SRv6

SRv6 introduction

SRv6 is a technology that uses IPv6 to carry traffic over the network. It is a form of SR in modern networks that takes advantage of IPv6 capabilities by encoding instructions in the IPv6 packet header.

Network instructions represent a network programming capability, where the network encodes a network program into individual instructions, carried natively in the IPv6 extension headers. These instructions are called the SRv6 segment identifiers SIDs.

SRv6 terminology

SRH

Segment Routing Header (SRH) - is an extension header added to IPv6 packets to implement Segment Routing IPv6 (SRv6) based on the IPv6 forwarding plane. It stores IPv6 segment lists and specifies an IPv6 explicit path.

../../../../_images/srh.svg

SRv6 SRH header

SID

Segment Identifier. A term that represents a particular segment in a segment routing domain. Also called SRv6 segment, this segment is a 128-bit IPv6 address.

An SRv6 address is made up of multiple parts.

locator

The SID most significant bits part is the locator and represents the address of an SRv6 node, similar to the network address.

function

The function part is chosen by the local node to identify the behavior, performed locally on this node.

../../../../_images/srv6_sid.svg

SRv6 SID format.

An SRv6 locator is made up of the following blocks: Network Block and Node ID Block. The drawing below illustrates the SRv6 locator blocks.

../../../../_images/srv6_locator.svg

SRv6 Locator format.

As mentioned before, each SID has a specific behavior, based on the function part. Among the SRv6 behaviors one may distinguish:

End.DT4

An endpoint function for SRv6 instantiation of VPN IPv4 services. It is an endpoint decapsulation function associated with a L3VRF instance to transport IPv4 services over SRv6 data plane.

End.DT6

An endpoint function for SRv6 instantiation of VPN IPv6 services. It is an endpoint decapsulation function associated with a L3VRF instance to transport IPv6 services over SRv6 data plane.

SRv6 locator configuration

An SRv6 locator needs to be configured on every device where SRv6 is used. The example below shows how to configure the srv6-locator1 locator.

vsr running config# vrf main
vsr running vrf main# routing segment-routing ipv6 locator srv6-locator1
vsr running locator srv6-locator1#! prefix 2001:db8:1:2::/64
vsr running locator srv6-locator1# block-length 40
vsr running locator srv6-locator1# node-length 24
vsr running locator srv6-locator1# function-length 16

The chosen prefix length value must be equal to the sum of the block-length and node-length values.

To use the locator, the routing service needs to reference it in its configuration. The configuration below illustrates IS-IS using the locator.

vsr running config# vrf main
vsr running vrf main# routing isis instance 1
vsr running instance 1# segment-routing ipv6 locator srv6-locator1
vsr running instance 1#

The show segment-routing ipv6 locator command displays the SRv6 locator configuration.

vsr> show segment-routing ipv6 locator srv6-locator1

name            srv6-locator1
status          up
prefix          2001:db8:1:2::/64
block-length    40
node-length     24
function-length 16
chunks:
  - prefix 2001:db8:1:2::/64, protocol system

SRv6 locator sharing capabilities

The SRv6 locator provides SIDs values to multiple routing services, via the SID manager, which is responsible of allocating unused SIDs to the routing services.

The sharing capabilities of the SID manager allow to define an optional uncompressed-mode attribute for each SRv6 locator. It brings improved interworking with other SRv6 network equipment and a flexible SID allocation method: the SIDs allocation scheme is different; the SID function space is split in two pools of SIDs to avoid SID conflicts between routing services that request explicit SIDs, and other routing services that request dynamically allocated SIDs.

To use the uncompressed-mode attribute, the user must ensure that the locator settings are set appropriately. This option mandates that the locator prefix length is 64 bits, the block-id length is 40 bits, the node-id length is 24 bits, and the function-length is 16 bits.

