- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
07-Public network IP over SRv6 configuration | 152.69 KB |
Configuring public network IP over SRv6
About public network IP over SRv6
Public network IP over SRv6 tasks at a glance
Applying a locator to a BGP instance
Configuring PEs to exchange BGP IPv4 or IPv6 unicast routes
Configuring IPv6 peers to exchange SRv6 SIDs
Configuring the route recursion mode
Specifying a source address for the outer IPv6 header of SRv6-encapsulated packets
Display and maintenance commands for public network IP over SRv6
Displaying and maintaining the running status of public network IP over SRv6
Public network IP over SRv6 configuration examples
Example: Configuring public network IPv6 over SRv6 in SRv6-BE mode
Configuring public network IP over SRv6
About public network IP over SRv6
Public network IP over SRv6 uses SRv6 tunnels to carry public network IP services. This technology establishes SRv6 tunnels among geographically dispersed customer sites over an IPv6 network and transparently forwards Layer 3 customer traffic to remote sites over the IPv6 network through the tunnels.
Basic principle
Figure 1 shows a typical public network IP over SRv6 network. PE 1 and PE 2 use BGP to advertise public IPv6 network routes to each other over the IPv6 backbone network. The PEs use an SRv6 tunnel between them to forward public network traffic across sites.
Public network IP over SRv6 connects geographically dispersed sites that belong to the public network over the IPv6 backbone network.
Route advertisement
Public network IPv4 over SRv6 and public network IPv6 over SRv6 use the same process to advertise routes. The following information uses public network IPv4 over SRv6 as an example to illustrate the process.
As shown in Figure 1, local routes of CE 1 are advertised to CE 2 by using the following process:
1. CE 1 uses static routing, RIP, OSPF, IS-IS, EBGP, or IBGP to advertise routes of the local site to PE 1.
2. After learning the route information of CE 1, PE 1 stores the routes of the local site to the routing table of the public network. At the same time, PE 1 converts the routes to BGP IPv4 unicast routes and adds the same End.DT4 or End.DT46 SID to the routes. Then, PE 1 advertises the BGP IPv4 unicast routes with the End.DT4 or End.DT46 SID to PE 2.
3. When PE 2 receives the IPv4 unicast routes advertised by PE 1, it adds the routes to the routing table of the public network. PE 2 removes the End.DT4 or End.DT46 SID information from the routes, records the End.DT4 or End.DT46 SID information, and then advertises the routes to CE 2.
4. By adding the received IPv4 unicast routes to the routing table, CE 2 learns the routes of CE 1.
Packet forwarding
Public network IP over SRv6 supports the following route recursion modes:
· SRv6-BE mode.
· SRv6-TE mode.
· SRv6-TE and SRv6-BE hybrid mode.
The packet forwarding process differs by the route recursion mode in use.
SRv6-BE mode
This mode is also called SID-based forwarding mode. In this mode, a PE forwards an SRv6 packet by searching the IPv6 routing table based on the SRv6 SID encapsulated in the packet.
Public network IPv4 over SRv6 and public network IPv6 over SRv6 use the same process to forward packets. The following information uses public network IPv4 over SRv6 as an example to illustrate the process.
As shown in Figure 1, CE 2 forwards an IPv4 packet to CE 1 as follows:
1. CE 2 sends the IPv4 packet to PE 2.
2. After PE 2 receives the packet, it searches for a route that matches the destination IPv4 address of the packet in the routing table of the public network. The corresponding End.DT4 or End.DT46 SID is found. Then, PE 2 encapsulates an outer IPv6 header for the packet. The End.DT4 or End.DT46 SID is encapsulated in the outer IPv6 header as the destination address.
3. PE 2 searches the IPv6 routing table based on the End.DT4 or End.DT46 SID for the optimal IGP route and forwards the packet to P through the route.
4. P searches the IPv6 routing table based on the End.DT4, End.DT46, or End.DX4 SID for the optimal IGP route and forwards the packet to PE 1 through the route.
5. When PE 1 receives the packet, it searches the local SID forwarding table for the SID and removes the outer IPv6 header. Then, PE 1 matches the packet to the public instance based on the SID, looks up the public network routing table, and forwards the packet to CE 1.
SRv6-TE mode
This mode is also called SRv6 TE policy-based forwarding mode. In this mode, when a PE forwards a customer packet, it first searches for a matching SRv6 TE policy based on the packet attributes. Then, the PE adds an SRH to the packet. The SRH includes the destination SRv6 SID and the SID list of the SRv6 TE policy. Finally, the PE forwards the encapsulated packet based on the SRv6 TE policy.
