Segment Routing
SUMMARY The Juniper Cloud-Native Router provides support for Segment Routing (SR-MPLS and SRv6). Read this topic to understand the supported features.
Segment routing (SR) is a modern variant of source routing that simplifies the network by removing network state information from intermediate routers and instead adds path state information into packet headers in the forwarding plane. When a packet arrives at an SR ingress node, the ingress node subjects the packet to policy. The policy associates the packet with an SR path to its destination. The SR path is an ordered list of segments that connects an SR ingress node to an SR egress node. This SR path can be engineered to satisfy any number of constraints for example, link bandwidth, minimum path latency and more.
Segment Routing can leverage either MPLS or IPv6 in the forwarding plane. When Segment Routing uses the MPLS forwarding plane, it is referred to as SR-MPLS. SR-MPLS supports both an IPv4 and IPv6 underlay. When Segment Routing leverages an IPv6 forwarding plane, it is called SRv6. Review the SR-MPLS Day One Book and SRv6 Day One Book for more details.
Segment Routing can be used as a transport tunneling technology for interconnecting data centers for the next-generation Network Function Virtualization (NFV) based telco cloud, 5G, cloud WAN and content distribution networks (CDNs). It can provide multiple benefits in the following use cases:
-
Traffic Engineering— Segment Routing provides efficient and dynamic steering of traffic based on networking conditions to enable load balancing, congestion avoidance and better utilization of bandwidth. This results in improved network performance and user experience.
-
Network Slicing— Segment Routing creates virtualized network slices by enabling different services or tenants to coexist on the same physical infrastructure. Each network slice can have its own forwarding policies and resources, providing enhanced isolation and flexibility for diverse applications.
-
Service Function Chaining— Segment Routing enables flexible and dynamic service function chaining, where packets traverse a sequence of network services such as firewalls, load-balancing and more. It simplifies service deployments and enables on-demand service chaining by defining specific paths for packet flow.
-
Mobile Networks— Segment Routing optimizes traffic routing and handover procedures for a mobile network by enabling efficient path selection and reduced latency.
SR-MPLS
JCNR supports SR-MPLS for both IPv4 and IPv6 underlay. The cloud-native router can participate as a sending, receiving or transit router in SR-MPLS networks. It supports SR-MPLS implementation with or without penultimate hop popping (PHP), with and without overlay ECMP, and Explicit/Implicit NULL. Segment Routing Flexible Algorithm (Flex-Algo) is supported from JCNR Release 24.1 onwards. Review Segment Routing (IS-IS) for more information.
Configuring SR-MPLS on JCNR
Consider the following topology:
We want to segment routing in this network. PE1 is an ingress JCNR node, P is a transit JCNR node while PE2 is an egress JCNR node. We will configure a common segment routing global block (SRGB) range for all nodes. All nodes are assigned a segment ID (node SID) for both IPv4 and IPv6.
Use the configlet resource to configure the cRPD pods.
- JCNR Ingress (PE1) Configuration
- JCNR Transit (P) Configuration
- JCNR Egress (PE2) Configuration
- Verify SR-MPLS Configuration on JCNR
- Verify Configuration on JCNR Forwarding Plane
JCNR Ingress (PE1) Configuration
Configure the JCNR Ingress (PE1) router with the following configuration:
Configure the interfaces:
