SRTE SRv6 configuration¶
This chapter describes the necessary elements to know when forging an SRv6 policy.
Basic segment routing policy configuration¶
SRv6 configuration and color configuration¶
The configured services rely on a SRv6 configuration with the IS-IS protocol.
The rt1
device will be configured to steer the fd00:200::/64
traffic to the rt4
device.
Basic topology example to illustrate segment routing ipv6 policies configuration.¶
The configuration of the rt1
, rt2
, rt3
and rt4
devices is given below.
Like for SR-TE configuration for MPLS, coloring is necessary, and applies to incoming
BGP routes received. Reversely, the return traffic originating from rt4
will be
steered to rt1
with a policy, thanks to a color
extended community attached to the
outgoing BGP route fd00:100::/64
.
rt1
rt1 running config# / vrf main interface physical eth2 port pci-b0s5
rt1 running config# / vrf main interface physical eth2 ipv6 address fd00:125::1/64
rt1 running config# / vrf main interface physical eth3 port pci-b0s6
rt1 running config# / vrf main interface physical eth3 ipv6 address fd00:130::1/64
rt1 running config# / vrf main interface physical eth4 port pci-b0s7
rt1 running config# / vrf main interface physical eth4 ipv6 address fd00:100::1/64
rt1 running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
rt1 running config# / vrf main interface loopback loop1 ipv6 address 1:1::1:1/128
rt1 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:1::/64
rt1 running config# / vrf main routing interface loop1 isis area-tag 1
rt1 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt1 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing interface eth3 isis area-tag 1
rt1 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt1 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing interface eth3 isis metric level-1 5
rt1 running config#! / vrf main routing interface eth2 isis area-tag 1
rt1 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt1 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing isis instance 1 is-type level-1
rt1 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
rt1 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt1 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:1::/64
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt1 running ipv6-unicast# / routing route-map rmap seq 10 policy permit
rt1 running ipv6-unicast# / routing route-map rmap seq 10 set sr-te color 15
rt1 running ipv6-unicast# / routing route-map rmap_out seq 10 policy permit
rt1 running ipv6-unicast# / routing route-map rmap_out seq 10 set extcommunity color 25
rt1 running ipv6-unicast# / vrf main routing bgp as 65500
rt1 running ipv6-unicast# / vrf main routing bgp router-id 1.1.1.1
rt1 running ipv6-unicast# / vrf main routing bgp network-import-check false
rt1 running ipv6-unicast# / vrf main routing bgp address-family ipv6-unicast network fd00:100::/64
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 remote-as 65500
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 update-source loop1
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv4-unicast enabled false
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast enabled true
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast route-map in route-map-name rmap
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast route-map out route-map-name rmap_out
rt2
rt2 running config# / vrf main interface physical eth3 port pci-b0s6
rt2 running config# / vrf main interface physical eth3 ipv6 address fd00:125::2/64
rt2 running config# / vrf main interface physical eth1 port pci-b0s4
rt2 running config# / vrf main interface physical eth1 ipv6 address fd00:126::2/64
rt2 running config# / vrf main interface physical eth2 port pci-b0s5
rt2 running config# / vrf main interface physical eth2 ipv6 address fd00:131::2/64
rt2 running config# / vrf main interface loopback loop1 ipv4 address 2.2.2.2/32
rt2 running config# / vrf main interface loopback loop1 ipv6 address 2:2::2:2/128
rt2 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:2::/64
rt2 running config# / vrf main routing interface loop1 isis area-tag 1
rt2 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth1 isis area-tag 1
rt2 running config#! / vrf main routing interface eth1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth1 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth1 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth2 isis area-tag 1
rt2 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth3 isis area-tag 1
rt2 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing isis instance 1 is-type level-1
rt2 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.2222.00
rt2 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt2 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:2::/64
