MPLS VPN Service with Segment Routing

MPLS VPN Configuration example with IS-IS based Segment Routing (SPRING) on Juniper QFX5100 devices. The purpose of this lab is to demonstrate what LDP or RSVP-TE can be easily replaced with SR.

Complete Configuration Repository on GitHub:

https://github.com/bgphelp/blueprints/tree/master/SR/MPLS-VPN-SR-QFX5100

 

Physical Topology

Physical Topology is depicted below.

All QFX devices are running JunOS version 17.1

MPLS VPN with Segment Routing - QFX5100
MPLS VPN with Segment Routing on Juniper QFX5100

Logical Topology

IGP

IS-IS with Segment Routing is configured on all QFX devices as follows:

PE1:

set interfaces lo0 unit 0 family inet address 10.0.0.1/32
set interfaces lo0 unit 0 family iso address 49.0000.0000.0000.0001.00

set interfaces xe-0/0/46 mtu 9216
set interfaces xe-0/0/46 unit 0 family inet address 10.0.1.3/31
set interfaces xe-0/0/46 unit 0 family iso
set interfaces xe-0/0/46 unit 0 family mpls
set interfaces xe-0/0/47 mtu 9216
set interfaces xe-0/0/47 unit 0 family inet address 10.0.1.5/31
set interfaces xe-0/0/47 unit 0 family iso
set interfaces xe-0/0/47 unit 0 family mpls

set protocols mpls interface all
set protocols mpls interface em0.0 disable


set protocols isis source-packet-routing node-segment ipv4-index 1
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis interface xe-0/0/46.0 point-to-point
set protocols isis interface xe-0/0/47.0 point-to-point
set protocols isis interface lo0.0

PE2 and PE3 configs are not shown for brevity. Refer to GitHub link below for complete configuration.

BGP

Basic MPLS-VPN configuration was applied to all QFX devices.

PE1

set interfaces ge-0/0/0 unit 0 family inet address 100.0.0.1/24

set routing-options router-id 10.0.0.1
set routing-options autonomous-system 100

 set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 10.0.0.1
set protocols bgp group IBGP family inet-vpn unicast
set protocols bgp group IBGP family evpn signaling
set protocols bgp group IBGP neighbor 10.0.0.3
set protocols bgp group IBGP neighbor 10.0.0.2 

set routing-instances L3-A instance-type vrf
set routing-instances L3-A interface ge-0/0/0.0
set routing-instances L3-A interface lo0.100
set routing-instances L3-A route-distinguisher 10.0.0.1:1000
set routing-instances L3-A vrf-target target:100:1000
set routing-instances L3-A vrf-table-label
set routing-instances L3-A protocols bgp export ConnectedToBGP
set policy-options policy-statement ConnectedToBGP from protocol direct
set policy-options policy-statement ConnectedToBGP then accept

PE2 and PE3 configs are not shown for brevity. Refer to GitHub link below for complete configuration.

Monitoring

PE Next-Hop Reachability

inet.0 table is populated via IS-IS, while inet.3 table is populated via Segment Routing:

[email protected]> show route 10.0.0.2 extensive

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
10.0.0.2/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 10.0.0.2/32 -> {10.0.1.2}
        *IS-IS  Preference: 18
                Level: 2
                Next hop type: Router, Next hop index: 1760
                Address: 0xaf9eb90
                Next-hop reference count: 8
                Next hop: 10.0.1.2 via xe-0/0/46.0, selected
                Session Id: 0x0
                State: <Active Int>
                Local AS:   100
                Age: 57:09      Metric: 10
                Validation State: unverified
                ORR Generation-ID: 0
                Task: IS-IS
                Announcement bits (1): 0-KRT
                AS path: I 

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

10.0.0.2/32 (1 entry, 1 announced)
        *L-ISIS Preference: 14
                Level: 2
                Next hop type: Router, Next hop index: 1760
                Address: 0xaf9eb90
                Next-hop reference count: 8
                Next hop: 10.0.1.2 via xe-0/0/46.0, selected
                Session Id: 0x0
                State: <Active Int>
                Local AS:   100
                Age: 57:09      Metric: 10
                Validation State: unverified
                ORR Generation-ID: 0
                Task: IS-IS
                Announcement bits (2): 0-Resolve tree 1 2-Resolve_IGP_FRR task
                AS path: I

VRF Reachability

Routes within the VRF are propagated via Multi-Protocol BGP with the next-hop pointing to loopbacks. As shown above, those loopbacks are resolved in inet.3 table via SR.

[email protected]> show route 100.0.2.0 table L3-A.inet.0

L3-A.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

100.0.2.0/24       *[BGP/170] 00:29:04, localpref 100, from 10.0.0.3
                      AS path: I, validation-state: unverified
                    > to 10.0.1.2 via xe-0/0/46.0, Push 16, Push 800003(top)

Complete Configuration

Complete Configuration Repository on GitHub:

https://github.com/bgphelp/blueprints/tree/master/SR/MPLS-VPN-SR-QFX5100

 

Leave a Reply

Your email address will not be published. Required fields are marked *