SRv6 L3VPN with Flex-Algo

In my last article i explained a best effort uDT6 service, that sets the foundation for srv6 services & tunnels. Now wanted to add some flavor to it, hence decided to add Flex-algo and use a l3vpn service.

Topology

I have 2 Router's and there are 2 links between them. Very simple.

Requirement :

• Create a l3VPN service between R1 and R2.
• All data packets must take RED path only.
• Use SRv6 with Flex-algorithm.

Background of Flex-Algorithm

SRv6 Flexible Algorithm allows operators to customize IGP shortest path computation according to their own needs. Flexible Algorithm provides a traffic-engineered path automatically computed by the IGP to any destination reachable by the IGP.

One example use case :

assume you have a network, of 4 pumpkin router's

R1 has a linear connection to R4 via R1->R2->R3->R4

R1 has a direct connection to R4 as well.

Now, suppose i want to send some data from R1 to R4 via path R1--R2--R3--R4 ( the longer one) but due to default IGP the traffic will always go via R1--R4 link.

In the SR-MPLS to achieve that, i would build a SR-TE tunnel to R4 with a Label stack of [ R2 | R3 | R4 ]. Too many labels.

But if we can curve out a slice out of the network, whose visibility is limited to R1-R2-R3-R4 only ( without the path between R1-R4) then R1 can simply send the data with TOP label as R4(allocated for that slice). That's it.

This curve out is facilitated by Flex-algorithm. How this is achieved via control-plane is explained below.

Control-Plane

In a network, One of the router will define flexible algorithm and advertise this definition via IGP to other's. For redundancy you can use another Back-up router to advertise the same definition. Other's will obey that definition and finally you will be able to build a subset/slice of the network.

During IGP database advertisement, All participating router's will send few important TLV's

In the Router capability TLV, an sub-TLV has been defined named Algorithm sub-TLV, which lists all the algorithm's supported by Router.

• Algorithm 0
• Algorithm 1
• Algorithm 128

Additionally, Router capability TLV can house a sub-TLV named Flexible-algorithm-definition sub-TLV, which is used to share the definition new flex-algorithm. In my case, I have defined flex-algo 128 on R1, hence R1 is announcing the definition of Algorithm 128. Here, I (an user) have defined the algorithm & it gives me some different combinations to choose from, hence the name flexible algorithm.

Flex algorithm definition consists of 3 elements.

• Calculation Type - SPF-0, or dijkastra's algorithm, its the default and only available option.
• Optimization objective ( minimization of a specific metric type, like IGP, TE metric or link-delay )
• Optional Constraints : Like avoid this link or include this link using affinity attribute.

Here is wire shark snap of the Router capability TLV Sent by R1, showing above discussed information.

if i see router capability TLV from R2, i will see the Algorithm sub-TLV ( informing support for algorithm 0,1,128), but the definition of algorithm 128 wont be there, because R2 is working as a recipient of the definition.

Now coming to the constraint part, I want all the RED links to be part of Algorithm 128.

RP/0/RP0/CPU0:R1#show run formal | in isis       
router isis 1 
router isis 1 is-type level-1
router isis 1 net 49.0000.0000.0001.00
router isis 1 affinity-map red bit-position 65
router isis 1 address-family ipv6 unicast 
router isis 1 address-family ipv6 unicast metric-style wide
router isis 1 address-family ipv6 unicast segment-routing srv6 
router isis 1 address-family ipv6 unicast segment-routing srv6 locator fx0 
router isis 1 address-family ipv6 unicast segment-routing srv6 locator fx128 
router isis 1 flex-algo 128 
router isis 1 flex-algo 128 advertise-definition
router isis 1 flex-algo 128 affinity include-all red
router isis 1 interface GigabitEthernet0/0/0/0 
router isis 1 interface GigabitEthernet0/0/0/0 point-to-point
router isis 1 interface GigabitEthernet0/0/0/0 address-family ipv6 unicast 
router isis 1 interface GigabitEthernet0/0/0/1 
router isis 1 interface GigabitEthernet0/0/0/1 affinity flex-algo red
router isis 1 interface GigabitEthernet0/0/0/1 point-to-point
router isis 1 interface GigabitEthernet0/0/0/1 address-family ipv6 unicast         

"affinity-map red bit-position 65" -- in my config defines red paths with setting the 65th Bit as 1. ISIS database encodes this as below.

• Group 0 : bit 31<--bit 0 (00 00 00 00)
• Group 1: bit 63<--bit 32 (00 00 00 00)
• Group 2 : bit 95<--bit 64 ( 00 00 00 02)

if u expand the last byte of Group 2 (02) in binary, it will be 0000 0010.

here 64th Bit is 0 and 65 th Bit is set to 1, as per my definition. This how Router's tell each other that link is RED.

RED is Just a name you can give a unique name of your choice.

Now this is a brief on the Flex-Algorithm and the way its used in my topology.

Integration with SRv6 :

While configuring SRv6 Locator, we can allocate a locator to an flexible algorithm. Like in my case i defined 2 locator's

• fx0 is allocated to algorithm 0 ( default one)
• fx128 is allocated to Algorithm 128.

