Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-SRv6 VPN commands | 77.40 KB |
peer advertise encap-type srv6
segment-routing ipv6 apply-sid all-nexthop
segment-routing ipv6 best-effort
segment-routing ipv6 traffic-engineering
SRv6 VPN commands
encapsulation source-address
Use encapsulation source-address to specify a source address for the outer IPv6 header of SRv6 VPN packets.
Use undo encapsulation source-address to restore the default.
Syntax
encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
undo encapsulation source-address
Default
No source address is specified for the outer IPv6 header of SRv6 VPN packets.
Views
SRv6 view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies a source IPv6 address. The IPv6 address cannot be a loopback address, link-local address, multicast address, or unspecified address.
ip-ttl ttl-value: Specifies the Hop Limit value of the outer IPv6 header, in the range of 1 to 255. The default value is 255.
Usage guidelines
To ensure correct VPN traffic forwarding in an SRv6 VPN network, you must specify a source address for the outer IPv6 header of SRv6 VPN packets.
You must specify an IPv6 address of the local device as the source IPv6 address, and make sure the IPv6 address has been advertised by a routing protocol. As a best practice, specify a loopback interface address of the local device as the source IPv6 address.
Examples
# Specify 1::1 as the source address of SRv6 VPN packets in the outer IPv6 header and set the Hop Limit of the outer IPv6 header to 200.
<Sysname> system-view
[Sysname] segment-routing ipv6
[Sysname-segment-routing-ipv6] encapsulation source-address 1::1 ip-ttl 200
peer advertise encap-type srv6
Use peer advertise encap-type srv6 to enable SRv6 encapsulation for the EVPN IP prefix advertisement routes advertised to a peer or peer group.
Use undo peer advertise encap-type srv6 to disable SRv6 encapsulation for the EVPN IP prefix advertisement routes advertised to a peer or peer group.
Syntax
peer { group-name | ipv6-address [ prefix-length ] } advertise encap-type srv6
undo peer { group-name | ipv6-address [ prefix-length ] } advertise encap-type srv6
Default
IP prefix advertisement routes use VXLAN encapsulation.
Views
BGP EVPN address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.
ipv6-address: Specifies a peer by its IPv6 address. The peer must exist.
prefix-length: Specifies a prefix length in the range of 0 to 128. To specify a subnet, you must specify both the ipv6-address and prefix-length arguments.
Usage guidelines
Use this command to enable the device to advertise EVPN IP prefix advertisement routes with SRv6 encapsulation in an EVPN L3VPN over SRv6 network.
Execute this command on the edge nodes of the EVPN L3VPN network and RRs.
Examples
# Enable SRv6 encapsulation for the IP prefix advertisement routes advertised to peer 1::1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family l2vpn evpn
[Sysname-bgp-default-evpn] peer 1::1 advertise encap-type srv6
peer prefix-sid
Use peer prefix-sid to enable BGP to exchange SRv6 SID information with an IPv6 peer or peer group.
Use undo peer prefix-sid to restore the default.
Syntax
peer { group-name | ipv6-address [ prefix-length ] } prefix-sid
undo peer { group-name | ipv6-address [ prefix-length ] } prefix-sid
Default
BGP does not exchange SRv6 SID information with an IPv6 peer or peer group.
Views
BGP VPNv4 address family view
BGP VPNv6 address family view
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.
ipv6-address: Specifies a peer by its IPv6 address. The peer must exist.
prefix-length: Specifies a prefix length in the range of 0 to 128. To specify a subnet, you must specify both the ipv6-address and prefix-length arguments.
Usage guidelines
Use this command to enable IPv6 peers in an SRv6 VPN network to exchange SRv6 SID information through BGP VPNv4, VPNv6, or IPv6 unicast routes.
Examples
# In BGP VPNv4 address family view, enable BGP to exchange SRv6 SID information with peer 2001:1::1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv4
[Sysname-bgp-default-vpnv4] peer 2001:1::1 prefix-sid
peer srv6-vpn compatible
Use peer srv6-vpn compatible to enable SRv6 VPN compatibility with a peer or peer group.
Use undo peer srv6-vpn compatible to disable SRv6 VPN compatibility with a peer or peer group.
Syntax
peer { group-name | ipv6-address [ prefix-length ] } srv6-vpn compatible
undo peer { group-name | ipv6-address [ prefix-length ] } srv6-vpn compatible
Default
SRv6 VPN compatibility is disabled for a peer or peer group.
Views
BGP VPNv4 address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.
ipv6-address: Specifies a peer by its IPv6 address. The peer must exist.
prefix-length: Specifies a prefix length in the range of 0 to 128. To specify a subnet, you must specify both the ipv6-address and prefix-length arguments.
