SRTE SRv6 configuration

This chapter describes the necessary elements to know when forging an SRv6 policy.

Basic segment routing policy configuration

SRv6 configuration and color configuration

The configured services rely on a SRv6 configuration with the IS-IS protocol. The rt1 device will be configured to steer the fd00:200::/64 traffic to the rt4 device.

../../../../_images/srte_basic_ipv6.svg

Basic topology example to illustrate segment routing ipv6 policies configuration.

The configuration of the rt1, rt2, rt3 and rt4 devices is given below. Like for SR-TE configuration for MPLS, coloring is necessary, and applies to incoming BGP routes received. Reversely, the return traffic originating from rt4 will be steered to rt1 with a policy, thanks to a color extended community attached to the outgoing BGP route fd00:100::/64.

rt1

rt1 running config# / vrf main interface physical eth2 port pci-b0s5
rt1 running config# / vrf main interface physical eth2 ipv6 address fd00:125::1/64
rt1 running config# / vrf main interface physical eth3 port pci-b0s6
rt1 running config# / vrf main interface physical eth3 ipv6 address fd00:130::1/64
rt1 running config# / vrf main interface physical eth4 port pci-b0s7
rt1 running config# / vrf main interface physical eth4 ipv6 address fd00:100::1/64
rt1 running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
rt1 running config# / vrf main interface loopback loop1 ipv6 address 1:1::1:1/128
rt1 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:1::/64
rt1 running config# / vrf main routing interface loop1 isis area-tag 1
rt1 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt1 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing interface eth3 isis area-tag 1
rt1 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt1 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing interface eth3 isis metric level-1 5
rt1 running config#! / vrf main routing interface eth2 isis area-tag 1
rt1 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt1 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt1 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt1 running config#! / vrf main routing isis instance 1 is-type level-1
rt1 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.1111.00
rt1 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt1 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:1::/64
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt1 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt1 running ipv6-unicast# / routing route-map rmap seq 10 policy permit
rt1 running ipv6-unicast# / routing route-map rmap seq 10 set sr-te color 15
rt1 running ipv6-unicast# / routing route-map rmap_out seq 10 policy permit
rt1 running ipv6-unicast# / routing route-map rmap_out seq 10 set extcommunity color 25
rt1 running ipv6-unicast# / vrf main routing bgp as 65500
rt1 running ipv6-unicast# / vrf main routing bgp router-id 1.1.1.1
rt1 running ipv6-unicast# / vrf main routing bgp network-import-check false
rt1 running ipv6-unicast# / vrf main routing bgp address-family ipv6-unicast network fd00:100::/64
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 remote-as 65500
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 update-source loop1
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv4-unicast enabled false
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast enabled true
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast route-map in route-map-name rmap
rt1 running network fd00:100::/64# / vrf main routing bgp neighbor 4:4::4:4 address-family ipv6-unicast route-map out route-map-name rmap_out

rt2

rt2 running config# / vrf main interface physical eth3 port pci-b0s6
rt2 running config# / vrf main interface physical eth3 ipv6 address fd00:125::2/64
rt2 running config# / vrf main interface physical eth1 port pci-b0s4
rt2 running config# / vrf main interface physical eth1 ipv6 address fd00:126::2/64
rt2 running config# / vrf main interface physical eth2 port pci-b0s5
rt2 running config# / vrf main interface physical eth2 ipv6 address fd00:131::2/64
rt2 running config# / vrf main interface loopback loop1 ipv4 address 2.2.2.2/32
rt2 running config# / vrf main interface loopback loop1 ipv6 address 2:2::2:2/128
rt2 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:2::/64
rt2 running config# / vrf main routing interface loop1 isis area-tag 1
rt2 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth1 isis area-tag 1
rt2 running config#! / vrf main routing interface eth1 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth1 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth1 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth2 isis area-tag 1
rt2 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing interface eth3 isis area-tag 1
rt2 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt2 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt2 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt2 running config#! / vrf main routing isis instance 1 is-type level-1
rt2 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.2222.00
rt2 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt2 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:2::/64
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt2 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24

