4.1.3.1. IS-IS PDU Configuration

The following PDUs are used by IS-IS to exchange protocol information:

4.1.3.2. IS-IS Operations

The routers perform IS-IS routing as follows:

4.1.4.1. Partial SPF Calculation

IS-IS supports partial SPF calculation, also referred to as partial route calculation. When an event does not change the topology of the network, IS-IS is not perform full SPF but instead performs an IP reach calculation for the impacted routes. Partial SPF is performed at the receipt of IS-IS LSPs with changes to IP reach TLVs and in general, for any IS-IS LSP TLV and sub-TLV change that does not impact the network topology.

4.1.5.1. Native IPv6 Support

IS-IS IPv6 TLVs for IPV6 routing is supported in SR OS. This support is considered native IPv6 routing within IS-IS. However, it has limitations in that IPv4 and IPv6 topologies must be congruent, otherwise traffic may be blackholed. Service providers should ensure that the IPv4 topology and IPv6 topologies are the same if native IPv6 routing is used within IS-IS.

4.1.6.1. Setting Route Tags

IS-IS route tags are configurable in the following ways:

4.1.6.2. Using Route Tags

Although an operator on this or on a neighboring IS-IS router has configured the setting of the IS-IS administrative tags, it does not have any effect unless policies are configured to instruct how to process the given tag value.

Policies can process tags where IS-IS is either the origin, destination or both origin and destination protocol.

4.1.6.3. Unnumbered Interface Support

IS-IS supports unnumbered point-to-point interface with both Ethernet and PPP encapsulations.

Unnumbered interfaces borrow the address from other interfaces such as system or loopback interfaces and uses it as the source IP address for packets originated from the interface. This feature supports both dynamic and static ARP for unnumbered interfaces to allow interworking with unnumbered interfaces that may not support dynamic ARP.

An unnumbered interface is an IPv4 capability only used in cases where IPv4 is active (IPv4-only and mixed IPv4/IPv6 environments). When configuring an unnumbered interface, the interface specified for the unnumbered interface (system or other) must have an IPv4 address. Also, the interface type for the unnumbered interface automatically is point-to-point. The unnumbered option can be used in IES and VPRN access interfaces, as well as in a network interface with MPLS support.

4.1.7.1. Configuring Segment Routing in Shortest Path

The user enables segment routing in an IGP routing instance using the following sequence of commands.

First, the user configures the global label block, referred to as Segment Routing Global Block (SRGB), which is reserved for assigning labels to segment routing prefix SIDs originated by this router. This range is carved from the system dynamic label range and is not instantiated by default:

Next, the user enables the context to configure segment routing parameters within a given IGP instance:

The key parameter is the configuration of the prefix SID index range and the offset label value which this IGP instance uses. Because each prefix SID represents a network global IP address, the SID index for a prefix must be unique network-wide. Thus, all routers in the network are expected to configure and advertise the same prefix SID index range for a given IGP instance. However, the label value used by each router to represent this prefix, that is, the label programmed in the ILM, can be local to that router by the use of an offset label, referred to as a start label:

Local Label (Prefix SID) = start-label + {SID index}

The label operation in the network becomes thus very similar to LDP when operating in the independent label distribution mode (RFC 5036) with the difference that the label value used to forward a packet to each downstream router is computed by the upstream router based on advertised prefix SID index using the above formula.

Figure 17 shows an example of a router advertising its loopback address and the resulting packet label encapsulation throughout the network.

Figure 17:  Packet Label Encapsulation using Segment Routing Tunnel 

Router N-6 advertises loopback 10.10.10.1/32 with a prefix index of 5.Routers N-1 to N-6 are configured with the same SID index range of [1,100] and an offset label of 100 to 600 respectively. The following are the actual label values programmed by each router for the prefix of PE2:

Similar operations are performed by N-4 and N-5 for the bottom path.

N-1 has an SR tunnel to N-6 with two ECMP paths. It pushes label 205 when forwarding an IP or service packet to N-6 via downstream next-hop N-2 and pushes label 405 when forwarding via downstream next-hop N-4.

The CLI for configuring the prefix SID index range and offset label value for a given IGP instance is as follows:

There are two mutually-exclusive modes of operation for the prefix SID range on the router. In the global mode of operation, the user configures the global value and this IGP instance assumes the start label value as the lowest label value in the SRGB and the prefix SID index range size equal to the range size of the SRGB. After one IGP instance selected the global option for the prefix SID range, all IGP instances on the system are restricted to do the same.

The user must shutdown the segment routing context and delete the prefix-sid-range command in all IGP instances in order to change the SRGB. After the SRGB is changed, the user must re-enter the prefix-sid-range command again. The SRGB range change fails if an already allocated SID index/label goes out of range.

In the per-instance mode of operation, the user partitions the SRGB into non-overlapping sub-ranges among the IGP instances. The user thus configures a subset of the SRGB by specifying the start label value and the prefix SID index range size. All resulting net label values (start-label + index) must be within the SRGB or the configuration fails. Furthermore, the code checks for overlaps of the resulting net label value range across IGP instances and strictly enforces that these ranges do not overlap.

The user must shutdown the segment routing context of an IGP instance in order to change the SID index/label range of that IGP instance using the prefix-sid-range command. In addition, any range change fails if an already allocated SID index/label goes out of range.

The user can, however, change the SRGB on the fly as long as it does not reduce the current per-IGP instance SID index/label range defined with the prefix-sid-range. Otherwise, the user must shutdown the segment routing context of the IGP instance and delete and re-configure the prefix-sid-range command.

Finally, the user brings up segment routing on that IGP instances by un-shutting the context:

This command fails if the user has not previously enabled the router-capability option in the IGP instance. Segment routing is a new capability and needs to be advertised to all routers in a given domain so that routers which support the capability only programs the node SID in the data path towards neighbors which support it.

The IGP segment routing extensions are area-scoped. As a consequence, the user must configure the flooding scope to area in OSPF and to area or as in IS-IS, otherwise performing no shutdown of the segment-routing node fail.

Next, the user assigns a node SID index or label to the prefix representing the primary address of an IPv4 or IPv6 network interface of type loopback using one of the following commands:

Only a single node SID can be assigned to an interface. The secondary address of an IPv4 interface cannot be assigned a node SID index and does not inherit the SID of the primary IPv4 address. The same applies to the non-primary IPv6 addresses of an interface.

Above commands should fail if the network interface is not of type loopback or if the interface is defined in an IES or a VPRN context. Also, assigning the same SID index/label value to the same interface in two different IGP instances is not allowed within the same node.

Also, for OSPF the protocol version number and the instance number dictates if the node-SID index/label is for an IPv4 or IPv6 address of the interface. Specifically, the support of address families in OSPF is as follows:

The value of the label or index SID is taken from the range configured for this IGP instance. When using the global mode of operation, a new segment routing module checks that the same index or label value cannot be assigned to more than one loopback interface address. When using the per-instance mode of operation, this check is not required because the index, and thus the label ranges, of the various IGP instances are not allowed to overlap.

