Segment Routing

Foreword


Segment Routing (SR) is designed to forward data packets on a
network using the source routing model.

This document describes the source routing model of SR, segment
definition, differences between SR-MPLS and SRv6, and scenario-
specific SR-MPLS applications for Huawei NetEngine series routers.

3 Huawei Confidential
 Objectives


Upon completion of this course, you will be able to:

Describe the background of SR.

Describe the technical advantages of SR.

Describe the basic concepts involved in SR.

Describe the forwarding fundamentals of SR.

Master basic SR-MPLS configurations.

4 Huawei Confidential
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing

5 Huawei Confidential
Problems in MPLS LDP and RSVP-TE
MPLS LDP RSVP-TE

VP R
RS o n s res SVP
p po
P IG res e e
ns
IG P
R R
LD
L DP 2 P 2 R
VP req SVP
R R RS e s t ue
u
1 1 req st
LD
P P R R
R LD R
IG P 3 3
P 4 4
IG

• LDP itself does not have the path computation capability and
requires an IGP for path computation.
• Both the IGP and LDP need to be deployed for the control
plane, and devices need to exchange a large number of
packets to maintain neighbor relationships and path states,
wasting link bandwidth and device resources.
• If LDP-IGP synchronization is not achieved, data forwarding
may fail.
• RSVP-TE configuration is complex and load balancing is not
supported.
• To implement TE, devices need to exchange a large number
of RSVP packets to maintain neighbor relationships and path
states, wasting link bandwidth and device resources.
• RSVP-TE uses a distributed architecture, so that each device
only knows its own state and needs to exchange signaling
packets with other devices.

6 Huawei Confidential
Service-Driven Network: Services Define the Network
Architecture

The development of 5G and cloud services has changed the attributes and scope of network connections.
More requirements are raised on connections, such as requiring better SLA guarantee, deterministic
latency, or more information to be carried in packets.

In this situation, the model that requires networks to adapt to services cannot keep up with rapid service
development and even complicates network deployment and maintenance.

To address this issue, the service-driven network model can be used, so that the network architecture is
defined by services. Specifically, after an application raises requirements (e.g. latency, bandwidth, and
packet loss rate), a controller is used to collect information (e.g. network topology, bandwidth usage, and
latency) and compute an explicit path according to the requirements.
High bandwidth
Download
service
Low latency Service-
Video service driven
Low packet loss
Voice service rate network

7 Huawei Confidential
SR Roadmap

Simplifies protocols and extends existing
Service-defined protocols.
Controll network
er 
The extended IGP/BGP supports label distribution.
Therefore, LDP is not required on the network,
achieving protocol simplification. In addition,
devices require only software upgrades instead of
hardware replacement, protecting the investment
on the live network.
R 
The source routing mechanism is introduced.
2

The specific forwarding policy is instantiated as a
IGP/BGP label list on the ingress to control the traffic
R R forwarding path.
1 3
R 
Enables networks to be defined by services.
4

After an application raises requirements (e.g.
latency, bandwidth, and packet loss rate), a
controller is used to collect information (e.g.
8 Huawei Confidential
network topology, bandwidth usage, and latency)
SR Solution

After services raise network requirements (e.g. latency, bandwidth, and packet loss rate), a
controller computes an explicit path in a centralized manner and delivers an SR path to carry
Service
the services. Controll requireme
Explicit
er path
nt

rate
PCEP/NETCONF/
BGP High-bandwidth path

l o ss
gh th
Hi w i d

y
nc
nd

ket
ba te
la

pac
w
Lo

Low Low-latency path

Data download

Video

Voice

Low-packet-loss-rate path

9 Huawei Confidential
SR Overview

SR is designed to forward data packets on a network using the source routing model.

SR divides a network path into several segments and assigns a segment ID (SID) to each segment and
forwarding node. The segments and nodes are sequentially arranged into segment lists to form a
forwarding path.

SR encapsulates segment list information that identifies a forwarding path into the packet header for
transmission. After a node receives the packet, it parses the segment list information. If the top SID in the
segment list identifies the local node, the node removes the SID and executes the follow-up procedure.
Otherwise, the node forwards the packet to the next hop in equal cost multiple path (ECMP) mode.

SR has the following characteristics:

Extends existing protocols (e.g. IGP) to facilitate network evolution.

Supports both controller-based centralized control and forwarder-based distributed control, providing a balance
between the two control modes.

Enables networks to quickly interact with upper-layer applications through the source routing technology.

10 Huawei Confidential
SR Advantages
Simplified • SR uses a controller or IGP to uniformly compute paths and allocate labels, without the need to
control plane of use tunneling protocols such as RSVP-TE and LDP.
the MPLS • SR can be directly used in the MPLS architecture, without requiring changes to the forwarding
network plane.

Efficient TI-LFA • SR works with remote loop-free alternate (RLFA) FRR to provide efficient topology-independent
FRR protection loop-free alternate (TI-LFA) FRR.
against path • TI-LFA FRR offers node and link protection for all topologies, addressing the weakness in
failures traditional tunnel protection technologies.

• MPLS TE is a connection-oriented technology. To maintain connection states, devices need to

Enhanced exchange and process numerous keepalive packets, straining the control plane.
network • SR can control any service path by merely performing label operations for packets on the
capacity ingress. It does not require transit nodes to maintain path information, thereby freeing up the
expansion control plane. Moreover, the SR label quantity is the sum of the node quantity and local
capability adjacency quantity on the entire network, meaning that it is related only to the network scale,
rather than the tunnel quantity or service volume.
• As SR is designed based on the source routing model, the ingress controls packet forwarding
paths.
Smoother
• SR can work with the centralized path computation module to flexibly and easily control and
evolution to
adjust paths.
SDN networks
• SR supports both traditional networks and SDN networks and is compatible with existing
devices, ensuring smooth evolution to SDN networks.
11 Huawei Confidential
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing

12 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Segment


A segment represents an instruction to
be executed by a node for a received
data packet, and the instruction is
R R R
2 4 6
encapsulated in the packet header.
2
GE0/0/ 
For example:
2
1 3

Instruction 1: Forward the packet to R4
over the shortest path (ECMP supported).

Instruction 2: Forward the packet through
R 1 R
1 8 GE0/0/2 of R4.

Instruction 3: Forward the packet to R8
R R R over the shortest path.
3 5 7

13 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Segment ID


Segment IDs (SIDs) identify segments. The
SID format depends on the specific
technical implementation. For example,
40 SIDs can be MPLS labels, indexes in an
R 0R R MPLS label space, or IPv6 addresses.
2 4 2 6
GE0/0/

A segment list is an ordered list of one or
2
104 more SIDs.
1 3
6

For example:

R R

Instruction 1 (400): Forward the packet to R4
1
1 8
80 over the shortest path (ECMP supported).
0 
Instruction 2 (1046): Forward the packet
R R R through GE0/0/2 of R4.
3 5 7

Instruction 3 (800): Forward the packet to R8
over the shortest path (ECMP supported).

14 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Source Routing

40
400 R 0R R
1046 2 4 2 6
Source routing: The source node selects
800 GE0/0/
2 a forwarding path and encapsulates an
104
1
6 3 ordered segment list into a packet. After
receiving the packet, other nodes
forward it based on the segment list
R 1 R
1 8 information.
80
0
R R R
3 5 7

15 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Segment Classification

100 200 300
Loopback Loopback Loopback
1 1 1
1.1.1.1/3 2.2.2.2/3 3.3.3.3/3
2 2 2
10.1.1.0/ 10.2.2.0/
1600
24 100 100 160024
1 R R R 2
1 2
1 2 3
Category Description
Identifies the prefix of a destination address on a network.
Generation mode: manual configuration
Prefix segment Prefix segments are propagated to other devices through an IGP. They are visible to and
effective on all the devices.
Node segments are special prefix segments.
Identifies an adjacency on a network.
Generation mode: dynamic allocation by the ingress through a protocol
Adjacency segment
Adjacency segments are propagated to other devices through an IGP. They are visible
to all the devices but effective only on the local device.

Adjacency
Prefix SID Node SID Note: SIDs are identified in the same way in the following
SID
parts.

16 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Prefix Segment

Similar to the destination
address in an IP route
100 200 300
Loopback Loopback Loopback
1 1 1 Similar to the
1.1.1.1/3 2.2.2.2/3 3.3.3.3/3 destination address in
2 2 2 an IP route

10.1.1.0/ 10.2.2.0/
1600
24 1600
24
1 R R R 2
1 2 3

Prefix Segment
• Identifies the prefix of a destination address on a network. Prefix segments are propagated to other devices
through an IGP. They are visible to and effective on all the devices.

• Prefix segments are identified using prefix SIDs.

• A prefix SID is an offset value within the Segment Routing global block (SRGB) range advertised by the
advertising end. The receiving end calculates the actual label value based on its own SRGB to generate an
MPLS forwarding entry.

• Node segments are special prefix segments used to identify specific nodes.
• When an IP address is configured as a prefix for a node's loopback interface, the prefix SID of the node is the
node SID.

17 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: SRGB


Segment Routing global block (SRGB): a set of
user-specified global labels reserved for SR-

Incoming label Incoming label Incoming label MPLS.

16000+30=16 12000+30=12 20000+30=20 
Each device advertises its SRGB through an
030 030 030
extended routing protocol.
Index
SRG SRG SRG

After a node advertises the prefix SID index
30
B B B through an extended routing protocol, each
16000– 12000– 20000– Loopback
17000 13000 21000 1 device receiving the index calculates the
3.3.3.3/3
2 incoming and outgoing SIDs based on the
SRGB.

R R R

In actual deployment, it is recommended that
1 2 3 devices use the same SRGB.
12030 Swap 20030
Payloa Payloa 
Why is SRGB required?
d d

SR requires prefix SIDs to be globally valid.

In MPLS, some label space of a device may be
occupied by other protocols, such as LDP.

18 Huawei Confidential Therefore, a specific space must be specified for

global SR labels.
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: Adjacency Segment

Similar to the
100 200 outbound 300
Loopback Loopback interface Loopback
1 1 information in 1
1.1.1.1/3 2.2.2.2/3 an IP route 3.3.3.3/3
2 2 2
10.1.1.0/ 10.2.2.0/
1600
24 1600
24
1 100 100 2
R R R
1 2
1 2 3
Adjacency Segment
Identifies an adjacency on a network. Adjacency segments are propagated to other
devices through an IGP. They are visible to all the devices but effective only on the
local device.

• Adjacency segments are identified using adjacency SIDs.

• Adjacency SIDs are local SIDs that are not in the SRGB range.

19 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Intra-AS Propagation of Node SIDs and Adjacency SIDs


SR-MPLS uses an IGP to advertise topology, prefix, SRGB, and label information. This is
achieved by extending the TLVs of protocol packets for the IGP.

100 200 300

Loopback Loopback Loopback
1 1 1
1.1.1.1/3 2.2.2.2/3 3.3.3.3/3
2 2 2
10.1.1.0/ 10.2.2.0/
1600
24 1600
24
1 100 100 2
R R R
1 2
1 2 3

Extended IGP Extended IGP

(e.g. IS-IS/OSPF) (e.g. IS-IS/OSPF)

20 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

OSPF for SR-MPLS

Name Function Carried In
Advertises the algorithm that is
SR-Algorithm TLV Type 10 Opaque LSA
used.
Advertises the SR-MPLS SID or MPLS
SID/Label Range TLV Type 10 Opaque LSA
label range.
Advertises the priority of an NE
SRMS Preference TLV functioning as an SR mapping Type 10 Opaque LSA
server.
SID/Label Range TLV

Advertises SR-MPLS SIDs or MPLS OSPFv2 Extended Prefix TLV and OSPF Extended Prefix
SID/Label Sub-TLV Range TLV in OSPFv2 Extended Prefix Opaque LSA
labels.
OSPFv2 Extended Link TLV in OSPFv2 Extended Link
Opaque LSA
OSPFv2 Extended Prefix TLV and OSPF Extended Prefix
Prefix SID Sub-TLV Advertises SR-MPLS prefix SIDs.
Range TLV in OSPFv2 Extended Prefix Opaque LSA
Advertises SR-MPLS adjacency SIDs OSPFv2 Extended Link TLV in OSPFv2 Extended Link
Adj-SID Sub-TLV
on a P2P network. Opaque LSA
Advertises SR-MPLS adjacency SIDs OSPFv2 Extended Link TLV in OSPFv2 Extended Link
LAN Adj-SID Sub-TLV
on a LAN. Opaque LSA

21 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

IS-IS for SR-MPLS

Name Function Carried In
IS-IS Extended IPv4 Reachability TLV-135
IS-IS Multitopology IPv4 Reachability TLV-235
Prefix-SID Sub-TLV Advertises SR-MPLS prefix SIDs. IS-IS IPv6 IP Reachability TLV-236
IS-IS Multitopology IPv6 IP Reachability TLV-237
SID/Label Binding TLV

IS-IS Extended IS reachability TLV-22

IS-IS IS Neighbor Attribute TLV-23
Advertises SR-MPLS adjacency SIDs on a P2P
Adj-SID Sub-TLV IS-IS inter-AS reachability information TLV-141
network.
IS-IS Multitopology IS TLV-222
IS-IS Multitopology IS Neighbor Attribute TLV-223

IS-IS Extended IS reachability TLV-22

IS-IS IS Neighbor Attribute TLV-23
LAN-Adj-SID Sub-TLV Advertises SR-MPLS adjacency SIDs on a LAN. IS-IS inter-AS reachability information TLV-141
IS-IS Multitopology IS TLV-222
IS-IS Multitopology IS Neighbor Attribute TLV-223

SID/Label Sub-TLV Advertises SR-MPLS SIDs or MPLS labels. SR-Capabilities Sub-TLV and SR Local Block Sub-TLV
Advertises the mapping between prefixes and
SID/Label Binding TLV IS-IS LSP
SIDs.
SR-Capabilities Sub-TLV Advertises SR-MPLS capabilities. IS-IS Router Capability TLV-242
Advertises the range of labels reserved for local
SR Local Block Sub-TLV IS-IS Router Capability TLV-242
SIDs.

