Hi @Harold Ritter 

Thank you for the clarification.

If I am understanding this right, constraints with affinity rules only work with dynamic path computation. They do not apply to explicit paths.
I am going to configure PCE on the route reflector and see if the path selection avoids the interfaces with affinity rules.

Regards,

Laurent Ost

Hi @Harold Ritter,

I've configured the PCE but I still get the same log entry:
xtc_agent[1183]: DBG-Policy-State:_xtc_po licy_check:1915 Policy has no source address

segment-routing
traffic-eng
interface GigabitEthernet0/0/0/1
affinity
name red
!
!
srv6
locator MAIN binding-sid dynamic behavior ub6-insert-reduced
!
candidate-paths
all
source-address ipv6 fcfe::1
!
!
maximum-sid-depth 5
policy trusted_paths
color 50 end-point ipv6 fcfe::7
candidate-paths
preference 100
dynamic
metric
type igp
!
!
constraints
affinity
exclude-any
name red
!
!
!
!
!
!
affinity-map
name red bit-position 1
!
pcc
source-address ipv6 fcfe::1
pce address ipv6 fcfe::4
!
report-all
!
!
srv6
locators
locator MAIN
prefix fc00:0:1::/64
!
!
!
!

show segment-routing traffic-eng pcc ipv6 peer brief

Address Precedence State Learned From
-------------------- ------------ ------------ ---------------
fcfe::4 255 up config

#show segment-routing traffic-eng pcc ipv6 peer detail

PCC's peer database:
--------------------

Peer address: fcfe::4
Precedence: 255, (best PCE)
State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation, SRv6
PCEP has been up for: 00:21:13
Local keepalive timer is 30 seconds
Remote keepalive timer is 30 seconds
Local dead timer is 120 seconds
Remote dead timer is 120 seconds
Authentication: None
Statistics:
Open messages: rx 1 | tx 1
Close messages: rx 0 | tx 0
Keepalive messages: rx 43 | tx 42
Error messages: rx 0 | tx 0
Report messages: rx 0 | tx 2
Update messages: rx 0 | tx 0
Initiate messages: rx 0

I added the following configuration to XR4 (RR).

pce
  address ipv6 fcfe::4

The topology indicates the domain has 14 routers. There are actually only 7:

show pce ipv6 topology summary

PCE's topology database summary:
--------------------------------

Topology nodes: 14
Prefixes: 14
Prefix SIDs:
Total: 0
Regular: 0
Strict: 0
Links:
Total: 48
EPE: 0
Adjacency SIDs:
Total: 0
Unprotected: 0
Protected: 0
EPE: 0

Private Information:
Lookup Nodes 0
Consistent no

Update Stats (from IGP and/or BGP):
Nodes added: 14
Nodes deleted: 0
Links added: 48
Links deleted: 0
Prefix added: 83
Prefix deleted: 0

Topology Ready Summary:
Ready: yes
PCEP allowed: yes
Last HA case: migration
Timer value (sec): 40
Timer:
Running: no

Every node exists twice with a different AS (64097 and 0):

show pce ipv6 topology

Node 7
Host name: XR-7
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 0
SR Algo INFO:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 0
SR Algo Participation:
0, 1
uN SIDs:
SID[0]: ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 0 domain ID: 0
SID: fc00:0:7:0:1:: Behavior: End (PSP/USD) (29)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Link[0]: local address 2001:db8:57::7, remote address 2001:db8:57::5
Metric: IGP 10, TE 10, Latency 10 microseconds
Bandwidth: Total 125000000 Bps, Reservable 0 Bps
Admin-groups: 0x00000000
uA SIDs:
SID[0]: fc00:0:7:0:40:: (unprotected) Behavior: End.X (PSP/USD) (33)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Local node:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 0
Remote node:
Host name: XR-5
ISIS system ID: 0000.0000.0005 level-2 Area-id: 49 ASN: 0
Link[1]: local address 2001:db8:67::7, remote address 2001:db8:67::6
Metric: IGP 10, TE 10, Latency 10 microseconds
Bandwidth: Total 125000000 Bps, Reservable 0 Bps
Admin-groups: 0x00000000
uA SIDs:
SID[0]: fc00:0:7:0:41:: (unprotected) Behavior: End.X (PSP/USD) (33)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Local node:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 0
Remote node:
Host name: XR-6
ISIS system ID: 0000.0000.0006 level-2 Area-id: 49 ASN: 0

