Login
- Table of Contents
-
- 23-Segment Routing Configuration Guide
- 00-Preface
- 01-SR-MPLS configuration
- 02-SRv6 configuration
- 03-SRv6 TE policy configuration
- 04-SRv6 VPN overview
- 05-IP L3VPN over SRv6 configuration
- 06-EVPN L3VPN over SRv6 configuration
- 07-Public network IP over SRv6 configuration
- 08-EVPN VPWS over SRv6 configuration
- 09-EVPN VPLS over SRv6 configuration
- 10-SRv6 OAM configuration
- 11-SRv6 service chain configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-SRv6 TE policy configuration | 592.02 KB |
Contents
Traffic steering to an SRv6 TE policy
SRv6 TE policy forwarding procedure
SRv6 TE policy egress protection
Restrictions: Hardware compatibility with SRv6 TE policy
SRv6 TE policy tasks at a glance
Configuring SRv6 TE policy attributes
Enabling the device to distribute SRv6 TE policy candidate path information to BGP-LS
Shutting down an SRv6 TE policy
Configuring BGP to advertise BGP IPv6 SR policy routes
Restrictions and guidelines for BGP IPv6 SR policy routes advertisement
Enabling BGP to advertise BGP IPv6 SR policy routes
Configuring BGP to redistribute BGP IPv6 SR policy routes
Enabling advertising BGP IPv6 SR policy routes to EBGP peers
Enabling validity check for BGP IPv6 SR policy routes
Configuring BGP to control BGP IPv6 SR policy route selection and advertisement
Configuring SRv6 TE policy traffic steering
Configuring the SRv6 TE policy traffic steering mode
Configuring color-based traffic steering
Configuring tunnel policy-based traffic steering
Configuring DSCP-based traffic steering
Configuring static route-based traffic steering
Configuring QoS policy-based traffic steering
Configuring Flowspec-based traffic steering
Enabling automatic route advertisement for an SRv6 TE policy
Configuring the SRv6 TE policy encapsulation mode
Enabling SBFD for SRv6 TE policies
Configuring the BFD echo packet mode for SRv6 TE policies
Enabling hot standby for SRv6 TE policies
Configuring path switchover and deletion delays for SRv6 TE policies
Configuring SRv6 TE policy egress protection
Restrictions and guidelines for SRv6 TE policy egress protection configuration
Configuring the TTL processing mode of SRv6 TE policies
Configuring SRv6 TE policy CBTS
Configuring a rate limit for an SRv6 TE policy
Enabling the device to drop traffic when an SRv6 TE policy becomes invalid
Specifying the packet encapsulation type preferred in optimal route selection
Configuring traffic forwarding statistics for SRv6 TE policies
Display and maintenance commands for SRv6 TE policies
SRv6 TE policy configuration examples
Example: Configuring SRv6 TE policy-based forwarding
Example: Configuring SRv6 TE policy egress protection
Configuring SRv6 TE policies
About SRv6 TE policies
IPv6 Segment Routing Traffic Engineering (SRv6-TE) policies apply to scenarios where multiple paths exist between a source node and a destination node on an SRv6 network. The device can use an SRv6 TE policy to flexibly steer traffic to a proper forwarding path.
SRv6 TE policy identification
An SRv6 TE policy is identified by the following items:
· BSID—SID of the ingress node (source node).
· Color—Color attribute for the forwarding path. You can use the color attribute to distinguish an SRv6 TE policy from other SRv6 TE policies that are configured for the same source and destination nodes.
· Endpoint—IPv6 address of the destination node.
SRv6 TE policy contents
As shown in Figure 1, an SRv6 TE policy consists of candidate paths with different preferences. Each candidate path can have one or multiple subpaths identified by segment lists (also called SID lists).
· Candidate path
An SRv6 TE policy can have multiple candidate paths. Candidate paths are uniquely identified by their preference values. An SRv6 TE policy chooses a candidate path from all its candidate paths based on the preference values to forward traffic.
Two SRv6 TE policies cannot share the same candidate path.
· SID list
A SID list is a list of SIDs that indicates a packet forwarding path. Each SID is the IPv6 address of a node on the forwarding path.
A candidate path can have a single SID list or multiple SID lists that use different weight values. After an SRv6 TE policy chooses a candidate path with multiple SID lists, the traffic will be load shared among the SID lists based on weight values.
Figure 1 SRv6 TE policy contents
SRv6 TE policy creation
An SRv6 TE policy can be created in the following modes:
· Manual configuration from CLI
In this method, you need to manually configure the candidate settings for the SRv6 TE policy, such as candidate path preferences, SID lists and weights.
· Learning from an SRv6 TE policy route
To support SRv6 TE policy, MP-BGP defines the BGP IPv6 SR address family and the SRv6 TE policy Network Layer Reachability Information (NLRI). The SRv6 TE policy NLRI is called the BGP IPv6 SR policy route. A BGP IPv6 SR policy route contains SRv6 TE policy settings, including the BSID, color, endpoint, candidate preferences, SID lists, and SID list weights.
The device can advertise its local SRv6 TE policy settings to its BGP IPv6 SR policy peer through a BGP IPv6 SR policy route. The peer device can create an SRv6 TE policy according to the received SRv6 TE policy settings.
SRv6 TE policy validity
An SRv6 TE policy must be valid in order to ensure successful traffic forwarding.
The following describes the rules for identifying the validity of an SRv6 TE policy:
1. An SRv6 TE policy is valid only if it has valid candidate paths.
2. A candidate path is valid only if it has a valid SID list.
3. A SID list is valid if none of the following situations exists:
¡ The SID list is empty.
¡ The weight of the SID list is 0.
¡ An SR node and the first IPv6 address in the SID list cannot reach each other.
Figure 2 SRv6 TE policy validity determination
Traffic steering to an SRv6 TE policy
The following modes are available to steer traffic to an SRv6 TE policy:
· BSID—If the destination IPv6 address of a received packet is the BSID of an SRv6 TE policy, the device uses the SRv6 TE policy to forward the packet.
· Color—The device searches for an SRv6 TE policy that has the same color and endpoint address as the color and nexthop address of a BGP route. If a matching SRv6 TE policy exists, the device recurses the BGP route to that SRv6 TE policy. Then, when the device receives packets that match the BGP route, it forwards the packets through the SRv6 TE policy.
· Tunnel policy—In an MPLS L3VPN, EVPN L3VPN, EVPN VPLS, or EVPN VPWS network, use an SRv6 TE policy as the public tunnel to carry the packets of a VPN instance. For more information about the tunnel policy configuration, see MPLS Configuration Guide.
· DSCP—Create color-to-DSCP mappings for an SRv6 TE policy group, and create a tunnel policy that binds a destination IP address to the SRv6 TE policy group. Upon receiving a packet with the specified destination address, the device searches for the SRv6 TE policy containing the color value mapped to the DSCP value of the packet. The device will use the SRv6 TE policy to forward the packet.
· Static route—Configures a static route that recurses to an SRv6 TE policy. The device uses the SRv6 TE policy to forward the packets that match the static route.
· QoS policy—Redirects traffic to an SRv6 TE policy through a QoS policy. The device uses the SRv6 TE policy to forward the packets that match the traffic classes of the QoS policy. For more information about QoS policies, see the QoS configuration in ACL and QoS Configuration Guide.
· Flowspec—Redirects traffic to an SRv6 TE policy through a Flowspec rule. The device uses the SRv6 TE policy to forward the packets that match the Flowspec rule. For more information about Flowspec, see ACL and QoS Configuration Guide.
· Automatic route advertisement—Advertises an SRv6 TE policy to IGP (IPv6 IS-IS or OSPFv3) for route computation, so as to forward the matching traffic through the SRv6 TE policy.
An SRv6 TE policy supports only automatic route advertisement in IGP shortcut mode, which is also called autoroute announce. Autoroute announce regards the SRv6 TE policy tunnel as a link that connects the tunnel ingress and egress. The tunnel ingress includes the SRv6 TE policy tunnel in IGP route computation.
With autoroute announce enabled on the tunnel ingress, only the tunnel ingress includes the SRv6 TE policy tunnel in IGP route computation. Because autoroute announce does not advertise the SRv6 TE policy tunnel as a link through IGP, other device will not include the SRv6 TE policy tunnel in route computation.
SRv6 TE policy path selection
After traffic is steered in to an SRv6 TE policy, the SRv6 TE policy selects a forwarding path for the traffic as follows:
1. Selects the valid candidate path that has the highest preference.
2. Performs Weighted ECMP (WECMP) load sharing among the SID lists of the selected candidate path. The load of SID list x is equal to Weight x/(Weight 1 + Weight 2 + … + Weight n).
For example, as shown in Figure 3, Device A first selects a valid SRv6 TE policy by BSID. Then, the device selects a candidate path by preference. The candidate path has two valid SID lists: SID list 1 and SID list 2. The weight value of SID list 1 is 20 and the weight value of SID list 2 is 80. One fifth of the traffic will be forwarded through the subpath identified by SID list 1. Four fifth of the traffic will be forwarded through the subpath identified by SID list 2.
Figure 3 SRv6 TE policy path selection
SRv6 TE policy forwarding procedure
As shown in Figure 4, the SRv6 TE policy forwarding procedure is as follows (BSID-based traffic steering as an example):
1. After Device A receives a packet with destination address 100::1, it searches its IPv6 routing table and determines that the address is a BSID. Then, Device A encapsulates the packet with an SRH header according to the SRv6 TE policy of the BSID. The SRH header contains SID list {10::2, 20::2, 30::2}, where 10::2 is the SID for Device B, 20::2 is the SID for Device C, and 30::2 is the SID for Device D.
2. Device A forward the packet to the next hop Device B.
3. After Device B receives the packet, it obtains the next hop Device C from the SRH, and then forwards the packet to Device C.
4. After Device C receives the packet, it obtains the next hop Device D from the SRH, and then forwards the packet to Device D.
5. After Device D receives the packet, it identifies that the SL value is 0 in the SRH. So Device D decapsulates the packet. Device D deletes the SRH header and forwards the packet according to the destination address of the packet.
Figure 4 SRv6 TE policy forwarding diagram
SRv6 TE policy CBTS
About SRv6 TE policy CBTS
SRv6 TE policy Class Based Tunnel Selection (CBTS) enables dynamic routing and forwarding of traffic with service class values over different SRv6 TE policy tunnels between the same tunnel headend and tailend. CBTS uses a dedicated tunnel for a certain class of service to implement differentiated forwarding for services.
How SRv6 TE policy CBTS works
SRv6 TE policy CBTS processes traffic mapped to a priority as follows:
1. Uses a traffic behavior to set a service class value for the traffic. For more information about setting a service class value in traffic behavior view, see the remark service-class command in ACL and QoS Command Reference.
2. Compares the service class value of the traffic with the service class values of the SRv6 TE policy tunnels and forwards the traffic to a matching tunnel.
SRv6 TE policy selection rules
SRv6 TE policy CBTS uses the following rules to select an SRv6 TE policy for the traffic to be forwarded:
· If an SRv6 TE policy has the same service class value as the traffic, CBTS uses this SRv6 TE policy.
· If multiple SRv6 TE policies have the same service class value as the traffic, CBTS selects an SRv6 TE policy based on the flow identification and load sharing mode:
¡ If only one flow exists and flow-based load sharing is used, CBTS randomly selects a matching SRv6 TE policy for packets of the same flow.
¡ If multiple flows exist or if only one flow exists but packet-based load sharing is used, CBTS uses all matching SRv6 TE policies to load share the packets.
For more information about the flow identification and load sharing mode, see the ip load-sharing mode command in Layer 3—IP Services Command Reference.