set interfaces ens192 unit 0 family inet address 172.16.0.11/24 set interfaces ens192 unit 0 family inet6 address 172::11/64 set interfaces ens192 unit 0 family iso set interfaces ens192 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.168.1.11/32 set interfaces lo0 unit 0 family inet6 address 192::11/128 set interfaces lo0 unit 0 family iso address 49.0002.0190.0160.0019.00 set interfaces lo0 unit 0 family mpls
Configure IS-IS:
set protocols isis interface ens192 set protocols isis interface lo0.0 set protocols isis level 1 disable
Configure routing options:
set routing-options route-distinguisher-id 192.168.1.11 set routing-options router-id 192.168.1.11 set routing-options autonomous-system 64512
Configure MPLS protocol on the interfaces:
set protocols mpls ipv6-tunneling set protocols mpls interface ens192 set protocols mpls interface lo0.0
Configure BGP neighbors:
set protocols bgp group sr_mpls type internal set protocols bgp group sr_mpls multihop set protocols bgp group sr_mpls local-address 192.168.1.11 set protocols bgp group sr_mpls family inet-vpn unicast set protocols bgp group sr_mpls family inet6-vpn unicast set protocols bgp group sr_mpls local-as 64512 set protocols bgp group sr_mpls neighbor 192.168.3.13
Configure the start label and index range of SRGB:
set protocols isis source-packet-routing srgb start-label 16000 set protocols isis source-packet-routing srgb index-range 23999
Configure the IPv4 and IPv6 node segment ID:
set protocols isis source-packet-routing node-segment ipv4-index 11 set protocols isis source-packet-routing node-segment ipv6-index 111
Optionally, configure the explicit null label:
set protocols isis source-packet-routing explicit-null
JCNR Transit (P) Configuration
Configure the JCNR Transit (P) router with the following configuration:
Configure the interfaces:
set interfaces ens192 unit 0 family inet address 172.16.0.12/24 set interfaces ens192 unit 0 family inet6 address 172::12/64 set interfaces ens192 unit 0 family iso set interfaces ens192 unit 0 family mpls set interfaces ens224 unit 0 family inet address 172.16.1.12/24 set interfaces ens224 unit 0 family inet6 address 172::112/64 set interfaces ens224 unit 0 family iso set interfaces ens224 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.168.2.12/32 set interfaces lo0 unit 0 family inet6 address 192::12/128 set interfaces lo0 unit 0 family iso address 49.0002.0190.0160.0020.00 set interfaces lo0 unit 0 family mpls
Configure IS-IS:
set protocols isis interface ens192 set protocols isis interface ens224 set protocols isis interface lo0.0 set protocols isis level 1 disable
Configure routing options:
set routing-options route-distinguisher-id 192.168.2.12 set routing-options router-id 192.168.2.22 set routing-options autonomous-system 64512
Configure MPLS protocol on the interfaces:
set protocols mpls interface ens192 set protocols mpls interface lo0.0 set protocols mpls interface ens224
Configure the start label and index range of SRGB:
set protocols isis source-packet-routing srgb start-label 16000 set protocols isis source-packet-routing srgb index-range 23999
Configure the IPv4 and IPv6 node segment ID:
set protocols isis source-packet-routing node-segment ipv4-index 11 set protocols isis source-packet-routing node-segment ipv6-index 111
JCNR Egress (PE2) Configuration
Configure the JCNR Egress (PE2) router with the following configuration:
Configure the interfaces:
set interfaces ens192 unit 0 family inet address 172.16.1.13/24 set interfaces ens192 unit 0 family inet6 address 172::13/64 set interfaces ens192 unit 0 family iso set interfaces ens192 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.168.3.13/32 set interfaces lo0 unit 0 family inet6 address 192::13/128 set interfaces lo0 unit 0 family iso address 49.0002.0190.0160.0021.00 set interfaces lo0 unit 0 family mpls
Configure IS-IS:
set protocols isis interface ens192 set protocols isis interface lo0.0 set protocols isis level 1 disable
Configure routing options:
