Service Mapping for Segment Routing

OcNOS SP : Segment Routing Guide : Segment Routing Configuration : Service Mapping for Segment Routing

Overview

Segment Routing (SR) Service Mapping feature enables dynamic traffic steering by leveraging both native Segment Routing FTN and SR policies. This approach allows different services to reach the same destination while following distinct routing paths optimized for performance, reliability, and scalability.

The need for SR Service Mapping arises when multiple services require tailored routing strategies. While native SR FTN provides a straightforward label-based forwarding mechanism, SR policies introduce enhanced traffic engineering capabilities such as:

• Path Optimization – Selecting the most efficient path based on network conditions.

• Load Balancing – Distributing traffic across multiple paths to prevent congestion.

• Redundancy and Fail-over – Ensuring service continuity in case of link failures.

SR Service Mapping operates through two primary mechanisms:

Native SR FTN:

• Standard SR labels are mapped directly to the forwarding table for default or simple routing paths.

• Traffic follows IGP-calculated shortest paths without additional policies.

SR Policy:

• Custom traffic engineering rules dictate how specific traffic types are routed.

• Enables fine-grained path selection, ensuring latency-sensitive or high-priority services take the most optimized routes.

This dual mechanism provides granular control over network traffic, allowing service providers to allocate network resources efficiently.

Feature Characteristics

The main characteristics of SR Mapping are as follows:

• Flexible Routing Control: Supports both default SR FTN and policy-based routing for differentiated services.

• Traffic Engineering Optimization: Ensures efficient bandwidth utilization with automated path computation.

• Scalability: Works seamlessly with MPLS services, EVPN, and Segment Routing-MPLS (SR-MPLS).

• High Availability & Redundancy: Supports fast reroute mechanisms for seamless failover.

• Interoperability: Fully integrates with existing SR and MPLS architectures.

Benefits

The key benefits of SR Mapping are as follows:

• Optimized Traffic Flow – Routes services based on priority, latency, and bandwidth needs.

• Improved Network Efficiency – Minimizes congestion and enhances overall network performance.

• Simplified Operations – Reduces complexity by leveraging a unified SR-based framework.

• High Availability – Provides redundancy through SR policies, ensuring uninterrupted service.

Prerequisites

The SR Mapping feature can be enabled on the following devices:

• OcNOS devices that support ISIS/OSPF Segment Routing.

• OcNOS devices that support MPLS services such as VPLS,VPWS,L3VPN,6PE,6VPE and EVPN (ELINE,ELAN,ETREE).

Configuration

The following configuration enables with SR service mapping.

Topology

This topology represents a basic SR Service Mapping topology:

SRv4 with ISIS Topology

• Provider Edge Router 1 (PE1): Ingress SR router, maps services to SR Policies.

• Core Router (P1): Transit SR router, forwards based on ISIS-SR advertisements.

• Provider Edge Router 2 (PE2): Egress SR router, handles service termination.

Traffic Flow:

• Traffic enters PE1 (ingress).

• PE1 maps services to an SR policy (TE path or native SR forwarding) or vice versa.

• The traffic traverses P1 (core router).

• PE2 (egress) receives the mapped traffic and forwards it accordingly.

To configure SR Mapping functionality on PE nodes with ISIS, follow the steps mentioned below:

1. Configure Loopback for SR.

1. Assign a loopback IP and enable IS-IS for routing

2. Configure Prefix-SID for Segment Routing.

PE1(config)# interface lo

PE1(config-if)# ip address 1.1.1.1/32 secondary

PE1(config-if)# ip router isis 1

PE1(config-if)# prefix-sid index 1 no-php

PE1(config-if)# exit

PE1(config)# commit.

