Segment Routing can be used with multi-area OSPF or multi-level ISIS, and it can even be used with redistribution between OSPF and ISIS. However, the catch is that adjacency SIDs cannot be advertised when running SR in topologies such as this. Adjacency SIDs only make sense if all routers synchronize their database and have a shared understanding of the topology. With multi-area/level IGP, the inter-area routes are essentially just distance-vector. Topology information is lost for the purpose of scalability. We can still advertise prefix-SIDs across IGP area/level/process boundaries and obtain end-to-end LSPs though. We will just lose the ability to do FRR, TE, etc.
We’ll re-use our topology from the Introduction series:
ISIS Multi-Level Prefix-SID Distribution
The lab is still configured with ISIS and it is a flat level 2 topology. We will configure R1 and Gi1 of R2 as level 1, and leave everything else as level 2 in area 0001.
#R1
router isis
no net 49.0001.0000.0000.0001.00
net 49.0002.0000.0000.0001.00
is-type level-1
#R2
router isis
no net 49.0001.0000.0000.0001.00
net 49.0002.0000.0000.0002.00
! By default a router is an L1/L2 router. We will simply remove L2 only.
no is-type level-2-only
By default all L2 routers will know 1.1.1.1/32 with prefix-SID index 1, but R1 will only know R2’s prefix SID.
R4#show ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via "isis", distance 115, metric 30, type level-2
Redistributing via isis
Last update from 10.2.4.2 on GigabitEthernet1, 00:01:06 ago
SR Incoming Label: 16001
Routing Descriptor Blocks:
* 10.2.4.2, from 2.2.2.2, 00:01:06 ago, via GigabitEthernet1, prefer-non-rib-labels, merge-labels
Route metric is 30, traffic share count is 1
MPLS label: 16001
MPLS Flags: NSF
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.1.2.2-A 0 Gi1 10.1.2.2
16002 Pop Label 2.2.2.2/32 0 Gi1 10.1.2.2
A - Adjacency SID
R2’s level 2 LSP shows 1.1.1.1/32 as a L1 route that was re-advertised. (You can tell this by the R flag being set). The prefix SID is automatically included. But all adjacency information is lost.
R1 is missing routes because, by default, ISIS propagates L1 routes into the L2, but filters all L2 routes from L1. L1 routers must rely on the attached bit from an L1/L2 router to route outside their area. But to faciliate LSPs between R1 and other routers in level 2, we need to specifically know the /32s and their associated prefix SIDs. Let’s leak /32 routes from L2 into L1 on R2.
#R2
ip prefix-list LOOPBACKS permit 0.0.0.0/0 ge 32
!
route-map LOOPBACKS
match ip address prefix-list LOOPBACKS
!
router isis
redistribute isis ip level-2 into level-1 route-map LOOPBACKS
#R1
show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.1.2.2-A 0 Gi1 10.1.2.2
16002 Pop Label 2.2.2.2/32 0 Gi1 10.1.2.2
16003 16003 3.3.3.3/32 0 Gi1 10.1.2.2
16004 16004 4.4.4.4/32 0 Gi1 10.1.2.2
16005 16005 5.5.5.5/32 0 Gi1 10.1.2.2
A - Adjacency SID
R2 now leaks /32s into level 1, and automatically includes the prefix SIDs.
Let’s swap the ISIS L1 for OSPF area 0 and preform redistribution of /32s between the routing protocols.
#R1
no router isis
router ospf 1
segment-routing mpls
network 0.0.0.0 255.255.255.255 area 0
!
int Gi1
ip ospf network point-to-point
#R2
int Gi1
no ip router isis
ip ospf network point-to-point
!
router ospf 1
segment-routing mpls
redistribute isis route-map LOOPBACKS
network 10.1.2.0 0.0.0.255 area 0
network 2.2.2.2 255.255.255.255 area 0
!
router isis
redistribute ospf 1 route-map LOOPBACKS
R1 learns the prefix SIDs for the /32s of the routers in the ISIS topology via Opaque Type 11 LSAs. These are AS flooded LSAs instead of the Opaque Type 10 LSAs which are only area flooded. The reason for this is that the /32s prefixes are known via Type 5 LSAs that R2 injected, so the Opaque LSAs flood throughout the AS to match the behaviour of the Type 5 LSAs.