The below configuration specifies a /64 prefix length locator that has the uncompressed-mode command. Both IS-IS and BGP services are used. In the configuration example the BGP service is using a manual SID allocation. When the SID function length equals 16 bits and manual BGP IPv6 SID is specified, the index value must be selected from [0xFF00, 0xFFFF] explicit SID range (equivalent decimal range is [65280, 65535]).

vsr running config# / vrf main l3vrf green table-id 10
vsr running config# / vrf main l3vrf green routing bgp as 65500
vsr running config#! / vrf main l3vrf green routing bgp router-id 192.0.1.1
vsr running config#! / vrf main l3vrf green routing bgp address-family ipv4-unicast network 192.168.100.0/24
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-distinguisher 65500:1
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export ipv6-sid 65281
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main interface physical eth1 port pci-b0s4
vsr running network 192.168.100.0/24#! / vrf main interface loopback loopback1 ipv6 address 2001:db8:f::1/128
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello interval level-1 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello multiplier level-1 3
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing bgp as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp router-id 192.0.1.1
vsr running network xx 192.168.100.0/24# / vrf main routing bgp segment-routing ipv6 locator srv6-locator1
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 remote-as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 capabilities extended-nexthop true
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-unicast enabled false
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-vpn enabled true
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 is-type level-1
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
vsr running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator srv6-locator1
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 prefix 2001:db8:0:1::/64
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 uncompressed-mode enabled true

Configured locator 2001:db8:0:1::/64 allows the sid manager to allocate the 2001:db8:0:1:ff01:: SID value to BGP along with 2001:db8:0:1:40:: SIDs for IS-IS.

vsr> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
I>* 2001:db8:0:1:40::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:04
B>* 2001:db8:0:1:ff01::/128 [20/0] is directly connected, green, seg6local End.DT4 table 10, weight 1, 00:00:02
L * 2001:db8:f::1/128 is directly connected, loopback1, 00:00:04
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:04
C * fe80::/64 is directly connected, eth1, 00:00:02
C * fe80::/64 is directly connected, loopback1, 00:00:04
C>* fe80::/64 is directly connected, sr0, 00:00:11
C * fe80::/64 is directly connected, fptun0, 00:00:22

4 routes displayed.

The mode auto is also possible to be used in BGP. Note that when the SID function length is 16 bits, the maximal selected SID auto value should be smaller than the hex value 0xFF00 or the decimal value 65280.

vsr running config# / vrf main l3vrf geeen routing bgp addres-family ipv4-unicast l3vpn export ipv6-sid auto

vsr> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
I>* 2001:db8:0:1:40::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:36
B>* 2001:db8:0:1:41::/128 [20/0] is directly connected, green, seg6local End.DT4 table 10, weight 1, 00:00:16
L * 2001:db8:f::1/128 is directly connected, loopback1, 00:00:36
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:36
C * fe80::/64 is directly connected, eth1, 00:00:34
C * fe80::/64 is directly connected, loopback1, 00:00:36
C>* fe80::/64 is directly connected, sr0, 00:00:43
C * fe80::/64 is directly connected, fptun0, 00:00:54

4 routes displayed.

For custom deployments when the format is not applied, the locator length is not restricted to 64 bits. To disable the format option applied previously, the next command may be used:

vsr running config# del / vrf main routing segment-routing ipv6 locator srv6-locator1 uncompressed-mode

The example below depicts the /64 locator length when the format is not applied and BGP SID is set to explicit from the range [0xFF00,0xFFFF] to avoid auto and explicit SIDs allocation conflicts:

vsr> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
I>* 2001:db8:0:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:05
B>* 2001:db8:0:1:1::/128 [20/0] is directly connected, green, seg6local End.DT4 table 10, weight 1, 00:00:03
L * 2001:db8:f::1/128 is directly connected, loopback1, 00:00:42
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:42
C * fe80::/64 is directly connected, eth1, 00:00:40
C * fe80::/64 is directly connected, loopback1, 00:00:42
C>* fe80::/64 is directly connected, sr0, 00:00:49
C * fe80::/64 is directly connected, fptun0, 00:01:00

4 routes displayed.

SRv6 source encapsulation

When a route with SRv6 segments is created, the original packets are generally encapsulated within an IPv6 header that includes the SRH. By default, the source address used is the IPv6 address of the outgoing interface. The below configuration command forces the source address:

vsr running config# / vrf main routing segment-routing ipv6 encapsulation-source 2001:db8:1:2::

See also

SRv6 segment-routing ipv6 sids

The show segment-routing ipv6 sids command displays the SRv6 SIDs configured. The configuration applied to the previous chapter displays the list of SIDs allocated and which routing service uses it.

vsr> show segment-routing ipv6 sids details
ipv6-sid         behavior context       protocol locator       allocation-type
========         ======== =======       ======== =======       ===============
2001:db8:0:1::   End      -             isis(0)  srv6-locator1 dynamic
2001:db8:0:1:1:: End.DT4  L3VRF 'green' bgp(0)   srv6-locator1 dynamic