2. Assign IP address and enable IS-IS and MPLS on the interface:

PE1(config)# interface xe9

PE1(config-if)# ip address 10.1.1.1/30

PE1(config-if)# ip router isis 1

PE1(config-if)# label-switching

PE1(config-if)# commit

3. Enable IS-IS as the IGP and configure it to support Segment Routing MPLS.

PE1(config)# router isis 1

PE1(config-router)# metric-style wide

PE1(config-router)# is-type level-1-2

PE1(config-router)# net 49.0000.0100.0000.1001.00

PE1(config-router)# mpls traffic-eng level-1

PE1(config-router)# mpls traffic-eng level-2

PE1(config-router)# dynamic-hostname

PE1(config-router)# capability cspf

PE1(config-router)# isis segment-routing global block 16000 23999

PE1(config-router)# segment-routing mpls

PE1(config-router)# commit

4. Enable Segment Routing Traffic Engineering and define Policy for Service Mapping, and use IS-IS for path computation.

PE1(config)#segment-routing

PE1(config-sr)#traffic-engineering

PE1(config-sr-te)#policy P1

PE1(config-sr-pol)#color 1 end-point 3.3.3.3

PE1(config-sr-pol)#candidate-path 1

PE1(config-sr-pol-cp)#dynamic-path isis 1

PE1(config-sr-pol-cp)#commit

PE1(config-sr-pol-cp)#end

5. Enable EVPN VRF over MPLS and configure VTEP IP for service mapping.

PE1(config)#mac vrf evpn1

PE1(config-vrf)#rd 1:1

PE1(config-vrf)#route-target both 1:1

PE1(config-vrf)#commit

PE1(config-vrf)#end

PE1(config)#evpn mpls enable

PE1(config)#evpn mpls vtep-ip-global 1.1.1.1

PE1(config)#evpn mpls id 1

PE1(config-evpn-mpls)#host-reachability-protocol evpn-bgp evpn1

PE1(config-evpn-mpls)#exit

6. Enable BGP EVPN for service mapping.

PE1(config)#router bgp 65010

PE1(config-router)#neighbor 3.3.3.3 remote-as 65010

PE1(config-router)#neighbor 3.3.3.3 update-source lo

PE1(config-router)#address-family l2vpn evpn

PE1(config-router-af)#neighbor 3.3.3.3 activate

PE1(config-router-af)#commit

PE1(config-router-af)#end

Note: Ensure EVPN routes are exchanged between PE1 and PE2.

