SRv6 Tunnel with uDT6 Service SID
In this article, I will provide an explanation of SRv6 (Segment Routing over IPv6) and delve into the uDT6 service type. From some time, I was looking to grab SRv6, but was not able to manage time & effort. Hence trying to break that cycle and document my learning here.
I am using cisco's uSID implementation, but my service is best effort (without SRTE), so actually not using any benefits of uSID.
Topology
Requirement
I have 3 Router's, R1, R2 and R3. R1 and R3 can support SRv6. R2 is a generic Ipv6 Router supporting IPv6 Only. I have H1 connected to R1 and H2 connected to R3. H1 has a IPv6 address of 3010::2 and want to talk to H2 who is having an IPv6 address as 3030::2.
We want to use SRv6 as a tunneling mechanism between R1 and R3.
H1 and H2 are having IPv4 address also, but that's for another article.
We are not going to use any MPLS here.
Solution
**** Configuration ****
R1 Interface config
Under Interface config, we are only configuring a Loopback0 address, we are going to use this address for BGP session formation. We could have used an /128 ipv6 address from the same Locator space, but I specifically wanted to keep it different.
GigabitEthernet 0/0/0/3, this Interface is Looking towards Host, and it's a Dual stack Interface (Ipv4 + Ipv6). It's not mandatory to have dual stack.
All the other core interface needs to be enabled with "ipv6 Enable" command. This will generate Link Local IPv6 address which is sufficient for our topology and functionality.
RP/0/RP0/CPU0:R1#show run int loopback 0
interface Loopback0
ipv6 address abcd::1/128
!
RP/0/RP0/CPU0:R1#show run int gigabitEthernet 0/0/0/3
interface GigabitEthernet0/0/0/3
ipv4 address 10.1.1.1 255.255.255.0
ipv6 address 3010::1/64
!
R1 SRv6 Locator
By definition, the Locator field identifies the location of a network node and is used for other nodes to route and forward packets to this identified node.
In my example, I have used and /48 Locator for R1. This locator is made up of 2 part's
This combination is called as f3216. (Block Length: 32, Node-ID Length: 16). Following similar approach, on node R3 I have configured Locator as fcbb:bb00:3::/48. Below is the config on R1.
segment-routing srv6
segment-routing srv6 locators locator MAIN
segment-routing srv6 locators locator MAIN micro-segment behavior unode psp-usd
segment-routing srv6 locators locator MAIN prefix fcbb:bb00:1::/48
R1 ISIS config
ISIS is used as an IGP. Its Job is to share Locator address to all nodes participating in IGP domain. Locator is shared in 2 ways, as a SID and as a Prefix. Here, as soon as we configure ISIS along with locator "MAIN", it will
Here is the configuration of ISIS on R1.
router isis 1
router isis 1 is-type level-1
router isis 1 net 49.0000.0000.0001.00
router isis 1 address-family ipv6 unicast
router isis 1 address-family ipv6 unicast metric-style wide
router isis 1 address-family ipv6 unicast segment-routing srv6
router isis 1 address-family ipv6 unicast segment-routing srv6 locator MAIN
router isis 1 interface Loopback0
router isis 1 interface Loopback0 passive
router isis 1 interface Loopback0 address-family ipv6 unicast
router isis 1 interface GigabitEthernet0/0/0/0
router isis 1 interface GigabitEthernet0/0/0/0 point-to-point
router isis 1 interface GigabitEthernet0/0/0/0 address-family ipv6 unicast
router isis 1 interface GigabitEthernet0/0/0/2
router isis 1 interface GigabitEthernet0/0/0/2 point-to-point
router isis 1 interface GigabitEthernet0/0/0/2 address-family ipv6 unicast
R1 BGP Config
BGP is used as an Overlay protocol. BGP is sharing customer Prefix between R1 and R3, along with the SID allocated by R1 and R3 respectively. When we configure srv6 locator MAIN under BGP Ipv6 Unicast, this config translates to a uDT6 SID allocation. To understand the meaning of uDT6, we can read each letter carefully.
u - This is coming from the uSid (Micro-sid) architecture, Else in regular SRv6 we would have called it "End".
D: Decapsulates packets by removing the IPv6 header and related extension headers (SRH if any).
T: Searches a specified routing table and forwards packets. In the below snap context column is nothing but the routing table (VRR or Global/default RIB) to look for.
