Book source: "SRv6 Network Programming: Opening a New Era of IP Networks"
This book has been published for many years, but I read it again many years later because of work needs. In addition to reviewing, I found that I have learned more knowledge. Organize the reading notes while studying, and share them with everyone. If the copyright is violated, it will be deleted. Thank you for your support!
Attach a summary post: SRv6 Network Programming Self-study Series | Summary_COCOgsta's Blog-CSDN Blog
8.3.1 SRv6 Network Basic Configuration
Before configuring the SRv6 network, you need to configure the IPv6 address of the interface. The configuration example is as follows.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 1/0/0
[~HUAWEI-GigabitEthernet1/0/0] ipv6 enable
[*HUAWEI-GigabitEthernet1/0/0] ipv6 address 2001:db8::1 127
[*HUAWEI-GigabitEthernet1/0/0] commit
复制代码The basic configuration of SRv6 includes enabling SRv6; configuring the encapsulation source address, which is used as the source address of the IPv6 packet header in SRv6 encapsulation; length of stay. The configuration example is as follows.
[~HUAWEI] segment-routing ipv6
[*HUAWEI-segment-routing-ipv6] encapsulation source-address 1::1
[*HUAWEI-segment-routing-ipv6] locator SRv6_locator ipv6-prefix A1::64 static 32
[*HUAWEI-segment-routing-ipv6] commit
复制代码After the configuration is complete, you can use the following command to view the Locator status.
[~HUAWEI] display segment-routing ipv6 locator verbose
Locator Configuration Table
--------------------------
LocatorName : SRv6_locator LocatorID : 1
IPv6Prefix : A1:: PrefixLength : 64
StaticLength : 32 Reference : 4
ArgsLength : 0
AutoSIDPoolID : 8193
AutoSIDBegin : A1::1:0:0
AutoSIDEnd : A1::FFFF:FFFF:FFFF:FFFF
Total Locator(s): 1
复制代码The above information includes the configured Locator name, IPv6 prefix and mask, static segment length, and the starting range of the dynamic SID.
8.3.2 IGP design
After completing the local configuration of the node, it is necessary to publish the interface address, SRv6 SID and other information to the network through IGP to connect to the basic network. On an SRv6 network, the IGP can use the IS-IS IPv6 protocol or the OSPFv3 protocol.
Taking a single-AS network as an example, a typical IGP design is shown in Figure 8-18. Different IGP domains are deployed at different network layers.
Figure 8-18 IGP design
The entire network is in one AS, and the access layer, aggregation layer, and backbone layer are divided into three IGP domains, which can be deployed in the following two ways.
Method 1: Deploy IS-IS Level-2/OSPFv3 Area 0 at the backbone layer, deploy IS-IS Level-1/OSPF Area X at the aggregation layer, and deploy a separate IS-IS/OSPFv3 process at the access layer. This method is A relatively common deployment method.
Method 2: Deploy different IGP processes at the backbone layer, convergence layer, and access layer.
No matter which deployment method is selected, only aggregated routes will be published between IGP domains of different Levels/Areas or different processes as needed, which can effectively reduce the IGP routes that each node needs to maintain.
Taking IS-IS as an example, the necessary basic configuration includes Network-entity configuration, Level configuration, and Cost-style configuration. The configuration example is as follows.
[~HUAWEI] isis 1
[~HUAWEI-isis-1] display this
#
isis 1
is-level level-2
cost-style wide
network-entity 01.0000.0000.0007.00
#
ipv6 enable topology ipv6
segment-routing ipv6 locator SRv6_locator
#
复制代码After the locator is referenced in IS-IS, the system will automatically assign an End SID and advertise the locator subnet route in ISIS. The following example is the End SID assigned by the system. There are two in total. The SID whose Flavor field is "PSP" is used for the pop-up of the penultimate hop, and the SID whose Flavor field is empty is used for the pop-up of the last hop.