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt3
rt3 running config# / vrf main interface physical eth3 port pci-b0s6
rt3 running config# / vrf main interface physical eth3 ipv6 address fd00:127::3/64
rt3 running config# / vrf main interface physical eth1 port pci-b0s4
rt3 running config# / vrf main interface physical eth1 ipv6 address fd00:126::3/64
rt3 running config# / vrf main interface physical eth2 port pci-b0s5
rt3 running config# / vrf main interface physical eth2 ipv6 address fd00:130::3/64
rt3 running config# / vrf main interface loopback loop1 ipv4 address 3.3.3.3/32
rt3 running config# / vrf main interface loopback loop1 ipv6 address 3:3::3:3/128
rt3 running config# / vrf main routing interface loop1 isis area-tag 1
rt3 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt3 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth2 isis area-tag 1
rt3 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth2 isis metric level-1 5
rt3 running config#! / vrf main routing interface eth1 isis area-tag 1
rt3 running config#! / vrf main routing interface eth1 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth1 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth1 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth3 isis area-tag 1
rt3 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth3 isis metric level-1 20
rt3 running config#! / vrf main routing isis instance 1 is-type level-1
rt3 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.3333.00
rt3 running config# / vrf main routing isis instance 1 redistribute ipv6 connected level-1
rt3 running ipv6 connected level-1# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt3 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:3::/64
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt4
rt4 running config# / vrf main interface physical eth2 port pci-b0s5
rt4 running config# / vrf main interface physical eth2 ipv6 address fd00:127::4/64
rt4 running config# / vrf main interface physical eth4 port pci-b0s7
rt4 running config# / vrf main interface physical eth4 ipv6 address fd00:200::4/64
rt4 running config# / vrf main interface loopback loop1 ipv4 address 4.4.4.4/32
rt4 running config# / vrf main interface loopback loop1 ipv6 address 4:4::4:4/128
rt4 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:4::/64
rt4 running config# / vrf main routing interface loop1 isis area-tag 1
rt4 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt4 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt4 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt4 running config#! / vrf main routing interface eth2 isis area-tag 1
rt4 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt4 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt4 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt4 running config#! / vrf main routing isis instance 1 is-type level-1
rt4 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.4444.00
rt4 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt4 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:4::/64
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt4 running ipv6-unicast# / routing route-map rmap seq 10 policy permit
rt4 running ipv6-unicast# / routing route-map rmap seq 10 set sr-te color 15
rt4 running ipv6-unicast# / routing route-map rmap_out seq 10 policy permit
rt4 running ipv6-unicast# / routing route-map rmap_out seq 10 set extcommunity color 25
rt4 running ipv6-unicast# / vrf main routing bgp as 65500
rt4 running ipv6-unicast# / vrf main routing bgp router-id 4.4.4.4
rt4 running ipv6-unicast# / vrf main routing bgp network-import-check false
rt4 running ipv6-unicast# / vrf main routing bgp address-family ipv6-unicast network fd00:200::/64
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 remote-as 65500
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 update-source loop1
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv4-unicast enabled false
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast enabled true
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast route-map in route-map-name rmap
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast route-map out route-map-name rmap_out
rt1
rt1> show bgp ipv6
BGP table version is 2, local router ID is 1.1.1.1, l3vrf id 0
Default local pref 100, local AS 65500
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's l3vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> fd00:100::/64 :: 0 32768 i
*>ifd00:200::/64 4:4::4:4 0 100 0 i
Displayed 2 routes and 2 total paths.
Without the SRv6 policy, the path to the fd00:200::/64
network reuses the
path returned by the IGP network. When SR-TE is off, the color of the
fd00:200::/64
prefix has no impact on the path computed.