....
Node 14
Host name: XR-7
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 64097
SR Algo INFO:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 64097
SR Algo Participation:
0, 1
uN SIDs:
SID[0]: ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 64097 domain ID: 0
SID: fc00:0:7:0:1:: Behavior: End (PSP/USD) (29)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Link[0]: local address 2001:db8:57::7, remote address 2001:db8:57::5
Metric: IGP 10, TE 10, Latency 10 microseconds
Bandwidth: Total 125000000 Bps, Reservable 0 Bps
Admin-groups: 0x00000000
uA SIDs:
SID[0]: fc00:0:7:0:40:: (unprotected) Behavior: End.X (PSP/USD) (33)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Local node:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 64097
Remote node:
Host name: XR-5
ISIS system ID: 0000.0000.0005 level-2 Area-id: 49 ASN: 64097
Link[1]: local address 2001:db8:67::7, remote address 2001:db8:67::6
Metric: IGP 10, TE 10, Latency 10 microseconds
Bandwidth: Total 125000000 Bps, Reservable 0 Bps
Admin-groups: 0x00000000
uA SIDs:
SID[0]: fc00:0:7:0:41:: (unprotected) Behavior: End.X (PSP/USD) (33)
LBL:40 LNL:24 FL:16 AL:0 Algo:0
Local node:
ISIS system ID: 0000.0000.0007 level-2 Area-id: 49 ASN: 64097
Remote node:
Host name: XR-6
ISIS system ID: 0000.0000.0006 level-2 Area-id: 49 ASN: 64097

Cisco Version: IOS XR Configuration 7.8.2

Regards,

Laurent Ost

Hi @Laurent Ost ,

You need to add the pcep keyword to the dynamic policy to tell the PCC to send the request to the PCE for path calculation, as follow:

 candidate-paths
    preference 100
     dynamic
      pcep

https://xrdocs.io/design/blogs/latest-converged-sdn-transport-srv6 

Regards,

Hi @Harold Ritter ,

Thank you, I have overlooked that. However, I still the same log entry and dynamic is inactive:

XR-1#show segment-routing traffic-eng policy color 50
Sat Jun 3 07:40:11.105 UTC

SR-TE policy database
---------------------

Color: 50, End-point: fcfe::7
Name: srte_c_50_ep_fcfe::7
Status:
Admin: up Operational: down for 1d18h (since Jun 1 13:19:08.046)
Candidate-paths:
Preference: 100 (configuration) (inactive)
Name: trusted_paths
Requested BSID: dynamic
PCC info:
Symbolic name: cfg_trusted_paths_discr_100
PLSP-ID: 5
Constraints:
Protection Type: protected-preferred
Affinity:
exclude-any:
red
Maximum SID Depth: 5
Dynamic (pce fcfe::4) (inactive)
Metric Type: IGP, Path Accumulated Metric: 0
Attributes:
Forward Class: 0
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
Max Install Standby Candidate Paths: 0

XR-1#show segment-routing traffic-eng pcc ipv6 peer detail
Sat Jun 3 07:41:41.986 UTC

PCC's peer database:
--------------------

Peer address: fcfe::4
Precedence: 255, (best PCE)
State up
Capabilities: Stateful, Update, Segment-Routing, Instantiation, SRv6
PCEP has been up for: 13:34:24
Local keepalive timer is 30 seconds
Remote keepalive timer is 30 seconds
Local dead timer is 120 seconds
Remote dead timer is 120 seconds
Authentication: None
Statistics:
Open messages: rx 1 | tx 1
Close messages: rx 0 | tx 0
Keepalive messages: rx 1629 | tx 1628
Error messages: rx 0 | tx 0
Report messages: rx 0 | tx 4
Update messages: rx 1 | tx 0
Initiate messages: rx 0

There are two entries in the topology for every node:

show pce ipv6 topology summary

PCE's topology database summary:
--------------------------------

Topology nodes: 14
Prefixes: 14
Prefix SIDs:
Total: 0
Regular: 0
Strict: 0
Links:
Total: 48
EPE: 0
Adjacency SIDs:
Total: 0
Unprotected: 0
Protected: 0
EPE: 0

Private Information:
Lookup Nodes 0
Consistent no

Update Stats (from IGP and/or BGP):
Nodes added: 14
Nodes deleted: 0
Links added: 48
Links deleted: 0
Prefix added: 83
Prefix deleted: 0

Topology Ready Summary:
Ready: yes
PCEP allowed: yes
Last HA case: migration
Timer value (sec): 40
Timer:
Running: no

XR-2#show run

Coud something be wrong with IS-IS?
Here the config of a P router (XR2):

interface Loopback0
ipv6 address fcfe::2/128
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 192.168.250.12 255.255.255.0
!
interface GigabitEthernet0/0/0/0
description to XR1
cdp
ipv6 address 2001:db8:12::2/64
!
interface GigabitEthernet0/0/0/1
description to XR3
cdp
ipv6 address 2001:db8:23::2/64
!
interface GigabitEthernet0/0/0/2
description to XR4
cdp
ipv6 address 2001:db8:24::2/64
!
interface GigabitEthernet0/0/0/3
description to XR6
cdp
ipv6 address 2001:db8:26::2/64
!
router static
address-family ipv4 unicast
0.0.0.0/0 192.168.250.1
!
!
router isis core
is-type level-2-only
net 49.0000.0000.0002.00
distribute link-state
address-family ipv6 unicast
metric-style wide
segment-routing srv6
locator MAIN
!
!
!
interface Loopback0
passive
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/3
point-to-point
address-family ipv6 unicast
!
!
!
router bgp 64097
bgp router-id 97.0.0.2
address-family vpnv4 unicast
segment-routing srv6
locator MAIN
!
!
address-family link-state link-state
!
neighbor fcfe::4
remote-as 64097
update-source Loopback0
address-family vpnv4 unicast
!
address-family link-state link-state
!
!
!
segment-routing
srv6
locators
locator MAIN
prefix fc00:0:2::/64
!
!
!
!

Route Reflector:
XR-4# show run

pce
address ipv6 fcfe::4
!
interface Loopback0
ipv6 address fcfe::4/128
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 192.168.250.14 255.255.255.0
!
interface GigabitEthernet0/0/0/0
description to XR-3
ipv6 address 2001:db8:34::4/64
!
interface GigabitEthernet0/0/0/1
description to XR-2
ipv6 address 2001:db8:24::4/64
!
interface GigabitEthernet0/0/0/2
description to XR-5
ipv6 address 2001:db8:45::4/64
!
interface GigabitEthernet0/0/0/3
description to XR-6
ipv6 address 2001:db8:46::4/64
!
router static
address-family ipv4 unicast
0.0.0.0/0 192.168.250.1
!
!
router isis core
is-type level-2-only
net 49.0000.0000.0004.00
distribute link-state
address-family ipv6 unicast
metric-style wide
segment-routing srv6
locator MAIN
!
!
!
interface Loopback0
passive
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/1
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/2
point-to-point
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/3
point-to-point
address-family ipv6 unicast
!
!
!
router bgp 64097
bgp router-id 97.0.0.4
address-family vpnv4 unicast
segment-routing srv6
locator MAIN
!
!
address-family link-state link-state
!
neighbor-group SRv6-lab
remote-as 64097
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
!
address-family link-state link-state
!
!
neighbor fcfe::1
use neighbor-group SRv6-lab
!
neighbor fcfe::2
use neighbor-group SRv6-lab
!
neighbor fcfe::3
use neighbor-group SRv6-lab
!
neighbor fcfe::5
use neighbor-group SRv6-lab
!
neighbor fcfe::6
use neighbor-group SRv6-lab
!
neighbor fcfe::7
use neighbor-group SRv6-lab
!
!
segment-routing
traffic-eng
interface GigabitEthernet0/0/0/1
affinity
name red
!
!
affinity-map
name red bit-position 1
!
!
srv6
locators
locator MAIN
prefix fc00:0:4::/64
!
!
!
!

Regards,

Laurent Ost

Hi @Laurent Ost ,

A few suggestions:

1. You do not need to run link-state address-family between the RR and all the PEs, as link state information is propagated via the IS-IS. This is what is causing the topology to have double the number of devices.

2. You should refine you locators to /48 on all devices.

srv6
locators
locator MAIN
prefix fc00:0:x::/48 (where x is the local value)

3. Make sure you use the latest XR version available (7.9.1 currently)

Regards,

Hi @Harold Ritter 

I implemented all suggestions but received the same log entry and output.

I tried to move the SRv6 Binding SID definition down to the policy. I also removed canditate-paths with the source-address.

segment-routing
 traffic-eng
  interface GigabitEthernet0/0/0/1
   affinity
    name red
   !
  !
  srv6
   locator MAIN binding-sid dynamic behavior ub6-insert-reduced
  !
  candidate-paths
   all
    source-address ipv6 fcfe::1
   !
  !
  maximum-sid-depth 5
  policy trusted_paths
   source-address ipv6 fcfe::1

After:

segment-routing
 traffic-eng
  interface GigabitEthernet0/0/0/1
   affinity
    name red
   !
  !
  maximum-sid-depth 5
  policy trusted_paths
   srv6
     locator MAIN binding-sid dynamic behavior ub6-insert-reduced
   !
   source-address ipv6 fcfe::1

 
This made it work on both sides:

XR-1#show segment-routing traffic-eng policy color 50
Tue Jun 6 11:49:19.895 UTC

SR-TE policy database
---------------------

Color: 50, End-point: fcfe::7
Name: srte_c_50_ep_fcfe::7
Status:
Admin: up Operational: up for 04:41:15 (since Jun 6 07:08:04.631)
Candidate-paths:
Preference: 100 (configuration) (active)
Name: trusted_paths
Requested BSID: dynamic
PCC info:
Symbolic name: cfg_trusted_paths_discr_100
PLSP-ID: 2
Constraints:
Protection Type: protected-preferred
Affinity:
exclude-any:
red
Maximum SID Depth: 19
Dynamic (pce fcfe::4) (valid)
Metric Type: IGP, Path Accumulated Metric: 40
SID[0]: fc00:0:3::/48 Behavior: uN (PSP/USD) (48)
Format: f3216
LBL:32 LNL:16 FL:0 AL:80
SID[1]: fc00:0:4::/48 Behavior: uN (PSP/USD) (48)
Format: f3216
LBL:32 LNL:16 FL:0 AL:80
SID[2]: fc00:0:5::/48 Behavior: uN (PSP/USD) (48)
Format: f3216
LBL:32 LNL:16 FL:0 AL:80
SID[3]: fc00:0:7::/48 Behavior: uN (PSP/USD) (48)
Format: f3216
LBL:32 LNL:16 FL:0 AL:80
SRv6 Information:
Locator: MAIN
Binding SID requested: Dynamic
Binding SID behavior: uB6 (Insert.Red)
Attributes:
Binding SID: fc00:0:1:e003::
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
Max Install Standby Candidate Paths: 0

The traffic engineering works now as expected and it does not go through interfaces with affinity rules.

I have two additional questions:

1. You mentioned that the BGP LS family was not needed on the RR for the PE routers. Did you also mean it for the other P routers as it is a single domain topology? IS-IS would be sufficient for a single domain like in this case.

2. How does the PCE handle interface failures? I shut down a link on the P router next to the destination PE and the last SID in the segment list was just removed instead of being replaced with an alternative. This makes the routing decision based on best effort at the end. I took the maximum SID depth into account.

Thank you for your great help. I really appreciate it!

Regards,

Laurent Ost

Hi @Laurent Ost ,

I am glad it is nor working for you. Please see my comments for you specific questions.

1. Yes, there is not need to use BGP LS at all within a single domain. BGP LS is normally used when multiple domains are involved.

2. It is hard to comment without having a full view of your topology and configurations. The short answer is that the LSP should be reoptimized if a node goes down.

Regards,