· If the traffic does not match any SRv6 TE policy by service class value, CBTS randomly selects an SRv6 TE policy from all SRv6 TE policies with the lowest forwarding priority. An SRv6 TE policy that has a smaller service class value has a lower forwarding priority. An SRv6 TE policy that is not configured with a service class value has the lowest priority.
SRv6 TE policy CBTS application scenario
As shown in Figure 5, CBTS selects SRv6 TE policies for traffic from Device A to Device B as follows:
· Uses SRv6 TE policy B to forward traffic with service class value 3.
· Uses SRv6 TE policy C to forward traffic with service class value 6.
· Uses SRv6 TE policy A to forward traffic with service class value 4.
· Uses SRv6 TE policy A to forward traffic with no service class value.
Figure 5 Uses SRv6 TE policy CBTS application scenario
SBFD for SRv6 TE policy
An SRv6 TE policy cannot maintain its status by exchanging messages between devices. You can configure seamless BFD (SBFD) to verify the connectivity of an SRv6 TE policy to implement fast failover in milliseconds.
As shown in Figure 6, configure an SRv6 TE policy on Device A and use SBFD to detect the SRv6 TE policy. The detection process is as follows:
1. The source node (Device A, the initiator) and sends SBFD packets that encapsulate the SID lists of the primary and backup candidate paths of the SRv6 TE policy.
2. After the destination node (Device E, the reflector) receives an SBFD packets, it checks whether the remote discriminator carried the packet is the same as the local discriminator. If yes, the reflector sends the SBFD response packet to the initiator by using the IPv6 routing table. If no, the reflector drops the SBFD packet.
3. If the source node can receive the SBFD response within the detection timeout time, it determines the corresponding SID list (forwarding path) of the SRv6 TE policy is available. If no response is received, the device determines that the SID list is faulty. If all the SID lists for the primary path are faulty, SBFD triggers a primary-to-back path switchover.
Figure 6 SBFD for SRv6 TE policy procedure
|
|
NOTE: Because SBFD responses are forwarded according to the IPv6 routing table lookup, all SBFD sessions for the SRv6 TE policies that have the same source and destination nodes use the same path to send responses. A failure of the SBFD response path will cause all the SBFD sessions to be down. Consequently, all the associated SRv6 TE policies will be unable to forward packets. |
SRv6 TE policy hot standby
If an SRv6 TE policy has multiple valid candidate paths, the device chooses the candidate path with the greatest preference value. If the chosen path fails, the SRv6 TE policy must select another candidate path. During path reselection, packet loss might occur and thus affect service continuity.
The SRv6-TE hot standby feature can address this issue. This feature takes the candidate path with the greatest preference value as the primary path and that with the second greatest preference value as the backup path in hot standby state. As shown in Figure 7, when the forwarding paths corresponding to all SID lists of the primary path fails, the standby path immediately takes over to minimize service interruption.
Figure 7 SRv6 TE policy hot standby
You can configure both the hot standby and SBFD features for an SR-TE policy. Use SBFD to detect the availability of the primary and standby paths specified for hot standby. If all SID lists of the primary path become unavailable, the standby path takes over and a path recalculation is performed. The standby path becomes the new primary path, and a new standby path is selected. If both the primary and standby paths fail, the SR-TE policy will calculate new primary and standby paths.
SRv6 TE policy egress protection
This feature provides egress node protection in MPLS L3VPN over SRv6, EVPN L3VPN over SRv6, EVPN VPLS over SRv6, or EVPN VPWS over SRv6 networks where the public tunnel is an SRv6 TE policy tunnel.
SRv6 TE policy egress protection applies only to the dual homing scenario. To implement SRv6 TE policy egress protection, the egress node and the egress node's protection node must have the same forwarding entries.
As shown in Figure 8, deploy an SRv6 TE policy between PE 1 and PE 3. PE 3 is the egress node (endpoint node) of the SRv6 TE policy. To improve forwarding reliability, configure PE 4 to protect PE 3.
Figure 8 SRv6 TE policy egress protection
End.M SID
In SRv6 TE policy egress protection, an End.M SID is used to protect the SRv6 SIDs in a specific locator. If an SRv6 SID advertised by the remote device (PE 3 in this example) is within the locator, the protection node (PE 4) uses the End.M SID to protect that SRv6 SID (remote SRv6 SID).
PE 4 takes different actions as instructed by an End.M SID in different network scenarios:
· MPLS/EVPN L3VPN over SRv6 TE policy scenario
a. Removes the outer IPv6 header to obtain the remote SRv6 SID from the inner packet.
b. Searches the remote SRv6 SID and VPN instance mapping table to find the VPN instance mapped to the remote SRv6 SID.
c. Forwards the packet by looking up the routing table of the VPN instance.
· EVPN VPWS over SRv6 TE policy scenario
a. Removes the outer IPv6 header to obtain the remote SRv6 SID from the inner packet.
b. Searches the remote SRv6 SID and cross-connect mapping table to find the cross-connect mapped to the remote SRv6 SID.
c. Forwards the packet to the AC associated with the cross-connect.
In this scenario, the remote SRv6 SID can only be an End.DX2 SID.
· EVPN VPLS over SRv6 TE policy scenario
a. Removes the outer IPv6 header to obtain the remote SRv6 SID from the inner packet.
b. Searches the remote SRv6 SID and VSI mapping table to find the VSI mapped to the remote SRv6 SID.
c. Forwards the packet according to the MAC address forwarding table of the VSI.
In this scenario, the remote SRv6 SID can only be an End.DT2U SID.
Remote SRv6 SID
As shown in Figure 8, PE 4 receives a BGP route from PE 3. If the SRv6 SID in the BGP route is within the locator protected by the End.M SID on PE 4, PE 4 regards the SRv6 SID as a remote SRv6 SID and generates a mapping between the remote SRv6 SID and the VPN instance, cross-connect, or VSI.
When the adjacency between PE 4 and PE 3 breaks, PE 4 deletes the BGP route received from PE 3. As a result, the remote SRv6 SID and VPN instance/cross-connect/VSI mapping will be deleted, resulting in packet loss. To avoid this issue, you can configure the mappings deletion delay time on PE 4 to ensure that traffic is forwarded through PE 4 before PE 1 knows the PE 3 failure and computes a new forwarding path.
Route advertisement
The route advertisement procedure is similar in MPLS L3VPN, EVPN L3VPN, EVPN VPWS, or EVPN VPLS over SRv6 TE policy egress protection scenarios. The following example describes the route advertisement in an MPLS L3VPN over SRv6 TE policy egress protection scenario.
As shown in Figure 8, the FRR path is generated on P 1 as follows:
1. PE 4 advertises the End.M SID and the protected locator to P 1 through an IS-ISv6 route. Meanwhile, PE 4 generates a local SID entry for the End.M SID.
2. Upon receiving the route that carries the End.M SID, P 1 generates an FRR route destined for the specified locator and the action for the route is pushing the End.M SID.
On PE 4, a <remote SRv6 SID, VPN instance > mapping entry is generated as follows:
1. Upon receiving the private route from CE 2, PE 3 encapsulates the route as a VPNv4 route and sends it to PE 4. The VPNv4 route carries the SRv6 SID, RT, and RD information.
2. After PE 4 receives the VPNv4 route, it obtains the SRv6 SID and the VPN instance. Then, PE 4 performs longest matching of the SRv6 SID against the locators protected by End.M SIDs. If a match is found, PE 4 uses the SRv6 SID as a remote SRv6 SID and generates a <remote SRv6 SID, VPN instance> mapping entry.
Packet forwarding
The packet forwarding procedure is similar in MPLS L3VPN, EVPN L3VPN, EVPN VPWS, or EVPN VPLS over SRv6 TE policy egress protection scenarios. The following example describes the packet forwarding in an MPLS L3VPN over SRv6 TE policy egress protection scenario.
Figure 9 Data forwarding in SRv6 TE policy egress protection
As shown in Figure 9, typically traffic is forwarded along the CE 1-PE 1-P 1-PE 3-CE 2 path. When the egress node PE 3 fails, a packet is forwarded as follows:
1. P 1 detects that its next hop (PE 3) is unreachable and thus switches traffic to the FRR path. P 1 pushes the End.M SID into the IPv6 header of the packet and forwards the packet to PE 4.
2. PE 4 parses the packet and obtains the End.M SID. PE 4 queries the local SID table and takes actions as instructed by the End.M SID:
a. Removes the outer IPv6 header to obtain the remote SRv6 SID from the inner packet. (The remote SRv6 SID is A100::1 in this example)
b. Searches the remote SRv6 SID and VPN instance mapping table to find the VPN instance mapped to the remote SRv6 SID. (The VPN instance is VPN 1 in this example.)
c. Looks up the routing table of the VPN instance and forwards the packet to CE 2 according to the matching route.
Restrictions: Hardware compatibility with SRv6 TE policy
|
Hardware |
SRv6 TE policy compatibility |
|
MSR610 |
No |
|
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK, MSR810-EI, MSR810-LM-EA, MSR810-LM-EI |
Yes |
|
MSR810-LMS, MSR810-LUS |
No |
|
MSR810-SI, MSR810-LM-SI |
No |
|
MSR810-LMS-EA, MSR810-LME |
Yes |
|
MSR1004S-5G, MSR1004S-5G-CN |
Yes |
|
MSR1104S-W, MSR1104S-W-CAT6, MSR1104S-5G-CN, MSR1104S-W-5G-CN |
Yes |
|
MSR2600-6-X1, MSR2600-15-X1, MSR2600-15-X1-T |
Yes |
|
MSR2600-10-X1 |
Yes |
|
MSR 2630 |
Yes |
|
MSR3600-28, MSR3600-51 |
Yes |
|
MSR3600-28-SI, MSR3600-51-SI |
No |
|
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP |
Yes |
|
MSR3600-28-G-DP, MSR3600-51-G-DP |
Yes |
|
MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG |
Yes |
|
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1 |
Yes |
|
MSR3610, MSR3620, MSR3620-DP, MSR3640, MSR3660 |
Yes |
|
MSR3610-G, MSR3620-G |
Yes |
|
MSR3640-G |
Yes |
|
MSR3640-X1-HI |
Yes |
|
Hardware |
SRv6 TE policy compatibility |
|
MSR810-W-WiNet, MSR810-LM-WiNet |
Yes |
|
MSR830-4LM-WiNet |
Yes |
|
MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet |
Yes |
|
MSR830-6BHI-WiNet, MSR830-10BHI-WiNet |
Yes |
|
MSR2600-6-WiNet |
Yes |
|
MSR2600-10-X1-WiNet |
Yes |
|
MSR2630-WiNet |
Yes |
|
MSR3600-28-WiNet |
Yes |
|
MSR3610-X1-WiNet |
Yes |
|
MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet |
Yes |
|
Hardware |
SRv6 TE policy compatibility |
|
MSR860-6EI-XS |
Yes |
|
MSR860-6HI-XS |
Yes |
|
MSR2630-XS |
Yes |
|
MSR3600-28-XS |
Yes |
|
MSR3610-XS |
Yes |
|
MSR3620-XS |
Yes |
|
MSR3610-I-XS |
Yes |
|
MSR3610-IE-XS |
Yes |
|
MSR3620-X1-XS |
Yes |
|
MSR3640-XS |
Yes |
|
MSR3660-XS |
Yes |
|
Hardware |
SRv6 TE policy compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR1004S-5G-GL |
Yes |
|
MSR2600-6-X1-GL |
Yes |
|
MSR3600-28-SI-GL |
No |
SRv6 TE policy tasks at a glance
To configure an SRv6 TE policy, perform the following tasks:
1. Configuring IGP-based SID advertisement
Perform this task on each SRv6 node. For more information, see "Configuring IPv6 Segment Routing."
