SRTE SRv6 configuration¶

Below a list of the necessary elements to know when forging an SRv6 policy.

Basic segment routing policy configuration

Basic segment routing policy configuration ¶

SRv6 configuration and color configuration ¶

The configured services rely on a SRv6 configuration with the IS-IS protocol. The rt1 device will be configured to steer the fd00:200::/64 traffic to the rt4 device.

Basic topology example to illustrate segment routing ipv6 policies configuration.¶

The configuration of the rt1, rt2, rt3 and rt4 devices is given below. Like for SR-TE configuration for MPLS, coloring is necessary, and applies to incoming BGP routes received. Reversely, the return traffic originating from rt4 will be steered to rt1 with a policy, thanks to a color extended community attached to the outgoing BGP route fd00:100::/64.

rt1

rt1 running config# vrf main
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# router-id 1.1.1.1
rt1 running bgp# network-import-check false
rt1 running bgp# address-family ipv6-unicast network fd00:100::/64
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 remote-as 65500
rt1 running bgp# neighbor 4:4::4:4::4 update-source loop1
rt1 running bgp# neighbor 4:4::4:4 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 4:4::4:4 address-family ipv6-unicast enabled true
rt1 running bgp# neighbor 4:4::4:4 address-family ipv6-unicast route-map in route-map-name rmap
rt1 running bgp#! neighbor 4:4::4:4 address-family ipv6-unicast route-map out route-map-name rmap_out
rt1 running bgp#! / routing route-map rmap
rt1 running route-map rmap#! seq 10 policy permit
rt1 running route-map rmap#! seq 10 set sr-te color 15
rt1 running route-map rmap#! / routing route-map rmap_out
rt1 running route-map rmap#! seq 10 policy permit
rt1 running route-map rmap# seq 10 set extcommunity color 25
rt1 running route-map rmap# / vrf main interface physical eth1
rt1 running physical eth1#! port pci-b0s4
rt1 running physical eth1# ipv6 address fd00:100::1/64
rt1 running physical eth1# .. physical eth2
rt1 running physical eth2#! port pci-b0s5
rt1 running physical eth2# ipv6 address fd00:130::1/64
rt1 running physical eth2# .. physical eth3
rt1 running physical eth3#! port pci-b0s6
rt1 running physical eth3# ipv6 address fd00:125::1/64
rt1 running physical eth3# .. loopback loop1
rt1 running loopback loop1# ipv6 address 1:1::1:1/128
rt1 running loopback loop1# ipv4 address 1.1.1.1/32
rt1 running physical eth3# .. loopback loop2
rt1 running loopback loop1# ipv6 address 2001:db8:1::/48
rt1 running loopback loop1# .. .. routing
rt1 running routing# interface loop1
rt1 running interface loop1# isis
rt1 running isis#! area-tag 1
rt1 running isis#! ipv6-routing true
rt1 running isis#! hello interval level-1 1
rt1 running isis#! hello multiplier level-1 3
rt1 running isis#! .. ..
rt1 running routing#! interface eth2
rt1 running interface eth2#! isis
rt1 running isis#! area-tag 1
rt1 running isis#! ipv6-routing true
rt1 running isis#! hello interval level-1 1
rt1 running isis#! hello multiplier level-1 3
rt1 running isis#! metric level-1 5
rt1 running isis#! .. ..
rt1 running routing#! interface eth3
rt1 running interface eth3#! isis
rt1 running isis#! area-tag 1
rt1 running isis#! ipv6-routing true
rt1 running isis#! hello interval level-1 1
rt1 running isis#! hello multiplier level-1 3
rt1 running isis#! .. ..
rt1 running routing#! isis instance 1
rt1 running instance 1# is-type level-1
rt1 running instance 1# area-address 49.0000.0007.e901.1111.00
rt1 running instance 1# multi-topology ipv6-unicast
rt1 running ipv6-unicast# .. ..
rt1 running instance 1# segment-routing ipv6
rt1 running ipv6#! locator loc1
rt1 running ipv6# / vrf main routing segment-routing ipv6
rt1 running ipv6# locator loc1
rt1 running locator loc1#! prefix 2001:db8:1::/48
rt1 running locator loc1# block-length 24
rt1 running locator loc1#

