Gi1-3
mpls traffic-eng tunnels
ip rsvp bandwidth
!
ip rsvp signalling hello bfd
!
ip explicit-path name AVOID_A2-R33_A2-R31_LINK enable
exclude-address 30.31.33.33
exclude-address 30.31.33.31
!
interface Gi1
bfd interval 250 min_rx 250 multiplier 3
ip rsvp signalling hello bfd
mpls traffic-eng backup-path tunnel 1
!
int Tunnel1
ip unnumbered Lo0
tunnel mode mpls traffic-eng
tunnel destination 31.31.31.31
tunnel mpls traffic-eng path-option 1 explicity name AVOID_A2-R33_A2-R31_LINK
tunnel mpls traffic-eng autoroute announce <<< Not mandatory / just to test backup path

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 173 out of 326
A2-R31:
!
mpls traffic-eng tunnels
!
router ospf 20
mpls traffic-eng area 0
mpls traffic-eng router-id lo0
!
int range Gi1-4
mpls traffic-eng tunnels
ip rsvp bandwidth
!
ip rsvp signalling hello bfd
!
int Gi4
bfd interval 250 min_rx 250 multiplier 3
ip rsvp signalling hello bfd

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR6:
!
router isis 1
address-family ipv4 unicast
metric-style wide
mpls traffic-eng router-id Lo0
mpls traffic-eng level-2-only
!
mpls traffic-eng
reoptimize 30
int Gi0/0/0/0
int Gi0/0/0/1
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
!
explicit-path name C-XR6_To_C-XR1
index 1 next-address strict ipv4 unicast 4.4.4.4
index 2 next-address strict ipv4 unicast 5.5.5.5
index 3 next-address strict ipv4 unicast 3.3.3.3
index 4 next-address strict ipv4 unicast 2.2.2.2
index 5 next-address strict ipv4 unicast 1.1.1.1
!
interface Tunnel-te1
ipv4 unnumbered lo0
destination 1.1.1.1
path-option 1 explicit name C-XR6_To_C-XR1
path-option 2 dynamic
signalled-bandwidth 50000
autoroute announce

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 175 out of 326
C-XR1, C-XR11, C-XR16:
!
router isis 1
address-family ipv4 unicast
metric-style wide
mpls traffic-eng router-id Lo0
mpls traffic-eng level-2-only
!
mpls traffic-eng
int Gi0/0/0/0
int Gi0/0/0/1
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR2/3/4/5, C-XR12/13/14/15:
!
router isis 1
address-family ipv4 unicast
metric-style wide
mpls traffic-eng router-id Lo0
mpls traffic-eng level-2-only
!
mpls traffic-eng
int Gi0/0/0/0
int Gi0/0/0/1
int Gi0/0/0/2
int Gi0/0/0/4
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/4
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1:
!
router ospf 10
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
reoptimize 30
int Gi0/0/0/2
int Gi0/0/0/3
int Gi0/0/0/4
!
rsvp
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/3
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/4
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
!
explicit-path name C-XR1_To_A1-XR22
index 1 next-address strict ipv4 unicast 21.21.21.21
index 2 next-address strict ipv4 unicast 22.22.22.22
!
interface Tunnel-te1
ipv4 unnumbered lo0
destination 22.22.22.22
path-option 1 explicit name C-XR1_To_A1-XR22
path-option 2 dynamic
signalled-bandwidth 50000
autoroute announce

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 178 out of 326
A2-XR11:
!
router ospf 10
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
int Gi0/0/0/2
int Gi0/0/0/3
int Gi0/0/0/4
!
rsvp
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/3
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/4
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR21:
!
router ospf 10
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
int Gi0/0/0/0
int Gi0/0/0/1
int Gi0/0/0/2
int Gi0/0/0/3
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/3
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

A2-R23:
!
mpls traffic-eng tunnels
!
router ospf 10
mpls traffic-eng area 0
mpls traffic-eng router-id lo0
!
int range Gi1-3
mpls traffic-eng tunnels
ip rsvp bandwidth

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 180 out of 326
C-XR22:
!
router ospf 10
mpls traffic-eng router-id Lo0
area 0
mpls traffic-eng
!
mpls traffic-eng
int Gi0/0/0/0
int Gi0/0/0/1
int Gi0/0/0/2
!
rsvp
int Gi0/0/0/0
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/1
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default
int Gi0/0/0/2
bandwidth percentage 75 <<< No Bandwidth reserved on XR, by default

Converged SDN Transport for CCIE Service Provider v5 | v202104

MPLS-TE Topologies

➢ Access 2 - MPLS-TE topology

RP/0/RP0/CPU0:A2-XR32#show mpls traffic-eng topology summary

My_System_id: 32.32.32.32 (OSPF 20 area 0)
My_BC_Model_Type: RDM

Signalling error holddown: 10 sec Global Link Generation 31612

OSPF 20 area 0
Local System Id: 32.32.32.32
TE router ID configured: 32.32.32.32
in use: 32.32.32.32

IGP Id: 6.6.6.6, MPLS TE Id: 6.6.6.6 Router Node

3 links

IGP Id: 16.16.16.16, MPLS TE Id: 16.16.16.16 Router Node

3 links

IGP Id: 31.31.31.31, MPLS TE Id: 31.31.31.31 Router Node

4 links

IGP Id: 32.32.32.32, MPLS TE Id: 32.32.32.32 Router Node

3 links

IGP Id: 33.33.33.33, MPLS TE Id: 33.33.33.33 Router Node

3 links

Total: 5 nodes (5 router, 0 network), 16 links

Grand Total: 5 nodes (5 router, 0 network) 16 links

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR3#show mpls traffic-eng topology summary | b Local System

Local System Id: 0000.0000.0003
TE router ID configured: 3.3.3.3
in use: 3.3.3.3

IGP Id: 0000.0000.0001.00, MPLS TE Id: 1.1.1.1 Router Node

2 links

IGP Id: 0000.0000.0002.00, MPLS TE Id: 2.2.2.2 Router Node

4 links

IGP Id: 0000.0000.0003.00, MPLS TE Id: 3.3.3.3 Router Node

4 links

IGP Id: 0000.0000.0004.00, MPLS TE Id: 4.4.4.4 Router Node

4 links

IGP Id: 0000.0000.0005.00, MPLS TE Id: 5.5.5.5 Router Node

4 links

IGP Id: 0000.0000.0006.00, MPLS TE Id: 6.6.6.6 Router Node

2 links

IGP Id: 0000.0000.0011.00, MPLS TE Id: 11.11.11.11 Router Node

2 links

IGP Id: 0000.0000.0012.00, MPLS TE Id: 12.12.12.12 Router Node

4 links

IGP Id: 0000.0000.0013.00, MPLS TE Id: 13.13.13.13 Router Node

4 links

IGP Id: 0000.0000.0014.00, MPLS TE Id: 14.14.14.14 Router Node

4 links

IGP Id: 0000.0000.0015.00, MPLS TE Id: 15.15.15.15 Router Node

4 links

IGP Id: 0000.0000.0016.00, MPLS TE Id: 16.16.16.16 Router Node

2 links

Total: 12 nodes (12 router, 0 network), 40 links

Grand Total: 12 nodes (12 router, 0 network) 40 links

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show mpls traffic-eng topology summary

My_System_id: 22.22.22.22 (OSPF 10 area 0)
My_BC_Model_Type: RDM

Signalling error holddown: 10 sec Global Link Generation 26863

OSPF 10 area 0
Local System Id: 22.22.22.22
TE router ID configured: 22.22.22.22
in use: 22.22.22.22

IGP Id: 1.1.1.1, MPLS TE Id: 1.1.1.1 Router Node

3 links

IGP Id: 11.11.11.11, MPLS TE Id: 11.11.11.11 Router Node

3 links

IGP Id: 21.21.21.21, MPLS TE Id: 21.21.21.21 Router Node

4 links

IGP Id: 22.22.22.22, MPLS TE Id: 22.22.22.22 Router Node

3 links

IGP Id: 23.23.23.23, MPLS TE Id: 23.23.23.23 Router Node

3 links

Total: 5 nodes (5 router, 0 network), 16 links

Grand Total: 5 nodes (5 router, 0 network) 16 links

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#show rsvp interface

*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)

Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps)

------------------------- ------------ ------------- -------------------- -------------
GigabitEthernet0/0/0/0 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/2 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/1 750M 750M 50M ( 6%) 0

A2-R33#sh ip rsvp interface

interface rsvp allocated i/f max flow max sub max VRF
Gi1 ena 50M 750M 750M 0
Gi2 ena 0 750M 750M 0
Gi3 ena 0 750M 750M 0

A2-R31#sh ip rsvp interface

interface rsvp allocated i/f max flow max sub max VRF
Gi1 ena 50M 750M 750M 0
Gi2 ena 0 750M 750M 0
Gi3 ena 0 750M 750M 0
Gi4 ena 0 750M 750M 0

RP/0/0/CPU0:C-XR6#sh rsvp interface

*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)

Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps)

------------------------- ------------ ------------- -------------------- -------------
GigabitEthernet0/0/0/0 750M 750M 50M ( 6%) 0
GigabitEthernet0/0/0/1 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/2 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/3 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/4 750M 750M 0 ( 0%) 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 185 out of 326
RP/0/0/CPU0:C-XR3#sh rsvp interface
*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)

Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps)

------------------------- ------------ ------------- -------------------- -------------
GigabitEthernet0/0/0/0 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/1 750M 750M 50M ( 6%) 0
GigabitEthernet0/0/0/2 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/4 750M 750M 0 ( 0%) 0

RP/0/0/CPU0:C-XR1#sh rsvp interface

*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)

Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps)

------------------------- ------------ ------------- -------------------- -------------
GigabitEthernet0/0/0/0 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/1 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/2 750M 750M 50M ( 6%) 0
GigabitEthernet0/0/0/3 750M 750M 0 ( 0%) 0
GigabitEthernet0/0/0/4 750M 750M 0 ( 0%) 0

RP/0/0/CPU0:A1-XR21#sh rsvp interface

*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)

Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps)

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Access 2 - MPLS-TE Tunnel 1

RP/0/RP0/CPU0:A2-XR32#show mpls traffic-eng tunnel 1 detail

Name: tunnel-te1 Destination: 6.6.6.6 Ifhandle:0x24
Signalled-Name: A2-XR32_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 1, type explicit A2-XR32_To_C-XR6 (Basis for Setup, path weight 3)
Accumulative metrics: TE 3 IGP 3 Delay 900000
path option 2, type dynamic
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 50000 kbps CT0
Creation Time: Tue May 4 12:23:33 2021 (2d03h ago)
Config Parameters:
Bandwidth: 50000 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Delay-limit: disabled
Delay-measurement: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear (default)
AutoRoute: enabled LockDown: disabled Policy class: not set
Forward class: 0 (not enabled)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
Loadshare: 0 equal loadshares
Auto-bw: disabled
Auto-Capacity: Disabled:
Fast Reroute: Enabled, Protection Desired: Any
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
SNMP Index: 18
Binding SID: None
History:
Tunnel has been up for: 00:48:58 (since Thu May 06 14:50:52 UTC 2021)
Current LSP:
Uptime: 00:37:47 (since Thu May 06 15:02:03 UTC 2021)
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 187 out of 326
Date/Time: Thu May 06 15:25:36 UTC 2021 [00:14:14 ago]
Prior LSP:
ID: 30 Path Option: 2
Removal Trigger: reoptimization completed
Current LSP Info:
Instance: 31, Signaling Area: OSPF 20 area 0
Uptime: 00:37:47 (since Thu May 06 15:02:03 UTC 2021)
Outgoing Interface: GigabitEthernet0/0/0/1, Outgoing Label: 303304
Router-IDs: local 32.32.32.32
downstream 33.33.33.33
Soft Preemption: None
SRLGs: not collected
Path Info:
Outgoing:
Explicit Route:
Strict, 30.32.33.33
Strict, 30.31.33.31
Strict, 30.6.31.6
Strict, 6.6.6.6

Record Route: Disabled

Tspec: avg rate=50000 kbits, burst=1000 bytes, peak rate=50000 kbits
Session Attributes: Local Prot: Set, Node Prot: Not Set, BW Prot: Not Set
Soft Preemption Desired: Not Set
Resv Info:
Record Route:
IPv4 33.33.33.33, flags 0x20 (Node-ID)
Label 303304, flags 0x1
IPv4 31.31.31.31, flags 0x20 (Node-ID)
Label 303105, flags 0x1
IPv4 6.6.6.6, flags 0x20 (Node-ID)
Label 3, flags 0x1
IPv4 30.6.31.6, flags 0x0
Label 3, flags 0x1
Fspec: avg rate=50000 kbits, burst=1000 bytes, peak rate=50000 kbits
Persistent Forwarding Statistics:
Out Bytes: 62685390
Out Packets: 503298

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 188 out of 326
➢ Core - MPLS-TE Tunnel 1
RP/0/0/CPU0:C-XR6#show mpls traffic-eng tunnel 1 detail destination 1.1.1.1
Name: tunnel-te1 Destination: 1.1.1.1 Ifhandle:0x70
Signalled-Name: C-XR6_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 1, type explicit C-XR6_To_C-XR1 (Basis for Setup, path weight 220)
Accumulative metrics: TE 220 IGP 220 Delay 1500000
path option 2, type dynamic
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 50000 kbps CT0
Creation Time: Wed May 5 09:11:03 2021 (11:51:27 ago)
Config Parameters:
Bandwidth: 50000 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Delay-limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear (default)
AutoRoute: enabled LockDown: disabled Policy class: not set
Forward class: 0 (not enabled)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
Loadshare: 0 equal loadshares
Auto-bw: disabled
Auto-Capacity: Disabled:
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
SNMP Index: 10
Binding SID: None
History:
Tunnel has been up for: 11:51:27 (since Wed May 05 09:11:03 UTC 2021)
Current LSP:
Uptime: 11:51:27 (since Wed May 05 09:11:03 UTC 2021)
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Wed May 05 20:36:17 UTC 2021 [00:26:13 ago]

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 189 out of 326
Prior LSP:
ID: 2 Path Option: 1
Removal Trigger: path tear
Current LSP Info:
Instance: 3, Signaling Area: IS-IS 1 level-2
Uptime: 11:51:27 (since Wed May 05 09:11:03 UTC 2021)
Outgoing Interface: GigabitEthernet0/0/0/0, Outgoing Label: 100413
Router-IDs: local 6.6.6.6
downstream 4.4.4.4
Soft Preemption: None
SRLGs: not collected
Path Info:
Outgoing:
Explicit Route:
Strict, 10.4.6.4
Strict, 10.4.5.5
Strict, 10.3.5.3
Strict, 10.2.3.2
Strict, 10.1.2.1
Strict, 1.1.1.1

Record Route: Disabled

Tspec: avg rate=50000 kbits, burst=1000 bytes, peak rate=50000 kbits
Session Attributes: Local Prot: Not Set, Node Prot: Not Set, BW Prot: Not Set
Soft Preemption Desired: Not Set
Resv Info: None
Record Route: Disabled
Fspec: avg rate=50000 kbits, burst=1000 bytes, peak rate=50000 kbits
Persistent Forwarding Statistics:
Out Bytes: 7392
Out Packets: 93

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR1#show mpls traffic-eng tunnels detail role head

Name: tunnel-te1 Destination: 22.22.22.22 Ifhandle:0x70
Signalled-Name: C-XR1_t1
Status:
Admin: up Oper: up Path: valid Signalling: connected

path option 1, type explicit C-XR1_To_A1-XR22 (Basis for Setup, path weight 2)
Accumulative metrics: TE 2 IGP 2 Delay 600000
path option 2, type dynamic
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 50000 kbps CT0
Creation Time: Wed May 5 09:15:03 2021 (11:56:23 ago)
Config Parameters:
Bandwidth: 50000 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Delay-limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear (default)
AutoRoute: enabled LockDown: disabled Policy class: not set
Forward class: 0 (not enabled)
Forwarding-Adjacency: disabled
Autoroute Destinations: 0
Loadshare: 0 equal loadshares
Auto-bw: disabled
Auto-Capacity: Disabled:
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
SNMP Index: 10
Binding SID: None
History:
Tunnel has been up for: 11:56:23 (since Wed May 05 09:15:03 UTC 2021)
Current LSP:
Uptime: 11:56:23 (since Wed May 05 09:15:03 UTC 2021)
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Wed May 05 09:17:28 UTC 2021 [11:53:58 ago]
Prior LSP:
ID: 2 Path Option: 1
Removal Trigger: path tear
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 191 out of 326
Current LSP Info:
Instance: 3, Signaling Area: OSPF 10 area 0
Uptime: 11:56:23 (since Wed May 05 09:15:03 UTC 2021)
Outgoing Interface: GigabitEthernet0/0/0/2, Outgoing Label: 202104
Router-IDs: local 1.1.1.1
downstream 21.21.21.21
Soft Preemption: None
SRLGs: not collected
Path Info:
Outgoing:
Explicit Route:
Strict, 20.1.21.21
Strict, 20.21.22.22
Strict, 22.22.22.22

Record Route: Disabled

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#show route 6.6.6.6/32

Routing entry for 6.6.6.6/32
Known via "ospf 20", distance 110, metric 2, type intra area
Installed May 5 20:31:40.140 for 00:56:32
Routing Descriptor Blocks
6.6.6.6, from 6.6.6.6, via tunnel-te1
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A2-XR32#sh cef 6.6.6.6/32 detail

6.6.6.6/32, version 320, internal 0x1000001 0x30 (ptr 0xd903040) [1], 0x0 (0xe249a80), 0xa20
(0xe868330)
Updated May 5 20:31:40.148
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xe0b2aa0) reference count 3, flags 0x68, source lsd (5), 1 backups
[3 type 4 flags 0x8401 (0xe8ad8f8) ext 0x0 (0x0)]
LW-LDI[type=1, refc=1, ptr=0xe249a80, sh-ldi=0xe8ad8f8]
gateway array update type-time 1 May 5 20:31:40.148
LDI Update time May 5 20:31:40.156
LW-LDI-TS May 5 20:31:40.156
via 6.6.6.6/32, tunnel-te1, 7 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xf25b738 0xf25b900]
next hop 6.6.6.6/32
local adjacency
local label 303200 labels imposed {ImplNull}

Load distribution: 0 (refcount 3)

Hash OK Interface Address

0 Y tunnel-te1 point2point

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 193 out of 326
RP/0/RP0/CPU0:A2-XR32#show mpls forwarding prefix 6.6.6.6/32 detail
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
303200 Pop 6.6.6.6/32 tt1 6.6.6.6 9682
Version: 320, Priority: 3
Label Stack (Top -> Bottom): { 303104 Imp-Null }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/8, MTU: 1500
Outgoing Interface: tunnel-te1 (ifhandle 0x00000024)
Packets Switched: 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ A2-XR32 requests FRR protection for Tunnel 1

RP/0/RP0/CPU0:A2-XR32#show mpls traffic-eng tunnels protection

A2-XR32_t1 Tunnel Id: 1
LSP Head, Admin: up, Oper: up
Src: 32.32.32.32, Dest: 6.6.6.6, Instance: 31
Fast Reroute Protection: Requested
Outbound: FRR Inactive
LSP signalling info:
Original: out i/f: GigabitEthernet0/0/0/1, label: 303304, nhop: 30.32.33.33

➢ A2-R33 and A2-R31 are BFD neighbors, and the client protocol of BFD is FRR
A2-R33#show ip rsvp hello bfd nbr detail
Hello Client Neighbors

Remote addr 30.31.33.31, Local addr 30.31.33.33

Type: Active
I/F: Gi1
State: Up (for 00:01:06)
Clients: FRR
LSPs protecting: 1 (frr: 1, hst upstream: 0 hst downstream: 0)
Communication with neighbor lost: 0

➢ Tunnel from A2-XR32 to C-XR6 is protected by Tunnel1 on A2-R33

A2-R33#show mpls traffic-eng fast-reroute database

P2P Headend FRR information:
Protected tunnel In-label Out intf/label FRR intf/label Status
--------------------------- -------- -------------- -------------- ------

P2P LSP midpoint frr information:

LSP identifier In-label Out intf/label FRR intf/label Status
--------------------------- -------- -------------- -------------- ------
32.32.32.32 1 [35] 303309 Gi1:303104 Tu1:303104 ready

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6

1 30.32.33.33 [MPLS: Label 303309 Exp 0] 9 msec 4 msec 4 msec

2 30.31.33.31 [MPLS: Label 303104 Exp 0] 5 msec 3 msec 4 msec
3 30.6.31.6 4 msec * 4 msec

▪ Now, let’s disable A2-R33--A2-R41 link and see what is the new backup path

A2-R31:
!
interface Gi4
shutdown

▪ For a very short time, we see the new backup path is via A2-R33 :

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 30.32.33.33 [MPLS: Label 303306 Exp 0] 9 msec 7 msec 6 msec
2 30.16.33.16 [MPLS: Labels 301618/303105 Exp 0] 6 msec 5 msec 5 msec
3 30.16.31.31 [MPLS: Label 303105 Exp 0] 5 msec 6 msec 6 msec
4 30.6.31.6 6 msec

▪ Another verification shows backup path directly via C-XR6.

