SRv6¶
SRv6 introduction¶
SRv6 is a technology that uses IPv6 to carry traffic over the network. It is a form of SR in modern networks that takes advantage of IPv6 capabilities by encoding instructions in the IPv6 packet header.
Network instructions represent a network programming capability, where the network
encodes a network program into individual instructions, carried natively in the
IPv6 extension headers. These instructions are called the SRv6 segment identifiers
SIDs. SIDs are allocated on devices where it will be executed to apply a
behavior self to that SID. It is worth noting that optionally, multiple SRv6
segments can be encoded within a single 128-bit SID, by using a specific flavor
associated to the SID, called Next-CSID: reducing the SRv6 overhead is the
goal of that flavor, by compressing multiple CSIDs in a CSID container.
SRv6 terminology¶
- SRH
Segment Routing Header (SRH) - is an extension header added to IPv6 packets to implement Segment Routing IPv6 (SRv6) based on the IPv6 forwarding plane. It stores IPv6 segment lists and specifies an IPv6 explicit path.
SRv6 SRH header¶
- SID
Segment Identifier. A term that represents a particular segment in a segment routing domain. Also called SRv6 segment, this segment is a 128-bit IPv6 address.
- CSID
Compressed SID. A term that represents the compressed encoding of a SID, it includes the
Node ID Blockandfunctionbits of the SID being compressed.- CSID container
A term that represents a 128-bit IPv6 address that functions as a container holding a list of one or more CSIDs.
- Next-CSID
Next compressed SID behavior. A term that defines a flavor that uses the argument part, to determine the next SID to be processed.
- USID
SRv6 micro SID. A term that defines an instruction which use the compressed SRv6 segment list encoding in the SRH. This term is widely used in the industry.
- USID-F3216
USID format which uses a 32 bit
Network Blocksize, and a 16 bitsNode ID Blocksize. It also defines sub-pools in thelocatorthat SIDs are allocated from. This format is widely used in the industry.locatorThe SID most significant bits part is the
locatorand represents the address of an SRv6 node, similar to the network address.functionThe
functionpart is chosen by the local node to identify the behavior, performed locally on this node.argumentThe
argumentpart are optionally used by thefunctionbits when being executed: it helps to define the behavior to apply to incoming packets. Specifically, the Next-CSID flavor uses it to determine the next SID to be processed.
SRv6 SID format.¶
An SRv6 locator is made up of the following blocks: Network Block and
Node ID Block. The drawing below illustrates the SRv6 locator blocks.
SRv6 Locator format.¶
As mentioned before, each SID has a specific behavior, based on
the function part. Among the SRv6 behaviors one may distinguish:
EndAn
Endinstruction is associated to pass to the next SID of the segment list: if no SID is available, the SRH header is popped, and the inner packet is processed; or the next SID is processed, and IPv6 destination address packet is updated with the new selected SID.End.DT4An endpoint function for SRv6 instantiation of VPN IPv4 services. It is an endpoint decapsulation function associated with a L3VRF instance to transport IPv4 services over SRv6 data plane.
End.DT6An endpoint function for SRv6 instantiation of VPN IPv6 services. It is an endpoint decapsulation function associated with a L3VRF instance to transport IPv6 services over SRv6 data plane.
A different wording is used to name instructions which use the next-csid flavor:
The uN, uDT4 and uDT6 respectively indicate the above defined behaviors, and
tell that they use USID instructions.
SRv6 USID-F3216 format¶
SRv6 locator configuration¶
An SRv6 locator needs to be configured on every device where SRv6 is used.
The example below shows how to configure the srv6-locator1 locator.
vsr running config# vrf main
vsr running vrf main# routing segment-routing ipv6 locator srv6-locator1
vsr running locator srv6-locator1#! prefix 2001:db8:1:2::/64
vsr running locator srv6-locator1# block-length 40
vsr running locator srv6-locator1# node-length 24
vsr running locator srv6-locator1# function-length 16
The chosen prefix length value must be equal to the sum of the block-length and
node-length values.