3. Configuring an SRv6 TE policy
b. Configuring SRv6 TE policy attributes
c. (Optional.) Enabling the device to distribute SRv6 TE policy candidate path information to BGP-LS
d. (Optional.) Shutting down an SRv6 TE policy
e. Configuring a candidate path
4. (Optional.) Configuring BGP to advertise BGP IPv6 SR policy routes
a. Enabling BGP to advertise BGP IPv6 SR policy routes
b. Configuring BGP to redistribute BGP IPv6 SR policy routes
c. (Optional.) Enabling advertising BGP IPv6 SR policy routes to EBGP peers
d. (Optional.) Enabling Router ID filtering
e. (Optional.) Enabling validity check for BGP IPv6 SR policy routes
f. (Optional.) Configuring BGP to control BGP IPv6 SR policy route selection and advertisement
g. (Optional.) Maintaining BGP sessions
5. Configuring SRv6 TE policy traffic steering
6. (Optional.) Configuring the SRv6 TE policy encapsulation mode
7. (Optional.) Configuring high availability features for SRv6 TE policy
¡ Enabling SBFD for SRv6 TE policies
¡ Configuring the BFD echo packet mode for SRv6 TE policies
¡ Enabling hot standby for SRv6 TE policies
¡ Configuring path switchover and deletion delays for SRv6 TE policies
¡ Configuring SRv6 TE policy egress protection
8. (Optional.) Configuring advanced SRv6 TE policy features
¡ Configuring the TTL processing mode of SRv6 TE policies
¡ Configuring SRv6 TE policy CBTS
¡ Configuring a rate limit for an SRv6 TE policy
¡ Enabling the device to drop traffic when an SRv6 TE policy becomes invalid
¡ Specifying the packet encapsulation type preferred in optimal route selection
9. (Optional.) Configuring traffic forwarding statistics for SRv6 TE policies
Configuring a SID list
About this task
Before you specify a SID list for a candidate path in an SRv6 TE policy, you need to create the SID list and add nodes to the SID list.
After you add nodes to a SID list, the system will sort the nodes in ascending order of node index. The node with the smallest index represents the next hop of the source node on the forwarding path.
To reduce the SRH cost, you can use four 32-bit G-SIDs to represent one normal 128-bit SRv6 SID. In a SID list, you can add a 128-bit SRv6 SID with a COC flavor, indicating that the next node of the current node is a 32-bit G-SID. For more information about G-SIDs, see IPv6 Segment Routing configuration.
Restrictions and guidelines
When you add a G-SID to the SID list, follow these restrictions and guidelines:
· The SRv6 SID corresponding to the previous node of the G-SID must be an End(COC32) SID or End.X(COC32) SID.
· The SRv6 SID corresponding to the last node in the SID list cannot carry the COC flavor. You cannot use the index index-number coc32 ipv6 command to specify the SRv6 SID for the penultimate node.
Procedure
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
By default, SRv6 is disabled.
3. Create and enter the SRv6 TE view.
traffic-engineering
4. Create a SID list and enter its view.
segment-list segment-list-name
5. Add a node to the SID list.
¡ Add a normal 128-bit SRv6 SID.
index index-number ipv6 ipv6-address
¡ Add a 128-bit SRv6 SID with the COC flavor and specify the length of the common prefix of the next G-SID.
index index-number coc32 ipv6 ipv6-address common-prefix-length
Creating an SRv6 TE policy
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Create an SRv6 TE policy and enter its view.
policy policy-name
Configuring SRv6 TE policy attributes
About this task
An SRv6 TE policy is identified by the following items: BSID, color, and endpoint.
You can bind a BSID to the policy manually, or set only the color and endpoint attributes of the policy so the system automatically assigns a BSID to the policy. If you use both methods, the manually bound BSID takes effect.
Restrictions and guidelines
The configured BSID must be on the locator specified for SRv6 TE policies in SRv6 TE view. Otherwise, the SRv6 TE policy cannot forward packets. For more information about the locator configuration, see "Configuring IPv6 Segment Routing."
Different SRv6 TE policies cannot have the same color or endpoint IP address.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Specify a locator for SRv6 TE.
srv6-policy locator locator-name
By default, no locator is specified for SRv6 TE.
5. Enter SRv6 TE policy view.
policy policy-name
6. Configure a BSID for the policy.
binding-sid ipv6 ipv6-address
7. Set the color and endpoint attributes.
color color-value end-point ipv6 ipv6-address
By default, the color and endpoint attributes of an SRv6 TE policy are not configured.
Enabling the device to distribute SRv6 TE policy candidate path information to BGP-LS
About this task
After this feature is enabled, the device distributes SRv6 TE policy candidate path information to BGP-LS. BGP-LS advertises the SRv6 TE policy candidate path information in routes to meet application requirements.
Prerequisites
Before you configure this feature, enable the device to exchange LS information with the related peer or peer group. For more information about the LS exchange capability, see the BGP LS configuration in Layer 3—IP Routing Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enable the device to distribute SRv6 TE policy candidate path information to BGP-LS.
distribute bgp-ls
By default, the device cannot distribute SRv6 TE policy candidate path information to BGP-LS.
Shutting down an SRv6 TE policy
About this task
This feature controls the administrative state of an SRv6 TE policy.
If multiple SRv6 TE policies exist on the device, you can shut down unnecessary SRv6 TE policies to prevent them from affecting traffic forwarding.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Shut down the SRv6 TE policy.
shutdown
By default, an SRv6 TE policy is not administratively shut down.
Configuring a candidate path
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Create and enter SRv6 TE policy candidate path view.
candidate-paths
6. Set the preference for a candidate path and enter SRv6 TE policy path preference view.
preference preference-value
By default, no candidate path preferences are set.
Each preference represents a candidate path.
7. Specify an explicit path for the candidate path.
explicit segment-list segment-list-name [ weight weight-value ]
A candidate path can have multiple SID lists.
Configuring BGP to advertise BGP IPv6 SR policy routes
Restrictions and guidelines for BGP IPv6 SR policy routes advertisement
For more information about BGP commands, see Layer 3—IP Routing Commands.
Enabling BGP to advertise BGP IPv6 SR policy routes
1. Enter system view.
system-view
2. Configure a global router ID.
router id router-id
By default, no global router ID is configured.
3. Enable a BGP instance and enter its view.
bgp as-number [ instance instance-name ]
By default, BGP is disabled and no BGP instances exist.
4. Configure a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } as-number as-number
5. Create the BGP IPv6 SR policy address family and enter its view.
address-family ipv6 sr-policy
6. Enable BGP to exchange BGP IPv6 SR policy routing information with the peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } enable
By default, the device cannot use BGP to exchange BGP IPv6 SR policy routing information with a peer or peer group.
Configuring BGP to redistribute BGP IPv6 SR policy routes
About this task
After you configure BGP to redistribute BGP IPv6 SR policy routes, the system will redistribute the local BGP IPv6 SR policy routes to the BGP routing table and advertise the routes to peers. Then, the peers can forward traffic based on the SRv6 TE policy.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 SR policy address family view.
address-family ipv6 sr-policy
4. Enable BGP to redistribute routes from BGP IPv6 SR policies.
import-route sr-policy
By default, BGP does not redistribute BGP IPv6 SR policy routes.
Enabling advertising BGP IPv6 SR policy routes to EBGP peers
About this task
By default, BGP IPv6 SR policy routes are advertised among IBGP peers. To advertise BGP IPv6 SR policy routes to EBGP peers, you must perform this task to enable the advertisement capability.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 SR policy address family view.
address-family ipv6 sr-policy
4. Enable advertising BGP IPv6 SR policy routes to EBGP peers.
advertise ebgp enable
By default, BGP IPv6 SR policy routes are not advertised to EBGP peers.
Enabling Router ID filtering
About this task
For the device to process only part of the received BGP IPv6 SR policy routes, you can perform this task to enable filtering the routes by Router ID.
This feature enables the device to check the Route Target attribute of a received BGP IPv6 SR policy route.
· If the Route Target attribute contains the Router ID of the local device, the device accepts the route and generates an SRv6 TE policy accordingly.
· If the Route Target attribute does not contain the Router ID of the local device, the device processes the route as follows:
¡ If the bgp-rib-only keyword is not specified in the command, the device drops the route.
¡ If the bgp-rib-only keyword is specified in the command, the device accepts the route but does not generate the corresponding SRv6 TE policy.
When the controller advertises a BGP IPv6 SR policy route to the source node, the transit nodes between the controller and the source node only need to forward the BGP IPv6 SR policy route. They do not need to generate the SRv6 TE policy. In this case, you can execute the router-id filter bgp-rib-only command on the transit nodes. Then, when a transit node receives a BGP IPv6 SR policy route, it forwards the route even if the route's Route Target attribute does not contain the Router ID of the local device. Meanwhile, it does not generate an SRv6 TE policy in order to not affect packet forwarding.
Restrictions and guidelines
To use Router ID filtering, make sure you add Route Target attributes to BGP IPv6 SR policy routes properly by using routing policy or other methods. Otherwise, Router ID filtering might learn or drop BGP IPv6 SR policy routes incorrectly.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 SR policy address family view.
address-family ipv6 sr-policy
4. Enable Router ID filtering.
router-id filter [ bgp-rib-only ]
By default, Router ID filtering is disabled.
Enabling validity check for BGP IPv6 SR policy routes
About this task
After validity check is enabled for BGP IPv6 SR policy routes, the device determines that a BGP IPv6 SR policy route is invalid and will not select the route if the route does not contain the IPv4 address format RT extended community attribute or the NO_ADVERTISE community attribute.
You can configure this feature on the RR in networks where the controller and the RR establish BGP peer relationship and the RR establishes BGP peer relationship with the source nodes of multiple SRv6 TE policies.
The RR checks whether the BGP IPv6 SR policy routes issued by the controller carry the IPv4 address format RT attribute or the NO_ADVERTISE attribute. If yes, the RR accepts the routes and reflects the routes that do not carry the NO_ADVERTISE attribute to the source nodes of the SRv6 TE policies.
On the source nodes, you can use the router-id filter command to enable BGP IPv6 SR policy route filtering by router ID. After a source node receives a BGP IPv6 SR policy route, it compares the local router ID with the IPv4 address in the RT attribute of the route. If they are the same, the source node accepts the route. If they are different, the source node drops the route.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 SR policy address family view.
address-family ipv6 sr-policy
4. Enable validity check for BGP IPv6 SR policy routes.
validation-check enable
By default, validity check for BGP IPv6 SR policy routes is disabled. The device does not check the validity of the BGP IPv6 SR policy routes received from peers or peer groups.
Configuring BGP to control BGP IPv6 SR policy route selection and advertisement
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 SR policy address family view.
address-family ipv6 sr-policy
4. Specify the local router as the next hop for routes sent to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } next-hop-local
By default, BGP sets the local router as the next hop for all routes sent to an EBGP peer or peer group. BGP does not set the local router as the next hop for routes sent to an IBGP peer or peer group.
5. Allow a local AS number to exist in the AS_PATH attribute of routes from a peer or peer group, and to set the number of times the local AS number can appear.
peer { group-name | ipv6-address [ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed to exist in the AS_PATH attribute of routes from a peer or peer group.
6. Specify a preferred value for routes received from a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } preferred-value value
By default, the preferred value is 0 for routes received from a peer or peer group.
7. Set the maximum number of routes that can be received from a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only | discard | reconnect reconnect-time } | percentage-value ] *
By default, the number of routes that can be received from a peer or peer group is not limited.
8. Configure the device as a route reflector and specify a peer or peer group as a client.
peer { group-name | ipv6-address [ prefix-length ] } reflect-client
By default, neither the route reflector nor the client is configured.
