After an SR LSP (SR-MPLS BE) or SR-MPLS TE tunnel is established, service traffic needs to be steered into the SR LSP or SR-MPLS TE tunnel, which is usually achieved by using different methods, such as configuring static routes, tunnel policies, and auto routes. Common services involved include EVPN, L2VPN, L3VPN, and public network services.
Traffic Steering Mode |
SR LSP |
SR-MPLS TE Tunnel |
|---|---|---|
Static route |
SR LSPs do not have tunnel interfaces. As such, you can configure a static route with a specified next hop, based on which the route recurses to an SR LSP. |
SR-MPLS TE tunnels have tunnel interfaces. This allows traffic to be steered into an SR-MPLS TE tunnel through a static route. |
Tunnel policy |
The tunnel select-seq policy can be used, whereas the tunnel binding policy cannot be used. |
Either the tunnel select-seq policy or the tunnel binding policy can be used. |
Auto route |
SR LSPs do not have tunnel interfaces. Therefore, traffic cannot be steered into an SR LSP through an auto route. |
SR-MPLS TE tunnels have tunnel interfaces. Therefore, traffic can be steered into an SR-MPLS TE tunnel through an auto route. |
Policy-based routing (PBR) |
SR LSPs do not have tunnel interfaces. Therefore, traffic cannot be steered into an SR LSP through PBR. |
SR-MPLS TE tunnels have tunnel interfaces. Therefore, traffic can be steered into an SR-MPLS TE tunnel through PBR. |
SR LSPs do not have tunnel interfaces. As such, you can configure a static route with a specified next hop, based on which the route recurses to an SR LSP.
The static routes of SR-MPLS TE tunnels work in the same way as common static routes. When configuring a static route, set the outbound interface of the route to an SR-MPLS TE tunnel interface so that traffic transmitted over the route can be steered into the SR-MPLS TE tunnel.
By default, VPN traffic is forwarded over LDP LSPs, not SR LSPs or SR-MPLS TE tunnels. If forwarding VPN traffic over LDP LSPs does not meet VPN traffic requirements, a tunnel policy needs to be used to steer the VPN traffic into an SR LSP or SR-MPLS TE tunnel.
Currently, the supported tunnel policies are tunnel select-seq and tunnel binding. Select either of them as needed.
Tunnel select-seq: This policy can change the type of tunnel selected for VPN traffic. An SR LSP or SR-MPLS TE tunnel is selected as a public tunnel for VPN traffic based on the prioritized tunnel types. If no LDP LSPs are available, SR LSPs are selected by default.
Tunnel binding: This policy binds a specific destination IP address to an SR-MPLS TE tunnel for VPN traffic to guarantee QoS.
In auto route mode, an SR-MPLS TE tunnel participates in IGP route computation as a logical link, and the tunnel interface is used as an outbound interface of the involved route. Currently, the forwarding adjacency mode is supported, enabling a node to advertise an SR-MPLS TE tunnel to its neighboring nodes so that the SR-MPLS TE tunnel will be used in global route calculation and can be used by both the local node and other nodes.
PBR allows nodes to select routes based on user-defined policies, which improves traffic security and balances traffic. On an SR network, PBR enables IP packets that meet filter criteria to be forwarded over specific LSPs.
Similar to IP unicast PBR, SR-MPLS TE PBR is also implemented by defining a set of matching rules and behaviors through if-match clauses and apply clauses (the outbound interface is set to the involved SR-MPLS TE tunnel interface), respectively. If packets do not match PBR rules, they are forwarded in IP forwarding mode; if they match PBR rules, they are forwarded over specific tunnels.