For an individual adjacency, values for the label may be provisioned for an IS-IS or OSPF interface. If they are not provisioned, then they are dynamically allocated by the system from the dynamic label range. The following CLI commands are used:

The value must correspond to a label in a reserved label block in provisioned mode referred to by the srlb command (see Segment Routing Local Block for more details of SRLBs).

A static label value for an adjacency SID is persistent. Therefore, the P-bit of the Flags field in the Adjacency-SID TLV advertised in the IGP is set to 1.

By default, a dynamic adjacency SID is advertised for an interface. However, if a static adjacency SID value is configured, then the dynamic adjacency SID is deleted and only the static adjacency SID used. Changing an adjacency SID from dynamic (for example, no adjacency-sid) to static, or vice versa, may result in traffic being dropped as the ILM is reprogrammed.

For a provisioned adjacency SID for an interface, a backup is calculated similar to a regular adjacency SID when sid-protection is enabled for that interface.

Provisioned adjacency SIDs are only supported on point-to-point interfaces.

4.1.7.2. Announcing ELC, MSD-ERLD, and MSD-BMI with IS-IS

IS-IS has the ability to announce node Entropy Label Capability (ELC), the Maximum Segment Depth (MSD) for node Entropy Readable Label Depth (ERLD) and the Maximum Segment Depth (MSD) for node Base MPLS Imposition (BMI). If needed, exporting the IS-IS extensions into BGP-LS requires no additional configuration. These extensions are standardized through draft-ietf-isis-mpls-elc-10, Signaling Entropy Label Capability and Entropy Readable Label Depth Using IS-IS, and RFC 8491, Signaling Maximum SID Depth (MSD) Using IS-IS.

The ELC, ERLD, and BMI IS-IS values are announced automatically when ISIS prefix attributes and router capabilities are announced and when entropy and segment routing is enabled on the router. The following configuration logic is used.

Segment routing parameters are configured in the following contexts:

configure>router>isis>segment-routing>maximum-sid-depth

configure>router>isis>segment-routing>maximum-sid-depth>override-bmi value

configure>router>isis>segment-routing>maximum-sid-depth>override-erld value

4.1.7.3. Segment Routing Operational Procedures

4.1.7.3.2. Error and Resource Exhaustion Handling

When the prefix corresponding to a node SID is being resolved, the following procedures are followed.

4.1.7.3.2.1. Procedure 1: Providing support of multiple topologies for the same destination prefix

The SR OS supports assigning different prefix-SID indexes and labels to the same prefix in different IGP instances. While other routers that receive these prefix SIDs programs a single route into RTM, based on the winning instance ID as per RTM route type preference, the SR OS adds two tunnels to this destination prefix in TTM. This provides for the support of multiple topologies for the same destination prefix.

For example: In two different instances (L2, IS-IS instance 1 and L1, IS-IS instance 2—see Figure 18), Router D has the same prefix destination, with different SIDs (SIDx and SIDy).

Figure 18:  Programming multiple tunnels to the same destination 

Assume the following route type preference in RTM and tunnel type preference in TTM are configured:

1. ROUTE_PREF_ISIS_L1_INTER (RTM) 15
2. ROUTE_PREF_ISIS_L2_INTER (RTM) 18
3. ROUTE_PREF_ISIS_TTM 10

Note: The TTM tunnel type preference is not used by the SR module. It is put in the TTM and is used by other applications such as VPRN auto-bind and BGP shortcut to select a TTM tunnel.

1. Router A performs the following resolution within the single IS-IS instance 1, level 2. All metrics are the same, and ECMP = 2.
   1. For prefix N, the RTM entry is:
      1. prefix N
      2. nhop1 = B
      3. nhop2 = C
      4. preference 18
   2. For prefix N, the SR tunnel TTM entry is:
      1. tunnel-id 1: prefix N-SIDx
      2. nhop1 = B
      3. nhop2 = C
      4. tunl-pref 10
2. Add IS-IS instance 2 (Level 1) in the same setup, but in routers A, B, and C only.
   1. For prefix N, the RTM entry is:
      1. prefix N
      2. nhop1 = B
      3. preference 15
      RTM prefers L1 route over L2 route
   2. For prefix N, there are two SR tunnel entries in TTM:
      SR entry for L2:
      1. tunnel-id 1: prefix N-SIDx
      2. nhop1 = B
      3. nhop2= C
      4. tunl-pref 10
      SR entry for L1:
      1. tunnel-id 2: prefix N-SIDy

4.1.7.3.2.2. Procedure 2: Resolving received SID indexes or labels to different routes of the same prefix within the same IGP instance

Two variations of this procedure can occur.

1. While SR OS does not allow assigning the same SID index or label to different routes of the same prefix within the same IGP instance, it resolves only one of the duplicate SIDs if received from another SR implementation and based on the RTM active route selection.
2. While SR OS does not allow assigning different SID indexes or labels to different routes of the same prefix within the same IGP instance, it resolves only one of the duplicate SIDs if received from another SR implementation and based on the RTM active route selection.
   The selected SID is used for ECMP resolution to all neighbors. If the route is inter-area and the conflicting SIDs are advertised by different ABRs, ECMP towards all ABRs uses the selected SID.

4.1.7.3.2.3. Procedure 3: Checking for SID error prior to programming ILM and NHLFE

If any of the following conditions are true, the router logs a trap and generates a syslog error message and does not program the ILM and NHLFE for the prefix SID.

1. Received prefix SID index falls outside of the locally configured SID range.
2. One or more resolved ECMP next-hops for a received prefix SID did not advertise SR Capability sub-TLV.
3. Received prefix SID index falls outside the advertised SID range of one or more resolved ECMP next-hops.

4.1.7.3.2.4. Procedure 4: Programming ILM/NHLFE for duplicate prefix-SID indexes/labels for different prefixes

Two variations of this procedure can occur.

1. For received duplicate prefix-SID indexes or labels for different prefixes within the same IGP instance, the router:
   1. programs ILM/NHLFE for the first one
   2. logs a trap and a syslog error message
   3. does not program the subsequent one in data path
2. For received duplicate prefix-SID index for different prefixes across IGP instances, there are two options.
   1. In the global SID index range mode of operation, the resulting ILM label values is the same across the IGP instances. The router:
      1. programs ILM/NHLFE for the prefix of the winning IGP instance based on the RTM route type preference
      1. logs a trap and a syslog error message
      1. does not program the subsequent prefix SIDs in data path
   2. In per-instance SID index range mode of operation, the resulting ILM label has different values across the IGP instances. The router programs ILM/NHLFE for each prefix as expected.

4.1.7.3.2.5. Procedure 5: Programming ILM/NHLFE for the same prefix across IGP instances

The behavior in the case of a global SID index range is illustrated by the IS-IS example in Figure 19.

