Device Configurations

This section provides device configurations that are necessary for device onboarding and multiple SR-PCE setup. For more information on adding devices and SR-PCE providers, see the "Manage Inventory" chapter in the Cisco Crosswork Optimization Engine User Guide.

Prerequisites for Onboarding Devices

Before adding devices, you must ensure that the devices themselves are configured to collect and transmit telemetry data properly and communicate successfully with Cisco Crosswork Optimization Engine. The following sections provide sample configurations for a variety of communications options. Use them as a guide to configuring the devices you plan to manage using Cisco Crosswork Optimization Engine.

Pre-Onboarding SNMP v2 Device Configuration


Note

Only users configured with privilege level 15 can use the NETCONF APIs. Privilege level 15 can be used to configure the "enable" password option in XE devices. In such cases, NETCONF should not be included as one of the protocols to verify reachability and operational state for the onboarded devices.


Note

Only SNMPv2 and SNMPv3 (NoAuth/NoPriv) traps are supported.

The following commands provide a sample pre-onboarding device configuration that sets the correct SNMPv2 and NETCONF configuration, and SSH and Telnet rate limits. The NETCONF setting is only needed if the device is MDT-capable (XR 6.5.3/6.6.3 or higher). 

logging console debugging
logging monitor debugging
telnet vrf default ipv4 server max-servers 100
telnet vrf default ipv6 server max-servers 100
crypto key generate rsa
line default
 exec-timeout 0 0
 width 107
 length 37
 absolute-timeout 0
!
snmp-server community public RO
snmp-server community robot-demo2 RO
snmp-server ifindex persist
ntp
 server <NTPServerIPAddress>
!
service cli history size 5000
service cli interactive disable
ssh server v2
ssh server vrf default
ssh server netconf vrf default
ssh server logging
ssh server rate-limit 100
ssh server session-limit 100
grpc      
 port 57400
!         
netconf agent tty
!         
netconf-yang agent
 ssh      
!

Pre-Onboarding SNMPv3 Device Configuration

If you want to enable SNMPv3 data collection, repeat the SNMPv2 configuration commands in the previous section, and add the following commands: 

snmp-server group grpauthpriv v3 priv notify v1default
snmp-server user <user-ID> grpauthpriv v3 auth md5 <password> priv aes 128 <password>

Configure Redundant Cisco SR-PCEs

You can set up two Cisco SR-PCEs to ensure high availability (HA). The two Cisco SR-PCE providers must have matching configurations, supporting the same network topology. In HA, if the primary SR-PCE becomes unreachable, Cisco Crosswork Optimization Engine uses the secondary SR-PCE to discover the network topology. The network topology will continue to be updated correctly and you can view SR-PCE connectivity events in the Events table.

Configure HA

The following configurations must be done to enable HA when two Cisco SR-PCE providers are added in Cisco Crosswork Optimization Engine. To enable HA, both SR-PCEs must have network connectivity between them for communication and syncing purposes.

Issue the following commands on each of the Cisco SR-PCE devices:

Enable the interface:
# interface <interface><slot>/<port>
ipv4 address <sync-link-interface-ip-address> <subnet-mask>
no shut

Enable HA: 


# pce rest sibling ipv4 <other-node-pce-address>
Establish a sync link between the two SR-PCEs:
# router static
address-family ipv4 unicast
<other-node-pce-ip-address>/<subnet-mask-length> <remote-sync-link-ip-address>

(Optional) # pce segment-routing traffic-eng peer ipv4 <other-node-pce-ip-address>

It should be entered for each PCC and not for other PCE nodes.

Issue the following command on the PCC:

For SR Policies: # segment-routing traffic-eng pcc redundancy pcc-centric

For RSVP-TE Tunnels: # mpls traffic-eng pce stateful-client redundancy pcc-centric

Confirm Sibling SR-PCE Configuration

From the SR-PCE, enter the show tcp brief command to verify synchronization between SR-PCEs in HA are intact: 

#show tcp brief | include <remote-SR-PCE-router-id>

Confirm that following information is correct:

Local Address Foreign Address

State

<local-SR-PCE-router-id>:8080

<local-SR-PCE-router-id>:<any-port-id>

ESTAB

<local-SR-PCE-router-id>:<any-port-id>

<local-SR-PCE-router-id>:8080

ESTAB

SR-PCE Delegation

Depending on where an SR policy is created, the following SR-PCE delegation occurs:

  • SR-PCE initiated—Policies configured on a PCE. SR policies are delegated back to the source SR-PCE.


    Note

    • The policy can be PCE initiated even if it is created using the UI, but in that case it is not configured explicitly on SR-PCE.

    • RSVP-TE tunnels cannot be configured directly on a PCE.

