ON THIS PAGE
How to Configure BGP Labeled Unicast Egress Peer Traffic Engineering on Ingress Using cRPD
This example shows how to configure egress peer traffic engineering using BGP labeled unicast. Egress peer traffic engineering allows a central controller to instruct an ingress router in a domain to direct traffic towards a specific egress router and a specific external interface to reach a destination out of the network.
In this example, the ingress functionality is run on a Linux device that is hosting Juniper Networks containerized routing protocol process (cRPD).
Requirements
This example uses the following hardware and software components. See Figure 1 for reference.
Linux VM (H0), that simulates the data center server and hosts the cRPD docker container
Linux server running:
Linux OS Ubuntu 18.04
Linux Kernel 4.15
Docker Engine 18.09.1
Other nodes in topology are vMX routers. Running Junos Release 19.2R2.2
R0 is a vMX, that simulates the ASBR PR1
R1 is a separate vMX, that simulates the rest of the routers (ToR, RR, P, Peer, U1) as logical systems
Overview
Topology
Figure 1 shows the topology that we are using in this example.
Configuration
The section shows how to enable egress traffic engineering on the ASBR R0 and demonstrates ingress functionality at cRPD. Configuration of other routers are generic and are omitted to focus on the details relevant to this example. The example here is based on the following example that you can use as reference to configure the other routers in the network:
Example: Configuring Egress Peer Traffic Engineering Using BGP Labeled Unicast
Configure R0 (ASBR) to Facilitate Egress Traffic Engineering in the Network
Configure the cRPD (Ingress Node) to Control EPE Decisions in the Network
Configure R0 (ASBR) to Facilitate Egress Traffic Engineering in the Network
Step-by-Step Procedure
- Configure a GRE tunnel on VMX R0 toward crpd01.set chassis fpc 0 pic 0 tunnel-servicesset interfaces gr-0/0/0 unit 0 tunnel source 10.19.19.19set interfaces gr-0/0/0 unit 0 tunnel destination 10.20.20.20set interfaces gr-0/0/0 unit 0 family inet address 10.19.19.1/32set interfaces gr-0/0/0 unit 0 family inet6set interfaces gr-0/0/0 unit 0 family mpls
- Enable egress traffic engineering toward the external
peers.set protocols bgp group toPeer1Link1 egress-teset protocols bgp group toPeer1Link1V6 egress-teset protocols bgp group toPeer1Link2 egress-teset protocols bgp group toPeer1Link2V6 egress-teset protocols bgp group toPeer2 egress-teset protocols bgp group toPeer2V6 egress-te
- Create policies that export the ARP routes that egress
traffic engineering created and apply them to the IBGP core in the
labeled unicast family.set policy-options policy-statement export_to_rrs term a from protocol arpset policy-options policy-statement export_to_rrs term a from rib inet.3set policy-options policy-statement export_to_rrs term a then next-hop selfset policy-options policy-statement export_to_rrs term a then acceptset policy-options policy-statement export_to_rrs term b from protocol arpset policy-options policy-statement export_to_rrs term b from rib inet6.3set policy-options policy-statement export_to_rrs term b then next-hop selfset policy-options policy-statement export_to_rrs term b then acceptset policy-options policy-statement export_to_rrs term c from protocol bgpset policy-options policy-statement export_to_rrs term c then acceptset policy-options policy-statement export_to_rrs term default then rejectset protocols bgp group toRRs type internalset protocols bgp group toRRs local-address 10.19.19.19set protocols bgp group toRRs family inet labeled-unicast rib inet.3set protocols bgp group toRRs family inet6 labeled-unicast rib inet6.3set protocols bgp group toRRs export export_to_rrsset protocols bgp group toRRs neighbor 10.6.6.6set protocols bgp group toRRs neighbor 10.7.7.7set protocols bgp group toRRs export export_to_rrs
- Re-advertise Internet routes from external peers with
the nexthop unchanged.set protocols bgp group toRRs family inet unicast add-path receiveset protocols bgp group toRRs family inet unicast add-path send path-count 6set protocols bgp group toRRs family inet6 unicast add-path receiveset protocols bgp group toRRs family inet6 unicast add-path send path-count 6set protocols bgp group toRRs export export_to_rrs
Configure the cRPD (Ingress Node) to Control EPE Decisions in the Network
Step-by-Step Procedure
- Bring up the cRPD on the Linux VM in the host namespace.
