As shown in Figure 1, the O-flag is in the SRH Flags field, indicating that the SRv6 nodes need to perform OAM processing. The SRv6 nodes process the packets with O-flag set based on the SRH. In SRv6 OAM, to request all SRv6 nodes on the path to respond to OAM packets, make sure the O-flag is set for the OAM packets at the source node.

Figure 1 O-flag in SRH Flags field

‌

End.OP SID

An End.OP SID is an SRv6 SID of OAM type used in SRv6 SID/SRv6 TE policy-based ping/tracert operations. When a device receives a request packet destined for the local End.OP SID, it further checks the SRv6 SID in the packet. If the SRv6 SID is the local SRv6 SID, the device sends a reply; if not, the device discards the packet.

In ping or tracer operations based on SRv6 SID or SRv6 TE policy, packets can be used to detect SRv6 path connectivity, regardless of whether they carry the End.OP SIDs.

Take SRv6 SID-based ping as an example. As shown in Figure 2, in order to ping Device C, Device A constructs an ICMPv6 echo request by adding the End.OP SID of Device C to the SRH header in the request. Upon receiving the request and finding that request is destined for the local End.OP SID, Device C further checks whether SRv6 SID c is the local SRv6 SID. If it is the local SRv6 SID, Device C sends an ICMPv6 echo reply; if not, Device C discards the ICMPv6 echo request.

Figure 2 End.OP SID used in an SRv6 SID-based ping

‌

SRv6 SID-based ping

SRv6 OAM supports segment-by-segment ping and end-to-end ping.

Segment-by-segment ping

Use segment-by-segment ping to detect connectivity of all SRv6 nodes in the SRv6 path. All SRv6 nodes will send an ICMPv6 echo reply to the source node.

In a segment-by-segment ping operation, do not specify the End.OP SID because some nodes might fail to send a reply.

Figure 3 Segment-by-segment ping

‌

Figure 3 shows the segment-by-segment ping process as follows:

1. Device A initiates a ping to Device D, with the SRv6 SIDs of Device B and Device D specified. It constructs an ICMPv6 echo request encapsulated with an SRH and then sends the request.

2. Upon receiving the ICMPv6 echo request, the intermediate node performs relevant operations depending on whether it is SRv6 capable:

¡ On an SRv6 capable node (such as Device B):

The node sends an ICMPv6 echo reply to Device A, and forwards the ICMPv6 echo request based on the SRH if the following conditions exist:

- The packet destination IPv6 address is the local SRv6 SID.

- The O-flag is set in the packet SRH Flags field.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the ICMPv6 echo request according to routing table lookup without returning an ICMPv6 echo reply to Device A.

3. Upon receiving the ICMPv6 echo request with O-flag set and SL=0 in the SRH, Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 echo reply to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the ICMPv6 echo request.

4. Device A determines whether the destination node is reachable based on reception of the ICMPv6 echo reply:

¡ If the ICMPv6 echo reply is received before the specified timeout timer expires, the destination node is reachable.

¡ If no ICMPv6 echo reply is received when the specified timeout timer expires, the destination node is unreachable.

End-to-end ping

Use end-to-end ping to detect connectivity of the destination node in the SRv6 path. Only the destination node sends an ICMPv6 echo reply to the source node.

An SRv6 SID-based end-to-end ping can be performed regardless of whether the End.OP SID is specified. This section describes such a ping operation without the End.OP SID specified.

Figure 4 End-to-end ping

‌

Figure 4 shows the end-to-end ping process as follows:

1. Device A initiates a ping to Device D, with the SRv6 SIDs of Device B and Device D specified. It constructs an ICMPv6 echo request encapsulated with an SRH and then sends the request.

2. Upon receiving the ICMPv6 echo request, the intermediate node performs relevant operations depending on whether it is SRv6 capable:

¡ On an SRv6 capable node (such as Device B):

The node forwards the ICMPv6 echo request based on the SRH if the packet destination IPv6 address is the local SRv6 SID.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the ICMPv6 echo request according to routing table lookup.

3. Upon receiving the ICMPv6 echo request with SL=0 in the SRH, Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 echo reply to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the ICMPv6 echo request.

4. Device A determines whether the destination node is reachable based on reception of the ICMPv6 echo reply:

¡ If the ICMPv6 echo reply is received before the specified timeout timer expires, the destination node is reachable.