22 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: SR Policy


According to RFC 8402, an SR Policy is an ordered list of segments. In addition, it
defines a framework for SR technologies used to calculate/generate/maintain the
segment list and steer traffic. Currently, SR Policy is the mainstream SR
implementation mode.

Traffic is steered into an SR Policy by the headend. The involved segment list is
accurately encapsulated as a label stack to guide traffic forwarding. It is calculated
based on a series of optimization objectives and constraints, such as latency,
affinity, and SRLG. The calculation can be performed locally or by a controller and
then applied to the network.

23 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

SR Policy Example

100 200 300

10.1.1.0/ 10.2.2.0/
1600
24 1600
24
101 100
1 R R R 2
2 2
1 2 3
100
1012
1002
1 Traffic 1600 2 Tunnel-based forwarding
2
steerin SR
g Policy
SR Policy:
• Can be generated using different modes, such as CLI, NETCONF, PCEP, and BGP
SR Policy.
• Contains segment lists to guide traffic steering and forwarding.

24 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Basic Concept: SR-MPLS and SRv6

SR-MPLS SRv6

M
LS pa PLS v6
IP
MP ket ck IP ket p a v6
ck
c et c
pa pa et
IP MP IPv6 IPv
LS R LS 6 R 6
packe MP packet IPv
t 2 2
R R
1 1
MP R IPv R
LS R LS 6 R 6
MP 3 IPv 3
2 2

• Data forwarding plane: based on MPLS
• MPLS labels are used as SIDs.
• Segment list information is encoded as a label stack. The
segment to be processed is at the stack top. Once a
segment is processed, the corresponding label is removed
from the label stack.
• Data forwarding plane: based on IPv6
• IPv6 addresses are used as SIDs.
• Segment list information is encoded as a label stack and carried
using the IPv6 Segment Routing header (SRH).

25 Huawei Confidential
 Basic
Fundamentals SR-MPLS BE SR-MPLS TE SR-MPLS Policy
Concept

Label Stack, Stitching Label, and Stitching Node

Label Stack Stitching Label and Stitching Node

1013 1024
R R 100 1045 Stitching
1032 label
1024 2 4 10 1013 1056
1046 6 4 1032 R R
102 100 2 4
4
R R 102
1 6 4
10 103 104
3 1 2
R
5 R
1 6
10 103
R R 3 1 2
5
3 5 10
R R 6
• A label stack is an ordered set of labels used to identify a
3 5
complete LSP.
• Each adjacency label in the label stack identifies an adjacency, • If the label stack depth exceeds the maximum depth supported
and the entire label stack identifies all adjacencies along the by forwarders, the controller needs to allocate multiple label
LSP. stacks to the forwarders and a special label to an appropriate
• During packet forwarding, a node searches for the node to stitch these label stacks, thereby implementing
corresponding adjacency according to each adjacency label in segment-by-segment forwarding.
the label stack, removes the label, and then forwards the • This special label is called a stitching label, and this appropriate
packet. After all the adjacency labels in the label stack are node is called a stitching node. The controller allocates a
removed, the packet traverses the entire LSP and reaches the stitching label to the stitching node and pushes it to the bottom
26
tunnel destination.
Huawei Confidential of the label stack.
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

How Are SIDs Used


Combining prefix (node) and adjacency SIDs in sequence can construct any network
path.

Every hop on a path identifies the next hop based on the top SID in the label stack.

SID information is stacked in sequence at the top of the data header.

If the top SID identifies another node, the receive node forwards the data packet to
that node in ECMP mode.

If the top SID identifies the local node, the receive node removes the top SID and
proceeds with the follow-up procedure.

In real-world applications, prefix segments and adjacency segments can be used
separately or together.

27 Huawei Confidential
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

Scenario 1: Prefix Segment-based Forwarding Path

Cost= Cost=
1 1 C
1 o st
= =
t
100
C os Path with the minimum
1 cost Loopback1
R 2.2.2.2/32
1 C Prefix
0 o st R
SID=100
= 1 2
1 t =
C os
Cost=1 Cost=1 0
0 0

A prefix segment-based forwarding path is computed by an IGP using the SPF algorithm.
1. After the prefix SID (100) of R2 is propagated using an IGP, all devices in the IGP domain learn the
SID.
2. R1 is used as an example (the implementation for other devices is similar to this). It runs SPF to
compute the shortest path to R2.
Prefix segment-based forwarding paths are not fixed, and the ingress cannot control the entire packet
forwarding path.

28 Huawei Confidential
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

Scenario 2: Adjacency Segment-based Forwarding Path

1034
1056
1078
1023
1034
1056 102
1078 3

1056 Loopback
R 103
1078 1
1 4
R 2.2.2.2/3
7 2 2
1078
10
8
105
6

An adjacency segment is allocated to each adjacency on the network, and a segment

list containing multiple adjacency segments is defined on the ingress.

This method can be used to specify any strict explicit path, facilitating SDN implementation.

29 Huawei Confidential
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

Scenario 3: Adjacency Segment+Node Segment-based

Forwarding Path
101
1034
100 Node
SID=101
101
1034 102
100 3

Loopback1
R 103 2.2.2.2/32
100
1 4 Prefix
R SID=100
100 2

Adjacency and node segments can be used together. An adjacency segment can be specified
to force a path to traverse an adjacency. The node corresponding to a node segment can run
SPF to compute the shortest path that supports ECMP.
Paths established in this mode are not strictly fixed, and therefore, they are also called loose explicit
paths.

30 Huawei Confidential
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

SR-MPLS BE
606
Packe
t

R R R SR-MPLS BE
1 2 3

• In SR-MPLS best effort (BE) mode, SIDs are used to

guide data forwarding over the shortest path.
• In this example, node SID 606 of R6 is used to
instruct data to be forwarded over the shortest
path to R6. The shortest path is computed through
a routing protocol and supports ECMP.
R • SR-MPLS BE is a new solution that replaces the
6
60 LDP+IGP solution.
R R 6
4 5
6.6.6.0/2
4
1600
2
31 Huawei Confidential
 Fundamental
Basic Concept SR-MPLS BE SR-MPLS TE SR-MPLS Policy
s

SR-MPLS TE
202
1025
606
Packe 20
t 2R
R R SR-MPLS TE
1 2 3

In SR-MPLS TE mode, multiple SIDs are combined
to guide data forwarding based on constraints,
102
thereby meeting traffic engineering
5
requirements.

Methods of combining SIDs:

Combine multiple node SIDs.

Combine multiple adjacency SIDs.
R 
Combine node and adjacency SIDs, as shown in the
6
60 figure.
R R 6
4 5
6.6.6.0/2
4
1600
2
32 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS TE SR-MPLS Policy
BE

SR-MPLS BE LSP

An SR-MPLS BE LSP is a label forwarding path established using the SR technology. It
uses a prefix or node segment to guide packet forwarding.

An SR-MPLS BE LSP is the optimal SR LSP computed by an IGP using the SPF
algorithm.

The creation and data forwarding of SR-MPLS BE LSPs are similar to those of LDP
LSPs. SR-MPLSSRGB
BE LSPs do not have tunnel SRGB
SRGB interfaces. SRGB
20000- 30000- 40000- 50000-
65535 65535 65535 65535 Loopback1
4.4.4.4/32
Prefix index 100
R R R R
1 2 3 4
Advertise Advertise Advertise
the prefix the prefix the prefix
SID and SID and SID and
Incoming label SRGB
Incoming label SRGB
Incoming label SRGB
20100 30100 40100 Incoming label
Outgoing label Outgoing label Outgoing label 50100
30100 40100 50100

33 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS TE SR-MPLS Policy
BE

SR-MPLS BE LSP Creation


LSP creation involves the following operations:

Network topology reporting (required only in controller-based LSP creation) and label allocation

Path computation

SR-MPLS BE LSPs are created primarily based on prefix labels. Specifically, the destination node runs an
IGP to advertise a prefix SID. After receiving the packet carrying the SID, forwarders parse the packet to
obtain the SID and compute label values based on their own SRGBs. Then, using the IGP-collected
topology information, each node runs the SPF algorithm to compute a label forwarding path, and delivers
the computed next hop and outgoing label (OuterLabel) information to the forwarding table to guide data
packet forwarding.SRGB SRGB SRGB SRGB
20000–65535 30000–65535 40000–65535 50000–65535
Loopback1
4.4.4.4/32
Prefix
R R R R SID=100
1 2 3 4
Advertise Advertise Advertise
the prefix the prefix the prefix
SID and SID and SID and
Incoming label SRGB
Incoming label SRGB
Incoming label SRGB
20100 30100 40100 Incoming label
Outgoing label Outgoing label Outgoing label 50100
30100 40100 50100

34 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS TE SR-MPLS Policy
BE

Data Forwarding Process


Push: When a packet enters an LSP, the ingress adds a label between the Layer 2 and IP
headers of the packet or adds a new label on top of the existing label stack.

Swap: After receiving a packet forwarded within the SR domain, a node uses the label
allocated by the next hop to replace the top label according to the label forwarding table.

Pop: When a packet leaves the SR domain, the egress searches for the outbound interface
according to the top label in the packet and then removes the top label.

SRGB SRGB SRGB SRGB

20000–65535 30000–65535 40000–65535 50000–65535
Loopback1
4.4.4.4/32
Index 100
R R R R
1 2 3 4
Pus Swa Swa Pop
h p p
30100 40100 50100
Packet Packet Packet Packet Packet

35 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Traffic Engineering

Traffic engineering (TE) is one of the most important network services. The traditionally
popular TE technology is based on MPLS and therefore is called MPLS TE. It can accurately
control the path through which traffic passes, maximizing bandwidth utilization.
Path Planning Traffic Optimization Fault Protection

• Different paths are • When traffic is • A fast protection

planned for different unbalanced due to major switching is performed in
services. events, traffic is evenly the case of a device or
distributed to idle links. link fault.

36 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Traditional Distributed MPLS TE Architecture


MPLS TE uses the distributed architecture, in which the ingress computes paths according to constraints
and uses RSVP-TE signaling to establish constraint-based LSPs.

MPLS nodes are used to maintain a complete TE architecture through four components: information
advertisement component, path computation component, path establishment component (or signaling
component), and packet forwarding component.
Network device 1. The extended IS-IS/OSPF
carries TE information,
Path selection 2. Path selection
component component advertises IGP and TE
LSP (IGP computation) (LSP computation) LSP information in the domain,
establishmen 3. Signaling establishmen
TE
t LSDB database component t and generates a TEDB.
(RSVP)
2. The CSPF algorithm is used to
Information Information
advertisement advertisement
compute a path that meets
1. Information advertisement
component: IS-IS/OSPF constraints based on the
Packet Packet TEDB.
entering leaving
4. Packet forwarding component 3. RSVP-TE is used to establish
LSPs.

4. Data is forwarded based on

37 Huawei Confidential
MPLS labels.
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Centralized SR-MPLS TE Architecture


Segment Routing-MPLS Traffic Engineering (SR-MPLS TE) is a new TE tunneling technology that uses SR as
the control protocol. SR-MPLS TE supports the centralized architecture, in which the controller collects
global network topology and TE information, computes paths in a centralized manner, and delivers path
computation results to network devices.

SR-MPLS TE also supports manual configuration.
Centralized SR-MPLS TE:
2. Centralized path
computation 1. The extended IS-IS/OSPF
3. Signaling 1. Information
component carries TE information,
component collection
(PCEP/BGP)
Global TE advertises IGP and TE
database component
(BGP-LS) information in the domain,
Controller
and generates a TEDB.
Networ 2. BGP-LS is used to collect
k device network information and
establish a global TE
Signaling Local TE Information reporting database.
component database component
3. The controller globally
Information Information computes paths based on
advertisemen advertiseme constraints.
Information advertisement
t nt
component: IS-IS/OSPF
Packet 4. PCEP or BGP SR Policy is used
entering Packet
4. Packet forwarding component
to deliver path computation
leaving
results to devices.

