We will deploy a multi-node lab with SROS routers running Segment Routing with EVPN and Flex Algo.
This is how the topology will look:
In order to deploy the lab you will need to have a copy of the SR-SIM 25.7.R1 image. This can be imported into docker using the following command:
sudo docker load -i srsim.tar.gzTo validate the image has been loaded you can run:
docker image listYou should see the following:
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.srlinux.dev/pub/nokia_srsim 25.7.R1 8c69dafa63f8 2 days ago 1.97GB
Once the correct SROS image has been loaded you must ensure you have the license file called srsim25.lic downloaded and loaded into the project folder.
With the image and license file correctly loaded, to deploy the lab type:
sudo clab deploy -cThe deployment will wait for the SR OS nodes to boot up.
At the end of the deployment, the following table will be displayed. Wait for the sros boot to be completed (see next section), before trying to login to sros.
╭─────────────┬──────────────────────────────────────────────┬─────────┬───────────────────╮
│ Name │ Kind/Image │ State │ IPv4/6 Address │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ chi1 │ nokia_srsim │ running │ 172.20.20.4 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::4 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ chi2 │ nokia_srsim │ running │ 172.20.20.3 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::3 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-chi1 │ linux │ running │ 172.20.20.9 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::9 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-chi2 │ linux │ running │ 172.20.20.13 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::d │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-dal1 │ linux │ running │ 172.20.20.10 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::a │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-dal2 │ linux │ running │ 172.20.20.5 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::5 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-nyc1 │ linux │ running │ 172.20.20.12 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::c │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ client-nyc2 │ linux │ running │ 172.20.20.7 │
│ │ ghcr.io/srl-labs/network-multitool │ │ 3fff:172:20:20::7 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ dal1 │ nokia_srsim │ running │ 172.20.20.2 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::2 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ dal2 │ nokia_srsim │ running │ 172.20.20.8 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::8 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ nyc1 │ nokia_srsim │ running │ 172.20.20.6 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::6 │
├─────────────┼──────────────────────────────────────────────┼─────────┼───────────────────┤
│ nyc2 │ nokia_srsim │ running │ 172.20.20.11 │
│ │ registry.srlinux.dev/pub/nokia_srsim:25.7.R1 │ │ 3fff:172:20:20::b │
╰─────────────┴──────────────────────────────────────────────┴─────────┴───────────────────╯To monitor the boot process of SR OS nodes, you can open a new terminal and run the following command:
sudo docker logs -f chi1To connect to an SROS node:
ssh admin@chi1To connect to a linux client node:
docker exec -it client-chi1 shAfter the lab is deployed, let's start verifying the configuration.
Check the interface status on CHI1 (SROS):
show router interface
Expected output:
===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name Adm Opr(v4/v6) Mode Port/SapId
IP-Address PfxState
-------------------------------------------------------------------------------
To-CHI2 Up Up/Down Network 1/1/c4/1