Now, when we call this locator's under ISIS , then specific locators are advertised along with its algorithm.

RP/0/RP0/CPU0:R1#show run formal | include srv6 
router isis 1 address-family ipv6 unicast segment-routing srv6 
router isis 1 address-family ipv6 unicast segment-routing srv6 locator fx0 
router isis 1 address-family ipv6 unicast segment-routing srv6 locator fx128
segment-routing srv6 locators locator fx0 
segment-routing srv6 locators locator fx0 micro-segment behavior unode psp-usd
segment-routing srv6 locators locator fx0 prefix fd00:0:1::/48
segment-routing srv6 locators locator fx128 
segment-routing srv6 locators locator fx128 micro-segment behavior unode psp-usd
segment-routing srv6 locators locator fx128 prefix fd00:8:1::/48
segment-routing srv6 locators locator fx128 algorithm 128        

It can be seen in ISIS database output.

Same can be verified in the wire shark output of the ISIS LSP

going deep into the SRv6 Locator's, we can see for each SRv6 Locator there is an algorithm field.

Now we know Flex-algo along with SRv6 is operational, we have let other's know about our Locator's ( Specific to our Flex-algo ID)

Now next is to Build an L3VPN service, which needs to use RED slice. In other word's, allocate an l3vpn BGP service SID from locator space of fx128, that's all.

BGP L3VPN uDT4

In my last article I have explained about uDT6, so if you are not aware about uDT6, please hover to this page.

Now lets dissect this config below,

• Section1 is simple BGP config with VPNv4 address family.
• Section2 is where VRF RED is configured. Here, under the VRF add address family we are specifically telling to use SRV6 & along with it we are telling to use an BGP service SID from locator block fx128 ( fd00:8:1::/48 )

RP/0/RP0/CPU0:R1#show run formal | include bgp
<< Section1 >>
router bgp 1 
router bgp 1 bgp router-id 1.0.0.1
router bgp 1 address-family vpnv4 unicast 
router bgp 1 neighbor fd00:0:2::1 
router bgp 1 neighbor fd00:0:2::1 remote-as 100
router bgp 1 neighbor fd00:0:2::1 local-as 100
router bgp 1 neighbor fd00:0:2::1 update-source Loopback0
router bgp 1 neighbor fd00:0:2::1 address-family vpnv4 unicast 

<< Section2 >>
router bgp 1 vrf red 
router bgp 1 vrf red rd 100:1
router bgp 1 vrf red address-family ipv4 unicast 
router bgp 1 vrf red address-family ipv4 unicast segment-routing srv6 
router bgp 1 vrf red address-family ipv4 unicast segment-routing srv6 locator fx128
router bgp 1 vrf red address-family ipv4 unicast segment-routing srv6 alloc mode per-vrf
router bgp 1 vrf red address-family ipv4 unicast network 192.1.1.1/32        

as a consequence, when BGP advertisement is done from R1 to R2, then it will signal R2 to use a SID from fx128 Locator Block.

Now, if you see VPNv4 Update in Wire shark, there are some interesting things to notice.

• NLRI part says, its a VPNV4 update, <100:1><192.1.1.1> which is ok.
• There is an MPLS label stack - which is 917536(decimal) e0 02 01(in hex), what is the use of MPLS label here in SRV6 ??
• There is a service SID allocated fd00:8:2::, but wait this is my locator address for fx128 , but where is the function value ??

now relate these 2 things.

In case of l3vpn, there are 2 options to send the BGP L3VPN SRv6 service SID to ingress PE.

• The encoding of the SRv6 Service SID as a whole in the SRv6 Services TLVs
• The encoding of only the common part of the SRv6 SID (e.g., Locator) in the SRv6 Services TLVs and the encoding of the variable (e.g., Function or Argument parts) in the existing label fields specific to that service encoding.

This later form of encoding is referred to as the Transposition Scheme, where the SRv6 SID Structure Sub-Sub-TLV describes the sizes of the parts of the SRv6 SID and also indicates the offset of the variable part along with its length in the SRv6 SID value. The use of the Transposition Scheme is RECOMMENDED.

now, see above pic & focus on the SRv6 service data Sub-Sub-TLV, it says transposition offset is 48 and transposition length is 16. Means take 48 Bits from received SRv6 SID value and add 16 bits from recieved MPLS value.

Making it fd00:8:2 + e002 = fd00:8:2:e002:: as the calculated service SID.

So when R1 will send data packets to R2, then R1 will encapsulate the packets with DIP as fd00:8:2:e002::

Data Plane:

There is nothing much to explain as part of data plane now.

RP/0/RP0/CPU0:R1#ping 192.2.2.2 source 192.1.1.1 vrf red
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.2.2.2 timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms        

Here is the ICMP echo request packet from R1 to R2 via the RED slice, taken on link gi-0-0-1.

ICMP reply packet encapsulation is similar

Reference:

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2023/pdf/BRKSPG-2203.pdf