set routing-options route-distinguisher-id 192.168.3.13 set routing-options router-id 192.168.3.13 set routing-options autonomous-system 64512
Configure MPLS protocol on the interfaces:
set protocols mpls ipv6-tunneling set protocols mpls interface ens192 set protocols mpls interface lo0.0
Configure BGP neighbors:
set protocols bgp group sr_mpls type internal set protocols bgp group sr_mpls multihop set protocols bgp group sr_mpls local-address 192.168.3.13 set protocols bgp group sr_mpls family inet-vpn unicast set protocols bgp group sr_mpls family inet6-vpn unicast set protocols bgp group sr_mpls local-as 64512 set protocols bgp group sr_mpls neighbor 192.168.1.11
Configure the start label and index range of SRGB:
set protocols isis source-packet-routing srgb start-label 16000 set protocols isis source-packet-routing srgb index-range 23999
Configure the IPv4 and IPv6 node segment ID:
set protocols isis source-packet-routing node-segment ipv4-index 13 set protocols isis source-packet-routing node-segment ipv6-index 113
Optionally, configure the explicit null label:
set protocols isis source-packet-routing explicit-null
Verify SR-MPLS Configuration on JCNR
The following commands can be used to verify the SRv6 configuration on cRPD:
user@pe1> show isis database detail
IS-IS level 1 link-state database:
IS-IS level 2 link-state database:
pe1.00-00 Sequence: 0x125, Checksum: 0xce5c, Lifetime: 590 secs
IPV4 Index: 11, IPV6 Index: 111
Node Segment Blocks Advertised:
Start Index : 0, Size : 23999, Label-Range: [ 16000, 39998 ]
IS neighbor: node2.02 Metric: 10
LAN IPv4 Adj-SID: 16, Weight: 0, Neighbor: node3, Flags: --VL--
LAN IPv6 Adj-SID: 17, Weight: 0, Neighbor: node3, Flags: F-VL--
IP prefix: 172.16.0.0/24 Metric: 10 Internal Up
IP prefix: 192.168.1.11/32 Metric: 0 Internal Up
V6 prefix: 172::/64 Metric: 10 Internal Up
V6 prefix: 192::11/128 Metric: 0 Internal Up
V6 prefix: fe80::50c8:9dff:fee2:4655/128 Metric: 0 Internal Up
pe1.02-00 Sequence: 0x11f, Checksum: 0x4305, Lifetime: 468 secs
IS neighbor: node2.00 Metric: 0
IS neighbor: node3.00 Metric: 0
p.00-00 Sequence: 0x83, Checksum: 0xcd5e, Lifetime: 506 secs
IPV4 Index: 12, IPV6 Index: 112
Node Segment Blocks Advertised:
Start Index : 0, Size : 23999, Label-Range: [ 16000, 39998 ]
IS neighbor: node2.02 Metric: 10
LAN IPv4 Adj-SID: 16, Weight: 0, Neighbor: node2, Flags: --VL--
LAN IPv6 Adj-SID: 17, Weight: 0, Neighbor: node2, Flags: F-VL--
IS neighbor: node3.02 Metric: 10
LAN IPv4 Adj-SID: 20, Weight: 0, Neighbor: node4, Flags: --VL--
LAN IPv6 Adj-SID: 21, Weight: 0, Neighbor: node4, Flags: F-VL--
IP prefix: 172.16.0.0/24 Metric: 10 Internal Up
IP prefix: 172.16.1.0/24 Metric: 10 Internal Up
IP prefix: 192.168.2.12/32 Metric: 0 Internal Up
V6 prefix: 172::/64 Metric: 10 Internal Up
V6 prefix: 192::12/128 Metric: 0 Internal Up
V6 prefix: fe80::50e4:70ff:fe46:76dd/128 Metric: 0 Internal Up
p.02-00 Sequence: 0x78, Checksum: 0xf2e5, Lifetime: 1156 secs
IS neighbor: node3.00 Metric: 0
IS neighbor: node4.00 Metric: 0
pe2.00-00 Sequence: 0x76, Checksum: 0xb5bf, Lifetime: 644 secs
IPV4 Index: 13, IPV6 Index: 113
Node Segment Blocks Advertised:
Start Index : 0, Size : 23999, Label-Range: [ 16000, 39998 ]
IS neighbor: node3.02 Metric: 10
LAN IPv4 Adj-SID: 16, Weight: 0, Neighbor: node3, Flags: --VL--
LAN IPv6 Adj-SID: 17, Weight: 0, Neighbor: node3, Flags: F-VL--
IP prefix: 172.16.1.0/24 Metric: 10 Internal Up
IP prefix: 192.168.3.13/32 Metric: 0 Internal Up
V6 prefix: 172::/64 Metric: 10 Internal Up
V6 prefix: 192::13/128 Metric: 0 Internal Up
V6 prefix: fe80::3c1e:39ff:fe28:1a8a/128 Metric: 0 Internal Upuser@pe1> show route table inet.3
inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.2.12/32 *[L-ISIS/14] 1d 01:20:51, metric 10
> to 172.16.0.12 via ens192
192.168.3.13/32 *[L-ISIS/14] 1d 00:59:01, metric 20