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6

1 30.6.32.6 11 msec * 3 msec

➢ This is because we are also using a dynamic fallback path option, and the headend is
configured to reoptimize automatically the TE LSP for a better path after 30 seconds.

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
interface Tunnel-te1
no path-option 2 dynamic

A2-R31:
!
interface Gi4
shutdown

▪ The backup path changes via A2-R33, but after a short time, it changes again via C-
XR6. The reason is that the hops in the explicit-path on A2-XR32 are configured as
“strict”, and hence the tunnel signaling is broken.

Strict means that the next address in the explicit path belongs to an
adjacent router to the router in the sequence.
Loose means that the next address can belong to a router that is not
necesserly adjacent.

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6

1 30.32.33.33 [MPLS: Label 303309 Exp 0] 8 msec 7 msec 5 msec

2 30.16.33.16 [MPLS: Labels 301618/303104 Exp 0] 6 msec 6 msec 5 msec
3 30.16.31.31 [MPLS: Label 303104 Exp 0] 6 msec 5 msec 6 msec
4 30.6.31.6 5 msec * 6 msec

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6

1 30.6.32.6 6 msec * 4 msec

▪ Note also that the tunnel is no more protected

RP/0/RP0/CPU0:A2-XR32#show mpls traffic-eng tunnels protection

No LSPs

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 197 out of 326
▪ If we absolutely need the backup path to stay via A2-R33, we need to configure the
explicit-path with the same hops with the “loose” option.

A2-XR32:
!
explicit-path name A2-XR32_To_C-XR6
index 1 next-address loose ipv4 unicast 33.33.33.33
index 2 next-address loose ipv4 unicast 31.31.31.31
index 3 next-address loose ipv4 unicast 6.6.6.6

▪ Finally the backup path via A2-R33 and does not change.

RP/0/RP0/CPU0:A2-XR32#traceroute 6.6.6.6 source lo0 num

Type escape sequence to abort.
Tracing the route to 6.6.6.6

1 30.32.33.33 [MPLS: Label 303309 Exp 0] 14 msec 6 msec 5 msec

2 30.16.33.16 [MPLS: Label 301620 Exp 0] 5 msec 5 msec 6 msec
3 30.16.31.31 [MPLS: Label 303104 Exp 0] 7 msec 6 msec 24 msec
4 30.6.31.6 5 msec * 6 msec

▪ Note that the tunnel is protected again

RP/0/RP0/CPU0:A2-XR32#show mpls traffic-eng tunnels protection

A2-XR32_t1 Tunnel Id: 1
LSP Head, Admin: up, Oper: up
Src: 32.32.32.32, Dest: 6.6.6.6, Instance: 46
Fast Reroute Protection: Requested
Outbound: FRR Inactive
LSP signalling info:
Original: out i/f: GigabitEthernet0/0/0/1, label: 303306, nhop: 30.32.33.33

▪ Let’s bring A2-R33 - A2-R31 link back up

A2-R31:
!
interface Gi4
no shut

Note: After that action, we need to let a little time for the Tunnel to reoptimize its best
path using the configured explicit-path.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Traceroute from A2-XR32 to A1-XR22

RP/0/RP0/CPU0:A2-XR32#traceroute 22.22.22.22 source lo0 numeric

Type escape sequence to abort.
Tracing the route to 22.22.22.22

1 30.32.33.33 [MPLS: Labels 303310/300616 Exp 0] 30 msec 24 msec 36 msec

2 30.31.33.31 [MPLS: Labels 303106/300616 Exp 0] 29 msec 28 msec 29 msec
3 30.6.31.6 [MPLS: Label 300616 Exp 0] 27 msec 26 msec 29 msec
4 10.4.6.4 [MPLS: Labels 100413/200113 Exp 0] 28 msec 31 msec 33 msec
5 10.4.5.5 [MPLS: Labels 100513/200113 Exp 0] 30 msec 31 msec 30 msec
6 10.3.5.3 [MPLS: Labels 100313/200113 Exp 0] 34 msec 29 msec 31 msec
7 10.2.3.2 [MPLS: Labels 100213/200113 Exp 0] 41 msec 35 msec 49 msec
8 10.1.2.1 [MPLS: Label 200113 Exp 0] 41 msec 29 msec 37 msec
9 20.1.21.21 [MPLS: Label 202104 Exp 0] 27 msec 27 msec 70 msec
10 20.21.22.22 32 msec * 33 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ IP reachability between CE-R51 and CE-R41

CE-R51#debug ip icmp
ICMP packet debugging is on
!
CE-R51#ping 192.168.50.41
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.41, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

➢ To make it works, I had to clear the bgp table and restart the bgp process on both A1-
XR22 and X2-XR32.

Clear bgp *
Process bgp restart

▪ Now we have IP rechability between CE

CE-R51#ping 192.168.50.41
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.41, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 31/34/37 ms

CE-R51#
*May 6 18:57:49.181: ICMP: echo reply rcvd, src 192.168.50.41, dst 192.168.50.51, topology
BASE, dscp 0 topoid 0
*May 6 18:57:49.212: ICMP: echo reply rcvd, src 192.168.50.41, dst 192.168.50.51, topology
BASE, dscp 0 topoid 0
*May 6 18:57:49.250: ICMP: echo reply rcvd, src 192.168.50.41, dst 192.168.50.51, topology
BASE, dscp 0 topoid 0
*May 6 18:57:49.286: ICMP: echo reply rcvd, src 192.168.50.41, dst 192.168.50.51, topology
BASE, dscp 0 topoid 0
*May 6 18:57:49.318: ICMP: echo reply rcvd, src 192.168.50.41, dst 192.168.50.51, topology
BASE, dscp 0 topoid 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ IP reachability between CE-R52 and CE-R42

CE-R52#ping 42.42.42.42 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 42.42.42.42, timeout is 2 seconds:
Packet sent with a source address of 52.52.52.52
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 26/33/47 ms

▪ Traceroute between CE-R52 and CE-R42

CE-R52#traceroute 42.42.42.42 source lo0 numeric

Type escape sequence to abort.
Tracing the route to 42.42.42.42
VRF info: (vrf in name/id, vrf out name/id)
1 50.32.52.32 9 msec 3 msec 2 msec
2 30.32.33.33 [MPLS: Labels 303310/300616/202209 Exp 0] 31 msec 30 msec 36 msec
3 30.31.33.31 [MPLS: Labels 303106/300616/202209 Exp 0] 33 msec 31 msec 32 msec
4 30.6.31.6 [MPLS: Labels 300616/202209 Exp 0] 32 msec 29 msec 51 msec
5 10.4.6.4 [MPLS: Labels 100413/200113/202209 Exp 0] 31 msec 28 msec 31 msec
6 10.4.5.5 [MPLS: Labels 100513/200113/202209 Exp 0] 28 msec 30 msec 39 msec
7 10.3.5.3 [MPLS: Labels 100313/200113/202209 Exp 0] 28 msec 41 msec 29 msec
8 10.2.3.2 [MPLS: Labels 100213/200113/202209 Exp 0] 27 msec 26 msec 37 msec
9 10.1.2.1 [MPLS: Labels 200113/202209 Exp 0] 27 msec 27 msec 47 msec
10 20.1.21.21 [MPLS: Labels 202104/202209 Exp 0] 32 msec 39 msec 29 msec
11 20.21.22.22 [MPLS: Label 202209 Exp 0] 37 msec 32 msec 41 msec
12 40.22.42.42 28 msec * 57 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

Objective

First we will configure Segment-Routing and TI-LFA in all IGP domains and prefer LDP as
MPLS control-plane. Then we will prefer SR and ensure an equivalent BGP Prefix-SID is
allocated for inter-domain communication, and it remains the same end-to-end. Finally we
will entirely remove LDP from all IGP domains. This change will also require to reconfigure
the RED TE path with SRTE.

Target topology

Lab 2 - Target Topology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 1.1. SR and TI-LFA in Access 1

Configure SR & TI-LFA on all routers in Access-1 domain as follows:

▪ Use SRGB range from 16000 to 23999
▪ Assign Prefix-SID based on Loopback0
▪ Ensure Segment-Routing is enabled for IPv4 control-plane.
▪ Ensure LDP is preferred over SR
▪ Configure TI-LFA
▪ Ensure TI-LFA is protecting LDP traffic
▪ Once task is completed L2VPN and L3VPN services must be operational

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1 - ASBR

C-XR1, C-XR11:
!
segment-routing
global-block 16000 23999
!
router ospf 10
segment-routing mpls
fast-reroute per-prefix ti-lfa enable
!
area 0
interface lo0
prefix-sid index X <<< X is Router Node ID

Access 1 - P and PE

A1-XR21, A1-XR22:
!
segment-routing
global-block 16000 23999
!
router ospf 10
segment-routing mpls
fast-reroute per-prefix ti-lfa enable
!
area 0
interface lo0
prefix-sid index X <<< X is Router Node ID

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 204 out of 326
A1-R23:
!
segment-routing mpls
global-block 16000 23999
!
connected-prefix-sid-map
address-family ipv4
23.23.23.23/32 index 23
!
router ospf 10
segment-routing mpls
segment-routing area 0 mpls
fast-reroute per-prefix ti-lfa
fast-reroute per-prefix ti-lfa area 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ SRLB and SRGB size

RP/0/RP0/CPU0:A1-XR22#show mpls label table detail | b 15000

0 15000 LSD(A) InUse No
(Lbl-blk SRLB, vers:0, (start_label=15000, size=1000, app_notify=0)
0 16000 OSPF(A):ospf-10 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)

<snip>

▪ Segment-Routing labels in SID database

RP/0/RP0/CPU0:A1-XR22#show ospf sid-database

SID Database for ospf 10 with ID 22.22.22.22

SID Prefix/Mask
-------- ------------------
1 1.1.1.1/32
11 11.11.11.11/32
21 21.21.21.21/32
22 22.22.22.22/32 (L)
23 23.23.23.23/32

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show mpls forwarding

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 207 out of 326
LDP traffic protected by TI-LFA
Simulate A1-XR21 failure by temporary shutdown all its interfaces so that
Access-1 domain becomes a Ring topology.

A1-XR21:
!
interface Gi0/0/0/0-1-2-3
shutdown

➢ TI-LFA is triggered for traffic sourced from A1-XR22 at destination to C-XR1.

Note that TI-LFA is preferred over R-LFA to protect LDP link “A1-XR22 - C-XR1”.
Here, C-XR11 is choosen as PQ node.

RP/0/RP0/CPU0:A1-XR22#sh route 1.1.1.1/32

Routing entry for 1.1.1.1/32
Known via "ospf 10", distance 110, metric 2, labeled SR, type intra area
Installed May 7 12:02:57.630 for 00:23:21
Routing Descriptor Blocks
20.22.23.23, from 1.1.1.1, via GigabitEthernet0/0/0/0, Backup (TI-LFA)
Repair Node(s): 11.11.11.11
Route metric is 4
20.1.22.1, from 1.1.1.1, via GigabitEthernet0/0/0/2, Protected
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A1-XR22#show cef 1.1.1.1/32

1.1.1.1/32, version 329, labeled SR, internal 0x1000001 0x85f0 (ptr 0xdcf5f28) [1], 0x0
(0xe4ebbe8), 0xa28 (0xf5bd7d8)
Updated May 7 12:02:57.644
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 15
Extensions: context-label:16001
via 20.22.23.23/32, GigabitEthernet0/0/0/0, 8 dependencies, weight 0, class 0, backup [flags
0x300]
path-idx 0 NHID 0x0 [0xf27e440 0x0]
next hop 20.22.23.23/32
remote adjacency
local label 202200 labels imposed {202303 16001}
via 20.1.22.1/32, GigabitEthernet0/0/0/2, 6 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf414368 0xf4148d8]
next hop 20.1.22.1/32
local label 202200 labels imposed {ImplNull}

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR21:
!
rollback config last 1

▪ Verify L2VPN services for Customer 1

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected

XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
evpn_vpws evpn1 UP Gi0/0/0/4.10 UP EVPN 2,10,32.32.32.32 UP
----------------------------------------------------------------------------------------

RP/0/0/CPU0:CE-XR41#ping 192.168.50.51
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.51, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show l2vpn service xconnect all

Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
pw100012 right 33.33.33.33:10(MPLS) 0 UP UP

SW1#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/28/39 ms

SW1#ping 192.168.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.120.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/25 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 0 100 0 45 i

Processed 2 prefixes, 2 paths

RP/0/0/CPU0:CE-XR42#ping 52.52.52.52 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 52.52.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

▪ Verify L3VPN services for Customer 3

A1-R23#sh bgp vpnv4 unicast vrf cust-3 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:23 (default for vrf cust-3)
*> 43.43.43.43/32 40.23.43.43 2 32768 ?
r>i 53.53.53.53/32 33.33.33.33 2 100 0?
*> 123.123.123.123/32
0.0.0.0 0 32768 i
*>i 133.133.133.133/32
33.33.33.33 0 100 0i

RP/0/0/CPU0:CE-XR43#ping 53.53.53.53 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 53.53.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/17/29 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Configure SR & TI-LFA on all routers in Access-2 domain as follows:

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 2 - ASBR

C-XR6, C-XR16:
!
segment-routing
global-block 16000 23999
!
router ospf 20
segment-routing mpls
fast-reroute per-prefix ti-lfa enable
!
area 0
interface lo0
prefix-sid index X <<< X is Router Node ID

Access 2 - P and PE

A2-R31, A2-R33:
!
segment-routing mpls
global-block 16000 23999
!
connected-prefix-sid-map
address-family ipv4
X.X.X.X/32 index X <<< X is Router Node ID
!
router ospf 20
segment-routing mpls
segment-routing area 0 mpls
fast-reroute per-prefix ti-lfa
fast-reroute per-prefix ti-lfa area 0

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 213 out of 326
A2-XR32:
!
segment-routing
global-block 16000 23999
!
router ospf 20
segment-routing mpls
fast-reroute per-prefix ti-lfa enable
!
area 0
interface lo0
prefix-sid index 32

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ SRLB and SRGB size

RP/0/RP0/CPU0:A1-XR32#show mpls label table detail | b 15000

0 15000 LSD(A) InUse No
(Lbl-blk SRLB, vers:0, (start_label=15000, size=1000, app_notify=0)
0 16000 OSPF(A):ospf-20 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)

<snip>

▪ Segment-Routing labels in SID database

RP/0/RP0/CPU0:A1-XR32#show ospf sid-database

SID Database for ospf 10 with ID 32.32.32.32

SID Prefix/Mask
-------- ------------------
6 6.6.6.6/32
16 16.16.16.16/32
31 31.31.31.31/32
32 32.32.32.32/32 (L)
33 33.33.33.33/32

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR32#show mpls forwarding

Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16006 Pop SR Pfx (idx 6) tt1 6.6.6.6 0
16016 16016 SR Pfx (idx 16) tt1 6.6.6.6 0
16016 SR Pfx (idx 16) Gi0/0/0/0 30.31.32.31 0
16016 SR Pfx (idx 16) Gi0/0/0/1 30.32.33.33 0
16031 Pop SR Pfx (idx 31) Gi0/0/0/0 30.31.32.31 0
16031 SR Pfx (idx 31) Gi0/0/0/1 30.32.33.33 0 (!)
16033 Pop SR Pfx (idx 33) Gi0/0/0/1 30.32.33.33 0
16033 SR Pfx (idx 33) Gi0/0/0/0 30.31.32.31 0 (!)
303200 Pop 6.6.6.6/32 tt1 6.6.6.6 33179
303201 16016 16.16.16.16/32 tt1 6.6.6.6 0
303101 16.16.16.16/32 Gi0/0/0/0 30.31.32.31 28198
303304 16.16.16.16/32 Gi0/0/0/1 30.32.33.33 0
303202 Pop 31.31.31.31/32 Gi0/0/0/0 30.31.32.31 31378
303303 31.31.31.31/32 Gi0/0/0/1 30.32.33.33 0 (!)
303203 Pop 33.33.33.33/32 Gi0/0/0/1 30.32.33.33 31484
303102 33.33.33.33/32 Gi0/0/0/0 30.31.32.31 0 (!)
303204 Aggregate 32.32.32.32/32 default 0
303205 300606 10.10.10.10/32 6.6.6.6 0
301607 10.10.10.10/32 16.16.16.16 0 (!)
303206 300616 22.22.22.22/32 6.6.6.6 0
301616 22.22.22.22/32 16.16.16.16 0 (!)
303207 301617 23.23.23.23/32 16.16.16.16 0
300617 23.23.23.23/32 6.6.6.6 0 (!)
303208 300611 110.110.110.110/32 6.6.6.6 0
301612 110.110.110.110/32 16.16.16.16 0 (!)
303209 Unlabelled 52.52.52.52/32[V] Gi0/0/0/3 50.32.52.52 0
303210 Pop SR Adj (idx 0) Gi0/0/0/0 30.31.32.31 0
303211 303310 TE: 1 Gi0/0/0/1 30.32.33.33 926010
303212 Pop PW(EVI=2 AC-ID=5) Gi0/0/0/4.10 point2point 1146669504
303213 Pop SR Adj (idx 0) Gi0/0/0/0 30.31.32.31 0
16031 SR Adj (idx 0) Gi0/0/0/1 30.32.33.33 0 (!)
303214 Pop SR Adj (idx 0) Gi0/0/0/1 30.32.33.33 0
303215 Pop SR Adj (idx 0) Gi0/0/0/1 30.32.33.33 0
16033 SR Adj (idx 0) Gi0/0/0/0 30.31.32.31 0 (!)
303216 Pop SR Adj (idx 0) Gi0/0/0/2 30.6.32.6 0
303217 Pop SR Adj (idx 0) Gi0/0/0/2 30.6.32.6 0
16006 SR Adj (idx 0) Gi0/0/0/0 30.31.32.31 0 (!)