host@h0:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE crpd 19.2R2.2 4630539a4e65 10 minutes ago 215MB crpd latest 4630539a4e65 10 minutes ago 215MB
host@h0:~# docker volume create crpd01-config
crpd01-config
host@h0:~# docker volume create crpd01-varlog
crpd01-varlog
host@h0:~# docker run --rm --detach --name crpd01 -h crpd01 --privileged --net=host -v crpd01-config:/config -v crpd01-varlog:/var/log -it crpd:19.2R2.2
be2bab02188aea946aaf7e51d939ac6f16f3d0317731b4185ab6b932cbf276cf
host@h0:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be2bab02188a crpd:19.2R2.2 "/sbin/runit-init.sh" 1 second ago Up Less than a second crpd01
- Configure an interface IP address for the H0-R1 link from
the Linux shell.
host@h0:~# ip addr add 10.20.21.1/30 dev ens3f1
host@h0:~# ifconfig ens3f1 up
- Create loopback interfaces and IP addresses.
host@h0:~# ip link add name lo1 type dummy
host@h0:~# ip addr add 10.20.20.20/32 dev lo1
host@h0:~# ifconfig lo1 up
host@h0:~# ip link add name lo2 type dummy
host@h0:~# ip addr add 172.168.8.1/32 dev lo2
host@h0:~# ifconfig lo2 up
host@h0:~# ip addr add 2001:db8::172:16:88:1/128 dev lo2
host@h0:~# ifconfig lo2 up - Create the GRE tunnel.
host@h0:~# ip tunnel add gre1 mode gre remote 10.19.19.19 local 10.20.20.20 ttl 255
host@h0:~# ip link set gre1 up - Enter the cRPD Junos CLI and configure the protocols.
These will bring up OSPF and BGP sessions at cRPD01. The routes installed
on the cRPD will bring up the GRE tunnel in Linux.set policy-options prefix-list SvrV6Pfxes 2001:db8::172:16:88:1/128set policy-options prefix-list SvrV4Pfxes 172.16.88.1/32set policy-options prefix-list SvrV4lo 10.20.20.20/32set policy-options policy-statement export_lo1 term a from prefix-list SvrV4loset policy-options policy-statement export_lo1 term a then acceptset policy-options policy-statement export_lo1 term def then rejectset policy-options policy-statement export_to_peers term a from prefix-list SvrV4Pfxesset policy-options policy-statement export_to_peers term a then acceptset policy-options policy-statement export_to_peers term b from prefix-list SvrV6Pfxesset policy-options policy-statement export_to_peers term b then acceptset policy-options policy-statement export_to_peers term def then rejectset routing-options router-id 10.20.20.20set routing-options autonomous-system 19set routing-options rib inet.3 static route 10.19.19.19/32 next-hop gre1set routing-options rib inet6.3 static route ::ffff:10.19.19.19/128 next-hop gre1set protocols bgp group toRRs type internalset protocols bgp group toRRs local-address 10.20.20.20set protocols bgp group toRRs family inet labeled-unicast rib inet.3set protocols bgp group toRRs family inet unicast add-path receiveset protocols bgp group toRRs family inet unicast add-path send path-count 6set protocols bgp group toRRs family inet6 labeled-unicast rib inet6.3set protocols bgp group toRRs family inet6 unicast add-path receiveset protocols bgp group toRRs family inet6 unicast add-path send path-count 6set protocols bgp group toRRs neighbor 10.6.6.6set protocols bgp group toRRs neighbor 10.7.7.7set protocols bgp connect-retry-interval 1set protocols bgp hold-time 6set protocols bgp export export_to_peersset protocols ospf export export_lo1set protocols ospf area 0.0.0.0 interface ens3f1
Verification
Step-by-Step Procedure
- On crpd01, verify that the routing protocol sessions are
Up.
host@crpd01> show ospf neighbor
Address Interface State ID Pri Dead 10.20.21.2 ens3f1 Full 8.8.8.8 128 36 host@crpd01> show bgp summary Threading mode: BGP I/O Groups: 1 Peers: 2 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 40 5 0 0 0 0 inet.3 8 4 0 0 0 0 inet6.0 42 5 0 0 0 0 inet6.3 8 4 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 10.6.6.6 19 31 9 0 0 6 Establ inet.0: 5/20/20/0 inet.3: 4/4/4/0 inet6.0: 5/21/21/0 inet6.3: 4/4/4/0
- On crpd01, verify that IPv4 routes for U1 are installed.