rt3

rt3 running config# / vrf main interface physical eth3 port pci-b0s6
rt3 running config# / vrf main interface physical eth3 ipv6 address fd00:127::3/64
rt3 running config# / vrf main interface physical eth1 port pci-b0s4
rt3 running config# / vrf main interface physical eth1 ipv6 address fd00:126::3/64
rt3 running config# / vrf main interface physical eth2 port pci-b0s5
rt3 running config# / vrf main interface physical eth2 ipv6 address fd00:130::3/64
rt3 running config# / vrf main interface loopback loop1 ipv4 address 3.3.3.3/32
rt3 running config# / vrf main interface loopback loop1 ipv6 address 3:3::3:3/128
rt3 running config# / vrf main routing interface loop1 isis area-tag 1
rt3 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt3 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth2 isis area-tag 1
rt3 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth2 isis metric level-1 5
rt3 running config#! / vrf main routing interface eth1 isis area-tag 1
rt3 running config#! / vrf main routing interface eth1 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth1 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth1 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth3 isis area-tag 1
rt3 running config#! / vrf main routing interface eth3 isis ipv6-routing true
rt3 running config#! / vrf main routing interface eth3 isis hello interval level-1 1
rt3 running config#! / vrf main routing interface eth3 isis hello multiplier level-1 3
rt3 running config#! / vrf main routing interface eth3 isis metric level-1 20
rt3 running config#! / vrf main routing isis instance 1 is-type level-1
rt3 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.3333.00
rt3 running config# / vrf main routing isis instance 1 redistribute ipv6 connected level-1
rt3 running ipv6 connected level-1# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt3 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:3::/64
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt3 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24

rt4

rt4 running config# / vrf main interface physical eth2 port pci-b0s5
rt4 running config# / vrf main interface physical eth2 ipv6 address fd00:127::4/64
rt4 running config# / vrf main interface physical eth4 port pci-b0s7
rt4 running config# / vrf main interface physical eth4 ipv6 address fd00:200::4/64
rt4 running config# / vrf main interface loopback loop1 ipv4 address 4.4.4.4/32
rt4 running config# / vrf main interface loopback loop1 ipv6 address 4:4::4:4/128
rt4 running config# / vrf main interface loopback loop2 ipv6 address 2001:db8:4::/64
rt4 running config# / vrf main routing interface loop1 isis area-tag 1
rt4 running config#! / vrf main routing interface loop1 isis ipv6-routing true
rt4 running config#! / vrf main routing interface loop1 isis hello interval level-1 1
rt4 running config#! / vrf main routing interface loop1 isis hello multiplier level-1 3
rt4 running config#! / vrf main routing interface eth2 isis area-tag 1
rt4 running config#! / vrf main routing interface eth2 isis ipv6-routing true
rt4 running config#! / vrf main routing interface eth2 isis hello interval level-1 1
rt4 running config#! / vrf main routing interface eth2 isis hello multiplier level-1 3
rt4 running config#! / vrf main routing isis instance 1 is-type level-1
rt4 running config# / vrf main routing isis instance 1 area-address 49.0000.0007.e901.4444.00
rt4 running config# / vrf main routing isis instance 1 multi-topology ipv6-unicast
rt4 running ipv6-unicast# / vrf main routing isis instance 1 segment-routing ipv6 locator LOC1
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 prefix 2001:db8:4::/64
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 block-length 40
rt4 running ipv6-unicast# / vrf main routing segment-routing ipv6 locator LOC1 node-length 24
rt4 running ipv6-unicast# / routing route-map rmap seq 10 policy permit
rt4 running ipv6-unicast# / routing route-map rmap seq 10 set sr-te color 15
rt4 running ipv6-unicast# / routing route-map rmap_out seq 10 policy permit
rt4 running ipv6-unicast# / routing route-map rmap_out seq 10 set extcommunity color 25
rt4 running ipv6-unicast# / vrf main routing bgp as 65500
rt4 running ipv6-unicast# / vrf main routing bgp router-id 4.4.4.4
rt4 running ipv6-unicast# / vrf main routing bgp network-import-check false
rt4 running ipv6-unicast# / vrf main routing bgp address-family ipv6-unicast network fd00:200::/64
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 remote-as 65500
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 update-source loop1
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv4-unicast enabled false
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast enabled true
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast route-map in route-map-name rmap
rt4 running network fd00:200::/64# / vrf main routing bgp neighbor 1:1::1:1 address-family ipv6-unicast route-map out route-map-name rmap_out