To use the locator, the routing service needs to reference it in its configuration. The configuration below illustrates IS-IS using the locator.
vsr running config# vrf main
vsr running vrf main# routing isis instance 1
vsr running instance 1# segment-routing ipv6 locator srv6-locator1
vsr running instance 1#
The show segment-routing ipv6 locator command displays the SRv6 locator
configuration.
vsr> show segment-routing ipv6 locator srv6-locator1
name srv6-locator1
status up
prefix 2001:db8:1:2::/64
block-length 40
node-length 24
function-length 16
chunks:
- prefix 2001:db8:1:2::/64, protocol system
SRv6 locator sharing capabilities¶
The SRv6 locator provides SIDs values to multiple routing services,
via the SID manager, which is responsible of allocating unused SIDs
to the routing services. The sharing capabilities of the SID manager
allow to define optional mode attributes for each SRv6 locator.
SRv6 uncompressed modes¶
The mode-uncompressed-f4024 attribute brings improved interworking with
other SRv6 network equipment and a flexible SID allocation method:
the SIDs allocation scheme is different; the SID function space is
split in two pools of SIDs to avoid SID conflicts between routing
services that request explicit SIDs, and other routing services that
request dynamically allocated SIDs.
To use the mode-uncompressed-f4024 attribute, the user must ensure that the
locator settings are set appropriately. This option mandates that the
locator prefix length is 64 bits, the block-id length is 40 bits, the
node-id length is 24 bits, and the function-length is 16 bits.
The below configuration specifies a /64 prefix length locator that has
the mode-uncompressed-f4024 command. Both IS-IS and BGP services are used.
In the configuration example the BGP service is using a manual SID allocation.
When the SID function length equals 16 bits and manual BGP IPv6 SID is
specified, the index value must be selected from [0xFF00, 0xFFFF] explicit
SID range (equivalent decimal range is [65280, 65535]).
vsr running config# / vrf main l3vrf green table-id 10
vsr running config# / vrf main l3vrf green routing bgp as 65500
vsr running config#! / vrf main l3vrf green routing bgp router-id 192.0.1.1
vsr running config#! / vrf main l3vrf green routing bgp address-family ipv4-unicast network 192.168.100.0/24
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-distinguisher 65500:1
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export ipv6-sid 65281
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main interface physical eth1 port pci-b0s4
vsr running network 192.168.100.0/24#! / vrf main interface loopback loopback1 ipv6 address 2001:db8:f::1/128
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello interval level-1 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello multiplier level-1 3
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing bgp as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp router-id 192.0.1.1
vsr running network 192.168.100.0/24# / vrf main routing bgp segment-routing ipv6 locator srv6-locator1
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 remote-as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 capabilities extended-nexthop true
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-unicast enabled false
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-vpn enabled true
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 is-type level-1
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
vsr running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator srv6-locator1
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 prefix 2001:db8:0:1::/64
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 mode-uncompressed-f4024 enabled true
Configured locator 2001:db8:0:1::/64 allows the sid manager to allocate the 2001:db8:0:1:ff01:: SID
value to BGP along with 2001:db8:0:1:40:: SIDs for IS-IS.
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:0:1:40::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:04
B>* 2001:db8:0:1:ff01::/128 [20/0] is directly connected, green, seg6local uDT4 table 10, weight 1, 00:00:02
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:04
C * fe80::/64 is directly connected, eth1, 00:00:02
C>* fe80::/64 is directly connected, loopback1, 00:00:04
C * fe80::/64 is directly connected, sr0, 00:00:11
C * fe80::/64 is directly connected, fptun0, 00:00:22
7 routes displayed.