[~HUAWEI] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
--------------------------------
SID : A1::1:0:72/128 FuncType : End
Flavor : PSP
LocatorName : SRv6_locator LocatorID: 1
SID : A1::1:0:73/128 FuncType : End
Flavor : --
LocatorName : SRv6_locator LocatorID: 1
Total SID(s): 2
复制代码The following is the Locator routing information advertised by nodes in IS-IS.
[~HUAWEI] display ipv6 routing-table A1::
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
--------------------------------------
Routing Table : _public_
Summary Count : 1
Destination : A1:: PrefixLength : 64
NextHop : :: Preference : 15
Cost : 0 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : NULL0 Flags : DB
复制代码Except for the configuration of the IS-IS process, the configuration of the interface is the same as that of a common IS-IS IPv6 interface. Typical configurations include enabling IS-IS IPv6, configuring IS-IS IPv6 Cost, and configuring ISIS Circuit-type, etc. . A sample is as follows.
[~HUAWEI] interface gigabitethernet1/0/1
[~HUAWEI-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001:db8::1/127
isis ipv6 enable 1
isis circuit-type p2p
isis ipv6 cost 10
#
复制代码After IS-IS IPv6 is enabled on an interface, the system automatically generates an End.X SID for each interface. In this example, there are two interfaces in total, and each interface is assigned two End.X SIDs. The SID whose Flavor field is the PSP is used for the pop-up of the penultimate hop, and the SID whose Flavor field is empty is used for the pop-up of the last hop.
[~HUAWEI] display segment-routing ipv6 local-sid end-x forwarding
My Local-SID End.X Forwarding Table
----------------------------------
SID : A1::1:0:74/128 FuncType :End.X
Flavor : PSP
LocatorName: SRv6_locator LocatorID: 1
NextHop : Interface : ExitIndex:
FE80::82B5:75FF:FE4C:2B1A GE1/0/1 0x0000001d
SID : A1::1:0:75/128 FuncType :End.X
Flavor : --
LocatorName: SRv6_locator LocatorID: 1
NextHop : Interface : ExitIndex:
FE80::82B5:75FF:FE4C:2B1A GE1/0/1 0x0000001d
SID : A1::1:0:76/128 FuncType :End.X
Flavor : PSP
LocatorName: SRv6_locator LocatorID: 1
NextHop : Interface : ExitIndex:
FE80::82B5:75FF:FE4C:326A GE1/0/2 0x0000001e
SID : A1::1:0:77/128 FuncType :End.X
Flavor : --
LocatorName: SRv6_locator LocatorID: 1
NextHop : Interface : ExitIndex:
FE80::82B5:75FF:FE4C:326A GE1/0/2 0x0000001e
Total SID(s): 4
复制代码End SID and End.X SID also support manual configuration. After the Locator is configured, the Function can be manually configured using the opcode command. The Opcode continues to specify the subsequent Function value on the basis of the Locator prefix. The configuration example is as follows.
[~HUAWEI-segment-routing-ipv6] display this
#
segment-routing ipv6
encapsulation source-address 1::1
locator SRv6_locator ipv6-prefix A1:: 64 static 32
opcode ::1 end
opcode ::2 end-x interface GigabitEthernet1/0/1 nexthop 2001:db8:12::1
#
复制代码8.3.3 BGP design
In an SRv6 network, BGP design needs to consider not only IPv6 unicast address family neighbors and VPN/EVPN address family neighbors in traditional network design, but also BGP-LS address family and BGP IPv6 SR-Policy address family neighbors.
Neighbors in the BGP IPv6 unicast address family are not necessary elements in a single-AS network. You can import routes from each other to realize the transmission of Locator/Loopback network segment routes in different IGP domains, without BGP transmission. However, in a multi-AS network, inter-AS Locator/Loopback network segment routes still need to be transmitted through BGP.
8.3.4 SRv6 BE design
There are two types of SRv6 trails: SRv6 BE and SRv6 TE. SRv6 BE can automatically calculate the path based on the shortest IGP path and the optimal BGP route without a controller. SRv6 TE tunnels require a controller to plan paths, which is suitable for services that require high path SLAs.