You should see the BGP routes with all available nexthops: 192.168.0.1,
192.168.1.1, 192.168.2.1, and 192.168.3.1
host@crpd01> show route 172.16.77.1/32
inet.0: 27 destinations, 44 routes (25 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both 172.16.77.1/32 *[BGP/170] 00:05:25, localpref 100, from 10.6.6.6 AS path: 1 4 I, validation-state: unverified > via gre1, Push 300912 [BGP/170] 00:05:25, localpref 100, from 10.6.6.6 AS path: 1 4 I, validation-state: unverified > via gre1, Push 301040 [BGP/170] 00:05:25, localpref 100, from 10.6.6.6 AS path: 2 4 I, validation-state: unverified > via gre1, Push 301056 [BGP/170] 00:05:25, localpref 100, from 10.6.6.6 AS path: 3 4 I, validation-state: unverified > via gre1, Push 300976
- On crpd01, verify that IPv6 routes for U1 are installed.
host@crpd01> show route 2001:db8::172:16:77:1
inet6.0: 15 destinations, 31 routes (13 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both 2001:db8::172:16:77:1/128 *[BGP/170] 00:09:45, localpref 100, from 10.6.6.6 AS path: 1 4 I, validation-state: unverified > via gre1, Push 301072 [BGP/170] 00:09:45, localpref 100, from 10.6.6.6 AS path: 1 4 I, validation-state: unverified > via gre1, Push 301088 [BGP/170] 00:09:45, localpref 100, from 10.6.6.6 AS path: 2 4 I, validation-state: unverified > via gre1, Push 301104 [BGP/170] 00:09:45, localpref 100, from 10.6.6.6 AS path: 3 4 I, validation-state: unverified > via gre1, Push 301120
- On crpd01, verify nexthop resolution for IPv4.
host@crpd01> show route 172.16.77.1 extensive
inet.0: 27 destinations, 44 routes (25 active, 0 holddown, 2 hidden) 172.16.77.1/32 (4 entries, 1 announced) TSI: KRT in-kernel 172.16.77.1/32 -> {indirect(-)} *BGP Preference: 170/-101 Next hop type: Indirect, Next hop index: 0 Address: 0x4c4a3bc Next-hop reference count: 10 Source: 10.6.6.6 Next hop type: Router, Next hop index: 0 Next hop: via gre1, selected Label operation: Push 300912
.
. .
Addpath Path ID: 1 Indirect next hops: 1 Protocol next hop: 192.168.0.1 Metric: 0 Indirect next hop: 0x6511a08 - INH Session ID: 0x0 Indirect path forwarding next hops: 1 Next hop type: Router Next hop: via gre1 Session Id: 0x0 192.168.0.1/32 Originating RIB: inet.3 Metric: 0 Node path count: 1 Indirect nexthops: 1 Protocol Nexthop: 10.19.19.19 Push 300912 Indirect nexthop: 0x6510c08 - INH Session ID: 0x0 Path forwarding nexthops link: 0x4c48c90 Path inh link: (nil) Indirect path forwarding nexthops: 1 Nexthop: via gre1 Session Id: 0 10.19.19.19/32 Originating RIB: inet.3 Node path count: 1 Forwarding nexthops: 1 Nexthop: via gre1 Session Id: 0 - On crpd01, verify nexthop resolution for IPv6.