In global SID index range mode of operation, the resulting ILM label values is the same across the IGP instances. The router programs ILM/NHLFE for the prefix of the winning IGP instance based on the RTM route type preference. The router logs a trap and a syslog error message, and does not program the other prefix SIDs in data path.

In per-instance SID index range mode of operation, the resulting ILM label has different values across the IGP instances. The router programs ILM/NHLFE for each prefix as expected.

Figure 19:  Handling of Same Prefix and SID in different IS-IS Instances 

Assume the following route type preference in RTM and tunnel type preference in TTM are configured:

1. ROUTE_PREF_ISIS_L1_INTER (RTM) 15
2. ROUTE_PREF_ISIS_L2_INTER (RTM) 18
3. ROUTE_PREF_ISIS_TTM 10

Note: The TTM tunnel type preference is not used by the SR module. It is put in the TTM and is used by other applications such as VPRN auto-bind and BGP shortcut to select a TTM tunnel.

1. Router A performs the following resolution within the single IS-IS instance 1, level 2. All metrics are the same, and ECMP = 2.
   1. For prefix N, the RTM entry is:
      1. prefix N
      2. nhop1 = B
      3. nhop2 = C
      4. preference 18
   2. For prefix N, the SR tunnel TTM entry is:
      1. tunnel-id 1: prefix N-SIDx
      2. nhop1 = B
      3. nhop2 = C
      4. tunl-pref 10
2. Add IS-IS instance 2 (Level 1) in the same setup, but in routers A, B, and E only.
   1. For prefix N, the RTM entry is:
      1. prefix N
      2. nhop1 = B
      3. preference 15
      RTM prefers L1 route over L2 route.
   2. For prefix N, there is one SR tunnel entry for L2 in TTM:
      1. tunnel-id 1: prefix N-SIDx
      2. nhop1 = B
      3. nhop2 = C
      4. tunl-pref 10

4.1.7.3.2.6. Procedure 6: Handling ILM resource exhaustion while assigning an SID index/label

If the system exhausted an ILM resource while assigning an SID index/label to a local loopback interface, then index allocation is failed and an error is returned in CLI. In addition, the router logs a trap and generates a syslog error message.

4.1.7.3.2.7. Procedure 7: Handling ILM/NHLFE/other IOM or CPM resource exhaustion while resolving or programming an SID index/label

If the system exhausted an ILM, NHLFE, or any other IOM or CPM resource while resolving and programming a received prefix SID or programming a local adjacency SID, then following occurs.

1. The IGP instance goes into overload and a trap and syslog error message are generated.
2. The segment routing module deletes the tunnel.

The user must manually clear the IGP overload condition after freeing resources. After the IGP is brought back up, it attempts to program at the next SPF all tunnels which previously failed the programming operation.

4.1.7.4. Segment Routing Tunnel Management

The segment routing module adds to TTM a shortest path SR tunnel entry for each resolved remote node SID prefix and programs the data path with the corresponding LTN with the push operation pointing to the primary and LFA backup NHLFEs. The LFA backup next-hop for a given prefix which was advertised with a node SID is only computed if the loopfree-alternates option is enabled in the IS-IS or OSPF instance. The resulting SR tunnel which is populated in TTM is automatically protected with FRR when an LFA backup next-hop exists for the prefix of the node SID.

With ECMP, a maximum of 32 primary next-hops (NHLFEs) are programmed for the same tunnel destination per IGP instance. ECMP and LFA next-hops are mutually exclusive as per existing implementation.

The default preference for shortest path SR tunnels in the TTM is set lower than LDP tunnels but higher than BGP tunnels to allow controlled migration of customers without disrupting their current deployment when they enable segment routing. The following is the setting of the default preference of the various tunnel types. This includes the preference of both SR tunnels based on shortest path (referred to as SR-ISIS and SR-OSPF).

The global default TTM preference for the tunnel types is as follows:

The default value for SR-ISIS or SR-OSPF is the same regardless if one or more IS-IS or OSPF instances programmed a tunnel for the same prefix. The selection of an SR tunnel in this case is based on lowest IGP instance ID.

The TTM preference is used in the case of BGP shortcuts, VPRN auto-bind, or BGP transport tunnel when the tunnel binding commands are configured to the any value which parses the TTM for tunnels in the protocol preference order. The user can choose to either go with the global TTM preference or list explicitly the tunnel types to be used. When the tunnel types are listed explicitly, the TTM preference is still used to select one type over the other. In both cases, a fallback to the next preferred tunnel type is performed if the selected one fails. Also, a reversion to a more preferred tunnel type is performed as soon as one is available. See BGP Shortcut Using Segment Routing Tunnel, BGP Label Route Resolution Using Segment Routing Tunnel, and Service Packet Forwarding with Segment Routing for the detailed service and shortcut binding CLI.

For SR-ISIS and SR-OSPF, the user can configure the preference of each specific IGP instance away from the above default values.

Note: The preference of SR-TE LSP is not configurable and is the second most preferred tunnel type after RSVP-TE. This is independent if the SR-TE LSP was resolved in IS-IS or OSPF.

4.1.7.4.1. Tunnel MTU Determination

The MTU of an SR tunnel populated into TTM is determined as in the case of an IGP tunnel; for example, LDP LSP is based on the outgoing interface MTU minus the label stack size. Segment routing, however, supports remote LFA and TI-LFA which can program an LFA repair tunnel by adding one or more labels.

Based on the above, the user is provided with a CLI to configure the MTU of all SR tunnels within each IGP instance:

CLI Syntax:

config>router>isis (ospf)>segment-routing>tunnel-mtu bytes

There is no default value for this new command. If the user does not configure an SR tunnel MTU, the MTU is fully determined by IGP as explained below.

The MTU of the SR tunnel, in bytes, is then determined as follows:

SR_Tunnel_MTU = MIN {Cfg_SR_MTU, IGP_Tunnel_MTU- (1+ frr-overhead)*4}

Where:

1. Cfg_SR_MTU is the MTU configured by the user for all SR tunnels within a given IGP instance using the above CLI. If no value was configured by the user, the SR tunnel MTU is fully determined by the IGP interface calculation explained next.
2. IGP_Tunnel_MTU is the minimum of the IS-IS or OSPF interface MTU among all the ECMP paths or among the primary and LFA backup paths of this SR tunnel.
3. frr-overhead is set the following parameters:
   1. value of ti-lifa [max-sr-frr-labels labels] if loopfree-alternates and ti-lfa are enables in this IGP instance
   2. 1 if loopfree-alternates and remote-lfa are enabled but ti-lfa is disabled in this IGP instance
   3. Otherwise, it is set to 0

The SR tunnel MTU is dynamically updated anytime any of the above parameters used in its calculation changes. This includes when the set of the tunnel next-hops changes or the user changes the configured SR MTU or interface MTU value.

