Egress Peer Engineering | This article explains how BGP egress peer engineering in Segment Routing enables ingress node to steer traffic via specific egress node to a particular BGP peer or peering link. Segment Routing implementation of BGP egress peer engineering overrides BGP best-path selection criteria while selecting path to the BGP peer in another Autonomous system or peering link. To achieve this, centralized controller (SR-PCE) instructs ingress node to steer traffic via specific path. SR BGP EPE (Egress peer Engineering) uses peering-SID to accomplish such traffic engineering. Peering-SID can be thought of BGP variant of IGP adjacency-SID. More details on SR-PCE can be found here (SR-PCE for multi-domain SRTE) and details on IGP & BGP segments here (Segment Routing control plane).
A brief on existing BGP engineering (without Segment Routing)
Lets first understand existing BGP egress peer engineering which uses classic BGP best-path selection criteria. Refer here for details information on BGP best-path selection algorithm. Please refer below topology,
BGP Multi-AS Network
In the above network, AS1 has BGP peering with AS2 and AS3 via nodes N3 and N4. Destination prefixes 100.100.100.0/24 and 18.104.22.168/24 are present in AS4 . AS4 advertises these prefixes to AS2 & AS3 which in turn advertises these prefixes to AS1. AS1 receives these prefixes from different sources such as node 5 in AS2 and eBGP peers Node 6 and Node 7 of AS3 .
Now , there are multiple paths available to reach prefixes in AS4 , there are four different paths available from AS1 to reach AS4, these are N3 to N5, N4 to N5, N4 to N6 and N4 to N7. BGP uses best-path selection rules to select one path . Moreover, routing policies are also used by operator to influence the best-path selection. Such routing policies offers some sort of flexibility and control on how traffic exit AS. These mechanisms are limited by BGP best-path selection algorithm and does not offers much granularity.
BGP Egress Peer Engineering – Leveraging Segment Routing
Segment Routing based BGP Egress Peer Engineering provides fine grained control over egress path selection. This solution uses centralized controller , which instructs ingress PE node to use specific egress ASBR or a particular peer link/interface or neighbour to reach destination prefix. Refer to the IETF draft here (draft-ietf-spring-segment-routing-central-epe-10).
To provide this functionality, BGP peering SIDs are used which steer traffic to specific BGP peer or specific peering interface/link. This is similar to what is achieved using IGP adjacency-SID. Lets understand this with help of example , refer below topology,
Segment Routing Egress Peer Engineering
Suppose Segment Routing is enabled on nodes in AS1 (N1, N2, N3 and N4). Nodes in AS2, AS3 and AS4 does not support or enabled for Segment Routing. Now, operator wants to send traffic via Node 5 in AS2 if destination prefix is 100.100.100.0/24 , and via N7 in AS3 if destination prefix is 22.214.171.124/24. Segment Routing offers this level of granularity and lets see the steps below how to achieve this,
- Node 3 and Node 4 advertises IGP prefix-SID as 17003 and 17004 in AS1.
- Node 4 is allocated BGP peering SID 30405 for its peering session with Node 5 in AS2.
- Node 4 is allocated BGP peering SID 30407 for its peering session with Node 7 in AS3.
- Suppose ingress node is N1 where traffic flows are initiated for the destination prefixes in AS4.
- SR Policy is configured on Node 1(N1) , SID-list on N1 will be (17004, 30405) for destination prefix 100.100.100.0/24. 17004 is the top label SID to reach N4 (using IGP shortest path) , then 30405 SID will steer traffic over BGP peer link to Node N5.
- Another SR Policy is configured on N1 with SID-list (17004, 30407) for destination prefix 126.96.36.199/24.
- Any other traffic will follow default forwarding behaviour using BGP bets-path selection rules.
SR Egress peer engineering is to be enabled only on egress peer nodes (ASBR) and SR-PCE controller. These border nodes also advertise BGP peering SIDs in BGP-LS so that SR-PCE controller can learn this information and leverage this information in SR policies.
Segment Routing enables more granular mechanism for BGP egress peer engineering in multi-AS network. It can be used in use cases such as creating SR policies using peering-SID as explained in above example. Another use case is inter-domain (inter-AS) SR policy path . SR-PCE controller receives all information via BGP-LS to have consolidated view of all domains. SR-PCE can then compute the required end-to-end SR Policy path across multi-domain (Multi-AS) network. In summary, BGP Egress peer Engineering in Segment Routing is more flexible and granular in providing BGP egress traffic engineering . Also, if you want to become expert on Segment Routing with in-depth knowledge , you can buy these highly recommended books , segment routing part-1 and segment routing part-II
I hope this article is useful . Please provide comments below if you have any query or clarification.