10.21.22.21/24 n/a
To-DAL1 Up Up/Down Network 1/1/c1/1
10.11.21.21/24 n/a
To-NYC1 Up Up/Down Network 1/1/c2/1
10.21.31.21/24 n/a
system Up Up/Down Network system
21.21.21.21/32 n/a
-------------------------------------------------------------------------------
Interfaces : 4
===============================================================================
Check IS-IS status on CHI1 (SROS):
show router isis status
Expected output:
===============================================================================
Rtr Base ISIS Instance 0 Status
===============================================================================
ISIS Cfg System Id : 0000.0000.0000
ISIS Oper System Id : 0210.2102.1021
ISIS Cfg Router Id : 0.0.0.0
ISIS Oper Router Id : 21.21.21.21
ISIS Cfg IPv6 Router Id : ::
ISIS Oper IPv6 Router Id : ::
ASN : 0
Admin State : Up
Oper State : Up
Ipv4 Routing : Enabled
Ipv6 Routing : Disabled
<snip>
===============================================================================
Check IS-IS adjacency on CHI1 (SROS)
show router isis adjacency
Expected output:
===============================================================================
Rtr Base ISIS Instance 0 Adjacency
===============================================================================
System ID Usage State Hold Interface MT-ID
-------------------------------------------------------------------------------
chi2-sr1 L1L2 Up 20 To-CHI2 0
dal1-sr1 L1L2 Up 19 To-DAL1 0
nyc1-sr1 L1L2 Up 19 To-NYC1 0
-------------------------------------------------------------------------------
Adjacencies : 3
===============================================================================
Check tunnel table on CHI1 (SROS):
show router tunnel-table
Expected output:
A:admin@chi1# show router tunnel-table
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
10.11.21.11/32 isis (0) MPLS 524289 11 10.11.21.11 0
10.21.22.22/32 isis (0) MPLS 524295 11 10.21.22.22 0
10.21.31.31/32 isis (0) MPLS 524290 11 10.21.31.31 0
11.11.11.11/32 isis (0) MPLS 524294 11 10.11.21.11 10
11.11.11.11/32 isis (0) MPLS 524292 11 10.21.22.22 30000
12.12.12.12/32 isis (0) MPLS 524301 11 10.11.21.11 20
12.12.12.12/32 isis (0) MPLS 524298 11 10.21.22.22 20000
22.22.22.22/32 isis (0) MPLS 524299 11 10.21.22.22 10
22.22.22.22/32 isis (0) MPLS 524296 11 10.21.22.22 10000
31.31.31.31/32 isis (0) MPLS 524293 11 10.21.31.31 10
31.31.31.31/32 isis (0) MPLS 524291 11 10.21.22.22 30000
32.32.32.32/32 isis (0) MPLS 524300 11 10.21.22.22 20
32.32.32.32/32 isis (0) MPLS 524297 11 10.21.22.22 20000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
Check BGP status on CHI1 (SROS)
show router bgp summary
Expected output:
===============================================================================
BGP Router ID:21.21.21.21 AS:65500 Local AS:65500
===============================================================================
BGP Admin State : Up BGP Oper State : Up
Total Peer Groups : 1 Total Peers : 5
<snip>
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
11.11.11.11
65500 967 0 07h59m24s 2/2/2 (Evpn)
966 0
12.12.12.12
65500 967 0 07h59m24s 2/2/2 (Evpn)
966 0
22.22.22.22
65500 966 0 07h59m24s 2/2/2 (Evpn)
967 0
31.31.31.31
65500 966 0 07h59m24s 2/2/2 (Evpn)
966 0
32.32.32.32
65500 966 0 07h59m24s 2/2/2 (Evpn)
967 0
-------------------------------------------------------------------------------
Check BGP EVPN routes on CHI1 (SROS)
show router bgp routes evpn ip-prefix
Expected output:
===============================================================================
BGP Router ID:21.21.21.21 AS:65500 Local AS:65500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 11.11.11.11:200 192.168.11.0/24
0 00:00:00:00:00:00
