OSPFv2 Segment Routing Strict SPF

The OSPFv2 Segment Routing Strict Shortest Path First (SPF) feature provides information about the strict SPF segment identifiers (SIDs).

Restrictions for OSPFv2 Segment Routing Strict SPF

  • All the nodes in an OSPF area must be strict SPF capable and each node must have at least one strict SPF SID for the strict SPF solution to work with segment routing traffic engineering (SR-TE).

  • Redistribution of strict SPF sid is not supported.

Information About OSPFv2 Segment Routing Strict SPF

Segment Routing (SR) architecture provides the provision to support multiple prefix-SID algorithms. Currently, it has defined two algorithms:

  • Algorithm 0 – This is a shortest path algorithm and it is supported by default.

  • Algorithm 1 – This is a strict shortest path algorithm. It mandates that the packets are forwarded according to SPF algorithm and instructs any router in the path to ignore any possible local policy overriding the SPF decision. The SID advertised with strict shortest path algorithm ensures that the path the packet is going to take is the expected path, and not the altered SPF path. You must configure strict SPF SID on each node that supports segment routing.

    The algorithm 1 is identical to algorithm 0, but it requires all the nodes along the path to honor the SPF routing decision. Local policy does not alter the forwarding decision. For example, a packet is not forwarded through locally engineered path.

Why Strict SPF

In the case of link or node failure in the tunnel path, it is possible that MPLS traffic routed via the SR-TE tunnel is rerouted back to the tunnel head end from mid chain if the traffic is diverted to the repair path. If the head-end routes this MPLS traffic via the SR-TE tunnel again, then the same MPLS traffic may loop along the tunnel until TTL expires, even though there is an alternate IGP shortest path to the destination is available.

The strict SPF SID can prevent the looping of traffic through SR-TE tunnels. With strict SPF support, every router is configured to have both default SID, that is, SID0 and strict-SPF SID, that is, SID1. If the tunnel traffic is routed back to the head-end, it arrives at head end with strict-SPF SID as active label, which gets forwarded via the non-tunnel IGP shortest path (native path), thus breaking the looping along the SR-TE tunnel. Strict SPF prefix-SIDs are preferred over default prefix SIDs for SRTE tunnel when all nodes in the area/tunnel-path are Strict SPF capable.

Strict-SPF Capability Advertisement

OSPF advertises the strict SPF capability in SR-Algorithm TLV of the Router Information (RI) opaque link state advertisements (LSA), when segment routing is enabled globally or on a specific area. OSPF includes both algorithm 0 (SPF) and algorithm 1 (Strict-SPF SID) in the SR-Algorithm TLV.

When received, OSPF parses the router information opaque LSA to find the SR Algorithm TLV. If the TLV is missing or algorithm 1 is not included in the TLV, OSPF ignores all strict-SPF SID advertisements from the advertisement router.

OSPF continues to support only single SRGB. The same SRGB is used for both regular SIDs and strict-SPF SIDs. Like regular SID, OSPF must not use out of SRGB range strict-SPF SIDs.

Strict-SPF SID Advertisement in Extended Prefix LSA

OSPF advertises the strict SPF SID connected maps in prefix SID sub-TLV with algorithm set to 1 in OSPF extended prefix TLV of extended prefix opaque LSA. Both default SID and strict SPF SID for the same prefix are advertised in the same LSA. OSPF advertise separate explicit-NULL for regular and strict-SPF SIDs. Both the SIDs share same attach flag.

OSPF advertises the strict SPF SID mapping server entries in Prefix SID Sub-TLV with algorithm set to 1, in OSPF Extended Prefix Range TLV of Extended prefix opaque LSA. Both default SID and strict SPF SID may be advertised for the same prefix. If multiple SIDs of same algorithm are advertised for the same prefix, the receiving router uses the first encoded SID. OSPF advertise separate explicit-NULL for regular and strict-SPF SIDs. Both SIDs share same attach flag. The setting of attach flag in the regular SID takes over precedence if they differ.

If the SR-Algorithm TLV is missing or algorithm 1 is not included in the TLV, OSPF ignores all strict-SPF SID advertisements from the advertisement router. If multiple SIDs of same algorithm are received for the same prefix, the receiving router uses the first encoded SID.If the Explicit-NULL and Attach flags differ for the received SID0 & SID1 of a prefix, then the flags of SID0 takes over precedence.