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 216 out of 326
LDP traffic protected by TI-LFA
Simulate A2-R31 failure by temporary shutdown all its interfaces so that
Access-2 domain becomes a Ring topology.

A2-R31:
!
interface range Gi1-4
shutdown

➢ TI-LFA is triggered for traffic sourced from A2-XR32 at destination to A2-R33.

Note that TI-LFA is preferred over R-LFA to protect LDP link “A2-XR32 - A2-R33”.
Here, C-XR16 has been choosen as PQ node.

RP/0/RP0/CPU0:A1-XR22#sh route 33.33.33.33/32

Routing entry for 33.33.33.33/32
Known via "ospf 20", distance 110, metric 2, labeled SR, type intra area
Installed May 7 12:52:41.351 for 00:07:20
Routing Descriptor Blocks
30.6.32.6, from 33.33.33.33, via GigabitEthernet0/0/0/2, Backup (TI-LFA)
Repair Node(s): 16.16.16.16
Route metric is 4
30.32.33.33, from 33.33.33.33, via GigabitEthernet0/0/0/1, Protected
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A1-XR22#show cef 33.33.33.33/32

33.33.33.33/32, version 619, labeled SR, internal 0x1000001 0x85f0 (ptr 0xd902db8) [1], 0x0
(0xe249ac8), 0xa28 (0xf5b2648)
Updated May 7 12:52:41.876
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 15
Extensions: context-label:16033
via 30.6.32.6/32, GigabitEthernet0/0/0/2, 13 dependencies, weight 0, class 0, backup [flags
0x300]
path-idx 0 NHID 0x0 [0xf25b738 0x0]
next hop 30.6.32.6/32
remote adjacency
local label 303203 labels imposed {300612 16033}
via 30.32.33.33/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0, protected [flags
0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf6a1d60 0xf6a1c78]
next hop 30.32.33.33/32
local label 303203 labels imposed {ImplNull}

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-R31:
!
interface range Gi1-4
no shut

▪ Verify L2VPN services for Customer 1

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected

XConnect Segment 1 Segment 2

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show l2vpn service xconnect all

Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
pw100012 right 33.33.33.33:10(MPLS) 0 UP UP

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 0 100 0 45 i

Processed 2 prefixes, 2 paths

RP/0/0/CPU0:CE-XR42#ping 52.52.52.52 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 52.52.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

▪ Verify L3VPN services for Customer 3

A1-R23#sh bgp vpnv4 unicast vrf cust-3 | b Network

RP/0/0/CPU0:CE-XR43#ping 53.53.53.53 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 53.53.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/17/29 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Configure SR & TI-LFA on all routers in Core domain as follows:

Converged SDN Transport for CCIE Service Provider v5 | v202104

Core - ASBR

C-XR1, C-XR11, C-XR6, C-XR16:

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR3, C-XR13, C-XR5, X-XR15:

!
segment-routing
global-block 16000 23999
!
router isis 1
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface lo0
address-family ipv4 unicast
prefix-sid index X <<< X is Router Node ID
!
interface Gi0/0/0/0
address-family ipv4 unicast
fast-reroute per-prefix ti-lfa
!
interface Gi0/0/0/1
address-family ipv4 unicast
fast-reroute per-prefix ti-lfa
!
interface Gi0/0/0/2
address-family ipv4 unicast
fast-reroute per-prefix ti-lfa
!
interface Gi0/0/0/4
address-family ipv4 unicast
fast-reroute per-prefix ti-lfa

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR2, C-XR12, C-XR4, C-XR14:

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR10:
!
segment-routing
global-block 16000 23999
!
router isis 1
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface lo0
address-family ipv4 unicast
prefix-sid index 10

Service RR

C-R110:
!
segment-routing mpls
global-block 16000 23999
!
connected-prefix-sid-map
address-family ipv4
110.110.110.110/32 index 110
!
router isis 1
metric-style wide
segment-routing mpls

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ SRLB and SRGB size

RP/0/RP0/CPU0:C-XR2#show mpls label table detail | b 15000

0 15000 LSD(A) InUse No
(Lbl-blk SRLB, vers:0, (start_label=15000, size=1000, app_notify=0)
0 16000 ISIS(A):1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)

<snip>

▪ Segment-Routing labels

RP/0/0/CPU0:C-XR2#show isis segment-routing label table

IS-IS 1 IS Label Table
Label Prefix/Interface
---------- ----------------
16001 1.1.1.1/32
16002 Loopback0
16003 3.3.3.3/32
16004 4.4.4.4/32
16005 5.5.5.5/32
16006 6.6.6.6/32
16010 10.10.10.10/32
16011 11.11.11.11/32
16012 12.12.12.12/32
16013 13.13.13.13/32
16014 14.14.14.14/32
16015 15.15.15.15/32
16016 16.16.16.16/32
16110 110.110.110.110/32

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:C-XR2#show mpls forwarding

Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.1.2.1 0
Pop SR Pfx (idx 1) Gi0/0/0/1 10.2.3.3 0 (!)
16003 Pop SR Pfx (idx 3) Gi0/0/0/1 10.2.3.3 0
16013 SR Pfx (idx 3) Gi0/0/0/4 10.2.12.12 0 (!)
16004 16004 SR Pfx (idx 4) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 4) Gi0/0/0/1 10.2.3.3 0 (!)
16005 16005 SR Pfx (idx 5) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 5) Gi0/0/0/1 10.2.3.3 0 (!)
16006 16006 SR Pfx (idx 6) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 6) Gi0/0/0/1 10.2.3.3 0 (!)
16010 Pop SR Pfx (idx 10) Gi0/0/0/3 10.2.10.10 0
16011 16011 SR Pfx (idx 11) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 11) Gi0/0/0/1 10.2.3.3 0 (!)
16012 Pop SR Pfx (idx 12) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 12) Gi0/0/0/1 10.2.3.3 0 (!)
16013 16013 SR Pfx (idx 13) Gi0/0/0/1 10.2.3.3 0
16013 SR Pfx (idx 13) Gi0/0/0/4 10.2.12.12 0
16014 16014 SR Pfx (idx 14) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 14) Gi0/0/0/1 10.2.3.3 0 (!)
16015 16015 SR Pfx (idx 15) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 15) Gi0/0/0/1 10.2.3.3 0 (!)
16016 16016 SR Pfx (idx 16) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 16) Gi0/0/0/1 10.2.3.3 0 (!)
16110 16110 SR Pfx (idx 110) Gi0/0/0/4 10.2.12.12 0
16013 SR Pfx (idx 110) Gi0/0/0/1 10.2.3.3 0 (!)
100200 Pop 10.10.10.10/32 Gi0/0/0/3 10.2.10.10 342976
100201 Pop 3.3.3.3/32 Gi0/0/0/1 10.2.3.3 358160
101200 3.3.3.3/32 Gi0/0/0/4 10.2.12.12 0 (!)
100202 Pop 12.12.12.12/32 Gi0/0/0/4 10.2.12.12 182400
100300 12.12.12.12/32 Gi0/0/0/1 10.2.3.3 0 (!)
100203 101207 4.4.4.4/32 Gi0/0/0/4 10.2.12.12 184920
100300 4.4.4.4/32 Gi0/0/0/1 10.2.3.3 0 (!)
100204 101208 5.5.5.5/32 Gi0/0/0/4 10.2.12.12 0
100300 5.5.5.5/32 Gi0/0/0/1 10.2.3.3 0 (!)
100205 101210 15.15.15.15/32 Gi0/0/0/4 10.2.12.12 0
100300 15.15.15.15/32 Gi0/0/0/1 10.2.3.3 0 (!)
100206 101203 14.14.14.14/32 Gi0/0/0/4 10.2.12.12 0
100300 14.14.14.14/32 Gi0/0/0/1 10.2.3.3 0 (!)
100207 101212 16.16.16.16/32 Gi0/0/0/4 10.2.12.12 33924
100300 16.16.16.16/32 Gi0/0/0/1 10.2.3.3 0 (!)
100208 Pop 1.1.1.1/32 Gi0/0/0/0 10.1.2.1 390240
Pop 1.1.1.1/32 Gi0/0/0/1 10.2.3.3 0 (!)
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 227 out of 326
100209 101202 11.11.11.11/32 Gi0/0/0/4 10.2.12.12 33510
100300 11.11.11.11/32 Gi0/0/0/1 10.2.3.3 0 (!)
100210 101211 6.6.6.6/32 Gi0/0/0/4 10.2.12.12 34798
100300 6.6.6.6/32 Gi0/0/0/1 10.2.3.3 0 (!)
100211 101209 110.110.110.110/32 Gi0/0/0/4 10.2.12.12 70558
100300 110.110.110.110/32 Gi0/0/0/1 10.2.3.3 0 (!)
100212 100300 13.13.13.13/32 Gi0/0/0/1 10.2.3.3 0
101200 13.13.13.13/32 Gi0/0/0/4 10.2.12.12 0
100213 Pop TE: 1 Gi0/0/0/0 10.1.2.1 52307
100214 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.2.1 0
Pop SR Adj (idx 1) Gi0/0/0/1 10.2.3.3 0 (!)
100215 Pop SR Adj (idx 3) Gi0/0/0/0 10.1.2.1 0
100216 Pop SR Adj (idx 1) Gi0/0/0/2 10.2.4.4 0
16013 SR Adj (idx 1) Gi0/0/0/1 10.2.3.3 0 (!)
100217 Pop SR Adj (idx 3) Gi0/0/0/2 10.2.4.4 0
100218 Pop SR Adj (idx 1) Gi0/0/0/1 10.2.3.3 0
16013 SR Adj (idx 1) Gi0/0/0/4 10.2.12.12 0 (!)
100219 Pop SR Adj (idx 3) Gi0/0/0/1 10.2.3.3 0
100220 Pop SR Adj (idx 1) Gi0/0/0/3 10.2.10.10 0
100221 Pop SR Adj (idx 3) Gi0/0/0/3 10.2.10.10 0
100222 Pop SR Adj (idx 1) Gi0/0/0/4 10.2.12.12 0
16013 SR Adj (idx 1) Gi0/0/0/1 10.2.3.3 0 (!)
100223 Pop SR Adj (idx 3) Gi0/0/0/4 10.2.12.12 0

▪ Verify LFA Fast-Reroute coverage

RP/0/0/CPU0:C-XR2#show isis fast-reroute summary

IS-IS 1 IPv4 Unicast FRR summary

Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 12 0 12
Some paths protected 0 0 0 0 0
Unprotected 0 0 1 0 1
Protection coverage 0.00% 0.00% 92.31% 0.00% 92.31%

➢ If we compare with the verifications of Remote-LFA in Lab 1, we got 30.77% of

protection coverage, and now we have 92.31%. Only 1 prefix is not protected.

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 228 out of 326
➢ That non-protected prefix belongs to C-XR10. And from C-XR2 viewpoint, it has no
redundant paths to C-XR10 in Core domain, hence it’s normal this prefix is not
protected by TI-LFA.

RP/0/0/CPU0:C-XR2#show isis fast-reroute | b Maximum

Maximum parallel path count: 8

L2 1.1.1.1/32 [50/115]
via 10.1.2.1, GigabitEthernet0/0/0/0, C-XR1, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 110
P node: C-XR3.00 [3.3.3.3], Label: ImpNull
Q node: C-XR1.00 [1.1.1.1], Label: 100315
Prefix label: ImpNull
Backup-src: C-XR1.00
L2 3.3.3.3/32 [10/115]
via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.12.12, GigabitEthernet0/0/0/4 C-XR12, SRGB Base:
16000, Weight: 0, Metric: 30
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16003
Backup-src: C-XR3.00
L2 4.4.4.4/32 [21/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 41
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16004
Backup-src: C-XR4.00
L2 5.5.5.5/32 [31/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 51
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16005
Backup-src: C-XR5.00
L2 6.6.6.6/32 [71/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 91
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16006
Backup-src: C-XR6.00
L2 10.10.10.10/32 [10/115]
via 10.2.10.10, GigabitEthernet0/0/0/3, C-XR10, SRGB Base: 16000, Weight: 0
No FRR backup
L2 11.11.11.11/32 [11/115]
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 229 out of 326
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 31
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16011
Backup-src: C-XR11.00
L2 12.12.12.12/32 [10/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 30
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16012
Backup-src: C-XR12.00
L2 13.13.13.13/32 [20/115]
via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, SRGB Base: 16000, Weight: 0
Backup path: LFA, via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000,
Weight: 0, Metric: 20
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: LFA, via 10.2.3.3, GigabitEthernet0/0/0/1, C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 20
L2 14.14.14.14/32 [11/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 31
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16014
Backup-src: C-XR14.00
L2 15.15.15.15/32 [21/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 41
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16015
Backup-src: C-XR15.00
L2 16.16.16.16/32 [12/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 32
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16016
Backup-src: C-XR16.00
L2 110.110.110.110/32 [31/115]
via 10.2.12.12, GigabitEthernet0/0/0/4, C-XR12, SRGB Base: 16000, Weight: 0
Backup path: TI-LFA (link), via 10.2.3.3, GigabitEthernet0/0/0/1 C-XR3, SRGB Base: 16000,
Weight: 0, Metric: 51
P node: C-XR13.00 [13.13.13.13], Label: 16013
Prefix label: 16110
Backup-src: C-R110.00
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 230 out of 326
▪ Verify L2VPN services for Customer 1

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected

XConnect Segment 1 Segment 2

▪ Verify L2VPN services for Customer 4

A1-R23#show l2vpn service xconnect all

Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
pw100012 right 33.33.33.33:10(MPLS) 0 UP UP

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 231 out of 326
SW1#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/28/39 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 0 100 0 45 i

Processed 2 prefixes, 2 paths

RP/0/0/CPU0:CE-XR42#ping 52.52.52.52 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 52.52.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

▪ Verify L3VPN services for Customer 3

A1-R23#sh bgp vpnv4 unicast vrf cust-3 | b Network

RP/0/0/CPU0:CE-XR43#ping 53.53.53.53 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 53.53.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/17/29 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Prefer SR and verify BGP Prefix-SID as follows:

▪ Prefer SR on all routers in Access 1
▪ Prefer SR on all routers in Access 2
▪ Prefer SR on all routers in Core
▪ Verify BGP-LU Prefix-SID operation
▪ Ensure BGP-LU Prefix-SID remains unchanged end-to-end
▪ Ensure MPLS-TE RED tunnel is still operationnal
▪ Ensure L2VPN and L3VPN services are operational

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1

C-XR1, C-XR11, A1-XR21, A1-XR22:

!
router ospf 10
segment-routing sr-prefer
!
commit label SR-PREF

A1-R23
!
segment-routing mpls
set-attributes
address-family ipv4
sr-label-preferred

Access 2

C-XR6, C-XR16, A2-XR32:

!
router ospf 20
segment-routing sr-prefer
!
commit label SR-PREF

A2-R31, A2-R33:
!
segment-routing mpls
set-attributes
address-family ipv4
sr-label-preferred

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1, C-XR11, C-XR6, C-XR16:

!
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
!
commit label SR-PREF-ISIS

C-XR3, C-XR13, C-XR5, C-XR15, C-XR2, C-XR12, C-XR4, C-XR14, C-XR10:

!
router isis 1
address-family ipv4 unicast
segment-routing mpls sr-prefer
!
commit label SR-PREF

C-R110:
!
segment-routing mpls
set-attributes
address-family ipv4
sr-label-preferred

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ BGP is not enabled with SR yet.

RP/0/0/CPU0:C-XR1#show mpls label table

Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 15000 LSD(A) InUse No
0 16000 OSPF(A):ospf-10 InUse No
ISIS(A):1 InUse No
0 200100 LDP(A) InUse Yes
0 200101 LDP(A) InUse Yes
0 200102 LDP(A) InUse Yes
BGP-VPNv4(A):bgp-default InUse No
0 200103 LDP(A) InUse Yes
0 200104 LDP(A) InUse Yes
0 200105 LDP(A) InUse Yes
0 200106 LDP(A) InUse Yes
0 200107 LDP(A) InUse Yes
0 200108 LDP(A) InUse Yes
0 200109 LDP(A) InUse Yes
0 200110 LDP(A) InUse Yes
0 200111 LDP(A) InUse Yes
BGP-VPNv4(A):bgp-default InUse No
0 200112 LDP(A) InUse Yes
0 200113 LDP(A) InUse Yes
BGP-VPNv4(A):bgp-default InUse No
0 200114 LDP(A) InUse Yes
0 200115 LDP(A) InUse Yes
BGP-VPNv4(A):bgp-default InUse No
0 200116 BGP-VPNv4(A):bgp-default InUse No
0 200117 BGP-VPNv4(A):bgp-default InUse No
<snip>

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1, C-XR11, C-XR6, C-XR16:

!
process bgp restart

RP/0/0/CPU0:C-XR1#show mpls label table

▪ Below trace from A1-XR22 to reach remote PE A2-XR32 shows a 2 labels stack.
First label is the IGP SR label to reach the ASBR which is the next-hop of the BGP-LU
Prefix-SID label that comes second. BGP-LU Prefix-SID 16032 remains unchanged
end-to-end, whereas the IGP label changes in every IGP domain in case it needs to be
resolved.

RP/0/RP0/CPU0:A1-XR22#traceroute 32.32.32.32 source lo0 numeric probe 1

Type escape sequence to abort.
Tracing the route to 32.32.32.32

1 20.1.22.1 [MPLS: Labels 16011/16032 Exp 0] 30 msec

2 20.11.21.11 [MPLS: Label 16032 Exp 0] 27 msec
3 10.11.12.12 [MPLS: Labels 16016/16032 Exp 0] 24 msec
4 10.12.14.14 [MPLS: Labels 16016/16032 Exp 0] 24 msec
5 10.14.16.16 [MPLS: Label 16032 Exp 0] 36 msec
6 30.16.33.33 [MPLS: Label 16032 Exp 0] 35 msec
7 30.32.33.32 31 msec

➢ In that direction, MPLS label 16011 in IGP domain is allocated by Segment-Routing.