38 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Comparison Between SR-MPLS TE and RSVP-TE

Item SR-MPLS TE RSVP-TE
Labels are allocated and propagated using RSVP
Labels are allocated and propagated using IGP extensions. extensions. Each LSP is allocated with a label.
Each link is allocated with only one label. All LSPs When there are multiple LSPs, multiple labels
Label
traversing a link share the label of this link, reducing label need to be allocated to the same link, occupying
allocation
resource consumption and the workload in label forwarding a large number of label resources and increasing
table maintenance. the workload of maintaining the label forwarding
table.
Control IGP extensions are used for signaling control, reducing the RSVP-TE needs to be used as the MPLS control
plane number of required protocols. protocol, complicating the control plane.
As transit nodes are unaware of tunnels and use packets to
Tunnel state information and forwarding entries
carry tunnel information, they only need to maintain
Scalability need to be maintained, resulting in poor
forwarding entries instead of tunnel state information,
scalability.
enhancing scalability.
Transit nodes are unaware of tunnels. The service path can
be controlled only by performing label operations on the
Path
packet sent from the ingress, eliminating the need of hop- Configurations need to be delivered node by
adjustme
by-hop configuration delivery. node regardless of whether the path is adjusted
nt and
If a node in the path fails, the controller re-computes a in normal or fault scenarios.
control
path and updates the label stack of the ingress to
complete path adjustment.
39 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE: Network Topology Collection

Network Topology Collection Using an IGP Network Topology Reporting Using BGP-LS

Controller Controller

BGP-
LS
R R R R R R
1 2 3 1 2 3

IG IG IG IG
P P P P

R R R R R R
4 5 6 4 5 6
The IGP configured on forwarders is used to collect BGP-LS is used to report TE information and network
network topology information, SR adjacency labels, topology information with SR labels to the controller.
and node labels.

40 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE: Label Allocation

Controller

BGP-
LS
In SR-MPLS TE, labels are allocated through the IGP
R R R
1 2 3 configured on forwarders and reported to a
controller through BGP-LS.

SR-MPLS TE mainly uses adjacency labels and
IG IG can also use node labels.
P P 
Adjacency labels are allocated by the ingress,
104 and are valid locally and unidirectional.
GE0/0/
5
1
GE0/0/
105 2
R R R
4
4 5 6

41 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Label Allocation Example


IGP SR is enabled on each device. For SR-capable IGP
Controller
instances, all IGP-enabled outbound interfaces are
allocated with SR adjacency labels.
BGP- 
Adjacency labels are propagated to the entire network
LS through an IGP SR extension.
R R R

Taking R4 as an example, the process of label allocation
1 2 3 through an IGP is as follows:
1. R4 allocates a local dynamic label to an adjacency through
an IGP. For example, adjacency label 1045 is allocated to the
R4->R5 adjacency.
2. R4 propagates the adjacency label to the entire network
IG IG through the IGP.
P P 3. R4 generates a label forwarding entry corresponding to the
104 adjacency label.
GE0/0/
5 4. Other nodes learn the R4-propagated adjacency label
1
GE0/0/ through the IGP but do not generate label forwarding
105 2 entries.
R R R
4
4 5 6 • Other devices allocate and propagate adjacency labels in
the same way as R4 and generate label forwarding
Label Outbound Interface Next Hop entries. BGP-LS is used to report TE information and
1045 GE0/0/1 R5 network topology information with SR labels to the
controller.
42 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE LSP Creation


SR-MPLS TE tunnels are created using the SR protocol based on TE constraints. The figure
shows two LSPs working in primary/backup mode. The two LSPs correspond to the same SR-
MPLS TE tunnel with a specified ID.

Path 1: primary path

R SR-MPLS TE tunnel
1
R
2
Path 2: backup path


SR-MPLS TE tunnel creation involves tunnel attribute configuration and tunnel establishment.

43 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE Tunnel Attribute Configuration


SR-MPLS TE tunnel attributes must be configured before tunnel establishment. An SR-MPLS TE tunnel can
be configured on a controller or forwarder.

Tunnel configuration on a controller: After an SR-MPLS TE tunnel is configured on a controller, the
controller uses NETCONF to deliver tunnel attributes to a forwarder, which then uses PCEP to delegate the
tunnel to the controller for management.

Tunnel configuration on a forwarder: After an SR-MPLS TE tunnel is configured on a forwarder, the
forwarder delegates the tunnel to the controller for management.
NETCONF-based Tunnel Configuration Delivery by a
Manual Configuration of a Tunnel with an Explicit Path
Controller
[R1] interface tunnel1 [R1] interface tunnel1
[R1-Tunnel1] ip address unnumbered interface LoopBack0 [R1-Tunnel1] ip address unnumbered interface LoopBack0
[R1-Tunnel1] tunnel-protocol mpls te [R1-Tunnel1] tunnel-protocol mpls te
[R1-Tunnel1] destination 3.3.3.3 [R1-Tunnel1] destination 3.3.3.3
[R1-Tunnel1] mpls te tunnel-id 1 [R1-Tunnel1] mpls te tunnel-id 1
[R1-Tunnel1] mpls te signal-protocol segment-routing [R1-Tunnel1] mpls te signal-protocol segment-routing
[R1-Tunnel1] mpls te path explicit-path p1 # A path is manually [R1-Tunnel1] mpls te pce delegate # The tunnel is delegated to
specified. the PCE server.

SR-MPLS TE tunnels are established and managed using tunnel interfaces. As such, you need to
configure a tunnel interface on the ingress of each SR-MPLS TE tunnel.

44 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE Tunnel Establishment (Path Computation

by the Controller)
Controller If a configured service (e.g. VPN service) needs to be
bound to an SR-MPLS TE tunnel, the tunnel can be
established as follows:
NETCON
BGP- 1. Based on SR-MPLS TE tunnel constraints, the
F
PCE LS controller uses the path computation element (PCE)
P to compute a path similar to a common TE tunnel and
1034 generates a label stack (path computation result).
1056 2. The controller uses NETCONF and PCEP to deliver
1078 tunnel configurations and the tunnel stack,
respectively, to forwarders.
102 3. The forwarders establish an SR-MPLS TE tunnel with a
3 specific LSP based on the tunnel configurations and
label stack delivered by the controller.
1056
R 1078 103
BGP-LS: used to report labels and network topology
1 4
R information by forwarders.
1023 2
1078 7 PCEP: used to deliver a label stack by a controller and
1034 10 report LSP states by forwarders.
1056 8
1078 105 NETCONF: used to deliver tunnel configurations by a
6 controller.

45 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

Advantages of Controller-based SR-MPLS TE Tunnel

Establishment

Bandwidth calculation and resource reservation are supported.

The optimal path can be computed from a global perspective.

The controller can work with applications. After applications raise
network requirements, the controller can compute forwarding paths
Controll as required, achieving a service-driven network.
er 
The workload of manual configuration is reduced, facilitating large-
scale network deployment.

PC
P
E
F
NETCON
High-bandwidth path
gh th
y

Hi wi d
P
PCE
nc
te

nd
la

ba
w
Lo

Data
downloa Low-latency
d path
Video

46 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS TE Data Forwarding


Forwarders perform label operations on packets according to the label stacks corresponding
to a specific SR-MPLS TE tunnel's LSP and search for outbound interfaces hop by hop
according to the top label to guide packet forwarding to the destination. Data can be
forwarded based on adjacency labels or a combination of node and adjacency labels.

Forwarding based on adjacency labels

Forwarding based on adjacency labels is also called strict-path forwarding. The label stack strictly
determines the forwarding path and does not support load balancing.


Forwarding based on a combination of node and adjacency labels

Forwarding based on a combination of node and adjacency labels is also called loose-path forwarding.
When processing node labels, a device can forward packets along the shortest path or perform load
balancing because the path is not strictly fixed in this case.

47 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS Policy
TE

SR-MPLS BE and SR-MPLS TE Traffic Steering


Traffic steering: After an SR tunnel is established, service traffic needs to be steered to it.

SR-MPLS BE (without tunnel interfaces) traffic steering

Tunnel policy: Use a tunnel type prioritizing policy to select an SR-BE tunnel.

Static route: Specify the next hop of a static route as the destination address of an SR-BE tunnel and recurse traffic
to the tunnel based on the next hop.

Recursion based on the next hop of a route: Recurse a public network route (e.g. BGP route) to an SR-BE tunnel
based on the route's next hop.


SR-MPLS TE (with tunnel interfaces) traffic steering

Tunnel policy: Use a tunnel type prioritizing policy to select an SR-TE tunnel.

Static route: When configuring a static route, specify the outbound interface of the route as an SR-TE tunnel
interface.

Auto route: Use an SR-TE tunnel as a logical link in IGP route calculation.

Policy-based routing (PBR): Specify an SR-TE tunnel interface as an outbound interface in the involved clause.

48 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS TE Disadvantages in the Early Stage


SR-MPLS TE in the early stage inherits the tunnel interface concept of RSVP-TE and uses
tunnel interfaces to implement SR.
[R1] interface tunnel1
[R1-Tunnel1] ip address unnumbered interface
LoopBack0
[R1-Tunnel1] tunnel-protocol mpls te
[R1-Tunnel1] destination 3.3.3.3
[R1-Tunnel1] mpls te tunnel-id 1
[R1-Tunnel1] mpls te signal-protocol segment-routing
...

Using tunnel interfaces to implement SR is simple and easy to understand, but has the following
disadvantages:

Tunnel interfaces and traffic steering are implemented separately, leading to complex traffic
steering and low performance.

Tunnels need to be configured and deployed in advance, imposing a restriction in scenarios where
the tunnel destination cannot be determined.

The application scenarios of tunnel interface-based ECMP are limited.
49 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR Policy Overview

An SR Policy uses a segment list to specify a forwarding path, without the need to use tunnel
interfaces.

SR Policies are classified into SR-MPLS Policies and SRv6 Policies based on segments. This
document focuses on SR-MPLS Policies.

The controller computes paths based on the color attribute that represents SLAs and delivers
the computation results to forwarders to form SR-MPLS Policies. (In this example, the
forwarder's tunnel information is different from SR-TE tunnel information.) According to the
color attribute and next hop of the involved service route, the headend recurses the route to
the corresponding SR-MPLS Policy for service forwarding.
<PE1>display tunnel-info all
Tunnel ID Type Destination Status
----------------------------------------------------------------------------------------
0x0000000001004c4c04 ldp 1.0.0.12 UP

0x000000002900000004 srbe-lsp 1.0.0.12 UP

0x000000000300002001 sr-te 1.0.0.12 UP
0x00000000320000c001 srtepolicy 1.0.0.12
UP
0x000000003400002001 srv6tepolicy FC01::12
50 UPHuawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS Policy Tuple


An SR-MPLS Policy is identified by the tuple <headend, color, endpoint>.

For an SR-MPLS Policy with a specified node, it is identified only using <color,
endpoint>.

Headend: node where an SR-MPLS Policy is originated. Generally, it is a globally unique IP
address.

Color: 32-bit extended community attribute. It is used to identify a service intent (e.g. low
latency).

Endpoint: destination address of an SR-MPLS Policy. Generally, it is a globally unique IP
address.

Color and endpoint are used to identify a forwarding path on the specific headend of
an SR-MPLS Policy.

51 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS Policy Standards


According to RFC draft-ietf-spring-segment-routing-policy, BGP multi-protocol
extension supports the BGP SR Policy (SAFI = 73) address family for delivering SR-
MPLS Controll
Policies:
er

BGP-LS/BGP SR

The controller uses BGP to deliver a
Policy combination of SR SIDs to the
ingress. A TE tunnel carrying the
policy color and destined for the
egress is then created on the
ingress.
Colo
r 
If the tunnel needs to be referenced,
you can locate the tunnel based on
the policy color.
Ingres Egres
s s

52 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS Policy Solution Architecture

Controll
er
Huawei SR-MPLS Policy solution architecture
involves three key protocols: BGP-LS, BGP SR
1. BGP- Policy, and NETCONF.
LS
2. BGP SR 1. BGP-LS collects information (e.g. tunnel
Policy topology, bandwidth, and link latency) and
3.
NETCONF reports it to the controller, which then
computes SR Policy paths and displays tunnel
status based on the information.

Colo 2. BGP SR Policy is used by the controller to

r deliver SR Policy information (e.g. color,
headend, and endpoint).
Ingres Egres 3. NETCONF is used to deliver other
s s
configurations, such as service interfaces and
route-policies (with the color attribute).

53 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS Policy Model


An SR-MPLS Policy can contain multiple candidate paths with the preference attribute. The
valid candidate path with the highest preference functions as the primary path of the SR-
MPLS Policy, and the valid candidate path with the second highest preference functions as the
backup path.

