RSVP and SR-TE LSPs can be configured with an administrative tag.
The primary application of LSP tagging is to enable the system to resolve to specific transport tunnels (or groups of eligible transport tunnels) for BGP routes for applications such as BGP labeled unicast, VPRN, or EVPN. Additionally, LSP tagging specifies a finer level of granularity on the next-hop or the far-end prefix associated with a BGP labeled unicast route or unlabeled BGP route shortcut tunnels.
LSP tagging is supported using the following capabilities in SRĀ OS:
The ability to associate a color with an exported BGP route. This is signaled using the BGP Color Extended Community described in Section 4.3 of draft-ietf-idr-tunnel-encaps-03. This provides additional context associated with a route that an upstream router can use to help select a distinct transport for traffic associated with that route.
The ability to define a set of administrative tags on a node for locally-coloring imported routes and consequent use in transport tunnel selection. Up to 256 discrete tag values are supported.
The ability to configure a set of administrative tags on an RSVP or SR-TE LSP. This tag is used by applications to refer to the LSP (or set of LSPs with the same tag) for the purposes of transport tunnel selection. Up to four tags are supported per LSP.
The ability to apply one or more administrative tags to include or exclude as an action to a matching route in a BGP route policy. Different admin-tag values can be applied to different VPRN routes, such that different VPRNs can ultimately share the same set of tunnels by having the same admin-tags associated with their VPN routes via matching on RT extended community values.
The ability to match an administrative tag in a route policy for the following service types to the list of available RSVP or SR-TE tunnels (potentially filtered by the resolution filter):
BGP labeled unicast and BGP shortcuts
VPRN with auto-bind-tunnel
EVPN with auto-bind-tunnel
The following provides an overview of how the feature is intended to operate:
Configure a nodal database of admin-tags. Each tag is automatically assigned an internal color. The nodal admin tag database is configured under config>router>admin-tags in the CLI.
Optionally, configure export route policies associating routes with a color extended community. The color extended community allows for a color to be advertised along with specific routes, intended to indicate some property of a transport that a route can be associated with.
Configure a named route-admin-tag-policy containing a list of admin-tags to include or exclude. The route-admin-tag-policy is configured under config>router>admin-tags in the CLI. Up to eight include and exclude statements are supported per policy.
Configure a named route-admin-tag-policy as an action against matching routes in a route policy. An internal route color is applied to matching routes. Examples of a match are on a BGP next-hop or an extended community; for example, the color extended community specified in Section 4.3 of draft-ietf-idr-tunnel-encaps-03. That is, if that policy is later used as an import policy by a service, routes received from, for example, a matching BGP next hop or color-extended community in the policy is given the associated internal color.
Configure admin-tags on RSVP or SR-TE LSPs so that different groups of LSPs can be treated differently by applications that intend to use them. More than one admin-tag can be configured against a specified LSP. Admin-tags are configured using the admin-tag command under config>router>mpls>lsp in the CLI.
Apply a route policy to a service or other object as an import policy. The system then matches the internal color policy of a route against corresponding LSP internal colors in the tunnel table. That set of LSPs can subsequently be limited by a resolution filter. For BGP-LU and BGP shortcut routes, the resolution filter can optionally be restricted to only those LSPs matching the pattern of admin-tags in the route-admin-tag-policy (otherwise the resolution fails) using the enforce-strict-tunnel-tagging option. If enforce-strict-tunnel-tagging is not specified, then the router falls back to untagged LSPs. The tunnels that VPRN and EVPN services can auto-bind to can also be restricted using the enforce-strict-tunnel-tagging option in the auto-bind-tunnel configuration for the service. The following subsections provide more details about how the matching algorithm works.