Interaction with SR-TE and Router Information Base

Like default SID, the strict-SPF SID also communicates with SR-TE only if SR and TE both are enabled for that area. There are three forms of communications that might happen with SR-TE related to strict-SPF SID:

  • OSPF announces to SR-TE whether the area is strict-SPF capable or incapable. An area is strict SPF capable, if all the nodes in the area are strict spf capable and each node has at least one strict SPF SID configured.

  • OSPF announces to SR-TE the strict-SPF SIDs for all prefixes and registered prefix paths.

  • SR-TE prefers strict SPF SID for the label stack. OSPF receives tunnel list from SR-TE whenever there is a change to the list of auto-route announce tunnel list. For each tunnel, SR-TE indicates whether the tunnel is created using strict-SPF SIDs or default SIDs. OSPF runs full SPF whenever the updated tunnel list is received from SR-TE and replaces the RIB paths of prefixes reachable via the tunnel endpoint to the tunnel next hop.

Strict-SPF SIDs are not installed in the router information base (RIB). Only default SIDs get installed as the outgoing labels for the prefixes installed in the RIB. Both SR-TE tunnel types are installed in the RIB.

Enabling and Disabling OSPFv2 Segment Routing Strict SPF

The strict SPF feature is enabled by default when segment-routing mpls is configured under OSPF and global mode. There is no separate CLI to enable or disable it.

Configuring OSPFv2 Segment Routing Strict SPF SID

Perform the following steps to configure OSPFv2 segment routing strict SPF.

segment-routing mpls
 connected-prefix-sid-map
  address-family ipv4
   10.0.0.0/8 2
   172.16.0.0/8 3
  address-family ipv4 strict-spf
   10.0.0.0/8 22
   172.16.0.0/8 23
  exit-address-family

Verifying OSPFv2 Segment Routing Strict SPF

Use the following commands to verify OSPFv2 segment routing strict SPF.

Verifying OSPFv2 Segment Routing Strict SPF SID

Device#show ip ospf database opaque-area type ext-prefix     

            OSPF Router with ID (10.0.0.4) (Process ID 10)

                Type-10 Opaque Area Link States (Area 0)

  LS age: 40
  Options: (No TOS-capability, DC)
  LS Type: Opaque Area Link       
  Link State ID: 7.0.0.3          
  Opaque Type: 7 (Extended Prefix)
  Opaque ID: 3                    
  Advertising Router: 10.0.0.2     
  LS Seq Number: 80000003         
  Checksum: 0xFB42                
  Length: 56                      

    TLV Type: Extended Prefix
    Length: 32               
      Prefix    : 10.0.0.6/32
      AF        : 0           
      Route-type: Intra       
      Flags     : N-bit       

      Sub-TLV Type: Prefix SID
      Length: 8               
        Flags : None          
        MTID  : 0             
        Algo  : SPF
        SID   : 100                 

      Sub-TLV Type: Prefix SID
      Length: 8               
        Flags : None          
        MTID  : 0
        Algo  : Strict SPF
        SID   : 101
Device#show ip ospf segment-routing sid-database                                                                                                             

            OSPF Router with ID (10.0.0.4) (Process ID 10)

OSPF Segment Routing SIDs

Codes: L - local, N - label not programmed,
       M - mapping-server

SID             Prefix              Adv-Rtr-Id       Area-Id  Type      Algo
--------------  ------------------  ---------------  -------  --------  ----
2               10.0.0.2/32          10.0.0.2          0        Intra     0
4       (L)     10.0.0.4/32          10.0.0.4          0        Intra     0
7               10.0.0.7/32          10.0.0.5          0        Intra     0
9               10.0.0.8/32          10.0.0.2          0        Intra     0
20              2.0.2.20/32         2.2.2.2          0        Intra     0
21              22.0.22.21/32       2.2.2.2          0        Intra     1
22      (M)     2.0.2.22/32                                   Unknown   0
29      (M)     22.0.22.29/32                                 Unknown   1
33              33.0.33.33/32       3.3.3.3          0        Intra     1
38      (M)     3.0.3.38/32                                   Unknown   0
39      (M)     33.0.33.39/32                                 Unknown   1
77              77.77.77.77/32      5.5.5.5          0        Inter     0
92      (M)     2.1.2.92/32                                   Unknown   0
99              99.99.99.99/32      9.9.9.9          0        Intra     0
100             2.0.2.100/32        2.2.2.2          0        Intra     0
101             2.0.2.100/32        2.2.2.2          0        Intra     1
120             3.3.3.120/32        3.3.3.3          0        Intra     0
121             3.3.3.120/32        3.3.3.3          0        Intra     1
Device#show ip ospf segment-routing mapping-server    