> to 172.16.0.12 via ens192, Push 16013user@p> show route table mpls.0
mpls.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 1d 02:05:44, metric 1
Receive
1 *[MPLS/0] 1d 02:05:44, metric 1
Receive
2 *[MPLS/0] 1d 02:05:44, metric 1
Receive
13 *[MPLS/0] 1d 02:05:44, metric 1
Receive
16 *[L-ISIS/14] 1d 01:12:40, metric 0
> to 172.16.0.11 via ens192, Pop
16(S=0) *[L-ISIS/14] 1d 01:12:40, metric 0
> to 172.16.0.11 via ens192, Pop
17 *[L-ISIS/14] 1d 01:12:40, metric 0
> to fe80::250:56ff:fea9:5f96 via ens192, Pop
17(S=0) *[L-ISIS/14] 1d 01:12:40, metric 0
> to fe80::250:56ff:fea9:5f96 via ens192, Pop
20 *[L-ISIS/14] 1d 01:13:06, metric 0
> to 172.16.1.13 via ens224, Pop
20(S=0) *[L-ISIS/14] 1d 01:13:06, metric 0
> to 172.16.1.13 via ens224, Pop
21 *[L-ISIS/14] 1d 01:13:06, metric 0
> to fe80::250:56ff:fea9:5dc via ens224, Pop
21(S=0) *[L-ISIS/14] 1d 01:13:06, metric 0
> to fe80::250:56ff:fea9:5dc via ens224, Pop
16011 *[L-ISIS/14] 1d 01:00:38, metric 10
> to 172.16.0.11 via ens192, Swap 0
16011(S=0) *[L-ISIS/14] 1d 01:12:40, metric 10
> to 172.16.0.11 via ens192, Pop
16013 *[L-ISIS/14] 1d 01:00:24, metric 10
> to 172.16.1.13 via ens224, Swap 0
16013(S=0) *[L-ISIS/14] 1d 01:12:57, metric 10
> to 172.16.1.13 via ens224, Pop
16111 *[L-ISIS/14] 1d 01:00:38, metric 10
> to fe80::250:56ff:fea9:5f96 via ens192, Swap 2
16111(S=0) *[L-ISIS/14] 1d 01:12:40, metric 10
> to fe80::250:56ff:fea9:5f96 via ens192, Pop
16113 *[L-ISIS/14] 1d 01:00:24, metric 10
> to fe80::250:56ff:fea9:5dc via ens224, Swap 2
16113(S=0) *[L-ISIS/14] 1d 01:12:57, metric 10
> to fe80::250:56ff:fea9:5dc via ens224, Pop Verify Configuration on JCNR Forwarding Plane
Verify the traffic flow via the vRouter on each PE node:
user@pe1# mpls --dump
MPLS Input Label Map
Label NextHop
-------------------
0 26
1 26
2 26
13 26
16 27
17 28
16012 27
16013 29
16112 28
16113 30user@pe1# mpls --get 16013 MPLS Input Label Map Label NextHop ------------------- 16013 29
user@pe1# nh --get 29
Id:29 Type:Tunnel Fmly: AF_MPLS Rid:0 Ref_cnt:2 Vrf:0
Flags:Valid, Policy, Etree Root, MPLS,
Oif:1 Len:14 Data:00 50 56 a9 10 fa 00 50 56 a9 5f 96 88 47 Number of Transport Labels:1 Transport Labels:16013, user@pe1# mpls --get 16
MPLS Input Label Map
Label NextHop
-------------------
16 27user@pe1# nh --get 27
Id:27 Type:Encap Fmly:AF_INET/6 Rid:0 Ref_cnt:6 Vrf:0
Flags:Valid, Policy, Etree Root,
EncapFmly:0806 Oif:1 Len:14
Encap Data: 00 50 56 a9 10 fa 00 50 56 a9 5f 96 SRv6
SRv6 is a segment routing paradigm that is applied to an IPv6 underlay with a new IPv6 extension header called Segment Routing Header (SRH). SRv6 leverages existing IPv6 forwarding technology to encode network programming instructions, also known as Segment Identifiers (SIDs). In SRv6, the SIDs are represented as IPv6 addresses when compared with SR-MPLS where SIDs are encoded as SR-MPLS labels. An SRv6 SID is 128 bits and consists of the following components:
|
Component |
Description |
|---|---|
|
Locator |
First part of an SID that identifies the address of an SRv6 node. It is a network address that provides route to its parent node and is installed in inet6.0 table by the IS-IS protocol. IS-IS routes the segment to its parent node, which performs a function that is defined in the second part of the SID. It is 64 bits in length. |
|
Function |
