diff options
Diffstat (limited to 'docs')
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/_static/images/vyos-sr-isis.png | bin | 0 -> 45339 bytes | |||
| -rw-r--r-- | docs/_static/images/zone-policy-diagram.png | bin | 113618 -> 126116 bytes | |||
| -rw-r--r-- | docs/changelog/1.3.rst | 8 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 44 | ||||
| -rw-r--r-- | docs/configexamples/index.rst | 1 | ||||
| -rw-r--r-- | docs/configexamples/segment-routing-isis.rst | 279 | ||||
| -rw-r--r-- | docs/configuration/protocols/bgp.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/protocols/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/protocols/segment-routing.rst | 357 |
10 files changed, 691 insertions, 2 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject b65296a0ff39e66d87e916971477cce351f6d5a +Subproject f5d40cf3cf8b29a289da31bb3f0368fcfaeae3c diff --git a/docs/_static/images/vyos-sr-isis.png b/docs/_static/images/vyos-sr-isis.png Binary files differnew file mode 100644 index 00000000..62430919 --- /dev/null +++ b/docs/_static/images/vyos-sr-isis.png diff --git a/docs/_static/images/zone-policy-diagram.png b/docs/_static/images/zone-policy-diagram.png Binary files differindex cfde4af6..49e3e046 100644 --- a/docs/_static/images/zone-policy-diagram.png +++ b/docs/_static/images/zone-policy-diagram.png diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 18236014..d6ab1408 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,14 @@ _ext/releasenotes.py +2023-04-05 +========== + +* :vytask:`T4975` (bug): CLI does not work after cutting off the power or reset +* :vytask:`T5136` (bug): Possible config corruption on upgrade +* :vytask:`T425` (feature): AWS CloudWatch monitoring scripts + + 2023-04-01 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index eab4caf1..465febef 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,50 @@ _ext/releasenotes.py +2023-04-10 +========== + +* :vytask:`T5151` (bug): EAP-TLS TLSv1.0/1.1 regression after T5003 + + +2023-04-07 +========== + +* :vytask:`T5149` (bug): op-mode openvpn should not raise error in case interface is disabled + + +2023-04-06 +========== + +* :vytask:`T5147` (bug): Can't Commit with Container Network +* :vytask:`T5142` (feature): One of the requirements is to use a system auditing tool to monitor and log all security-relevant events. +* :vytask:`T5125` (feature): Add op-mode commands for hsflowd based sflow + + +2023-04-05 +========== + +* :vytask:`T5145` (feature): Add maxsyslogins maximum number of all logins on system +* :vytask:`T5135` (default): Rewrite opennhrp script using vyos.ipsec library +* :vytask:`T4975` (bug): CLI does not work after cutting off the power or reset +* :vytask:`T5136` (bug): Possible config corruption on upgrade + + +2023-04-04 +========== + +* :vytask:`T5141` (feature): Add numbers for dhclient-exit-hooks.d to enforce script order execution +* :vytask:`T5093` (bug): Command 'reset vpn ipsec-profile' doesn't work +* :vytask:`T4362` (bug): Wan Load Balancing - Can't create routing tables + + +2023-04-03 +========== + +* :vytask:`T5139` (feature): IKE life-time should start from 0 for disable rekey +* :vytask:`T4173` (bug): Wan Load Balancing - Error on firewall NAT rules + + 2023-04-02 ========== diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst index a53a86c6..b3610d3a 100644 --- a/docs/configexamples/index.rst +++ b/docs/configexamples/index.rst @@ -20,6 +20,7 @@ This chapter contains various configuration examples: inter-vrf-routing-vrf-lite openvpn-ldap qos + segment-routing-isis nmp diff --git a/docs/configexamples/segment-routing-isis.rst b/docs/configexamples/segment-routing-isis.rst new file mode 100644 index 00000000..d9bc439b --- /dev/null +++ b/docs/configexamples/segment-routing-isis.rst @@ -0,0 +1,279 @@ +:lastproofread: 2023-04-10 + +.. _examples-segment-routing-isis: + +############################# +Segment-routing IS-IS example +############################# + +When utilizing VyOS in an environment with Cisco IOS-XR gear you can use this +blue print as an initial setup to get MPLS ISIS-SR working between those two +devices.The lab was build using :abbr:`EVE-NG (Emulated Virtual +Environment NG)`. + +.. figure:: /_static/images/vyos-sr-isis.png + :alt: ISIS-SR network + + ISIS-SR example network + +The below configuration is used as example where we keep focus on +VyOS-P1/VyOS-P2/XRv-P3 which we share the settings. + + +Configuration +============= + +- VyOS-P1: + +.. code-block:: none + + set interfaces dummy dum0 address '192.0.2.1/32' + set interfaces ethernet eth1 address '192.0.2.5/30' + set interfaces ethernet eth1 mtu '8000' + set interfaces ethernet eth3 address '192.0.2.21/30' + set interfaces ethernet eth3 mtu '8000' + set protocols isis interface dum0 passive + set protocols isis interface eth1 network point-to-point + set protocols isis interface eth3 network point-to-point + set protocols isis level 'level-2' + set protocols isis log-adjacency-changes + set protocols isis metric-style 'wide' + set protocols isis net '49.0000.0000.0000.0001.00' + set protocols isis segment-routing maximum-label-depth '8' + set protocols isis segment-routing prefix 192.0.2.1/32 index value '1' + set protocols mpls interface 'eth1' + set protocols mpls interface 'eth3' + set system host-name 'P1-VyOS' + +- XRv-P3: + +.. code-block:: none + + hostname P3-VyOS + interface Loopback0 + ipv4 address 192.0.2.3 255.255.255.255 + ! + interface GigabitEthernet0/0/0/1 + mtu 8014 + ipv4 address 192.0.2.6 255.255.255.252 + ! + interface GigabitEthernet0/0/0/2 + mtu 8014 + ipv4 address 192.0.2.18 255.255.255.252 + ! + router isis VyOS + is-type level-2-only + net 49.0000.0000.0000.0003.00 + log adjacency changes + address-family ipv4 unicast + metric-style wide + segment-routing mpls + ! + interface Loopback0 + passive + address-family ipv4 unicast + prefix-sid index 3 + ! + ! + interface GigabitEthernet0/0/0/1 + point-to-point + address-family ipv4 unicast + ! + ! + interface GigabitEthernet0/0/0/2 + point-to-point + address-family ipv4 unicast + ! + ! + ! + +- VyOS-P2: + +.. code-block:: none + + set interfaces dummy dum0 address '192.0.2.2/32' + set interfaces ethernet eth2 address '192.0.2.17/30' + set interfaces ethernet eth2 mtu '8000' + set interfaces ethernet eth3 address '192.0.2.26/30' + set interfaces ethernet eth3 mtu '8000' + set protocols isis interface dum0 passive + set protocols isis interface eth2 network point-to-point + set protocols isis interface eth3 network point-to-point + set protocols isis level 'level-2' + set protocols isis log-adjacency-changes + set protocols isis metric-style 'wide' + set protocols isis net '49.0000.0000.0000.0002.00' + set protocols isis segment-routing maximum-label-depth '8' + set protocols isis segment-routing prefix 192.0.2.2/32 index value '2' + set protocols mpls interface 'eth2' + set protocols mpls interface 'eth3' + set system host-name 'P2-VyOS' + +This gives us MPLS segment routing enabled and labels forwarding : + +.. code-block:: none + + vyos@P1-VyOS:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + ----------------------------------------------------------------- + 15000 SR (IS-IS) 192.0.2.6 implicit-null + 15001 SR (IS-IS) 192.0.2.22 implicit-null + 15002 SR (IS-IS) fe80::5200:ff:fe04:3 implicit-null + 16002 SR (IS-IS) 192.0.2.6 16002 + 16003 SR (IS-IS) 192.0.2.6 implicit-null + 16011 SR (IS-IS) 192.0.2.22 implicit-null + + vyos@P2-VyOS:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + ------------------------------------------------------- + 15000 SR (IS-IS) 192.0.2.18 implicit-null + 16001 