rt1

rt1> show bgp ipv6
BGP table version is 2, local router ID is 1.1.1.1, l3vrf id 0
Default local pref 100, local AS 65500
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's l3vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network             Next Hop              Metric  LocPrf  Weight Path
 *> fd00:100::/64       ::                         0           32768 i
 *>ifd00:200::/64       4:4::4:4                   0     100       0 i

Displayed 2 routes and 2 total paths.

Without the SRv6 policy, the path to the fd00:200::/64 network reuses the path returned by the IGP network. When SR-TE is off, the color of the fd00:200::/64 prefix has no impact on the path computed.

rt1

rt1> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
C>* 1:1::1:1/128 is directly connected, loop1, 00:00:43
I>* 2:2::2:2/128 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:13
I>* 3:3::3:3/128 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:13
I>* 4:4::4:4/128 [115/35] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:02
C>* 2001:db8:1::/64 is directly connected, loop2, 00:00:43
I   2001:db8:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:43
I>* 2001:db8:1:0:1::/128 [115/0] is directly connected, eth2, seg6local End.X nh6 fe80::dced:1ff:feb2:2702, weight 1, 00:00:38
I>* 2001:db8:1:0:2::/128 [115/0] is directly connected, eth3, seg6local End.X nh6 fe80::dced:1ff:fea4:680b, weight 1, 00:00:34
I>* 2001:db8:2::/64 [115/10] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:13
I>* 2001:db8:3::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
I>* 2001:db8:4::/64 [115/25] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:02
C>* fd00:100::/64 is directly connected, eth4, 00:00:42
C>* fd00:125::/64 is directly connected, eth2, 00:00:41
I>* fd00:126::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
I>* fd00:127::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:06
C>* fd00:130::/64 is directly connected, eth3, 00:00:42
I>* fd00:131::/64 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:10
B>  fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:01
  *                       via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:01
C * fe80::/64 is directly connected, eth3, 00:00:42
C * fe80::/64 is directly connected, eth2, 00:00:42
C * fe80::/64 is directly connected, eth4, 00:00:42
C * fe80::/64 is directly connected, sr0, 00:00:42
C * fe80::/64 is directly connected, loop2, 00:00:44
C>* fe80::/64 is directly connected, loop1, 00:00:44
C * fe80::/64 is directly connected, fptun0, 00:02:14

25 routes displayed.

Candidate Path configuration

The configuration below illustrates an SR policy used to steer traffic going to the 4:4::4:4 endpoint, and with a color set to 15. An explicit SRv6 segment-list is used and applied to colored traffic heading to the 4:4::4:4 endpoint.

rt1

rt1 running config# / vrf main routing segment-routing enabled true
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 10 ipv6-sid 2001:db8:3::
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 20 ipv6-sid 2001:db8:4::
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4
rt1 running policy color 15 endpoint 4:4::4:4# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 name fd00_200_to_node4
rt1 running policy color 15 endpoint 4:4::4:4# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6

In SRv6, the top segment stands for the first IPv6 address that is used when entering an SRv6 network. The associated candidate path will be Active if that IPv6 address is reachable in the IPv6 routing table of the SR network.