Usage guidelines
PEs from different vendors might define different End.DT4 SID message formats in VPNv4 routes. A PE cannot learn VPNv4 routes from its peers if it uses an End.DT4 SID message format different than its peers. To resolve this issue, perform this task on the PE to enable its SRv6 VPN compatibility with its peers. This task ensures that a Comware PE can communicate with PEs from other vendors in an IP L3VPN over SRv6 network.
Examples
# Enable SRv6 VPN compatibility with peer 2::2.
<Sysname> system-view
[Sysname] bgp 1
[Sysname-bgp-default] address-family vpnv4
[Sysname-bgp-default-vpnv4] peer 2::2 srv6-vpn compatible
segment-routing ipv6 apply-sid all-nexthop
Use segment-routing ipv6 apply-sid all-nexthop to configure next hop-based dynamic End.DX4 or End.DX6 SID allocation for private network routes.
Use undo segment-routing ipv6 apply-sid all-nexthop to restore the default.
Syntax
segment-routing ipv6 apply-sid all-nexthop [ evpn ]
undo segment-routing ipv6 apply-sid all-nexthop [ evpn ]
Default
VPN instance-based SID allocation is used for private network routes.
Views
BGP-VPN IPv4 unicast address family view
BGP-VPN IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
evpn: Allocates SIDs to private network routes based on the route next hops when the routes are converted to EVPN routes. If you do not specify this keyword, the command allocates SIDs to private network routes based on the route next hops when the routes are converted to BGP VPNv4 or VPNv6 routes.
Usage guidelines
Use this command to forward an SRv6 decapsulated VPN packet to the next hop without looking up the routing table of the VPN instance.
This command is applicable to IP L3VPN over SRv6 and EVPN L3VPN over SRv6 networks. If you assign an End.DT4 SID, End.DT6 SID, or End.DT46 SID to a BGP VPN instance, all BGP private network routes of the instance are allocated that SID. When a PE removes the SRv6 encapsulation from a received packet, it looks up the routing table of the VPN instance based on the SID for an optimal route. Then, the PE forwards the packet to a CE. To forward the packet to the next hop without looking up the routing table of the VPN instance, use this command.
This command dynamically allocates End.DX4 or End.DX6 SIDs to all next hops of the BGP private network routes in a VPN instance based on the next hop addresses. When forwarding a packet, the PE searches for the output interface and next hop based on the End.DX4 or End.DX6 SID of the packet. Then, the PE directly forwards the packet out of the output interface to the next hop.
Before you use this command in BGP-VPN IPv4 or IPv6 unicast address family view, execute the segment-routing ipv6 locator command in the same view to apply a locator to the view. This ensures successful dynamic End.DX4 or End.DX6 SID allocation.
The device might be unable to dynamically allocate SIDs to private network routes in a VPN instance based on the route next hops when dynamic SID resources are insufficient. If the device cannot dynamically allocate SIDs, it allocates the End.DT4 SID, End.DT6 SID, or End.DT46 SID of the VPN instance to private network routes.
The segment-routing ipv6 apply-sid all-nexthop command does not allocate End.DX4 or End.DX6 SIDs to direct routes.
Examples
# In BGP-VPN IPv4 unicast address family view, configure next hop-based End.DX4 or End.DX6 SID allocation for private network routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv4
[Sysname-bgp-default-ipv4-vpn1] segment-routing ipv6 apply-sid all-nexthop
segment-routing ipv6 best-effort
Use segment-routing ipv6 best-effort to recurse routes to SRv6-BE tunnels.
Use undo segment-routing ipv6 best-effort to restore the default.
Syntax
In BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view:
segment-routing ipv6 best-effort [ evpn ]
undo segment-routing ipv6 best-effort [ evpn ]
In BGP IPv4 unicast address family view or BGP IPv6 unicast address family view:
segment-routing ipv6 best-effort
undo segment-routing ipv6 best-effort
Default
A PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Views
BGP-VPN IPv4 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
evpn: Recurses EVPN routes to SRv6-BE tunnels. If you do not specify this keyword, the device recurses BGP VPNv4 or VPNv6 routes to SRv6-BE tunnels.
Usage guidelines
This command is applicable to the IP L3VPN over SRv6, EVPN L3VPN over SRv6, and public network IP over SRv6 scenarios. This command enables a PE to forward packets by looking up the IPv6 routing table based on the SRv6 SIDs in the packets.
Use this command in different address family views according to your network scenario.
· In the private network IPv4 or IPv6 over SRv6 scenario, use this command in BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
· In the public network IPv4 or IPv6 over SRv6 scenario, use this command in BGP IPv4 unicast address family view or BGP IPv6 unicast address family view.
