Configuring EVPN-VPWS over SRv6
EVPN VPWS provides point to point Layer 2 VPN service using EVPN signaling. EVPN-VPWS supports both single homed and multihomed (single-active or all-active) devices. EVPN-VPWS over SRv6 (Segment Routing over IPv6). SRv6 uses the IPv6 Segment Routing Header (SRH) extension to encode an order list of network instructions. The network instruction contains explicit information about SRv6 nodes that are available for packet processing on the path. The instruction also include task or function information for the SRv6 node in the SRv6 network. The SRH contains a list of 128-bit segment identifiers (SIDs) in the form of an IPv6 addresses. SIDs consist of the following:
-
Locator—The locator is the first part of the SID and consists of the most significant bits. It represents the address of a particular SRv6 node. The locator is similar to a network address. It is used to route the packet.
-
Function—The function is the second part of the SID. It defines the packet processing function that the node identified by the locator performs locally. Junos OS supports End.DX2 function for EVPN-VPWS. End.DX2 specifies endpoint decapsulation and L2 cross-connect behavior.
Benefits of EVPN-VPWS over SRv6
EVPN-VPWS over an SRv6 underlay has the following benefits IPv6 network:
-
Network Programming depends entirely on the IPv6 header and the header extension to transport a packet, eliminating protocols such as MPLS. This ensures a seamless deployment without any major hardware or software upgrade in a core IPv6 network.
-
Packets can be transported through an SRv6 ingress node even when the transit routers are not SRv6-capable. This eliminates the need to deploy segment routing on all nodes in an IPv6 network.
Figure 1 illustrates how the SRH is processed by the nodes in a SRv6 topology .
-
PE1 encapsulates the payload with an SRH. The SRH list contains three SIDs. Each SID represent a SRv6 node along the segment path. The function on the last SID is END.DX2 endpoint.
-
P1 pops and processes the first SID at the bottom of the SRH list and copies the next SID to the outer destination. The SRH list contains 2 SIDS.
-
P2 is a non-SRv6 node. P2 forwards the packet on the current segment path with no further processing.
-
P3 pops and processes the second SID and copies the third SID in the SRH list.
-
PE2 pops and processes the third SID. END.DX2 identifies the CE facing interface and PE2 forwards the packet.
EVPN-VPWS builds upon an SRv6 baseline configuration. For more information about configuring SRv6, see Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP.
CLI Quick Configuration
To quickly configure EVPN-VPWS over SRv6, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.
PE1
set chassis network-services enhanced-ip set routing-instances EVPN-VPWS1 instance-type evpn-vpws set routing-instances EVPN-VPWS1 protocols evpn encapsulation srv6 set routing-options source-packet-routing srv6 locator LOC1 2001:db8:a1:1::/64 set routing-options resolution preserve-nexthop-hierarchy set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id local 102 remote 201 set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id source-packet-routing srv6 locator LOC1 end-dx2-sid 2001:db8:a1:1:101:: set protocols bgp group IBGPv6 family evpn signaling advertise-srv6-service set protocols bgp group IBGPv6 family evpn signaling accept-srv6-service set policy-options policy-statement vpws-nh-change term a from protocol evpn set policy-options policy-statement vpws-nh-change term a then next-hop 2001:db8:a1:1:: set policy-options policy-statement vpws-nh-change term a then accept set protocols bgp group ibgpv6 export vpws-nh-change set protocols bgp group ibgpv6 vpn-apply-export
PE2
set chassis network-services enhanced-ip set routing-instances EVPN-VPWS1 instance-type evpn-vpws set routing-instances EVPN-VPWS1 protocols evpn encapsulation srv6 set routing-options source-packet-routing srv6 locator LOC1 2001:db8:a1:2::/64 set routing-options resolution preserve-nexthop-hierarchy set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id local 201 remote 102 set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id source-packet-routing srv6 locator LOC1 end-dx2-sid 2001:db8:a1:2:101:: set protocols bgp group IBGPv6 family evpn signaling advertise-srv6-service set protocols bgp group IBGPv6 family evpn signaling accept-srv6-service set policy-options policy-statement vpws-nh-change term a from protocol evpn set policy-options policy-statement vpws-nh-change term a then next-hop 2001:db8:a1:2:: set policy-options policy-statement vpws-nh-change term a then accept set protocols bgp group ibgpv6 export vpws-nh-change set protocols bgp group ibgpv6 vpn-apply-export
Procedure
We describe these steps on the PE1 device. We note the differences in configurations between PE1 and PE2 when it applies. To configure EVPN-VPWS over SRv6 to support static SID, you must do the following:
-
Enable
enhanced-ipsupport on all MX devices.[edit] user@PE1# set chassis network-services enhanced-ip
-
Configure support for SRv6 and the locator address.