SR (IS-IS) 192.0.2.18 16001 + 16003 SR (IS-IS) 192.0.2.18 implicit-null + 16011 SR (IS-IS) 192.0.2.18 16011 + + RP/0/0/CPU0:P3-VyOS#show mpls forwarding + Tue Mar 28 17:47:18.928 UTC + Local Outgoing Prefix Outgoing Next Hop Bytes + Label Label or ID Interface Switched + ------ ----------- ------------------ ------------ --------------- ------------ + 16001 Pop SR Pfx (idx 1) Gi0/0/0/1 192.0.2.5 0 + 16002 Pop SR Pfx (idx 2) Gi0/0/0/2 192.0.2.17 0 + 16011 16011 SR Pfx (idx 11) Gi0/0/0/1 192.0.2.5 0 + 24000 Pop SR Adj (idx 1) Gi0/0/0/1 192.0.2.5 0 + 24001 Pop SR Adj (idx 3) Gi0/0/0/1 192.0.2.5 0 + 24002 Pop SR Adj (idx 1) Gi0/0/0/2 192.0.2.17 0 + 24003 Pop SR Adj (idx 3) Gi0/0/0/2 192.0.2.17 0 + + +VyOS is able to check MSD per devices: + +.. code-block:: none + + vyos@P1-VyOS:~$ show isis segment-routing node + Area VyOS: + IS-IS L1 SR-Nodes: + + IS-IS L2 SR-Nodes: + + System ID SRGB SRLB Algorithm MSD + --------------------------------------------------------------- + 0000.0000.0001 16000 - 23999 15000 - 15999 SPF 8 + 0000.0000.0002 16000 - 23999 15000 - 15999 SPF 8 + 0000.0000.0003 16000 - 23999 0 - 4294967295 SPF 10 + 0000.0000.0011 16000 - 23999 15000 - 15999 SPF 8 + + vyos@P2-VyOS:~$ show isis segment-routing node + Area VyOS: + IS-IS L1 SR-Nodes: + + IS-IS L2 SR-Nodes: + + System ID SRGB SRLB Algorithm MSD + --------------------------------------------------------------- + 0000.0000.0001 16000 - 23999 15000 - 15999 SPF 8 + 0000.0000.0002 16000 - 23999 15000 - 15999 SPF 8 + 0000.0000.0003 16000 - 23999 0 - 4294967295 SPF 10 + 0000.0000.0011 16000 - 23999 15000 - 15999 SPF 8 + +Here is the routing tables showing the MPLS segment routing label operations: + +.. code-block:: none + + vyos@P1-VyOS:~$ show ip route isis + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + I>* 192.0.2.2/32 [115/30] via 192.0.2.6, eth1, label 16002, weight 1, 1d03h18m + I>* 192.0.2.3/32 [115/10] via 192.0.2.6, eth1, label implicit-null, weight 1, 1d03h18m + I 192.0.2.4/30 [115/20] via 192.0.2.6, eth1 inactive, weight 1, 1d03h18m + I>* 192.0.2.11/32 [115/20] via 192.0.2.22, eth3, label implicit-null, weight 1, 1d02h47m + I>* 192.0.2.16/30 [115/20] via 192.0.2.6, eth1, weight 1, 1d03h18m + I 192.0.2.20/30 [115/20] via 192.0.2.22, eth3 inactive, weight 1, 1d02h48m + I>* 192.0.2.24/30 [115/30] via 192.0.2.6, eth1, weight 1, 1d03h18m + + + vyos@P2-VyOS:~$ show ip route isis + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + I>* 192.0.2.1/32 [115/30] via 192.0.2.18, eth2, label 16001, weight 1, 1d03h17m + I>* 192.0.2.3/32 [115/10] via 192.0.2.18, eth2, label implicit-null, weight 1, 1d03h17m + I>* 192.0.2.4/30 [115/20] via 192.0.2.18, eth2, weight 1, 1d03h17m + I>* 192.0.2.11/32 [115/40] via 192.0.2.18, eth2, label 16011, weight 1, 1d02h47m + I 192.0.2.16/30 [115/20] via 192.0.2.18, eth2 inactive, weight 1, 1d03h17m + I>* 192.0.2.20/30 [115/30] via 192.0.2.18, eth2, weight 1, 1d03h17m + + RP/0/0/CPU0:P3-VyOS#show route isis + Tue Mar 28 18:19:16.417 UTC + + i L2 192.0.2.1/32 [115/20] via 192.0.2.5, 1d03h, GigabitEthernet0/0/0/1 + i L2 192.0.2.2/32 [115/20] via 192.0.2.17, 1d03h, GigabitEthernet0/0/0/2 + i L2 192.0.2.11/32 [115/30] via 192.0.2.5, 1d02h, GigabitEthernet0/0/0/1 + i L2 192.0.2.20/30 [115/20] via 192.0.2.5, 1d03h, GigabitEthernet0/0/0/1 + i L2 192.0.2.24/30 [115/20] via 192.0.2.17, 1d03h, GigabitEthernet0/0/0/2 + +Information about prefix-sid and label-operation from VyOS + +.. code-block:: none + + vyos@P1-VyOS:~$ show isis route prefix-sid + Area VyOS: + IS-IS L2 IPv4 routing table: + + Prefix Metric Interface Nexthop SID Label Op. + ---------------------------------------------------------------------- + 192.0.2.1/32 0 - - - - + 192.0.2.2/32 30 eth1 192.0.2.6 2 Swap(16002, 16002) + 192.0.2.3/32 10 eth1 192.0.2.6 3 Pop(16003) + 192.0.2.4/30 20 