¡ If no ICMPv6 echo reply is received when the specified timeout timer expires, the destination node is unreachable.

SRv6 SID-based tracert

SRv6 OAM supports overlay tracert and hop-by-hop tracert.

Overlay tracert

Use overlay tracert to display information about only SRv6 nodes in the SRv6 path.

In an overlay tracert operation, do not specify the End.OP SID because some nodes might fail to send a reply.

Figure 5 Overlay tracert

‌

Figure 5 shows the overlay tracert process as follows:

1. Device A initiates a tracert to Device D, with the SRv6 SIDs of Device B and Device D specified. It constructs a UDP packet encapsulated with an SRH and then sends the UDP packet (the Hop Limit value is 64 in the IPv6 packet header).

Make sure you specify a destination UDP port that is not used by any applications on the destination node.

2. Upon receiving the UDP packet, the intermediate node performs relevant operations depending on whether it is SRv6 capable:

¡ On an SRv6 capable node (such as Device B):

The node sends an ICMPv6 port unreachable message to Device A, and then forwards the UDP packet based on the SRH if the following conditions exist:

- The packet destination IPv6 address is the local SRv6 SID.

- The O-flag is set in the packet SRH Flags field.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the UDP packet according to routing table lookup without returning an ICMPv6 port unreachable message.

3. Upon receiving the UDP packet with O-flag set and SL=0 in the SRH, Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 port unreachable message to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the UDP packet.

4. Device A determines whether the destination node is reachable based on reception of the ICMPv6 port unreachable message:

¡ If the ICMPv6 port unreachable message is received before the specified timeout timer expires, the destination node is reachable. The tracert result displays the SRv6 path from the source node to the destination node.

¡ If no ICMPv6 port unreachable message is received when the specified timeout timer expires, the destination node is unreachable. You can locate the faulty node based on the tracert result.

Hop-by-hop tracert

Use hop-by-hop tracert to display information about all nodes (whether they are SRv6 capable or not) in the SRv6 path.

An SRv6 SID-based hop-by-hop tracert can be performed regardless of whether the End.OP SID is specified. This section describes such a tracert operation without the End.OP SID specified.

Figure 6 Hop-by-hop tracert

‌

Figure 6 shows the hop-by-hop tracert process as follows:

Make sure you specify a destination UDP port that is not used by any applications on the destination node.

2. Upon receiving the UDP packet with the Hop Limit value in the IPv6 packet header being 0, the intermediate node sends an ICMPv6 timeout message to Device A.

3. Upon receiving the ICMPv6 timeout message, Device A sends another UDP packet by adding the Hop limit value by 1.

4. Upon receiving the UDP packet with the Hop Limit value in the IPv6 packet header not being 0, the intermediate node forwards the UDP packet as follows:

¡ On an SRv6 capable node (such as Device B):

The node forwards the UDP packet based on the SRH if the packet destination IPv6 address is the local SRv6 SID.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the UDP packet according to routing table lookup.

5. Upon receiving the UDP packet (with Hop Limit 0 in the IPv6 packet header and SL=0 in the SRH), Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 port unreachable message to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the UDP packet.

6. Device A determines whether the destination node is reachable based on reception of the ICMPv6 port unreachable message:

¡ If no ICMPv6 port unreachable message is received when the specified timeout timer expires, the destination node is unreachable. You can locate the faulty node based on the tracert result.

SRv6 TE policy-based ping

Use SRv6 TE policy-based ping to detect reachability of each node in an SRv6 TE policy.

Figure 7 SRv6 TE policy-based ping

‌

In Figure 7, the SID list of the SRv6 TE policy contains {b, d}. The SRv6 TE policy-based ping process is as follows:

1. Device A initiates a ping to Device D. It constructs an ICMPv6 echo request encapsulated with an SRH (that contains the SID list of the SRv6 TE policy) and then sends the request.

2. Upon receiving the ICMPv6 echo request, the intermediate node performs relevant operations depending on whether it is SRv6 capable:

¡ On an SRv6 capable node (such as Device B):

The node sends an ICMPv6 echo reply to Device A, and forwards the ICMPv6 echo request based on the SRH to Device C.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the ICMPv6 echo request according to routing table lookup without returning an ICMPv6 echo reply to Device A.