PE1
[edit] user@PE1# set routing-options source-packet-routing srv6 locator LOC1 2001:db8:a1:1::/64
PE2
[edit] user@PE2# set routing-options source-packet-routing srv6 locator LOC1 2001:db8:a1:2::/64
-
Enable expanded nexthop hierarchy support for source packet routing.
[edit] user@R1#set routing-options resolution preserve-nexthop-hierarchy
-
Enable an
evpn-vpwsrouting instance.[edit] user@PE1# set routing-instances EVPN-VPWS1 instance-type evpn-vpws
-
Configure the SRv6 encapsulation type for the EVPN-VPWS1 routing instance.
[edit] user@PE1# set routing-instances EVPN-VPWS1 protocols evpn encapsulation srv6
-
Configure the interface with the local and remote VPWS SID for the EVPN-VPWS1 routing instance.
PE1
[edit] user@PE1# set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id local 102 remote 201
PE2
[edit] user@PE1# set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id local 201 remote 102
-
Configure the locator to support END.DX2 on the interface in the EVPN-VPWS1 routing instance.
PE1
[edit] user@PE1# set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id source-packet-routing srv6 locator LOC1 end-dx2-sid 2001:db8:a1:1:101::
PE2
[edit] user@PE1# set routing-instances EVPN-VPWS1 protocols evpn interface ge-0/0/1.1 vpws-service-id source-packet-routing srv6 locator LOC1 end-dx2-sid 2001:db8:a1:2:101::
-
Enable the BGP protocol to advertise and to accept the EVPN NLRI for SRv6 services.
[edit] user@PE1# set protocols bgp group IBGPv6 family evpn signaling advertise-srv6-service user@PE1# set protocols bgp group IBGPv6 family evpn signaling accept-srv6-service
-
Configure a routing policy that sets the next-hop address for EVPN routes to the locator address.
Note:Starting in Junos OS Release 24.1R1 and Junos OS Evolved Release 24.1R1, you do not need to configure a routing policy for EVPN-VPWS over SRv6.
PE1
[edit] user@PE1#set policy-options policy-statement vpws-nh-change term a from protocol evpn set policy-options policy-statement vpws-nh-change term a then next-hop 2001:db8:a1:1:: set policy-options policy-statement vpws-nh-change term a then accept set protocols bgp group ibgpv6 export vpws-nh-change set protocols bgp group ibgpv6 vpn-apply-export
PE2
[edit] user@PE1#set policy-options policy-statement vpws-nh-change term a from protocol evpn set policy-options policy-statement vpws-nh-change term a then next-hop 2001:db8:a1:2:: set policy-options policy-statement vpws-nh-change term a then accept set protocols bgp group ibgpv6 export vpws-nh-change set protocols bgp group ibgpv6 vpn-apply-export
Dynamic SID Allocation
Dynamic SID allocation allows you to provision the Junos device by only specifying the
locator name. To enable dynamic provisioning, configure the locator name at the
[edit routing-instance routing-instance-name
instance-type protocols evpn interface interface-name vpws-service-id
source-packet-routing srv6] hierarchy. The device dynamically allocates a SID
with en-dx2-sid to the corresponding locator prefix when the service is
needed. The following is the sample configuration for the dynamically allocated SID on
EVPN-VPWS.
instance-type evpn-vpws;
protocols {
evpn {
interface ge-1/1/1.1 {
vpws-service-id {
local 3040;
remote 20;
source-packet-routing {
srv6 locator LOC2;
}
}
}
encapsulation srv6;
}
}
source-packet-routing {
srv6 {
locator LOC2 2001:db8:b1:1::/64;
}
}