eth1 192.0.2.6 - - + 192.0.2.16/30 20 eth1 192.0.2.6 - - + 192.0.2.20/30 0 - - - - + 192.0.2.24/30 30 eth1 192.0.2.6 - - + + vyos@P2-VyOS:~$ show isis route prefix-sid + Area VyOS: + IS-IS L2 IPv4 routing table: + + Prefix Metric Interface Nexthop SID Label Op. + ----------------------------------------------------------------------- + 192.0.2.1/32 30 eth2 192.0.2.18 1 Swap(16001, 16001) + 192.0.2.2/32 0 - - - - + 192.0.2.3/32 10 eth2 192.0.2.18 3 Pop(16003) + 192.0.2.4/30 20 eth2 192.0.2.18 - - + 192.0.2.16/30 20 eth2 192.0.2.18 - - + 192.0.2.20/30 30 eth2 192.0.2.18 - - + 192.0.2.24/30 0 - - - - + +Ping between VyOS-P1 / VyOS-P2 to confirm reachability: + +.. code-block:: none + + vyos@P1-VyOS:~$ ping 192.0.2.2 source-address 192.0.2.1 + PING 192.0.2.2 (192.0.2.2) from 192.0.2.1 : 56(84) bytes of data. + 64 bytes from 192.0.2.2: icmp_seq=1 ttl=63 time=3.47 ms + 64 bytes from 192.0.2.2: icmp_seq=2 ttl=63 time=2.06 ms + 64 bytes from 192.0.2.2: icmp_seq=3 ttl=63 time=3.90 ms + 64 bytes from 192.0.2.2: icmp_seq=4 ttl=63 time=3.87 ms + ^C + --- 192.0.2.2 ping statistics --- + 4 packets transmitted, 4 received, 0% packet loss, time 3004ms + rtt min/avg/max/mdev = 2.064/3.326/3.903/0.748 ms + + vyos@P2-VyOS:~$ ping 192.0.2.1 source-address 192.0.2.2 + PING 192.0.2.1 (192.0.2.1) from 192.0.2.2 : 56(84) bytes of data. + 64 bytes from 192.0.2.1: icmp_seq=1 ttl=63 time=2.91 ms + 64 bytes from 192.0.2.1: icmp_seq=2 ttl=63 time=3.23 ms + 64 bytes from 192.0.2.1: icmp_seq=3 ttl=63 time=2.91 ms + 64 bytes from 192.0.2.1: icmp_seq=4 ttl=63 time=2.85 ms + ^C + --- 192.0.2.1 ping statistics --- + 4 packets transmitted, 4 received, 0% packet loss, time 3005ms + rtt min/avg/max/mdev = 2.846/2.972/3.231/0.151 ms
\ No newline at end of file diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 68688b25..737e98fa 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -939,8 +939,7 @@ IBGP (called confederation BGP). Confederation mechanism is described in of the autonomous system that internally includes multiple sub-autonomous systems (a confederation). -.. cfgcmd:: set protocols bgp parameters confederation confederation - peers <nsubasn> +.. cfgcmd:: set protocols bgp parameters confederation peers <nsubasn> This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`. diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index 682390d5..29dc230f 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -14,6 +14,7 @@ Protocols igmp isis mpls + segment-routing ospf rip rpki diff --git a/docs/configuration/protocols/segment-routing.rst b/docs/configuration/protocols/segment-routing.rst new file mode 100644 index 00000000..5ee710e9 --- /dev/null +++ b/docs/configuration/protocols/segment-routing.rst @@ -0,0 +1,357 @@ +.. _segment-routing: + +############### +Segment Routing +############### + +Segment Routing (SR) is a network architecture that is similar to source-routing +. In this architecture, the ingress router adds a list of segments, known as +SIDs, to the packet as it enters the network. These segments represent different +portions of the network path that the packet will take. + +The SR segments are portions of the network path taken by the packet, and are +called SIDs. At each node, the first SID of the list is read, executed as a +forwarding function, and may be popped to let the next node read the next SID of +the list. The SID list completely determines the path where the packet is +forwarded. + +Segment Routing can be applied to an existing MPLS-based data plane and defines +a control plane network architecture. In MPLS networks, segments are encoded as +MPLS labels and are added at the ingress router. These MPLS labels are then +exchanged and populated by Interior Gateway Protocols (IGPs) like IS-IS or OSPF +which are running on most ISPs. + + +.. note:: Segment