- Locator route release
In the SRv6 BE path, packets are forwarded along the shortest path according to the Locator route, which naturally supports ECMP.
In order to reduce the size of the routing table of edge nodes, it is necessary to plan the locators of the entire network in advance and allocate them level by level. Assign an independent large network segment to each pair of MC (Metro Core, metropolitan core) nodes, and reserve a certain amount of scalability. Assign a subnet segment to each pair of AGG from the network segment under the MC. Each ACC in the network segment is assigned a subnet segment.
- Introduction and aggregation of IS-IS routes
Through the following configuration, the route can be imported from isis 100 to isis 1 and aggregated. When importing, set the tag to 100 for the route, and set the routing policy to reject the route imported from isis 1 to isis 100 (the route with tag 1) , to prevent loops when routes refer to each other.
[~HUAWEI] isis 1
[*HUAWEI-isis-1] ipv6 import-route isis 100 route-policy 100TO1
[*HUAWEI-isis-1] ipv6 summary A1::1:0:0 96
[*HUAWEI-isis-1] quit
[*HUAWEI] route-policy 100TO1 deny node 10
[*HUAWEI-route-policy] if-match tag 1
[*HUAWEI-route-policy] quit
[*HUAWEI] route-policy 100TO1 permit node 20
[*HUAWEI-route-policy] apply tag 100
复制代码- SRv6 BE TI-LFA Protection
When designing an SRv6 solution, network reliability also needs to be considered, so a protection and fault recovery solution needs to be designed.
The intermediate nodes of the SRv6 BE path can protect the network through TI-LFA FRR in the IGP domain, and this protection has nothing to do with the topology. For possible micro-ring scenarios, fast switching can be achieved through the anti-micro-ring technology. Figure 8-20 shows the end-to-end reliability protection scenarios and technologies.
Figure 8-20 End-to-end reliability protection scenarios and technologies
The configuration examples of TI-LFA FRR and anti-microring are as follows.
[~HUAWEI-isis-1] display this
#
isis 1
is-level level-2
cost-style wide
network-entity 01.0000.0000.0007.00
avoid-microloop frr-protected
avoid-microloop frr-protected rib-update-delay 5000
#
ipv6 enable topology ipv6
segment-routing ipv6 locator SRv6_locator
ipv6 avoid-microloop segment-routing
ipv6 avoid-microloop segment-routing rib-update-delay 10000
ipv6 frr
loop-free-alternate level-2
ti-lfa level-2
#
复制代码After configuration, the router generates a backup path.
The configuration samples for verifying TI-LFA FRR and anti-microloop are as follows.
[~HUAWEI] display isis route ipv6 A1:: verbose
Route information for ISIS(1)
----------------------------
ISIS(1) Level-1 Forwarding Table
-------------------------------
IPV6 Dest : A1::/128 Cost: 20 Flags: A/-/-/
Admin Tag : - Src Count: 1 Priority: Low
NextHop : Interface: ExitIndex :
FE80::82B5:75FF:FE4C:3268 GE1/0/2 0x0000001e
SRv6 TI-LFA:
Interface : GE1/0/1
Nexthop : FE80::82B5:75FF:FE4C:2B1A IID:0x01000227
Backup sid Stack(Top->Bottom): {A2::5}
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set, LP-Local Prefix-Sid
复制代码The above is the content that needs to be considered and designed for the SRv6 BE deployment solution, which mainly includes two parts: route advertisement and protection solution deployment.
8.3.5 SRv6 TE Design
For services that require high path SLA, the controller needs to constrain path calculation and deploy SRv6 TE tunnels to ensure that the network meets service requirements.
The path calculation result of the controller for SRv6 TE can be a strict explicit path (each hop specifies the egress link), or a loose explicit path (only the egress links of some nodes are specified).
In the scenario of loose explicit paths, unspecified nodes may not support SRv6, but only need to support common IPv6 routing and forwarding. This is a major advantage of SRv6 over SR-MPLS. This advantage makes it easier for traditional IP/MPLS networks to evolve to SRv6 networks.