rt1

rt1> show segment-routing te-policies
 Endpoint  Color  Name               BSID  Status
 --------------------------------------------------
 4:4::4:4  15     fd00_200_to_node4  -     Active

The above SR policy is active because the 2001:db8:3:: IP address is reachable in the IPv6 routing table. The resulting fd00:200::/64 traffic is steered to the 4:4::4:4 network by being encapsulated wih an SRH that contains two segment entries: 2001:db8:3:: and 2001:db8:4::.

rt1> show ipv6-routes protocol bgp
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
B>  fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:01
  *                       via fe80::dced:1ff:fea4:680b, eth3, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:01

1 routes displayed.

A similar SR-TE policy has been done at on the rt4 device, so that the return traffic is also encapsulated in an SRv6 packet.

rt4

rt4 running config# / vrf main routing segment-routing enabled true
rt4 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 10 ipv6-sid 2001:db8:4::
rt4 running config# / vrf main routing segment-routing traffic-engineering segment-list igp_lsp_srv6 segment 20 ipv6-sid 2001:db8:3::
rt4 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1
rt4 running policy color 15 endpoint 1:1::1:1# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1 name fd00_200_to_node4
rt4 running policy color 15 endpoint 1:1::1:1# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 1:1::1:1 candidate-path 10 type explicit name force_lsp segment-list igp_lsp_srv6

The reception of SRv6 local traffic mandates to enable SRv6 at ingress side of each interfaces.

rt1

rt1 running config# / vrf main interface physical eth2 network-stack ipv6 accept-segment-routing true

rt4

rt4 running config# / vrf main interface physical eth2 network-stack ipv6 accept-segment-routing true

BSID configuration

SR-TE policies that use SRv6 policies can use the binding-ipv6-sid keyword to define a specific ipv6 SID. As for the MPLS, BSIDs are very useful when crossing TE traffic between domains. When received by the local device, the packet is encapsulated with a new IPv6 header and an SRH defined by the local SR policy.

The SID value must be uniquely identified from the local IS-IS locator. It is recommended to configure the BSID for each SR policy, like shown below:

rt1

rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 15 endpoint 4:4::4:4 binding-ipv6-sid 2001:db8:100::

The above configuration creates a seg6local route, that will be used by external traffic passing through the rt1 device and heading to the fd00:200::/64 network.

rt1

rt1> show ipv6-routes
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
C>* 1:1::1:1/128 is directly connected, loop1, 00:00:51
I>* 2:2::2:2/128 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:21
I>* 3:3::3:3/128 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:21
I>* 4:4::4:4/128 [115/35] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:10
C>* 2001:db8:1::/64 is directly connected, loop2, 00:00:51
I   2001:db8:1::/128 [115/0] is directly connected, sr0, seg6local End, weight 1, 00:00:51
I>* 2001:db8:1:0:1::/128 [115/0] is directly connected, eth2, seg6local End.X nh6 fe80::dced:1ff:feb2:2702, weight 1, 00:00:46
I>* 2001:db8:1:0:2::/128 [115/0] is directly connected, eth3, seg6local End.X nh6 fe80::dced:1ff:fea4:680b, weight 1, 00:00:42
I>* 2001:db8:2::/64 [115/10] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:21
I>* 2001:db8:3::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
I>* 2001:db8:4::/64 [115/25] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:10
p>* 2001:db8:100::/128 [50/0] is directly connected, eth3, seg6local End.B6.Encap nh6 2001:db8:100::, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:01
C>* fd00:100::/64 is directly connected, eth4, 00:00:50
C>* fd00:125::/64 is directly connected, eth2, 00:00:49
I>* fd00:126::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
I>* fd00:127::/64 [115/5] via fe80::dced:1ff:fea4:680b, eth3, weight 1, 00:00:14
C>* fd00:130::/64 is directly connected, eth3, 00:00:50
I>* fd00:131::/64 [115/20] via fe80::dced:1ff:feb2:2702, eth2, weight 1, 00:00:18
B>  fd00:200::/64 [200/0] via 4:4::4:4 (recursive), weight 1, 00:00:06
  *                       via fe80::dced:1ff:fea4:680b, eth3, seg6 2001:db8:3::,2001:db8:4::, weight 1, 00:00:06
C * fe80::/64 is directly connected, eth3, 00:00:50
C * fe80::/64 is directly connected, eth2, 00:00:50
C * fe80::/64 is directly connected, eth4, 00:00:50
C * fe80::/64 is directly connected, sr0, 00:00:50
C * fe80::/64 is directly connected, loop2, 00:00:52
C>* fe80::/64 is directly connected, loop1, 00:00:52
C * fe80::/64 is directly connected, fptun0, 00:02:22