3. Upon receiving the ICMPv6 echo request with SL=0 in the SRH, Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 echo reply to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the ICMPv6 echo request.

4. Device A determines node reachability in the SRv6 TE policy based on reception of the ICMPv6 echo reply:

¡ If Device A receives the ICMPv6 echo reply from Device D before the specified timeout timer expires, all nodes in the SRv6 TE policy are reachable.

¡ If Device A does not receive the ICMPv6 echo reply from Device D when the specified timeout timer expires, the SRv6 TE policy contains unreachable nodes.

SRv6 TE policy-based tracert

Use SRv6 TE policy-based tracert to detect node reachability in an SRv6 TE policy and locate the faulty node.

Figure 8 SRv6 TE policy-based tracert

‌

In Figure 8, the SID list of the SRv6 TE policy contains {b, d}. The SRv6 TE policy-based tracert process is as follows:

1. Device A initiates a tracert to Device C. It constructs a UDP packet encapsulated with an SRH (that contains the SID list of the SRv6 TE policy) and then sends the UDP packet (the Hop Limit value is 1 in the IPv6 packet header).

Make sure you specify a destination UDP port that is not used by any applications on the destination node.

2. Upon receiving the UDP packet with the Hop Limit value in the IPv6 packet header being 0, the intermediate node sends an ICMPv6 timeout message to Device A.

3. Upon receiving the ICMPv6 timeout message, Device A sends another UDP packet by adding the Hop Limit value by 1.

4. Upon receiving the UDP packet with the Hop Limit value in the IPv6 packet header not being 0, the intermediate node forwards the UDP packet as follows:

¡ On an SRv6 capable node (such as Device B):

The node forwards the UDP packet based on the SRH if the packet destination IPv6 address is the local SRv6 SID.

¡ On an SRv6 incapable node (such as Device C):

The node forwards the UDP packet according to routing table lookup.

5. Upon receiving the UDP packet (with Hop Limit 0 in the IPv6 packet header and SL=0 in the SRH), Device D verifies the packet destination IPv6 address.

¡ If the IPv6 address is the local SRv6 SID, the verification succeeds, and Device D sends an ICMPv6 port unreachable message to Device A.

¡ If the IPv6 address is not the local SRv6 SID, the verification fails, and Device D discards the UDP packet.

6. Device A determines node reachability in the SRv6 TE policy based on reception of the ICMPv6 port unreachable message:

¡ If Device A receives the ICMPv6 port unreachable message from the destination node before the specified timeout timer expires, all nodes in the SRv6 TE policy are reachable. No faulty nodes exist.

¡ If Device A does not receive the ICMPv6 port unreachable message from the destination node when the specified timeout timer expires, the SRv6 TE policy contains unreachable nodes. You can locate the faulty node based on the tracert result.

Restrictions and guidelines: SRv6 OAM configuration

Follow these restrictions and guidelines when you perform an SRv6 SID-based ping or tracert operation:

· When End SID, End.X SID, End(COC32) SID, or End.X(COC32) SID is used as the SRv6 SID of the destination node, make sure the flavor type for the SRv6 SID is PSP.

· The End.DT4 SID, End.DT6 SID, End.DT46 SID, End.DX4 SID, or End.DX6 SID can be used only as the SRv6 SID of the destination node.

In standard system operating mode, only the following cards support this feature:

Card category	Cards
CEPC	CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1
CSPEX	CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA
SPE	RX-SPE200-E

In SDN-WAN system operating mode, only the following cards support this feature:

Card category	Cards
CEPC	CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1
CSPEX	CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA
SPE	RX-SPE200, RX-SPE200-E
OAA	IM-NGFWX-IV

Performing an SRv6 SID-based ping operation

Restrictions and guidelines

For segment-by-segment ping, you cannot specify the End.OP SID.

Procedure

To perform an SRv6 SID-based ping operation, execute the following command in any view:

ping ipv6-sid [ -a source-ipv6 | -c count | -m interval | -q | -s packet-size | -t timeout | -tc traffic-class | -v ] * [ segment-by-segment ] { sid | coc32 sid common-prefix-length }&<1-10> [ network-slice slice-id [ force-match-slice ] ]

Performing an SRv6 SID-based tracert operation

Restrictions and guidelines

For overlay tracert, you cannot specify the End.OP SID.