- SRv6 Policy
SRv6 Policy is a way to establish SRv6 TE tunnels. The controller can uniformly plan path constraints such as network delay and bandwidth based on Color. Nodes can complete the association between services and tunnels by comparing the Color attribute of the BGP route with the Color attribute of the SRv6 Policy.
- BGP-LS和BGP SRv6 Policy
BGP-LS is used to report topology information, SLA information, tunnel status information, and SR information to the controller. To reduce the number of BGP neighbors of the controller, it is recommended that the controller and RR establish BGP-LS neighbors, and then the RR establish BGP-LS neighbors with each node.
The controller uses BGP IPv6 SR-Policy to deliver the tunnel path to the forwarder. To reduce the number of BGP neighbors of the controller, it is recommended that the controller and RR establish BGP IPv6 SR-Policy neighbors, and then the RR establish BGP IPv6 SR-Policy neighbors with each node. At the same time, a BGP IPv6 SR-Policy message will only take effect on a specified service node. In order to reduce the diffusion range of the BGP IPv6 SR-Policy message, the RR needs to forward the BGP IPv6 SR issued by the controller to the specified service node only. Policy message.
Figure 8-21 Design method of BGP-SRv6 Policy neighbor relationship
A sample configuration of BGP-LS is as follows.
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 100::100 as-number 100
[*HUAWEI-bgp] link-state-family unicast
[*HUAWEI-bgp-af-ls] peer 100::100 enable
复制代码A sample configuration of BGP-SRv6 Policy is as follows.
[~HUAWEI] bgp 100
[*HUAWEI-bgp] ipv6-family sr-policy
[*HUAWEI-bgp-af-ipv6-srpolicy] peer 100::100 enable
复制代码- SRv6 Policy Path Computation
To meet service SLA requirements, SRv6 Policy paths need to be calculated based on constraints, including priority, bandwidth, affinity attributes, explicit paths, delay thresholds, active and standby paths, and path separation.
When the constraints are met, the optimal path calculation result may be the path calculation with the least overhead, the smallest delay, or the balanced bandwidth.
The path calculation of the SRv6 Policy can be performed centrally on the controller. The controller calculates a path that satisfies the constraints based on the defined Color information and the head and tail nodes, and delivers the path calculation result to the ingress node through the BGP IPv6 SR-Policy business node.
The configuration sample of SRv6 Policy is as follows.
[~HUAWEI] segment-routing ipv6
[~HUAWEI-segment-routing-ipv6] segment-list list1
[*HUAWEI-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 A2::1:0:0
[*HUAWEI-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 A3::1:0:0
[*HUAWEI-segment-routing-ipv6-segment-list-list1] commit
[~HUAWEI-segment-routing-ipv6-segment-list-list1] quit
[~HUAWEI-segment-routing-ipv6] srv6-te-policy locator SRv6_locator
[*HUAWEI-segment-routing-ipv6] srv6-te policy policy1 endpoint 3::3 color 101
[*HUAWEI-segment-routing-ipv6-policy-policy1] binding-sid A1::100
[*HUAWEI-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*HUAWEI-segment-routing-ipv6-policy-policy1-path] segment-list list1
复制代码- Reliability of SRv6 Policy
It is recommended to use SRv6 BE as the escape path of SRv6 Policy. That is to say, if SRv6 Policy fails, services are switched to the best-effort forwarding path on the SRv6 BE path.
Figure 8-22 SRv6 Policy tunnel reliability design for SRv6 TE
Compared with the SRv6 BE design, SRv6TE adds the design of TE path calculation and deployment.
8.3.6 VPN service design
When deploying VPN services based on SRv6, BGP can be used as a unified signaling control plane while providing Layer 2 or Layer 3 service connections without MPLS LDP.
From the perspective of protocol simplification, it is recommended to use EVPN to carry L3VPN and L2VPN in a unified manner in SRv6.
Figure 8-23 shows a typical VPN service deployment model.