26 routes displayed.

The End.B6.Encap operation is defined by RFC 8986, and defines how incoming traffic heading to the 2001:db8:100:: address is used. Specifically, to use that operation, the incoming packets must have multiple SID list in its SRH. Then, by following the seg6local route, the segments left field of the SRH is decremented, and the packet is encapsulated with an extra IPv6 header with the 2001:db8:3:: and 2001:db8:4:: SIDs. The configuration below shows how to use Virtual Service Router as connected host located behind rt1 to send traffic heading to the fd00:200::/64 network, and using the End.B6.Encap 2001:db8:100:: address. The 2001:db9:100:: SID is a given address located behind rt4.

host

host running config# / vrf main interface physical eth1 port pci-b0s4
host running config# / vrf main interface physical eth1 ipv6 address fd00:100::2/64
host running config# / vrf main routing static ipv6-route fd00:200::/64 next-hop fd00:100::1 ipv6-sid 2001:db8:100:: ipv6-sid 2001:db9:100::
host running config# / vrf main routing static ipv6-route 2001:db8:100::/128 next-hop fd00:100::1

BSID SRv6 usage of SID manager

By default, the configured IPv6 BSID value is not controlled against the available SID values in any locator. This lack of control can lead to potential inconsistencies in routing behavior, as BSIDs may be allocated without having to configure any locator and without proper oversight.

Here is an example of BSID instantiation illustrated in the configuration provided below:

rt1 running config# / routing logging level debug
rt1 running config# / vrf main interface physical eth1 port pci-b0s4
rt1 running config# / vrf main routing static ipv6-route 2001:db8:f000:2::/64 next-hop eth1
rt1 running config# / vrf main routing segment-routing enabled true
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list srv6 segment 0 ipv6-sid 2001:db8:f000:2::
rt1 running config# / vrf main routing segment-routing traffic-engineering segment-list srv6 segment 1 ipv6-sid 2001:db8:f000:3::
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: name srv6
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 name srv6
rt1 running config#! / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 type explicit
rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: candidate-path 1 segment-list srv6
rt1 running config# / vrf main routing segment-routing ipv6 locator loc1 prefix 2001:db8:f000:1::/64
rt1 running config# / vrf main routing segment-routing ipv6 locator loc1 uncompressed-mode enabled true
rt1 running config# / vrf main routing segment-routing ipv6 locator loc2 prefix 2001:db8:a000:5::/64
rt1 running config# / vrf main routing segment-routing ipv6 locator loc2 uncompressed-mode enabled true

Next we configure the BSID IPv6 route entry based on the next configuration:

rt1 running config# / vrf main routing segment-routing traffic-engineering policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid fc10:0:2::128

The below output shows that the new BSID route entry is taken into account in the routing table.

rt1> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:00:01
p>* fc10:0:2::128/128 [50/0] is directly connected, eth1, seg6local End.B6.Encap nh6 fc10:0:2::128, seg6 2001:db8:f000:2::,2001:db8:f000:3::, weight 1, 00:00:01
C>* fe80::/64 is directly connected, sr0, 00:00:01
C * fe80::/64 is directly connected, fptun0, 00:00:13

3 routes displayed.