The following modes are available to steer traffic to an SRv6 TE policy:
· Color—The device searches for an SRv6 TE policy that has the same color and endpoint address as the color and nexthop address of a BGP route. If a matching SRv6 TE policy exists, the device recurses the BGP route to that SRv6 TE policy. When the device receives packets that match the BGP route, it forwards the packets through the SRv6 TE policy.
· Tunnel policy—The device searches the tunnel policies for a matching SRv6 TE policy based on the next hop of a matching route. Configure a preferred tunnel or load sharing tunnel policy that uses the SRv6 TE policy. In this way, the SRv6 TE policy will be used as the public tunnel to carry the SRv6 PW that forwards the packets of customer network packets.
For more information about tunnel policies, see MPLS Configuration Guide. For more information about SRv6 TE policies, see "Configuring SRv6 TE policies."
SRv6-TE and SRv6-BE hybrid mode
In this mode, the PE preferentially uses the SRv6-TE mode to forward a packet. If no SRv6 TE policy is available for the packet, the PE forwards the packet in SRv6-BE mode.
Public network IP over SRv6 tasks at a glance
To configure public network IP over SRv6, perform the following tasks:
1. Configuring route exchange between a PE and a CE
Configure an IPv4 routing protocol (static routing, RIP, OSPF, IS-IS, EBGP, or IBGP) or an IPv6 routing protocol (IPv6 static routing, RIPng, OSPFv3, IPv6 IS-IS, EBGP, or IBGP) to exchange routes between a PE and a CE
On the CE, configure an IPv4 or IPv6 routing protocol to advertise routes of the local site to the PE. For more information about routing protocol configurations, see Layer 3—IP Routing Configuration Guide.
2. Configuring route exchange between PEs
Perform this task to manually configure End.DT4, End.DT6, or End.DT46 SIDs.
b. Applying a locator to a BGP instance
Perform this task to use BGP IPv4 or IPv6 unicast routes to advertise SRv6 SIDs in the specified locator.
c. Configuring PEs to exchange BGP IPv4 or IPv6 unicast routes
d. Configuring IPv6 peers to exchange SRv6 SIDs
This feature enables PEs to exchange End.DT4, End.DT6, or End.DT46 SIDs through BGP IPv4 or IPv6 unicast routes.
e. (Optional.) Configuring BGP IPv4 or IPv6 unicast routes
For more information about configuring BGP IPv4 or IPv6 unicast routes, see BGP configuration in Layer 3—IP Routing Configuration Guide.
3. Configuring the route recursion mode
4. Specifying a source address for the outer IPv6 header of SRv6-encapsulated packets
This feature specifies the source address of the outer IPv6 header for SRv6 packets that are delivered between two public network sites over the backbone network.
Configuring SRv6 SIDs
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
3. Configure a locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length [ args args-length | static static-length ] * ]
4. Configure an opcode. Perform one of the following tasks:
¡ Configure End.DT4 SIDs.
opcode { opcode | hex hex-opcode } end-dt4
¡ Configure End.DT6 SIDs.
opcode { opcode | hex hex-opcode } end-dt6
¡ Configure End.DT46 SIDs.
opcode { opcode | hex hex-opcode } end-dt46
Applying a locator to a BGP instance
About this task
In the public network IP over SRv6 scenario, use this feature in BGP IPv4 or IPv6 unicast address family view to apply for SRv6 SIDs for IPv4 or IPv6 routes.
Use this feature if the device will use End.DT4, End.DT6, or End.DT46 SIDs to deliver public network traffic across sites.
Prerequisites
Before you perform this task, you must create the specified locator.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 or IPv6 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Apply a locator to the BGP instance.
segment-routing ipv6 locator locator-name [ auto-sid-disable ]
By default, no locator is applied to a BGP instance.
Configuring PEs to exchange BGP IPv4 or IPv6 unicast routes
Restrictions and guidelines
For more information about the commands in this task, see BGP in Layer 3—IP Routing Command Reference.
To ensure optimal route selection and SRv6 tunnel traffic forwarding, make sure a pair of PEs are not both IPv4 and IPv6 peers to each other.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify a remote PE as an IPv6 peer.
peer { group-name | ipv6-address [ prefix-length ] } as-number as-number
4. Specify a source interface (IPv6 address) for establishing TCP connections to an IPv6 peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } connect-interface interface-type interface-number
By default, BGP uses the output interface in the optimal route destined for a BGP peer or peer group as the source interface for establishing TCP connections.
5. Enter BGP IPv4 or IPv6 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
6. Enable BGP to exchange IPv4 or IPv6 unicast routing information with an IPv6 peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } enable
By default, BGP cannot exchange IPv4 or IPv6 unicast routing information with an IPv6 peer or peer group.