9. Specify an IPv6 prefix list to filter routes received from or advertised to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } prefix-list ipv6-prefix-list-name { export | import }
By default, no prefix list based filtering is configured.
10. Apply a routing policy to routes incoming from or outgoing to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } route-policy route-policy-name { export | import }
By default, no routing policy is applied to routes incoming from or outgoing to a peer or peer group.
11. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise-community
By default, no COMMUNITY attribute is advertised to any peers or peer groups.
12. Advertise the extended community attribute to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise-ext-community
By default, no extended community attribute is advertised to any peers or peer groups.
13. Assign a peer or peer group a high priority in BGP route selection.
peer { group-name | ipv6-address [ prefix-length ] } high-priority
By default, a peer or peer group does not have a high priority in BGP route selection.
Maintaining BGP sessions
To maintain BGP sessions, execute the following commands in user view:
· Reset BGP sessions for the BGP IPv6 SR policy address family.
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 sr-policy
· Soft-reset BGP sessions for the BGP IPv6 SR policy address family.
refresh bgp [ instance instance-name ] { ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } ipv6 sr-policy
Configuring SRv6 TE policy traffic steering
Configuring the SRv6 TE policy traffic steering mode
Restrictions and guidelines
This feature does not take effect on L2VPN networks.
Prerequisites
To use color-based traffic steering, you need to add the color extended community to IPv6 unicast routes by using routing policy or other methods. For information about the routing policy configuration, see Layer 3—IP Routing Configuration Guide.
To use tunnel policy-based traffic steering, you need to configure a bound tunnel, preferred tunnel, or load sharing tunnel policy that uses an SRv6 TE policy. For more information about the tunnel policy configuration, see MPLS Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Configure the traffic steering mode for SRv6 TE policies.
sr-policy steering { disable | policy-based }
By default, the device steers data packets to SRv6 TE policies based on colors of the packets.
If you specify the policy-based keyword, the device steers traffic to an SRv6 TE policy based on the bound policy, color, and load sharing tunnel policy in a descending order of priority.
Configuring color-based traffic steering
About this task
To steer traffic to an SRv6 TE policy based on colors, you can configure a color extended community for routes that do not carry a color extended community in the following methods:
· Configure a routing policy to add a color value to routes.
· Configure a default color value.
The color value specified in the routing policy is preferred.
Restrictions and guidelines
The default color value applies only to the VPN routes or public network routes learned from a remote PE.
The default color value is used only for SRv6 TE policy traffic steering. It does not used in route advertisement.
Configuring a routing policy to add a color value to routes
1. Enter system view.
system-view
2. Enter routing policy node view.
route-policy route-policy-name { deny | permit } node node-number
3. Set the color extended community attribute for BGP routes.
apply extcommunity color color [ additive ]
By default, no color extended community attribute is set for BGP routes.
4. Return to system view.
quit
5. Enter BGP instance view.
bgp as-number [ instance instance-name ]
6. Enter a BGP address family view as needed:
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv6 unicast address family view
address-family ipv6 [ unicast ]
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
¡ Enter BGP EVPN address family view.
address-family l2vpn evpn
7. Apply the routing policy to filter routes advertised to or received from a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } route-policy route-policy-name { export | import }
By default, no routing policy is applied to a peer or peer group.
Configuring a default color value for VPN routes
1. Enter system view.
system-view
2. Enter VPN instance view.
ip vpn-instance vpn-instance-name [ index vpn-index ]
3. Enter IPv4 address family view or IPv6 address family view of the VPN instance.
¡ Enter VPN instance IPv4 address family view.
address-family ipv4
¡ Enter VPN instance IPv6 address family view.
address-family ipv6
4. Configure a default color value for L3VPN route recursion to an SRv6 TE policy.
default-color color-value [ evpn ]
By default, no default color is configured for L3VPN route recursion to an SRv6 TE policy.
Configuring a default color value for public network routes
1. Enter system view.
system-view
2. Enter pubic instance view.
ip public-instance
3. Enter public instance IPv4 or IPv6 address family view.
¡ Enter public instance IPv4 address family view
address-family ipv4
¡ Enter public instance IPv6 address family view.
address-family ipv6
4. Configure a default color value for public network route recursion to an SRv6 TE policy.
default-color color-value
By default, no default color value is configured for public network route recursion to an SRv6 TE policy.
Configuring tunnel policy-based traffic steering
Configuring a tunnel policy
1. Enter system view.
system-view
2. Create a tunnel policy and enter tunnel policy view.
tunnel-policy tunnel-policy-name [ default ]
3. Configure the tunnel policy. Choose the following tasks as needed:
¡ Specify an SRv6 TE policy to be bound with the specified destination IPv6 address.
binding-destination dest-ipv6-address srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value } [ ignore-destination-check ] [ down-switch ]
By default, no SRv6 TE policy is specified for a tunnel policy.
¡ Specify an SRv6 TE policy as a preferred tunnel of the tunnel policy.
preferred-path srv6-policy name sr-policy-name
By default, no preferred tunnel is specified for a tunnel policy.
¡ Configuring SRv6 TE policy load sharing for the tunnel policy.
select-seq srv6-policy load-balance-number number
By default, no load sharing tunnel policy is configured.
For more information about the tunnel policy commands, see MPLS Command Reference.
Specifying the tunnel policy for a VPN instance
1. Enter system view.
system-view
2. Enter a VPN instance view as needed.
¡ Enter VPN instance view.
ip vpn-instance vpn-instance-name
¡ Execute the following commands in sequence to enter VPN instance IPv4 address family view:
ip vpn-instance vpn-instance-name
address-family ipv4
¡ Execute the following commands in sequence to enter VPN instance IPv6 address family view:
ip vpn-instance vpn-instance-name
address-family ipv6
3. Specify a tunnel policy for the VPN instance.
tnl-policy tunnel-policy-name
By default, no tunnel policy is specified for a VPN instance.
For more information about this command, see MPLS L3VPN commands in MPLS Command Reference.
Configuring DSCP-based traffic steering
About this task
Each SRv6 TE policy in an SRv6 TE policy group has a different color attribute value. By configuring color-to-DSCP mappings for an SRv6 TE policy group, you associate DSCP values to SRv6 TE policies. This allows IPv6 packets containing a specific DSCP value to be steered to the corresponding SRv6 TE policy for further forwarding.
Restrictions and guidelines
You can map the color values of only valid SRv6 TE policies to DSCP values.
You can configure color-to-DSCP mappings separately for the IPv4 address family and IPv6 address family. For a specific address family, a DSCP value can be mapped to only one color value.
Use the color match dscp default command to specify the default SRv6 TE policy for an address family. If no SRv6 TE policy in an SRv6 TE policy group matches a specific DSCP value, the default SRv6 TE policy is used to forward packets containing the DSCP value. Only one default SRv6 TE policy can be specified for an address family.
When the device receives an IPv4 or IPv6 packet that does not match any color-to-DSCP mapping, the device selects a valid SRv6 TE policy for the packet in the following order:
1. The default SRv6 TE policy specified for the same address family as the packet.
2. The default SRv6 TE policy specified for the other address family.
3. The SRv6 TE policy mapped to the smallest DSCP value in the same address family as the packet.
4. The SRv6 TE policy mapped to the smallest DSCP value in the other address family.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Create an SRv6 TE policy group and enter its view.
policy-group group-id
5. Configure the endpoint IPv6 address for the SRv6 TE policy group.
end-point ipv6 ipv6-address
By default, no endpoint IPv6 address is configured for the SRv6 TE policy group.
The destination node address of each color-associated SRv6 TE policy in the SRv6 TE policy group must be the same as the endpoint IPv6 address of the SRv6 TE policy group.
6. Create color-to-DSCP mappings for the SRv6 TE policy group.
color color-value match dscp { ipv4 | ipv6 } dscp-value-list
color color-value match dscp { ipv4 | ipv6 } default
By default, no color-to-DSCP mappings are created for the SRv6 TE policy group.
DSCP-based traffic steering cannot function if no color-to-DSCP mappings are created.
7. Return to system view.
quit
8. Create a tunnel policy and enter tunnel policy view.
tunnel-policy tunnel-policy-name [ default ]
9. Bind the SRv6 TE policy group to a destination IP address.
binding-destination dest-ip-address sr-policy group sr-policy-group-id [ ignore-destination-check ] [ down-switch ]
By default, a tunnel policy does not bind any SRv6 TE policy group to a destination IP address.
For more information about the command, see tunnel policy commands in MPLS Command Reference.
Configuring static route-based traffic steering
Restrictions and guidelines
After configuring this feature in the IP public network over SRv6 network, execute the route-replicate command in public instance IPv4/IPv6 address family view. Use this command to replicate routes from the specified VPN instance to the public network for forwarding user traffic.
Procedure
1. Enter system view.
system-view
2. Configure static-route based traffic steering to an SRv6 TE policy.
¡ Configure an IPv4 static route for steering matching traffic to an SRv6 TE policy.
Public network:
ip route-static dest-address { mask-length | mask } srv6-policy { color color-value end-point ipv6 ipv6-address | name policy-name } [ preference preference ] [ tag tag-value ] [ description text ]
VPN:
ip route-static vpn-instance s-vpn-instance-name dest-address { mask-length | mask } srv6-policy { color color-value end-point ipv6 ipv6-address | name policy-name } [ preference preference ] [ tag tag-value ] [ description text ]
By default, no IPv4 static routes are configured.
For more information about this command, see static routing configuration in Layer 3—IP Routing Configuration Guide.
¡ Configure an IPv6 static route for steering matching traffic to an SRv6 TE policy.
Public network:
ipv6 route-static ipv6-address prefix-length srv6-policy { color color-value end-point ipv6 ipv6-address | name policy-name } [ preference preference ] [ tag tag-value ] [ description text ]
VPN:
ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length srv6-policy { color color-value end-point ipv6 ipv6-address | name policy-name } [ preference preference ] [ tag tag-value ] [ description text ]
By default, no IPv6 static routes are configured.
For more information about this command, see IPv6 static routing configuration in Layer 3—IP Routing Configuration Guide.
Configuring QoS policy-based traffic steering
About this task
When some public IPv6 flows are congested, you can configure traffic classification to identify the flows and redirect the traffic to SRv6 TE policies to resolve the congestion. Traffic redirection to SRv6 TE policies is based on endpoint and color. If traffic cannot match the redirect rule or the redirect SRv6 TE policy fails, the traffic cannot be forwarded through an SRv6 TE policy but through normal IPv6 forwarding.
Restrictions and guidelines
For more information about QoS policy commands, see ACL and QoS Command Reference.
Procedure
1. Define a traffic class:
a. Enter system view.
system-view
b. Create a traffic class and enter traffic class view.
traffic classifier classifier-name [ operator { and | or } ]
c. Configure a match criterion.
if-match [ not ] match-criteria
By default, no match criterion is configured.
For more information, see the if-match command in ACL and QoS Command Reference.
2. Define a traffic behavior:
a. Create a traffic behavior and enter traffic behavior view.
traffic behavior behavior-name
b. Redirect the matching traffic to an SRv6 TE policy.
redirect srv6-policy endpoint color [ { sid | vpnsid } sid ]
By default, no traffic behavior is configured.
3. Define and apply a QoS policy:
a. Create a QoS policy and enter QoS policy view.
qos policy policy-name
b. Associate a traffic class with a traffic behavior to create a class-behavior association in the QoS policy.
classifier classifier-name behavior behavior-name
By default, a traffic class is not associated with a traffic behavior.
c. Return to system view.
quit
d. Apply the QoS policy.
For more information, see QoS policy configuration in ACL and QoS Configuration Guide.
