Configuring SR-MPLS Handoff

These procedures show how to use the APIC REST API to perform the GUI procedures of the same name in the Cisco APIC Layer 3 Networking Configuration Guide.

Configuring an SR-MPLS Infra L3Out
Configuring an SR-MPLS VRF L3Out
Creating SR-MPLS Custom QoS Policy Using REST API

Configuring an SR-MPLS Infra L3Out

The SR-MPLS infra L3Out is configured on the border leaf switch, which is used to set up the underlay BGP-LU and overlay MP-BGP EVPN sessions that are needed for the SR-MPLS handoff.
An SR-MPLS infra L3Out will be scoped to a pod or a remote leaf switch site.
Border leaf switches or remote leaf switches in one SR-MPLS infra L3Out can connect to one or more provider edge (PE) routers in one or more routing domains.
A pod or remote leaf switch site can have one or more SR-MPLS infra L3Outs.
Each SR-MPLS infra L3Out should have a unique provider label and one provider label only. Each SR-MPLS infra L3Out is identified by the provider label.

You will configure the following pieces when configuring the SR-MPLS infra L3Out:

Nodes
- Only leaf switches are allowed to be configured as nodes in the SR-MPLS infra L3Out (border leaf switches and remote leaf switches).
- Each SR-MPLS infra L3Out can have border leaf switches from one pod or remote leaf switch from the same site.
- Each border leaf switch or remote leaf switch can be configured in multiple SR-MPLS infra L3Outs if it connects to multiple SR-MPLS domains.
- You will also configure the loopback interface underneath the node, and a node SID policy underneath the loopback interface.
Interfaces
- Supported types of interfaces are:
  - Routed interface or sub-interface
  - Routed port channel or port channel sub-interface
    For sub-interfaces, any VLAN tag is supported.
- You will also configure the underlay BGP peer policy underneath the interfaces area in the SR-MPLS infra L3Out.
QoS rules
- You can configure the MPLS ingress rule and MPLS egress rule through the MPLS QoS policy in the SR-MPLS infra L3Out.
- If you do not create an MPLS QoS policy, any ingressing MPLS traffic is assigned the default QoS level.

You will also configure the underlay and overlay through the SR-MPLS infra L3Out:

Underlay: BGP peer IP (BGP LU peer) configuration as part of the interface configuration.
Overlay: MP-BGP EVPN remote IPv4 address (MP-BGP EVPN peer) configuration as part of the logical node profile configuration.

Before you begin

Review the SR-MPLS guidelines and limitations provided in "Guidelines and Limitations" in the Cisco APIC Layer 3 Networking Configuration Guide, especially the guidelines and limitations provided in "Guidelines and Limitations for the SR-MPLS Infra L3Out."
(Optional) If necessary, configure an MPLS custom QoS policy using the procedures provided in Creating SR-MPLS Custom QoS Policy Using REST API.

Procedure

Post with information similar to the following:

POST https://<apic-ip-address>/api/policymgr/mo/uni.xml

<polUni>
  <fvTenant name="infra">
    <mplsIfPol name="default" />
    <mplsLabelPol name="default">
      <mplsSrgbLabelPol minSrgbLabel="16000" maxSrgbLabel="17000" localId="1" status="" />
    </mplsLabelPol>

    <l3extOut name="mplsOut" status="" descr="bl" mplsEnabled="yes">
      <l3extRsEctx tnFvCtxName="overlay-1" />
      <l3extProvLbl name="mpls" />
      <mplsExtP status="">
        <mplsRsLabelPol tDn="uni/tn-infra/mplslabelpol-default" />
      </mplsExtP>
      <l3extLNodeP name="mplsLNP" status="">
        <l3extRsNodeL3OutAtt rtrId="100.1.1.1" rtrIdLoopBack="no" tDn="topology/pod-1/node-101" status="">
          <l3extLoopBackIfP addr="10.10.10.11" status="">
            <mplsNodeSidP sidoffset="2" loopbackAddr="10.1.3.11" status="" />
          </l3extLoopBackIfP>
        </l3extRsNodeL3OutAtt>

        <l3extLIfP name="mplsLIfP1" status="">
          <mplsIfP status="">
            <mplsRsIfPol tnMplsIfPolName="default" />
          </mplsIfP>
          <l3extRsPathL3OutAtt addr="34.1.2.3/30" ifInstT="l3-port" tDn="topology/pod-1/paths-101/pathep-[eth1/8]">
            <bgpPeerP addr="9.9.9.7" addrTCtrl="af-ucast,af-label-ucast" ctrl="send-ext-com" ttl="1" status="">
              <bgpAsP asn="100" />
            </bgpPeerP>
          </l3extRsPathL3OutAtt>
        </l3extLIfP>
        <bgpInfraPeerP addr="20.1.1.1" ctrl="send-com,send-ext-com" peerT="sr-mpls" ttl="3" status="">
          <bgpAsP asn="100" />
        </bgpInfraPeerP>
      </l3extLNodeP>

      <l3extInstP name="mplsInstP">
        <l3extSubnet aggregate="" descr="" ip="11.11.11.0/24" name="" scope="import-security" />
      </l3extInstP>
      <bgpExtP />
      <l3extRsL3DomAtt tDn="uni/l3dom-l3extDom1" />
    </l3extOut>

  </fvTenant>
</polUni>

Configuring an SR-MPLS VRF L3Out

Using the procedures in this section, you will configure a SR-MPLS VRF L3Out, which will be used to forward traffic from the SR-MPLS infra L3Out that you configured in the previous set of procedures.