R1#show ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 177 0x80000003 0x006B75 3
2.2.2.2 2.2.2.2 122 0x80000004 0x000DC7 3
Type-10 Opaque Area Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Opaque ID
1.0.0.0 1.1.1.1 187 0x80000001 0x0058D1 0
1.0.0.0 2.2.2.2 178 0x80000001 0x005CC5 0
1.0.0.1 1.1.1.1 177 0x80000001 0x0071AA 1
1.0.0.1 2.2.2.2 178 0x80000001 0x000913 1
4.0.0.0 1.1.1.1 187 0x80000001 0x00D28C 0
4.0.0.0 2.2.2.2 178 0x80000001 0x00B4A6 0
7.0.0.0 1.1.1.1 187 0x80000001 0x00EFA7 0
7.0.0.0 2.2.2.2 178 0x80000001 0x001E70 0
8.0.0.7 1.1.1.1 177 0x80000001 0x00EFAC 7
8.0.0.7 2.2.2.2 178 0x80000001 0x005D40 7
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
3.3.3.3 2.2.2.2 121 0x80000001 0x00216B 0
4.4.4.4 2.2.2.2 121 0x80000001 0x00F295 0
5.5.5.5 2.2.2.2 121 0x80000001 0x00C4BF 0
6.6.6.6 2.2.2.2 121 0x80000001 0x0096E9 0
Type-11 Opaque AS Link States
Link ID ADV Router Age Seq# Checksum Opaque ID
7.0.0.0 2.2.2.2 121 0x80000001 0x00BAC9 0
7.0.0.1 2.2.2.2 121 0x80000001 0x00FC81 1
7.0.0.2 2.2.2.2 121 0x80000001 0x003F39 2
7.0.0.3 2.2.2.2 121 0x80000001 0x0081F0 3
If we look at one of the Type 11 LSAs, we can see that functionally it looks very similar to the Type 10 LSA.
R1#show ip ospf database opaque-as 7.0.0.0
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-11 Opaque AS Link States
LS age: 170
Options: (No TOS-capability, DC)
LS Type: Opaque AS Link
Link State ID: 7.0.0.0
Opaque Type: 7 (Extended Prefix)
Opaque ID: 0
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xBAC9
Length: 44
TLV Type: Extended Prefix
Length: 20
Prefix : 3.3.3.3/32
AF : 0
Route-type: External
Flags : None
Sub-TLV Type: Prefix SID
Length: 8
Flags : NP-bit
MTID : 0
Algo : SPF
SID : 3
One big difference in the Type 11 LSA is that the N-bit is not set under the Flags. The N-bit signifies that the prefix-SID is the Node SID that represents the advertising router. Additionally the NP-bit is set, which means No PHP. R1 should not pop the label, as R2 is not the owner of 3.3.3.3/32.
Compare this to the Type 10 LSA that 2.2.2.2 originates for its own loopback. The N-bit is set, and the NP-bit is not set.
R1#show ip ospf database opaque-area 7.0.0.0 adv-router 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-10 Opaque Area Link States (Area 0)
LS age: 274
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.0
Opaque Type: 7 (Extended Prefix)
Opaque ID: 0
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x1E70
Length: 44
TLV Type: Extended Prefix
Length: 20
Prefix : 2.2.2.2/32
AF : 0
Route-type: Intra
Flags : N-bit
Sub-TLV Type: Prefix SID
Length: 8
Flags : None
MTID : 0
Algo : SPF
SID : 2
Similarly, R2 sets the P bit on the external 1.1.1.1/32 that it redistributes into ISIS. This means “PHP off.” Note that this was also true for the previous section with multi-level ISIS. Inter-area /32s were advertised with the PHP off bit set. R2 needs to advertise 1.1.1.1/32 into the ISIS domain but ensure that other routers dont pop the label when sending traffic towards R2, as if R2 actually owned this prefix.
We’ll now change the ISIS level 2 to OSPF Area 1. Area 0 and Area 1 should learn inter-area routes to the /32 loopbacks via Type 3 LSAs.
#R2
no router isis
router ospf 1
no redistribute isis level-2
network 10.2.3.0 0.0.0.255 area 1
network 10.2.4.0 0.0.0.255 area 1
!
int range Gi2-3
ip ospf network point-to-point
#XR3
no router isis 1
router ospf 1
segment-routing mpls
area 1
int Gi0/0/0/0
network point-to-point
int Gi0/0/0/1
network point-to-point
int Gi0/0/0/2
network point-to-point
int Lo0
prefix-sid index 3
#R4
no router isis
router ospf 1
segment-routing mpls
network 0.0.0.0 255.255.255.255 area 1
!
int range Gi1-3
ip ospf network point-to-point
#R6
no router isis
router ospf 1
segment-routing mpls
network 0.0.0.0 255.255.255.255 area 1
!