rt2

rt2 running config# vrf main
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s4
rt2 running physical eth1# ipv6 address fd00:125::2/64
rt2 running physical eth1# .. physical eth2
rt2 running physical eth2#! port pci-b0s5
rt2 running physical eth2# ipv6 address fd00:126::2/64
rt2 running physical eth2# .. physical eth3
rt2 running physical eth3#! port pci-b0s6
rt2 running physical eth3# ipv6 address fd00:131::2/64
rt2 running physical eth3# .. loopback loop1
rt2 running loopback loop1# ipv6 address 2:2::2:2/128
rt2 running loopback loop1# ipv4 address 2.2.2.2/32
rt2 running loopback loop1# .. .. routing
rt2 running routing# interface loop1
rt2 running interface loop1# isis
rt2 running isis#! area-tag 1
rt2 running isis#! ipv6-routing true
rt2 running isis#! hello interval level-1 1
rt2 running isis#! hello multiplier level-1 3
rt2 running isis#! .. .. interface eth1
rt2 running interface eth1#! isis
rt2 running isis#! area-tag 1
rt2 running isis#! ipv6-routing true
rt2 running isis#! hello interval level-1 1
rt2 running isis#! hello multiplier level-1 3
rt2 running isis#! .. .. interface eth2
rt2 running interface eth2#! isis
rt2 running isis#! area-tag 1
rt2 running isis#! ipv6-routing true
rt2 running isis#! hello interval level-1 1
rt2 running isis#! hello multiplier level-1 3
rt2 running isis#! .. .. interface eth3
rt2 running interface eth3#! isis
rt2 running isis#! area-tag 1
rt2 running isis#! ipv6-routing true
rt2 running isis#! hello interval level-1 1
rt2 running isis#! hello multiplier level-1 3
rt2 running isis#! .. ..
rt2 running routing#! isis instance 1
rt2 running instance 1# is-type level-1
rt2 running instance 1# area-address 49.0000.0007.e901.2222.00
rt2 running instance 1# multi-topology ipv6-unicast
rt2 running ipv6-unicast# .. ..
rt2 running instance 1# segment-routing ipv6
rt2 running ipv6#! locator loc1
rt2 running ipv6# / vrf main routing segment-routing ipv6
rt2 running ipv6# locator loc1
rt2 running locator loc1#! prefix 2001:db8:2::/48
rt2 running locator loc1# block-length 24
rt2 running locator loc1#

rt3

rt3 running config# vrf main
rt3 running vrf main# interface physical eth1
rt3 running physical eth1#! port pci-b0s4
rt3 running physical eth1# ipv6 address fd00:130::3/64
rt3 running physical eth1# .. physical eth2
rt3 running physical eth2#! port pci-b0s5
rt3 running physical eth2# ipv6 address fd00:126::3/64
rt3 running physical eth2# .. physical eth3
rt3 running physical eth3#! port pci-b0s6
rt3 running physical eth3# ipv6 address fd00:127::3/64
rt3 running physical eth3# .. loopback loop1
rt3 running loopback loop1# ipv6 address 3:3::3:3/128
rt3 running loopback loop1# ipv4 address 3.3.3.3/32
rt3 running loopback loop1# .. .. routing
rt3 running routing# interface loop1
rt3 running interface loop1# isis
rt3 running isis#! area-tag 1
rt3 running isis#! ipv6-routing true
rt3 running isis#! hello interval level-1 1
rt3 running isis#! hello multiplier level-1 3
rt3 running isis#! .. .. interface eth1
rt3 running interface eth1#! isis
rt3 running isis#! area-tag 1
rt3 running isis#! ipv6-routing true
rt3 running isis#! hello interval level-1 1
rt3 running isis#! hello multiplier level-1 3
rt3 running isis#! metric level-1 5
rt3 running isis#! .. .. interface eth2
rt3 running interface eth2#! isis
rt3 running isis#! area-tag 1
rt3 running isis#! ipv6-routing true
rt3 running isis#! hello interval level-1 1
rt3 running isis#! hello multiplier level-1 3
rt3 running isis#! .. .. interface eth3
rt3 running interface eth3#! isis
rt3 running isis#! area-tag 1
rt3 running isis#! ipv6-routing true
rt3 running isis#! hello interval level-1 1
rt3 running isis#! hello multiplier level-1 3
rt3 running isis#! metric level-1 20
rt3 running isis#! .. ..
rt3 running routing#! isis instance 1
rt3 running instance 1# is-type level-1
rt3 running instance 1# area-address 49.0000.0007.e901.3333.00
rt3 running instance 1# multi-topology ipv6-unicast
rt3 running ipv6-unicast# .. ..
rt3 running instance 1# segment-routing ipv6
rt3 running ipv6#! locator loc1
rt3 running ipv6# / vrf main routing segment-routing ipv6
rt3 running ipv6# locator loc1
rt3 running locator loc1#! prefix 2001:db8:3::/48
rt3 running locator loc1# block-length 24
rt3 running locator loc1#