Note: The above calculated SR tunnel MTU is used for the determination of an SDP MTU and for checking the Layer 2 service MTU. For the purpose of fragmentation of IP packets forwarded in GRT or in a VPRN over an SR shortest path tunnel, the data path always deducts the worst case MTU (5 labels or 6 labels if hash label feature is enabled) from the outgoing interface MTU for the decision to fragment or not the packet. In this case, the above formula is not used.

4.1.7.5. Segment Routing Local Block

Some labels that are provisioned through CLI or a management interface must be allocated from the Segment Routing Local Block (SRLB). The SRLB references a reserved label block configured under config>router>mpls-labels. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for further information on reserved label blocks.

The label block to use is specified by the srlb command under IS-IS or OSPF:

Provisioned labels for adjacency SIDs and adjacency SID sets must be allocated from the configured SRLB. If no SRLB is specified, or the requested label does not fall within the SRLB, or the label is already allocated, then the request is rejected.

4.1.7.6. Entropy Label for IS-IS Segment Routing

The router supports the MPLS entropy label, as specified in RFC 6790, on IS-IS segment-routed tunnels. LSR nodes in a network can load-balance labeled packets in a more granular way than by hashing on the standard label stack. Refer to the MPLS Guide for more information.

Announcing of Entropy Label Capability (ELC) is supported, however processing of Entropy Label Capability (ELC) signaling is not supported for IS-IS segment-routed tunnels. Instead, ELC is configured at the head end LER using the configure router isis entropy-label override-tunnel-elc command. This command causes the router to ignore any advertisements for ELC that may or may not be received from the network, and instead to assume that the whole domain supports entropy labels.

4.1.7.7. Remote LFA with Segment Routing

The user enables the remote LFA next-hop calculation by the IGP LFA SPF by appending the following new option in the existing command which enables LFA calculation:

SPF performs the remote LFA additional computation following the regular LFA next-hop calculation when both of the following conditions are met:

Remote LFA extends the protection coverage of LFA-FRR to any topology by automatically computing and establishing/tearing-down shortcut tunnels, also referred to as repair tunnels, to a remote LFA node which puts the packets back into the shortest without looping them back to the node which forwarded them over the repair tunnel. A repair tunnel can in theory be an RSVP LSP, an LDP-in-LDP tunnel, or an SR tunnel. In SR OS, this feature is restricted to use an SR repair tunnel to the remote LFA node.

The remote LFA algorithm for link protection is described in RFC 7490, Remote Loop-Free Alternate (LFA) Fast Reroute (FRR). Unlike the regular LFA calculation, which is calculated per prefix, the LFA algorithm for link protection is a per-link LFA SPF calculation. As such, it provides protection for all destination prefixes which share the protected link by using the neighbor on the other side of the protected link as a proxy for all these destinations. Assume the topology in Figure 20.

Figure 20:  Remote LFA Algorithm 

When the LFA SPF in node C computes the per-prefix LFA next-hop, prefixes which use link C-B as the primary next-hop has no LFA next-hop due to the ring topology. If node C used node link C-D as a back-up next-hop, node D would loop a packet back to node C. The remote LFA then runs the following algorithm, referred to as the “PQ Algorithm” in RFC 7490:

The details of the label stack encoding when the packet is forwarded over the remote LFA next-hop is shown in Figure 21.

Figure 21:  Remote LFA Next-Hop in Segment Routing 

The label corresponding to the node SID of the PQ node is pushed on top of the original label of the SID of the resolved destination prefix. If node C has resolved multiple node SIDs corresponding to different prefixes of the selected PQ node, it pushes the lowest node SID label on the packet when forwarded over the remote LFA backup next-hop.

If the PQ node is also the advertising router for the resolved prefix, the label stack is compressed in some cases depending on the IGP:

The following rules and limitations apply to the remote LFA implementation:

4.1.7.8. Topology Independent LFA

The Topology-Independent LFA (TI-LFA) feature improves the protection coverage of a network topology by computing and automatically instantiating a repair tunnel to a Q node which is not in the shortest path from the computing node. The repair tunnel uses the shortest path to the P node and a source-routed path from the P node to the Q node.

In addition, the TI-LFA algorithm selects the backup path that matches the post-convergence path. This helps capacity planning in the network since traffic always flows on the same path when transitioning to the FRR next-hop and then onto the new primary next-hop.

At a high level, the TI-LFA link protection algorithm searches for the closest Q node to the computing node and then selects the closest P node to this Q node, up to a maximum number of labels. This is performed on each of the post-convergence paths to each destination node or prefix D.

When the TI-LFA feature is enabled in IS-IS, it provides a TI-LFA link-protect backup path in IS-IS MT=0 for a SR-ISIS IPV4/IPv6 tunnel (node SID and adjacency SID), for a IPv4 SR-TE LSP, and for LDP IPv4 FEC when the LDP fast-reroute backup-sr-tunnel option is enabled.

4.1.7.8.2. TI-LFA Link-Protect Operation

This section describes TI-LFA protection behavior when the loopfree-alternates command is enabled with the remote-lfa and ti-lfa options as described in TI-LFA Configuration.

4.1.7.8.2.1. LFA Protection Option Applicability

Depending on the configured options of the loopfree-alternates command, the LFA SPF in an IGP instance runs algorithms in the following order:

1. Computes a regular LFA for each node and prefix. In this step, a computed backup next-hop satisfies any applied LFA policy.
   This backup next-hop protects that specific prefix or node in the context of IP FRR, LDP FRR, SR FRR, and SR-TE FRR.
2. Follows with the TI-LFA, if the ti-lfa option is enabled for all prefixes and nodes, regardless of the outcome of the first step.
   A prefix or node for which a TI-LFA backup next-hop is found overrides the result from the first step in the context of LDP FRR, if the LDP fast-reroute backup-sr-tunnel option is enabled, in SR FRR and in SR-TE FRR.
   With SR FRR and SR-TE FRR, the TI-LFA next-hop protects the node-SID of that prefix and any adjacency-SID terminating on the node-SID of that prefix.
   The prefix or node continues to use the backup next hop found in Step 1 in the context of LDP FRR (if the LDP fast-reroute backup-sr-tunnel option is disabled), or in IP FRR.
3. Runs remote LFA only for the next-hop of prefixes and nodes which remain unprotected after Step 1 and Step  2 if the remote-lfa option is enabled. A prefix or node for which a remote LFA backup next-hop is found uses it in the context of LDP FRR, when the LDP fast-reroute backup-sr-tunnel option is enabled, in SR FRR and in SR-TE FRR.