In this case, the BSID fc10:0:2::128 is allocated without having to configure any locator which can lead to routing issues.

When the use-sid-manager option is selected, centralized management of BSID allocations is applied. If a requested BSID is not authorized within the defined locator, it will not be installed, ensuring that only valid BSIDs are used in the network.

To illustrate how to configure the SID manager the example is presented below:

rt1 running config# / vrf main routing segment-routing traffic-engineering use-sid-manager true

Without any locator configured, no BSID is allocated, and the SR-TE route is not available.

rt1> show log service routing
Dec 12 13:49:37 dut-vm systemd[1]: Starting mgmtd...
Dec 12 13:49:37 dut-vm systemd[1]: Started mgmtd.
Dec 12 13:49:37 dut-vm systemd[1]: Starting zebra...
Dec 12 13:49:37 dut-vm systemd[1]: Started zebra.
Dec 12 13:50:58 rt1 systemd[1]: Starting staticd...
Dec 12 13:50:58 rt1 systemd[1]: Started staticd.
Dec 12 13:50:58 rt1 systemd[1]: Starting pathd...
Dec 12 13:50:59 rt1 systemd[1]: Started pathd.
Dec 12 13:51:01 rt1 zebra[1036]: [N1R89-323SW] get_srv6_sid_explicit: invalid SM request arguments: parent block/locator not found for SID fc10:0:2::128
Dec 12 13:51:01 rt1 zebra[1036]: [YC52T-427SJ] srv6_manager_get_sid_internal: not got SRv6 SID for ctx End.B6.Encap nh6 2001:db8:f000:5:: color 1, sid_value=fc10:0:2::128, locator_name=
rt1# show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:15:41
C>* fe80::/64 is directly connected, sr0, weight 1, 00:15:41
C * fe80::/64 is directly connected, fptun0, weight 1, 00:15:52
C * fe80::/64 is directly connected, eth2, weight 1, 00:15:52
C * fe80::/64 is directly connected, eth1, weight 1, 00:15:53

3 routes displayed.

Alternatively, after BSID reconfiguration, below the BSID 2001:db8:a000:5:ff02:: has been correctly allocated within the specified locator, indicating a successful configuration with centralized management.

rt1 running config# del / vrf main routing segment-routing traffic-engineering  policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid fc10:0:2::128
rt1 running config# / vrf main routing segment-routing traffic-engineering  policy color 1 endpoint 2001:db8:f000:5:: binding-ipv6-sid 2001:db8:a000:5:ff02::
rt1> show ipv6-routes
Codes: K - kernel route, C - connected, L - local, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, 6 - 6PE, p - SRTE,
       > - selected route, * - FIB route, r - rejected, b - backup

L3VRF default:
p>* 2001:db8:a000:5:ff02::/128 [50/0] is directly connected, eth1, seg6local End.B6.Encap nh6 2001:db8:a000:5:ff02::, seg6 2001:db8:f000:2::,2001:db8:f000:3::, weight 1, 00:00:02
S>* 2001:db8:f000:2::/64 [1/0] is directly connected, eth1, weight 1, 00:00:19
C * fe80::/64 is directly connected, eth1, 00:00:18
C>* fe80::/64 is directly connected, sr0, 00:00:19
C * fe80::/64 is directly connected, fptun0, 00:00:31

3 routes displayed.
rt1> show segment-routing ipv6 sids details
ipv6-sid               behavior     context                                protocol locator allocation-type
========               ========     =======                                ======== ======= ===============
2001:db8:a000:5:ff02:: End.B6.Encap Endpoint '2001:db8:f000:5::' Color '1' srte(0)  loc2    explicit

See also

  • SRv6 SID manager details, SRV6 SID manager