rt4

rt4 running config# vrf main
rt4 running vrf main# routing bgp
rt4 running bgp#! as 65500
rt4 running bgp# router-id 1.1.1.1
rt4 running bgp# network-import-check false
rt4 running bgp# address-family ipv6-unicast network fd00:200::/64
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 remote-as 65500
rt4 running bgp# neighbor 1:1::1:1 update-source loop1
rt4 running bgp# neighbor 1:1::1:1 address-family ipv4-unicast enabled false
rt4 running bgp# neighbor 1:1::1:1 address-family ipv6-unicast enabled true
rt4 running bgp# .. interface physical eth1
rt4 running physical eth1#! port pci-b0s4
rt4 running physical eth1# ipv6 address fd00:200::4/64
rt4 running physical eth1# .. physical eth2
rt4 running physical eth2#! port pci-b0s5
rt4 running physical eth2# ipv6 address fd00:127::4/64
rt4 running physical eth2# network-stack
rt4 running network-stack# ipv6
rt4 running ipv6# accept-segment-routing true
rt4 running ipv6# .. ..
rt4 running physical eth2# .. loopback loop1
rt4 running loopback loop1# ipv6 address 4:4::4:4/128
rt4 running loopback loop1# ipv4 address 4.4.4.4/32
rt4 running loopback loop1# .. loopback loop2
rt4 running loopback loop2# ipv6 address 2001:db8:4::/48
rt4 running loopback loop2# .. .. routing
rt4 running routing# interface loop1
rt4 running interface loop1# isis
rt4 running isis#! area-tag 1
rt4 running isis#! ipv6-routing true
rt4 running isis#! hello interval level-1 1
rt4 running isis#! hello multiplier level-1 3
rt4 running isis#! .. .. interface eth2
rt4 running interface eth2#! isis
rt4 running isis#! area-tag 1
rt4 running isis#! ipv6-routing true
rt4 running isis#! hello interval level-1 1
rt4 running isis#! hello multiplier level-1 3
rt3 running isis#! metric level-1 20
rt4 running isis#! .. .. interface eth3
rt4 running interface eth3#! isis
rt4 running isis#! area-tag 1
rt4 running isis#! ipv6-routing true
rt4 running isis#! hello interval level-1 1
rt4 running isis#! hello multiplier level-1 3
rt4 running isis#! .. ..
rt4 running routing#! isis instance 1
rt4 running instance 1# is-type level-1
rt4 running instance 1# area-address 49.0000.0007.e901.4444.00
rt4 running instance 1# multi-topology ipv6-unicast
rt4 running ipv6-unicast# .. ..
rt4 running instance 1# segment-routing ipv6
rt4 running ipv6#! locator loc1
rt4 running ipv6# / vrf main routing segment-routing ipv6
rt4 running ipv6# locator loc1
rt4 running locator loc1#! prefix 2001:db8:4::/48
rt4 running locator loc1# block-length 24
rt4 running locator loc1#

rt1

rt1# show bgp ipv6
BGP table version is 2, local router ID is 1.1.1.1, vrf id 0
Default local pref 100, local AS 65500
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> fd00:100::/64    ::/0                    0         32768 i
*>ifd00:200::/64    4:4::4:4                0    100      0 i

Displayed  2 routes and 2 total paths

Without the SRv6 policy, the path to the fd00:200::/64 network reuses the path returned by the IGP network. When SR-TE is off, the color of the fd00:200::/64 prefix has no impact on the path computed.

rt1

rt1# show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       A - Babel, D - SHARP, F - PBR, f - OpenFabric,
       t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 1:1::1:1/128 is directly connected, loop1, 11:55:17
[..]
I>* 3:3::3:3/128 [115/20] via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:05:22
I>* 4:4::4:4/128 [115/30] via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:05:22
I>* 2001:db8:1::/128 [115/0] is directly connected, sr0, seg6local End USP, weight 1, 00:06:20
I>* 2001:db8:1:1::/128 [115/0] is directly connected, ntfp3, seg6local End.X nh6 fe80::dced:1ff:fea0:b22b, weight 1, 00:05:51
I>* 2001:db8:2::/48 [115/10] via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:05:22
I>* 2001:db8:3::/48 [115/20] via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:05:22
I>* 2001:db8:4::/48 [115/30] via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:05:22
C>* fd00:100::/64 is directly connected, ntfp1, 00:05:22
B>  fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:17
  *                         via fe80::dced:1ff:fea0:b22b, ntfp3, weight 1, 00:00:17
[..]