routing defines a control plane network architecture and + can be applied to an existing MPLS based dataplane. In the MPLS networks, + segments are encoded as MPLS labels and are imposed at the ingress router. + MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing + as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has + been tested against Cisco & Juniper routers.however,this deployment is still + EXPERIMENTAL for FRR. + + +IS-IS SR Configuration +---------------------- + +Segment routing (SR) is used by the IGP protocols to interconnect network +devices, below configuration shows how to enable SR on IS-IS: + + +.. note:: ``Known limitations:`` + + No support for level redistribution (L1 to L2 or L2 to L1) + + No support for binding SID + + No support for SRLB + + Only one SRGB and default SPF Algorithm is supported + + + +.. cfgcmd:: set protocols isis segment-routing global-block high-label-value + <label-value> + + Set the Segment Routing Global Block i.e. the label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535. + +.. cfgcmd:: set protocols isis segment-routing global-block low-label-value + <label-value> + + Set the Segment Routing Global Block i.e. the low label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535. + +.. cfgcmd:: set protocols isis segment-routing local-block high-label-value + <label-value> + + Set the Segment Routing Local Block i.e. the label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535.Segment Routing Local Block, The negative command always + unsets both. + +.. cfgcmd:: set protocols isis segment-routing local-block <low-label-value + <label-value> + + Set the Segment Routing Local Block i.e. the low label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535.Segment Routing Local Block, The negative command always + unsets both. + +.. cfgcmd:: set protocols isis segment-routing maximum-label-depth <1-16> + + Set the Maximum Stack Depth supported by the router. The value depend of + the MPLS dataplane. + +.. cfgcmd:: set protocols isis segment-routing prefix <address> index value + <0-65535> + + A segment ID that contains an IP address prefix calculated by an IGP in the + service provider core network. Prefix SIDs are globally unique, this value + indentify it + +.. cfgcmd:: set protocols isis segment-routing prefix <address> index + <no-php-flag | explicit-null| n-flag-clear> + + this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO + Penultimate Hop Popping that allows SR node to request to its neighbor to + not pop the label. The ‘explicit-null’ flag allows SR node to request to its + neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ + option can be used to explicitly clear the Node flag that is set by default + for Prefix-SIDs associated to loopback addresses. This option is necessary + to configure Anycast-SIDs. + + +.. opcmd:: show isis segment-routing node + + Show detailed information about all learned Segment Routing Nodes + +.. opcmd:: show isis route prefix-sid + + Show detailed information about prefix-sid and label learned + +.. note:: more information related IGP - :ref:`routing-isis` + + + +OSPF SR Configuration +---------------------- + +Segment routing (SR) is used by the IGP protocols to interconnect network +devices, below configuration shows how to enable SR on OSPF: + +.. cfgcmd:: set protocols ospf parameters opaque-lsa + + Enable the Opaque-LSA capability (rfc2370), necessary to transport label + on IGP + + +.. cfgcmd:: set protocols ospf segment-routing global-block high-label-value + <label-value> + + Set the Segment Routing Global Block i.e. the label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535. + +.. cfgcmd:: set protocols ospf segment-routing global-block low-label-value + <label-value> + + Set the Segment Routing Global