To protect an adjacency SID, the LFA selection algorithm uses the following preference order:

1. Adjacency of an alternate parallel link to the same neighbor. If more than one adjacency exists, select one as follows:
   1. adjacency with the lowest metric
   2. adjacency to the neighbor with the lowest router ID (OSPF) or system ID (IS-IS), and the lowest metric
   3. with the lowest interface index and the lowest router ID (OSPF) or system ID (IS-IS)
2. An ECMP next hop to a node-SID of the same neighbor that is different from the next hop of the protected adjacency. If more than one next hop exists, select one as follows:
   1. next hop with the lowest metric
   2. next hop to the neighbor with the lowest router ID (OSPF) or system ID (IS-IS) if same lowest metric
   3. next hop to the lowest interface index if same neighbor router ID (OSPF) or system ID (IS-IS
3. LFA backup outcome of a node SID of the same neighbor, in the following preference order:
   1. TI-LFA backup
   2. LFA backup
   3. RLFA backup

4.1.7.8.2.2. TI-LFA Algorithm

At a high level, the TI-LFA link protection algorithm searches for the closest Q node to the computing node and then selects the closest P node to this Q node, up to a number of labels corresponding to the value of ti-lfa max-sr-frr-labels labels, on each of the post-convergence paths to each destination node or prefix D. Consider the topology in Figure 22 where router R3 computes a TI-LFA next-hop for protecting link R3-R4.

Figure 22:  Selecting Link-Protect TI-LFA Backup Path 

For each destination node D:

1. Compute the post-convergence SPF on the topology without the protected link.
   In Figure 22, R3 finds a single post-convergence path to destination D via R1.

   Note: The post-convergence SPF does not include IGP shortcut.

2. Compute the extended P-Space of R3 with respect to protected link R3-R4 on the post-convergence paths.
   This is the set of nodes Yi in the post-convergence paths which are reachable from R3 neighbors without any path transiting the protected link R3-R4.
   R3 computes an LFA SPF rooted at each of its neighbors within the post-convergence paths, that is, R1, using the following equation:
   Distance_opt(R1, Yi) < Distance_opt(R1, R3) + Distance_opt(R3, Yi)
   Where, Distance_opt(A,B) is the shortest distance between A and B. The extended P-space calculation yields only node R1.
3. Compute Q-space of R3 with respect to protected link R3-R4 in the post-convergence paths.
   This is the set of nodes Zi in the post-convergence paths from which the neighbor node R4 of the protected link, acting as a proxy for all destinations D, can be reached without any path transiting the protected link R3-R4.
   Distance_opt(Zi, R4) < Distance_opt(Zi, R3) + Distance_opt(R3, R4)
   The Q-space calculation yields nodes R2 and R4.
   This is the same computation of the Q-space performed by the remote LFA algorithm, except that the TI-LFA Q-space computation is performed only on the post-convergence.
4. For each post-convergence path, search for the closest Q-node and select the closest P-node to this Q-node, up to a number of labels corresponding to the value of ti-lfa max-sr-frr-labels labels.
   In the topology in Figure 22, there is a single post-convergence path, a single P-node (R1), and the closest of the two found Q-nodes to the P-Node is R2.
   R3 installs the repair tunnel to the P-Q set and includes the node-SID of R1 and the adjacency SID of the adjacency over link R1-R2 in the label stack. Note that since the P-node R1 is a neighbor of the computing node R3, the node SID of R1 is not needed and the label stack of the repair tunnel is compressed to the adjacency SID over link R1-R2 as shown in Figure 22.
   When a P-Q set is found on multiple ECMP post-convergence paths, the following selection rules are applied, in ascending order, to select a set from a single path:
   1. the lowest number of labels
   2. the next-hop to the neighbor router with the lowest router-id (OSPF) or system-id (ISIS)
   3. the next-hop corresponding to the Q node with the lowest router-id (OSPF) or system-id (ISIS)
   If multiple links with adjacency SID exist between the selected P node and the selected Q node, the following rules are used to select one of them:
   1. the adjacency SID with the lowest metric
   2. the adjacency SID with the lowest SID value if same lowest metric

4.1.7.8.2.3. TI-LFA Feature Interaction and Limitations

The following are feature interactions and limitations of the TI-LFA link protection.

1. Enabling the ti-lfa option in an IS-IS or OSPF instance overrides the user configuration of the loopfree-alternate-exclude command under the interface’s context in that IGP instance. In other words, the TI-LFA SPF uses that interface as a backup next-hop if it matches the post-convergence next-hop.

1. Any prefix excluded from LFA protection using the loopfree-alternates exclude prefix-policy prefix-policy command under the IGP instance context is also excluded from TI-LFA.

1. Since the post-convergence SPF does not use paths transiting on a node in IS-IS overload, the TI-LFA backup path automatically does not transit on the a node.

1. IES interfaces are skipped in TI-LFA computation since they do not support Segment Routing with MPLS encapsulation. If the only found TI-LFA backup next-hop matches an IES interface, IGP treats this as if there were no TI-LFA backup paths and falls back to using either a remote LFA or regular LFA backup path as per the selection rules in LFA Protection Option Applicability.

1. The TI-LFA feature provides link-protection only. Thus, if the protected link is a broadcast interface, the TI-LFA algorithm only guarantees protection of that link and not of the Pseudo-Node (PN) corresponding to that shared subnet. In other words, if the PN is in the post-convergence path, the TI-LFA backup path may still traverse again the PN. For example, node E in Figure 23 computes a TI-LFA backup path to destination D via E-C-PN-D because it is the post-convergence path when excluding link E-PN from the topology. This TI-LFA backup does not protect against the failure of the PN.

Figure 23:  TI-LFA Backup Path via a Pseudo-Node  

1. When the computing router selects an adjacency SID among a set of parallel adjacencies between the P and Q nodes, the selection rules in step 4 of TI-LFA Algorithm are used. However, these rules may not yield the same interface the P node itself would have selected in its post-convergence SPF since the latter is based on the lowest value of the locally managed interface index.
   For example, node A in Figure 24 computes the link-protect TI-LFA backup path for destination node E as path A-C-E, where C is the P node and E is the Q node and destination. C has a pair of adjacency SIDs with the same metric to E. Node A selects the adjacency over the P2P link C-E because it has the lowest SID value but node C may select the interface C-PN in its post-convergence path calculation if that interface has a lower interface index than P2P link C-E.

   Figure 24:  Parallel Adjacencies between P and Q Nodes 

   

1. When a node SID is advertised by multiple routers (anycast SID), the TI-LFA algorithm on a router which resolves the prefix of this SID computes the backup next-hop toward a single node owner of the prefix based on the rules for prefix and SID ECMP next-hop selection.

4.1.7.9. Node Protection Support in TI-LFA and Remote LFA

This feature extends the Remote LFA and TI-LFA features by adding support for node protection. The extensions are additions to the original link-protect LFA SPF algorithm.

When node protection is enabled, the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. This feature protects against the failure of a downstream node in the path of the prefix of a node SID except for the node owner of the node SID.

4.1.7.9.2. TI-LFA Node-Protect Operation

The SR OS supports the node-protect extensions to the TI-LFA algorithm as described in draft-bashandy-rtgwg-segment-routing-ti-lfa-05.

Figure 25 shows a simple topology to illustrate the operation of the node-protect in the TI-LFA Algorithm.