Configuring IPv6 peers to exchange SRv6 SIDs
About this task
Perform this task to configure IPv6 peers to exchange SRv6 SID information through BGP IPv4 or IPv6 unicast routes.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 or IPv6 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Enable BGP to exchange SRv6 SID information with an IPv6 peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } prefix-sid
By default, BGP cannot exchange SRv6 SID information with an IPv6 peer or peer group.
Configuring the route recursion mode
About this task
After a PE receives a customer packet destined for an SRv6 SID, it forwards the packet according to the route recursion mode.
· SRv6-BE mode—This mode is also called SID-based forwarding mode. In this mode, the PE first encapsulates the End.DT4, End.DT6, or End.DT46 SID into the packet. Then, the PE searches the IPv6 routing table based on the SID encapsulated in the packet to forward the packet.
· SRv6-TE mode—This mode is also called SRv6 TE policy-based forwarding mode. In this mode, the PE first searches for a matching SRv6 TE policy based on the packet attributes. Then, the PE adds an SRH to the packet. The SRH includes the End.DT4, End.DT6, or End.DT46 SID and the SID list of the SRv6 TE policy. Finally, the PE forwards the encapsulated packet through the SRv6 TE policy. For more information, see "Configuring SRv6 TE policies."
· SRv6-TE and SRv6-BE hybrid mode—In this mode, the PE preferentially uses the SRv6-TE mode to forward the packet. If no SRv6 TE policy is available for the packet, the PE forwards the packet in SRv6-BE mode.
Prerequisites
To use the SRv6-TE mode or the SRv6-TE and SRv6-BE hybrid mode, you must configure a tunnel policy and SRv6 TE policy. For more information, see tunnel policy configuration in MPLS Configuration Guide and "Configuring SRv6 TE policies."
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 or IPv6 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Configure the route recursion mode.
segment-routing ipv6 { best-effort | traffic-engineer | traffic-engineer best-effort }
By default, a PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Specifying a source address for the outer IPv6 header of SRv6-encapsulated packets
Restrictions and guidelines
To ensure correct traffic forwarding in the public network IPv6 over SRv6 scenario, you must specify a source address for the outer IPv6 header of SRv6-encapsulated packets.
You cannot specify a loopback address, link-local address, multicast address, or unspecified address as the source IPv6 address. You must specify an IPv6 address of the local device as the source IPv6 address, and make sure the IPv6 address has been advertised by a routing protocol. As a best practice, specify a loopback interface address of the local device as the source IPv6 address.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Specify a source address for the outer IPv6 header of SRv6-encapsulated packets.
encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
By default, no source address is specified for the outer IPv6 header of SRv6-encapsulated packets.
Display and maintenance commands for public network IP over SRv6
Resetting BGP sessions
For BGP setting changes to take effect, you must reset BGP sessions. Resetting BGP sessions updates BGP routing information by tearing down and re-establishing the BGP sessions.
Execute the command in this section in user view. For more information about the command, see BGP in Layer 3—IP Routing Command Reference.
Task |
Command |
Reset BGP sessions of the BGP IPv6 unicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 [ unicast ] |
Displaying and maintaining the running status of public network IP over SRv6
Execute display commands in any view and reset commands in user view.
For more information about the commands in this section, see BGP in Layer 3—IP Routing Command Reference.
Task |
Command |
Display BGP IPv6 unicast route information. |
display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] [ ipv6-address prefix-length [ advertise-info ] | as-path-acl as-path-acl-number | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } | peer ipv6-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] | statistics ] |
Clear flap statistics for BGP IPv6 unicast routes. |
reset bgp [ instance instance-name ] flap-info ipv6 [ unicast ] [ ipv6-address prefix-length | as-path-acl as-path-acl-number | peer ipv6-address [ prefix-length ] ] |
Public network IP over SRv6 configuration examples
Example: Configuring public network IPv6 over SRv6 in SRv6-BE mode
Network configuration
As shown in Figure 2, the backbone network is an IPv6 network. Deploy public network IPv6 over SRv6 between PE 1 and PE 2 and use an SRv6 tunnel to transmit IPv4 traffic between the PEs.
· Configure EBGP to exchange customer site routing information between the CEs and PEs.
· Configure IPv6 IS-IS on the PEs in the same AS to realize IPv6 network connectivity.
· Configure IBGP to exchange IPv4 routing information between the PEs.
