SR-TE PCC Features

Load isis.sr.vpnv4.and.te.enabled.cfg

configure
load bootflash:isis.sr.vpnv4.and.te.enabled.cfg
commit replace
y

Configure R10 as a PCE and R1 as a PCC. Use the password PASSWORD for the PCEP session.

Configure a locally-calculated policy on R1 with R7 as the endpoint using an IGP metric. Configure R1 to report this policy to R10.

Answer

#R1
segment-routing
 traffic-eng
  policy POL1
   color 10 end-point ipv4 7.7.7.1
   candidate-paths
    preference 100
     dynamic
      metric
       type igp
  !
  pcc
   source-address ipv4 1.1.1.1
   pce address ipv4 10.10.10.1
    password clear PASSWORD
   !
   report-all

#R10
pce
 address ipv4 10.10.10.1
 password clear PASSWORD

Explanation

Similar to BGP and LDP, you can use TCP option 19 (MD5 Signature) for authentication with PCEP sessions. You simply specify a password for the pce server:

#R1
segment-routing
 traffic-eng
  pcc
   source-address ipv4 1.1.1.1
   pce address ipv4 10.10.10.1
    password clear PASSWORD

#R10
pce
 address ipv4 10.10.10.1
 password clear PASSWORD

You can verify that the MD5 flag is on in the TCP details:

By default, the PCC does not report its locally-calculated policies to the PCE. You might want even locally-calculated policies to be reported to the PCE so that it can use that information itself, or provide all path information to applications through the PCE’s own northbound interface. At this moment, I’ve configured the policy on R1 but I am not reporting all policies to the PCE yet. Notice that R10 does not know of any LSPs yet:

We’ll now configure R1 to report all LSPs:

#R1
segment-routing
 traffic-eng
  pcc
   report-all

Immediately, R1 reports its single LSP to the PCE.

Above, we can tell that this policy was only reported to the PCE because the computed path section is “None.”