Figure 25:  Application of the TI-LFA Algorithm for Node Protection 

The first change is that the algorithm has to protect a node instead of a link.

The following topology computations pertain to Figure 25:

1. Compute post-convergence SPF on the topology without the protected node.
   In Figure 25, R1 computes TI-LFA on the topology without the protected node R2 and finds a single post-convergence path to destination D via R3 and R6.
   Prefixes owned by all other nodes in the topology have a post-convergence path via R3 and R6 except for prefixes owned by node R2. The latter uses the link R3-R2 and they can only benefit from link protection.
2. Compute extended P-Space of R1 with respect to protected node R2 on the post-convergence paths.
   This is the set of nodes Yi in the post-convergence paths that are reachable from R1 neighbors, other than protected node R2, without any path transiting the protected node R2.
   R1 computes an LFA SPF rooted at each of its neighbors within the post-convergence paths, for example, R3, using the following equation:
   Distance_opt(R3, Yi) < Distance_opt(R3, R2) + Distance_opt(R2, Yi)
   Where:
   Distance_opt(A,B) is the shortest distance between A and B.
   The extended P-space calculation yields node R3 only.
3. Compute Q-space of R1 with respect to protected link R1-R2 on the post-convergence paths.
   This is the set of nodes Zi in the post-convergence paths from which node R2 can be reached without any path transiting the protected link R1-R2.
   Distance_opt(Zi, R2) < Distance_opt(Zi, R1) + Distance_opt(R1, R2)
   The reverse SPF for the Q-space calculation is the same as in the link-protect algorithm and uses the protected node R2 as the proxy for all destination prefixes. Note that if the Q-space were to be computed with respect to the protected node R2 instead of link R1-R2, a reverse SPF would have to be done to each destination D which is very costly and would not scale. Computing Q-space with respect to link R1-R2 however means the algorithm only guarantees the path from the computing node to the Q node is node-protecting. The path from the Q node to the destination Dis not guaranteed to avoid the protected node R2. The intersection of the Q-space with post-convergence path is modified in the next step to mitigate this risk.
   This step yields nodes R3, R4, R5, and R6.
4. For each post-convergence path, search for the closest Q-node to destination D and select the closest P-node to this Q-node, up to a number of labels corresponding to the value of ti-lfa max-sr-frr-labels labels.
   This step yields the following P-Q sets depending on the value of the parameter max-sr-frr-labels:
   1. max-sr-frr-labels=0, R3 is the closest Q node to the destination D and R3 is the only P node. This case is the one which results in link protection via PQ node R3.
   2. max-sr-frr-labels=1, R6 is the closest Q node to the destination D and R3 is the only P node. The repair tunnel for this case uses the SID of the adjacency over link R3-R6 and is illustrated in Figure 25.
   3. max-sr-frr-labels=2, R5 is the closest Q node to the destination D and R3 is the only P node. The repair tunnel for this case uses the SIDs of the adjacencies over links R3-R6 and R6-R5.
   4. max-sr-frr-labels=3, R4 is the closest Q node to the destination D and R3 is the only P node. The repair tunnel for this case uses the SIDs of the adjacencies over links R3-R6, R6-R5, and R5-R4.
   Note this step of the algorithm is modified from link protection which prefers Q nodes which are the closest to the computing router R1. This is to minimize the probability that the path from the Q node to the destination D goes via the protected node R2 as explained in step 2. There is however still a probability that the found P-Q set achieves link protection only.
5. Select the P-Q Set.
   If a candidate P-Q set is found on each of the multiple ECMP post-convergence paths in step 4, the following selection rules are applied in ascending order to select a single set:
   1. lowest number of labels
   2. lowest next-hop router-id
   3. lowest interface index if same next-hop router-id
   If multiple parallel links with adjacency SID exist between the P and Q nodes of the selected P-Q set, the following rules are used to select one of them:
   1. Adjacency SID with lowest metric
   2. Adjacency SID with the lowest SID value if same lowest metric

For each destination prefix D, R1 programs the TI-LFA repair tunnel (max-sr-frr-labels=1):

1. For prefixes other than those owned by node R2 and R3, R1 programs a node-protect repair tunnel to the P-Q pair R3-R6 by pushing the SID of adjacency R3-R6 on top of the SID for destination D and programming a next-hop of R3.
2. For prefixes owned by node R2, R1 runs the link-protect TI-LFA algorithm and programs a simple link-protect repair tunnel which consists of a backup next-hop of R3 and pushing no additional label on top of the SID for the destination prefix.
3. Prefixes owned by node R3 are not impacted by the failure of R2 since their primary next-hop is R3.

4.1.7.9.3. Remote LFA Node-Protect Operation

SR OS supports the node-protect extensions to the Remote LFA algorithm as described in RFC 8102.

Remote LFA follows a similar algorithm as TI-LFA but does not limit the scope of the calculation of the extended P-Space and of the Q-Space to the post-convergence paths.

Remote LFA adds an extra forward SPF on behalf of the PQ node to make sure that for each destination the selected PQ node does not use a path via the protected node.

Figure 26 shows a slightly modified topology from that in Figure 25. A new node R7 is added to the top ring and the metric for link R3-R6 is modified to 100.

Figure 26:  Application of the Remote LFA Algorithm for Node Protection 

Applying the node protect remote LFA algorithm to this topology yields the following steps:

1. Compute extended P-Space of R1 with respect to protected node R2.
   This is the set of nodes Yi which are reachable from R1 neighbors, other than protected node R2, without any path transiting the protected node R2.
   R1 computes a LFA SPF rooted at each of its neighbors, in this case, R7, using the following equation:
   Distance_opt(R7, Yi) < Distance_opt(R7, R2) + Distance_opt(R2, Yi)
   Where Distance_opt(A,B) is the shortest distance between A and B.
   Nodes R7, R3 and R6 satisfy this inequality.
2. Compute Q-space of R1 with respect to protected link R1-R2.
   This is the set of nodes Zi from which node R2 can be reached without any path transiting the protected link R1-R2.
   Distance_opt(Zi, R2) < Distance_opt(Zi, R1) + Distance_opt(R1, R2)
   The reverse SPF for the Q-space calculation is the same as in the remote LFA link-protect algorithm and uses the protected node R2 as the proxy for all destination prefixes.
   This step yields nodes R3, R4, R5, and R6.
   Therefore, the candidate PQ nodes after this step are nodes R3 and R6.
3. For each PQ node found, run a forward SPF to each destination D.
   This step is required to select only the subset of PQ nodes which does not traverse protected node R2.
   Distance_opt(PQi, D) < Distance_opt(PQi, R2) + Distance_opt(R2, D)
   Of the candidates PQ nodes R3 and R6, only PQ node R6 satisfies this inequality.
   Note this step of the algorithm is applied to the subset of candidate PQ nodes out of steps 1 and 2 and to which the parameter max-pq-cost was already applied. This subset is further reduced in this step by retaining the candidate PQ nodes which provide the highest coverage among all protected nodes in the topology and which number does not exceed the value of parameter max-pq-nodes.
   In case of multiple candidate PQ nodes out of this step, the detailed selection rules of a single PQ node from the candidate list is provided in Step 4.
4. Select a PQ Node.
   If multiple PQ nodes satisfy the criteria in all the above steps, then R1 further selects the PQ node as follows:
   1. selects the lowest IGP cost from R1
   2. If more than one remains, R1 selects the PQ node reachable via the neighbor with the lowest router-id (OSPF) or system-id (ISIS);
   3. If more than one remains, R1 selects the PQ node with the lowest router-id (OSPF) or system-id (ISIS).