Table 1 Interface and IP address assignment
Device |
Interface |
IP address |
Device |
Interface |
IP address |
CE 1 |
GE1/0/1 |
111::1/96 |
PE 2 |
Loop0 |
3::3/128 |
PE 1 |
Loop0 |
1::1/128 |
|
GE1/0/1 |
222:2/96 |
|
GE1/0/1 |
111::2/96 |
|
GE1/0/2 |
2002::1/96 |
|
GE1/0/2 |
2001::1/96 |
CE 2 |
GE1/0/1 |
222::1/96 |
P |
Loop0 |
2::2/128 |
|
|
|
|
GE1/0/1 |
2001::2/96 |
|
|
|
|
GE1/0/2 |
2002::2/96 |
|
|
|
Prerequisites
Configure IP addresses for the interfaces (including the Loopback interfaces), as shown in Figure 2.
Procedure
1. Configure IPv6 IS-IS on the PEs and device P for network connectivity between the devices:
# Configure PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] isis ipv6 enable
[PE1-GigabitEthernet1/0/2] quit
# Configure P.
<P> system-view
[P] isis
[P-isis-1] is-level level-1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 10.2222.2222.2222.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 0
[P-LoopBack0] isis ipv6 enable
[P-LoopBack0] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] isis ipv6 enable
[P-GigabitEthernet1/0/1] quit
[P] interface gigabitethernet 1/0/2
[P-GigabitEthernet1/0/2] isis ipv6 enable
[P-GigabitEthernet1/0/2] quit
# Configure PE 2.
<PE2> system-view
[PE2] isis
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.3333.3333.3333.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis ipv6 enable
[PE2-LoopBack0] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] isis ipv6 enable
[PE2-GigabitEthernet1/0/2] quit
2. Set up an EBGP peer relationship between each PE and its local CE and distribute CE routes to EBGP:
# Configure CE 1.
<CE1> system-view
[CE1] bgp 65410
[CE1-bgp-default] peer 111::2 as-number 100
[CE1-bgp-default] address-family ipv6 unicast
[CE1-bgp-default-ipv6] peer 111::2 enable
[CE1-bgp-default-ipv6] import-route direct
[CE1-bgp-default-ipv6] quit
[CE1-bgp-default] quit
# Configure CE 2 in the same way as CE 1 is configured. (Details not shown.)
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] peer 111::1 as-number 65410
[PE1-bgp-default] address-family ipv6 unicast
[PE1-bgp-default-ipv6] peer 111::1 enable
[PE1-bgp-default-ipv6] import-route direct
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# Configure PE 2 in the same way PE 1 is configured. (Details not shown.)
3. Set up an IBGP peer relationship between PE 1 and PE 2:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 0
[PE1-bgp-default] address-family ipv6 unicast
[PE1-bgp-default-ipv6] peer 3::3 enable
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family ipv6 unicast
[PE2-bgp-default-ipv6] peer 1::1 enable
[PE2-bgp-default-ipv6] quit
[PE2-bgp-default] quit
4. Specify a source address for the outer IPv6 header of SRv6-encapsulated public IP network packets on PE 1 and PE 2:
# Configure PE 1.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# Configure PE 2.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
5. Configure the destination address (End.DT4 SID) of the outer IPv6 header for SRv6-encapsulated public network IP packets:
# Configure PE 1.
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Configure PE 2.
[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8
[PE2-segment-routing-ipv6-locator-bbb] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
6. Add End.DT4 SIDs to public network routes of the customer sites on PE 1 and PE 2:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] address-family ipv6 unicast
[PE1-bgp-default-ipv6] segment-routing ipv6 locator aaa
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] address-family ipv6 unicast
[PE2-bgp-default-ipv6] segment-routing ipv6 locator bbb
[PE2-bgp-default-ipv6] quit
[PE2-bgp-default] quit
7. Enable IPv6 peers on the PEs to exchange End.DT4 SIDs and enable SRv6-BE route recursion mode:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] address-family ipv6 unicast
[PE1-bgp-default-ipv6] peer 3::3 prefix-sid
[PE1-bgp-default-ipv6] segment-routing ipv6 best-effort
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] address-family ipv6 unicast
[PE2-bgp-default-ipv6] peer 1::1 prefix-sid
[PE2-bgp-default-ipv6] segment-routing ipv6 best-effort
[PE2-bgp-default-ipv6] quit
[PE2-bgp-default] quit
Verifying the configuration
# Display IPv6 routing table information on the PEs and verify that each PE has a route destined for the remote CE and the next hop of the route is the End.DT4 SID of the route. This step uses PE 1 as an example.
[PE1] display ipv6 routing-table 222::1 96
Summary count : 1
Destination: 222::/96 Protocol : BGP4+
NextHop : 6:5:: Preference: 255
Interface : GE1/0/2 Cost : 0
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)