The mode auto is also possible to be used in BGP. Note that when the SID
function length is 16 bits, the maximal selected SID auto value should be
smaller than the hex value 0xFF00 or the decimal value 65280.
vsr running config# / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export ipv6-sid auto
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:1::/48 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:36
B>* 2001:db8:1:e000::/128 [20/0] is directly connected, green, seg6local uDT4 table 10, weight 1, 00:00:16
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:36
C * fe80::/64 is directly connected, eth1, 00:00:34
C>* fe80::/64 is directly connected, loopback1, 00:00:36
C * fe80::/64 is directly connected, sr0, 00:00:43
C * fe80::/64 is directly connected, fptun0, 00:00:54
7 routes displayed.
For custom deployments when the format is not applied, the locator length is not
restricted to 64 bits. To disable the format option applied previously, the next
command may be used:
vsr running config# del / vrf main routing segment-routing ipv6 locator srv6-locator1 mode-uncompressed-f4024
The example below depicts the /64 locator length when the format is not
applied and BGP SID is set to explicit from the range [0xFF00,0xFFFF] to
avoid auto and explicit SIDs allocation conflicts:
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:0:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:05
B>* 2001:db8:0:1:1::/128 [20/0] is directly connected, green, seg6local End.DT4 table 10, weight 1, 00:00:03
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:42
C * fe80::/64 is directly connected, eth1, 00:00:40
C>* fe80::/64 is directly connected, loopback1, 00:00:42
C * fe80::/64 is directly connected, sr0, 00:00:49
C * fe80::/64 is directly connected, fptun0, 00:01:00
4 routes displayed.
SRv6 compressed modes¶
The mode-micro-sid-f3216 attribute brings improved interworking with
other SRv6 network equipment and a flexible SID allocation method:
the SIDs allocation scheme is different; the SID function space is
split in two pools of SIDs to avoid SID conflicts between routing
services that request explicit SIDs, and other routing services that
request dynamically allocated SIDs.
To use the mode-micro-sid-f3216 attribute, the user must ensure that the
locator settings are set appropriately. This option mandates that the
locator prefix length is 48 bits, the block-id length is 32 bits, the
node-id length is 16 bits, and the function-length is 16 bits.
The below configuration specifies a /48 prefix length locator that has
the mode-micro-sid-f3216 command. Both IS-IS and BGP services are used.
In the configuration example the BGP service is using a manual SID allocation.
When the SID function length equals 16 bits and manual BGP IPv6 SID is
specified, the index value must be selected from [0xFE00, 0xFEFF] explicit
SID range (equivalent decimal range is [65024, 65279]).
vsr running config# / vrf main l3vrf green table-id 10
vsr running config# / vrf main l3vrf green routing bgp as 65500
vsr running config#! / vrf main l3vrf green routing bgp router-id 192.0.1.1
vsr running config#! / vrf main l3vrf green routing bgp address-family ipv4-unicast network 192.168.100.0/24
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export route-distinguisher 65500:1
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export ipv6-sid 65281
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import vpn true
vsr running network 192.168.100.0/24#! / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn import route-target 2:44
vsr running network 192.168.100.0/24#! / vrf main interface physical eth1 port pci-b0s4
vsr running network 192.168.100.0/24#! / vrf main interface loopback loopback1 ipv6 address 2001:db8:f::1/128
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello interval level-1 1
vsr running network 192.168.100.0/24#! / vrf main routing interface eth1 isis hello multiplier level-1 3
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis area-tag 1
vsr running network 192.168.100.0/24#! / vrf main routing interface loopback1 isis ipv6-routing true
vsr running network 192.168.100.0/24#! / vrf main routing bgp as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp router-id 192.0.1.1
vsr running network 192.168.100.0/24# / vrf main routing bgp segment-routing ipv6 locator srv6-locator1
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 remote-as 65500
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 capabilities extended-nexthop true
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-unicast enabled false
vsr running network 192.168.100.0/24# / vrf main routing bgp neighbor 2001:db7:f::2 address-family ipv4-vpn enabled true
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 is-type level-1
vsr running network 192.168.100.0/24# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
vsr running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator srv6-locator1
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 prefix 2001:db8:1::/48
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 block-length 32 node-length 16 function-length 16
vsr running ipv6-unicast# / vrf main routing segment-routing ipv6 locator srv6-locator1 mode-micro-sid-f3216 enabled true
Configured locator 2001:db8:1::/48 allows the sid manager to allocate the 2001:db8:1:ff01:: SID
value to BGP along with 2001:db8:1:: SIDs for IS-IS.