rt1
rt1> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
C>* 1:1::1:1/128 is directly connected, loop1, 00:00:43
I>* 2:2::2:2/128 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:13
I>* 3:3::3:3/128 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:13
I>* 4:4::4:4/128 [115/35] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:02
C>* 2001:db8:1::/64 is directly connected, loop2, 00:00:43
I 2001:db8:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:43
I>* 2001:db8:1:0:1::/128 [115/0] is directly connected, eth2, seg6local End.X nh6 fe80::dced:1ff:feb2:2702, weight 1, 00:00:38
I>* 2001:db8:1:0:2::/128 [115/0] is directly connected, eth3, seg6local End.X nh6 fe80::dced:1ff:fea4:680b, weight 1, 00:00:34
I>* 2001:db8:2::/64 [115/10] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:13
I>* 2001:db8:3::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
I>* 2001:db8:4::/64 [115/25] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:02
C>* fd00:100::/64 is directly connected, eth4, 00:00:42
C>* fd00:125::/64 is directly connected, eth2, 00:00:41
I>* fd00:126::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
I>* fd00:127::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
C>* fd00:130::/64 is directly connected, eth3, 00:00:42
I>* fd00:131::/64 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:10
B> fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:01
* via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:01
C * fe80::/64 is directly connected, eth3, 00:00:42
C * fe80::/64 is directly connected, eth2, 00:00:42
C * fe80::/64 is directly connected, eth4, 00:00:42
C * fe80::/64 is directly connected, sr0, 00:00:42
C * fe80::/64 is directly connected, loop2, 00:00:44
C>* fe80::/64 is directly connected, loop1, 00:00:44
C * fe80::/64 is directly connected, fptun0, 00:02:14
25 routes displayed.
Candidate Path configuration¶
The configuration below illustrates an SR policy used to steer traffic going
to the 4:4::4:4
endpoint, and with a color set to 15
. An explicit SRv6
segment-list is used and applied to colored traffic heading to the 4:4::4:4
endpoint.
rt1
rt1 running config# / vrf main routing segment-routing enabled true
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 10 ipv6-sid 2001:db8:3::
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 20 ipv6-sid 2001:db8:4::
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4
rt1 running policy color 15 endpoint 4:4::4:4# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 name fd00_200_to_node4
rt1 running policy color 15 endpoint 4:4::4:4# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6
In SRv6, the top segment stands for the first IPv6 address that is used when
entering an SRv6 network. The associated candidate path will be Active
if that
IPv6 address is reachable in the IPv6 routing table of the SR network.
rt1
rt1> show segment-routing te-policies
Endpoint Color Name BSID Status
--------------------------------------------------
4:4::4:4 15 fd00_200_to_node4 - Active
The above SR policy is active because the 2001:db8:3::
IP address is reachable
in the IPv6 routing table. The resulting fd00:200::/64
traffic is steered
to the 4:4::4:4
network by being encapsulated wih an SRH that contains two
segment entries: 2001:db8:3::
and 2001:db8:4::
.
rt1> show ipv6-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
B> fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:01
* via fe80::dced:1ff:fea4:680b, eth3, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:01
1 routes displayed.
A similar SR-TE policy has been done at on the rt4
device, so that the return
traffic is also encapsulated in an SRv6 packet.
rt4
rt4 running config# / vrf main routing segment-routing enabled true
rt4 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 10 ipv6-sid 2001:db8:4::
rt4 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 20 ipv6-sid 2001:db8:3::
rt4 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1
rt4 running policy color 15 endpoint 1:1::1:1# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1 name fd00_200_to_node4
rt4 running policy color 15 endpoint 1:1::1:1# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1 candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6
The reception of SRv6 local traffic mandates to enable SRv6 at ingress side of each interfaces.
rt1
rt1 running config# / vrf main interface physical eth2 network-stack ipv6 accept-segment-routing true
rt4
rt4 running config# / vrf main interface physical eth2 network-stack ipv6 accept-segment-routing true
BSID configuration¶
SR-TE policies that use SRv6 policies can use the binding-ipv6-sid
keyword
to define a specific ipv6
SID. As for the MPLS, BSIDs are very useful
when crossing TE traffic between domains. When received by the local device, the
packet is encapsulated with a new IPv6 header and an SRH defined by the local
SR policy.