int range Gi1-3
ip ospf network point-to-point
#XR5
no router isis 1
router ospf 1
segment-routing mpls
area 1
int Gi0/0/0/0
network point-to-point
int Lo0
prefix-sid index 5
By default, intra-area routes are advertised to other areas at ABRs via Type 3 LSAs. The ABR in this topology is R2. R1 knowns the prefix SIDs of all routers in the topology:
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.1.2.2-A 0 Gi1 10.1.2.2
16002 Pop Label 2.2.2.2/32 0 Gi1 10.1.2.2
16003 16003 3.3.3.3/32 0 Gi1 10.1.2.2
16004 16004 4.4.4.4/32 0 Gi1 10.1.2.2
16005 16005 5.5.5.5/32 0 Gi1 10.1.2.2
16006 16006 6.6.6.6/32 0 Gi1 10.1.2.2
This is because R2 advertises all /32s as Type 3 LSAs, and then advertises a corresponding Type 10 Opaque LSA for these prefixes:
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 959 0x80000015 0x004787 3
2.2.2.2 2.2.2.2 386 0x80000017 0x00E3DE 3
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
3.3.3.3 2.2.2.2 330 0x80000001 0x00D650
4.4.4.4 2.2.2.2 238 0x80000001 0x00A87A
5.5.5.5 2.2.2.2 186 0x80000001 0x008E8E
6.6.6.6 2.2.2.2 211 0x80000001 0x0056C3
10.2.3.0 2.2.2.2 386 0x80000001 0x009B89
10.2.4.0 2.2.2.2 386 0x80000001 0x009093
10.3.4.0 2.2.2.2 330 0x80000001 0x008E93
10.3.6.0 2.2.2.2 330 0x80000001 0x0078A7
10.4.6.0 2.2.2.2 238 0x80000001 0x006CB2
10.5.6.0 2.2.2.2 211 0x80000001 0x006AB2
Type-10 Opaque Area Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Opaque ID
1.0.0.0 1.1.1.1 959 0x80000013 0x0034E3 0
1.0.0.0 2.2.2.2 786 0x80000013 0x0038D7 0
1.0.0.1 1.1.1.1 959 0x80000013 0x004DBC 1
1.0.0.1 2.2.2.2 786 0x80000013 0x00E425 1
4.0.0.0 1.1.1.1 959 0x80000013 0x00AE9E 0
4.0.0.0 2.2.2.2 786 0x80000013 0x0090B8 0
7.0.0.0 1.1.1.1 959 0x80000013 0x00CBB9 0
7.0.0.0 2.2.2.2 786 0x80000013 0x00F982 0
7.0.0.1 2.2.2.2 330 0x80000001 0x003313 1
7.0.0.2 2.2.2.2 186 0x80000001 0x00C179 2
7.0.0.3 2.2.2.2 81 0x80000001 0x006BD3 3
7.0.0.4 2.2.2.2 75 0x80000001 0x00F93A 4
8.0.0.7 1.1.1.1 959 0x80000013 0x00CBBE 7
8.0.0.7 2.2.2.2 786 0x80000013 0x003952 7
On each Opaque LSA that R2 injects, it must set the NP bit so that R1 does not preform PHP. We saw this in the previous section when ISIS was redistributed into OSPF. The difference between the LSA below and the Type 11 LSA was that the N-bit was not set in the Type 11 LSA. I believe this is because when the route was redistributed into ISIS, the fact that it represents a node is lost. However, with OSPF inter-area routing, the fact that 3.3.3.3 represents node R3 is kept in-tact.
R1#show ip ospf data opaque-area 7.0.0.1
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-10 Opaque Area Link States (Area 0)
LS age: 425
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.1
Opaque Type: 7 (Extended Prefix)
Opaque ID: 1
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x3313
Length: 44
TLV Type: Extended Prefix
Length: 20
Prefix : 3.3.3.3/32
AF : 0
Route-type: Inter
Flags : N-bit
Sub-TLV Type: Prefix SID
Length: 8
Flags : NP-bit
MTID : 0
Algo : SPF
SID : 3
Because R2’s loopback is part of area 0, when R2 advertises it into area 1 it does not set the NP bit, even though it is an inter-area prefix. In this case it does want its neighbors to preform PHP. Here you can see both the N-bit (meaning this is a Node SID) and the A-bit, which means that this node is attached to another area, and is an ABR.
R4#show ip ospf database opaque-area adv-router 2.2.2.2
<snip>
LS age: 560
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.0
Opaque Type: 7 (Extended Prefix)
Opaque ID: 0
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x31DA
Length: 44
TLV Type: Extended Prefix
Length: 20
Prefix : 2.2.2.2/32
AF : 0
Route-type: Inter
Flags : N-bit, A-bit
Sub-TLV Type: Prefix SID
Length: 8
Flags : None
MTID : 0
Algo : SPF
SID : 2
Conclusion
Multi-area/level segment routing is not as complicated as you might of thought. You lose all adjacency SID information, and prefix SID information is propagated along with the /32 inter-area route to allow for end-to-end LSPs. In all cases, the prefix SID follows the automatic inter-area routes or redistributed routes. You don’t have to do anything specific to include the prefix SID with the advertised route.
In OSPF, a corresponding Opaque LSA is advertised with the inter-area/external prefix. If the prefix SID is injected as a Type 5 LSA, then the Opaque LSA is Type 11 in order to flood domain-wide. If the prefix SID is advertised as a Type 3 LSA, the the Opaque LSA is Type 10 (area-wide flooding).
In ISIS, there is not the same concept of external vs. inter-area routes. A router injects the route into the other level by setting the re-advertise bit, meaning this was re-advertised from another level. In addition, when a level 2 route is advertised into level 1, the down bit is set so that the route cannot loop back to level 2 from level 1 again. This is normal ISIS inter-area routing.
In both OSPF and ISIS, the PHP behaviour needs to be signaled. OSPF sets the NP bit, instructing its neighbors not to preform PHP for the prefix. ISIS sets the P-bit on the prefix meaning “PHP off.”