7. Configure Access Interface for EVPN

PE1(config)#interface xe2.1 switchport

PE1(config-if)#encapsulation dot1q 10

PE1(config-if)#access-if-evpn

PE1(config-acc-if-evpn)#map vpn-id 1

PE1(config-acc-if-evpn)#commit

8. Define Tunnel Selection Policy for SR services.

PE1(config)#tunnel-policy 1

PE1(config-tnl-policy)#color 1

PE1(config-tnl-policy)#commit

PE1(config-tnl-policy)#end

9. Bind Tunnel Policy to EVPN MPLS or other services like vrf

PE1(config)#evpn mpls id 1

PE1(config-evpn-mpls)#tunnel-select-policy 1

PE1(config-evpn-mpls)#commit

PE1(config-evpn-mpls)#end

PE1(config)#mac vrf evpn1

PE1(config-vrf)#tunnel-select-policy 1

PE1(config-vrf)#commit

Configuration Snapshot

PE1

feature netconf-ssh vrf management

feature netconf-tls vrf management

no feature netconf-ssh

no feature netconf-tls

service password-encryption

snmp-server enable traps link linkDown

snmp-server enable traps link linkUp

hardware-profile statistics voq-full-color enable

hardware-profile statistics cfm-ccm enable

qos enable

hostname PE1

no ip domain-lookup

ip domain-lookup vrf management

tfo Disable

errdisable cause stp-bpdu-guard

no feature telnet vrf management

no feature telnet

feature ssh vrf management

no feature ssh

feature dns relay

ip dns relay

ipv6 dns relay

feature ntp vrf management

ntp enable vrf management

evpn mpls enable

tunnel-policy 1

color 1

ip vrf management

mac vrf evpn1

rd 1:1

route-target both 1:1

evpn mpls vtep-ip-global 1.1.1.1

evpn mpls id 1

host-reachability-protocol evpn-bgp evpn1

tunnel-select-policy 1

segment-routing

traffic-engineering

policy P1

color 1 end-point 3.3.3.3

candidate-path 1

dynamic-path isis 1

exit-pol-cp

exit-sr-pol

exit-te

interface ce0

interface ce1

interface eth0

ip vrf forwarding management

ip address dhcp

interface lo

ip address 127.0.0.1/8

ip address 1.1.1.1/32 secondary

ipv6 address ::1/128

prefix-sid index 1 no-php

ip router isis 1

interface lo.management

ip vrf forwarding management

ip address 127.0.0.1/8

ipv6 address ::1/128

interface xe2

interface xe2.1 switchport

encapsulation dot1q 10

access-if-evpn

map vpn-id 1

interface xe3

interface xe7

speed 10g

interface xe8

interface xe9

speed 10g

ip address 10.1.1.1/30

label-switching

ip router isis 1

interface xe10

exit

router isis 1

is-type level-1-2

metric-style wide

mpls traffic-eng level-1

mpls traffic-eng level-2

capability cspf

dynamic-hostname

net 49.0000.0100.0000.1001.00

isis segment-routing global block 16000 23999

segment-routing mpls

router bgp 65010

neighbor 3.3.3.3 remote-as 65010

neighbor 3.3.3.3 update-source lo

address-family l2vpn evpn

neighbor 3.3.3.3 activate

exit-address-family

feature netconf-ssh vrf management

feature netconf-tls vrf management

no feature netconf-ssh

no feature netconf-tls

service password-encryption

snmp-server enable traps link linkDown

snmp-server enable traps link linkUp

hardware-profile statistics ingress-acl enable

qos enable

hostname P1

no ip domain-lookup

ip domain-lookup vrf management

tfo Disable

errdisable cause stp-bpdu-guard

no feature telnet vrf management

no feature telnet

feature ssh vrf management

no feature ssh

feature dns relay

ip dns relay

ipv6 dns relay

feature ntp vrf management

ntp enable vrf management

ip vrf management

interface ce0

interface ce1

interface ce2

interface ce3

interface ce4

interface ce5

interface eth0

ip vrf forwarding management

ip address 192.168.3.10/24

interface lo

ip address 127.0.0.1/8

ip address 2.2.2.2/32 secondary

ipv6 address ::1/128

prefix-sid index 2 no-php

ip router isis 1

interface lo.management

ip vrf forwarding management

ip address 127.0.0.1/8

ipv6 address ::1/128

interface xe0

interface xe1

interface xe2

interface xe3

interface xe4

interface xe5

interface xe6

ip address 10.1.1.2/30

label-switching

ip router isis 1

interface xe7

ip address 11.1.1.1/30

label-switching

ip router isis 1

interface xe8

interface xe9

interface xe10

interface xe11

exit

router isis 1

is-type level-1-2

metric-style wide

mpls traffic-eng level-1

mpls traffic-eng level-2

capability cspf

dynamic-hostname

net 49.0000.0100.0000.1002.00

isis segment-routing global block 16000 23999

segment-routing mpls

end

PE2

feature netconf-ssh vrf management

feature netconf-tls vrf management

no feature netconf-ssh

no feature netconf-tls

service password-encryption

snmp-server enable traps link linkDown

snmp-server enable traps link linkUp

hardware-profile statistics voq-full-color enable

hardware-profile statistics cfm-ccm enable

qos enable

hostname PE2

no ip domain-lookup

ip domain-lookup vrf management

tfo Disable

errdisable cause stp-bpdu-guard

no feature telnet vrf management

no feature telnet

feature ssh vrf management

no feature ssh

feature dns relay

ip dns relay

ipv6 dns relay

feature ntp vrf management

ntp enable vrf management

evpn mpls enable

ip vrf management

mac vrf evpn1

rd 1:1

route-target both 1:1

evpn mpls vtep-ip-global 3.3.3.3

evpn mpls id 1

host-reachability-protocol evpn-bgp evpn1

interface ce0

interface ce1

interface eth0

ip vrf forwarding management

ip address dhcp

interface lo

ip address 127.0.0.1/8

ip address 3.3.3.3/32 secondary

ipv6 address ::1/128

prefix-sid index 3 no-php

ip router isis 1

interface lo.management

ip vrf forwarding management

ip address 127.0.0.1/8

ipv6 address ::1/128

interface xe2

interface xe3

interface xe3.1 switchport

encapsulation dot1q 10

access-if-evpn

map vpn-id 1

interface xe4

interface xe5

ip address 11.1.1.2/30

label-switching

ip router isis 1

interface xe6

interface xe7

interface xe8

interface xe9

interface xe10

interface xe11

interface xe12

interface xe13

exit

router isis 1

is-type level-1-2

metric-style wide

mpls traffic-eng level-1

mpls traffic-eng level-2

capability cspf

dynamic-hostname

net 49.0000.0100.0000.1003.00

isis segment-routing global block 16000 23999

segment-routing mpls

router bgp 65010

neighbor 1.1.1.1 remote-as 65010

neighbor 1.1.1.1 update-source lo

address-family l2vpn evpn

neighbor 1.1.1.1 activate

exit-address-family

exit

end

Validation

Verify ISIS neighbor adjacency between routers.