A candidate path is an SR-MPLS Policy's
Segmentsegment
list 1 list sent to the headend through PCEP or
SR policy P1 <headend, color, endpoint>
BGP SR Policy. Primar Weight Candidate-path CP1 <Protocol-Origin, Originator,
y path
Discriminator>
Candidate path Preference 200
SR Policy Segment list 2
1
Preference
Weight W1, SID-List1 <SID11...SID1i>
<headend, 200 Weight Weight W2, SID-List2 <SID21...SID2j>
color, Candidate-path CP2 <Protocol-Origin, Originator,
endpoint> Discriminator>
Candidate path Preference 100
Segment list 1
2
Weight W3, SID-List3 <SID31...SID3i>
Preference
100
Weight Weight W4, SID-List4 <SID41...SID4j>
Backup
path

54 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

Binding SID

To achieve better scalability, network opacity, and service independence, the binding SID (BSID)
mechanism is introduced to SR. (RFC 8402-5.Binding Segment) A BSID can be defined for each candidate
path.

Similar to RSVP-TE tunnels, SR-MPLS TE tunnels can also function as forwarding adjacencies. If an SR-MPLS
TE tunnel is used as a forwarding adjacency and an adjacency SID is allocated to it, this SID is called a
BSID. A BSID identifies an SR-MPLS TE tunnel.

Static BSID Configuration

sr-te policy P1
Only one BSID can be configured for an SR-MPLS Policy. It
binding-sid 200
can be used for SR-MPLS TE path computation as other
endpoint 5.5.5.5 color 100
types of SIDs.

55 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR-MPLS Policy Service Process: Information Collection

Controller 
Background: R3 functions as the egress
and advertises the route 5.5.5.5/32 to the
BGP- ingress R1. Finally, an SR Policy is
LS
2.2.2. 3.3.3. Prefix: established between R1 and R3. The figure
2 3 5.5.5.5/32
shows the associated path. The specified
2000 2000
2 3 color is green.
1. BGP-LS collects information (e.g. topology,
1.1.1.
1 R3: bandwidth, and link latency) and reports it to
2000 Egres
Gree the controller, which then computes SR Policy
1 s
n paths and displays tunnel status based on the
R1:
information.
Ingres
s

4.4.4.4
20004
56 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR Policy Service Process: Route Coloring

Controll 
Background: R3 functions as the egress
er
and advertises the route 5.5.5.5/32 to the
NETCON
F ingress R1. Finally, an SR Policy is
Prefix:
2.2.2. 3.3.3. 5.5.5.5/32 established between R1 and R3. The
2 3 Color: Green
2000 2000 NHP: 3.3.3.3 figure shows the associated path. The
2 3 specified color isuses
green.
2. The controller NETCONF to deliver a
1.1.1.
1 R3: VPN or BGP export route-policy to the
2000 Egres
Gree s egress. The color attribute (green) is set
1 n
for the route prefix 5.5.5.5/32, and the
R1:
Ingres next hop of the route is R3 address
s 3.3.3.3.
4.4.4.4
20004
57 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR Policy Service Process: Route Advertisement

Controll 
Background: R3 functions as the egress
er
and advertises the route 5.5.5.5/32 to
MP-BGP the ingress R1. Finally, an SR Policy is
Prefix:
2.2.2. 3.3.3. 5.5.5.5/32
2 3 Color: Green established between R1 and R3. The
2000 2000 NHP: 3.3.3.3
figure shows the associated path. The
2 3
1.1.1. specified color is green.
1 R3:
2000 Egres 3. The egress advertises the colored route
Gree s
1 n 5.5.5.5/32 to the ingress through MP-
R1: BGP.
Ingres
s

4.4.4.4
20004
58 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR Policy Service Process: SR Policy Delivery


Background: R3 functions as the egress and
advertises the route 5.5.5.5/32 to the ingress
R1. Finally, an SR Policy is established between
BGP SR
Policy R1 and R3. The figure shows the associated
SR Policy: path. The specified color is green.
Color: Controll 4. The controller delivers the SR Policy to the
Green er headend, as shown in the following. R1 receives
Tunnel Prefix:
the BGP route 5.5.5.5/32 from R3. In subsequent
Encap 2.2.2. 3.3.3. 5.5.5.5/32
forwarding, the route is recursed to the SR Policy
... 2 3 Color: Green
based on its color and next hop.
2000 NHP: 3.3.3.3
2000
2 3 BGP SR Policy
1.1.1. Route:
1 R3: SR Policy:
2000 Egres Color: Green
Gree s Endpoint: 3.3.3.3
1 n Attribute:
R1: BSID: 30028
Ingres Candidate path count: 1
s Preference:100
SegmentList:
label: 20004, 20003
4.4.4.4
20004
59 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

SR Policy Service Process: Traffic Steering and Packet

Forwarding
Background: R3 functions as the egress
BGP SR
Policy and advertises the route 5.5.5.5/32 to the
SR Policy:
Controll ingress R1. Finally, an SR Policy is
Color:
Green er established between R1 and R3. The figure
Tunnel Prefix:
Encap 2.2.2. 3.3.3. 5.5.5.5/32 shows the associated path. The specified
... 2 3 Color: Green color is ingress
green. generates a forwarding-plane
NHP: 3.3.3.3
5. The
2000 2000
2 3 tunnel based on the SR Policy. In this
1.1.1. example, it completes traffic steering and
1 R3:
2000 Egres forwarding based on the color attribute.
Gree s
1 n 
Other traffic steering modes, such as
R1:
DSCP-based traffic steering, are also
Ingres
s supported.

4.4.4.4
20004
60 Huawei Confidential
 SR-MPLS
Basic Concept Fundamentals SR-MPLS BE SR-MPLS TE
Policy

Summary: SR-MPLS Path Generation Modes


SR is a technology that allows route selection on the ingress without
depending on hop-by-hop signaling exchange (LDP/RSVP-TE). SR-MPLS paths
are composed of segments advertised through an IGP. SR-MPLS paths
support the following generation modes:

Forwarder-based path computation (SPF/CSPF)

Static explicit path configuration (CLI/NETCONF)

Controller-based path computation (PCEP/BGP SR Policy)

Currently, BGP SR Policy is the mainstream path delivery mode.

61 Huawei Confidential
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection
Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing

62 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Overview of SR-MPLS Protection Technologies


TE tunnel protection is classified into local protection and E2E protection. These protection
mechanisms are inherited and also enhanced for SR-MPLS TE.

Egres
Local
s TI-LFA FRR
protection

Fast switching Anycast

Only links and Ingres FRR
nodes s
protected

E2E
protection Egres

Detection- s
dependent fast
Hot
switching
Standby

E2E paths protected Ingres
s

63 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

TI-LFA FRR

Topology-independent loop-free alternate (TI-LFA) FRR provides link and node protection for SR tunnels. If
a link or node fails, traffic is rapidly switched to the backup path.

Limitations of the Traditional LFA

TI-LFA Algorithm
Algorithm

The traditional LFA algorithm has topological limitations. As 
Using the source routing capability of SR, TI-LFA computes a
shown in the figure, SIP traffic is forwarded to the DIP backup path on each node to protect the failure point. When
through R1. If the R1-R3 link fails, R1 forwards the traffic to a node detects a failure, traffic is rapidly switched to the
R2. However, no backup path can be formed before R2 backup path. R1-R3 path: 4.4.4.4; segment list: R1, R3
Primary
detects the failure. Backup R1-R3 path: 4.4.4.4; segment list: R1, R2,
R4, R3
SIP:
R R SIP:
1.1.1.1 R R
1 Cost=1 2 1.1.1.1
1 Cost=1 2
0
0

Cost
Cost Cost
=100 Cost
DIP: =10 DIP: =100
4.4.4.4 =10
4.4.4.4

Cost=1
R R Cost=1
0 R R
3 4 0
3 4
64 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

TI-LFA FRR Protection Path Computation


TI-LFA FRR protects services against both link and node failures. TI-LFA preferentially
computes a node protection path because this path can definitely protect services against a
link failure.
Link Node
High priority
protection protection

Protectio Protectio
SIP: R R SIP: R R
n path n path
1.1.1.1 1 2 1.1.1.1 1 2

Original Original
path path
DIP: DIP:
4.4.4.4 4.4.4.4
R R R R
3 4 3 4

65 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

TI-LFA FRR Usage Scenarios and Configuration


To protect the entire path, you need to enable TI-LFA FRR local protection for the IGP
processes of multiple nodes.

[Router] isis 1
[Router-isis-1] frr
[Router-isis-1-frr] loop-free-alternate level-2
[Router-isis-1-frr] ti-lfa level-2

IS-IS 1 Level-
2

66 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Limitations of TI-LFA FRR


TI-LFA cannot provide protection if a specified explicit node (ingress, egress, or constraint node) along an
SR tunnel fails. For example, on the SR path shown in the following figure, TI-LFA cannot generate
protection paths for explicit nodes R1, R4, and R6.

Packe
TI-LFA cannot protect
t
1600 services against explicit
6 node failures.
1600
4 1600 1600 1600
2 4 6

1600 R2 R4 R6
1

R1 1600 1600
3 5

R3 R5

67 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Anycast FRR

Anycast FRR can protect services against failures of specified nodes.

Assume that R4 and R5 advertise the same SID. This SID is called an anycast SID. The anycast SID is
advertised in the IGP, with the next hop pointing to the nearest node on the path, such as R4. In this case,
R4 is the optimal node of the anycast SID, and R5 is the backup node.
Set the same SID (anycast
SID) for different devices.

1600 1610 1600

2 0 6

1600 R4 Optima R6
R2
1 l node

R1 1600
3

Backup
R3 R5 node

68 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Anycast FRR Protection


Anycast FRR constructs a virtual node for SID advertisement and uses the TI-LFA algorithm to
compute the backup next hop of the virtual node.

If R4 fails, TI-LFA continues to forward traffic through R5 along the computed backup path.
Packe
t
16006

1610 16002 16006

0

16001
R2 1610 R4 R6
0

R1 16003
Virtual
node

Backup
R3 R5 path

69 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Hot Standby

SR hot standby enables the controller to compute a backup path that is different from the
primary path to implement E2E path protection.

For SR-MPLS Policies, the primary and backup candidate paths implement hot standby
protection. The primary and backup candidate paths belong to the same SR-MPLS Policy.
Candidate path
SR-MPLS 1 Primary
Policy Candidate path candidate
2 16002 path 16004 16006

16001 P1 P2 PE2

CE1 PE1 16003 16005 16007 CE2

P3 Backup P4 PE3
candidate
path
70 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Hot Standby Implementation for SR-MPLS Policy

Primary
candidate
pathpath
Candidate Segment
<headend, color, 1 list
endpoint>
Preference 200
SR-MPLS
Policy
Candidate path Segment
2 list
Preference 100

Backup
candidate
path

Multiple candidate paths of an SR-MPLS Policy
SR policy P1 <headend, color, endpoint>
Candidate-path CP1 <Protocol-Origin, Originator,
implement hot standby protection. If a segment
Discriminator> list fails, a failover is triggered.
Preference 200
SID-List <SID11...SID1i> 
SR-MPLS Policy fault detection depends on
Candidate-path CP2 Protocol-Origin, Originator,
Discriminator> detection mechanisms such as BFD or SBFD.
Preference 100
SID-List <SID21...SID2i>
71 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

Limitations of Hot Standby


Hot standby can protect E2E paths but does not apply to scenarios where the egress PE of a
tunnel fails. In this example, PE1 receives the routes advertised by PE2 and PE3 at the same
time and preferentially selects the route advertised by PE2. If PE2 fails, services can recover
only through route convergence.
Candidate path
SR-MPLS 1
Policy Candidate path Primary
2 candidate
16002 path 16004 16006

16001 P1 P2 PE2
Backup
candidate
CE1 PE1 16003 path 16005 16007 CE2

P3 P4 PE3

72 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

VPN FRR

VPN FRR uses the VPN route-based fast switching technology. It presets primary and backup forwarding
paths pointing to the master and backup PEs, respectively, on the ingress PE and implements fast PE
failure detection to reduce E2E service convergence time when a PE failure occurs in an MPLS VPN
scenario where a CE is dual-homed to two PEs.
Candidate path
SR-MPLS Policy 1
1 Candidate path Primary candidate
2 path of SR-MPLS
SR-MPLS Policy 2 -Candidate path Policy 1
1 1600 1600 1600
2 4 6

1600 P1 P2 PE2
1 Backup candidate
path of SR-MPLS
1600 Policy 1600
1 1600
CE1 PE1 CE2
3 5 7

P3 P4 PE3
VPN FRR backup path (SR-MPLS
Policy 2)
73 Huawei Confidential
 Anycast Hot- VPN
TI-LFA FRR Microloop Avoidance SBFD BFD
FRR Standby FRR

VPN FRR Failover Example


In this example, when TI-LFA FRR, hot standby, and VPN FRR are used together, the
protection switching is implemented as follows:
Segment list TI-
LFA
16002 16003 TI-LFA FRR
Candidate path 1 16004 16004 PE1-P1 link on the
2 protection path
16006
SR-MPLS
Policy 1 16003
Hot
Candidate path 2 16005
Standby
If a node or link on the
16004 primary path fails, traffic is
VPN FRR switched to the backup path.
16006

16003 VPN
FRR Policy 1 becomes
If PE2 fails, SR-MPLS
SR-MPLS Policy 2 Candidate
-- path 1 16005
unavailable, triggering VPN FRR switching to
16007 SR-MPLS Policy 2.
Note: Candidate path 1 of SR-MPLS Policy 1 is the primary
path.
74 Huawei Confidential
 Anycast Hot- VPN Microloop
TI-LFA FRR SBFD BFD
FRR Standby FRR Avoidance

SR Microloop Avoidance Overview


Each node independently calculates the IGP LSDB, which may lead to a loop during unordered
convergence. This may in turn result in microloops, a kind of transient loop that disappears after all the
nodes on the forwarding path have converged.