For each destination prefix D, R1 programs the remote LFA backup path:

1. For prefixes of R5, R4 or downstream of R4, R1 programs a node-protect remote LFA repair tunnel to the PQ node R6 by pushing the SID of node R6 on top of the SID for destination D and programming a next-hop of R7.
2. For prefixes owned by node R2, R1 runs the link-protect remote LFA algorithm and programs a simple link-protect repair tunnel which consists of a backup next-hop of R7 and pushing the SID of PQ node R3 on top of the SID for the destination prefix D.
3. Prefixes owned by nodes R7, R3, and R6 are not impacted by the failure of R2 since their primary next-hop is R7.

4.1.7.10. IPv6 Segment Routing using MPLS Encapsulation

This feature implements support for SR IPv6 tunnels in IS-IS MT=0. The user can configure a node SID for the primary IPv6 global address of a loopback interface, which then gets advertised in IS-IS. IS-IS automatically assigns and advertises an adjacency SID for each adjacency with an IPv6 neighbor. After the node SID is resolved, it is used to install an IPv6 SR-ISIS tunnel in the TTM for use by the services.

4.1.7.11. Data Path Support

A packet received with a label matching either a node SID or an adjacency SID is forwarded according to the ILM type and operation, as described in Table 11.

A router forwarding an IP or a service packet over an SR tunnel pushes a maximum of two transport labels with a remote LFA next-hop. This is illustrated in Figure 27.

Figure 27:  Transport Label Stack in Shortest Path Forwarding with Segment Routing 

Assume that a VPRN service in node B forwards a packet received on a SAP to a destination VPN-IPv4 prefix X advertised by a remote PE2 via ASBR/ABR node A. Router B is in a segment routing domain while PE2 is in an LDP domain. BGP label routes are used to distribute the PE /32 loopbacks between the two domains.

When node B forwards over the primary next-hop for prefix X, it pushes the node SID of the ASBR followed by the BGP 3107 label for PE2, followed by the service label for prefix X. When the remote LFA next-hop is activated, node B pushes one or more segment routing label: the node SID for the remote LFA backup node (node N).

When node N receives the packet while the remote LFA next-hop is activated, it pops the top segment routing label which corresponds to a local node SID. This results in popping this label and forwarding of the packet to the ASBR node over the shortest path (link N-Z).

When the ABR/ASBR node receives the packet from either node B or node Z, it pops the segment routing label which corresponds to a local node SID, then swaps the BGP label and pushes the LDP label of PE2 which is the next-hop of the BGP label route.

4.1.7.12. IS-IS Control Protocol Changes

This section describes the IS-IS Control Protocol Changes. See OSPF Control Protocol Changes for details on OSPF control protocol changes.

4.1.7.13. BGP Shortcut Using Segment Routing Tunnel

The user enables the resolution of IPv4 prefixes using SR tunnels to BGP next-hops in TTM with the following command:

When resolution is set to any, any supported tunnel type in BGP shortcut context is selected following TTM preference. The following tunnel types are supported in a BGP shortcut context and in order of preference: RSVP, LDP, Segment Routing and BGP.

When the sr-isis or sr-ospf value is enabled, an SR tunnel to the BGP next-hop is selected in the TTM from the lowest preference IS-IS or OSPF instance. If many instances have the same lowest preference from the lowest numbered IS-IS or OSPF instance.

See the BGP chapter for more details.

4.1.7.14. BGP Label Route Resolution Using Segment Routing Tunnel

The user enables the resolution of RFC 3107 BGP label route prefixes using SR tunnels to BGP next-hops in TTM with the following command:

When the resolution option is explicitly set to disabled, the default binding to LDP tunnel resumes. If resolution is set to any, any supported tunnel type in BGP label route context is selected following TTM preference.

The following tunnel types are supported in a BGP label route context and in order of preference: RSVP, LDP, and Segment Routing.

When the sr-isis or sr-ospf is specified using the resolution-filter option, a tunnel to the BGP next-hop is selected in the TTM from the lowest numbered IS-IS or OSPF instance.

See the BGP chapter for more details.

4.1.7.15. Service Packet Forwarding with Segment Routing

SDP subtypes of the MPLS type are available to allow service binding to an SR tunnel programmed in TTM by OSPF or IS-IS:

*A:7950 XRS-20# configure service sdp 100 mpls create

*A:7950 XRS-20>config>service>sdp$ sr-ospf

*A:7950 XRS-20>config>service>sdp$ sr-isis

The SDP of type sr-isis or sr-ospf can be used with the far-end option. When the sr-isis or sr-ospf value is enabled, a tunnel to the far-end address is selected in the TTM from the lowest preference IS-IS or OSPF instance. If many instances have the same lowest preference from the lowest numbered IS-IS or OSPF instance. The SR-ISIS or SR-OSPF tunnel is selected at the time of the binding, following the tunnel selection rules. If a more preferred tunnel is subsequently added to the TTM, the SDP does not automatically switch to the new tunnel until the next time the SDP is being re-resolved.

The tunnel-far-end option is not supported. In addition, the mixed-lsp-mode option does not support the sr-isis and sr-ospf tunnel types.

The signaling protocol for the service labels for an SDP using an SR tunnel can be configured to static (off), T-LDP (tldp), or BGP (bgp).

SR tunnels can be used in VPRN and BGP EVPN with the auto-bind-tunnel command. See Next-Hop Resolution for more information.

Both VPN-IPv4 and VPN-IPv6 (6VPE) are supported in a VPRN or BGP EVPN service using segment routing transport tunnels with the auto-bind-tunnel command.

See BGP and refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN for more information about the VPRN auto-bind-tunnel CLI command.

4.1.7.16. Mirror Services and Lawful Intercept

The user can configure a spoke-SDP bound to an SR tunnel to forward mirrored packets from a mirror source to a remote mirror destination. In the configuration of the mirror destination service at the destination node, the remote-source command must use a spoke-sdp with VC-ID which matches the one the user configured in the mirror destination service at the mirror source node. The far-end option is not supported with an SR tunnel.

This also applies to the configuration of the mirror destination for an LI source.