The SID value must be uniquely identified from the local IS-IS locator. It is recommended to configure the BSID for each SR policy, like shown below:
rt1
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 binding-ipv6-sid 2001:db8:100::
The above configuration creates a seg6local
route, that will be used by external
traffic passing through the rt1
device and heading to the fd00:200::/64
network.
rt1
rt1> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
C>* 1:1::1:1/128 is directly connected, loop1, 00:00:51
I>* 2:2::2:2/128 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:21
I>* 3:3::3:3/128 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:21
I>* 4:4::4:4/128 [115/35] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:10
C>* 2001:db8:1::/64 is directly connected, loop2, 00:00:51
I 2001:db8:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:51
I>* 2001:db8:1:0:1::/128 [115/0] is directly connected, eth2, seg6local End.X nh6 fe80::dced:1ff:feb2:2702, weight 1, 00:00:46
I>* 2001:db8:1:0:2::/128 [115/0] is directly connected, eth3, seg6local End.X nh6 fe80::dced:1ff:fea4:680b, weight 1, 00:00:42
I>* 2001:db8:2::/64 [115/10] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:21
I>* 2001:db8:3::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
I>* 2001:db8:4::/64 [115/25] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:10
p>* 2001:db8:100::/128 [50/0] is directly connected, eth3, seg6local End.B6.Encap nh6 2001:db8:100::, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:01
C>* fd00:100::/64 is directly connected, eth4, 00:00:50
C>* fd00:125::/64 is directly connected, eth2, 00:00:49
I>* fd00:126::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
I>* fd00:127::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
C>* fd00:130::/64 is directly connected, eth3, 00:00:50
I>* fd00:131::/64 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:18
B> fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:06
* via fe80::dced:1ff:fea4:680b, eth3, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:06
C * fe80::/64 is directly connected, eth3, 00:00:50
C * fe80::/64 is directly connected, eth2, 00:00:50
C * fe80::/64 is directly connected, eth4, 00:00:50
C * fe80::/64 is directly connected, sr0, 00:00:50
C * fe80::/64 is directly connected, loop2, 00:00:52
C>* fe80::/64 is directly connected, loop1, 00:00:52
C * fe80::/64 is directly connected, fptun0, 00:02:22
26 routes displayed.
The End.B6.Encap
operation is defined by RFC 8986, and defines how incoming traffic
heading to the 2001:db8:100::
address is used. Specifically, to use that operation,
the incoming packets must have multiple SID list in its SRH. Then, by following the
seg6local
route, the segments left
field of the SRH is decremented, and the packet
is encapsulated with an extra IPv6 header with the 2001:db8:3::
and 2001:db8:4::
SIDs. The configuration below shows how to use Virtual Service Router as connected host located
behind rt1
to send traffic heading to the fd00:200::/64
network, and using the
End.B6.Encap
2001:db8:100::
address. The 2001:db9:100::
SID is a given address
located behind rt4
.
host
host running config# / vrf main interface physical eth1 port pci-b0s4
host running config# / vrf main interface physical eth1 ipv6 address fd00:100::2/64
host running config# / vrf main routing static ipv6-route fd00:200::/64 next-hop fd00:100::1 ipv6-sid 2001:db8:100:: ipv6-sid 2001:db9:100::
host running config# / vrf main routing static ipv6-route 2001:db8:100::/128 next-hop fd00:100::1
BSID SRv6 usage of SID manager¶
By default, the configured IPv6 BSID value is not controlled against the
available SID values in any locator. This lack of control can lead to potential
inconsistencies in routing behavior, as BSIDs may be allocated without having
to configure any locator
and without proper oversight.
Here is an example of BSID instantiation illustrated in the configuration provided below:
rt1 running config# / routing logging level debug
rt1 running config# / vrf main interface physical eth1 port pci-b0s4
rt1 running config# / vrf main routing static ipv6-route 2001:db8:f000:2::/64 next-hop eth1
rt1 running config# / vrf main routing segment-routing enabled true
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list srv6 segment 0 ipv6-sid 2001:db8:f000:2::
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list srv6 segment 1 ipv6-sid 2001:db8:f000:3::
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: name srv6
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 name srv6
rt1 running config#! / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 type explicit
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 segment-list srv6
rt1 running config# / vrf main routing segment-routing ipv6 locator loc1 prefix 2001:db8:f000:1::/64
rt1 running config# / vrf main routing segment-routing ipv6 locator loc1 uncompressed-mode enabled true
rt1 running config# / vrf main routing segment-routing ipv6 locator loc2 prefix 2001:db8:a000:5::/64
rt1 running config# / vrf main routing segment-routing ipv6 locator loc2 uncompressed-mode enabled true
Next we configure the BSID IPv6 route entry based on the next configuration:
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid fc10:0:2::128
The below output shows that the new BSID route entry is taken into account in the routing table.