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:1::/48 [115/0] is directly connected, sr0, seg6local uN, weight 1, 00:00:04
B>* 2001:db8:0:1:ff01::/128 [20/0] is directly connected, green, seg6local uDT4 table 10, weight 1, 00:00:02
L * 2001:db8:f::1/128 is directly connected, loopback1, 00:00:04
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:04
C * fe80::/64 is directly connected, eth1, 00:00:02
C>* fe80::/64 is directly connected, loopback1, 00:00:04
C * fe80::/64 is directly connected, sr0, 00:00:11
C * fe80::/64 is directly connected, fptun0, 00:00:22
7 routes displayed.
The mode auto is also possible to be used in BGP. Note that when the SID
function length is 16 bits, the SID range values for the auto mode start
at 0xE000 and are smaller than 0xFE00 ([57344, 65024[ in decimal values).
vsr running config# / vrf main l3vrf green routing bgp address-family ipv4-unicast l3vpn export ipv6-sid auto
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:1:40::/48 [115/0] is directly connected, sr0, seg6local uN, weight 1, 00:00:36
B>* 2001:db8:1:e000::/128 [20/0] is directly connected, green, seg6local uDT4 table 10, weight 1, 00:00:16
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:36
C * fe80::/64 is directly connected, eth1, 00:00:34
C>* fe80::/64 is directly connected, loopback1, 00:00:36
C * fe80::/64 is directly connected, sr0, 00:00:43
C * fe80::/64 is directly connected, fptun0, 00:00:54
7 routes displayed.
For custom deployments there is an alternative compressed mode where the pools of explicit and dynamic SID values are less restrictive.
vsr running config# / vrf main routing segment-routing ipv6 locator srv6-locator1 mode-micro-sid enabled true
The example below depicts the same /48 locator when the mode-micro-sid mode is
applied and BGP SID is maintained to auto mode:
vsr> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
I>* 2001:db8:1::/48 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:05
B>* 2001:db8:1:1::/128 [20/0] is directly connected, green, seg6local uDT4 table 10, weight 1, 00:00:03
C>* 2001:db8:f::1/128 is directly connected, loopback1, 00:00:42
C * fe80::/64 is directly connected, eth1, 00:00:40
C>* fe80::/64 is directly connected, loopback1, 00:00:42
C * fe80::/64 is directly connected, sr0, 00:00:49
C * fe80::/64 is directly connected, fptun0, 00:01:00
7 routes displayed.
SRv6 source encapsulation¶
When a route with SRv6 segments is created, the original packets are generally encapsulated within an IPv6 header that includes the SRH. By default, the source address used is the IPv6 address of the outgoing interface. The below configuration command forces the source address:
vsr running config# / vrf main routing segment-routing ipv6 encapsulation-source 2001:db8:1:2::
See also
IPv6 Segment Routing header, RFC 8754.
Segment Routing over IPv6 (SRv6) Network Programming, RFC 8986.
BGP VPN service using SRv6, BGP srv6 overview.
IS-IS service using SRv6, ISIS srv6 overview.
Compressed SRv6 Segment List Encoding, RFC 9800.
SRv6 segment-routing ipv6 sids¶
The show segment-routing ipv6 sids command displays the SRv6 SIDs configured.
The configuration applied to the previous chapter displays the list of SIDs
allocated and which routing service uses it.
vsr> show segment-routing ipv6 sids details
ipv6-sid behavior context protocol locator allocation-type
======== ======== ======= ======== ======= ===============
2001:db8:0:1:: End - isis(0) srv6-locator1 dynamic
2001:db8:0:1:1:: End.DT4 L3VRF 'green' bgp(0) srv6-locator1 dynamic