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 238 out of 326
▪ Below trace from A1-XR22 to reach remote PE A2-XR32 shows a 2 labels stack.
First label is the IGP MPLS-TE label to reach the ASBR which is the next-hop of the
BGP-LU Prefix-SID label that comes second. BGP-LU Prefix-SID 16022 remains
unchanged end-to-end, whereas the IGP label changes in every IGP domain in case it
needs to be resolved.

RP/0/RP0/CPU0:A2-XR32#traceroute 22.22.22.22 source lo0 numeric

Type escape sequence to abort.
Tracing the route to 22.22.22.22
1 30.32.33.33 [MPLS: Labels 303318/16022 Exp 0] 42 msec 33 msec 43 msec
2 30.31.33.31 [MPLS: Labels 303108/16022 Exp 0] 35 msec 31 msec 33 msec
3 30.6.31.6 [MPLS: Label 16022 Exp 0] 28 msec 32 msec 27 msec
4 10.4.6.4 [MPLS: Labels 100413/16022 Exp 0] 30 msec 30 msec 29 msec
5 10.4.5.5 [MPLS: Labels 100522/16022 Exp 0] 29 msec 30 msec 33 msec
6 10.3.5.3 [MPLS: Labels 100322/16022 Exp 0] 29 msec 27 msec 33 msec
7 10.2.3.2 [MPLS: Labels 100213/16022 Exp 0] 28 msec 28 msec 25 msec
8 10.1.2.1 [MPLS: Label 16022 Exp 0] 36 msec 30 msec 24 msec
9 20.1.21.21 [MPLS: Label 202104 Exp 0] 27 msec 32 msec 26 msec
10 20.21.22.22 27 msec * 29 msec

➢ In that direction, MPLS labels in IGP domains are allocated by MPLS-TE.

▪ BGP Prefix-SID label 16022 is received on C-XR6 from C-XR1 and C-XR11 to reach
A1-XR22’s loopback. That label is derived from IGP Prefix-SID from Access 1.

RP/0/0/CPU0:C-XR6#sh bgp ipv4 labeled-unicast labels | b Network

Network Next Hop Rcvd Label Local Label
*>i10.10.10.10/32 10.10.10.10 3 300606
*>i22.22.22.22/32 11.11.11.11 16022 16022
*i 1.1.1.1 16022 16022
*>i23.23.23.23/32 11.11.11.11 16023 16023
*i 1.1.1.1 16023 16023
*> 32.32.32.32/32 30.6.32.32 nolabel 16032
*i 16.16.16.16 16032 16032
*> 33.33.33.33/32 30.6.31.31 nolabel 16033
*i 16.16.16.16 16033 16033
*>i110.110.110.110/32 10.10.10.10 101012 16110

➢ From BGP viewpoint, the best path to reach A1-XR22 is via C-XR11.
This is due to the calculated AIGP path which is better via C-XR11.
➢ But on C-XR6, remember that we have also an active MPLS-TE tunnel for the RED path
that overrides BGP best path calculation because that tunnel is configured to transit via C-
XR1 to reach A1-XR22.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#show mpls forwarding tunnels

Tunnel Outgoing Outgoing Next Hop Bytes
Name Label Interface Switched
-------------------------- ----------- ------------ --------------- ------------
tunnel-te1 303318 Gi0/0/0/1 30.32.33.33 671680

RP/0/0/CPU0:C-XR6#show mpls forwarding tunnels

Tunnel Outgoing Outgoing Next Hop Bytes
Name Label Interface Switched
-------------------------- ----------- ------------ --------------- ------------
tunnel-te1 100413 Gi0/0/0/0 10.4.6.4 563408

RP/0/0/CPU0:C-XR1#show mpls forwarding tunnels

Tunnel Outgoing Outgoing Next Hop Bytes
Name Label Interface Switched
-------------------------- ----------- ------------ --------------- ------------
tunnel-te1 202104 Gi0/0/0/2 20.1.21.21 766131

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Verify L2VPN services for Customer 1

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected

XConnect Segment 1 Segment 2

▪ Verify L2VPN services for Customer 4

A1-R23#show l2vpn service xconnect all

Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
pw100012 right 33.33.33.33:10(MPLS) 0 UP UP

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 241 out of 326
SW1#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/28/39 ms

▪ Verify L3VPN services for Customer 2

RP/0/RP0/CPU0:A1-XR22#show bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 0 100 0 45 i

Processed 2 prefixes, 2 paths

RP/0/0/CPU0:CE-XR42#ping 52.52.52.52 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 52.52.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#sh bgp vpnv4 unicast vrf cust-3 | b Network

RP/0/0/CPU0:CE-XR43#ping 53.53.53.53 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 53.53.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/17/29 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 2.1. Remove LDP + Use SRTE for RED path

Remove LDP on all routers as follows:

▪ Remove any LDP configuration in Access 1
▪ Remove any LDP configuration in Access 2
▪ Remove any LDP configuration in Core
▪ Decommision any existing MPLS-TE & RSVP configuration
▪ Re-configure RED tunnel with SRTE
▪ Ensure L2VPN and L3VPN services are operational

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access 1

A1-XR22, A1-XR21, C-XR1, C-XR11:

!
router ospf 10
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
no mpls ldp sync
no mpls ldp auto-config
!
no mpls ldp

A1-R23:
!
no mpls ldp session protection
no mpls ldp discovery targeted-hello accept
!
router ospf 10
no fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
no mpls ldp sync
no mpls ldp autoconfig
!
no mpls ldp router-id Loopback0

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR6, C-XR16, A2-XR32:

!
router ospf 20
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp
area 0
no mpls ldp sync
no mpls ldp auto-config
!
no mpls ldp

A2-R31, A2-R33:
!
no mpls ldp session protection
no mpls ldp discovery targeted-hello accept
!
router ospf 20
no fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
no mpls ldp sync
no mpls ldp autoconfig
!
no mpls ldp router-id Loopback0

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR3/5, C-XR12/13/14/15:
!
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/1
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/2
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/4
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
no mpls ldp

C-XR10:
!
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
no mpls ldp sync
!
no mpls ldp

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 247 out of 326
C-R110:
!
no mpls ldp session protection
!
router isis 1
no mpls ldp sync
no mpls ldp autoconfig
!
no mpls ldp router-id Loopback0

C-XR2, C-XR4:
!
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/1
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/2
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/3
address-family ipv4 unicast
no mpls ldp sync
!
interface Gi0/0/0/4
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
no mpls ldp

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 248 out of 326
C-XR1, C-XR11, C-XR6, C-XR16:
!
router isis 1
address-family ipv4 unicast
no mpls ldp auto-config
!
interface Gi0/0/0/0
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
interface Gi0/0/0/1
address-family ipv4 unicast
no fast-reroute per-prefix remote-lfa tunnel mpls-ldp level 2
no mpls ldp sync
!
no mpls ldp

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 249 out of 326
➢ Now that LDP is entirely decommissioned, MPLS label allocation in IGP is done only by
Segment-Routing. It means that LDP labels are no more in the LFIB. For that reason,
the RED path must be reconfigured with SRTE.

▪ First let’s remove MPLS-TE and RSVP configuration everywhere

On all XE routers:
!
interface GiX
no mpls traffic-eng tunnels
no ip rsvp bandwidth

On all XR routers:
!
no mpls traffic-eng
no rsvp

A2-XR32, C-XR6, C-XR1:

!
no interface Tunnel-te1

A2-R33:
!
no interface Tunnel1

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 250 out of 326
▪ Then, we configure 3 SRTE polices using an explicit-path. Binding-SID are also
configured to stitch those SRTE policies together to form an end-to-end LSP.

A2-XR32:
!
segment-routing
traffic-eng
segment-list SIDLIST_TO_C-XR6
index 1 mpls label 16033
index 2 mpls label 16031
index 3 mpls label 16006
index 4 mpls label 15900 <<< Binding-SID of C-XR6
!
policy SRTE_TO_C-XR6
color 777 end-point ipv4 6.6.6.6
autoroute
metric relative -1
include all
!
candidate-paths
preference 200
explicit segment-list SIDLIST_TO_C-XR6

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 251 out of 326
C-XR6:
!
segment-routing
traffic-eng
segment-list SIDLIST_TO_C-XR1
index 1 mpls label 16004
index 2 mpls label 16005
index 3 mpls label 100517 <<< Adjacency-SID is used to reach C-XR3
This is because C-XR5 best path to reach C-XR3 with
Prefix-SID 16003, is not using C-XR5---C-XR3 link.
index 4 mpls label 16002
index 5 mpls label 16001
index 6 mpls label 15888 <<< Binding-SID of C-XR1
!
binding-sid explicit fallback-dynamic
policy SRTE_TO_C-XR1
binding-sid mpls 15900 <<< C-XR6 local Binding-SID
color 777 end-point ipv4 1.1.1.1
autoroute
metric relative -1
include all
!
candidate-paths
preference 200
explicit segment-list SIDLIST_TO_C-XR1

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 252 out of 326
A2-XR1:
!
segment-routing
global-block 16000 23999
traffic-eng
segment-list SIDLIST_TO_A1-XR22
index 10 mpls label 16021
index 20 mpls label 16022
!
binding-sid explicit fallback-dynamic
policy SRTE_TO_A1-XR22
binding-sid mpls 15888 <<< C-XR1 local Binding-SID
color 777 end-point ipv4 22.22.22.22
autoroute
metric relative -1
include all
!
candidate-paths
preference 200
explicit segment-list SIDLIST_TO_A1-XR22

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ RED path trace is correct. As expected, it takes the configured explicit-paths to final
destination.

RP/0/RP0/CPU0:A2-XR32#traceroute 22.22.22.22 source lo0 numeric

Type escape sequence to abort.
Tracing the route to 22.22.22.22

1 30.32.33.33 [MPLS: Labels 16031/16006/15900/16022 Exp 0] 45 msec 31 msec 29 msec

2 30.31.33.31 [MPLS: Labels 16006/15900/16022 Exp 0] 31 msec 29 msec 27 msec
3 30.6.31.6 [MPLS: Labels 15900/16022 Exp 0] 29 msec 31 msec 28 msec
4 10.4.6.4 [MPLS: Labels 16005/100517/16002/16001/15888/16022 Exp 0] 29 msec 43 msec
28 msec
5 10.4.5.5 [MPLS: Labels 100517/16002/16001/15888/16022 Exp 0] 36 msec 29 msec 49 msec
6 10.3.5.3 [MPLS: Labels 16002/16001/15888/16022 Exp 0] 28 msec 29 msec 27 msec
7 10.2.3.2 [MPLS: Labels 16001/15888/16022 Exp 0] 28 msec 27 msec 31 msec
8 10.1.2.1 [MPLS: Labels 15888/16022 Exp 0] 26 msec 26 msec 28 msec
9 20.1.21.21 [MPLS: Labels 16022/16022 Exp 0] 28 msec 33 msec 36 msec
10 20.21.22.22 35 msec * 34 msec

➢ That trace shows the 2 configured Binding-SID used to stitch the 3 SRTE policies
together which forms that end-to-end LSP.
➢ All labels before the Binding-SID are the ones configured in the explicit-paths.
➢ Label after the Binding-ID is the BGP Prefix-SID which is derived from the IGP Prefix-
SID used in OSPF domain 1 to reach A1-XR22.

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ It looks like the pseudowire between the 2 PE is operational, but CE-to-CE connectivity
is broken.

RP/0/RP0/CPU0:A1-XR22#show l2vpn xconnect

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected

XConnect Segment 1 Segment 2

RP/0/0/CPU0:CE-XR41#ping 192.168.50.51
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.51, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

➢ ARP resolution of 192.168.50.51 is not working from CE-XR41

RP/0/0/CPU0:CE-XR41#clear arp-cache GigabitEthernet0/0/0/0.50 192.168.50.51 location all

RP/0/0/CPU0:CE-XR41#ping 192.168.50.51
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.51, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

RP/0/0/CPU0:CE-XR41#sh arp
-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address Age Hardware Addr State Type Interface
192.168.50.41 - 5254.0012.f76e Interface ARPA GigabitEthernet0/0/0/0.50
192.168.50.51 - 0000.0000.0000 Deleted ARPA GigabitEthernet0/0/0/0.50

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 255 out of 326
Issue is coming from the SRTE tunnel used for the RED path which is in
place on A2-XR32. That tunnel is actually not used as the preferred path by
EVPN-VPWS.

▪ If we disable the SRTE tunnel, then CE-to-CE traffic sent through the EVPN-VPWS
pseudowire is working instantly.

RP/0/RP0/CPU0:A2-XR32(config)#segment-routing
RP/0/RP0/CPU0:A2-XR32(config-sr)#no traffic-eng
RP/0/RP0/CPU0:A2-XR32(config-sr)#commit label SRTE

➢ Now we need to adjust EVPN-VPWS configuration on A2-XR32 so that it uses the

SRTE tunnel as the preferred path.

RP/0/RP0/CPU0:A2-XR32#rollback config SRTE

RP/0/RP0/CPU0:A2-XR32#show segment-routing traffic-eng policy candidate-path name

SRTE_TO_C-XR6 | i Name
Name: srte_c_777_ep_6.6.6.6
Name: SRTE_TO_C-XR6

A2-XR32:
!
l2vpn
pw-class 3222
encapsulation mpls
preferred-path sr-te policy srte_c_777_ep_6.6.6.6 fallback disable
!
!
xconnect group evpn_vpws
p2p evpn1
interface GigabitEthernet0/0/0/4.10
neighbor evpn evi 2 target 5 source 10
pw-class 3222

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 256 out of 326
➢ EVPN-VPWS is now using SRTE as the preferred path, with the EVPN local label
being used as the Binding-SID label for the SRTE tunnel.

RP/0/RP0/CPU0:A2-XR32#show l2vpn xconnect detail | i "EVPN:|Preferred path|Tunnel"

EVPN: neighbor 22.22.22.22, PW ID: evi 2, ac-id 5, state is up ( established )
Preferred path Active : SR TE srte_c_777_ep_6.6.6.6 (BSID:303212, IFH:0x7c), Statically
configured, fallback disabled
Tunnel : Up

➢ This can also be verifed in the LFIB

RP/0/RP0/CPU0:A2-XR32#show mpls forwarding labels 303212 detail

Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
303212 Pop No ID srte_c_777_e point2point 2360
Updated: May 13 07:02:04.038
Version: 808, Priority: 2
Label Stack (Top -> Bottom): { Unlabelled Imp-Null }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 0/0, MTU: 0
Outgoing Interface: srte_c_777_ep_6.6.6.6 (ifhandle 0x0000007c)
Packets Switched: 20

▪ Finally, CE-to-CE connectivity is working now

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show l2vpn service xconnect all detail

Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected

Interface Group Encapsulation Prio St XC St

--------- ----- ------------- ---- -- -----
VPWS name: CST, State: Incomplete
VPWS name: Gi5-10, State: UP
Gi5 left Gi5:10(Ethernet) 0 UP UP
Interworking: vlan
pw100021 right 33.33.33.33:10(MPLS) 0 UP UP
Local VC label 202348
Remote VC label 303309
pw-class: VC_2333_VLAN

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 258 out of 326
CE-to-CE connectivity is working. For Customer 4, we are not using any
SRTE policies. Additionnaly the L2VPN that is in place is EoMPLS, where the
2 PE are using a targeted LDP session between each other.

A1-R23#show mpls ldp nei

Peer LDP Ident: 33.33.33.33:0; Local LDP Ident 23.23.23.23:0
TCP connection: 33.33.33.33.49547 - 23.23.23.23.646
State: Oper; Msgs sent/rcvd: 20/20; Downstream
Up time: 00:07:11
LDP discovery sources:
Targeted Hello 23.23.23.23 -> 33.33.33.33, active, passive
Addresses bound to peer LDP Ident:
30.31.33.33 30.32.33.33 30.16.33.33 33.33.33.33

A2-R33#sh mpls ldp nei

Peer LDP Ident: 23.23.23.23:0; Local LDP Ident 33.33.33.33:0
TCP connection: 23.23.23.23.646 - 33.33.33.33.49547
State: Oper; Msgs sent/rcvd: 21/21; Downstream
Up time: 00:08:36
LDP discovery sources:
Targeted Hello 33.33.33.33 -> 23.23.23.23, active, passive
Addresses bound to peer LDP Ident:
20.22.23.23 20.21.23.23 20.11.23.23 23.23.23.2

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show bgp vpnv4 unicast vrf cust-2 | b Network

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 0 100 0 45 i

Processed 2 prefixes, 2 paths

RP/0/0/CPU0:CE-XR42#ping 52.52.52.52 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 52.52.52.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 29/33/39 ms

▪ Verify L3VPN services for Customer 3

A1-R23#sh bgp vpnv4 unicast vrf cust-3 | b Network

RP/0/0/CPU0:CE-XR43#ping 53.53.53.53 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 53.53.53.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/17/29 ms

Converged SDN Transport for CCIE Service Provider v5 | v202104

Eg: on A1-XR22
RP/0/RP0/CPU0:A1-XR22#sh mpls label table
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 15000 LSD(A) InUse No
0 16000 OSPF(A):ospf-10 InUse No
BGP-VPNv4(A):bgp-default InUse No
0 202205 BGP-VPNv4(A):bgp-default InUse No
0 202209 BGP-VPNv4(A):bgp-default InUse No
0 202210 OSPF(A):ospf-10 InUse Yes
0 202211 L2VPN(A) InUse Yes
0 202212 OSPF(A):ospf-10 InUse Yes
0 202213 OSPF(A):ospf-10 InUse Yes
0 202214 OSPF(A):ospf-10 InUse Yes
0 202215 OSPF(A):ospf-10 InUse Yes
0 202216 OSPF(A):ospf-10 InUse Yes

Converged SDN Transport for CCIE Service Provider v5 | v202104

Objective

In the previous lab, we configured SR in each domain and we migrated from LDP to SR.
Then, we removed LDP in all domains to have MPLS labels for IGP and BGP allocated
only by Segment-routing. Consequently, we confirmed we got a BGP Prefix-SID label that
remains unchanged end-to-end. Now the tasks of this lab consist to ease the transition to
the converged SDN transport network. To achieve that we will pre-configure specific SDN
features, but without enable them. Thoses features will be enabled only in the next lab,
where the ultimate goal will be to remove BGP-LU and rely only on Segment-routing/SDN
to establish an end-to-end transport LSP.