6: Stands for ipv4 or Ipv6 version of IP.
so finally, uDT6 is a short notation for decapsulation and specific IPv6 table lookup. For our example the lookup will be done on Global Ipv6 Routing table.
router bgp 1
router bgp 1 bgp router-id 1.0.0.1
router bgp 1 address-family ipv6 unicast
router bgp 1 address-family ipv6 unicast segment-routing srv6
router bgp 1 address-family ipv6 unicast segment-routing srv6 locator MAIN
router bgp 1 address-family ipv6 unicast network 3010::/64
router bgp 1 neighbor abcd::3
router bgp 1 neighbor abcd::3 remote-as 1
router bgp 1 neighbor abcd::3 update-source Loopback0
router bgp 1 neighbor abcd::3 address-family ipv6 unicast
router bgp 1 neighbor abcd::3 address-family ipv6 unicast next-hop-self
router bgp 1 neighbor abcd::3 address-family ipv6 unicast encapsulation-type srv6
Role of R2 & its config
R2 is acting as a regular IPv6 router without any knowledge about SRv6. R2 only configures ISIS as IGP and have 2 neighbors (R1 and R3). Whatever R1 and R3 shares as part of ISIS LSP update, R2 installs them (if understood, I mean to say R2 might not be understanding SRv6 SID TLV's).
interface Loopback0
interface Loopback0 ipv6 address abcd::2/128
interface GigabitEthernet0/0/0/0 ipv6 enable
interface GigabitEthernet0/0/0/1 ipv6 enable
router isis 1
router isis 1 is-type level-1
router isis 1 net 49.0000.0000.0002.00
router isis 1 address-family ipv6 unicast
router isis 1 address-family ipv6 unicast metric-style wide
router isis 1 interface Loopback0
router isis 1 interface Loopback0 passive
router isis 1 interface Loopback0 address-family ipv6 unicast
router isis 1 interface GigabitEthernet0/0/0/0
router isis 1 interface GigabitEthernet0/0/0/0 point-to-point
router isis 1 interface GigabitEthernet0/0/0/0 address-family ipv6 unicast
router isis 1 interface GigabitEthernet0/0/0/1
router isis 1 interface GigabitEthernet0/0/0/1 point-to-point
router isis 1 interface GigabitEthernet0/0/0/1 address-family ipv6 unicast
R3's config
it's very similar to R1 & Only IPv6 address are changing as per design.
**** Verification ****
领英推荐
ISIS verification
Nothing Fancy, R2 has 2 neighbors (R1 and R3)
RP/0/RP0/CPU0:R2#show isis adjacency
IS-IS 1 Level-1 adjacencies:
System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
R1 Gi0/0/0/0 *PtoP* Up 29 01:34:36 Yes None None
R3 Gi0/0/0/1 *PtoP* Up 29 01:34:36 Yes None None
Total adjacency count: 2
R1 ISIS Database
ISIS database output reveals some important information. Like,
ISIS underlay Routing table
Just trying to show here, that R1 is aware about R3's Loop-back and Locator. R1 knows about R2's Loop-back as well.
**** BGP Control Plane ****
BGP NLRI and next Hop Information
Here, a BGP update packet is shown from R1 to R3. In the BGP packet we can see NLRI prefix is 3010::/64 & next hop is abcd::1, But When R3 will encapsulate the data packet with outer IPv6 header, it won't encapsulate with DA IP as abcd::1, it will use the SRv6 service SID value, Received with this BGP update. In this Update the BGP attribute called BGP Prefix-SID carries that SRv6 Service SID.
To provide SRv6 service with best-effort connectivity, the egress PE signals an SRv6 Service SID with the BGP overlay service route. The ingress PE encapsulates the payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE.
Definition in RFC: https://datatracker.ietf.org/doc/rfc9252/
BGP Prefix-SID
As per RFC, here is the significance of BGP Prefix-SID
Egress PEs that support SRv6-based L3 services advertise overlay service prefixes along with a Service SID enclosed in an SRv6 L3 Service TLV within the BGP Prefix-SID attribute. This TLV serves two purposes --
1. first, it indicates that the egress PE supports SRv6 overlay, and the BGP ingress PE receiving this route MUST perform IPv6 encapsulation and insert an SRH [RFC8754] when required
2. it indicates the value of the Service SID to be used in the encapsulation.
The structure of BGP Prefix SID is little complicated at first glance.
The top-most TLV is named as SRv6 Service TLV. (Type 5 in below snap, SRv6 L3 Service)
Within its Value section, there is another TLV named SRv6 Service Sub-TLVs. (Type 1, SRv6 SID Information)
Within SRv6 Service Sub-TLV's Value field, there is another TLV named SRv6 Service Data Sub-Sub-TLV. (Type 1, SRv6 SID Structure)
Below Wireshark Capture tries to show the same.
Srv6 uDT6 SID allocated by R1 & R3
Below snap shows Service SID allocation done by R1 and R3.
**** Data Plane ****
When we send an ICMPv6 request packet from H2 to H1, then
R3 will Encapsulate the packet with SRv6 outer header. This encapsulation will make the inner packet transparent at R2. R2 don't need to know about Inner DA address.
R2 will see, Outer DA of the packet and route the packet towards R1, following its RIB entry.
R1 will receive the packet with a DA address, Same that he allocated for uDT6 operation. Hence, it will decapsulate the packet, Remove Outer header and look for a route entry for 3010::2 in its Global Routing table.
Similar stuff will be happening when H1 sends an ICMPv6 Reply packet. R1 encapsulates this time and R3 will perform decapsulation.
Thats it, hope this Helps.