By default, no QoS policy is applied.
Configuring Flowspec-based traffic steering
Creating and activating an IPv6 Flowspec rule
1. Enter system view.
system-view
2. Create an IPv6 Flowspec rule and enter IPv6 Flowspec rule view.
flow-route flowroute-name ipv6
3. Configure a match criterion.
if-match match-criteria
By default, no match criterion is configured.
4. Configure the action as redirecting packets to an SRv6 TE policy.
apply redirect next-hop ipv6-address color color [ sid sid-value ]
By default, no action is configured.
5. Commit match criteria and actions.
commit
By default, match criteria and actions are not committed.
Applying the IPv6 Flowspec rule to the public network
1. Enter system view.
system-view
2. Enter Flowspec view.
flowspec
3. Create a Flowspec IPv6 address family for the public network and enter its view.
address-family ipv6
4. Apply an IPv6 Flowspec rule.
flow-route flowroute-name
By default, no IPv6 Flowspec rule is applied to the public network.
Applying the IPv6 Flowspec rule to a VPN instance
1. Enter system view.
system-view
2. Configure a VPN instance.
a. Create a VPN instance and enter VPN instance view.
ip vpn-instance vpn-instance-name
b. Configure an RD for the VPN instance.
route-distinguisher route-distinguisher
By default, no RD is configured for a VPN instance.
c. Configure route targets for the VPN instance.
vpn-target { vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }
By default, no route targets are configured.
For more information about the ip vpn-instance, route-distinguisher, and vpn-target commands, see MPLS L3VPN commands in MPLS Command Reference.
3. Enter the IPv6 Flowspec address family view of the VPN instance.
address-family ipv6 flowspec
4. Configure an RD for the IPv6 Flowspec address family.
route-distinguisher route-distinguisher
By default, no RD is configured for the IPv6 Flowspec address family.
5. Configure route targets for the IPv6 Flowspec address family.
vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]
By default, no route targets are configured for the IPv6 Flowspec address family.
The route targets configured must be the same as the route targets configured previously for the VPN instance.
6. Execute the quit command twice to return to system view.
7. Enter Flowspec view.
flowspec
8. Create a Flowspec IPv6 address family and associate the address family with the VPN instance.
address-family ipv6 vpn-instance vpn-instance-name
9. Apply the created IPv6 Flowspec rule to the Flowspec IPv6 VPN instance address family.:
flow-route flowroute-name
By default, no IPv6 Flowspec rule is applied to a Flowspec IPv6 VPN instance address family.
Enabling BGP to distribute IPv6 Flowspec rules
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 Flowspec address family view, BGP-VPN IPv6 Flowspec address family view, or BGP VPNv6 Flowspec address family view:
¡ Enter BGP IPv6 Flowspec address family view to advertise public network IPv6 Flowspec rules.
address-family ipv6 flowspec
¡ Execute the following commands in sequence to enter BGP-VPN IPv6 Flowspec address family view to advertise private network IPv6 Flowspec rules:
ip vpn-instance vpn-instance-name
address-family ipv6 flowspec
¡ Enter BGP VPNv6 Flowspec address family view to advertise VPNv6 Flowspec rules.
address-family vpnv6 flowspec
4. Enable BGP Flowspec peers to exchange routing information.
peer { group-name | ipv6-address [ mask-length ] | ipv6-address [ prefix-length ] } enable
By default, BGP Flowspec peers cannot exchange routing information.
Enabling automatic route advertisement for an SRv6 TE policy
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Enable automatic route advertisement for the SRv6 TE policy.
autoroute enable [ isis | ospfv3 ]
By default, automatic route advertisement is disabled for an SRv6 TE policy.
6. Configure an autoroute metric for the SRv6 TE policy.
autoroute metric { absolute value | relative value }
By default, the autoroute metric of an SRv6 TE policy equals its IGP metric.
7. Return to system view.
quit
quit
quit
8. Include the SRv6 TE policy in IGP computation:
¡ Execute the following commands in sequence to enable automatic route advertisement for IS-IS SRv6 TE policies.
isis [ process-id ] [ vpn-instance vpn-instance-name ]
address-family ipv6 [ unicast ]
srv6-policy autoroute enable [ level-1 | level-2 ]
By default, automatic route advertisement for SRv6 TE policies is disabled.
Configuring the SRv6 TE policy encapsulation mode
About this task
If the traffic steering mode is BSID, packets whose destination IPv6 address is the same as the BSID of an SRv6 TE policy will be forwarded by the SRv6 TE policy. In this case, the device needs to encapsulate the SID list of the SRv6 TE policy into the packets. The following encapsulation modes are available:
· Encaps—Normal encapsulation mode. It adds a new IPv6 header and an SRH to the original packets. All SIDs in the SID list of the SRv6 TE policy are encapsulated in the SRH.
· Encaps.Red—Reduced mode of normal encapsulation. It adds a new IPv6 header and an SRH to the original packets. The first SID in the SID list of the SRv6 TE policy is not encapsulated in the SRH to reduce the SRH length. All other SIDs in the SID list are encapsulated in the SRH.
· Insert—Insertion mode. It inserts an SRH after the original IPv6 header. All SIDs in the SID list of the SRv6 TE policy are encapsulated in the SRH.
· Insert.Red—Reduced insertion mode. It inserts an SRH after the original IPv6 header. The first SID in the SID list of the SRv6 TE policy is not encapsulated in the SRH to reduce the SRH length. All other SIDs in the SID list are encapsulated in the SRH.
In Encaps or Encaps.Red encapsulation mode, the destination IPv6 address in the new IPv6 header is the first SID in the SID list of the SRv6 TE policy. The source IPv6 address is the IPv6 address specified by using the encapsulation source-address command.
In Insert or Insert.Red encapsulation mode, the destination IPv6 address in the original IPv6 header is changed to the first SID in the SID list of the SRv6 TE policy. The source IPv6 address in the original IPv6 header does not change.
If the traffic steering mode is BSID and the SRv6 SID of the ingress node is an End.X SID, the device does not encapsulate the End.X SID into the SRH by default.
To obtain complete SRv6 forwarding path information from the SRH of packets, you can configure the device to encapsulate the local End.X SID in the SRH.
Restrictions and guidelines
You can configure the encapsulation mode for all SRv6 TE policies globally in SRv6 TE view or for a specific SRv6 TE policy in SRv6 TE policy view. The policy-specific configuration takes precedence over the global configuration. An SRv6 TE policy uses the global configuration only when it has no policy-specific configuration.
The normal encapsulation modes are exclusive with the insertion modes. If you configure both a normal encapsulation mode and an insertion mode for an SRv6 TE policy, the most recent configuration takes effect.
If you configure the Insert or Insert.Red mode for an SRv6 TE policy, it uses the Encaps mode to encapsulate received IPv4 packets.
In SRv6 TE view, if you execute both the srv6-policy encapsulation-mode encaps reduced command and the srv6-policy encapsulation-mode encaps include local-end.x command, the srv6-policy encapsulation-mode encaps include local-end.x command takes effect.
In SRv6 TE view, if you execute both the srv6-policy encapsulation-mode insert reduced command and the srv6-policy encapsulation-mode insert include local-end.x command, the srv6-policy encapsulation-mode insert include local-end.x command takes effect.
In SRv6 TE policy view, if you execute both the encapsulation-mode encaps reduced command and the encapsulation-mode encaps include local-end.x command, the encapsulation-mode encaps include local-end.x command takes effect.
In SRv6 TE policy view, if you execute both the encapsulation-mode insert reduced command and the encapsulation-mode insert include local-end.x command, the encapsulation-mode insert include local-end.x command takes effect.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Configure the encapsulation mode globally for all SRv6 TE policies. Choose one option as needed:
¡ Specify the Encaps.Red encapsulation mode globally for all SRv6 TE policies.
srv6-policy encapsulation-mode encaps reduced
¡ Specify the Insert or Insert.Red encapsulation mode globally for all SRv6 TE policies.
srv6-policy encapsulation-mode insert
srv6-policy encapsulation-mode insert reduced
By default, an SRv6 TE policy uses the Encaps encapsulation mode.
5. Enable the device to include the local End.X SID in the SRH of the packets forwarded by SRv6 TE policies. Choose one option as needed:
¡ Enable this feature for SRv6 TE policies with a normal encapsulation mode
srv6-policy encapsulation-mode encaps include local-end.x
¡ Enable this feature for SRv6 TE policies with an insertion encapsulation mode
srv6-policy encapsulation-mode insert include local-end.x
By default, the device does not include the local End.X SID in the SRH of the packets forwarded by SRv6 TE policies.
6. Enter SRv6 TE policy view.
policy policy-name
7. Configure the encapsulation mode for the SRv6 TE policy. Choose one option as needed:
¡ Specify the Encaps.Red encapsulation mode for the SRv6 TE policy.
encapsulation-mode encaps reduced [ disable ]
¡ Specify the Insert or Insert.Red encapsulation mode globally for all SRv6 TE policies.
encapsulation-mode insert
encapsulation-mode insert reduced [ disable ]
By default, the encapsulation mode is not configured for an SRv6 TE policy, and the encapsulation mode configured in SRv6 TE view applies.
8. Configure local End.X SID encapsulation in the SRH of the packets forwarded by the SRv6 TE policy.
¡ Configure this feature when the SRv6 TE policy uses a normal encapsulation mode.
encapsulation-mode encaps include local-end.x [ disable ]
¡ Configure this feature when the SRv6 TE policy uses an insertion encapsulation mode.
encapsulation-mode insert include local-end.x [ disable ]
By default, local End.X SID encapsulation is not configured for an SRv6 TE policy, and the local End.X SID encapsulation setting configured in SRv6 TE view applies.
Enabling SBFD for SRv6 TE policies
Restrictions and guidelines
You can enable SBFD for all SRv6 TE policies globally in SRv6 TE view or for a specific SRv6 TE policy in SRv6 TE policy view. The policy-specific configuration takes precedence over the global configuration. An SRv6 TE policy uses the global configuration only when it has no policy-specific configuration.
The remote discriminator specified in this command must be the same as that specified in the sbfd local-discriminator command on the reflector. Otherwise, the reflector will not send responses to the initiator.
The device supports the echo packet mode BFD and the SBFD for an SRv6 TE policy. If both modes are configured for the same SRv6 TE policy, the SBFD takes effect.
Procedure
1. Enter system view.
system-view
2. Configure the source IPv6 address used by the initiator to send SBFD packets.
sbfd source-ipv6 ipv6-address
By default, no source IPv6 address is configured for SBFD packets.
3. Enter SRv6 view.
segment-routing ipv6
4. Enter SRv6 TE view.
traffic-engineering
5. Enable SBFD for all SRv6 TE policies and configure the SBFD session parameters.
srv6-policy sbfd remote remote-id [ template template-name ] [ backup-template backup-template-name ]
By default, SBFD is disabled for all SRv6 TE policies.
6. Enter SRv6 TE policy view.
policy policy-name
7. Configure SBFD for the SRv6 TE policy.
sbfd { disable | enable [ remote remote-id ] [ template template-name ] [ backup-template backup-template-name ] [ oam-sid sid ] }
By default, SBFD is not configured for an SRv6 TE policy.
Configuring the BFD echo packet mode for SRv6 TE policies
Restrictions and guidelines
You can configure the echo packet mode BFD for all SRv6 TE policies globally in SRv6 TE view or for a specific SRv6 TE policy in SRv6 TE policy view. The policy-specific configuration takes precedence over the global configuration. An SRv6 TE policy uses the global configuration only when it has no policy-specific configuration.