host@crpd01> show route 2001:db8::172:16:77:1 extensive
inet6.0: 15 destinations, 31 routes (13 active, 0 holddown, 2 hidden) 2001:db8::172:16:77:1/128 (4 entries, 1 announced) TSI: KRT in-kernel 2001:db8::172:16:77:1/128 -> {indirect(-)} *BGP Preference: 170/-101 Next hop type: Indirect, Next hop index: 0 Address: 0x4c4aa7c Next-hop reference count: 10 Source: 10.6.6.6 Next hop type: Router, Next hop index: 0 Next hop: via gre1, selected . . . Addpath Path ID: 1 Indirect next hops: 1 Protocol next hop: 19:1::1 Metric: 0 Indirect next hop: 0x6512208 - INH Session ID: 0x0 Indirect path forwarding next hops: 1 Next hop type: Router Next hop: via gre1 Session Id: 0x0 19:1::1/128 Originating RIB: inet6.3 Metric: 0 Node path count: 1 Indirect nexthops: 1 Protocol Nexthop: ::ffff:10.19.19.19 Push 301072 Indirect nexthop: 0x6511208 - INH Session ID: 0x0 Path forwarding nexthops link: 0x4c49bc0 Path inh link: (nil) Indirect path forwarding nexthops: 1 Nexthop: via gre1 Session Id: 0 ::ffff:10.19.19.19/128 Originating RIB: inet6.3 Node path count: 1 Forwarding nexthops: 1 Nexthop: via gre1 Session Id: 0
- On H0, verify that IPv4 routes are installed in Linux
FIB with MPLS encapsulation.
host@h0:~# ip route | grep 172.16.77.1
172.16.77.1 encap mpls 300912 dev gre1 proto 22 172.16.77.12 encap mpls 300912 dev gre1 proto 22
- On H0, verify that IPv6 routes are installed in Linux
FIB accordingly, with MPLS encapsulation.
host@h0:~# ip -6 route | grep 172:16:77:1
2001:db8::172:16:77:1 encap mpls 301072 dev gre1 proto 22 metric 1024 pref medium 2001:db8::172:16:77:12 encap mpls 301072 dev gre1 proto 22 metric 1024 pref medium
- Run ping from R0 to R6 on IPv4 and IPv6.
host@h0:~# ping 172.16.77.1 -I 172.16.88.1 -f
PING 172.16.77.1 (172.16.77.1) from 172.16.88.1 : 56(84) bytes of data. .^C --- 172.16.77.1 ping statistics --- 900 packets transmitted, 899 received, 0% packet loss, time 2618ms rtt min/avg/max/mdev = 2.209/2.864/10.980/0.619 ms, ipg/ewma 2.913/3.223 ms
host@h0:~# ping 2001:db8::172:16:77:1 -I 2001:db8::172:16:88:1 -f
PING 2001:db8::172:16:77:1(2001:db8::172:16:77:1) from 2001:db8::172:16:88:1 : 56 data bytes .^ --- 2001:db8::172:16:77:1 ping statistics --- 437 packets transmitted, 437 received, 0% packet loss, time 1304ms rtt min/avg/max/mdev = 2.300/2.925/7.535/0.599 ms, ipg/ewma 2.991/3.442 ms
- Keep the ping running and monitor interface statistics
at R3. Verify that traffic is exiting toward Peer1.
host@10.53.33.247> monitor interface ge-0/0/0.0
10.53.33.247 Seconds: 8 Time: 19:25:11 Delay: 42/1/42 Interface: ge-0/0/0.0, Enabled, Link is Up Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 VLAN-Tag [ 0x8100.11 ] Local statistics: Current delta Input bytes: 1006749 [1216] Output bytes: 1254088 [1541] Input packets: 13917 [17] Output packets: 13949 [17] Remote statistics: Input bytes: 29000 (568 bps) [0] Output bytes: 28219976 (513064 bps) [511568] Input packets: 400 (1 pps) [0] Output packets: 300048 (682 pps) [5442] IPv6 statistics: Input bytes: 22952 (632 bps) [0] Output bytes: 15789896 (282912 bps) [283088] Input packets: 292 (0 pps) [0] Output packets: 152026 (340 pps) [2722] Traffic statistics: Input bytes: 1035749 [1216] Output bytes: 29474064 [513109] Input packets: 14317 [17] Output packets: 313997 [5459] Protocol: inet, MTU: 1500, Flags: None
host@10.53.33.247> monitor interface ge-0/0/0.2