Block i.e. the low label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535. + +.. cfgcmd:: set protocols ospf segment-routing local-block high-label-value + <label-value> + + Set the Segment Routing Local Block i.e. the label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535.Segment Routing Local Block, The negative command always + unsets both. + +.. cfgcmd:: set protocols ospf segment-routing local-block <low-label-value + <label-value> + + Set the Segment Routing Local Block i.e. the low label range used by MPLS to + store label in the MPLS FIB for Prefix SID. Note that the block size may + not exceed 65535.Segment Routing Local Block, The negative command always + unsets both. + +.. cfgcmd:: set protocols ospf segment-routing maximum-label-depth <1-16> + + Set the Maximum Stack Depth supported by the router. The value depend of + the MPLS dataplane. + +.. cfgcmd:: set protocols ospf segment-routing prefix <address> index value + <0-65535> + + A segment ID that contains an IP address prefix calculated by an IGP in the + service provider core network. Prefix SIDs are globally unique, this value + indentify it + +.. cfgcmd:: set protocols ospf segment-routing prefix <address> index + <no-php-flag | explicit-null| n-flag-clear> + + this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO + Penultimate Hop Popping that allows SR node to request to its neighbor to + not pop the label. The ‘explicit-null’ flag allows SR node to request to its + neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ + option can be used to explicitly clear the Node flag that is set by default + for Prefix-SIDs associated to loopback addresses. This option is necessary + to configure Anycast-SIDs. + +.. note:: more information related IGP - :ref:`routing-ospf` + +Configuration Example +--------------------- + +we described the configuration SR ISIS / SR OSPF using 2 connected with them to +share label information. + +Enable IS-IS with Segment Routing (Experimental) +================================================ + +**Node 1:** + +.. code-block:: none + + set interfaces loopback lo address '192.168.255.255/32' + set interfaces ethernet eth1 address '192.0.2.1/24' + + set protocols isis interface eth1 + set protocols isis interface lo + set protocols isis net '49.0001.1921.6825.5255.00' + set protocols isis segment-routing global-block high-label-value '599' + set protocols isis segment-routing global-block low-label-value '550' + set protocols isis segment-routing prefix 192.168.255.255/32 index value '1' + set protocols isis segment-routing prefix 192.168.255.255/32 index explicit-null + set protocols mpls interface 'eth1' + +**Node 2:** + +.. code-block:: none + + set interfaces loopback lo address '192.168.255.254/32' + set interfaces ethernet eth1 address '192.0.2.2/24' + + set protocols isis interface eth1 + set protocols isis interface lo + set protocols isis net '49.0001.1921.6825.5254.00' + set protocols isis segment-routing global-block high-label-value '599' + set protocols isis segment-routing global-block low-label-value '550' + set protocols isis segment-routing prefix 192.168.255.254/32 index value '2' + set protocols isis segment-routing prefix 192.168.255.254/32 index explicit-null + set protocols mpls interface 'eth1' + + + +This gives us MPLS segment routing enabled and labels for far end loopbacks: + +.. code-block:: none + + Node-1@vyos:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + ---------------------------------------------------------------------- + 552 SR (IS-IS) 192.0.2.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1 + 15000 SR (IS-IS) 192.0.2.2 implicit-null + 15001 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null + 15002 SR (IS-IS) 192.0.2.2 implicit-null + 15003 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null + + Node-2@vyos:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + --------------------------------------------------------------------- + 551 SR (IS-IS) 192.0.2.