  • PCC initiated—An SR policy or RSVP-TE tunnel that is configured directly on a device. The SR-PCE configured with the lowest precedence is the delegated SR-PCE. If precedence is not set, then SR-PCE with the lowest PCE IP address is the delegated SR-PCE. The following configuration example, shows that 10.0.0.1 is assigned a precedence value of 10 and will be the delegated SR-PCE. 

    segment-routing
  traffic-eng
    pcc
      source-address ipv4 10.0.0.2
      pce address ipv4 10.0.0.1
        precedence 10
       !
      pce address ipv4 10.0.0.8
        precedence 20
       !
       report-all
       redundancy pcc-centric

    For RSVP-TE Tunnel:

    mpls traffic-eng
interface GigabitEthernet0/0/0/0
  admin-weight 1
!
interface GigabitEthernet0/0/0/1
  admin-weight 1
!
interface GigabitEthernet0/0/0/2
  admin-weight 1
!
pce
  peer source ipv4 192.168.0.02
  peer ipv4 192.168.0.9
    precedence 10
  !
  peer ipv4 192.168.0.10
    precedence 20
  !
  stateful-client
   instantiation
   report
   redundancy pcc-centric
   autoroute-announce
  !
!
auto-tunnel pcc
  tunnel-id min 990 max 999

  • Cisco Crosswork Optimization Engine SR-PCE initiated—An SR policy that is configured using Cisco Crosswork Optimization Engine. SR-PCE delegation is random per policy.


    Note
    Only TE tunnels (SR policies or RSVP-TE tunnels) created by Cisco Crosswork Optimization Engine can be modified or deleted by Cisco Crosswork Optimization Engine.

HA Notes and Limitations

  • It is assumed that all PCCs are PCEP connected to both SR-PCEs.

  • When an SR-PCE is disconnected only from Cisco Crosswork Optimization Engine, the following occur:

    • SR-PCE delegation assignments remain, but the SR-PCE that has been disconnected will not appear in Cisco Crosswork Optimization Engine.

    • You are not able to modify Cisco Crosswork Optimization Engine SR-PCE initiated SR policies if the disconnected SR-PCE is the delegated PCE.

  • After an SR-PCE reloads, do the following:

    1. Execute the following command: 
      # process restart pce_server

    2. From the UI, navigate to Inventory Management > Providers and delete the PCE sibling configuration in both SR-PCEs and then add the sibling configuration back again.

  • In some cases, when an SR policy that was created via the UI is automatically deleted (intentional and expected) from Cisco Crosswork Optimization Engine, a warning message does not appear. For example, if the source PCC is reloaded, the UI created SR policy disappears and the user is not informed.

  • In an extreme case where one SR-PCE fails on all links (to PCCs/topology devices) except the up-link to Cisco Crosswork Optimization Engine, then topology information will not be accurate in Cisco Crosswork Optimization Engine. When this happens, fix the connectivity issue or delete both SR-PCEs from the Provider page and re-add the one that is reachable.

SR-PCE Configuration Examples

The following configurations are examples to guide you in a multiple SR-PCE setup for HA. Please modify accordingly.

Sample redundant SR-PCE configuration (on PCE)


pce
 address ipv4 192.168.0.7
 rest
  sibling ipv4 192.168.0.6

Sample redundant SR-PCE Configuration (PCC)

segment-routing
 traffic-eng
  pcc
   source-address ipv4 192.0.2.1
   pce address ipv4 192.0.2.6
    precedence 200
   !
   pce address ipv4 192.0.2.7
    precedence 100
   !
   report-all
   redundancy pcc-centric

Sample redundant SR-PCE Configuration (on PCC) for RSVP-TE


Note

Loopback0 represents the TE router ID. 


ipv4 unnumbered mpls traffic-eng Loopback0
!
mpls traffic-eng
 pce
  peer source ipv4 209.165.255.1
  peer ipv4 209.165.0.6
   precedence 200
  !
  peer ipv4 209.165.0.7
   precedence 100
  !
  stateful-client
   instantiation
   report
   redundancy pcc-centric
   autoroute-announce
  !
 !
 auto-tunnel pcc
  tunnel-id min 1000 max 1999
 !
!

Sample SR-TM Configuation


telemetry model-driven
 destination-group crosswork
  address-family ipv4 198.18.1.219 port 9010
   encoding self-describing-gpb
   protocol tcp
  !
 !
 sensor-group SRTM
  sensor-path Cisco-IOS-XR-infra-tc-oper:traffic-collector/afs/af/counters/tunnels
  sensor-path Cisco-IOS-XR-infra-tc-oper:traffic-collector/vrf-table/default-vrf/afs/af/counters/prefixes
 !
 subscription OE
  sensor-group-id SRTM sample-interval 60000
  destination-id crosswork
  source-interface Loopback0
!
traffic-collector
 interface GigabitEthernet0/0/0/3
 !
 statistics
  history-size 10

Note

The destination address uses the southbound data interface (eth1) address of the Cisco Crosswork Data Gateway VM.