The device supports the echo packet mode BFD and the SBFD for an SRv6 TE policy. If both modes are configured for the same SRv6 TE policy, the SBFD takes effect.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enable echo packet mode BFD for all SRv6 TE policies and configure the BFD session parameters.
srv6-policy bfd echo source-ipv6 ipv6-address [ template template-name ] [ backup-template backup-template-name ]
By default, the echo packet mode BFD is disabled for all SRv6 TE policies.
5. Enter SRv6 TE policy view.
policy policy-name
6. Configure the echo packet mode BFD for the SRv6 TE policy.
bfd echo { disable | enable [ source-ipv6 ipv6-address ] [ template template-name ] [ backup-template backup-template-name ] [ oam-sid sid ] }
By default, the echo packet mode BFD is not configured for an SRv6 TE policy. An SRv6 TE policy uses the echo BFD settings configured in SRv6 TE view.
Enabling hot standby for SRv6 TE policies
Restrictions and guidelines
You can enable hot standby for all SRv6 TE policies globally in SRv6 TE view or for a specific SRv6 TE policy in SRv6 TE policy view. The policy-specific configuration takes precedence over the global configuration. An SRv6 TE policy uses the global configuration only when it has no policy-specific configuration.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enable hot standby for all SRv6 TE policies.
srv6-policy backup hot-standby enable
By default, hot standby is disabled for all SRv6 TE policies.
5. Enter SRv6 TE policy view.
policy policy-name
6. Configure hot standby for the SRv6 TE policy.
backup hot-standby { disable | enable }
By default, hot standby is not configured for an SRv6 TE policy, and the hot standby configuration in SRv6 TE view applies.
Configuring path switchover and deletion delays for SRv6 TE policies
About this task
The switchover delay and deletion delay mechanism is used to avoid traffic forwarding failure during a forwarding path (SID list) switchover.
When updating an SRv6 TE policy forwarding path, the device first establishes the new forwarding path before it deletes the old one. During the new path setup process, the device uses the old path to forward traffic until the switchover delay timer expires. When the switchover delay timer expires, the device switches traffic to the new path. The old path is deleted when the deletion delay timer expires.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Configure the switchover delay time and deletion delay time for the SRv6 TE policy forwarding path.
srv6-policy switch-delay switch-delay-time delete-delay delete-delay-time
By default, the switchover delay time and deletion delay time for the SRv6 TE policy forwarding path is 5000 milliseconds and 20000 milliseconds, respectively.
Configuring SRv6 TE policy egress protection
Restrictions and guidelines for SRv6 TE policy egress protection configuration
To configure SRv6 TE policy egress protection, all nodes that the packets will traverse must support SRv6.
Configuring an End.M SID
Restrictions and guidelines
Perform this task on protection node for the egress node.
For more information about the commands used in this task, see IPv6 Segment Routing commands in Segment Routing Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Create a locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length [ args args-length | static static-length ] * ]
4. Configure an End.M SID and specify the locator to be protected by the End.M SID.
opcode opcode end-m mirror-locator ipv6-address prefix-length
Enabling egress protection
About this task
This task enables the SRv6 node to compute a backup path (mirror FRR path) for the egress node based on the End.M SID carried in a received IS-ISv6 or OSPFv3 route. When the egress node fails, the transit node can forward traffic to the node that protects the egress node according to the End.M SID.
In an egress protection scenario, the transit node deletes the mirror FRR path after completing route convergence. If the deletion occurs before the ingress node switches traffic back from the mirror FRR path, the traffic will be dropped because of no mirror FRR path.
To resolve this issue, you can configure a proper mirror FRR deletion delay time on the transit node to delay the deletion of the mirror FRR route. So, packets can be forwarded over the mirror FRR path before the ingress finishes the path switchover.
Enabling IS-IS egress protection
1. Enter system view.
system-view
2. Enter IS-IS view.
isis [ process-id ] [ vpn-instance vpn-instance-name ]
3. Enter IS-IS IPv6 address family view.
address-family ipv6 [ unicast ]
4. Enable IS-IS egress protection.
fast-reroute mirror enable
By default, IS-IS egress protection is disabled.
5. (Optional.) Configure the mirror FRR deletion delay time.
fast-reroute mirror delete-delay delete-delay-time
By default, the mirror FRR deletion delay time is 60 seconds.
Enabling OSPFv3 egress protection
1. Enter system view.
system-view
2. Enter OSPFv3 view.
ospfv3 [ process-id | vpn-instance vpn-instance-name ] *
3. Enable OSPFv3 egress protection.
fast-reroute mirror enable
By default, OSPFv3 egress protection is disabled.
4. (Optional.) Configure the mirror FRR deletion delay time.
fast-reroute mirror delete-delay delete-delay-time
By default, the mirror FRR deletion delay time is 60 seconds.
Configuring the deletion delay time for remote SRv6 SID mappings with VPN instances/cross-connects/VSIs
About this task
In an egress protection scenario, if the egress node and the egress node's protection node are disconnected, the protection node will delete the BGP routes received from the egress node. The remote SRv6 SID and VPN instance/cross-connect/VSI mappings will then be deleted as a result. To avoid this issue, you can configure the mappings deletion delay time on the protection node. This ensures that traffic is forwarded through the protection node before the ingress detects the egress failure and computes a new forwarding path.
Restrictions and guidelines
Perform this task on the protection node for the egress node.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Configure the deletion delay time for remote SRv6 SID mappings with VPN instances/cross-connects/VSIs.
mirror remote-sid delete-delay delete-delay-time
By default, the deletion delay time for remote SRv6 SID and VPN instance/cross-connect/VSI mappings is 60 seconds.
Configuring the TTL processing mode of SRv6 TE policies
About this task
An SRv6 TE policy used as a public tunnel supports the following TTL processing modes:
· Uniform—When the ingress node adds a new IPv6 header to an IP packet, it copies the TTL value of the original IP packet to the Hop Limit field of the new IPv6 header. Each node on the SRv6 TE policy forwarding path decreases the Hop Limit value in the new IPv6 header by 1. The node that de-encapsulates the packet copies the remaining Hop Limit value back to the original IP packet when it removes the new IPv6 header. The TTL value can reflect how many hops the packet has traversed in the public network. The tracert facility can show the real path along which the packet has traveled.
· Pipe—When the ingress node adds a new IPv6 header to an IP packet, it does not copy the TTL value of the original IP packet to the Hop Limit field of the new IPv6 header. It sets the Hop Limit value in the new IPv6 header to 255. Each node on the SRv6 TE policy forwarding path decreases the Hop Limit value in the new IPv6 header by 1. The node that de-encapsulates the packet does not change the IPv6 Hop Limit value according to the remaining Hop Limit value in the new IPv6 header. Therefore, the public network nodes are invisible to user networks, and the tracert facility cannot show the real path in the public network.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Configure the TTL processing mode of SRv6 TE policies.
ttl-mode { pipe | uniform }
By default, the TTL processing mode of SRv6 TE policies is pipe.
Configuring SRv6 TE policy CBTS
Prerequisites
Before configuring CBTS, you must create QoS traffic behaviors to mark the MPLS TE service class values for packets. For more information, see QoS configuration in ACL and QoS Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Set a service class value for the SRv6 TE policy.
service-class service-class-value
By default, no service class value is set for an SRv6 TE policy.
Configuring a rate limit for an SRv6 TE policy
About this task
When the rate of the packets forwarded by an SRv6 TE policy exceeds the rate limit, the device drops the packets that exceed the rate limit.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Set a rate limit for the SRv6 TE policy.
rate-limit kbps
By default, no rate limit is set for an SRv6 TE policy.
Enabling the device to drop traffic when an SRv6 TE policy becomes invalid
About this task
Enable this feature for an SRv6 TE policy if you want to use only the SRv6 TE policy to forward traffic.
By default, if all forwarding paths of an SRv6 TE policy become invalid, the device forwards the packets through IPv6 routing table lookup based on the packet destination IPv6 addresses.
After you execute the drop-upon-invalid enable command, the device drops the packets if all forwarding paths of the SRv6 TE policy become invalid.
Restrictions and guidelines
The drop-upon-invalid enable command does not take effect in the following cases:
· BSID request failed or BSID conflict occurred for the SRv6 TE policy. To view the BSID request state, see the Request state field in the display segment-routing ipv6 te policy command output.
· The SRv6 TE policy is invalid. To check the SRv6 TE policy validity, see the Forwarding index field in the display segment-routing ipv6 te policy command output. If the value is 0, the SRv6 TE policy is invalid.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enter SRv6 TE policy view.
policy policy-name
5. Enable the device to drop traffic when an SRv6 TE policy becomes invalid.
drop-upon-invalid enable
By default, the drop-upon-invalid feature is disabled for an SRv6 TE policy. The device does not drop traffic when the SRv6 TE policy becomes invalid.
Specifying the packet encapsulation type preferred in optimal route selection
About this task
As shown in Figure 10, PE 4 is the RR, and it establishes an IBGP connection with PE 1, PE 2, and PE 3, respectively. PE 1 and PE 3 support SRv6. PE 2 does not support SRv6. Both an MPLS L3VPN connection and an EVPN L3VPN over SRv6 connection exist between PE 1 and PE 3.
In this case, you can perform this task to specify the preferred encapsulation type (SRv6 encapsulation or MPLS encapsulation) for BGP optimal route selection in the L3VPN. Then, BGP prefers the routes with the specified encapsulation type when routes have the same Preferred-value and LOCAL_PREF attributes. The subsequent route selection steps are the same as those in the original BGP route select procedure. For more information about BGP route selection, see BGP overview in Layer 3—IP Routing Configuration Guide.
Figure 10 MPLS L3VPN and EVPN L3VPN over SRv6 coexist
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Specify the packet encapsulation type preferred in optimal route selection.
bestroute encap-type { mpls | srv6 }
By default, BGP does not select optimal routes according to the packet encapsulation type.
Configuring traffic forwarding statistics for SRv6 TE policies
About this task
This feature collects statistics on the traffic forwarded by SRv6 TE policies.
Restrictions and guidelines
You can configure traffic forwarding statistics for all SRv6 TE policies globally in SRv6 TE view or for a specific SRv6 TE policy in SRv6 TE policy view. The policy-specific configuration takes precedence over the global configuration. An SRv6 TE policy uses the global configuration only when it has no policy-specific configuration.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Enter SRv6 TE view.
traffic-engineering
4. Enable traffic forwarding statistics for all SRv6 TE policies.
srv6-policy forwarding statistics [ service-class ]enable
By default, traffic forwarding statistics is disabled for all SRv6 TE policies.
5. (Optional.) Set the traffic forwarding statistics interval for all SRv6 TE policies.
srv6-policy forwarding statistics interval interval
By default, the SRv6 TE policy forwarding statistics interval is 30 seconds.
6. Enter SRv6 TE policy view.
policy policy-name
7. Configure traffic forwarding statistics for the SRv6 TE policy.
forwarding statistics { disable | [ service-class ] enable }
By default, an SRv6 TE policy uses the traffic forwarding statistics configuration in SRv6 TE view.