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2 + 15000 SR (IS-IS) 192.0.2.1 implicit-null + 15001 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null + 15002 SR (IS-IS) 192.0.2.1 implicit-null + 15003 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null + +Here is the routing tables showing the MPLS segment routing label operations: + +.. code-block:: none + + Node-1@vyos:~$ show ip route isis + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:07:48 + I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, label IPv4 Explicit Null, weight 1, 00:03:39 + + Node-2@vyos:~$ show ip route isis + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:07:46 + I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, label IPv4 Explicit Null, weight 1, 00:03:43 + + +Enable OSPF with Segment Routing (Experimental): +================================================ + +**Node 1** + +.. code-block:: none + + set interfaces loopback lo address 10.1.1.1/32 + set interfaces ethernet eth0 address 192.168.0.1/24 + set protocols ospf area 0 network '192.168.0.0/24' + set protocols ospf area 0 network '10.1.1.1/32' + set protocols ospf parameters opaque-lsa + set protocols ospf parameters router-id '10.1.1.1' + set protocols ospf segment-routing global-block high-label-value '1100' + set protocols ospf segment-routing global-block low-label-value '1000' + set protocols ospf segment-routing prefix 10.1.1.1/32 index explicit-null + set protocols ospf segment-routing prefix 10.1.1.1/32 index value '1' + +**Node 2** + +.. code-block:: none + + set interfaces loopback lo address 10.1.1.2/32 + set interfaces ethernet eth0 address 192.168.0.2/24 + set protocols ospf area 0 network '192.168.0.0/24' + set protocols ospf area 0 network '10.1.1.2/32' + set protocols ospf parameters opaque-lsa + set protocols ospf parameters router-id '10.1.1.2' + set protocols ospf segment-routing global-block high-label-value '1100' + set protocols ospf segment-routing global-block low-label-value '1000' + set protocols ospf segment-routing prefix 10.1.1.2/32 index explicit-null + set protocols ospf segment-routing prefix 10.1.1.2/32 index value '2' + + +This gives us MPLS segment routing enabled and labels for far end loopbacks: + +.. code-block:: none + + Node-1@vyos:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + ----------------------------------------------------------- + 1002 SR (OSPF) 192.168.0.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1 + 15000 SR (OSPF) 192.168.0.2 implicit-null + 15001 SR (OSPF) 192.168.0.2 implicit-null + + Node-2@vyos:~$ show mpls table + Inbound Label Type Nexthop Outbound Label + ----------------------------------------------------------- + 1001 SR (OSPF) 192.168.0.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2 + 15000 SR (OSPF) 192.168.0.1 implicit-null + 15001 SR (OSPF) 192.168.0.1 implicit-null + +Here is the routing tables showing the MPLS segment routing label operations: + +.. code-block:: none + + Node-1@vyos:~$ show ip route ospf + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + O 10.1.1.1/32 [110/0] is directly connected, lo, weight 1, 00:03:43 + O>* 10.1.1.2/32 [110/1] via 192.168.0.2, eth0, label IPv4 Explicit Null, weight 1, 00:03:32 + O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:43 + + Node-2@vyos:~$ show ip route ospf + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + O>* 10.1.1.1/32 [110/1] via 192.168.0.1, eth0, label IPv4 Explicit Null, weight 1, 00:03:36 + O 10.1.1.2/32 [110/0] is directly connected, lo, weight 1, 00:03:51 + O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:51 + |