Target topology

Figure : Lab 3 - Target Topology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 1.1. BGP-LS and IGP link-state

Figure : BGP-LS and IGP link-state

Configure BGP-LS neighborship as follows:

▪ Refer to the figure to achieve this task.
▪ Establish iBGP peerings between PCE and ASBR routers as follows:
o Use BGP link-state address-family
o PCE acts as RR
o ASBR are RR-clients
▪ Feeds IGP link-state database in BGP-LS as follows:
o ISIS-1 link-state database on C-XR1, C-XR11, C-XR6 and C-XR16
o OSPF-10 link-state database on C-XR1 and C-XR11
o OSPF-20 link-state database on C-XR6 and C-XR16
▪ Use a unique instance-ID for each IGP domain:
o Instance-id 1010 for ISIS 1
o Instance-id 1020 for OSPF 10
o Instance-id 1030 for OSPF 20
▪ Ensure IGP link-state database is also populated on PEs.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Advertisement of OSPF and ISIS link-state database from ASBR to PCE via BGP-LS

C-XR1, C-XR11, C-XR6, C-XR16:

!
router bgp 100
address-family link-state link-state
!
neighbor 10.10.10.10
address-family link-state link-state

C-XR10:
!
router bgp 100
address-family link-state link-state
!
neighbor 1.1.1.1
remote-as 100
update-source Loopback0
address-family link-state link-state
route-reflector-client
!
neighbor 11.11.11.11
remote-as 100
update-source Loopback0
address-family link-state link-state
route-reflector-client
!
neighbor 6.6.6.6
remote-as 100
update-source Loopback0
address-family link-state link-state
route-reflector-client
!
neighbor 16.16.16.16
remote-as 100
update-source Loopback0
address-family link-state link-state
route-reflector-client

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 264 out of 326
▪ All BGP sessions are UP, but we are still not receiving any link-state prefixes

RP/0/0/CPU0:C-XR10#sh bgp link-state link-state sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.1 0 100 43391 43856 5601 0 0 1d06h 0
6.6.6.6 0 100 43119 43985 5601 0 0 1d06h 0
11.11.11.11 0 100 42981 43934 5601 0 0 1d06h 0
16.16.16.16 0 100 43098 43814 5601 0 0 1d06h 0

▪ We need to feed the IGP link-state database in BGP-LS from the ASBR, so that PCE
can receive all IGP link-state topologies.

C-XR1, C-XR11:
!
router ospf 10
distribute link-state instance-id 1020
!
router isis 1
distribute link-state instance-id 1010

C-XR6, C-XR16:
!
router ospf 20
distribute link-state instance-id 1030
!
router isis 1
distribute link-state instance-id 1010

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Now PCE router is receiving IGP link-state prefixes from the ASBR

RP/0/0/CPU0:C-XR10#sh bgp link-state link-state sum | b Neighbor

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.1 0 100 44505 45120 5993 0 0 1d23h 98
6.6.6.6 0 100 44233 45249 5993 0 0 1d16h 98
11.11.11.11 0 100 44096 45198 5993 0 0 1d23h 98
16.16.16.16 0 100 44212 45078 5993 0 0 1d23h 98

RP/0/0/CPU0:C-XR10#sh bgp link-state link-state | b Prefix codes:

Prefix codes: E link, V node, T IP reacheable route, u/U unknown
I Identifier, N local node, R remote node, L link, P prefix
L1/L2 ISIS level-1/level-2, O OSPF, D direct, S static/peer-node
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n nbr-address, o OSPF Route-type, p IP-prefix
d designated router address
Network Next Hop Metric LocPrf Weight Path
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0001.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0002.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0003.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0004.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0005.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 266 out of 326
* i[V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0006.00]]/328
1.1.1.1 100 0i
*i 6.6.6.6 100 0i
*>i 11.11.11.11 100 0i
*i 16.16.16.16 100 0i
<snip>

RP/0/0/CPU0:C-XR10#sh bgp link-state link-state [V][L2][I0x3f2][N[c100][b0.0.0

.0][s0000.0000.0014.00]]/ 328 detail
BGP routing table entry for [V][L2][I0x3f2][N[c100][b0.0.0.0][s0000.0000.0014.00]]/328
NLRI Type: Node
Protocol: ISIS L2
Identifier: 0x3f2
Local Node Descriptor:
AS Number: 100
BGP Identifier: 0.0.0.0
ISO Node ID: 0000.0000.0014.00

Versions:
Process bRIB/RIB SendTblVer
Speaker 5898 5898
Flags: 0x00000001+0x00010000;
Last Modified: May 16 07:08:17.434 for 00:40:13
Paths: (4 available, best #3)
Advertised to update-groups (with more than one peer):
0.1
Path #1: Received by speaker 0
Flags: 0x4000000000020205, import: 0x20
Not advertised to any peer
Local, (Received from a RR-client)
1.1.1.1 (metric 60) from 1.1.1.1 (1.1.1.1)
Origin IGP, localpref 100, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Link-state: MSD: Type 1 Value 10, Node-name: C-XR14, ISIS area: 49.01.00
Local TE Router-ID: 14.14.14.14, SRGB: 16000:8000 ,
SR-ALG: 0 SR-ALG: 1 SRLB: 15000:1000
Path #2: Received by speaker 0
Flags: 0x4000000000020205, import: 0x20
Not advertised to any peer
Local, (Received from a RR-client)
6.6.6.6 (metric 81) from 6.6.6.6 (6.6.6.6)
Origin IGP, localpref 100, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Link-state: MSD: Type 1 Value 10, Node-name: C-XR14, ISIS area: 49.01.00
Local TE Router-ID: 14.14.14.14, SRGB: 16000:8000 ,
SR-ALG: 0 SR-ALG: 1 SRLB: 15000:1000

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 267 out of 326
Path #3: Received by speaker 0
Flags: 0x4000000001060205, import: 0x20
Advertised to update-groups (with more than one peer):
0.1
Local, (Received from a RR-client)
11.11.11.11 (metric 21) from 11.11.11.11 (11.11.11.11)
Origin IGP, localpref 100, valid, internal, best, group-best
Received Path ID 0, Local Path ID 1, version 5721
Link-state: MSD: Type 1 Value 10, Node-name: C-XR14, ISIS area: 49.01.00
Local TE Router-ID: 14.14.14.14, SRGB: 16000:8000 ,
SR-ALG: 0 SR-ALG: 1 SRLB: 15000:1000
Path #4: Received by speaker 0
Flags: 0x4000000000020205, import: 0x20
Not advertised to any peer
Local, (Received from a RR-client)
16.16.16.16 (metric 22) from 16.16.16.16 (16.16.16.16)
Origin IGP, localpref 100, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Link-state: MSD: Type 1 Value 10, Node-name: C-XR14, ISIS area: 49.01.00
Local TE Router-ID: 14.14.14.14, SRGB: 16000:8000 ,
SR-ALG: 0 SR-ALG: 1 SRLB: 15000:1000

▪ Same link-state information can be viewed in SRTE topology.

RP/0/0/CPU0:C-XR10#show segment-routing traffic-eng ipv4 topology summary

XTC Agent's topology database summary:
--------------------------------

Topology nodes: 20
Prefixes: 24
Prefix SIDs: 24
Links: 76
Adjacency SIDs: 148

Topology Ready Summary:

Ready: yes
Last HA case: startup
Timer value (sec): 300
Timer:
Running: no

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 268 out of 326
RP/0/0/CPU0:C-XR10#show segment-routing traffic-eng ipv4 topology traffic-eng 32.32.32.32
SR-TE topology database
-----------------------

Node 20
TE router ID: 32.32.32.32
OSPF router ID: 32.32.32.32 area ID: 0 domain ID: 1030
Prefix SID:
Prefix 32.32.32.32, label 16032 (regular)

Link[0]: local address 30.6.32.32, remote address 30.6.32.6

Local node:
OSPF router ID: 32.32.32.32 area ID: 0 domain ID: 1030
Remote node:
TE router ID: 6.6.6.6
Host name: C-XR6
OSPF router ID: 6.6.6.6 area ID: 0 domain ID: 1030
Metric: IGP 1, TE 1, Latency 1 microseconds
Bandwidth: Total link 125000000, Reservable 0
Admin-groups: 0x00000000
Admin-groups-detail:
Adj SID: 303202 (unprotected) 303203 (protected)

Link[1]: local address 30.31.32.32, remote address 30.31.32.31

Local node:
OSPF router ID: 32.32.32.32 area ID: 0 domain ID: 1030
Remote node:
TE router ID: 31.31.31.31
OSPF router ID: 31.31.31.31 area ID: 0 domain ID: 1030
Metric: IGP 1, TE 1, Latency 1 microseconds
Bandwidth: Total link 125000000, Reservable 0
Admin-groups: 0x00000000
Admin-groups-detail:
Adj SID: 303200 (unprotected) 303201 (protected)

Link[2]: local address 30.32.33.32, remote address 30.32.33.33

Local node:
OSPF router ID: 32.32.32.32 area ID: 0 domain ID: 1030
Remote node:
TE router ID: 33.33.33.33
OSPF router ID: 33.33.33.33 area ID: 0 domain ID: 1030
Metric: IGP 1, TE 1, Latency 1 microseconds
Bandwidth: Total link 125000000, Reservable 0
Admin-groups: 0x00000000
Admin-groups-detail:
Adj SID: 303214 (unprotected) 303215 (protected)

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : SR-PCE as SDN controller

Implement SR-PCE as follows:

▪ Refer to the figure to achieve this task.
▪ Configure C-XR10 as SR-PCE router
▪ Configure all PE as PCC routers
▪ Advertise PCE, PCC Service-RR is IGP domains
▪ Establish PCEP sessions between PCE and PCC routers.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Setup PCE and PCC routers

C-XR10:
!
pce
address ipv4 10.10.10.10
segment-routing
traffic-eng

A1-XR22:
!
segment-routing
traffic-eng
pcc
source-address ipv4 22.22.22.22
pce address ipv4 10.10.10.10

A2-XR32:
!
segment-routing
traffic-eng
pcc
source-address ipv4 32.32.32.32
pce address ipv4 10.10.10.10

A1-R23:
!
mpls traffic-eng tunnels
mpls traffic-eng pcc peer 10.10.10.10 source 23.23.23.23

A2-R33:
!
mpls traffic-eng tunnels
mpls traffic-eng pcc peer 10.10.10.10 source 33.33.33.33

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 271 out of 326
➢ PCE, PCC (PE) and Service-RR already have connectivity between them via BGP-LU.
However, the ultimate goal in the next lab (Converged SDN Transport) is to entirely
remove BGP-LU. For that reason, we need to advertise PCE and Service-RR in the
respective OSPF domains, and advertise PCC in ISIS core domain.

▪ Advertise PCE and Service-RR loopbacks in OSPF domains

C-XR1, C-XR11:
!
route-policy PCE_S-RR
if destination in (10.10.10.10/32,110.110.110.110/32) then
pass
endif
end-policy
!
router ospf 10
redistribute isis 1 route-policy PCE_S-RR

C-XR6, C-XR16:
!
route-policy PCE_S-RR
if destination in (10.10.10.10/32,110.110.110.110/32) then
pass
endif
end-policy
!
router ospf 20
redistribute isis 1 route-policy PCE_S-RR

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR1, C-XR11:
!
route-policy PE
if destination in (22.22.22.22/32,23.23.23.23/32) then
pass
endif
end-policy
!
router isis 1
address-family ipv4 unicast
redistribute ospf 10 route-policy PE

C-XR6, C-XR16:
!
route-policy PE
if destination in (32.32.32.32/32,33.33.33.33/32) then
pass
endif
end-policy
!
router isis 1
address-family ipv4 unicast
redistribute ospf 20 route-policy PE

➢ Router loopbacks are advertised via BGP and also via OSPF/ISIS. OSPF/ISIS have a
better AD than BGP, so the preferred path to reach those routers is now via IGP; this is
what we want.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Confirmation that PCE, PCC and Service-RR are learned via IGP

RP/0/RP0/CPU0:A1-XR22#sh route 10.10.10.10/32

Routing entry for 10.10.10.10/32
Known via "ospf 10", distance 110, metric 20, labeled SR, type extern 2
Installed May 17 08:05:30.450 for 00:41:25
Routing Descriptor Blocks
20.1.22.1, from 1.1.1.1, via GigabitEthernet0/0/0/2, Protected
Route metric is 20
20.21.22.21, from 1.1.1.1, via GigabitEthernet0/0/0/1, Backup (Local-LFA)
Route metric is 2
No advertising protos.

RP/0/RP0/CPU0:A1-XR22#sh route 110.110.110.110

Routing entry for 110.110.110.110/32
Known via "ospf 10", distance 110, metric 20, labeled SR, type extern 2
Installed May 17 08:05:30.450 for 00:42:13
Routing Descriptor Blocks
20.1.22.1, from 1.1.1.1, via GigabitEthernet0/0/0/2, Protected
Route metric is 20
20.21.22.21, from 1.1.1.1, via GigabitEthernet0/0/0/1, Backup (Local-LFA)
Route metric is 2
No advertising protos.

RP/0/0/CPU0:C-XR10#sh route 22.22.22.22/32

Routing entry for 22.22.22.22/32
Known via "isis 1", distance 115, metric 21, labeled SR, type level-2
Installed May 17 08:51:10.211 for 00:01:34
Routing Descriptor Blocks
10.2.10.2, from 11.11.11.11, via GigabitEthernet0/0/0/0
Route metric is 21
No advertising protos.

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 274 out of 326
C-R110#sh ip route 22.22.22.22
Routing entry for 22.22.22.22/32
Known via "isis", distance 115, metric 22, type level-2
Redistributing via isis 1
Last update from 10.4.110.4 on GigabitEthernet1, 00:02:34 ago
SR Incoming Label: 16022
Routing Descriptor Blocks:
* 10.4.110.4, from 11.11.11.11, 00:02:34 ago, via GigabitEthernet1, merge-labels
Route metric is 22, traffic share count is 1
MPLS label: 16022
MPLS Flags: NSF

▪ All PCEP sessions between PCE and PCC routers are established

RP/0/0/CPU0:C-XR10#show pce ipv4 peer

PCE's peer database:
--------------------
Peer address: 22.22.22.22
State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation

Peer address: 23.23.23.23

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation

Peer address: 32.32.32.32

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation

Peer address: 33.33.33.33

State: Up
Capabilities: Stateful, Segment-Routing, Update, Instantiation

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 275 out of 326
RP/0/RP0/CPU0:A1-XR22#show segment-routing traffic-eng pcc ipv4 peer
PCC's peer database:
--------------------

Peer address: 10.10.10.10, Precedence: 255, (best PCE)

State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation

RP/0/RP0/CPU0:A2-XR32#show segment-routing traffic-eng pcc ipv4 peer

PCC's peer database:
--------------------

Peer address: 10.10.10.10, Precedence: 255, (best PCE)

State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation

A1-R23#show pce client peer

PCC's peer database:
--------------------

Peer address: 10.10.10.10, Precedence: 255

Client TE_MPLS
State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation

A2-R33#show pce client peer

PCC's peer database:
--------------------

Peer address: 10.10.10.10, Precedence: 255

Client TE_MPLS
State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR10#show pce ipv4 path source 22.22.22.22 destination 32.32.32.32

Path:
----:
Hop0: 20.21.22.22
Hop1: 20.11.21.21
Hop2: 10.11.12.11
Hop3: 10.12.14.12
Hop4: 10.14.16.14
Hop5: 30.6.16.16
Hop6: 30.6.32.6

RP/0/0/CPU0:C-XR10#show pce ipv4 path source 32.32.32.32 destination 22.22.22.22

Path:
----:
Hop0: 30.6.32.32
Hop1: 30.6.16.6
Hop2: 10.14.16.16
Hop3: 10.12.14.14
Hop4: 10.11.12.12
Hop5: 20.11.21.11
Hop6: 20.21.22.21

RP/0/0/CPU0:C-XR10#show pce ipv4 path source 23.23.23.23 destination 33.33.33.33

Path:
----:
Hop0: 20.11.23.23
Hop1: 10.11.12.11
Hop2: 10.12.14.12
Hop3: 10.14.16.14
Hop4: 30.16.33.16

RP/0/0/CPU0:C-XR10#show pce ipv4 path source 33.33.33.33 destination 23.23.23.23

Path:
----:
Hop0: 30.16.33.33
Hop1: 10.14.16.16
Hop2: 10.12.14.14
Hop3: 10.11.12.12
Hop4: 20.11.23.11

Converged SDN Transport for CCIE Service Provider v5 | v202104

Objective

In the first place, we will enable SDN by configuring the SRTE policies to rely on SR-PCE
to calculate an LSP path, by specifying the tailends. Then, we will not specify the tailends,
and use On-demand Next-hop

Target topology

Lab 4 - Target Topology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 1.1. L3VPN steering with explicit-path

Figure : L3VPN service steering with explicit-path

Configure L3VPN service steering as follows :

▪ Refer to the figure to achieve this task.
▪ Remove SRTE config done previously on A2-XR32, C-XR6 and C-XR1.
▪ On A2-XR32 configure SRTE with below parameters :
o SID-list that match the RED path
o Maximum-SID (MSD) depth is 8
o SRTE policy name is “SRTE_To_A1-XR22”
o Binding-SID value of 50000
o Color 777 to reach tailend A1-XR22
o Candidate-path with a preference of 200 and associate the SID-list
Speficy the SID-list to the explicit path
▪ Configure *BGP AS on A1-XR22 with below parameters :
o Create and advertise extcommunity-set named RED with a value of 777
o extcommunity-set RED is for customer prefix 42.42.42.42/32
o Using a route-policy named “COLOR_777”, advertise customer prefix with its
respective color into VPNv4.
▪ Add a Null0 static route to A1-XR22

*BGP AS stands for BGP Automated Steering

Converged SDN Transport for CCIE Service Provider v5 | v202104

Remove previous SRTE configuration

A2-XR32, C-XR6, C-XR1:

!
segment-routing
no traffic-eng

RED Path

▪ Color BGP route on A1-XR22

A1-XR22:
!
extcommunity-set opaque RED
777
end-set
!
route-policy COLOR_777
if destination in (42.42.42.42/32) then
set extcommunity color RED
endif
end-policy
!
router bgp 100
neighbor 110.110.110.110
address-family vpnv4 unicast
route-policy COLOR_777 out

Converged SDN Transport for CCIE Service Provider v5 | v202104

A2-XR32:
!
segment-routing
traffic-eng
maximum-sid-depth 8
segment-list SIDLIST_To_A1-XR22
index 1 mpls label 16033
index 2 mpls label 16031
index 3 mpls label 16006
index 4 mpls label 16004
index 5 mpls label 16005
index 6 mpls label 100517 <<< Adjacency SID is used to reach C-XR3 directly
index 7 mpls label 16002
index 8 mpls label 16001
index 9 mpls label 16021
index 10 mpls label 16022
!
policy SRTE_To_A1-XR22
binding-sid mpls 50000
color 777 end-point ipv4 22.22.22.22
candidate-paths
preference 200
explicit segment-list SIDLIST_To_A2-XR22
!
router static
address-family ipv4 unicast
22.22.22.22/32 Null0

The static route to Null0 creates a CEF entry for remote PE.
This is required for A2-XR32 prefix to be recognized as best (>) in BGP table,
and hence to have a functionnal SRTE policy. Additionally, that static routes
is preempting the existing BGP-LU route.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ RED path / verify SRTE tunnel status

RP/0/RP0/CPU0:A2-XR32#show segment-routing traffic-eng policy

SR-TE policy database

---------------------

Color: 777, End-point: 22.22.22.22

Name: srte_c_777_ep_22.22.22.22
Status:
Admin: up Operational: down for 00:00:26 (since Jul 2 12:18:43.633)
Candidate-paths:
Preference: 200 (configuration)
Name: SRTE_To_A1-XR22
Requested BSID: 50000
Explicit: segment-list SIDLIST_To_A2-XR22 (invalid)
Last error: Label stack size exceeds MSD: 8
Weight: 1, Metric Type: TE
Attributes:
Forward Class: 0
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: no

Note: SRTE tunnel is down because the configured Maximum SID depth (MSD) value is
too small to account the configured SID-list requiring an MSD value of 9.