User tenant VRFs are mapped to the SR-MPLS infra L3Outs to advertise tenant bridge domain subnets to the DC-PE routers and import the MPLS VPN routes received from the DC-PE.
You must specify routing and security policies in the SR-MPLS VRF L3Out for each VRF. These policies point to one or more SR-MPLS infra L3Outs.
One SR-MPLS VRF L3Out is supported for each VRF.
You can configure multiple consumer labels in one SR-MPLS VRF L3Out, with each consumer label identifying one SR-MPLS infra L3Out. A consumer label identifies the entry and exit point for traffic to and from one SR-MPLS VRF L3Out, which is a particular MPLS domain for a particular pod or remote leaf switch.

Before you begin

Review the SR-MPLS guidelines and limitations provided in Guidelines and Limitations, especially the guidelines and limitations provided in Guidelines and Limitations for the SR-MPLS VRF L3Out.
Configure an SR-MPLS infra L3Out using the procedures provided in Configuring an SR-MPLS Infra L3Out Using the REST API.

Procedure

Post with information similar to the following:

POST https://<apic-ip-address>/api/policymgr/mo/uni.xml

<polUni>
  <fvTenant name="t1">
    <fvCtx name="v1">
      <!-- specify bgp evpn route-target -->
      <bgpRtTargetP af="ipv4-ucast">
        <bgpRtTarget rt="route-target:as4-nn2:100:1259" type="import" />
        <bgpRtTarget rt="route-target:as4-nn2:100:1259" type="export" />
      </bgpRtTargetP>
    </fvCtx>

    <!-- MPLS L3out -->
    <l3extOut name="out1" mplsEnabled="yes">
      <l3extRsEctx tnFvCtxName="v1" />

      <!-- MPLS consumer label -->
      <l3extConsLbl name="mpls1">
        <!-- route profile association -->
        <l3extRsLblToProfile tDn="uni/tn-t1/prof-rp1" direction="export" />
        <!-- InstP association -->
        <l3extRsLblToInstP tDn="uni/tn-t1/out-out1/instP-epgMpls1" />
      </l3extConsLbl>

      <!-- External-EPG -->
      <l3extInstP name="epgMpls1">
        <fvRsProv tnVzBrCPName="cp1" />
        <l3extSubnet ip="55.1.1.1/28" />
      </l3extInstP>
      <bgpExtP />
    </l3extOut>

    <!-- route control profile -->
    <rtctrlProfile descr="" name="rp1" type="global" status="">
      <rtctrlCtxP action="permit" descr="" name="ctx1" order="0">
        <rtctrlRsCtxPToSubjP status="" tnRtctrlSubjPName="subj1" />
      </rtctrlCtxP>
    </rtctrlProfile>
    <rtctrlSubjP descr="" name="subj1" status="">
      <rtctrlMatchRtDest ip="101.1.1.1/32" />
      <rtctrlMatchRtDest ip="102.1.1.0/24" aggregate="yes" />
    </rtctrlSubjP>

    <!-- Filter and Contract (global) -->
    <vzBrCP name="cp1" scope="global">
      <vzSubj name="allow-all">
        <vzRsSubjFiltAtt action="permit" tnVzFilterName="default" />
      </vzSubj>
    </vzBrCP>
  </fvTenant>
</polUni>

Creating an SR-MPLS Custom QoS Policy

SR-MPLS Custom QoS policy defines the priority of the packets coming from an SR-MPLS network while they are inside the ACI fabric based on the incoming MPLS EXP values defined in the MPLS QoS ingress policy. It also marks the CoS and MPLS EXP values of the packets leaving the ACI fabric through an MPLS interface based on IPv4 DSCP values defined in MPLS QoS egress policy.

If no custom ingress policy is defined, the default QoS Level (Level3) is assigned to packets inside the fabric. If no custom egress policy is defined, the default EXP value of 0 will be marked on packets leaving the fabric.

Procedure

Step 1

Create SR-MPLS QoS policy.

In the following POST:

Replace customqos1 with the name of the SR-MPLS QoS policy you want to create.
For the qosMplsIngressRule:
- Replace from="2" to="3" with the EXP range you want the policy to match.
- Replace prio="level5" with the ACI QoS Level for the packet while it's inside the ACI fabric.
- Replace target="CS5" with the DSCP value you want to set on the packet when it's matched.
- Replace targetCos="4" with the CoS value you want to set on the packet when it's matched.
For the qosMplsEgressRule:
- Replace from="CS2" to="CS4" with the DSCP range you want the policy to match.
- Replace targetExp="5" with the EXP value you want to set on the packet when it's leaving the fabric.
- Replace targetCos="3" with the CoS value you want to set on the packet when it's leaving the fabric.

POST https://<apic-ip-address>/api/policymgr/mo/uni.xml

<polUni>  
  <fvTenant name="infra">
    <qosMplsCustomPol descr="" dn="uni/tn-infra/qosmplscustom-customqos1" name="customqos1"  status="" >
        <qosMplsIngressRule from="2" to="3" prio="level5" target="CS5" targetCos="4" status="" />
        <qosMplsEgressRule from="CS2" to="CS4" targetExp="5" targetCos="3" status=""/>
    </qosMplsCustomPol>
  </fvTenant>
</polUni>

Step 2

Applying SR-MPLS QoS policy.

In the following POST, replace customqos1 with the name of the SR-MPLS QoS policy you created in the previous step.

POST https://<apic-ip-address>/api/policymgr/mo/uni.xml

<polUni>
    <fvTenant name="infra">
        <l3extOut name="mplsOut" status="" descr="bl">
            <l3extLNodeP name="mplsLNP" status="">
                <l3extRsLNodePMplsCustQosPol  tDn="uni/tn-infra/qosmplscustom-customqos1"/>
            </l3extLNodeP>
        </l3extOut>
    </fvTenant>
</polUni>