Figure 8-23 Typical VPN service deployment model
- SRv6 EVPN L3VPN
SRv6 EVPN L3VPN is a commonly used SRv6 VPN technology in actual deployment. For SRv6 EVPN L3VPN, the configuration process is as follows.
① Configure the EVPN L3VPN instance and interface to access the L3VPN instance. The configuration example is as follows.
[~HUAWEI-vpn-instance-srv6_vpn2] display this
#
ip vpn-instance srv6_vpn2
ipv4-family
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity evpn
vpn-target 100:2 import-extcommunity evpn
#
[~HUAWEI-GigabitEthernet1/0/0.2] display this
#
interface GigabitEthernet1/0/0.2
vlan-type dot1q 2
ip binding vpn-instance srv6_vpn2
ip address 10.78.2.2 255.255.255.0
#
复制代码② Configure a BGP IPv6 neighbor and enable the neighbor under the EVPN address family. The configuration example is as follows.
[~HUAWEI-bgp] display this
#
bgp 100
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 2::2 enable
peer 2::2 advertise encap-type srv6
#
复制代码To apply SRv6, an IPv6 address needs to be used to establish a BGP neighbor, and the peer 2::2advertise encap-type srv6 command needs to be configured on the neighbor to enable SRv6 encapsulation.
③ To configure the VPN route to iterate the SRv6 BE path, it needs to be configured in the BGP VPN instance view. The configuration example is as follows.
[~HUAWEI-bgp-srv6_vpn1] display this
#
ipv4-family vpn-instance srv6_vpn1
import-route direct
advertise l2vpn evpn
segment-routing ipv6 locator SRv6_locator
segment-routing ipv6 best-effort
peer 10.78.1.1 as-number 65002
#
复制代码The segment-routing ipv6 locator command is used to specify the Locator to be used, and dynamically assign the End.DT4 SID to the EVPN L3VPN instance from the Locator. Use the segment-routing ipv6 best-effort command to specify that SRv6 BE paths are used to carry VPN services.
You can run the following commands to view the End.DT4 SID entries in the local SID table.
[~HUAWEI] display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : A1::1:0:9B/128 FuncType : End.DT4
VPN Name : srv6_vpn1 VPN ID : 2
LocatorName: SRv6_locator LocatorID: 1
SID : A1::1:0:9C/128 FuncType : End.DT4
VPN Name : srv6_vpn2 VPN ID : 5
LocatorName: SRv6_locator LocatorID: 1
Total SID(s): 2
复制代码④ It is also possible to statically configure the End.DT4 SID used by the VPN, as shown below.
[~HUAWEI-segment-routing-ipv6-locator] display this
#
locator SRv6_locator ipv6-prefix A1:: 64 static 32
opcode ::80 end-dt4 vpn-instance srv6_vpn1
#
复制代码Run the following command to view the statically configured End.DT4 SID.
[~HUAWEI] display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : A1::80/128 FuncType : End.DT4
VPN Name : srv6_vpn1 VPN ID : 2
LocatorName: SRv6_locator LocatorID: 1
SID : A1::1:0:9C/128 FuncType : End.DT4
VPN Name : srv6_vpn2 VPN ID : 5
LocatorName: SRv6_locator LocatorID: 1
Total SID(s): 2
复制代码It can be seen that after a static SID is configured for the VPN, the system automatically uses the static SID instead of dynamically assigning the SID.
After the configuration is complete, check the routing entry of the peer PE, and you can see that the route carries Prefix SID:A1::80.