Prerequisites

For hop-by-hop tracert, configure the following settings:

· Enable sending of ICMPv6 timeout packets on the intermediate devices (devices between the source and destination nodes).

· Enable sending of ICMPv6 timeout packets and ICMPv6 destination unreachable packets on the destination node.

For overlay tracert, enable sending of ICMPv6 destination unreachable packets on the intermediate devices (devices between the source and destination nodes) and destination node.

Procedure

To perform an SRv6 SID-based tracert operation, execute the following command in any view:

tracert ipv6-sid [ -a source-ipv6 | -f first-hop | -i interface-type interface-number | -m max-hops | -p port | -q packet-number | -s packet-size | -t traffic-class | -w timeout ] * [ overlay ] { sid | coc32 sid common-prefix-length }&<1-n> [ network-slice slice-id [ force-match-slice ] ]

Performing an SRv6 TE policy-based ping operation

To perform an SRv6 TE policy-based ping operation, execute the following command in any view:

ping srv6-te policy { policy-name policy-name | color color-value end-point ipv6 ipv6-address | binding-sid bsid } [ for-match-slice ] [ end-op end-op | endpoint | destination srv6-sid ] [ -a source-ipv6 | -c count | -h hop-limit | -m interval | -s packet-size | -t timeout | -tc traffic-class ] *

Performing an SRv6 TE policy-based tracert operation

Prerequisites

Enable sending of ICMPv6 timeout packets on the intermediate devices (devices between the source and destination nodes) and destination node.

Enable sending of ICMPv6 destination unreachable packets on the destination node.

Procedure

To perform an SRv6 TE policy-based tracert operation, execute the following command in any view:

tracert srv6-te policy { policy-name policy-name | color color-value end-point ipv6 ipv6-address | binding-sid bsid } [ for-match-slice ] [ end-op end-op | endpoint | destination srv6-sid ] [ -a source-ipv6 | -f first-hop | -m max-hops | -p port | -q packet-number | -s packet-size | -tc traffic-class | -w timeout ] *

Specifying a remote End.OP SID locator

About this task

To execute the ping srv6-te policy or tracert srv6-te policy command, you cannot ensure the SID connectivity in all SID lists when the following conditions exist:

· The last SIDs in the SID lists belong to different locators.

· An End.OP SID is specified with the end-op end-op option in the command.

To resolve this issue, you can configure the remote end-op command on the source node. The command enables you to specify a remote End.OP SID locator associated with the last SID of each SID list. In a ping or tracert operation, the source node will automatically select an End.OP SID by the longest match principle from the locator associated with the specified SID.

Procedure

1. Enter system view:

system-view

2. Enter SRv6 view:

segment-routing ipv6

3. Specify a remote End.OP SID locator.

remote end-op ipv6-address prefix-length

By default, no remote End.OP SID locators are specified.

Enabling the ICMPv6 error packet relay feature

About this task

In an SRv6 TE policy-based tracert operation, if one SRv6 TE policy (policy A, for example) recurses to another SRv6 TE policy (policy B, for example), the following conditions can occur:

· Nodes in the SID list of policy B return ICMPv6 time-exceeded packets only to the source node of policy B.

· The nodes in the SID list of policy B do not return ICMPv6 time-exceeded packets to the source node of policy A.

As a result, the source node of policy A determines that unreachable nodes exist. The detection result is incorrect.

To address this issue, you can enable the ICMPv6 error packet relay feature for the source node of policy B. Upon receiving ICMPv6 time-exceeded packets from other nodes of policy B, the source node of policy B acts as a proxy to forward the packets to the source node of policy A. This can avoid incorrect detection.

Procedure

1. Enter system view:

system-view

2. Enter SRv6 view:

segment-routing ipv6

3. Enable the ICMPv6 error packet relay feature.

icmpv6-error relay enable

By default, the ICMPv6 error packet relay feature is disabled.

11-Segment Routing Configuration Guide

Configuring SRv6 OAM

OAM O-flag

End.OP SID

Segment-by-segment ping

End-to-end ping

Overlay tracert

Hop-by-hop tracert

Restrictions and guidelines

Procedure

Restrictions and guidelines

Prerequisites

Procedure

Prerequisites

Procedure

About this task

Procedure

About this task

Procedure

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us