Second part of an SID that defines the function that a node (identified by the locator) performs, such as: End: Endpoint function for SRv6 instantiation of a Prefix SID [RFC8402] End.X: Endpoint with L3 cross-connect function for SRv6 instantiation of an Adjacent SID [RFC8402] End.DT4: Endpoint with decapsulation and specific IPv4 table lookup function for SRv6 instantiation of Global or IPv4 L3VPN (transport IPv4 services over SRv6 underlay) End.DT6: Endpoint with decapsulation and specific IPv6 table lookup function for SRv6 instantiation of Global or IPv6 L3VPN (Transport IPv6 services over SRv6 underlay) End.DT46: Endpoint with decapsulation and specific IP table lookup function for SRv6 instantiation of Global, IPv4 or IPv6 L3VPN (Transport both IPv4 and IPv6 services over SRv6 underlay). It is shared across IPv4 and IPv6 prefixes. The End SID behavior can be specified through flavors such as Penultimate Segment Pop (PSP), Ultimate Segment Pop (USP), and Ultimate Segment Decapsulation (USD). The Function component is 16 bits in length. |
|
Argument |
A variable length field that provides additional information about the forwarding action. Can be maximum 48 bits in length. |
BBBB:BBBB:<uSID1>:<uSID2>:<uSID3>:<uSID4>:<uSID5>:<uSID6>
where
BBBB:BBBB/32 represents the prefix or block assigned by an operator
within an SR domain. Various prefix lengths are supported including
/16, /32, /48, /64
blocks. A /32 block is most commonly used. The blocks can either be a
Global Identifier Block (GIB) or a Local Identifier Block (LIB). The GIB represents a
globally unique range of uSIDs allocated from a public or reserved address space
specifically designated for SRv6 deployments. The LIB is assigned by a specific network node
within the SR domain and applicable only within the node's local context. The
uSIDx represents the individual 16-bit uSIDs that can either be from the
GIB or LIB. The uSIDs implement the following functions:
-
uN: Micro-node-SID that maps to the ultimate destination (End).
-
uA: Micro-adjacency-SID that has adjacency specific behavior (End.X)
-
uDT: Micro-service-SID that is domain specific information (End.DT4, End.DT6, End.DT46)
JCNR supports the following SRv6 functionalities:
|
Functionalities |
Notes |
|---|---|
|
SRv6 L3VPN with uSID |
uSID Types: Global uSID, Local uSID uSID encoding in Destination Address |
| Block and uSID sizes |
Support for /16, /32, /48, /64 blocks |
|
JCNR SRv6 Node Types and Micro-instructions |
Ingress: SRv6 Encapsulation in Destination Address (SRH is not required) Transit: IPv6 forwarding if Ingress node is JCNR; Shift and forward if Ingress node is non-JCNR Egress: Decpasulate and execute the SID service function |
|
SR Endpoints (Functions) |
End, End.X, End.DT4, End.DT6, and End.DT46 |
| uSID Behavior |
uN, uDT |
|
Failure Recovery |
Control plane initiated failure recovery (alternative path as next hop) |
|
Feature |
Description |
|---|---|
|
SRv6 uSID underlay tunnels via IS-IS |
IS-IS brings up Best Effort tunnel to advertised locators and programs them in inet6.3 table. |
|
SRv6 uSID underlay tunnels via IS-IS with ECMP paths |
IS-IS brings up Best Effort tunnel to advertised locators and programs them in inet6.3 table. The tunnels can have ECMP forwarding paths. |
|
Routes for BGP internet prefixes advertised with uN SID |
BGP internet prefixes advertised with uN SIDs will resolve over corresponding locators (SRv6 uSID underlay tunnels). The underlay routes can have a single gateway or ECMP. |
|
Multipath routes for BGP internet prefixes advertised with uN SID |
Multiple Provide Edge (PE) routers could originate the same internet prefix (multihoming) that can lead to BGP multipath at the ingress PE. Each multipath route resolves over underlay SRv6 tunnels that have either a single gateway or ECMP. |
|
Routes for L3VPN prefixes advertised with uN SID |
L3VPN prefixes advertised with uN SIDs will resolve over corresponding locators (SRV6 uSID underlay tunnels). These underlay routes can have a single gateway or have ECMP. |
|
Multipath routes for L3VPN prefixes advertised with uN SID |
Multiple PEs could originate the same L3VPN prefix (multihoming) and this can lead to BGP multipath at the ingress PE. Each multipath route resolves over the underlay SRv6 tunnels that have either a single gateway or ECMP. |
|