▪ RED path / Re-configure MSD value on A2-XR32 to be 9

A2-XR32:
!
segment-routing
traffic-eng
maximum-sid-depth 9

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#show segment-routing traffic-eng policy

SR-TE policy database

---------------------

Color: 777, End-point: 22.22.22.22

Name: srte_c_777_ep_22.22.22.22
Status:
Admin: up Operational: up for 5w0d (since May 28 06:51:55.144)
Candidate-paths:
Preference: 200 (configuration) (active)
Name: SRTE_To_A1-XR22
Requested BSID: 50000
Explicit: segment-list SIDLIST_To_A2-XR22 (valid)
Weight: 1, Metric Type: TE
16033
16031
16006
16004
16005
100517
16002
16001
16021
16022
Attributes:
Binding SID: 50000
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes

Note: With that new MSD value configured the tunnel is now operational. In that output,
the MSD value is not shown because the SRTE policy is not delegating the path
computation to PCE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A2-XR32#show bgp vrf cust-2

Fri Jul 2 10:41:50.632 UTC
BGP VRF cust-2, state: Active
BGP Route Distinguisher: 100:32
VRF ID: 0x60000001
BGP router identifier 32.32.32.32, local AS number 100
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000001 RD version: 18
BGP main routing table version 18
BGP NSR Initial initsync version 8 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
<snip>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:32 (default for vrf cust-2)
*>i42.42.42.42/32 22.22.22.22 C:777
0 100 0 45 i
*> 52.52.52.52/32 50.32.52.52 0 0 45 i
*> 152.152.152.152/32 50.32.52.52 0 0 45 i

Processed 3 prefixes, 3 paths

RP/0/RP0/CPU0:A1-XR22#show bgp vrf cust-2

BGP VRF cust-2, state: Active
BGP Route Distinguisher: 100:22
VRF ID: 0x60000002
BGP router identifier 22.22.22.22, local AS number 100
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000002 RD version: 93
BGP main routing table version 93
BGP NSR Initial initsync version 14 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
<snip>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:22 (default for vrf cust-2)
*> 42.42.42.42/32 40.22.42.42 0 0 45 i
*>i52.52.52.52/32 32.32.32.32 C:666
0 100 0 45 i
*>i152.152.152.152/32 32.32.32.32 C:152
0 100 0 45 i

Processed 3 prefixes, 3 paths

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : L3VPN service steering with ODN

Configure L3VPN steering as follows :

▪ Refer to the figure to achieve this task.
▪ Create a new cutomer network on CE-XR52
o Create Lo152 - 152.152.152.152/32 and advertise it in BGP
▪ On A1-XR22 configure SRTE with below parameters :
o On-demand color 666 (BLUE) to reach customer 52.52.52.52/32
Use “igp” as metric type
o On-demand color 152 (GREEN) to reach customer 152.152.152.152/32
Use “hopcount” as metric type
Maximum-SID (MSD) depth is 8
▪ Configure BGP AS on A2-XR32 with below parameters :
o Create and advertise extcommunity-set named BLUE with a value of 666
o Create and advertise extcommunity-set named GREEN with a value of 152
o extcommunity-set BLUE is for customer prefix 52.52.52.52/32
o extcommunity-set GREEN is for customer prefix 152.152.152.152/32
o Using a single route-policy named “CUST-2”, advertise both customer prefixes
with their respective color into VPNv4.
▪ Add a Null0 static route to A1-XR22

*ODN stands for On-Demand Next-hop

*BGP AS stands for BGP Automated Steering

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Color BGP routes on A2-XR32

A2-XR32:
!
extcommunity-set opaque BLUE
666
end-set
!
extcommunity-set opaque GREEN
152
end-set
!
route-policy CUST-2
if rd in (100:32) and destination in (52.52.52.52/32) then
set extcommunity color BLUE
endif
if rd in (100:32) and destination in (152.152.152.152/32) then
set extcommunity color GREEN
endif
end-policy
!
router bgp 100
neighbor 110.110.110.110
address-family vpnv4 unicast
route-policy CUST-2 out

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22:
!
segment-routing
global-block 16000 23999
traffic-eng
on-demand color 152
dynamic
pcep
!
metric
type hopcount
!
!
maximum-sid-depth 8
!
on-demand color 666
dynamic
pcep
!
metric
type igp
!
!
!
pcc
source-address ipv4 22.22.22.22
pce address ipv4 10.10.10.10
!
router static
address-family ipv4 unicast
32.32.32.32/32 Null0

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ BLUE path / verify SRTE ODN tunnel status

RP/0/RP0/CPU0:A1-XR22#show segment-routing traffic-eng policy color 666

SR-TE policy database

---------------------

Color: 666, End-point: 32.32.32.32

Name: srte_c_666_ep_32.32.32.32
Status:
Admin: up Operational: up for 1d14h (since Jun 30 20:45:39.152)
Candidate-paths:
Preference: 200 (BGP ODN) (shutdown)
Requested BSID: dynamic
Maximum SID Depth: 10
Dynamic (invalid)
Metric Type: IGP, Path Accumulated Metric: 0
Preference: 100 (BGP ODN) (active)
Requested BSID: dynamic
PCC info:
Symbolic name: bgp_c_666_ep_32.32.32.32_discr_100
PLSP-ID: 5
Maximum SID Depth: 10
Dynamic (pce 10.10.10.10) (valid)
Metric Type: IGP, Path Accumulated Metric: 7
16011 [Prefix-SID, 11.11.11.11]
16016 [Prefix-SID, 16.16.16.16]
16032 [Prefix-SID, 32.32.32.32]
Attributes:
Binding SID: 202212
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes

Note: In that output, the default Maximum SID depth value (10) is shown because the
SRTE policy is delegating the path computation to PCE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show segment-routing traffic-eng policy color 152

SR-TE policy database

---------------------

Color: 152, End-point: 32.32.32.32

Name: srte_c_152_ep_32.32.32.32
Status:
Admin: up Operational: up for 1d14h (since Jun 30 20:59:08.511)
Candidate-paths:
Preference: 200 (BGP ODN) (shutdown)
Requested BSID: dynamic
Maximum SID Depth: 8
Dynamic (invalid)
Metric Type: HOPCOUNT, Path Accumulated Metric: 0
Preference: 100 (BGP ODN) (active)
Requested BSID: dynamic
PCC info:
Symbolic name: bgp_c_152_ep_32.32.32.32_discr_100
PLSP-ID: 7
Maximum SID Depth: 8
Dynamic (pce 10.10.10.10) (valid)
Metric Type: HOPCOUNT, Path Accumulated Metric: 5
16001 [Prefix-SID, 1.1.1.1]
200127 [Adjacency-SID, 10.1.3.1 - 10.1.3.3]
100318 [Adjacency-SID, 10.3.5.3 - 10.3.5.5]
100518 [Adjacency-SID, 10.5.6.5 - 10.5.6.6]
16032 [Prefix-SID, 32.32.32.32]
Attributes:
Binding SID: 202217
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes

Note: In that output, the Maximum SID depth value is shown because that SRTE policy is
delegating the path computation to PCE.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/RP0/CPU0:A1-XR22#show bgp vrf cust-2

▪ GREEN path / verify BGP route coloring to reach 152.152.152.152/32

RP/0/RP0/CPU0:A1-XR22#show bgp vrf cust-2

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:CE-XR52#traceroute 42.42.42.42 source lo0

Type escape sequence to abort.

Tracing the route to 42.42.42.42

1 50.32.52.32 9 msec 0 msec 0 msec

2 30.32.33.33 [MPLS: Labels 16031/16006/16004/16005/100517/16002/16001/16021/16022/202207 Exp 0] 29 msec 39 msec 29
msec
3 30.31.33.31 [MPLS: Labels 16006/16004/16005/100517/16002/16001/16021/16022/202207 Exp 0] 29 msec 29 msec 29 msec
4 30.6.31.6 [MPLS: Labels 16004/16005/100517/16002/16001/16021/16022/202207 Exp 0] 29 msec 29 msec 39 msec
5 10.4.6.4 [MPLS: Labels 16005/100517/16002/16001/16021/16022/202207 Exp 0] 29 msec 29 msec 29 msec
6 10.4.5.5 [MPLS: Labels 100517/16002/16001/16021/16022/202207 Exp 0] 29 msec 29 msec 29 msec
7 10.3.5.3 [MPLS: Labels 16002/16001/16021/16022/202207 Exp 0] 19 msec 39 msec 29 msec
8 10.2.3.2 [MPLS: Labels 16001/16021/16022/202207 Exp 0] 19 msec 19 msec 29 msec
9 10.1.2.1 [MPLS: Labels 16021/16022/202207 Exp 0] 29 msec 29 msec 29 msec
10 20.1.21.21 [MPLS: Labels 16022/202207 Exp 0] 29 msec 79 msec 29 msec
11 20.21.22.22 [MPLS: Label 202207 Exp 0] 39 msec 39 msec 39 msec
12 40.22.42.42 29 msec * 29 msec

Note: RED traffic takes the expected path using the configured SID-list.

▪ Verify BLUE path from CE-XR42 to CE-XR52 (52.52.52.52)

RP/0/0/CPU0:CE-XR42#traceroute 52.52.52.52 source lo0 numeric

Type escape sequence to abort.

Tracing the route to 52.52.52.52

1 40.22.42.22 0 msec 0 msec 0 msec

2 20.1.22.1 [MPLS: Labels 16011/16016/16032/303207 Exp 0] 29 msec 29 msec
20.21.22.21 29 msec
3 20.11.23.11 [MPLS: Labels 16016/16032/303207 Exp 0] 29 msec
20.11.21.11 39 msec 29 msec
4 10.11.12.12 [MPLS: Labels 16016/16032/303207 Exp 0] 29 msec 29 msec 39 msec
5 10.12.14.14 [MPLS: Labels 16016/16032/303207 Exp 0] 29 msec 19 msec 29 msec
6 10.14.16.16 [MPLS: Labels 16032/303207 Exp 0] 29 msec 29 msec 39 msec
7 30.16.31.31 [MPLS: Labels 16032/303207 Exp 0] 59 msec 29 msec 59 msec
8 30.31.32.32 [MPLS: Label 303207 Exp 0] 39 msec 29 msec 29 msec
9 50.32.52.52 19 msec * 29 msec

Note: BLUE traffic takes the shortest path using IGP metric type.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:CE-XR42#traceroute 152.152.152.152 source lo0 numeric

Type escape sequence to abort.

Tracing the route to 152.152.152.152

1 40.22.42.22 9 msec 0 msec 0 msec

2 20.1.22.1 [MPLS: Labels 200127/100318/100518/16032/303208 Exp 0] 19 msec 49 msec 29 msec
3 10.1.3.3 [MPLS: Labels 100318/100518/16032/303208 Exp 0] 29 msec 19 msec 29 msec
4 10.3.5.5 [MPLS: Labels 100518/16032/303208 Exp 0] 19 msec 29 msec 19 msec
5 10.5.6.6 [MPLS: Labels 16032/303208 Exp 0] 39 msec 29 msec 29 msec
6 30.6.32.32 [MPLS: Label 303208 Exp 0] 29 msec 19 msec 39 msec
7 50.32.52.52 39 msec * 19 msec

Note: GREEN traffic takes the shortest path using hopcount metric type.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : L3VPN service steering with PCE-initiated

Configure L3VPN steering as follows :

▪ Refer to the figure to achieve this task.
▪ Remove SRTE configuration on A1-XR22 and A2-XR32.
▪ Implement PCE-initated SRTE policies
o Configure SRTE policies with same settings as in Task 1.1. and 1.2.

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Remove SRTE configuration on A1-XR22 and A2-XR32

A1-XR22:
!
segment-routing
traffic-eng
no on-demand color 152
no on-demand color 666

A2-XR32:
!
segment-routing
traffic-eng
no segment-list SIDLIST_To_A2-XR22
no maximum-sid-depth 9
no policy SRTE_To_A1-XR22

Converged SDN Transport for CCIE Service Provider v5 | v202104

C-XR10:
!
pce
address ipv4 10.10.10.10
segment-routing
traffic-eng
segment-list name SIDLIST_To_A1-XR22
index 1 mpls label 16033
index 2 mpls label 16031
index 3 mpls label 16006
index 4 mpls label 16004
index 5 mpls label 16005
index 6 mpls label 100517
index 7 mpls label 16002
index 8 mpls label 16001
index 9 mpls label 16021
index 10 mpls label 16022
!
peer ipv4 22.22.22.22
policy P1_A1-XR22_C152
color 152 end-point ipv4 32.32.32.32
candidate-paths
preference 200
dynamic mpls
metric
type hopcount
!
policy P2_A1-XR22_C666
color 666 end-point ipv4 32.32.32.32
candidate-paths
preference 200
dynamic mpls
metric
type igp
!
peer ipv4 32.32.32.32
policy P1_A2-XR32_C777
binding-sid mpls 50000
color 777 end-point ipv4 22.22.22.22
candidate-paths
preference 200
explicit segment-list SIDLIST_To_A1-XR22

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Verify SRTE policies status on the headends

RP/0/RP0/CPU0:A1-XR22#show segment-routing traffic-eng policy

SR-TE policy database

---------------------

Color: 152, End-point: 32.32.32.32

Name: srte_c_152_ep_32.32.32.32
Status:
Admin: up Operational: up for 01:48:07 (since Jul 3 13:18:40.732)
Candidate-paths:
Preference: 200 (PCEP) (active)
Name: P1_A1-XR22_C152
Requested BSID: dynamic
PCC info:
Symbolic name: P1_A1-XR22_C152
PLSP-ID: 11
Maximum SID Depth: 10
Dynamic (pce 10.10.10.10) (valid)
Metric Type: HOPCOUNT, Path Accumulated Metric: 5
16001 [Prefix-SID, 1.1.1.1]
200127 [Adjacency-SID, 10.1.3.1 - 10.1.3.3]
100318 [Adjacency-SID, 10.3.5.3 - 10.3.5.5]
100518 [Adjacency-SID, 10.5.6.5 - 10.5.6.6]
16032 [Prefix-SID, 32.32.32.32]
Attributes:
Binding SID: 202210
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes

Color: 666, End-point: 32.32.32.32

Name: srte_c_666_ep_32.32.32.32
Status:
Admin: up Operational: up for 01:45:35 (since Jul 3 13:21:12.264)
Candidate-paths:
Preference: 200 (PCEP) (active)
Name: P2_A1-XR22_C666
Requested BSID: dynamic
PCC info:
Symbolic name: P2_A1-XR22_C666
PLSP-ID: 12

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 296 out of 326
Maximum SID Depth: 10
Dynamic (pce 10.10.10.10) (valid)
Metric Type: IGP, Path Accumulated Metric: 7
16011 [Prefix-SID, 11.11.11.11]
16016 [Prefix-SID, 16.16.16.16]
16032 [Prefix-SID, 32.32.32.32]
Attributes:
Binding SID: 202216
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes

▪ Verify Tunnel LSPs for A1-XR22 on SR-PCE

RP/0/0/CPU0:C-XR10# show pce lsp pcc ipv4 22.22.22.22 detail

PCE's tunnel database:

PCC 22.22.22.22:

Tunnel Name: P1_A1-XR22_C152

Color: 152
Interface Name: srte_c_152_ep_32.32.32.32
LSPs:
LSP[0]:
source 22.22.22.22, destination 32.32.32.32, tunnel ID 10, LSP ID 5
State: Admin up, Operation up
Setup type: Segment Routing
Binding SID: 202210
Maximum SID Depth: 10
Absolute Metric Margin: 0
Relative Metric Margin: 0%
Preference: 200
Bandwidth: signaled 0 kbps, applied 0 kbps
PCEP information:
PLSP-ID 0xb, flags: D:1 S:0 R:0 A:1 O:1 C:1
LSP Role: Single LSP
State-sync PCE: None
PCC: 22.22.22.22
LSP is subdelegated to: None
Reported path:
Metric type: Hopcount, Accumulated Metric 5
SID[0]: Node, Label 16001, Address 1.1.1.1
SID[1]: Adj, Label 200127, Address: local 10.1.3.1 remote 10.1.3.3
SID[2]: Adj, Label 100318, Address: local 10.3.5.3 remote 10.3.5.5
SID[3]: Adj, Label 100518, Address: local 10.5.6.5 remote 10.5.6.6
SID[4]: Node, Label 16032, Address 32.32.32.32
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 297 out of 326
Computed path: (Local PCE)
Computed Time: Sat Jul 03 14:53:02 UTC 2021 (00:19:46 ago)
Metric type: Hopcount, Accumulated Metric 5
SID[0]: Node, Label 16001, Address 1.1.1.1
SID[1]: Adj, Label 200127, Address: local 10.1.3.1 remote 10.1.3.3
SID[2]: Adj, Label 100318, Address: local 10.3.5.3 remote 10.3.5.5
SID[3]: Adj, Label 100518, Address: local 10.5.6.5 remote 10.5.6.6
SID[4]: Node, Label 16032, Address 32.32.32.32
Recorded path:
None
Disjoint Group Information:
None

Tunnel Name: P2_A1-XR22_C666

Color: 666
Interface Name: srte_c_666_ep_32.32.32.32
LSPs:
LSP[0]:
source 22.22.22.22, destination 32.32.32.32, tunnel ID 11, LSP ID 3
State: Admin up, Operation up
Setup type: Segment Routing
Binding SID: 202216
Maximum SID Depth: 10
Absolute Metric Margin: 0
Relative Metric Margin: 0%
Preference: 200
Bandwidth: signaled 0 kbps, applied 0 kbps
PCEP information:
PLSP-ID 0xc, flags: D:1 S:0 R:0 A:1 O:1 C:1
LSP Role: Single LSP
State-sync PCE: None
PCC: 22.22.22.22
LSP is subdelegated to: None
Reported path:
Metric type: IGP, Accumulated Metric 7
SID[0]: Node, Label 16011, Address 11.11.11.11
SID[1]: Node, Label 16016, Address 16.16.16.16
SID[2]: Node, Label 16032, Address 32.32.32.32
Computed path: (Local PCE)
Computed Time: Sat Jul 03 14:53:02 UTC 2021 (00:19:46 ago)
Metric type: IGP, Accumulated Metric 7
SID[0]: Node, Label 16011, Address 11.11.11.11
SID[1]: Node, Label 16016, Address 16.16.16.16
SID[2]: Node, Label 16032, Address 32.32.32.32
Recorded path:
None
Disjoint Group Information:
None
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 298 out of 326
▪ Verify RED path from CE-XR52 to CE-XR42

RP/0/0/CPU0:CE-XR52#traceroute 42.42.42.42 source lo0

Type escape sequence to abort.