            OSPF Router with ID (10.0.0.4) (Process ID 10)

Advertise local: Enabled
Receive remote: Enabled 

Flags: i - sent to mapping-server, u - unreachable, 
       s - self-originated                          

2.0.2.22/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  2.2.2.2        0             7.0.0.4       22     Intra   0   
s  4.4.4.4        24            7.0.0.1       22     Inter   0   

2.1.2.92/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  2.2.2.2        0             7.0.0.5       92     Intra   0   
s  4.4.4.4        24            7.0.0.2       92     Inter   0   

3.0.3.38/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  3.3.3.3        0             7.0.0.2       38     Intra   0
s  4.4.4.4        24            7.0.0.3       38     Inter   0

3.3.3.48/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  3.3.3.3        0             7.0.0.3       48     Intra   0
s  4.4.4.4        24            7.0.0.4       48     Inter   0

22.0.22.29/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  2.2.2.2        0             7.0.0.6       29     Intra   1
s  4.4.4.4        24            7.0.0.5       29     Inter   1

22.1.22.99/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  2.2.2.2        0             7.0.0.7       99     Intra   1
s  4.4.4.4        24            7.0.0.6       99     Inter   1

33.0.33.39/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  3.3.3.3        0             7.0.0.4       39     Intra   1
s  4.4.4.4        24            7.0.0.7       39     Inter   1

33.3.33.49/32 (R), range size 1
   Adv-rtr        Area          LSID          SID    Type    Algo
i  3.3.3.3        0             7.0.0.5       49     Intra   1
s  4.4.4.4        24            7.0.0.8       49     Inter   1
Device#show ip ospf segment-routing local-prefix
            OSPF Router with ID (10.0.0.7) (Process ID 10)
Area 0:
 Prefix:            Sid:   Index:          Type:      Algo: Source:
 2.2.2.2/32         2      0.0.0.0         Intra      0     Loopback0
                         22     0.0.0.0         Intra      1     Loopback0
 23.23.23.4/32      233    0.0.0.1         Intra      1     Loopback3

Verifying OSPFv2 Segment Routing Strict SPF Capability

Device#show ip ospf database opaque-area type router-information self       

            OSPF Router with ID (10.0.0.4) (Process ID 10)

                Type-10 Opaque Area Link States (Area 0)

  LS age: 1692
  Options: (No TOS-capability, DC)
  LS Type: Opaque Area Link       
  Link State ID: 4.0.0.0          
  Opaque Type: 4 (Router Information)
  Opaque ID: 0                       
  Advertising Router: 4.4.4.4        
  LS Seq Number: 80000002            
  Checksum: 0x72B                    
  Length: 60                         

    TLV Type: Router Information
    Length: 4                   
    Capabilities:
      Graceful Restart Helper
      Stub Router Support
      Traffic Engineering Support

    TLV Type: Segment Routing Algorithm
    Length: 2
      Algorithm: SPF
      Algorithm: Strict SPF

    TLV Type: Segment Routing Range
    Length: 12
      Range Size: 8000

      Sub-TLV Type: SID/Label
      Length: 3
        Label: 16000

    TLV Type: Segment Routing Node MSD
    Length: 2
      Sub-type: Node Max Sid Depth, Value: 10

Verifying Strict SPF Labels Used in OSPF Local RIB Database

Device#show ip ospf rib 10.0.0.8

            OSPF Router with ID (10.0.0.6) (Process ID 10)


                Base Topology (MTID 0)

OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator

*>  2.0.2.100/32, Intra, cost 21, area 0
     SPF Instance 28, age 00:01:19
      contributing LSA: 10/7.0.0.3/2.2.2.2 (area 0)
     SID: 100, Properties: Sid, LblRegd, SidIndex, N-Flag, TeAnn
     Strict SPF SID: 101, Properties: Force, Sid, LblRegd, SidIndex, N-Flag
     Flags: RIB, HiPrio
      via 3.6.0.3, Ethernet0/1, label 16100, strict label 16101
       Flags: RIB
       LSA: 1/2.2.2.2/2.2.2.2
      PostConvrg repair path via 5.6.0.5, Ethernet0/3, label 16100, strict label 16100, cost 31
       Flags: RIB, Repair, PostConvrg, IntfDj, BcastDj
       LSA: 1/2.2.2.2/2.2.2.2