Display and maintenance commands for SRv6 TE policies
Execute display commands in any view. Execute reset commands in user view.
|
Task |
Command |
|
Display remote SRv6 SIDs protected by mirror SIDs. |
display bgp [ instance instance-name ] mirror remote-sid [ end-dt4 | end-dt46 | end-dt6 ] [ sid ] |
|
Display BGP peer or peer group information. |
display bgp [ instance instance-name ] peer ipv6 [ sr-policy ] [ ipv6-address prefix-length | { ipv6-address | group-name group-name } log-info | [ ipv6-address ] verbose ] |
|
Display BGP SRv6 TE policy routing information. |
display bgp [ instance instance-name ] routing-table ipv6 sr-policy [ sr-policy-prefix [ advertise-info ] | peer ipv6-address { advertised-routes | received-routes } [ statistics ] | statistics ] |
|
Display BGP peer group information. |
display bgp [ instance instance-name ] group ipv6 sr-policy [ group-name group-name ] |
|
Display BGP update group information. |
display bgp [ instance instance-name ] update-group ipv6 sr-policy [ ipv6-address ] |
|
Display BFD information for SRv6 TE policies. |
display segment-routing ipv6 te bfd [ down | policy { { color color-value | end-point ipv6 ipv6-address } * | name policy-name } | up ] |
|
Display SRv6 TE forwarding information. |
display segment-routing ipv6 te forwarding [ policy { name policy-name | { color color-value | end-point ipv6 ipv6-address } * } ] [ verbose ] |
|
Display SRv6 TE policy information. |
display segment-routing ipv6 te policy [ name policy-name | down | up | { color color-value | end-point ipv6 ip-address } * ] |
|
Display information about the most recent down event for SRv6 TE policies. |
display segment-routing ipv6 te policy last-down-reason [ binding-sid bsid | color color-value endpoint ipv6 ipv6-address | policy-name policy-name ] |
|
Display SRv6 TE policy statistics. |
display segment-routing ipv6 te policy statistics |
|
Display status information about SRv6 TE policies. |
display segment-routing ipv6 te policy status [ policy-name policy-name ] |
|
Display information about SRv6 TE policy groups. |
display segment-routing ipv6 te policy-group [ group-id ] [ verbose ] |
|
Display SBFD information for SRv6 TE policies. |
display segment-routing ipv6 te sbfd [ down | policy { { color color-value | end-point ipv6 ipv6-address } * | name policy-name } | up ] |
|
Display SRv6-TE SID list information. |
display segment-routing ipv6 te segment-list [ name seglist-name | id id-value ] |
|
Clear traffic forwarding statistics of SRv6 TE policies. |
reset segment-routing ipv6 te forwarding statistics [ binding-sid binding-sid | color color-value endpoint endpoint-ipv6 | name name-value ] |
SRv6 TE policy configuration examples
Example: Configuring SRv6 TE policy-based forwarding
Network configuration
As shown in Figure 11, perform the following tasks on the devices to implement SRv6 TE policy-based forwarding over a specific path:
· Configure Device A through Device D to run IS-IS to implement Layer 3 connectivity.
· Configure basic SRv6 on Device A through Device D.
· Configure an SRv6 TE policy on Device A to forward user packets along path Device A > Device B > Device C > Device D.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Device A |
Loop1 |
1::1/128 |
Device B |
Loop1 |
2::2/128 |
|
|
GE1/0/1 |
1000::1/64 |
|
GE1/0/1 |
1000::2/64 |
|
|
GE1/0/2 |
4000::1/64 |
|
GE1/0/2 |
2000::2/64 |
|
Device C |
Loop1 |
3::3/128 |
Device D |
Loop1 |
4::4/128 |
|
|
GE1/0/1 |
3000::3/64 |
|
GE1/0/1 |
3000::4/64 |
|
|
GE1/0/2 |
2000::3/64 |
|
GE1/0/2 |
4000::4/64 |
Procedure
1. Configure IP addresses and masks for interfaces. (Details not shown.)
2. Configure Device A:
# Configure an SRv6 SID list.
[DeviceA] segment-routing ipv6
[DeviceA-segment-routing-ipv6] encapsulation source-address 1::1
[DeviceA-segment-routing-ipv6] locator a ipv6-prefix 5000:: 64 static 32
[DeviceA-segment-routing-ipv6-locator-a] opcode 1 end
[DeviceA-segment-routing-ipv6-locator-a] quit
[DeviceA-segment-routing-ipv6] traffic-engineering
[DeviceA-srv6-te] srv6-policy locator a
[DeviceA-srv6-te] segment-list s1
[DeviceA-srv6-te-sl-s1] index 10 ipv6 6000::1
[DeviceA-srv6-te-sl-s1] index 20 ipv6 7000::1
[DeviceA-srv6-te-sl-s1] index 30 ipv6 8000::1
[DeviceA-srv6-te-sl-s1] quit
# Create an SRv6 TE policy and set the attributes.
[DeviceA-srv6-te] policy p1
[DeviceA-srv6-te-policy-p1] binding-sid ipv6 5000::2
[DeviceA-srv6-te-policy-p1] color 10 end-point ipv6 4::4
[DeviceA-srv6-te-policy-p1] candidate-paths
[DeviceA-srv6-te-policy-p1-path] preference 10
[DeviceA-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[DeviceA-srv6-te-policy-p1-path-pref-10] quit
[DeviceA-srv6-te-policy-p1-path] quit
[DeviceA-srv6-te-policy-p1] quit
[DeviceA-srv6-te] quit
[DeviceA-segment-routing-ipv6] quit
# Configure IS-IS and set the IS-IS cost style to wide.
<DeviceA> system-view
[DeviceA] isis 1
[DeviceA-isis-1] network-entity 00.0000.0000.0001.00
[DeviceA-isis-1] cost-style wide
[DeviceA-isis-1] address-family ipv6 unicast
[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a
[DeviceA-isis-1-ipv6] quit
[DeviceA-isis-1] quit
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] isis ipv6 enable 1
[DeviceA-GigabitEthernet1/0/1] quit
[DeviceA] interface gigabitethernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] isis ipv6 enable 1
[DeviceA-GigabitEthernet1/0/2] quit
[DeviceA] interface loopback 1
[DeviceA-LoopBack1] isis ipv6 enable 1
[DeviceA-LoopBack1] quit
3. Configure Device B:
# Configure the SRv6 End.SID.
[DeviceB] segment-routing ipv6
[DeviceB-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32
[DeviceB-segment-routing-ipv6-locator-b] opcode 1 end
[DeviceB-segment-routing-ipv6-locator-b] quit
[DeviceB-segment-routing-ipv6] quit
# Configure IS-IS and set the IS-IS cost style to wide.
<DeviceB> system-view
[DeviceB] isis 1
[DeviceB-isis-1] network-entity 00.0000.0000.0002.00
[DeviceB-isis-1] cost-style wide
[DeviceB-isis-1] address-family ipv6 unicast
[DeviceB-isis-1-ipv6] segment-routing ipv6 locator b
[DeviceB-isis-1-ipv6] quit
[DeviceB-isis-1] quit
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] isis ipv6 enable 1
[DeviceB-GigabitEthernet1/0/1] quit
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] isis ipv6 enable 1
[DeviceB-GigabitEthernet1/0/2] quit
[DeviceB] interface loopback 1
[DeviceB-LoopBack1] isis ipv6 enable 1
[DeviceB-LoopBack1] quit
4. Configure Device C:
# Configure the SRv6 End.SID.
[DeviceC] segment-routing ipv6
[DeviceC-segment-routing-ipv6] locator c ipv6-prefix 7000:: 64 static 32
[DeviceC-segment-routing-ipv6-locator-c] opcode 1 end
[DeviceC-segment-routing-ipv6-locator-c] quit
[DeviceC-segment-routing-ipv6] quit
# Configure IS-IS and set the IS-IS cost style to wide.
<DeviceC> system-view
[DeviceC] isis 1
[DeviceC-isis-1] network-entity 00.0000.0000.0003.00
[DeviceC-isis-1] cost-style wide
[DeviceC-isis-1] address-family ipv6 unicast
[DeviceC-isis-1-ipv6] segment-routing ipv6 locator c
[DeviceC-isis-1-ipv6] quit
[DeviceC-isis-1] quit
[DeviceC] interface gigabitethernet 1/0/1
[DeviceC-GigabitEthernet1/0/1] isis ipv6 enable 1
[DeviceC-GigabitEthernet1/0/1] quit
[DeviceC] interface gigabitethernet 1/0/2
[DeviceC-GigabitEthernet1/0/2] isis ipv6 enable 1
[DeviceC-GigabitEthernet1/0/2] quit
[DeviceC] interface loopback 1
[DeviceC-LoopBack1] isis ipv6 enable 1
[DeviceC-LoopBack1] quit
5. Configure Device D:
# Configure the SRv6 End.SID.
[DeviceD] segment-routing ipv6
[DeviceD-segment-routing-ipv6] locator d ipv6-prefix 8000:: 64 static 32
[DeviceD-segment-routing-ipv6-locator-d] opcode 1 end
[DeviceD-segment-routing-ipv6-locator-d] quit
[DeviceD-segment-routing-ipv6] quit
# Configure IS-IS and set the IS-IS cost style to wide.
<DeviceD> system-view
[DeviceD] isis 1
[DeviceD-isis-1] network-entity 00.0000.0000.0004.00
[DeviceD-isis-1] cost-style wide
[DeviceD-isis-1] address-family ipv6 unicast
[DeviceD-isis-1-ipv6] segment-routing ipv6 locator d
[DeviceD-isis-1-ipv6] quit
[DeviceD-isis-1] quit
[DeviceD] interface gigabitethernet 1/0/1
[DeviceD-GigabitEthernet1/0/1] isis ipv6 enable 1
[DeviceD-GigabitEthernet1/0/1] quit
[DeviceD] interface gigabitethernet 1/0/2
[DeviceD-GigabitEthernet1/0/2] isis ipv6 enable 1
[DeviceD-GigabitEthernet1/0/2] quit
[DeviceD] interface loopback 1
[DeviceD-LoopBack1] isis ipv6 enable 1
[DeviceD-LoopBack1] quit
Verifying the configuration
# Display SRv6 TE policy information on Device A.
[DeviceA] display segment-routing ipv6 te policy
Name/ID: p1/0
Color: 10
Endpoint: 4::4
Name from BGP
BSID:
Mode: Explicit Type: Type_2 Request state: Succeeded
Current BSID: 5000::2 Explicit BSID: 5000::2 Dynamic BSID: -
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Not configured
Up time: 2020-04-02 16:08:03
Down time: 2020-04-02 16:03:48
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Service-class: -
Encaps reduced: Not configured
Encaps include local End.X: Not configured
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580801
State: Up State(SBFD): -
Active path MTU: 1428 bytes
The output shows that the SRv6 TE policy is in up state. The device can use the SRv6 TE policy to forward packets.
# Display SRv6 TE forwarding information on Device A.
[DeviceA] display segment-routing ipv6 te forwarding verbose
Total forwarding entries: 1
Policy name/ID: p1/0
Binding SID: 5000::2
Policy forwording index: 2150629377
Main path:
Seglist ID: 1
Seglist forwording index: 2149580801
Weight: 1
Outgoing forwording index: 2148532225
Interface: GE1/0/1
Nexthop: FE80::54CB:70FF:FE86:316
Path ID: 0
SID list: {6000::1, 7000::1, 8000::1}
# Display SRv6 forwarding information on Device A.
[DeviceA] display segment-routing ipv6 forwarding
Total SRv6 forwarding entries: 3
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
A - Active forwarding information
B - Backup forwarding information
ID FWD-Type Flags Forwarding info
--------------------------------------------------------------------------------
2148532225 SRv6PSIDList NA GE1/0/1
FE80::54CB:70FF:FE86:316
{6000::1, 7000::1, 8000::1}
2149580801 SRv6PCPath TA 2148532225
2150629377 SRv6Policy TA 2149580801
Example: Configuring SRv6 TE policy egress protection
Network configuration
As shown in Figure 12, deploy an SRv6 TE policy in both directions between PE 1 and PE 2 to carry the L3VPN service. PE 2 is the egress node of the SRv6 TE policy. To improve the forwarding reliability, configure PE 3 to protect PE 2.