rt1> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:00:01
p>* fc10:0:2::128/128 [50/0] is directly connected, eth1, seg6local End.B6.Encap nh6 fc10:0:2::128, seg6 2001:db8:f000:2::,2001:db8:f000:3::, weight 1, 00:00:01
C>* fe80::/64 is directly connected, sr0, 00:00:01
C * fe80::/64 is directly connected, fptun0, 00:00:13
3 routes displayed.
In this case, the BSID fc10:0:2::128
is allocated without having to configure
any locator
which can lead to routing issues.
When the use-sid-manager
option is selected, centralized management of BSID
allocations is applied. If a requested BSID is not authorized within the
defined locator, it will not be installed, ensuring that only valid BSIDs
are used in the network.
To illustrate how to configure the SID manager the example is presented below:
rt1 running config# / vrf main routing segment-routing traffic-engineering use-sid-manager true
Without any locator
configured, no BSID is allocated, and the SR-TE
route is not available.
rt1> show log service routing
Dec 12 13:49:37 dut-vm systemd[1]: Starting mgmtd...
Dec 12 13:49:37 dut-vm systemd[1]: Started mgmtd.
Dec 12 13:49:37 dut-vm systemd[1]: Starting zebra...
Dec 12 13:49:37 dut-vm systemd[1]: Started zebra.
Dec 12 13:50:58 rt1 systemd[1]: Starting staticd...
Dec 12 13:50:58 rt1 systemd[1]: Started staticd.
Dec 12 13:50:58 rt1 systemd[1]: Starting pathd...
Dec 12 13:50:59 rt1 systemd[1]: Started pathd.
Dec 12 13:51:01 rt1 zebra[1036]: [N1R89-323SW] get_srv6_sid_explicit: invalid SM request arguments: parent block/locator not found for SID fc10:0:2::128
Dec 12 13:51:01 rt1 zebra[1036]: [YC52T-427SJ] srv6_manager_get_sid_internal: not got SRv6 SID for ctx End.B6.Encap nh6 2001:db8:f000:5:: color 1, sid_value=fc10:0:2::128, locator_name=
rt1# show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:15:41
C>* fe80::/64 is directly connected, sr0, weight 1, 00:15:41
C * fe80::/64 is directly connected, fptun0, weight 1, 00:15:52
C * fe80::/64 is directly connected, eth2, weight 1, 00:15:52
C * fe80::/64 is directly connected, eth1, weight 1, 00:15:53
3 routes displayed.
Alternatively, after BSID reconfiguration, below the BSID
2001:db8:a000:5:ff02::
has been correctly allocated within the
specified locator, indicating a successful configuration with
centralized management.
rt1 running config# del / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid fc10:0:2::128
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid 2001:db8:a000:5:ff02::
rt1> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
> - selected route, * - FIB route, r - rejected, b - backup
L3VRF default:
p>* 2001:db8:a000:5:ff02::/128 [50/0] is directly connected, eth1, seg6local End.B6.Encap nh6 2001:db8:a000:5:ff02::, seg6 2001:db8:f000:2::,2001:db8:f000:3::, weight 1, 00:00:02
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:00:19
C * fe80::/64 is directly connected, eth1, 00:00:18
C>* fe80::/64 is directly connected, sr0, 00:00:19
C * fe80::/64 is directly connected, fptun0, 00:00:31
3 routes displayed.
rt1> show segment-routing ipv6 sids details
ipv6-sid behavior context protocol locator allocation-type
======== ======== ======= ======== ======= ===============
2001:db8:a000:5:ff02:: End.B6.Encap Endpoint '2001:db8:f000:5::' Color '1' srte(0) loc2 explicit
See also
SRv6 SID manager details, SRV6 SID manager