10.53.33.247 Seconds: 6 Time: 19:24:25 Delay: 1/1/1 Interface: ge-0/0/0.2, Enabled, Link is Up Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 VLAN-Tag [ 0x8100.13 ] Local statistics: Current delta Input bytes: 998771 [858] Output bytes: 1247597 [934] Input packets: 13781 [12] Output packets: 13857 [10] Remote statistics: Input bytes: 41009996 (495704 bps) [386714] Output bytes: 15769092 (0 bps) [0] Input packets: 436234 (660 pps) [4116] Output packets: 168027 (0 pps) [0] IPv6 statistics: Input bytes: 22853256 (271656 bps) [213467] Output bytes: 8703312 (0 bps) [0] Input packets: 220035 (326 pps) [2053] Output packets: 83874 (0 pps) [0] Traffic statistics: Input bytes: 42008767 [387572] Output bytes: 17016689 [934] Input packets: 450015 [4128] Output packets: 181884 [10] Protocol: inet, MTU: 1500, Flags: None
- Add the following configuration to install a static route
at R0 for R6/32 destination, with nexthop of Peer2, with the resolve
option. This configuration simulates a Controller API installed route
to move the traffic to Peer2.[edit]host@crpd01# edit routing-options
rib inet6.3 { rib inet6.0 { . . .} static { route 2001:db8::172:16:77:1/128 { next-hop 19:2::2; resolve; } } }
edit routing-options static { route 172.16.77.1/32 { next-hop 192.168.2.1; resolve; } }
- On H0, observe routes in Linux FIB changes to encapsulate
toward the new nexthop.
host@h0:~# ip route | grep 172.16.77.1
172.16.77.1 encap mpls 301056 dev gre1 proto 22 172.16.77.12 encap mpls 300912 dev gre1 proto 22 host@h0:~# ip -6 route | grep 172:16:77:1 2001:db8::172:16:77:1 encap mpls 301104 dev gre1 proto 22 metric 1024 pref medium 2001:db8::172:16:77:12 encap mpls 301072 dev gre1 proto 22 metric 1024 pref medium
- Run ping from R0 to R6. Traffic is steered toward Peer2,
as directed by the controller installed static route.
host@10.53.33.247> monitor interface ge-0/0/0.0
10.53.33.247 Seconds: 247 Time: 19:29:10 Delay: 1/0/150 Interface: ge-0/0/0.0, Enabled, Link is Up Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 VLAN-Tag [ 0x8100.11 ] Local statistics: Current delta Input bytes: 1043286 [37753] Output bytes: 1298727 [46180] Input packets: 14427 [527] Output packets: 14447 [515] Remote statistics: Input bytes: 29000 (0 bps) [0] Output bytes: 38398552 (0 bps) [10690144] Input packets: 400 (0 pps) [0] Output packets: 408337 (0 pps) [113731] IPv6 statistics: Input bytes: 22952 (640 bps) [0] Output bytes: 21417856 (0 bps) [5911048] Input packets: 292 (0 pps) [0] Output packets: 206141 (0 pps) [56837] Traffic statistics: Input bytes: 1072286 [37753] Output bytes: 39697279 [10736324] Input packets: 14827 [527] Output packets: 422784 [114246] Protocol: inet, MTU: 1500, Flags: None
host@10.53.33.247> monitor interface ge-0/0/0.2
10.53.33.247 Seconds: 346 Time: 19:30:05 Delay: 23/0/166 Interface: ge-0/0/0.2, Enabled, Link is Up Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 VLAN-Tag [ 0x8100.13 ] Local statistics: Current delta Input bytes: 1050215 [52302] Output bytes: 1312403 [65740] Input packets: 14498 [729] Output packets: 14581 [734] Remote statistics: Input bytes: 62583536 (506896 bps) [21960254] Output bytes: 24189032 (506328 bps) [8419940] Input packets: 665769 (675 pps) [233651] Output packets: 257617 (673 pps) [89590] IPv6 statistics: Input bytes: 34774776 (281456 bps) [12134987] Output bytes: 13354088 (280456 bps) [4650776] Input packets: 334665 (338 pps) [116683] Output packets: 128593 (337 pps) [44719] Traffic statistics: Input bytes: 63633751 [22012556] Output bytes: 25501435 [8485680] Input packets: 680267 [234380] Output packets: 272198 [90324] Protocol: inet, MTU: 1500, Flags: None