BGP intent routes over flex-algorithm IS-IS tunnels |
Flex algorithm uSIDs can be advertised via IS-IS with SRv6 underlay tunnels created. BGP internet prefixes and L3VPN prefixes with uSIDs can resolve over the underlay tunnels. These prefixes can be non-intent (without any color-community attached to them). The prefixes are resolved over SRV6 underlay tunnels installed in inet6.3 table. |
|
BGP intent routes over flex-algorithm IS-IS tunnels with fallback mechanism |
Flex algorithm uSIDs can be advertised via IS-IS with SRv6 underlay tunnels created. The BGP internet prefixes and L3VPN prefixes with uSIDs can resolve over the underlay tunnels. These prefixes can be intent (with a color-community attached to them). The prefixes are resolved over SRv6 underlay tunnels installed in junos-rti-tc-<color>.inet6.3 table, where color corresponds to the color in the color-community advertised with the prefix. If the prefix resolution does not happen over the junos-rti-tc-<color>.inet6.3 table, it can resolve over flex-algorithm underlay tunnel installed in inet6.3 table, thus providing a fallback mechanism. |
|
Support for programming uN SID and forwarding packets based on the uN SID routes |
We support programming uN SID routes in inet6.0 table. This facilitates forwarding of packets that have uN SIDs as a part of their destination address. Note that packets having Segment Routing Header (SRH) is not supported currently. |
|
Supported SID Functionalities |
uN SID shift and lookup (flavor type uDT for IPv4 uDT for IPv6 uDT for IPv4 and IPv6 |
|
Locator summarization and leaking |
Locator summarization and leaking is an advantage of SRv6 over SR-MPLS. An L1-L2 may summarize locators from other levels and leak them to another level. Locator leaking can happen even without summarization. |
- Configuring SRv6 in JCNR
- Verify SRv6 Configuration on JCNR
- Verify Packet Flow via JCNR Forwarding Plane
Configuring SRv6 in JCNR
Consider the following topology:
We want to enable communication between hosts 10.1.1.1/32 and 10.2.2.2/32 via an SRv6 tunnel. PE1 is an ingress JCNR node, P is transit JCNR node while PE2 is an egress JCNR node. PE1, P, and PE2 advertise their uSIDs (shown in the figure) via IS-IS along with overlay prefixes via BGP to each other. CE1 initiates the packet flow to the ingress node (PE1). PE1 encapsulates the source packet with the SRv6 header while setting the destination address to the uSID of the egress node (PE2). Since JCNR is the ingress node in this topology, the transit node (P) simply forwards the IPv6 packet. The egress node (PE2) is configured with a micro-service-SID (uDT) to decapsulate the packet and lookup a specific IP table to route the packet to CE2.
The configuration of SRv6 in JCNR includes the micro-SID block configuration, micro-SID locator configuration, micro-node-SID (uN) configuration in IS-IS and micro-service-SID (uDT) configuration in BGP.
Configure the JCNR control plane for SRv6. For brevity, we will cover the configuration for the egress JCNR node (PE2) in this example. The configuration for other nodes is similar.
Configure the micro-SID block and optionally the maximum number of local static SIDs (default value is 0, must be configured if using static uSIDs):
user@PE2# set routing-options source-packet-routing srv6 block blk16_1 2001:db8::/32 user@PE2# set routing-options source-packet-routing srv6 block blk16_1 local-micro-sid maximum-static-sids 2000
Configure the micro-SID locator:
user@PE2# set routing-options source-packet-routing srv6 locator myloc 2001:db8:4600::/48 user@PE2# set routing-options source-packet-routing srv6 locator myloc micro-sid block-name blk16_1 user@PE2# set routing-options source-packet-routing srv6 locator myloc micro-sid flavor none
Configure micro-node-SID (uN SID) in IS-IS to advertise locator TLV and micro-node-SID:
user@PE2# set protocols isis source-packet-routing srv6 locator myloc micro-node-sid
There are two ways to configure micro-service-SIDs. The first is only BGP, which enables one set of dt4, dt6, and dt46 uSIDs to be configured per BGP instance. The uSID can either be static or dynamically allocated. The second way is to configure an export policy to specify the micro-service-SID used by a prefix or the locator to derive the micro-service-SID from. BGP is configured via the
non-defaultkeyword. An example for each method is provided below. You must use only one of them for a set of dt4, dt6, and dt46 uSIDs.Static default micro-service-SID for IPv4 services. Note that the static uSID must be in the
maximum-static-sidsrange defined in Step 1:user@PE2# set routing-instances pe-2 protocols bgp source-packet-routing srv6 locator myloc micro-dt4-sid 0xF831
Set auto-allocated default micro-service-SID for IPv4 services:
user@PE2# set routing-instances pe-2 bgp source-packet-routing srv6 locator myloc micro-dt4-sid
Set non-default micro-service-SID with BGP export policy:
user@PE2# set routing-instances pe-2 bgp source-packet-routing srv6 locator myloc micro-dt4-sid non-default
user@PE2# set policy-options policy-statement EXPORT_BGP_SRV6 term 1 then srv6 locator myloc user@PE2# set policy-options policy-statement EXPORT_BGP_SRV6 term 1 then srv6 micro-dt4-sid
Configure BGP to advertise SRv6 service. An example for family
inetis provided below:user@PE2# set protocols bgp group CNIv6 family inet unicast advertise-srv6-service user@PE2# set protocols bgp group CNIv6 family inet unicast accept-srv6-service
Verify SRv6 Configuration on JCNR
The following commands can be used to verify the SRv6 configuration on cRPD:
user@host> show srv6 block blk16_1
Block: blk16_1
Block Prefix: 2001:db8::, Block length: 32, Micro-sid length: 16
Global Micro SIDs:
Static SID range: 0x0-0xDFFF, Dynamic SID range: -
Allocated static SID count: 1, Allocated dynamic SID count: 0
Available static SID count: 57343, Available dynamic SID count: 0
Local Micro SIDs:
Static SID range: 0xF830-0xFFFF, Dynamic SID range: 0xE000-0xFFFF
Allocated static SID count: 0, Allocated dynamic SID count: 0
Available static SID count: 2000, Available dynamic SID count: 8192user@host> show srv6 locator Locator: myloc Locator prefix: 2001:db8:4600::, Locator length: 48 Block length: 32, Node length: 16 Function length: 16, Argument length: 0 Micro SID Locator, Flavor [ None ] Micro SID Block Name: blk16_1
user@host> show isis overview
Instance: master
Router ID: 10.1.1.1
IPv6 Router ID: ::10.1.1.1
...
Source Packet Routing (SPRING): Enabled
Node Segments: Disabled
SRv6: Enabled
Locator: 2001:db8:4600::/48, Algorithm: 0
micro-node-SID: 2001:db8:4600::, Flavor: None
...user@host> show isis database extensive
IS-IS level 1 link-state database:
...
SRv6 Locator: 2001:db8:4600::/48, Metric: 0, MTID: 0, Flags: 0x0, Algorithm: 0
SRv6 SID: 2001:db8:4600::, Flavor: None
sid-structure-sub-sub-tlv: Block-length:32, Node-length:16
...Verify Packet Flow via JCNR Forwarding Plane
Verify the traffic flow via the vRouter on each PE node:
Ingress SRv6 node (PE1)
[user@PE1 /]# flow --match 10.1.1.1 Flow table(size 161218560, entries 629760) Entries: Created 300 Added 300 Deleted 400 Changed 600Processed 300 Used Overflow entries 0 (Created Flows/CPU: 0 0 0 0 0 0 0 0 0 0 0 72 87 72 69)(oflows 0) Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port) Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified Dm=Delete Marked TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead Stats:Packets/Bytes Listing flows matching ([10.1.1.1]:*) Index Source:Port/Destination:Port Proto(V) ----------------------------------------------------------------------------------- 231600<=>349580 10.1.1.1:1024 6 (98) 10.2.2.2:1024 (Gen: 3, K(nh):98, Action:F, Flags:, TCP:, QOS:-1, S(nh):0, Stats:77632/8228992, SPort 63335, TTL 0, Sinfo 22.0.0.0) 349580<=>231600 10.2.2.2:1024 6 (98) 10.1.1.1:1024 (Gen: 3, K(nh):98, Action:F, Flags:, TCP:, QOS:-1, S(nh):623, Stats:0/0, SPort 63397, TTL 0, Sinfo 0.0.0.0)[user@PE1 /]# rt --get 10.2.2.2/32 --vrf 98 Match 10.2.2.2/32 in vRouter inet4 table 0/98/unicast Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP, Ml=MAC-IP learnt route vRouter inet4 routing table 0/98/unicast Destination PPL Flags Label Nexthop Stitched MAC(Index) 10.2.2.0/24 0 LPT - 623 -