11.11.11.11
LABEL 524287
ESI-0
u*>i 11.11.11.11:200 192.168.11.254/32
0 00:00:00:00:00:00
11.11.11.11
LABEL 524287
ESI-0
u*>i 12.12.12.12:200 192.168.12.0/24
0 00:00:00:00:00:00
12.12.12.12
LABEL 524287
ESI-0
u*>i 12.12.12.12:200 192.168.12.254/32
0 00:00:00:00:00:00
12.12.12.12
LABEL 524287
ESI-0
u*>i 22.22.22.22:200 192.168.22.0/24
0 00:00:00:00:00:00
22.22.22.22
LABEL 524287
ESI-0
u*>i 22.22.22.22:200 192.168.22.254/32
0 00:00:00:00:00:00
22.22.22.22
LABEL 524287
ESI-0
u*>i 31.31.31.31:200 192.168.31.0/24
0 00:00:00:00:00:00
31.31.31.31
LABEL 524287
ESI-0
u*>i 31.31.31.31:200 192.168.31.254/32
0 00:00:00:00:00:00
31.31.31.31
LABEL 524287
ESI-0
u*>i 32.32.32.32:200 192.168.32.0/24
0 00:00:00:00:00:00
32.32.32.32
LABEL 524287
ESI-0
u*>i 32.32.32.32:200 192.168.32.254/32
0 00:00:00:00:00:00
32.32.32.32
LABEL 524287
ESI-0
-------------------------------------------------------------------------------
Routes : 10
===============================================================================
Check service status on CHI1 (SROS)
show service id "tenant1" base
Expected output:
===============================================================================
Service Basic Information
===============================================================================
Service Id : 200 Vpn Id : 0
Service Type : VPRN
MACSec enabled : no
Name : tenant1
Description : (Not Specified)
Customer Id : 200 Creation Origin : manual
Last Status Change: 07/09/2025 22:01:41
Last Mgmt Change : 07/09/2025 22:01:41
Admin State : Up Oper State : Up
<snip>
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier Type AdmMTU OprMTU Adm Opr
-------------------------------------------------------------------------------
sap:1/1/c6/1 null 1514 1514 Up Up
===============================================================================
Login to client-dal1
docker exec -it client-dal1 bashPing client-nyc2 IP from client-dal1
ping -c 3 192.168.32.32Expected output
PING 192.168.32.32 (192.168.32.32) 56(84) bytes of data.
64 bytes from 192.168.32.32: icmp_seq=1 ttl=62 time=5.54 ms
64 bytes from 192.168.32.32: icmp_seq=2 ttl=62 time=6.16 ms
64 bytes from 192.168.32.32: icmp_seq=3 ttl=62 time=5.52 ms
--- 192.168.32.32 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 5.521/5.740/6.160/0.296 ms| Client | IP Address |
|---|---|
| client-dal1 | 192.168.11.11 |
| client-dal2 | 192.168.12.12 |
| client-chi1 | 192.168.21.21 |
| client-chi2 | 192.168.22.22 |
| client-nyc1 | 192.168.31.31 |
| client-nyc2 | 192.168.32.32 |
This lab has IS-IS FlexAlgo enabled based on delay and we have increased the link delay between DAL1 and CHI1 and also between CHI1 and NYC1. This demonstrates we can influence traffic from client-dal1 to client-nyc1 along the longer path across the bottom of the topology (dal1 -> dal2 -> chi2 -> nyc2 -> nyc1) rather than the shortest path (dal1 -> chi1 -> nyc1) based on FlexAlgo metrics. To validate the traffic path you can do an OAM LSP-Trace on DAL1 to the loopback on NYC1:
A:admin@dal1# oam lsp-trace sr-isis prefix 31.31.31.31/32 source-ip-address 11.11.11.11 flex-algo 128
lsp-trace to 31.31.31.31/32: 1 hops min, 30 hops max, 104 byte packets
1 12.12.12.12 rtt=2.85ms rc=8(DSRtrMatchLabel) rsc=1
2 22.22.22.22 rtt=3.17ms rc=8(DSRtrMatchLabel) rsc=1
3 32.32.32.32 rtt=7.08ms rc=8(DSRtrMatchLabel) rsc=1
4 31.31.31.31 rtt=4.69ms rc=3(EgressRtr) rsc=1
To validate the path traffic would take without FlexAlgo you can run this command:
A:admin@dal1# oam lsp-trace sr-isis prefix 31.31.31.31/32 source-ip-address 11.11.11.11
lsp-trace to 31.31.31.31/32: 1 hops min, 30 hops max, 104 byte packets
1 21.21.21.21 rtt=4.35ms rc=8(DSRtrMatchLabel) rsc=1
2 31.31.31.31 rtt=5.92ms rc=3(EgressRtr) rsc=1