Verifying Strict SPF TILFA Tunnels

Device#show ip ospf fast-reroute ti-lfa tunnels internal 

            OSPF Router with ID (10.0.0.2) (Process ID 10)

                          Area with ID (0)

                    Base Topology (MTID 0)


TI-LFA Release Node Tree:

TI-LFA Release Node 4.4.4.4 via 1.2.0.1 Ethernet0/0, instance 12, metric 20
  Interface MPLS-SR-Tunnel2           
    Tunnel type: MPLS-SR (strict spf)
    Tailend router ID: 4.4.4.4              
    Termination IP address: 4.4.4.4     
    Outgoing interface: Ethernet0/0     
    First hop gateway: 1.2.0.1              
    instance 12, refcount 1                   
      rn-1: rtrid 4.4.4.4, addr 4.4.4.4, strict node-sid label 16044       

TI-LFA Release Node 4.4.4.4 via 2.3.0.3 Ethernet0/1, instance 12, metric 20
  Interface MPLS-SR-Tunnel1            
    Tunnel type: MPLS-SR (strict spf)
    Tailend router ID: 4.4.4.4                
    Termination IP address: 4.4.4.4      
    Outgoing interface: Ethernet0/1      
    First hop gateway: 2.3.0.3               
    instance 12, refcount 1                    
      rn-1: rtrid 4.4.4.4, addr 4.4.4.4, strict node-sid label 16044       


TI-LFA Node Tree:

TI-LFA Node 1.1.1.1 via 1.2.0.1 Ethernet0/0, abr, instance 12, rspt dist 0
  not-in-ext-p-space, in-q-space, interesting node 1                      
  Link Protect strict Path-1: via 2.3.0.3 Et0/1, parent 1/4.4.4.4, metric:30, rls-pt:4.4.4.4 at dist:20
  repair:y, rn-cnt:1, first-q:4.4.4.4, rtp-flags:Repair, PostConvrg, IntfDj
    rn-1: rtrid 4.4.4.4, addr 4.4.4.4, strict node-sid label 16044                
    Protected by: MPLS-SR-Tunnel1, tailend 4.4.4.4, rls node 4.4.4.4    
    instance 12, metric 20, refcount 1                                                       

TI-LFA Node 3.3.3.3 via 2.3.0.3 Ethernet0/1, instance 12, rspt dist 0
  not-in-ext-p-space, in-q-space, interesting node 1 
  Link Protect strict Path-1: via 1.2.0.1 Et0/0, parent 1/4.4.4.4, metric:30, rls-pt:4.4.4.4 at dist:20
  repair:y, rn-cnt:1, first-q:4.4.4.4, rtp-flags:Repair, PostConvrg, IntfDj
    rn-1: rtrid 4.4.4.4, addr 4.4.4.4, strict node-sid label 16044                
    Protected by: MPLS-SR-Tunnel2, tailend 4.4.4.4, rls node 4.4.4.4    
    instance 12, metric 20, refcount 1 

TI-LFA Node 4.4.4.4 via 1.2.0.1 Ethernet0/0, abr, instance 12, rspt dist 10
  in-ext-p-space, in-q-space, interesting node 1
  Link Protect strict Path-1: via 2.3.0.3 Et0/1, parent 1/3.3.3.3, metric:20, rls-pt:3.3.3.3 at dist:10
  repair:y, rn-cnt:0, first-q:4.4.4.4, rtp-flags:Repair, PostConvrg, IntfDj, PrimPath
    Protected by: directly connected TI-LFA

TI-LFA Node 4.4.4.4 via 2.3.0.3 Ethernet0/1, abr, instance 12, rspt dist 10
  in-ext-p-space, in-q-space, interesting node 1
  Link Protect strict Path-1: via 1.2.0.1 Et0/0, parent 1/1.1.1.1, metric:20, rls-pt:1.1.1.1 at dist:10
  repair:y, rn-cnt:0, first-q:4.4.4.4, rtp-flags:Repair, PostConvrg, IntfDj, PrimPath
    Protected by: directly connected TI-LFA


TI-LFA Protected neighbors:

  Neighbor 1.2.0.1 Ethernet0/0, ID 1.1.1.1, Dist 10, instance 12
    TI-LFA Required, TI-LFA Computed, RLFA not Required
    TI-LFA protection Required: link