[user@PE1 /]# nh --get 623 Id:623 Type:Tunnel Fmly:AF_INET6 Rid:0 Ref_cnt:2 Vrf:0 Flags:Valid, Policy, Etree Root, SRv6, Oif:2 Len:14 Data:40 a6 b7 a0 ef f1 50 7c 6f 48 9c 89 86 dd Sip: abcd:44:44:44::44 Block Len:32 Block: 2001:db8:: Number of Containers:1 Container Dips:[1]: 2001:db8:4600:e001::Note that the next hop for traffic to 10.2.2.2/32 is an SRv6 tunnel with Destination IP:
2001:db8:4600:e001::(The uSID of egress node)Transit SRv6 node (P)
[user@P /]# flow --match 2001:db8:4600:e001:: Flow table(size 161218560, entries 629760) Entries: Created 300 Added 300 Deleted 400 Changed 600Processed 300 Used Overflow entries 0 (Created Flows/CPU: 0 0 0 0 0 0 0 0 0 0 0 72 87 72 69)(oflows 0) Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port) Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified Dm=Delete Marked TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead Stats:Packets/Bytes Listing flows matching ([2001:db8:4600:e001::]:*) Index Source:Port/Destination:Port Proto(V) ----------------------------------------------------------------------------------- 137640<=>238208 abcd:44:44:44::44:0 4 (0) 2001:db8:4600:e001:::0 (Gen: 1, K(nh):0, Action:F, Flags:, QOS:-1, S(nh):0, Stats:81560/11907760, SPort 53031, TTL 0, Sinfo 0.0.0.0) 238208<=>137640 2001:db8:4600:e001:::0 4 (0) abcd:44:44:44::44:0 (Gen: 1, K(nh):0, Action:F, Flags:, QOS:-1, S(nh):0, Stats:0/0, SPort 55361, TTL 0, Sinfo 0.0.0.0)[user@P /]# rt --get 2001:db8:4600:e001::/128 --vrf 0 --family inet6 rt --get fcbb:bb01:4600:e001::/128 --vrf 0 --family inet6 Match fcbb:bb01:4600:e001::/128 in vRouter inet6 table 0/0/unicast Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP, Ml=MAC-IP learnt route vRouter inet6 routing table 0/0/unicast Destination PPL Flags Label Nexthop Stitched MAC(Index) 2001:db8:4600::/48 0 T - 80 -
[user@P /]# nh --get 80 Id:80 Type:Encap Fmly:AF_INET/6 Rid:0 Ref_cnt:11 Vrf:0 Flags:Valid, Policy, Etree Root, EncapFmly:0806 Oif:7 Len:14 Encap Data: 50 7c 6f 48 83 79 40 a6 b7 a0 f9 3bNote that P only forwards the IPv6 packet.
Egress SRv6 node (PE2)
[root@PE2 /]# rt --get 2001:db8:4600:e001::/128 --vrf 0 --family inet6 Match 2001:db8:4600:e001::/128 in vRouter inet6 table 0/0/unicast Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP, Ml=MAC-IP learnt route vRouter inet6 routing table 0/0/unicast Destination PPL Flags Label Nexthop Stitched MAC(Index) 2001:db8:4600:e001::/80 0 T - 72 -
[root@PE2 /]# nh --get 72 Id:72 Type:Vrf_Translate Fmly:AF_INET6 Rid:0 Ref_cnt:7 Vrf:19 Flags:Valid, Etree Root, SRv6, Vrf:19[root@PE2 /]# rt --get 10.2.2.2/32 --vrf 19 Match 10.2.2.2/32 in vRouter inet4 table 0/19/unicast Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP, Ml=MAC-IP learnt route vRouter inet4 routing table 0/19/unicast Destination PPL Flags Label Nexthop Stitched MAC(Index) 10.2.2.2/32 0 PT - 776 -
[root@PE2 /]# nh --get 776 Id:776 Type:Encap Fmly:AF_INET/6 Rid:0 Ref_cnt:2 Vrf:19 Flags:Valid, Policy, Etree Root, EncapFmly:0806 Oif:21 Len:14 Encap Data: 00 10 94 00 04 1e 50 7c 6f 48 77 64Note that the Egress PE looks up for the uSID IPv6 address in the default table. The exact match next-hop is configured to
Vrf_Translate. It looks up10.2.2.2/32destination IP address in the specified VRF and routes the packet to CE2.