This command is mutually exclusive with the segment-routing ipv6 traffic-engineering command.
Examples
# In BGP-VPN IPv4 unicast address family view, recurse private network routes to SRv6-BE tunnels.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv4
[Sysname-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
# In BGP-VPN IPv6 unicast address family view, recurse private network routes to SRv6-BE tunnels.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv6
[Sysname-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort
Related commands
segment-routing ipv6 traffic-engineering
segment-routing ipv6 locator
Use segment-routing ipv6 locator to specify a locator.
Use undo segment-routing ipv6 locator to restore the default.
Syntax
In BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view:
segment-routing ipv6 locator locator-name [ evpn ] [ auto-sid-disable ]
undo segment-routing ipv6 locator [ evpn ]
In BGP IPv4 unicast address family view or BGP IPv6 unicast address family view:
segment-routing ipv6 locator locator-name
undo segment-routing ipv6 locator
Default
No locator is specified.
Views
BGP-VPN IPv4 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
locator-name: Specifies a locator by its name, a case-sensitive string of 1 to 31 characters. The specified locator must exist.
evpn: Adds the SID attribute to private network routes when the routes are converted to EVPN routes. If you do not specify this keyword, the command adds the SID attribute to private network routes when the routes are converted to BGP VPNv4 or VPNv6 routes.
auto-sid-disable: Disables automatic SRv6 SID allocation. If you do not specify this keyword, the device allows dynamically allocated SRv6 SIDs. If static SRv6 SIDs are configured when automatic SRv6 SID allocation is enabled, the static SRv6 SIDs take precedence. If no static SRv6 SIDs are configured when automatic SRv6 SID allocation is enabled, the system dynamically allocates SRv6 SIDs.
Usage guidelines
This command enables the device to advertise the SRv6 SIDs in the specified locator through the BGP routes in the specified address family.
If you execute this command multiple times for the same address family, the most recent configuration takes effect.
Examples
# In BGP-VPN IPv4 unicast address family view, specify locator abc.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv4
[Sysname-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
# In BGP-VPN IPv6 unicast address family view, specify locator abc.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv6
[Sysname-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc
# In BGP-VPN IPv6 unicast address family view, specify locator abc.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv6
[Sysname-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
Related commands
locator
opcode end-dt4
segment-routing ipv6 traffic-engineering
Use segment-routing ipv6 traffic-engineering to recurse routes to SRv6 TE policy tunnels.
Use undo segment-routing ipv6 traffic-engineering to restore the default.
Syntax
In BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view:
segment-routing ipv6 traffic-engineering [ best-effort ] [ evpn ]
undo segment-routing ipv6 traffic-engineering [ best-effort ] [ evpn ]
In BGP IPv4 unicast address family view or BGP IPv6 unicast address family view:
segment-routing ipv6 traffic-engineering [ best-effort ]
undo segment-routing ipv6 traffic-engineering [ best-effort ]
Default
A PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Views
BGP-VPN IPv4 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
best-effort: Forwards L3VPN traffic through SRv6-BE-based route recursion when route recursion based on the matching SRv6 TE policy tunnel fails. If you do not specify this keyword, the PE searches the routing table for the destination IP address of a packet to forward that packet when the matching SRv6 TE policy tunnel fails.
evpn: Recurses EVPN routes to SRv6 TE policy tunnels. If you do not specify this keyword, the device recurses the private network routes based on BGP VPNv4 or VPNv6 routes to SRv6 TE policy tunnels.
Usage guidelines
This command enables a PE to recurse a route to an SRv6 TE policy tunnel and use the tunnel to forward L3VPN traffic.
To improve high availability for L3VPN packet forwarding, specify the best-effort keyword. The PE forwards an L3VPN packet as follows:
1. The PE forwards the packet through the matching SRv6 TE policy tunnel.
2. If the matching SRv6 TE policy tunnel fails, the PE forwards the packet in SRv6-BE mode.
3. If the SID-based forwarding fails, the PE forwards the packet by looking up the routing table based on the destination IP address of the packet.
4. If the packet forwarding still fails, the PE drops the packet.
Use this command in different address family views according to your network scenario.
· In the private network IPv4 or IPv6 over SRv6 scenario, use this command in BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
· In the public network IPv4 or IPv6 over SRv6 scenario, use this command in BGP IPv4 unicast address family view or BGP IPv6 unicast address family view.
This command is mutually exclusive with the segment-routing ipv6 best-effort command.
Examples
# In BGP IPv6 unicast address family view, recurse routes to SRv6 TE policy tunnels.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv6
[Sysname-bgp-default-ipv6] segment-routing ipv6 traffic-engineering
Related commands
segment-routing ipv6 best-effort