Candidate Path configuration ¶

The below configuration illustrates an SR policy used to steer traffic going to the 4:4::4:4 endpoint, and with a color set to 15. An explicit SRv6 segment-list is used and applied to colored traffic heading to the 4:4::4:4 endpoint.

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# policy color 15 endpoint 4:4::4:4
rt1 running policy color 15 endpoint 4:4::4:4# name fd00_200_to_node4
rt1 running policy color 15 endpoint 4:4::4:4# candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6
rt1 running policy color 15 endpoint 4:4::4:4#! ..
rt1 running traffic-engineering#! segment-list igp_lsp_srv6
rt1 running segment-list igp_lsp_srv6# segment 10 ipv6-sid 2001:db8:3::
rt1 running segment-list igp_lsp_srv6# segment 20 ipv6-sid 2001:db8:4::
rt1 running segment-list igp_lsp_srv6#

In SRv6, the top segment stands for the first IPv6 address that is used when entering an SRv6 network. The associated candidate path will be Active if that IPv6 address is reachable in the IPv6 routing table of the SR network.

rt1

rt1> show segment-routing te-policies
 Endpoint  Color  Name                 BSID  Status
 ----------------------------------------------------
 4:4::4:4   15      fd00_200_to_node4      -     Active

The above SR policy is active because the 2001:db8:3:: IP address is reachable in the IPv6 routing table. The resulting fd00:200::/64 traffic is steered to the 4:4::4:4 network by being encapsulated wih an SRH that contains two segment entries: 2001:db8:3:: and 2001:db8:4::.

rt1# show ipv6-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       A - Babel, D - SHARP, F - PBR, f - OpenFabric,
       t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

B>  fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:08:26
  *                         via fe80::dced:1ff:fea0:b22b, ntfp3, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:08:26

A similar SR-TE policy has been done at on the rt4 device, so that the return traffic is also encapsulated in an SRv6 packet.

rt1

rt4 running vrf main# routing segment-routing enabled true
rt4 running vrf main# routing segment-routing traffic-engineering
rt4 running traffic-engineering# policy color 25 endpoint 1:1::1:1
rt4 running policy color 25 endpoint 1:1::1:1# name fd00_200_to_node4
rt4 running policy color 25 endpoint 1:1::1:1# candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6
rt4 running policy color 25 endpoint 1:1::1:1#! ..
rt4 running traffic-engineering#! segment-list igp_lsp_srv6
rt4 running segment-list igp_lsp_srv6# segment 10 ipv6-sid 2001:db8:2::
rt4 running segment-list igp_lsp_srv6# segment 20 ipv6-sid 2001:db8:1::
rt4 running segment-list igp_lsp_srv6#

The reception of SRv6 local traffic mandates to enable SRv6 at ingress side of each interfaces.

rt1

rt1 running vrf main# interface physical eth3
rt1 running physical eth3# network-stack ipv6 accept-segment-routing true
rt1 running physical eth3#

rt4

rt2 running vrf main# interface physical eth2
rt2 running physical eth3# network-stack ipv6 accept-segment-routing true
rt2 running physical eth3#

BSID configuration ¶

SR-TE policies that use SRv6 policies can use the binding-ipv6-sid keyword to define a specific ipv6 SID. As for the MPLS, BSIDs are very useful when crossing TE traffic between domains. When received by the local device in the SRH, the value is popped and replaced by the associated segment-list of the SR-TE policy.

The SID value must be uniquely identified from the local IS-IS locator. It is recommended to configure the BSID for each SR policy, like shown below:

rt1

rt1 running vrf main# routing segment-routing enabled true
rt1 running vrf main# routing segment-routing traffic-engineering
rt1 running traffic-engineering# policy color 15 endpoint 4:4::4:4
rt1 running policy color 15 endpoint 4:4::4:4# binding-ipv6-sid 2001:db8:100::
rt1 running policy color 15 endpoint 4:4::4:4# / vrf main interface physical eth1
rt1 running physical eth1# network-stack ipv6 accept-segment-routing true
rt1 running physical eth1#

The above configuration creates a seg6local route, that will be used by external traffic passing through the rt1 device and heading to the fd00:200::/64 network.

rt4

rt1# show ipv6-routes protocol bgp
[..]
p>* 2001:db8:100::/128 [150/0] is directly connected, ntfp3, seg6local End.B6.Encap nh6 2001:db8:100::, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:44:31

SRTE SRv6 configuration¶

Basic segment routing policy configuration¶

SRv6 configuration and color configuration¶

Candidate Path configuration¶

BSID configuration¶

Basic segment routing policy configuration ¶

SRv6 configuration and color configuration ¶

Candidate Path configuration ¶

BSID configuration ¶