Table 1 Interface and IP address
|
Device |
Interface |
IP Address |
Device |
Interface |
IP Address |
|
CE 1 |
GE1/0/1 |
10.1.1.2/24 |
PE 2 |
Loop0 |
3::3/128 |
|
PE 1 |
Loop0 |
1::1/128 |
|
GE1/0/1 |
10.2.1.1/24 |
|
|
GE1/0/1 |
10.1.1.1/24 |
|
GE1/0/2 |
2002::1/64 |
|
|
GE1/0/2 |
2001::1/96 |
|
GE1/0/3 |
2004::2/96 |
|
P |
Loop0 |
2::2/128 |
PE 3 |
Loop0 |
4::4/128 |
|
|
GE1/0/1 |
2001::2/96 |
|
GE1/0/1 |
10.3.1.1/24 |
|
|
GE1/0/2 |
2002::2/64 |
|
GE1/0/2 |
2003::1/96 |
|
|
GE1/0/3 |
2003::2/96 |
|
GE1/0/3 |
2004::1/96 |
|
|
|
|
CE 2 |
GE1/0/1 |
10.2.1.2/24 |
|
|
|
|
|
GE1/0/2 |
10.3.1.2/24 |
Prerequisites
Configure interface addresses as shown in Table 1.
Procedure
1. Configure CE 1:
# Establish an EBGP peer relationship with PE 1 and redistribute the VPN routes.
<CE1> system-view
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Configure IPv6 IS-IS for backbone network connectivity.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96
[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1
[PE1-GigabitEthernet1/0/2] quit
# Configure a VPN instance and bind it to the CE-facing interface.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24
[PE1-GigabitEthernet1/0/1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# Establish MP-IBGP peer relationships with the peer PEs.
[PE1] bgp 100
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 4::4 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 0
[PE1-bgp-default] peer 4::4 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3::3 enable
[PE1-bgp-default-vpnv4] peer 4::4 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure L3VPN over SRv6 TE policy.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8
[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end-dt4 vpn-instance vpn1
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid
[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Configure an SRv6 TE policy.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator aaa
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-s1-s1] index 10 ipv6 100:abc:1::1
[PE1-srv6-te-s1-s1] index 20 ipv6 6:5::1:2
[PE1-srv6-te-s1-s1] quit
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] binding-sid ipv6 1:2::1:2
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
3. Configure the P device:
# Configure IPv6 IS-IS for backbone network connectivity.
<P> system-view
[P] isis 1
[P-isis-1] is-level level-1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 10.2222.2222.2222.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 0
[P-LoopBack0] ipv6 address 2::2 128
[P-LoopBack0] isis ipv6 enable 1
[P-LoopBack0] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] ipv6 address 2001::2 96
[P-GigabitEthernet1/0/1] isis ipv6 enable 1
[P-GigabitEthernet1/0/1] quit
[P] interface gigabitethernet 1/0/2
[P-GigabitEthernet1/0/2] ipv6 address 2002::2 96
[P-GigabitEthernet1/0/2] isis ipv6 enable 1
[P-GigabitEthernet1/0/2] quit
[P] interface gigabitethernet 1/0/3
[P-GigabitEthernet1/0/3] ipv6 address 2003::2 96
[P-GigabitEthernet1/0/3] isis ipv6 enable 1
[P-GigabitEthernet1/0/3] quit
# Configure SRv6.
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator p ipv6-prefix 100:abc:1::0 96 static 8
[P-segment-routing-ipv6-locator-p] opcode 1 end
[P-segment-routing-ipv6-locator-p] quit
[P-segment-routing-ipv6] quit
[P] isis 1
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] segment-routing ipv6 locator p
# Configure the FRR backup nexthop information and enable egress protection.
[P-isis-1-ipv6] fast-reroute lfa level-1
[P-isis-1-ipv6] fast-reroute ti-lfa
[P-isis-1-ipv6] fast-reroute mirror enable
[P-isis-1-ipv6] quit
[P-isis-1] quit
4. Configure PE 2:
# Configure IPv6 IS-IS for backbone network connectivity.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.3333.3333.3333.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 3::3 128
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] ipv6 address 2002::1 96
[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1
[PE2-GigabitEthernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] ipv6 address 2004::2 96
[PE2-GigabitEthernet1/0/3] isis ipv6 enable 1
[PE2-GigabitEthernet1/0/3] quit
# Configure a VPN instance and bind it to the CE-facing interface.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1] ip address 10.2.1.1 24
[PE2-GigabitEthernet1/0/1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.2 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
# Establish MP-IBGP peer relationships with the peer PEs.
[PE2] bgp 100
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 4::4 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] peer 4::4 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] peer 4::4 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Configure L3VPN over SRv6 TE policy.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8
[PE2-segment-routing-ipv6-locator-bbb] opcode 1 end-dt4 vpn-instance vpn1
[PE2-segment-routing-ipv6-locator-bbb] opcode 2 end
[PE2-segment-routing-ipv6-locator-bbb] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator bbb
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
5. Configure PE 3:
# Configure IPv6 IS-IS for backbone network connectivity.
<PE3> system-view
[PE3] isis 1
[PE3-isis-1] is-level level-1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 10.4444.4444.4444.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 4::4 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] ipv6 address 2003::1 96
[PE3-GigabitEthernet1/0/2] isis ipv6 enable 1
[PE3-GigabitEthernet1/0/2] quit
[PE3] interface gigabitethernet 1/0/3
[PE3-GigabitEthernet1/0/3] ipv6 address 2004::1 96
[PE3-GigabitEthernet1/0/3] isis ipv6 enable 1
[PE3-GigabitEthernet1/0/3] quit
# Configure a VPN instance and bind it to the CE-facing interface.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 111:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] ip binding vpn-instance vpn1
[PE3-GigabitEthernet1/0/1] ip address 10.3.1.1 24
[PE3-GigabitEthernet1/0/1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE3] bgp 100
[PE3-bgp-default] router-id 3.3.3.3
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 10.3.1.2 as-number 65420
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.3.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
# Establish MP-IBGP peer relationships with the peer PEs.
[PE3] bgp 100
[PE3-bgp-default] peer 1::1 as-number 100
[PE3-bgp-default] peer 3::3 as-number 100
[PE3-bgp-default] peer 1::1 connect-interface loopback 0
[PE3-bgp-default] peer 3::3 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1::1 enable
[PE3-bgp-default-vpnv4] peer 3::3 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
# Configure the source address in the outer IPv6 header of SRv6 VPN packets.
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 4::4
# Configure an End.M SID to protect PE 2.
[PE3-segment-routing-ipv6] locator ccc ipv6-prefix 9:7::1:0 96 static 8
[PE3-segment-routing-ipv6-locator-ccc] opcode 1 end-m mirror-locator 6:5::1:0 96
[PE3-segment-routing-ipv6-locator-ccc] quit
[PE3-segment-routing-ipv6] quit
# Recurse the VPN routes to the End.M SID route.
[PE3] bgp 100
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE3-bgp-default-vpnv4] peer 3::3 prefix-sid
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator ccc
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator ccc
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
6. Configure CE 2:
# Establish an EBGP peer relationship with PEs and redistribute the VPN routes.
<CE2> system-view
[CE2] bgp 65420
[CE2-bgp-default] peer 10.2.1.1 as-number 100
[CE2-bgp-default] peer 10.3.1.1 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.1 enable
[CE2-bgp-default-ipv4] peer 10.3.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Display the SRv6 TE policy configuration. The output shows that the SRv6 TE policy is up for traffic forwarding.
[PE1] display segment-routing ipv6 te policy
Name/ID: p1/0
Color: 10
End-point: 3::3
Name from BGP:
BSID:
Mode: Explicit Type: Type_2 Request state: Succeeded
Current BSID: 1:2::1:2 Explicit BSID: 1:2::1:2 Dynamic BSID: -
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Not configured
Up time: 2020-10-28 09:10:33
Down time: 2020-10-28 09:09:32
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Service-class: -
Encaps reduced: Not configured
Encaps include local End.X: Not configured
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580801
State: Up State(-): -
Active path MTU: 1428 byte
# Display SRv6 TE policy forwarding information on PE 1.
[PE1] display segment-routing ipv6 te forwarding verbose
Total forwarding entries: 1
Policy name/ID: p1/0
Binding SID: 1:2::1:2
Forwarding index: 2150629377
Main path:
Seglist ID: 1
Seglist forwarding index: 2149580801
Weight: 1
Outgoing forwarding index: 2148532225
Interface: GE1/0/2
Nexthop: FE80::988A:B5FF:FED9:316
Path ID: 0
SID list: {100:ABC:1::1, 6:5::1:2}
# Display SRv6 TE policy forwarding path information on PE 1.
[PE1] display segment-routing ipv6 forwarding
Total SRv6 forwarding entries: 3
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
A - Active forwarding information
B - Backup forwarding information
ID FWD-Type Flags Forwarding info
Attri-Val Attri-Val
--------------------------------------------------------------------------------
2148532225 SRv6PSIDList NA GE1/0/2
FE80::988A:B5FF:FED9:316
{100:ABC:1::1, 6:5::1:2}
2149580801 SRv6PCPath TA 2148532225
2150629377 SRv6Policy TA 2149580801
p1
# Display remote SRv6 SIDs protected by End.M SIDs on PE 3.
[PE3] display bgp mirror remote-sid
Remote SID: 6:5::1:1
Remote SID type: End.DT4
Mirror locator: 6:5::1:0/96
Vpn instance name: vpn1
# Display the End.M SID carried in the IS-IS IPv6 route on the P device.
[P] display isis route ipv6 6:5::1:0 96 verbose
Route information for IS-IS(1)
------------------------------
Level-1 IPv6 forwarding table
-----------------------------
IPv6 dest : 6:5::/96
Flag : R/-/- Cost : 10
Admin tag : - Src count : 3
Nexthop : FE80::988A:BDFF:FEB6:417
Interface : GE1/0/2
Mirror FRR:
Interface : GE1/0/3
BkNextHop : FE80::988A:C6FF:FE0D:517
LsIndex : 0x80000001
Backup label stack(top->bottom): {9:7::1:1}
Nib ID : 0x24000006
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Typically, VPN traffic from CE 1 to CE 2 is forwarded over the CE 1-PE 1-P-PE 2-CE 2 path. When PE 2 fails, the P device switches traffic to the mirror FRR path for the SRv6 TE policy when it detects that the next hop (PE 2) is unreachable.
# Shut down the interface that connects P to PE 2.
[P] interface gigabitethernet 1/0/2
[P-GigabitEthernet1/0/2] shut
[P-GigabitEthernet1/0/2] quit
# Display the IS-IS IPv6 route information. The output shows that the nexthop interface becomes the backup interface.
[P] display isis route ipv6 6:5::1:0 96 verbose
Route information for IS-IS(1)
------------------------------
Level-1 IPv6 forwarding table
-----------------------------
IPv6 dest : 6:5::/96
Flag : R/-/- Cost : 20
Admin tag : - Src count : 3
Nexthop : FE80::988A:C6FF:FE0D:517
Interface : GE1/0/3
Nib ID : 0x24000007
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
# Display SRv6 TE policy information on PE 1. The output shows that the SRv6 TE policy is still up.
[PE1] display segment-routing ipv6 te-policy
Name/ID: p1/0
Color: 10
End-point: 3::3
Name from BGP:
BSID:
Mode: Explicit Type: Type_2 Request state: Succeeded
Current BSID: 1:2::1:2 Explicit BSID: 1:2::1:2 Dynamic BSID: -
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Not configured
Up time: 2020-10-28 09:10:33
Down time: 2020-10-28 09:09:32
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Service-class: -
Encaps reduced: Not configured
Encaps include local End.X: Not configured
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580801
State: Up State(-): -
Active path MTU: 1428 bytes