  Neighbor 2.3.0.3 Ethernet0/1, ID 3.3.3.3, Dist 10, instance 12
    TI-LFA Required, TI-LFA Computed, RLFA not Required
    TI-LFA protection Required: link

Verifying Strict SPF SR-TE Tunnels

Device#show mpls traffic-eng segment-routing ospf summary 
IGP Area[1]:  ospf 10  area 0, Strict SPF Enabled:    
Nodes:                                                
IGP Id: 1.1.1.20, MPLS TE Id: 1.1.1.1, OSPF area 0    
   2 links with segment-routing adjacency SID         
IGP Id: 2.0.0.0, MPLS TE Id: 2.2.2.2, OSPF area 0
   2 links with segment-routing adjacency SID
IGP Id: 3.0.0.0, MPLS TE Id: 3.3.3.3, OSPF area 0
   3 links with segment-routing adjacency SID
IGP Id: 4.4.4.4, MPLS TE Id: 4.4.4.4, OSPF area 0
   3 links with segment-routing adjacency SID
IGP Id: 5.0.0.0, MPLS TE Id: 5.5.5.5, OSPF area 0
   2 links with segment-routing adjacency SID
Prefixes:
1.1.1.1/32, SID index: 1, Strict SID index: 11
1.2.0.2/32
2.2.2.2/32, SID index: 2, Strict SID index: 22
2.2.2.22/32, SID index: 222, Strict SID index: 2222
3.3.3.3/32, SID index: 3, Strict SID index: 34
3.3.3.33/32, SID index: 333, Strict SID index: 1333
4.4.4.4/32, SID index: 4, Strict SID index: 444
5.5.5.5/32, SID index: 5, Strict SID index: 555
6.6.6.6/32, SID index: 6
7.7.7.7/32, SID index: 7
Total:
  Node Count         : 5
  Adjacency-SID Count: 17
  Prefix-SID Count   : 10
Grand Total:
  Node Count         : 5
  Adjacency-SID Count: 17
  Prefix-SID Count   : 10
  IGP Areas Count    : 1

Verifying Protected adj-SIDs Using Strict SPF Repair Path

Device#sh ip ospf segment-routing protected-adjacencies detail

            OSPF Router with ID (10.0.0.0) (Process ID 10)

                          Area with ID (0)

Nbr id 10.0.0.1, via 10.0.0.2 on Ethernet0/1, Label 26
  Primary path: via 10.0.0.2 on Et0/1, out-label 3
  Repair path: via 10.0.0.3 on Et0/2, out-label 13222, cost 31, labels 0
  Nbr Prefix 10.0.0.4, Strict
Nbr id 10.0.0.5, via 10.0.0.3 on Ethernet0/2, Label 25
  Primary path: via 10.0.0.3 on Et0/2, out-label 3
  Repair path: via 10.0.0.2 on Et0/1, out-label 12333, cost 21, labels 0
  Nbr Prefix 10.0.0.5, Strict

Verifying Segment Routing Global Block

Device#show ip ospf segment-routing global-block

            OSPF Router with ID (10.0.0.0) (Process ID 10)

OSPF Segment Routing Global Blocks in Area 0

  Router ID:      SR Capable: SR Algorithm: SRGB Base: SRGB Range:  SID/Label:

 *10.0.0.0         Yes         SPF,StrictSPF 16000      8000         Label
  10.0.0.1         Yes         SPF,StrictSPF 16000      8000         Label
  10.0.0.2         Yes         SPF,StrictSPF 16000      8000         Label
  10.0.0.3         Yes         SPF           16000      8000         Label
  10.0.0.4         Yes         SPF,StrictSPF 16000      8000         Label
  10.0.0.5         No
  10.0.0.6         Yes         SPF           16000      8000         Label
Device#

Feature Information for OSPFv2 Segment Routing Strict SPF

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for OSPFv2 Segment Routing Strict SPF

Feature Name

Releases

Feature Information

OSPFv2 Segment Routing Strict SPF

Cisco IOS XE Fuji 16.9.1

The OSPFv2 Segment Routing Strict SPF feature provides the provision to support strict shortest path algorithm. It mandates that the packets are forwarded according to SPF algorithm and instructs any router in the path to ignore any possible local policy overriding the SPF decision.

The following commands were added or modified:

address-family ipv4 strict-spf .