Tracing the route to 42.42.42.42

1 50.32.52.32 9 msec 0 msec 0 msec

Note: RED traffic takes the expected path with explicit metric type and SID-list.

▪ Verify BLUE path from CE-XR42 to CE-XR52 (52.52.52.52)

RP/0/0/CPU0:CE-XR42#traceroute 52.52.52.52 source lo0 numeric

Type escape sequence to abort.

Tracing the route to 52.52.52.52

1 40.22.42.22 0 msec 0 msec 0 msec

Note: BLUE traffic takes the shortest path using IGP metric type.

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:CE-XR42#traceroute 152.152.152.152 source lo0 numeric

Type escape sequence to abort.

Tracing the route to 152.152.152.152

1 40.22.42.22 9 msec 0 msec 0 msec

Note: GREEN traffic takes the shortest path using hopcount metric type.

Conclusion

SDN PCE-initiated deployment model is a solution to minimize the number of network

touch points. This SDN approach becomes particulary interesting when used in
combination with network automation driven by a network orchestrating application such
as NSO. This is the reason why, in chapter X we will configure NSO to request SR-PCE to
create SRTE policies for the underlay transport.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : L3VPN steering with disjoint path

Configure L3VPN steering as follows :

▪ Refer to the figure to achieve this task.
▪ Remove previous SRTE configured done on SR-PCE
▪ On A1-XR22 configure SRTE with below parameters :
o color 666 (BLUE) to reach customer 52.52.52.52/32
Use “IGP” as metric type
o color 152 (GREEN) to reach customer 152.152.152.152/32
Use “IGP” as metric type
▪ On A2-XR32 configure SRTE with below parameters :
o SID-list that match the RED path
o Maximum-SID (MSD) depth is 9
o SRTE policy name is “SRTE_To_A1-XR22”
o Binding-SID value of 50000
o Color 777 to reach tailend A1-XR22
o Candidate-path with a preference of 200 and associate the SID-list
Speficy the SID-list to the explicit path
▪ Verify the BLUE and GREEN path
▪ Ensure BLUE and GREEN paths transit via different nodes and different links (but may
not be SRLG disjoint)

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Configure SRTE policy on A2-XR32

A2-XR32:
!
segment-routing
global-block 16000 23999
traffic-eng
segment-list SIDLIST_To_A1-XR22
index 1 mpls label 16033
index 2 mpls label 16031
index 3 mpls label 16006
index 4 mpls label 16004
index 5 mpls label 16005
index 6 mpls label 100517
index 7 mpls label 16002
index 8 mpls label 16001
index 9 mpls label 16021
index 10 mpls label 16022
!
maximum-sid-depth 9
policy SRTE_To_A1-XR22
binding-sid mpls 50000
color 777 end-point ipv4 22.22.22.22
candidate-paths
preference 200
explicit segment-list SIDLIST_To_A2-XR22

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22:
!
segment-routing
traffic-eng
policy P1_A1-XR22_C152
color 152 end-point ipv4 32.32.32.32
candidate-paths
preference 100
dynamic
pcep
!
metric
type igp
!
policy P2_A1-XR22_C666
color 666 end-point ipv4 32.32.32.32
candidate-paths
preference 100
dynamic
pcep
!
metric
type igp
!
pcc
source-address ipv4 22.22.22.22
pce address ipv4 10.10.10.10

Converged SDN Transport for CCIE Service Provider v5 | v202104

CE-XR42:
!
RP/0/0/CPU0:CE-XR42#tra 52.52.52.52 source lo0

Type escape sequence to abort.

Tracing the route to 52.52.52.52

1 40.22.42.22 9 msec 0 msec 0 msec

2 20.22.23.23 [MPLS: Labels 16011/16016/16032/303207 Exp 0] 29 msec
20.1.22.1 29 msec
20.21.22.21 29 msec
3 20.1.11.11 [MPLS: Labels 16016/16032/303207 Exp 0] 19 msec
20.11.23.11 29 msec
20.1.11.11 29 msec
4 10.11.12.12 [MPLS: Labels 16016/16032/303207 Exp 0] 39 msec 29 msec 29 msec
5 10.12.14.14 [MPLS: Labels 16016/16032/303207 Exp 0] 29 msec 39 msec 29 msec
6 10.14.16.16 [MPLS: Labels 16032/303207 Exp 0] 29 msec 29 msec 19 msec
7 30.16.31.31 [MPLS: Labels 16032/303207 Exp 0] 29 msec 29 msec 49 msec
8 30.31.32.32 [MPLS: Label 303207 Exp 0] 29 msec 29 msec 29 msec
9 50.32.52.52 29 msec * 29 msec

RP/0/0/CPU0:CE-XR42#tra 152.152.152.152 source lo0 num

Type escape sequence to abort.

Tracing the route to 152.152.152.152

1 40.22.42.22 0 msec 0 msec 0 msec

2 20.22.23.23 [MPLS: Labels 16011/16016/16032/303208 Exp 0] 39 msec
20.21.22.21 29 msec
20.22.23.23 29 msec
3 20.11.21.11 [MPLS: Labels 16016/16032/303208 Exp 0] 29 msec
20.11.23.11 29 msec
20.1.11.11 29 msec
4 10.11.12.12 [MPLS: Labels 16016/16032/303208 Exp 0] 29 msec 29 msec 29 msec
5 10.12.14.14 [MPLS: Labels 16016/16032/303208 Exp 0] 19 msec 29 msec 29 msec
6 10.14.16.16 [MPLS: Labels 16032/303208 Exp 0] 29 msec 39 msec 29 msec
7 30.16.31.31 [MPLS: Labels 16032/303208 Exp 0] 29 msec 39 msec 39 msec
8 30.31.32.32 [MPLS: Label 303208 Exp 0] 29 msec 39 msec 29 msec
9 50.32.52.52 39 msec * 29 msec

Note: Both BLUE and GREEN traffic is using exactly the same path to reach BLUE and
GREEN customer networks.

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-XR22:
!
segment-routing
traffic-eng
policy P1_A1-XR22_C152
candidate-paths
preference 100
constraints
disjoint-path group-id 1 type node
!
policy P2_A1-XR22_C666
candidate-paths
preference 100
constraints
disjoint-path group-id 1 type node

Converged SDN Transport for CCIE Service Provider v5 | v202104

▪ Verify path disjointness on SR-PCE

RP/0/0/CPU0:C-XR10#show pce association group-id 1

PCE's association database:

----------------------
Association: Type Node-Disjoint, Group 1, Not Strict
Associated LSPs:
LSP[0]:
PCC 22.22.22.22, tunnel name cfg_P2_A1-XR22_C666_discr_100, PLSP ID 14, tunnel ID 13,
LSP ID 5, Configured on PCC
LSP[1]:
PCC 22.22.22.22, tunnel name cfg_P1_A1-XR22_C152_discr_100, PLSP ID 13, tunnel ID 12,
LSP ID 5, Configured on PCC
Status: Satisfied

RP/0/0/CPU0:C-XR10#show pce lsp pcc ipv4 22.22.22.22 name cfg_P1_A1-

XR22_C152_discr_100 detail

PCE's tunnel database:

----------------------
PCC 22.22.22.22:

Tunnel Name: cfg_P1_A1-XR22_C152_discr_100

Color: 152
Interface Name: srte_c_152_ep_32.32.32.32
LSPs:
LSP[0]:
source 22.22.22.22, destination 32.32.32.32, tunnel ID 12, LSP ID 5
State: Admin up, Operation up
Setup type: Segment Routing
Binding SID: 202212
Maximum SID Depth: 10
Absolute Metric Margin: 0
Relative Metric Margin: 0%
Preference: 100
Bandwidth: signaled 0 kbps, applied 0 kbps
PCEP information:
PLSP-ID 0xd, flags: D:1 S:0 R:0 A:1 O:1 C:0
LSP Role: Exclude LSP
State-sync PCE: None
PCC: 22.22.22.22
LSP is subdelegated to: None
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 306 out of 326
Reported path:
Metric type: IGP, Accumulated Metric 7
SID[0]: Node, Label 16023, Address 23.23.23.23
SID[1]: Node, Label 16011, Address 11.11.11.11
SID[2]: Node, Label 16016, Address 16.16.16.16
SID[3]: Node, Label 16033, Address 33.33.33.33
SID[4]: Node, Label 16032, Address 32.32.32.32
Computed path: (Local PCE)
Computed Time: Sun Jul 04 09:23:03 UTC 2021 (00:14:07 ago)
Metric type: IGP, Accumulated Metric 7
SID[0]: Node, Label 16023, Address 23.23.23.23
SID[1]: Node, Label 16011, Address 11.11.11.11
SID[2]: Node, Label 16016, Address 16.16.16.16
SID[3]: Node, Label 16033, Address 33.33.33.33
SID[4]: Node, Label 16032, Address 32.32.32.32
Recorded path:
None
Disjoint Group Information:
Type Node-Disjoint, Group 1

RP/0/0/CPU0:C-XR10#show pce lsp pcc ipv4 22.22.22.22 name cfg_P2_A1-

XR22_C666_discr_100 detail

PCE's tunnel database:

----------------------
PCC 22.22.22.22:

Tunnel Name: cfg_P2_A1-XR22_C666_discr_100

Color: 666
Interface Name: srte_c_666_ep_32.32.32.32
LSPs:
LSP[0]:
source 22.22.22.22, destination 32.32.32.32, tunnel ID 13, LSP ID 5
State: Admin up, Operation up
Setup type: Segment Routing
Binding SID: 202214
Maximum SID Depth: 10
Absolute Metric Margin: 0
Relative Metric Margin: 0%
Preference: 100
Bandwidth: signaled 0 kbps, applied 0 kbps
PCEP information:
PLSP-ID 0xe, flags: D:1 S:0 R:0 A:1 O:1 C:0
LSP Role: Disjoint LSP
State-sync PCE: None
PCC: 22.22.22.22
LSP is subdelegated to: None
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 307 out of 326
Reported path:
Metric type: IGP, Accumulated Metric 152
SID[0]: Node, Label 16001, Address 1.1.1.1
SID[1]: Adj, Label 200125, Address: local 10.1.2.1 remote 10.1.2.2
SID[2]: Adj, Label 100216, Address: local 10.2.4.2 remote 10.2.4.4
SID[3]: Adj, Label 100416, Address: local 10.4.6.4 remote 10.4.6.6
SID[4]: Node, Label 16032, Address 32.32.32.32
Computed path: (Local PCE)
Computed Time: Sun Jul 04 09:23:03 UTC 2021 (00:16:16 ago)
Metric type: IGP, Accumulated Metric 152
SID[0]: Node, Label 16001, Address 1.1.1.1
SID[1]: Adj, Label 200125, Address: local 10.1.2.1 remote 10.1.2.2
SID[2]: Adj, Label 100216, Address: local 10.2.4.2 remote 10.2.4.4
SID[3]: Adj, Label 100416, Address: local 10.4.6.4 remote 10.4.6.6
SID[4]: Node, Label 16032, Address 32.32.32.32
Recorded path:
None
Disjoint Group Information:
Type Node-Disjoint, Group 1

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:CE-XR42#tra 52.52.52.52 source lo0

Type escape sequence to abort.

Tracing the route to 52.52.52.52

1 40.22.42.22 9 msec 0 msec 0 msec

2 20.1.22.1 [MPLS: Labels 200125/100216/100416/16032/303207 Exp 0] 29 msec 29 msec 29
msec
3 10.1.2.2 [MPLS: Labels 100216/100416/16032/303207 Exp 0] 29 msec 39 msec 39 msec
4 10.2.4.4 [MPLS: Labels 100416/16032/303207 Exp 0] 39 msec 29 msec 29 msec
5 10.4.6.6 [MPLS: Labels 16032/303207 Exp 0] 29 msec 29 msec 29 msec
6 30.6.32.32 [MPLS: Label 303207 Exp 0] 39 msec 49 msec 39 msec
7 50.32.52.52 29 msec * 29 msec

▪ Verify CE-to-CE connectivity for GREEN path

RP/0/0/CPU0:CE-XR42#tra 152.152.152.152 source lo0 num

Type escape sequence to abort.

Tracing the route to 152.152.152.152

1 40.22.42.22 9 msec 0 msec 0 msec

2 20.22.23.23 [MPLS: Labels 16011/16016/16033/16032/303208 Exp 0] 29 msec 29 msec 29
msec
3 20.11.23.11 [MPLS: Labels 16016/16033/16032/303208 Exp 0] 39 msec 29 msec 39 msec
4 10.11.12.12 [MPLS: Labels 16016/16033/16032/303208 Exp 0] 29 msec 29 msec 29 msec
5 10.12.14.14 [MPLS: Labels 16016/16033/16032/303208 Exp 0] 19 msec 29 msec 49 msec
6 10.14.16.16 [MPLS: Labels 16033/16032/303208 Exp 0] 29 msec 29 msec 29 msec
7 30.16.33.33 [MPLS: Labels 16032/303208 Exp 0] 39 msec 39 msec 29 msec
8 30.32.33.32 [MPLS: Label 303208 Exp 0] 39 msec 69 msec 59 msec
9 50.32.52.52 29 msec * 39 msec

Note: The 2 node-disjoint paths configured between the same pair of nodes do not share
any network resources.

Converged SDN Transport for CCIE Service Provider v5 | v202104

Task 2.1. SRTE with BGP AS

Figure : L3VPN steering with explicit-path

Deploy L3VPN service auto-steering into SRTE :

▪ On A1-R23 configure BGP coloring and SRTE ODN with below parameters:
o Color 43.43.43.43/32 route with BGP community 43
o Use PCE to calculate a dynamic path based on IGP metric
o Allocate 50 Mb of bandwidth
o SRTE policy also be used for upcoming L2VPN task
▪ On A2-R33 configure BGP coloring and SRTE ODN with below parameters:
o Color 53.53.53.53/32 route with BGP community 53
o Use PCE to calculate a dynamic path based on IGP metric
o Allocate 50 Mb of bandwidth
o SRTE policy will also be used for upcoming L2VPN task
▪ Ensure BGP VPNv4 peers are sending standard & extended communities
▪ Once completed, ensure L3VPN service is operational

*BGP AS stands for BGP Automated Steering

Converged SDN Transport for CCIE Service Provider v5 | v202104

Figure : SRTE Dynamic (BLUE) and Explicit (RED)

Configuration

▪ BGP VPNv4 peers are sending standard & extended communities

C-R110:
!
ip bgp new-format
!
router bgp 100
address-family vpnv4
neighbor iBGP send-community both

A1-R23, A2-R33:
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 311 out of 326
!
ip bgp new-format
!
router bgp 100
address-family vpnv4
neighbor 110.110.110.110 send-community both

▪ Color prefix with BGP community and advertise it via VPNv4

A1-R23:
!
route-map COLOR_43_RMAP permit 10
match ip address WEST_TRAFFIC
set community 43
!
router bgp 100
address-family vpnv4
neighbor 110.110.110.110 route-map COLOR_43_RMAP out

A1-R33:
!
route-map COLOR_53_RMAP permit 10
match ip address EAST_TRAFFIC
set community 53
!
router bgp 100
address-family vpnv4
neighbor 110.110.110.110 route-map COLOR_53_RMAP out

▪ SRTE ODN policies

A1-R23:
!
! SRTE ODN policy used for both L2VPN & L3VPN
mpls traffic-eng lsp attributes L2VPN-L3VPN-ODN
priority 7 7
path-selection metric igp
pce
!
ip community-list 1 permit 53
!
route-map BGP_TE_MAP permit 10

Converged SDN Transport for CCIE Service Provider v5 | v202104

© 2021 Joël François
Page 312 out of 326
match community 1
set attribute-set L2VPN-L3VPN-ODN
!
router bgp 100
address-family vpnv4
neighbor 110.110.110.110 route-map BGP_TE_MAP in

A2-R33:
!
! SRTE ODN policy used for both L2VPN & L3VPN
mpls traffic-eng lsp attributes L2VPN-L3VPN-ODN
priority 7 7
path-selection metric igp
pce
bandwidth 50000
!
ip community-list 1 permit 43
!
route-map BGP_TE_MAP permit 10
match community 1
set attribute-set L2VPN-L3VPN-ODN
!
router bgp 100
address-family vpnv4
neighbor 110.110.110.110 route-map BGP_TE_MAP in

▪ Enable auto-tunnel

A1-R23:
!
mpls traffic-eng tunnels
mpls traffic-eng auto-tunnel p2p tunnel-num min 2000 max 5000
mpls traffic-eng auto-tunnel p2p config unnumbered-interface lo0

A1-R33:
!
mpls traffic-eng tunnels
mpls traffic-eng auto-tunnel p2p tunnel-num min 2000 max 5000
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 313 out of 326
mpls traffic-eng auto-tunnel p2p config unnumbered-interface lo0

▪ Enable all Core links with SRTE

A1-R23, A2-R33:
!
int range Gi1-3
mpls traffic-eng tunnels

▪ The mpls TE tunnel policy automatically creates a directly connected route entry at
destination to PE with its associated CEF entry.

A1-R23# sh ip route 33.33.33.33

Routing entry for 33.33.33.33/32
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
directly connected, via Tunnel2001
Route metric is 0, traffic share count is 1
* directly connected, via Tunnel2000
Route metric is 0, traffic share count is 1

A1-R23#show ip cef label-table

Label Next Hop Interface
0 no route
16011 implicit-null
202318 attached Tunnel2001

▪ The tunnel is also visible in the LFIB.