PE1#show clns neighbors ()

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1

Total number of adjacencies: 2

Tag 1: VRF : default

System Id Interface SNPA State Holdtime Type Protocol

P1 xe9 80a2.355b.7008 Up 21 L1 IS-IS

Up 21 L2 IS-IS

Verify that segment routing is enabled and that prefix SIDs are announced to other routers and verify that prefix SIDs are installed as labels in MPLS forwarding table. Verify the same in FTN and ILM tables.

PE1#show mpls forwarding-table

Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup

B - BGP FTN, K - CLI FTN, (t) - tunnel, P - SR Policy FTN, (b) - bypass,

L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,

U - unknown FTN, O - SR-OSPF FTN, i - SR-ISIS FTN, k - SR-CLI FTN

(m) - FTN mapped over multipath transport, (e) - FTN is ECMP

FTN-ECMP LDP: Disabled, SR: Disabled

Code FEC FTN-ID Nhlfe-ID Tunnel-ID Pri Out-Label Out-Intf ELC Nexthop Algo-Num UpTime

i> 2.2.2.2/32 1 8 - - - - - - 0 00:20:23

5 0 Yes 16002 xe9 No 10.1.1.2 - -

P> 3.3.3.3/32 3 13 1 Yes 16003 xe9 No 10.1.1.2 N/A 00:17:21

i> 3.3.3.3/32 2 10 - - - - - - 0 00:19:07

9 0 Yes 16003 xe9 No 10.1.1.2 - -

Verify SR policy

PE1#show segment-routing policy

Policy-Name Color End-point State Forwarding-Info

P1 1 3.3.3.3 UP 16003/xe9

Verify EVPN ELAN service:

PE1#show evpn mpls tunnel

EVPN-MPLS Network tunnel Entries

Source Destination Status Up/Down Update evpn-id Local-Leaf Remote-Leaf

=================================================================================================================

1.1.1.1 3.3.3.3 Installed 00:02:46 00:02:46 1 --- ---

show evpn mpls tunnel label

PE1-7012#sh evpn mpls tunnel label

EVPN-MPLS Network tunnel labels

(*) in Policy - tunnel-policy inherited from mac-vrf

(e) - Service mapped over MPLS Multipath/ECMP

================+===========+=========+===============+=========+=========+=========+=========+============+=========+============+========

Local Remote MPLS-Multipath Underlay

Destination Status VPN-ID Policy MC-Label UC-Label MC-Label UC-Label Grp-Name NHLFE-ix NW-Intf NW-Label

================+===========+=========+===============+=========+=========+=========+=========+============+=========+============+========

3.3.3.3 Installed 1 1 27524 28164 27524 -- -- 170 xe9 16014

Verify the tunnel policy details

Total number of entries are 1

PE1#sh tunnel-policy service details------------()

List of services configured with tunnel-policy 1:

EVPN

EVPN-Id: 1, Tunnel count: 1

Peer: 3.3.3.3 Mapped Tunnel: P1 [Owner: SR_POLICY], ftn_ix 3, color 1

Implementation Examples

• SR-TE for MPLS VPN Services

• Use SR Policies to optimize L3VPN MPLS services.

• Example: Redirecting VoIP traffic via an SR-TE policy to ensure low latency.

• EVPN Traffic Steering via SR Policies

• Ensure L2VPN/EVPN services are carried over low-latency paths using SR-TE.

• Example: Large-scale data center interconnects (DCI).

• Dynamic Traffic Engineering

• Route specific applications (for example: video traffic) via high-priority TE paths.

Glossary

The following provides definitions for key terms or abbreviations and their meanings used throughout this document:

Key Terms/Acronym	Description
Segment Routing (SR)	A source-routing paradigm that uses Segment Identifiers (SIDs) to define a path through the network without requiring per-flow state in intermediate nodes. SR can be applied to MPLS (SR-MPLS) or IPv6 (SRv6) networks.
SR Policy	A traffic engineering mechanism that allows explicit routing of traffic through a sequence of segments. SR policies enable optimized routing, load balancing, and redundancy.
Forwarding Table Number (FTN)	A table in the router that maps incoming packets to specific Segment Routing (SR) paths or policies based on preconfigured rules.
Multiprotocol Label Switching (MPLS)	A packet-forwarding technology that assigns labels to packets and forwards them based on labels instead of traditional IP routing..
Interior Gateway Protocol (IGP)	An intra-domain protocol used to exchange network reachability and routing information among devices.