On the network shown in the following figure, TI-LFA FRR is working properly. After detecting that P2 fails,
P1 enters the TI-LFA FRR switching process. Specifically, it inserts the repair list <16005, 16057> into the
packet to forward the packet to 16006 through 16005.
TI-LFA
1600 1600 1600
2 4 6

1600 P1 P2 PE2
1

PE1 1600 1600 1600

3 5 7
1605
7
P3 P4 PE3

75 Huawei Confidential
 Anycast Hot- VPN Microloop
TI-LFA FRR SBFD BFD
FRR Standby FRR Avoidance

SR Local Microloop Avoidance in a Traffic Switchover

Scenario

Devices converge at different time points, leading to a microloop. For example, the route of P1 does not
carry a repair list after convergence. In this case, the next hop of the route to 16006 is P3. If P3 has not
converged, the next hop pointing to 16006 is still P1, causing a local microloop in a traffic switchover
scenario.

After microloop avoidance is enabled, P1 starts the T1 timer during which the packet is still forwarded
according to the TI-LFA policy <16005, 16057> and waits for other nodes to converge.
[P1] isis 1
TI-LFA [P1-isis-1] avoid-microloop frr-protected

1600 1600 1600

2 4 6
Converged
1600 P1 P2 PE2
1

PE1 1600 Not 1600 1600

converged
3 5 7
1605
7
P3 P4 PE3

76 Huawei Confidential
 Anycast Hot- VPN Microloop
TI-LFA FRR SBFD BFD
FRR Standby FRR Avoidance

SR Local Microloop Avoidance in a Traffic Switchback

Scenario

A microloop may also occur during traffic switchback implemented after fault rectification. Assume that P2 recovers. If
P1 has not converged and forwards traffic to P3 that has converged, traffic will be forwarded back to P1, resulting in a
local microloop.

With microloop avoidance enabled, after P3 converges, it computes the microloop avoidance segment list <16002,
16024>. PE1 forwards the packet to P1. As P1 has not converged, it forwards the packet to P3. P3 inserts the segment
list into the packet and forwards the packet to P2 through P1 and finally to PE2.
[P3] isis 1
[P3-isis-1] avoid-microloop frr-protected
TI-LFA
1600 1600 1600
2 1602 4 6
4 Not
1600 P1
converge
P2 PE2
d
1
Converge
PE1 1600 d 1600 1600
3 5 7

P3 P4 PE3

77 Huawei Confidential
 Anycast Hot- VPN Microloop
TI-LFA FRR SBFD BFD
FRR Standby FRR Avoidance

SR Remote Microloop Avoidance


Traffic switching may cause not only a local microloop but also a microloop between remote nodes (that is, a remote
microloop).

As shown in the figure, the link between PE2 and PE3 fails. If P2 has converged but P1 has not, a loop occurs between P1
and P2.

With remote microloop avoidance enabled, after P2 converges, it computes the microloop avoidance segment list
<16003,16037> for traffic accessing PE3. In this case, P1[P2]
stillisis
forwards
1 traffic from P3 to PE3 even if P1 has not
converged. [P2-isis-1] avoid-microloop segment-routing

1600 1600 1600

2 4 6

1600
P1 P2 PE2
1

1600 1600
PE1
3 7
1603
7
P3 PE3

78 Huawei Confidential
 Anycast Hot- VPN Microloop
TI-LFA FRR SBFD BFD
FRR Standby FRR Avoidance

Summary: Comparison Between TI-LFA and Microloop

Avoidance

TI-LFA Microloop Avoidance


Purpose: to locally compute a 
Purpose: to prevent temporary loops
backup path for the destination during the update of the primary
address path

Trigger condition: link or node 
Trigger condition: primary path
failure on the primary path update

79 Huawei Confidential
 Anycast Hot- VPN SBF
TI-LFA FRR Microloop Avoidance BFD
FRR Standby FRR D

SBFD Overview

If BFD detects a large number of links, the negotiation time of the state machine is prolonged, which is not suitable for
SR. To address this issue, seamless bidirectional forwarding detection (SBFD), which is a simplified BFD mechanism, is
introduced to detect SR tunnels. With a simplified BFD state machine, SBFD shortens the negotiation time and improves
network-wide flexibility.
BFD SBFD
Initiato negotiation Initiato Initiato negotiation Reflecto
r r r r

BFD D
Down own Down
n
Do w
BF D BFD
Down Reflection
Down -> BFD I Down -> Down
ni t only
Init Init BFD
Init
BF D Down
Down -> Multiple
Down -> BFD U Down -> Up initiators
p
Up Up share one
Up reflector.
BF D

80 Huawei Confidential
 Anycast Hot- VPN SBF
TI-LFA FRR Microloop Avoidance BFD
FRR Standby FRR D

SBFD Implementation
Initiator Reflecto
r
SBFD state
Admin machine of the
Down Up
SBFD Control Packet initiator
(Timer)

SBFD Control Packet Before link

Up
detection
Down Up
SBFD Echo Packet
Admin
Down Down
(Timer)
During link 
The loopback packet constructed by the reflector carries
Down -> Up detection
the Admin Down or Up field.

After receiving a reflected packet carrying the Up state,
the initiator sets the local state to Up. After receiving a
reflected packet carrying the Admin Down state, it sets the

Before link detection, both ends exchange SBFD control packets to local state to Down. It also sets the local state to Down if it
notify SBFD description information. does not receive any reflected packet before the timer

During link detection, the initiator proactively sends an SBFD Echo expires.
packet, and the reflector loops back the packet based on local
conditions. The initiator determines the local status based on the
reflected packet.
81 Huawei Confidential
 Anycast Hot- VPN BF
TI-LFA FRR Microloop Avoidance SBFD
FRR Standby FRR D

One-Arm BFD

BFD/SBFD requires that devices at both ends support this function. If a Huawei device needs to communicate with a
BFD-incapable device, you can configure one-arm BFD (also called one-arm BFD echo) for the Huawei device. A one-arm
BFD Echo session can be established on the BFD-capable device. After receiving a BFD Echo packet, the BFD-incapable
device immediately loops back the packet for quick link detection.

One-arm BFD Echo does not require Echo negotiation capabilities at both ends; that is, BFD can be configured on only
one end. The device with one-arm Echo enabled sends special BFD packets (source and destination IP addresses in the
IP header are the IP address of the local device, and the local and remote discriminators in the BFD packet are the
same). After receiving the packets, the peer device directly loops them back to the local device to check whether the
link is normal. This function equips Huawei devices with a stronger adaptability to low-end devices.
BFD-capable BFD-
incapable
Router Router
A B
BFD SIP=A, DIP=A, MD=A,
YD=A
Forwarding to the source
SIP: source IP address device according to
DIP: destination IP BFD SIP=A, DIP=A, MD=A, DIP=A
address YD=A
MD: my discriminator
YD: your discriminator

82 Huawei Confidential
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing

83 Huawei Confidential
Intra-AS SR-MPLS BE
MP- 
SR-MPLS BE applies to services that do
IBGP
not have strict SLA requirements or
require path planning.

Downstream routers allocate SIDs to
IGP (OSPF or IS-
IS) upstream routers to form SR-MPLS
PE SR PE
1
MPLS MPLS MPLS
2 forwarding paths.

P P 
MP-BGP is used on the control plane to
1 2
advertise VPN labels.
SID SID SID
advertiseme advertiseme advertisemen 
SR-MPLS BE can be used as a backup
nt nt t
CE CE solution for SR-MPLS TE services on a
1 2
production network.

84 Huawei Confidential
Intra-AS SR-MPLS TE

SR-MPLS TE applies to scenarios that have strict SLA requirements and require path planning, such as DCI scenarios.

SR labels are advertised by an IGP. The controller uses BGP-LS to collect information (e.g. network topology, bandwidth,
latency, and label information).

The controller computes qualified forwarding paths based on constraints and delivers path computation results to
forwarders through PCEP or NETCONF. Engineers can also manually configure strict forwarding paths and delegate the
paths to the controller through PCEP.

Controll
er
BGP-LS, NETCONF, and PCEP

IDC IGP IDC

1 2

85 Huawei Confidential
Intra-AS SR-MPLS Policy

SR-MPLS Policy applies to scenarios that have strict SLA requirements and require path planning.

SR labels are advertised by an IGP. The controller uses BGP-LS to collect information (e.g. network topology, bandwidth,
latency, and label information).

The controller computes qualified forwarding paths based on constraints and delivers path computation results to
forwarders through BGP SR Policy or PCEP. Engineers can also manually configure strict forwarding paths and delegate
the paths to the controller through PCEP.

Controll
er
BGP-LS, NETCONF,
and BGP SR Policy/PCEP

IGP

86 Huawei Confidential
Inter-AS E2E SR-MPLS TE (1)

In inter-AS access scenarios, it is recommended that the controller perform centralized computation and
deliver E2E SR-MPLS TE paths.

BGP egress peer engineering (EPE) is configured on ASBRs for them to allocate a BGP peer SID to each
other.

The ASBRs then use BGP-LS to report the BGP EPE-generated labels and network topology information.
Controll
er
BGP peer SID
reporting through
BGP-LS BGP EPE

SID SID
304 403

AS 100 ASB ASB AS 200

R R
PE PE
1 2

87 Huawei Confidential
Inter-AS E2E SR-MPLS TE (2)

Before an E2E SR-MPLS TE tunnel is created, the controller needs to create intra-AS SR-MPLS
TE tunnels.

To reduce the label stack depth, you can configure a BSID for each intra-AS tunnel.

In this example, BSID 1000 is configured for the tunnel from PE1 to one ASBR, and BSID 2000
for the tunnel from PE2 to the other ASBR. Controll
BSID 1000 er BSID 2000

BGP EPE

SID SID
304 403

AS 100 ASB ASB AS 200

R R
PE PE
1 2

88 Huawei Confidential
Inter-AS E2E SR-MPLS TE (3)

The controller performs global computation, integrates path labels into a label stack, and
then delivers it to forwarders.

In this example, the label stack for the path from PE1 to PE2 is <1000, 304, 2000>.

In the label stack, 1000 and 2000 are BSIDs, which will be replaced with corresponding SR
label stacks during intra-AS forwarding. Controll
BSID 1000 er BSID 2000

SID SID
304 403

AS 100 ASB ASB AS 200

R R
PE PE
1 2

89 Huawei Confidential
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing
 SR-MPLS BE
▫ SR-MPLS TE

▫ SR-MPLS Policy
90 Huawei Confidential
L3VPN over SR-MPLS BE (1)
AS 100
Loopback Loopback Loopback
0 0 0
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE
32 vpna P
32 vpna PE
32
1 10.0.12.0/24 10.0.23.0/24 2 Configuration roadmap:
. . . .
1 2 2 3 1.Configure interface IP addresses and OSPF.
10.0.14.0/ 10.0.35.0/ (Configuration details are not provided.)
24 24
Loopback Loopback 2.Enable MPLS, configure SR, and establish SR LSPs on
1 1
10.1.4.4/3 10.1.5.5/3 the backbone network.
CE AS AS CE
2 2
1 65000 65001 2 3.Establish an MP-BGP peer relationship between PE1 and
Networking requirements: PE2.
4.Enable the VPN instance IPv4 address family on each
1.Connect PE1 and PE2 to different CEs that belong to
PE.
VPN instance vpna.
5.Configure a tunnel policy for the PEs to preferentially
2.Deploy L3VPN service recursion to SR-MPLS BE
select SR LSPs.
tunnel on the backbone network so that CE1 and
6.Verify the configuration.
CE2 can communicate through Loopback1.

91 Huawei Confidential
L3VPN over SR-MPLS BE (2)
AS
100
Loopback Loopback Loopback
0 0 0
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/ PE1 configurations are as follows: (P and PE2
PE vpna P vpna PE
32
10.0.12.0/24
32
10.0.23.0/24 .
32 configurations are not provided.)
1 . . . 2
1 2 2 3 [~PE1] ospf 1
10.0.14.0/ 10.0.35.0/ [*PE1-ospf-1] opaque-capability enable
[*PE1-ospf-1] quit
24 24
Loopback Loopback [~PE1] mpls lsr-id 10.0.1.1
1 1 [*PE1] mpls
10.1.4.4/3 10.1.5.5/3 [~PE1-mpls] quit
CE AS
2
AS
2
CE [~PE1] segment-routing
1 65000 65001 2 [*PE1-segment-routing] quit
Configuration roadmap: [*PE1] ospf 1
1.Configure interface IP addresses and OSPF. (Configuration [*PE1-ospf-1] segment-routing mpls
details are not provided.) [*PE1-ospf-1] segment-routing global-block 16000
2.Enable MPLS, configure SR, and establish SR LSPs on 23999
[*PE1-ospf-1] quit
the backbone network. [*PE1] interface loopback 0
Configure
3.Establish an MP-BGP peer relationship between PE1 and PE2. the same
[*PE1-LoopBack1] ospf prefix-sid index 1
4.Enable the VPN instance IPv4 address family on each PE. SRGB.
[*PE1-LoopBack1] quit
5.Configure a tunnel policy for the PEs to preferentially select [*PE1] commit
SR LSPs. P: index 2
6.Verify the configuration. PE2: index 3

92 Huawei Confidential
L3VPN over SR-MPLS BE (3)
AS PE1 configurations are as follows: (PE2 configurations
100
Loopback
Loopback
Loopback are not provided.)
0 0
VPN: 0 VPN: [~PE1] bgp 100
10.0.1.1/
PE P 10.0.3.3/
PE
vpna 10.0.2.2/ vpna [~PE1-bgp] peer 10.0.3.3 as-number 100
32 32
1 . 10.0.12.0/24 . 32 . 10.0.23.0/24 . 2 [*PE1-bgp] peer 10.0.3.3 connect-interface
1 2 2 3 loopback 0
10.0.14.0/ 10.0.35.0/ [*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 10.0.3.3 enable
24 24 [*PE1-bgp-af-vpnv4] commit
Loopback Loopback
1 1 [~PE1-bgp-af-vpnv4] quit
10.1.4.4/3 10.1.5.5/3 [~PE1-bgp] quit
CE AS AS CE
2 2 PE1 configurations are as follows: (PE2 configurations
1 65000 65001 2
Configuration roadmap: are not provided.)
1.Configure interface IP addresses and OSPF. (Configuration [~PE1] ip vpn-instance vpna
details are not provided.) [*PE1-vpn-instance-vpna] ipv4-family
2.Enable MPLS, configure SR, and establish SR LSPs on the [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher
backbone network. 100:1
3.Establish an MP-BGP peer relationship between PE1 [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1
both
and PE2.
[*PE1-vpn-instance-vpna-af-ipv4] quit
4.Enable the VPN instance IPv4 address family on each [*PE1-vpn-instance-vpna] quit
PE. [*PE1]bgp 100
5.Configure a tunnel policy for the PEs to preferentially select [*PE1-bgp]ipv4-family vpn-instance vpna
SR LSPs. [*PE1-bgp-vpna]peer 10.0.14.4 as-number 65000
6.Verify the configuration.
94 Huawei Confidential
L3VPN over SR-MPLS BE (4)
PE1 configurations are as follows: (PE2 configurations
AS are not provided.)
Loopback
100 Loopback Loopback
[~PE1] tunnel-policy p1
0 0 0
VPN: VPN: [*PE1-tunnel-policy-p1] tunnel select-seq sr-lsp load-balance-
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE
vpna vpna number 2
32 32 32
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2 [*PE1-tunnel-policy-p1] quit
1 2 2 3 [*PE1] commit
[~PE1] ip vpn-instance vpna
10.0.14.0/ 10.0.35.0/ [*PE1-vpn-instance-vpna] ipv4-family
24 24 [*PE1-vpn-instance-vpna-af-ipv4] tnl-policy p1
Loopback Loopback
[*PE1-vpn-instance-vpna-af-ipv4] quit
1 1
[*PE1-vpn-instance-vpna] quit
10.1.4.4/3 10.1.5.5/3
CE AS
2
AS
2
CE [*PE1] commit
1 65000 65001 2
Run the display tunnel-info all command on PE1 to
Configuration roadmap:
check SR LSP information.
1.Configure interface IP addresses and OSPF.
(Configuration details are not provided.) <PE1>display tunnel-info all
2.Enable MPLS, configure SR, and establish SR LSPs on Tunnel ID Type Destination
Status
the backbone network. -------------------------------------------------------------------------------
3.Establish an MP-BGP peer relationship between PE1 and 0x000000002900000042 srbe-lsp 10.0.3.3
PE2. UP
4.Enable the VPN instance IPv4 address family on each 0x000000002900000043 srbe-lsp 10.0.2.2
PE. ID of the tunnel to PE2
UP
5.Configure a tunnel policy for the PEs to
preferentially select SR LSPs.
6.Verify
95
the configuration.
Huawei Confidential
L3VPN over SR-MPLS BE (5)

AS
Loopback
100 Loopback Loopback Check VPNv4 routing information on PE1.
Loopback
0 0 0
0 <PE1>display bgp vpnv4 all routing-table 10.1.5.5
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE
10.0.3.3/
vpna vpna
32 32 32 BGP local router ID : 10.0.1.1
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
32
Local AS number : 100
1 2 2 3
10.0.14.0/ 10.0.35.0/ Total routes of Route Distinguisher(100:1): 1
24 24 BGP routing table entry information of 10.1.5.5/32:
Loopback Loopback Label information (Received/Applied): 48122/NULL
1 1 From: 10.0.3.3 (10.0.3.3)
10.1.4.4/3 10.1.5.5/3 Route Duration: 0d00h39m18s
CE AS
2
AS CE
2
65000 65001 Relay IP Nexthop: 10.0.12.2
1 2
Configuration roadmap: Relay IP Out-Interface: GigabitEthernet0/3/1
1.Configure interface IP addresses and OSPF. Relay Tunnel Out-Interface: GigabitEthernet0/3/1
Original nexthop: 10.0.3.3
(Configuration details are not provided.)
Qos information : 0x0
2.Enable MPLS, configure SR, and establish SR LSPs on Ext-Community: RT <111 : 1>
the backbone network. AS-path 65001, origin incomplete, MED 0, localpref 100, pref-val
3.Establish an MP-BGP peer relationship between PE1 and 0, valid, internal, best, select, pre 255, IGP cost 2
PE2. Not advertised to any peer yet
4.Enable the VPN instance IPv4 address family on each
PE. Label allocated by PE2 to 10.1.5.5/32
5.Configure a tunnel policy for the PEs to
preferentially select SR LSPs.
6.Verify the configuration.
96 Huawei Confidential
L3VPN over SR-MPLS BE (6)

AS Check vpna's routing information on PE1.

Loopback
100 Loopback Loopback
0 0 0 <PE1>display ip routing-table vpn-instance vpna 10.1.5.5
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/ verbose
PE vpna P vpna PE Route Flags: R - relay, D - download to fib, T - to vpn-instance
32 32 32
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2 ------------------------------------------------------------------------------
1 2 2 3 Routing Table : vpna
Summary Count : 1
10.0.14.0/ 10.0.35.0/
24 24 Destination: 10.1.5.5/32
Loopback Loopback
1 1 Protocol: IBGP Process ID: 0
10.1.4.4/3 10.1.5.5/3 Preference: 255 Cost: 0
CE AS
2
AS CE
2 NextHop: 10.0.3.3 Neighbour: 10.0.3.3
1 65000 650012 State: Active Adv Relied Age: 00h35m03s
Configuration roadmap:
Tag: 0 Priority: low
1.Configure interface IP addresses and OSPF. Label: 48122 QoSInfo: 0x0
(Configuration details are not provided.) IndirectID: 0x100013A Instance:
2.Enable MPLS, configure SR, and establish SR LSPs on the RelayNextHop: 10.0.12.2 Interface: GigabitEthernet0/3/1
backbone network. TunnelID: 0x000000002900000042 Flags: RD
3.Establish an MP-BGP peer relationship between PE1 and
PE2.
4.Enable the VPN instance IPv4 address family on each PE.
5.Configure a tunnel policy for the PEs to The VPNv4 label and SR LSP are
preferentially select SR LSPs. combined to guide packet forwarding.
6.Verify the configuration.

97 Huawei Confidential
L3VPN over SR-MPLS BE (7)

AS
Loopback Loopback Loopback Tracert the SR LSP on
100
0 0 0 PE1.
<PE1>tracert lsp segment-routing ip 10.0.3.3 32
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE LSP Trace Route FEC: SEGMENT ROUTING IPV4 PREFIX
vpna vpna
32 32 32 10.0.3.3/32 , press CTRL_C to break.
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
TTL Replier Time Type Downstream
1 2 2 3 0 Ingress 10.0.12.2/[16003 ]
10.0.14.0/ 10.0.35.0/ 1 10.0.12.2 8 ms Transit 10.0.23.3/[3 ]
24 24 2 10.0.3.3 9 ms Egress
Loopback Loopback
1 1
CE
10.1.4.4/3
AS
10.1.5.5/3
AS CE Question: How are the labels
2 2 computed?
1 65000 650012
Configuration roadmap:
1.Configure interface IP addresses and OSPF. Verify the configuration on CE1.
(Configuration details are not provided.)
<CE1>ping -a 10.1.4.4 10.1.5.5
2.Enable MPLS, configure SR, and establish SR LSPs on the PING 10.1.5.5: 56 data bytes, press CTRL_C to break
backbone network. Reply from 10.1.5.5: bytes=56 Sequence=1 ttl=254 time=1
3.Establish an MP-BGP peer relationship between PE1 and ms
PE2. Reply from 10.1.5.5: bytes=56 Sequence=2 ttl=254 time=1
4.Enable the VPN instance IPv4 address family on each PE. ms
Reply from 10.1.5.5: bytes=56 Sequence=3 ttl=254 time=1
5.Configure a tunnel policy for the PEs to
ms
preferentially select SR LSPs. Reply from 10.1.5.5: bytes=56 Sequence=4 ttl=254 time=1
6.Verify the configuration. ms
Reply from 10.1.5.5: bytes=56 Sequence=5 ttl=254 time=1
98 Huawei Confidential ms
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing
▫ SR-MPLS BE
 SR-MPLS TE
▫ SR-MPLS Policy
99 Huawei Confidential
L3VPN over SR-MPLS TE (1)

AS
Loopback
100 Loopback Loopback
0 0 0
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE vpna P vpna PE Configuration roadmap:
32 32 32
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
1 2 2 3 1.Configure interface IP addresses and OSPF.
10.0.14.0/ 10.0.35.0/ (Configuration details are not provided.)
24 24
Loopback Loopback 2.Enable MPLS, configure SR, and establish SR-MPLS TE
1 1
10.1.4.4/3 10.1.5.5/3 LSPs on the backbone network.
CE AS
2
AS
2
CE
1 65000 65001 2 3.Establish an MP-BGP peer relationship between PE1 and
Networking requirements: PE2.

1.Connect PE1 and PE2 to different CEs that belong to 4.Enable the VPN instance IPv4 address family on each

VPN instance vpna. PE.

5.Establish an MP-IBGP peer relationship between the
2.Deploy L3VPN service recursion to SR-MPLS TE
PEs.
tunnel on the backbone network so that CE1 and
6.Configure a tunnel policy for the PEs to preferentially
CE2 can communicate through Loopback1.
select SR-MPLS TE LSPs.
7.Verify the configuration.
100 Huawei Confidential
L3VPN over SR-MPLS TE (2)

AS Configure basic SR-MPLS TE functions. PE1

Loopback
100 Loopback Loopback configurations are as follows: (P and PE2
0 0 0 configurations are not provided.)
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE
vpna vpna
32 32 32 [~PE1] mpls lsr-id 10.0.1.1
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
[*PE1] mpls
1 2 2 3
[*PE1-mpls] mpls te
10.0.14.0/ 10.0.35.0/ [*PE1-mpls] quit
24 24 [~PE1] segment-routing
Loopback Loopback [*PE1-segment-routing] quit
1 1 [~PE1] ospf 1
10.1.4.4/3 10.1.5.5/3 [*PE1-ospf-1] opaque-capability enable
CE AS
2
AS
2
CE
1 65000 65001 2 [*PE1-ospf-1] segment-routing mpls
Configuration roadmap: [*PE1-ospf-1] segment-routing global-block 16000
1.Configure interface IP addresses and OSPF. (Configuration details are 23999
[*PE1-ospf-1] area 0
not provided.) [*PE1-ospf-1-area-0.0.0.0] mpls-te enable
2.Enable MPLS, configure SR, and establish SR-MPLS TE LSPs on [*PE1-ospf-1-area-0.0.0.0] quit
the backbone network. [*PE1] interface loopback 0
3.Establish an MP-BGP peer relationship between PE1 and PE2. [*PE1-LoopBack1] ospf prefix-sid index 1
4.Enable the VPN instance IPv4 address family on each PE. [*PE1-LoopBack1] quit
5.Establish an MP-IBGP peer relationship between the PEs.
6.Configure a tunnel policy for the PEs to preferentially select SR-MPLS
TE LSPs.
7.Verify the configuration.
101 Huawei Confidential
L3VPN over SR-MPLS TE (3)

AS Configure an SR-MPLS TE explicit path. PE1

Loopback
100 Loopback Loopback configurations are as follows: (P and PE2
0 0 0
VPN: VPN: configurations are not provided.)
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE
32 vpna 32 vpna 32
1 10.0.12.0/24 10.0.23.0/24 . 2 [~PE1]explicit-path te1
. . .
[*PE1-explicit-path-te1]next sid label 16002 type
1 2 2 3 prefix
10.0.14.0/ 10.0.35.0/ [*PE1-explicit-path-te1]next sid label 16003 type
24 24 prefix
Loopback Loopback [*PE1-explicit-path-te1]commit
1 1
Configure an SR-MPLS TE tunnel interface. PE1
10.1.4.4/3 10.1.5.5/3 configurations are as follows: (PE2
CE AS
2
AS
2
CE configurations are not provided.)
1 65000 65001 2
Configuration roadmap: [*PE1] interface tunnel1
1.Configure interface IP addresses and OSPF. [*PE1-Tunnel1] ip address unnumbered interface
(Configuration details are not provided.) LoopBack1
2.Enable MPLS, configure SR, and establish SR- [*PE1-Tunnel1] tunnel-protocol mpls te
MPLS TE LSPs on the backbone network. [*PE1-Tunnel1] destination 10.0.3.3
3.Establish an MP-BGP peer relationship between PE1 and [*PE1-Tunnel1] mpls te tunnel-id 1
[*PE1-Tunnel1] mpls te signal-protocol segment-routing
PE2. [*PE1-Tunnel1] mpls te path explicit-path te1
4.Enable the VPN instance IPv4 address family on each [*PE1-Tunnel1] commit
PE. [~PE1-Tunnel1] quit
5.Establish an MP-IBGP peer relationship between the
PEs.
6.Configure a tunnel policy for the PEs to preferentially
select
103 SR-MPLS
Huawei TE LSPs.
Confidential
7.Verify the configuration.
L3VPN over SR-MPLS TE (4)

AS PE1 configurations are as follows: (PE2

Loopback
100 Loopback Loopback configurations are not provided.)
0 0 0
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE P PE [~PE1] bgp 100
32 vpna 32 vpna 32
1 10.0.12.0/24 10.0.23.0/24 . 2 [~PE1-bgp] peer 10.0.3.3 as-number 100
. . .
[*PE1-bgp] peer 10.0.3.3 connect-interface
1 2 2 3 loopback 0
10.0.14.0/ 10.0.35.0/ [*PE1-bgp] ipv4-family vpnv4
24 24 [*PE1-bgp-af-vpnv4] peer 10.0.3.3 enable
Loopback Loopback [*PE1-bgp-af-vpnv4] commit
1 1 [~PE1-bgp-af-vpnv4] quit
10.1.4.4/3 10.1.5.5/3 [~PE1-bgp] quit
CE AS
2
AS
2
CE
1 65000 65001 2 PE1 configurations are as follows: (PE2
Configuration roadmap:
configurations are not provided.)
1.Configure interface IP addresses and OSPF. (Configuration
details are not provided.) [~PE1] ip vpn-instance vpna
2.Enable MPLS, configure SR, and establish SR-MPLS TE LSPs [*PE1-vpn-instance-vpna] ipv4-family
on the backbone network. [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher
100:1
3.Establish an MP-BGP peer relationship between PE1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1
and PE2. both
4.Enable the VPN instance IPv4 address family on [*PE1-vpn-instance-vpna-af-ipv4] quit
each PE. [*PE1-vpn-instance-vpna] quit
5.Establish an MP-IBGP peer relationship between the [*PE1]bgp 100
PEs. [*PE1-bgp]ipv4-family vpn-instance vpna
[*PE1-bgp-vpna]peer 10.0.14.4 as-number 65000
6.Configure a tunnel policy for the PEs to preferentially select
SR-MPLS
105 TEConfidential
Huawei LSPs.
7.Verify the configuration.
L3VPN over SR-MPLS TE (5)
PE1 configurations are as follows: (PE2
AS
Loopback Loopback Loopback configurations are not provided.)
100
0 0 0 [~PE1] tunnel-policy p2
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE [*PE1-tunnel-policy-p2] tunnel select-seq sr-te load-balance-
vpna vpna
32
1 10.0.12.0/24 32 10.0.23.0/24 . 32
2 number 1
. . .
[*PE1-tunnel-policy-p2] quit
1 2 2 3
[*PE1] commit
10.0.14.0/ 10.0.35.0/ [~PE1] ip vpn-instance vpna
24 24 [*PE1-vpn-instance-vpna] ipv4-family
Loopback Loopback
[*PE1-vpn-instance-vpna-af-ipv4] tnl-policy p2
1 1
[*PE1-vpn-instance-vpna-af-ipv4] quit
10.1.4.4/3 10.1.5.5/3
CE AS
2
AS
2
CE [*PE1-vpn-instance-vpna] quit
1 65000 65001 2 [*PE1] commit
Configuration roadmap: Run the display tunnel-info all command on PE1 to
1.Configure interface IP addresses and OSPF. check SR LSP information.
(Configuration details are not provided.)
2.Enable MPLS, configure SR, and establish SR-MPLS TE Tunnel ID Type Destination
Status
LSPs on the backbone network. -----------------------------------------------------------------------------------
3.Establish an MP-BGP peer relationship between PE1 and 0x000000000300000001 sr-te 10.0.3.3
PE2. UP
4.Enable the VPN instance IPv4 address family on each 0x000000002900000042 srbe-lsp 10.0.3.3
PE. UP
5.Establish an MP-IBGP peer relationship between the ID of the SR-TE tunnel to
0x000000002900000043 PE2
srbe-lsp 10.0.2.2
UP
PEs.
6.Configure a tunnel policy for the PEs to
preferentially
106 select SR-MPLS TE LSPs.
Huawei Confidential
7.Verify the configuration.
L3VPN over SR-MPLS TE (6)

AS
Loopback Loopback Loopback
Check vpna's routing information on PE1.
100
0 0 0 [~PE1]display ip routing-table vpn-instance vpna 10.1.5.5
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE vpna P vpna PE verbose
32 32 32 Route Flags: R - relay, D - download to fib, T - to vpn-instance, B -
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
black hole route
1 2 2 3
------------------------------------------------------------------------------
10.0.14.0/ 10.0.35.0/ Routing Table : vpna
24 24 Summary Count : 1
Loopback Loopback
1 1 Destination: 10.1.5.5/32
10.1.4.4/3 10.1.5.5/3
CE AS
2
AS
2
CE Protocol: IBGP Process ID: 0
1 65000 65001 2 Preference: 255 Cost: 0
Configuration roadmap: NextHop: 10.0.3.3 Neighbour: 10.0.3.3
1.Configure interface IP addresses and OSPF. State: Active Adv Relied Age: 00h04m18s
(Configuration details are not provided.) Tag: 0 Priority: low
2.Enable MPLS, configure SR, and establish SR-MPLS TE Label: 48122 QoSInfo: 0x0
LSPs on the backbone network. IndirectID: 0x100013D Instance:
RelayNextHop: 0.0.0.0 Interface: Tunnel1
3.Establish an MP-BGP peer relationship between PE1 and
TunnelID: 0x000000000300000001 Flags: RD
PE2.
4.Enable the VPN instance IPv4 address family on each The VPNv4 label and SR TE LSP are combined to
PE. guide packet forwarding.
5.Establish an MP-IBGP peer relationship between the
PEs.
6.Configure a tunnel policy for the PEs to preferentially
select
107 SR-MPLS
Huawei TE LSPs.
Confidential
7.Verify the configuration.
L3VPN over SR-MPLS TE (7)

AS
Loopback
100 Loopback Loopback Tracert the SR LSP on
0 0 0 PE1.
<PE1>tracert lsp segment-routing te Tunnel 1
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE P PE LSP Trace Route FEC: SEGMENT ROUTING TE TUNNEL IPV4
32 vpna 32 vpna 32 SESSION QUERY Tunnel1 , press CTRL_C to break.
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
TTL Replier Time Type Downstream
1 2 2 3 0 Ingress 10.0.12.2/[16003 ]
10.0.14.0/ 10.0.35.0/ 1 10.0.12.2 21 ms Transit 10.0.23.3/[3 ]
24 24 2 10.0.3.3 9 ms Egress
Loopback Loopback
1 1
CE
10.1.4.4/3
AS
10.1.5.5/3
AS CE Question: How are the labels
2 2 computed?
1 65000 65001 2
Configuration roadmap:
1.Configure interface IP addresses and OSPF. Verify the configuration on CE1.
(Configuration details are not provided.)
2.Enable MPLS, configure SR, and establish SR-MPLS TE <CE1>ping -a 10.1.4.4 10.1.5.5
PING 10.1.5.5: 56 data bytes, press CTRL_C to break
LSPs on the backbone network. Reply from 10.1.5.5: bytes=56 Sequence=1 ttl=254 time=1
3.Establish an MP-BGP peer relationship between PE1 and ms
PE2. Reply from 10.1.5.5: bytes=56 Sequence=2 ttl=254 time=1
4.Enable the VPN instance IPv4 address family on each ms
PE. Reply from 10.1.5.5: bytes=56 Sequence=3 ttl=254 time=1
ms
5.Establish an MP-IBGP peer relationship between the
Reply from 10.1.5.5: bytes=56 Sequence=4 ttl=254 time=1
PEs. ms
6.Configure a tunnel policy for the PEs to preferentially Reply from 10.1.5.5: bytes=56 Sequence=5 ttl=254 time=1
select
108 SR-MPLS
Huawei TE LSPs.
Confidential ms
7.Verify the configuration.
 Contents

1. Segment Routing Overview

2. Segment Routing Fundamentals
3. Segment Routing Tunnel Protection and Detection Technologies
4. Typical Usage Scenarios of Segment Routing
5. Basic Configurations of Segment Routing
▫ SR-MPLS BE

▫ SR-MPLS TE
 SR-MPLS Policy
109 Huawei Confidential
L3VPN over Static SR-MPLS Policy (1)
AS
Loopback
100 Loopback Loopback
0 0 0
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/
PE vpna P vpna PE
32 32 32 Configuration roadmap:
1 . 10.0.12.0/24 . . 10.0.23.0/24 . 2
1 2 2 3 1.Configure interface IP addresses and OSPF.
10.0.14.0/ 10.0.35.0/ (Configuration details are not provided.)
24 24
Loopback Loopback 2.Enable MPLS and configure an SR-MPLS Policy on the
1 1
10.1.4.4/3 10.1.5.5/3 backbone network.
CE AS
2
AS
2
CE
1 65000 65001 2 3.Establish an MP-BGP peer relationship between PE1 and
Networking requirements: PE2.

1.Connect PE1 and PE2 to different CEs that belong to 4.Enable the VPN instance IPv4 address family on each

VPN instance vpna. PE.

5.Configure the color attribute for routes on the PEs and
2.Deploy L3VPN service recursion to static SR-MPLS
enable the PEs to exchange routing information.
Policy on the backbone network so that CE1 and CE2
6.Configure a tunnel policy on the PEs.
can communicate through Loopback1.
7.Verify the configuration.

110 Huawei Confidential

L3VPN over Static SR-MPLS Policy (2)

AS Configure basic SR-MPLS functions. PE1 configurations

Loopback
100 Loopback Loopback are as follows: (P and PE2 configurations are not
0 0 0 provided.)
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/ [~PE1] mpls lsr-id 10.0.1.1
PE vpna P vpna PE [*PE1] mpls
32 33001 33002 32 33002 33003 32
1 2 [*PE1-mpls] mpls te
2 1 3 2 [*PE1-mpls] quit
[~PE1] segment-routing
10.0.14.0/ 10.0.35.0/ [*PE1-segment-routing] ipv4 adjacency local-ip-addr 10.0.12.1
24 24 remote-
Loopback Loopback
1 1 ip-addr 10.0.12.2 sid 330012
10.1.4.4/3 10.1.5.5/3 [*PE1-segment-routing] quit
CE AS
2
AS
2
CE [~PE1] ospf 1
1 65000 65001 2 [*PE1-ospf-1] opaque-capability enable
Configuration roadmap:
[*PE1-ospf-1] segment-routing mpls
1.Configure interface IP addresses and OSPF. [*PE1-ospf-1] segment-routing global-block 16000 23999
(Configuration details are not provided.) [*PE1-ospf-1-area-0.0.0.0] quit
2.Enable MPLS and configure an SR-MPLS Policy on [*PE1] interface loopback 0
the backbone network. [*PE1-LoopBack1] ospf prefix-sid index 1
3.Establish an MP-BGP peer relationship between PE1 and [*PE1-LoopBack1] quit
PE2. In scenarios where SR-MPLS Policies are statically
4.Enable the VPN instance IPv4 address family on each configured, you are advised to use statically
PE. configured adjacency SIDs.
5.Configure the color attribute for routes on the PEs and
enable the PEs to exchange routing information.
6.Configure a tunnel policy on the PEs.
7.Verify
111 the configuration.
Huawei Confidential
L3VPN over Static SR-MPLS Policy (3)
Configure basic SR-MPLS functions. PE1 configurations
AS
Loopback
100 Loopback Loopback are as follows: (P and PE2 configurations are not
0 0 0 provided.)
10.0.1.1/ VPN: 10.0.2.2/ VPN: 10.0.3.3/ [~PE1] mpls lsr-id 10.0.1.1
PE vpna P vpna PE [*PE1] mpls
32 33001 33002 32 33002 33003 32
1 2 [*PE1-mpls] mpls te
2 1 3 2 [*PE1-mpls] quit
[~PE1] segment-routing
10.0.14.0/ 10.0.35.0/ [*PE1-segment-routing] ipv4 adjacency local-ip-addr 10.0.12.1
24 24 remote-
Loopback Loopback
1 1 ip-addr 10.0.12.2 sid 330012
10.1.4.4/3 10.1.5.5/3 [*PE1-segment-routing] quit
CE AS
2
AS
2
CE [~PE1] ospf 1
1 65000 65001 2 [*PE1-ospf-1] opaque-capability enable
Configuration roadmap:
[*PE1-ospf-1] segment-routing mpls
1.Configure interface IP addresses and OSPF.
[*PE1-ospf-1] segment-routing global-block 16000 23999
(Configuration details are not provided.) [*PE1-ospf-1-area-0.0.0.0] quit
2.Enable MPLS and configure an SR-MPLS Policy on [*PE1] interface loopback 0
the backbone network. [*PE1-LoopBack1] ospf prefix-sid index 1
3.Establish an MP-BGP peer relationship between PE1 and [*PE1-LoopBack1] quit
PE2. In scenarios where SR-MPLS Policies are statically
4.Enable the VPN instance IPv4 address family on each configured, you are advised to use statically
PE. configured adjacency SIDs.
5.Configure the color attribute for routes on the PEs and
enable the PEs to exchange routing information.
6.Configure a tunnel policy on the PEs.
7.Verify
112 the configuration.
Huawei Confidential
L3VPN over Static SR-MPLS Policy (4)

AS Configure an SR-MPLS Policy. PE1 configurations are

Loopback
100 Loopback Loopback as follows: (P and PE2 configurations are not
0 0 0 provided.)
VPN: VPN: [~PE1] segment-routing
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE
vpna vpna [~PE1-segment-routing] segment-list pe1
32 33001 33002 32 33002 33003 32
1 2 [*PE1-segment-routing-segment-list-pe1] index 10 sid label 330012
2 1 3 2 [*PE1-segment-routing-segment-list-pe1] index 20 sid label 330023
[*PE1-segment-routing-segment-list-pe1] quit
10.0.14.0/ 10.0.35.0/ [*PE1-segment-routing] sr-te policy policy100 endpoint 10.0.3.3
24 24 color 100
Loopback Loopback
1 1 [*PE1-segment-routing-te-policy-policy100] binding-sid 115
10.1.4.4/3 10.1.5.5/3 [*PE1-segment-routing-te-policy-policy100] mtu 1000
CE AS
2
AS
2
CE [*PE1-segment-routing-te-policy-policy100] candidate-path
1 65000 65001 2 preference 200
Configuration roadmap:
[*PE1-segment-routing-te-policy-policy100-path] segment-list pe1
1.Configure interface IP addresses and OSPF.
[*PE1-segment-routing-te-policy-policy100-path] quit
(Configuration details are not provided.) [*PE1-segment-routing-te-policy-policy100] quit
2.Enable MPLS and configure an SR-MPLS Policy on [*PE1-segment-routing] quit
the backbone network. [*PE1] commit
3.Establish an MP-BGP peer relationship between PE1 and
PE2. Configure a destination address and
4.Enable the VPN instance IPv4 address family on each color for the SR-MPLS Policy.
PE.
5.Configure the color attribute for routes on the PEs and
enable the PEs to exchange routing information.
6.Configure a tunnel policy on the PEs.
7.Verify
113 the configuration.
Huawei Confidential
L3VPN over Static SR-MPLS Policy (5)
PE1 configurations are as follows: (PE2
AS configurations are not provided.)
Loopback
100 Loopback Loopback
0 0 0 [~PE1] ip vpn-instance vpna
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE [*PE1-vpn-instance-vpna] ipv4-family
vpna vpna
32 33001 33002 32 33002 33003 32 [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
1 2
2 1 3 2 [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1] interface loopback1
10.0.14.0/ 10.0.35.0/ [*PE1-LoopBack1] ip binding vpn-instance vpna
24 24 [*PE1-LoopBack1] ip address 10.1.4.4 24
Loopback Loopback [*PE1-LoopBack1] quit
1 1 [~PE1] route-policy color100 permit node 1
10.1.4.4/3 10.1.5.5/3 [*PE1-route-policy] apply extcommunity color 0:100
CE AS
2
AS
2
CE
65000 65001 [~PE1] bgp 100
1
Configuration roadmap: 2
[~PE1-bgp] peer 10.0.3.3 as-number 100
1.Configure interface IP addresses and OSPF. (Configuration [*PE1-bgp] peer 10.0.3.3 connect-interface loopback 0
details are not provided.) [*PE1-bgp] ipv4-family vpnv4
2.Enable MPLS and configure an SR-MPLS Policy on the [*PE1-bgp-af-vpnv4] peer 10.0.3.3 enable
[*PE1-bgp-af-vpnv4] peer 10.0.3.3 route-policy color100
backbone network.
import
3.Establish an MP-BGP peer relationship between PE1 [~PE1-bgp-af-vpnv4] quit
and PE2. [*PE1-bgp]ipv4-family vpn-instance vpna
4.Enable the VPN instance IPv4 address family on [*PE1-bgp-vpna]import-route direct
each PE. [*PE1-bgp-vpna]commit
5.Configure the color attribute for routes on the PEs
and enable the PEs to exchange routing information. Add the color attribute to the received
6.Configure a tunnel policy on the PEs. route.
7.Verify
115 the configuration.
Huawei Confidential
L3VPN over Static SR-MPLS Policy (6)
PE1 configurations are as follows: (PE2
configurations are not provided.)
AS
Loopback
100 Loopback Loopback [~PE1] tunnel-policy p3
0 0 0 [*PE1-tunnel-policy-p3] tunnel select-seq sr-te-policy load-
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE balance-
vpna vpna
32 33001 33002 32 33002 33003 32 number 1 unmix
1 2
2 1 3 2 [*PE1-tunnel-policy-p3] quit
[*PE1] commit
10.0.14.0/ 10.0.35.0/ [~PE1] ip vpn-instance vpna
24 24 [*PE1-vpn-instance-vpna] ipv4-family
Loopback Loopback [*PE1-vpn-instance-vpna-af-ipv4] tnl-policy p3
1 1 [*PE1-vpn-instance-vpna-af-ipv4] quit
10.1.4.4/3 10.1.5.5/3 [*PE1-vpn-instance-vpna] quit
CE AS
2
AS
2
CE
1 65000 65001 2 [*PE1] commit
Configuration roadmap: Run the display tunnel-info all command on PE1 to
1.Configure interface IP addresses and OSPF. check SR LSP information.
(Configuration details are not provided.)
<PE1>display tunnel-info all
2.Enable MPLS and configure an SR-MPLS Policy on the Tunnel ID Type Destination
backbone network. Status
3.Establish an MP-BGP peer relationship between PE1 and -------------------------------------------------------------------------------
PE2. 0x000000000300000001 sr-te 10.0.3.3
4.Enable the VPN instance IPv4 address family on each UP
PE. 0x000000002900000042 srbe-lsp 10.0.3.3
UP
5.Configure the color attribute for routes on the PEs and 0x000000002900000043 srbe-lsp 10.0.2.2
enable the PEs to exchange routing information. Tunnel
UP
ID of the SR-TE Policy destined for
6.Configure a tunnel policy on the PEs. PE2
0x000000003200000001 srtepolicy 10.0.3.3
7.Verify
117 theConfidential
Huawei configuration. UP
L3VPN over Static SR-MPLS Policy (7)

AS Check vpna's routing information on PE1.

Loopback
100 Loopback Loopback
0 0 0 [~PE1]display ip routing-table vpn-instance vpna 10.1.5.5
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE verbose
vpna vpna
32 33001 33002 32 33002 33003 32 Route Flags: R - relay, D - download to fib, T - to vpn-instance, B -
1 2
2 1 3 2 black hole route
------------------------------------------------------------------------------
10.0.14.0/ 10.0.35.0/ Routing Table : vpna
24 24 Summary Count : 1
Loopback Loopback
1 1 Destination: 10.1.5.5/32
10.1.4.4/3 10.1.5.5/3 Protocol: IBGP Process ID: 0
CE AS
2
AS
2
CE
65000 65001 Preference: 255 Cost: 0
1
Configuration roadmap: 2
NextHop: 10.0.3.3 Neighbour: 10.0.3.3
1.Configure interface IP addresses and OSPF. State: Active Adv Relied Age: 00h01m04s
(Configuration details are not provided.) Tag: 0 Priority: low
2.Enable MPLS and configure an SR-MPLS Policy on the Label: 48122 QoSInfo: 0x0
IndirectID: 0x100013F Instance:
backbone network.
RelayNextHop: 0.0.0.0 Interface: policy100
3.Establish an MP-BGP peer relationship between PE1 and TunnelID: 0x000000003200000001 Flags: RD
PE2.
4.Enable the VPN instance IPv4 address family on each The VPNv4 label and SR-TE Policy LSP are combined
PE. to guide packet forwarding.
5.Configure the color attribute for routes on the PEs and
enable the PEs to exchange routing information.
6.Configure a tunnel policy on the PEs.
7.Verify
118 theConfidential
Huawei configuration.
L3VPN over Static SR-MPLS Policy (8)

AS Tracert the SR LSP on

Loopback
100 Loopback Loopback
0 0 0 PE1.
<PE1>tracert lsp sr-te policy endpoint-ip 10.0.3.3 color 100
VPN: VPN:
10.0.1.1/
PE 10.0.2.2/
P 10.0.3.3/
PE sr-te policy's segment list:
vpna vpna
32 33001 33002 32 33002 33003 32 Preference: 200; Path Type: primary; Protocol-Origin: local;
1 2
2 1 3 2 Originator: 0, 0.0.0.0; Discriminator: 200; Segment-List ID: 65;
Xcindex: 2000065
10.0.14.0/ 10.0.35.0/ TTL Replier Time Type Downstream
24 24 0 Ingress 10.0.12.2/[330023 ]
Loopback Loopback 1 10.0.12.2 24 ms Transit 10.0.23.3/[3 ]
1 1 2 10.0.3.3 113 ms Egress
10.1.4.4/3 10.1.5.5/3 Question: How are the labels
CE AS
2
AS
2
CE
1 65000
Configuration roadmap:
65001 2 computed?
1.Configure interface IP addresses and OSPF. Verify the configuration on CE1.
(Configuration details are not provided.)
2.Enable MPLS and configure an SR-MPLS Policy on the <CE1>ping -a 10.1.4.4 10.1.5.5
PING 10.1.5.5: 56 data bytes, press CTRL_C to break
backbone network. Reply from 10.1.5.5: bytes=56 Sequence=1 ttl=254 time=1
3.Establish an MP-BGP peer relationship between PE1 and ms
PE2. Reply from 10.1.5.5: bytes=56 Sequence=2 ttl=254 time=1
4.Enable the VPN instance IPv4 address family on each ms
PE. Reply from 10.1.5.5: bytes=56 Sequence=3 ttl=254 time=1
5.Configure the color attribute for routes on the PEs and ms
Reply from 10.1.5.5: bytes=56 Sequence=4 ttl=254 time=1
enable the PEs to exchange routing information. ms
6.Configure a tunnel policy on the PEs. Reply from 10.1.5.5: bytes=56 Sequence=5 ttl=254 time=1
7.Verify
119 theConfidential
Huawei configuration. ms
 Quiz
1. (Single-answer question) Which of the following types of LSAs is used by OSPF to carry node IDs? ( )
A. Type 1

B. Type 2

C. Type 7

D. Type 10

2. (Multiple-answer question) Which of the following ports are used by SBFD packets by default? ( )
A. 4784

B. 3784

C. 6784

D. 7784

120 Huawei Confidential

 Summary

SR is designed to forward data packets on a network using the source routing model. Compared with LDP
and RSVP-TE, SR-MPLS simplifies the control plane of an MPLS network, enabling information such as labels
to be carried only through IGP extensions. It provides higher scalability, freeing transit nodes from
maintaining path information. The packet forwarding path can be controlled only by using the ingress. In
addition, SR-MPLS can work with the centralized path computation module to flexibly and easily control and
adjust paths, achieving smoother evolution to SDN.

SR-MPLS supports three types of LSPs: SR-MPLS BE, SR-MPLS TE, and SR-MPLS Policy. SR-MPLS provides
multiple detection and protection mechanisms for these different LSPs, such as TI-LFA FRR, anycast FRR,
hot standby, VPN FRR, microloop avoidance, BFD, and SBFD.

SR-MPLS supports both traditional and SDN networks, is compatible with existing devices, and supports
multiple scenarios such as inter-AS interconnection. To facilitate understanding, this course provides
examples for configuring SR-MPLS using commands. In the following courses, we will introduce how to use
the controller to configure SR-MPLS.

121 Huawei Confidential

Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.