A1-R23#show mpls forwarding-table label 202318 detail

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
202318 Pop Label 2001/1[TE-Bind] 0 Tu2001 point2point
MAC/Encaps=14/22, MRU=1496, Label Stack{16016 16033}, via Gi3
5254000226575254001BD1D78847 03E9000003EA1000
No output feature configured

Converged SDN Transport for CCIE Service Provider v5 | v202104

➢ Verify BGP route coloring and binding SID with the VRF prefix

A1-R23#show bgp vpnv4 unicast vrf cust-3 53.53.53.53

BGP routing table entry for 100:23:53.53.53.53/32, version 8
Paths: (1 available, best #1, table cust-3, RIB-failure(17) - next-hop mismatch)
Not advertised to any peer
Refresh Epoch 2
Local, imported path from 100:33:53.53.53.53/32 (global)
33.33.33.33 (metric 2) (via default) from 110.110.110.110 (110.110.110.110)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Community: 0:53
Extended Community: RT:100:2333 OSPF DOMAIN ID:0x0005:0x000000210200
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 315 out of 326
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:133.133.133.133:0
Originator: 33.33.33.33, Cluster list: 110.110.110.110
mpls labels in/out nolabel/303315
binding SID: 202318 (L2VPN-L3VPN-ODN)
rx pathid: 0, tx pathid: 0x0
Updated on May 21 2021 16:04:45 UTC

A2-R33#show bgp vpnv4 unicast vrf cust-3 43.43.43.43

BGP routing table entry for 100:33:43.43.43.43/32, version 8
Paths: (1 available, best #1, table cust-3, RIB-failure(17) - next-hop mismatch)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 2
Local, imported path from 100:23:43.43.43.43/32 (global)
23.23.23.23 (metric 2) (via default) from 110.110.110.110 (110.110.110.110)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Community: 0:43
Extended Community: RT:100:2333 OSPF DOMAIN ID:0x0005:0x000000170200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:123.123.123.123:0
Originator: 23.23.23.23, Cluster list: 110.110.110.110
mpls labels in/out nolabel/202316
binding SID: 303314 (L2VPN-L3VPN-ODN)
rx pathid: 0, tx pathid: 0x0
Updated on May 21 2021 16:04:45 UTC

➢ Verify that VRF prefix is forwarded via ODN auto-tunnel

A1-R23#show ip cef label-table

Label Next Hop Interface
0 no route
16011 implicit-null
202318 attached Tunnel2001

A2-R33#show ip cef label-table

Label Next Hop Interface
0 no route
16016 implicit-null
303314 attached Tunnel2001

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show mpls traffic-eng tunnels Tunnel 2001

Name: A1-R23_t2001 (Tunnel2001) Destination: 33.33.33.33 Ifhandle: 0x11 (auto-

tunnel for BGP TE)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, (SEGMENT-ROUTING) (PCE) type dynamic (Basis for Setup)
Path-option attribute: L2VPN-L3VPN-ODN

Config Parameters:
Bandwidth: 50000 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: IGP (interface)
Path Selection:
Protection: any (default)
Path-selection Tiebreaker:
Global: not set Tunnel Specific: not set Effective: min-fill (default)
Hop Limit: disabled
Cost Limit: disabled
Path-invalidation timeout: 10000 msec (default), Action: Tear
AutoRoute: disabled LockDown: disabled Loadshare: 50000 [40000] bw-based
auto-bw: disabled
Attribute-set: L2VPN-L3VPN-ODN
Fault-OAM: disabled, Wrap-Protection: disabled, Wrap-Capable: No
Active Path Option Parameters:
State: dynamic path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled

PCEP Info:
Delegation state: Working: yes Protect: no
Delegation peer: 10.10.10.10
Working Path Info:
Request status: processed
Created via PCUpd message from PCE server: 10.10.10.10
PCE metric: 5, type: IGP
Reported paths:
Tunnel Name: A1-R23_t2001
LSPs:
LSP[0]:
source 23.23.23.23, destination 33.33.33.33, tunnel ID 2001, LSP ID 12
State: Admin up, Operation active
Binding SID: 202318
Setup type: SR
Bandwidth: requested 0, used 0
LSP object:
PLSP-ID 0x807D1, flags: D:0 S:0 R:0 A:1 O:2
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 317 out of 326
Metric type: IGP, Accumulated Metric 5
ERO:
SID[0]: Node, Label 16011, NAI: 11.11.11.11
SID[1]: Node, Label 16016, NAI: 16.16.16.16
SID[2]: Node, Label 16033, NAI: 33.33.33.33
<snip>
History:
Tunnel:
Time since created: 39 days, 22 hours, 46 minutes
Time since path change: 39 days, 22 hours, 45 minutes
Number of LSP IDs (Tun_Instances) used: 12
Current LSP: [ID: 12]
Uptime: 39 days, 22 hours, 45 minutes
Tun_Instance: 12
Segment-Routing Path Info (IGP information is not used)
Segment0[Node]: 11.11.11.11, Label: 16011
Segment1[Node]: 16.16.16.16, Label: 16016
Segment2[Node]: 33.33.33.33, Label: 16033

A2-R33#show mpls traffic-eng tunnels Tunnel 2001

Name: A2-R33_t2001 (Tunnel2001) Destination: 23.23.23.23 Ifhandle: 0x11 (auto-

tunnel for BGP TE)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, (SEGMENT-ROUTING) (PCE) type dynamic (Basis for Setup)
Path-option attribute: L2VPN-L3VPN-ODN

PCEP Info:
Converged SDN Transport for CCIE Service Provider v5 | v202104
© 2021 Joël François
Page 318 out of 326
Delegation state: Working: yes Protect: no
Delegation peer: 10.10.10.10
Working Path Info:
Request status: processed
Created via PCUpd message from PCE server: 10.10.10.10
PCE metric: 5, type: IGP
Reported paths:
Tunnel Name: A2-R33_t2001
LSPs:
LSP[0]:
source 33.33.33.33, destination 23.23.23.23, tunnel ID 2001, LSP ID 24
State: Admin up, Operation active
Binding SID: 303314
Setup type: SR
Bandwidth: requested 0, used 0
LSP object:
PLSP-ID 0x807D1, flags: D:0 S:0 R:0 A:1 O:2
Metric type: IGP, Accumulated Metric 5
ERO:
SID[0]: Node, Label 16016, NAI: 16.16.16.16
SID[1]: Node, Label 16011, NAI: 11.11.11.11
SID[2]: Node, Label 16023, NAI: 23.23.23.23
<snip>
Tun_Instance: 24
Segment-Routing Path Info (IGP information is not used)
Segment0[Node]: 16.16.16.16, Label: 16016
Segment1[Node]: 11.11.11.11, Label: 16011
Segment2[Node]: 23.23.23.23, Label: 16023

➢ Verify ODN LSP status information on the PCE server

RP/0/0/CPU0:C-XR10#sh pce lsp name A1-R23_t2001

PCE's tunnel database:

----------------------
PCC 23.23.23.23:

Tunnel Name: A1-R23_t2001

LSPs:
LSP[0]:
source 23.23.23.23, destination 33.33.33.33, tunnel ID 2001, LSP ID 12
State: Admin up, Operation active
Setup type: Segment Routing
Binding SID: 202318

Converged SDN Transport for CCIE Service Provider v5 | v202104

RP/0/0/CPU0:C-XR10#sh pce lsp name A2-R33_t2001

PCE's tunnel database:

----------------------
PCC 33.33.33.33:

Tunnel Name: A2-R33_t2001

LSPs:
LSP[0]:
source 33.33.33.33, destination 23.23.23.23, tunnel ID 2001, LSP ID 24
State: Admin up, Operation active
Setup type: Segment Routing
Binding SID: 303314
Maximum SID Depth: 13
Absolute Metric Margin: 0
Relative Metric Margin: 0%

➢ End-to-end path (CE to CE) is taking the expected path

RP/0/0/CPU0:CE-XR43#tra 53.53.53.53 source lo0 num

Type escape sequence to abort.

Tracing the route to 53.53.53.53

1 40.23.43.23 9 msec 0 msec 0 msec

2 20.11.23.11 [MPLS: Labels 16016/16033/303315 Exp 0] 19 msec 19 msec 19 msec
3 10.11.12.12 [MPLS: Labels 16016/16033/303315 Exp 0] 19 msec 19 msec 19 msec
4 10.12.14.14 [MPLS: Labels 16016/16033/303315 Exp 0] 9 msec 19 msec 19 msec
5 10.14.16.16 [MPLS: Labels 16033/303315 Exp 0] 29 msec 19 msec 19 msec
6 50.33.53.33 [MPLS: Label 303315 Exp 0] 29 msec 19 msec 9 msec
7 50.33.53.53 19 msec * 19 msec

Converged SDN Transport for CCIE Service Provider v5 | v202104

A1-R23#show mpls forwarding-table label 202318 detail

Task 3. Anycast SID

Figure : Anycast SID

Implement Anycast SID as follows:

▪ Refer to the figure to achieve this task.
▪ Configure C-XR1 and C-XR11 with below parameter:
o Reconfigure Loopback0 as Anycast SID with index 111
▪ Configure C-XR6 and C-XR16 with below parameter:
o Reconfigure Loopback0 as Anycast SID with index 166

Converged SDN Transport for CCIE Service Provider v5 | v202104

Access domains are connected to Core domain using two borders routers
which are inline RR and get the same Anycast SID and the same IP address
for high availability any may use load-balancing.

▪ Anycast SID setup

C-XR1, C-XR11:
!
int lo111
ip address 111.111.111.111/32
!
router ospf 10
area 0
interface lo111
passive enable
prefix-sid index 111

C-XR6, C-XR16:
!
int lo166
ip address 166.166.166.166/32
!
router ospf 20
area 0
interface lo166

Converged SDN Transport for CCIE Service Provider v5 | v202104

Chapter 9:
Lab 5 - Network Slicing

Objective

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Target topology

Converged SDN Transport for CCIE Service Provider v5 | v202104

Brkccie 3000
100% (1)
Brkccie 3000
93 pages
BIG IP Traffic
100% (1)
BIG IP Traffic
328 pages
Configuring Inter-AS VPN Option C in Multivendor Environment
No ratings yet
Configuring Inter-AS VPN Option C in Multivendor Environment
27 pages
NSE7_SDW-7.2 Free Updated Dumps - Fortinet NSE 7 - SD-WAN 7.2
No ratings yet
NSE7_SDW-7.2 Free Updated Dumps - Fortinet NSE 7 - SD-WAN 7.2
7 pages
Mpls-Te FRR
No ratings yet
Mpls-Te FRR
124 pages
Segment Routing
No ratings yet
Segment Routing
1,475 pages
DNA Center 1.2.10 - Automation Lab
No ratings yet
DNA Center 1.2.10 - Automation Lab
86 pages
Cisco SRE - SDA - BrownfieldMigration - LAB GUIDE - 6.0.
No ratings yet
Cisco SRE - SDA - BrownfieldMigration - LAB GUIDE - 6.0.
237 pages
6 Use Cisco DNA Center For Controller and AP Auto Install
No ratings yet
6 Use Cisco DNA Center For Controller and AP Auto Install
18 pages
Tecent 3377 Deep Dive
No ratings yet
Tecent 3377 Deep Dive
194 pages
Vxlan Migration
100% (1)
Vxlan Migration
119 pages
MPLS Tutorial Slides
100% (1)
MPLS Tutorial Slides
397 pages
BRKENT-2004 - MVPN Profile14
100% (1)
BRKENT-2004 - MVPN Profile14
43 pages
Forcetv Iptv
100% (1)
Forcetv Iptv
81 pages
VXLAN by Anand Nande
100% (1)
VXLAN by Anand Nande
27 pages
04-Cisco IOS-XR Overview PDF
100% (1)
04-Cisco IOS-XR Overview PDF
90 pages
MPLS VPN Extranet Route Leaking
No ratings yet
MPLS VPN Extranet Route Leaking
11 pages
WB QQ I
No ratings yet
WB QQ I
184 pages
Manual Label Unified Utility-II English Rev 1 10
No ratings yet
Manual Label Unified Utility-II English Rev 1 10
20 pages
Lab Guide: Advanced Network Automation Solutions Using Cisco Ios Eem
No ratings yet
Lab Guide: Advanced Network Automation Solutions Using Cisco Ios Eem
30 pages
Juniper l2 Mpls VPN
No ratings yet
Juniper l2 Mpls VPN
37 pages
Huawei S5700-28p-Li-Ac Datasheet
100% (1)
Huawei S5700-28p-Li-Ac Datasheet
9 pages
BCMSN30SG Vol.2 PDF
No ratings yet
BCMSN30SG Vol.2 PDF
394 pages
350-601 Dccor
No ratings yet
350-601 Dccor
80 pages
ProCash NDC V1400 ProConsult NDC V1200 UserGuide en
100% (1)
ProCash NDC V1400 ProConsult NDC V1200 UserGuide en
398 pages
OpenSM UM 0 3
No ratings yet
OpenSM UM 0 3
26 pages
BRKCRS 2502
No ratings yet
BRKCRS 2502
153 pages
Lecture Notes Cpt 2025
No ratings yet
Lecture Notes Cpt 2025
22 pages
Nexus Aci Practice
No ratings yet
Nexus Aci Practice
7 pages
Cisco ACI For Enterprise: Phil Casini
No ratings yet
Cisco ACI For Enterprise: Phil Casini
51 pages
DGTL Brkaci 2934
No ratings yet
DGTL Brkaci 2934
107 pages
Latest Lead4pass 70-534 Exam Questions Free Update
No ratings yet
Latest Lead4pass 70-534 Exam Questions Free Update
7 pages
Brkaci 2608
No ratings yet
Brkaci 2608
95 pages
Cisco Sdwan
No ratings yet
Cisco Sdwan
162 pages
ACI Hardware Component - LEARN WORK IT
No ratings yet
ACI Hardware Component - LEARN WORK IT
13 pages
CCDE Training Outline
No ratings yet
CCDE Training Outline
14 pages
SIM 7.0 Lab Guide 1.01 20150609
No ratings yet
SIM 7.0 Lab Guide 1.01 20150609
96 pages
N9K-Architecture(include FX3) 2025
No ratings yet
N9K-Architecture(include FX3) 2025
103 pages
CCIE SPv4 Topology Diagrams
No ratings yet
CCIE SPv4 Topology Diagrams
17 pages
Advanced VPC Operation and Troubleshooting - BRKCRS-3146 PDF
No ratings yet
Advanced VPC Operation and Troubleshooting - BRKCRS-3146 PDF
71 pages
Notes Unit 1
No ratings yet
Notes Unit 1
131 pages
2 Mpls and RSVP: 2.1 in This Chapter
No ratings yet
2 Mpls and RSVP: 2.1 in This Chapter
197 pages
BRKMPL 2333
No ratings yet
BRKMPL 2333
102 pages
Kaci 3545
No ratings yet
Kaci 3545
109 pages
ACI Multi-Site Deployment
No ratings yet
ACI Multi-Site Deployment
73 pages
SECURE10LG
No ratings yet
SECURE10LG
150 pages
BRKRST 3045
No ratings yet
BRKRST 3045
108 pages
Atomic - Dave GCspecs7
No ratings yet
Atomic - Dave GCspecs7
1 page
CBLM Module Hardware
No ratings yet
CBLM Module Hardware
20 pages
Michael David - Non-Programmer's Tutorial For Python - A Complete Guide in Learning Python For Dummies - Libgen - Li
No ratings yet
Michael David - Non-Programmer's Tutorial For Python - A Complete Guide in Learning Python For Dummies - Libgen - Li
113 pages
Cisco ACI Multi-Site and Service Node Integration
No ratings yet
Cisco ACI Multi-Site and Service Node Integration
74 pages
Cisco SD-WAN Application Aware Routing Lab
No ratings yet
Cisco SD-WAN Application Aware Routing Lab
64 pages
MS-98E3
No ratings yet
MS-98E3
1 page
Segment Routing - Interdomain Traffic Engineering Using SR PCE With Lab Demo
No ratings yet
Segment Routing - Interdomain Traffic Engineering Using SR PCE With Lab Demo
49 pages
invoice7267034
No ratings yet
invoice7267034
1 page
Javelin3/Javelin3Pro PDF Readers: Secure PDF Reader Program For The Drumlin Digital Rights Management (DRM) Service
No ratings yet
Javelin3/Javelin3Pro PDF Readers: Secure PDF Reader Program For The Drumlin Digital Rights Management (DRM) Service
27 pages
Cisco DNA Starter Kit
No ratings yet
Cisco DNA Starter Kit
14 pages
Cisco SD-Access
No ratings yet
Cisco SD-Access
8 pages
DEVNET (Etech) - N. RUSSO (2021)
No ratings yet
DEVNET (Etech) - N. RUSSO (2021)
259 pages
WBCCIESecV6
No ratings yet
WBCCIESecV6
286 pages
UCSD P-System II.O Installation Guide
No ratings yet
UCSD P-System II.O Installation Guide
27 pages
BRKMPL 2333
No ratings yet
BRKMPL 2333
98 pages
Of Course
No ratings yet
Of Course
2 pages
Data Report: ID: Alarm
No ratings yet
Data Report: ID: Alarm
2 pages
BRKMPL 2115
No ratings yet
BRKMPL 2115
93 pages
Viptela Control Plane Setup PDF
No ratings yet
Viptela Control Plane Setup PDF
29 pages
Administrator Authentication and RBAC
No ratings yet
Administrator Authentication and RBAC
37 pages
ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul
No ratings yet
ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul
250 pages
How To Install Openshift On A Laptop or Desktop
100% (1)
How To Install Openshift On A Laptop or Desktop
7 pages
IPE DC Lab
No ratings yet
IPE DC Lab
251 pages
Topic 5: 8086 Assembly Language Programming (24 Marks)
No ratings yet
Topic 5: 8086 Assembly Language Programming (24 Marks)
38 pages
Versa Training Lab Guide: Groups 1 - 2
No ratings yet
Versa Training Lab Guide: Groups 1 - 2
20 pages
Cisco - I AS MPLS PDF
No ratings yet
Cisco - I AS MPLS PDF
70 pages
Secugen RD Service Help File For HU20HU20AHU20AP
No ratings yet
Secugen RD Service Help File For HU20HU20AHU20AP
5 pages
ZSM, A CP/M Z80 Assembler.
No ratings yet
ZSM, A CP/M Z80 Assembler.
15 pages
Cisco Catalyst QoS Simplified Presentation
No ratings yet
Cisco Catalyst QoS Simplified Presentation
58 pages
Lab2 Question Final
No ratings yet
Lab2 Question Final
36 pages
NetNumen U31 R06. Backup and Recovery Guide
No ratings yet
NetNumen U31 R06. Backup and Recovery Guide
49 pages
Cisco - VPC Concepts
No ratings yet
Cisco - VPC Concepts
90 pages
Dspic33 Controllers With Mplab C30 Compiler: Simon Re Rucha (Res@Isibrno - CZ)
No ratings yet
Dspic33 Controllers With Mplab C30 Compiler: Simon Re Rucha (Res@Isibrno - CZ)
60 pages
Nexus VPC and OTV
No ratings yet
Nexus VPC and OTV
22 pages
Ferret Installation Example
No ratings yet
Ferret Installation Example
9 pages
EVPN
No ratings yet
EVPN
56 pages
Implementing Cisco NX-OS Switches and Fabrics in The Data Center (DCNX) v1.0
No ratings yet
Implementing Cisco NX-OS Switches and Fabrics in The Data Center (DCNX) v1.0
3 pages
Short User's Manual
No ratings yet
Short User's Manual
5 pages
Installing DotProject On Linux
No ratings yet
Installing DotProject On Linux
12 pages
Crypta - Quick Start Guide
100% (1)
Crypta - Quick Start Guide
4 pages
21do It Yourself Data Recovery
No ratings yet
21do It Yourself Data Recovery
8 pages
Ultimate VMware NSX for Professionals
From Everand
Ultimate VMware NSX for Professionals
Vinay Aggarwal
No ratings yet
CCIE Security The Ultimate Step-By-Step Guide
From Everand
CCIE Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet