In most networks, traditional traffic engineering requirements focused on building explicit paths for bandwidth management, protection and building paths to avoid shared risk. Over the years, the growth of cloud computing and software-as-a-service (SaaS) models have only highlighted the importance of data sovereignty and data security. Data sovereignty is the idea that data are subject to the laws and governance structures within the nation they are collected. In some cases, geopolitical issues between countries introduce requirements where governments mandate their data completely to avoid passing through nodes and links that reside in one or several countries. Today’s global operators build and manage large multi-domain networks that must cater to these requirements and varying regulations.
Let’s take a look at some examples to see how a seamless SR architecture provides solutions with flex-algo and BGP Classful Transport (BGP-CT).
Figure 1 above shows a global network operated by a single operator. It consists of 3 Autonomous Systems (AS)S1, AS2 and AS3. The ASes are geographically separated and represent 3 different continents. Customer X attached to PE1 has applications that need to connect to PE2. All of customer X’s traffic must avoid passing through Nodes A and C located in AS3. In this specific example, A & C geographically reside in a particular country that customer X’s traffic must avoid passing through.
Building Intra-Domain Paths to Satisfy Constraints
In the AS3 domain, a Traffic Engineered (TE) path must be built to satisfy constraints and avoid nodes A and C. There are multiple ways to achieve this, including:
- Segment Routing – Traffic Engineering (SR-TE) Policy
- Resource Reservation Protocol (RSVP)
- Flex-algo
SR-TE builds a TE constrained path by stacking labels. SR-TE uses label stack compression algorithms and builds path with node-SID/prefix-SID and adj-SIDs. During convergence, the traffic may momentarily pass through the node to be avoided. This issue happens when the label stack consists of node-SIDs/prefix-SIDs. Therefore, it’s recommended to use a label stack of adj-SIDs. Similarly, RSVP can also be used to create a constrained path avoiding A and C.
Flex-algo creates a logical topology of the network avoiding the nodes and links. Let’s assume flex-algo 128 is defined and nodes A and C are not included as part of flex-algo 128. Flex-algo 128 has been assigned a color identified by the number 128. With the flex-algo definition, every node creates a transport class identified by color 128. Interior Gateway Protocol (IGP) computes shortest path first (SPF) for the logical topology excluding A and C. IGP places the routes for flex-algo 128 in the new transport RIB corresponding to the transport class 128. The Topology Independent-Loop Free Alternate (TI-LFA) backup paths are also built for every destination and the backup paths automatically avoid nodes A and C.
Building Inter-Domain Paths to Satisfy Constraints
In this case, we need to build an inter-domain path from PE1 to PE2 that satisfy the node constraints to avoid A and C in AS3. Note that AS1 and AS2 do not define and build flex-algo 128 because the node constraints are applicable only in AS3 where the country is geographically located. Transport class for color 128 is defined on all border nodes and the PE nodes in figure 2 above. ASBR4 has a route to PE2 in the transport RIB for color 128. ASBR4 advertises a BGP-CT route to reach PE2. The BGP-CT route has an auto derived route-distinguisher (RD). The route is advertised with route-targets (RT) set to transport-target:0:128. This route-target represents the transport class membership. ASBR3 propagates this route to ASBR2 and then ASBR2 propagates to AS1.
In AS3, BGP-CT routes with route-target of transport-target:0:128 are set to strictly resolve on transport class with color 128. In AS1 and AS2, BGP-CT routes with RT of 128 are set to resolve on transport class 128 and if that does not exist, they are set to resolve on the next best path. The customer X’s prefixes advertised from PE2 will be associated with an extended color community of color:0:128. On the ingress PE1, service prefix will resolve on transport RIB for color 128 with a fallback on best-effort transport-class. Thus, an end-to-end path from PE1 to PE2 is created where the path traverses best effort path in AS1 and AS2 and traverses a constrained path avoiding nodes A and C in AS3.
Conclusion
Seamless SR architectures provide an operationally simple solution to create end-to-end constrained paths in a network. BGP-CT extension provides an effective option C connectivity when certain constraints need to be met in a remote domain. Seamless SR provides a simple and effective solution, especially in cases where the traffic that originates in one domain has to avoid certain nodes and links residing in another domain for regulatory reasons.