<HUAWEI> display bgp vpnv4 vpn-instance srv6_vpn2 routing-table10.7.7.0
BGP local router ID : 10.37.112.122
Local AS number :100
VPN-Instance srv6_vpn2 Router ID 10.37.112.122:
Paths: 1 available, 1 best, 1 select, 0 best-external, 0 add-path
BGP routing table entry information of 10.78.1.0/24:
Route Distinguisher: 100:1
Remote-Cross route
Label information (Received/Applied): 3/NULL
From: 2::2 (10.37.112.119)
Route Duration: 0d00h29m01s
Relay IP NextHop: FE80::E45:BAFF:FE28:7258
Relay IP Out-Interface: GigabitEthernet1/0/2
Relay Tunnel Out-Interface:
Original NextHop: 1::1
Qos information : 0x0
Ext-Community: RT <100:1>
Prefix - sid: A1:: 80
AS-path Nil, origin incomplete, MED 0, local preference 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Originator: 10.37.112.117
Cluster List: 10.37.112.119
Advertised to such 1 peers:
10.79.1.1
复制代码- SRv6 EVPN E-line
For EVPN E-Line over SRv6, the configuration process is as follows.
① Configure an EVPN instance, the configuration sample is as follows.
[~HUAWEI-vpws-evpn-instance-srv6_vpws] display this
#
evpn vpn-instance srv6_vpws vpws
route-distinguisher 100:2
segment-routing ipv6 best-effort
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
复制代码② Configure an EVPL instance (EVPN E-Line instance) and specify it as SRv6 mode. The configuration example is as follows.
[~HUAWEI-evpl-srv6-1] display this
#
evpl instance 1 srv6-mode
evpn binding vpn-instance srv6_vpws
local-service-id 100 remote-service-id 200
segment-routing ipv6 locator SRv6_locator
#
复制代码The segment-routing ipv6 locator command is used to specify the Locator used by this EVPL instance, and dynamically assign the End.DX2 SID to the EVPN E-Line instance from the Locator. You can run the following command to view SID information.
[~HUAWEI] display segment-routing ipv6 local-sid end-dx2 forwarding
My Local-SID End.DX2 Forwarding Table
-------------------------------------
SID : A1::82/128 FuncType : End.DX2
EVPL ID : 1
LocatorName: SRv6_locator LocatorID: 1
Total SID(s): 1
复制代码You can also configure the SID of the EVPL instance statically. The configuration example is as follows.
[~HUAWEI-segment-routing-ipv6-locator] display this
#
locator SRv6_locator ipv6-prefix A1:: 64 static 32
opcode ::82 end-dx2 evpl-instance 1
#
复制代码③ Configure the interface to bind the EVPL instance. The configuration example is as follows.
[~HUAWEI-GigabitEthernet1/0/0.100] display this
#
interface GigabitEthernet1/0/0.100 mode l2
encapsulation dot1q vid 100
rewrite pop single
evpl instance 1
#
复制代码④ After the configuration is complete, execute the following command to check the AD route on the remote PE. You can see that the AD route carries Prefix SID:A1::82.
[~HUAWEI] display bgp evpn vpn-instance srv6_vpws routing-table ad-route 0000.0000.0000.0000.0000:100
BGP local router ID : 10.37.112.122
Local AS number : 100
EVPN-Instance srv6_vpws:
Number of A-D Routes: 1
BGP routing table entry information of 0000.0000.0000.0000.0000:100:
Route Distinguisher: 100:2
Remote-Cross route
Label information (Received/Applied): 3/NULL
From: 2::2 (10.37.112.119)
Route Duration: 0d06h07m06s
Relay IP NextHop: FE80::82B5:75FF:FE4C:326D
Relay IP Out-Interface: GigabitEthernet1/0/2
Relay Tunnel Out-Interface:
Original NextHop: 1::1
Qos information : 0x0
Ext-Community: RT <100 : 2>, EVPN L2 Attributes <MTU:1500 C:0 P:1B:0>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Originator: 10.37.112.117
Cluster list: 10.37.112.119
Prefix - sid: A1:: 82
Route Type: 1 (Ethernet Auto-Discovery (A-D) route)
ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 100
Not advertised to any peer yet
复制代码The configuration of EVPN E-LAN over SRv6 is roughly the same as the above-mentioned E-Line configuration. Due to space limitations, it will not be introduced here. Readers can read related Huawei product documents.
- EVPN SRv6 Policy
If EVPN traffic is to be forwarded through the SRv6 TE path, the following steps are required.
- Configure the EVPN service to iterate the SRv6 Policy tunnel.