Configuration at mirror source node:

Note: sdp-id matches an SDP which uses an SR tunnel for vc-label, both static and t-ldp egress vc labels are supported

Configuration at mirror destination node:

Note: the far-end command is not supported with SR tunnel at mirror destination node; user must reference a spoke-SDP using a segment routing SDP coming from mirror source node: far-end ip-address [vc-id vc-id] [ing-svc-label ingress-vc-label | tldp] [icb] no far-end ip-address for vc-label, both static and t-ldp ingress vc labels are supported

Mirroring and LI are also supported with the PW redundancy feature when the endpoint spoke-sdp, including the ICB, is using an SR tunnel. Routable Lawful Intercept Encapsulation (config>mirror>mirror-dest>encap# layer-3-encap) when the remote L3 destination is reachable over an SR tunnel is also supported.

4.1.7.17. Class-Based Forwarding for SR-ISIS over RSVP-TE LSPs

To enable CBF+ECMP for SR-ISIS over RSVP-TE:

When SR-ISIS resolves to an ECMP set of RSVP-TE LSPs and class forwarding is enabled in the segment routing context, the following behaviors apply:

4.1.7.18. Segment Routing Traffic Statistics

This section describes capabilities and procedures applicable to IS-IS, OSPFv2, and OSPFv3.

SR OS can enable and collect SID traffic statistics on the ingress and egress data paths. Statistics can also be shown, monitored, and cleared, as well as accessed using telemetry.

IS-IS and OSPFv2 support Node SID, Adjacency SID, and Adjacency Set statistics. OSPFv3 supports Node SID and Adjacency SID statistics. The following commands are used to enter the context that allows for configuring the types of SIDs for which to collect traffic statistics.

By default, statistics collection is disabled on all types of SIDs. If statistics are disabled (after having been enabled), the statistics indices that were allocated are released and the counter values are cleared.

On ingress, depending on which types of SIDs have statistics enabled, the following apply:

On egress, depending on which types of SIDs have statistics enabled, the following apply:

Note: The statistic indices constitute a finite resource. The system may not be able to allocate as many indices as needed. In this case, the system issues a notification and automatically retries to allocate statistic indices, but does not issue further notifications in case it still fails to allocate the needed statistic indices. If the system successfully allocates all the required statistic indices to IGP SIDs, then a second notification is issued to inform the user. A state variable records whether a SID has an index allocated.

Note: The allocation of statistic indices is non-deterministic. If more statistic indices are required system-wide, for example, upon a reboot, the system may not be able to re-allocate the statistic indices to the same entities as before the reboot.

4.1.8.1. Segment Routing Mapping Server

The mapping server feature allows the configuration and advertisement via IS-IS of the node SID index for prefixes of routers which are in the LDP domain. This is performed in the router acting as a mapping server and using a prefix-SID sub-TLV within the SID/Label binding TLV in IS-IS.

The user configures the SR mapping database in IS-IS using the following CLI command:

The user can enter the node SID index for one prefix or a range of prefixes by specifying the first index value and, optionally, a range value. The default value for the range option is 1. Only the first prefix in a consecutive range of prefixes must be entered. The user can enter the first prefix with a mask lower than 32 and the SID/Label Binding TLV is advertised but the routers do not resolve these prefix SIDs and instead originates a trap.

The no form of the sid-map command deletes the range of node SIDs beginning with the specified index value. The no form of the mapping-server command deletes all node SID entries in the IS-IS instance.

By setting the S-flag, the user can indicate to the IS-IS routers in the rest of the network that the flooding scope of the SID/Label binding TLV is the entire domain. In that case, a router receiving the TLV advertisement should leak it between IS-IS levels. If leaked from level 2 to level 1, the D-flag must be set, after which the TLV cannot be leaked back into level 2. Otherwise, the S-flag is clear by default and the TLV must not be leaked by routers receiving the mapping server advertisement.

Note: SR OS does not leak this TLV between IS-IS instances and does not support the multi-topology SID/Label Binding TLV format. In addition, the user can specify the mapping server’s flooding scope for the generated SID/Label binding TLV using the level option. This option allows further narrowing of the flooding scope configured under the router IS-IS level-capability for a one or more SID/Label binding TLVs if required. The default flooding scope of the mapping server is L1/L2, which can be narrowed by what is configured under the router IS-IS level-capability.

The A-flag is used to indicate that a prefix for which the mapping server prefix SID is advertised is directly attached. The M-flag is used to advertise a SID for a mirroring context to provide protection against the failure of a service node. None of these flags are supported on the mapping server; the mapping client ignores them.

Each time a prefix or a range of prefixes is configured in the SR mapping database in any routing instance, the router issues for this prefix, or range of prefixes, a prefix-SID sub-TLV within a IS-IS SID/label binding TLV in that instance. The flooding scope of the TLV from the mapping server is determined as explained above. No further check of the reachability of that prefix in the mapping server route table is performed and no check if the SID index is duplicate with some existing prefix in the local IGP instance database or if the SID index is out of range with the local SRGB.

4.1.8.2. Prefix SID Resolution for Segment Routing Mapping Server

4.1.9.1. Configuring Micro-loop Avoidance

The following command enables the micro-loop avoidance feature within each IGP instance:

fib-delay : [1..300] - default: 15, in 100s of milliseconds

The fib-delay timer should be configured to a value that corresponds to the worst-case IGP convergence in a given network domain. The default value of 1.5 seconds (1500 milliseconds) corresponds to a network with a nominal convergence time.

When this feature is disabled using the no micro-loop-avoidance command, any active FIB delay timer is forced to expire immediately and the new next hops are programmed for all impacted node SIDs. The feature is disabled for the next SPF runs.

When this feature is enabled, the following scenarios apply:

4.1.9.2. Micro-Loop Avoidance Algorithm Process

The SR OS micro-loop avoidance algorithm provides a loop-free mechanism in accordance with IETF draft-bashandy-rtgwg-segment-routing-uloop. The algorithm supports a single event on a P2P link or broadcast link with two neighbors for only the following cases:

Using the algorithm, the router applies the following micro-loop avoidance process.

Note: If a new SPF is scheduled while the fib-delay timer is running, the timer is forced to expire and the entire procedure is aborted. If a CPM switchover is triggered while the fib-delay timer is running, the timer is forced to expire and the entire procedure is aborted. In both cases, the next hops from the most recently run SPF are programmed for all impacted node SIDs. A subsequent event restarts the procedure at Step 1.

4.1.9.3. Micro-Loop Avoidance for Link Addition, Restoration, or Metric Decrease

The network topology in Figure 28 depicts an example of link addition or restoration.

Figure 28:  Micro-Loop Avoidance in Link Addition or Restoration 

The micro-loop avoidance algorithm performs the following steps in the network topology example in Figure 28.

4.1.9.4. Micro-Loop Avoidance for Link Removal, Failure, or Metric Increase

The network topology in Figure 29 depicts an example of link removal or failure.

Figure 29:  Micro-Loop Avoidance in Link Removal or Failure 

The micro-loop avoidance algorithm performs the following steps in the network topology example in Figure 29.