- Configure tunnel policies.
- Refer to the tunnel policy under VPN.
- Add a Color property to the route.
The detailed configuration is introduced as follows.
① Configure the EVPN service to iterate the SRv6 Policy tunnel function.
The configuration sample corresponding to EVPN L3VPN is as follows.
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpn-instance srv6_vpn2
[*PE1-bgp-srv6_vpn2] segment-routing ipv6 traffic-engineer evpn
复制代码The configuration example corresponding to EVPN E-Line is as follows.
[*PE1] evpn vpn-instance srv6_vpws vpws
[*PE1-vpws-evpn-instance-srv6_vpws] segment-routing ipv6 traffic-engineer
复制代码② Configure the tunnel policy, the configuration sample is as follows.
[*PE1] tunnel-policy p1
[*PE1-tunnel-policy-p1] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
复制代码③ Refer to the tunnel policy under VPN.
The configuration sample corresponding to EVPN L3VPN is as follows.
[*PE1] ip vpn-instance srv6_vpn2
[*PE1-vpn-instance-srv6_vpn2] ipv4-family
[*PE1-vpn-instance-srv6_vpn2-af-ipv4] tnl-policy p1 evpn
复制代码The configuration example corresponding to EVPN E-Line is as follows.
[*PE1] evpn vpn-instance srv6_vpws vpws
[*PE1-vpws-evpn-instance-srv6_vpws] tnl-policy p1
复制代码④ Add the Color attribute to the route. The color in the route must be consistent with the color in the SRv6 policy before traffic can be introduced into the corresponding SRv6 policy. The Color attribute can be added to the egress routing policy of the PE at the route sending end, or can be added to the ingress routing policy of the PE at the route receiving end. Here, add it to the ingress routing policy of the PE at the route receiving end as an example. The sample is as follows.
[~PE1] route-policy color100 permit node 1
[*PE1-route-policy] apply extcommunity color 0:100
[*PE1-route-policy] quit
[*PE1] commit
[~PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2::2 route-policy color100 import
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit
复制代码After the configuration is complete, check the EVPN L3VPN routing table, and you can see that the remote private network route (10.7.7.0) has iterated to the SRv6 Policy.
[~PE1] display ip routing-table vpn-instance srv6_vpn2 10.7.7.0 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
-----------------------------------------------------------------
Routing Table : srv6_vpn2
Summary Count : 1
Destination: 10.7.7.0/24
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 2::2 Neighbour: 2::2
State: Active Adv Relied Age: 00h03m15s
Tag: 0 Priority: low
Label: 3 QoSInfo: 0x0
IndirectID: 0x10000E0 Instance:
RelayNextHop: 0.0.0.0 Interface: SRv6-TE Policy
TunnelID: 0x000000003400000001 Flags: RD
复制代码By viewing the EVPN E-Line status, you can see that the corresponding EVPL instance has iterated to the SRv6 Policy.
[~PE1] display bgp evpn evpl
Total EVPLs: 1 1 Up 0 Down
EVPL ID : 1
State : up
Evpl Type : srv6-mode
Interface : GigabitEthernet1/0/0.100
Ignore AcState : disable
Local MTU : 1500
Local Control Word : false
Local Redundancy Mode : all-active
Local DF State : primary
Local ESI : 0000.0000.0000.0000.0000
Remote Redundancy Mode : all-active
Remote Primary DF Number : 1
Remote Backup DF Number : 0
Remote None DF Number : 0
Peer IP : 2::2
Origin NextHop IP : 2::2
DF State : primary
Eline Role : primary
Remote MTU : 1500
Remote Control Word : false
Remote ESI : 0000.0000.0000.0000.0000
Tunnel info : 1 tunnels
NO.0 Tunnel Type : srv6te-policy, Tunnel ID : 0x000000003400000001
Last Interface UP Timestamp : 2019-8-14 3:21:34:196
Last Designated Primary Timestamp : 2019-8-14 3:23:45:839
Last Designated Backup Timestamp : -