Difference between revisions of "VPP/Segment Routing for IPv6"

Revision as of 11:28, 29 March 2017

VPP has an up-to-date implementation of SRv6 Network Programming.

This example shows how to use the VPP platform to setup a L3VPN with SRv6. For further information regarding the SRv6 implementation and CLI please visit the doxygen documentation. For further information on SRv6, tutorials and videos please visit www.segment-routing.net.

Introduction

Segment Routing changes the way packets are forwarded inside a network to enable network operators to have better control on the path followed by the packets. Networks using Segment Routing route the packets through a list of segments within the packet. The packets will always follow the shortest path up to each segment. In this way, no state is maintained in the network.

Segment Routing can be applied to the MPLS and IPv6 dataplanes. In the IPv6 dataplane, SR -a.k.a SRv6- uses an IPv6 Routing Extension header where each one of the segments is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing extension header. The segment to process is indicated by a pointer in the routing extension header. Upon completion of a segment, the pointer is incremented.

In SRv6, each segment is an SR LocalSID. An SR LocalSID is a SID associated with a processing function on the local node, which may go from advancing to the next SID in the SRH, to complex user-defined behaviors.

In this example we will leverage SRv6 to create a L3VPN for both IPv4 and IPv6 traffic. We will also leverage SRv6 to do underlay optimization in our overlay VPN.

Note that the SRv6 is not limited to this use-case. Please review the doxygen documentation for further info.

Topology Diagram

Our topology is simply going to be four VPP nodes with both, an IPv4 and IPv6 clients and servers attached to this core network. The 'core' network is running IPv6 only.

L3VPN for IPv6 traffic

SRv6 L3VPN IPv6 traffic

In this example what we will do is on C1 create a SR Policy with only one SID list. This SID list will be <C2::, C4::6>. The SR policy will be using encapsulation. On C1 I will add an steering policy to steer all the L3 traffic destined to B::/112 via the BindingSID of the SR policy we just created before.

On C2 I will create one SR LocalSID with behavior End. (Endpoint)

On C4 I will create one SR LocalSID with behavior End.DX6 (Endpoint with Decapsulation and IPv6 cross-connect).

Note that this is a L3VPN for all traffic from A:: to B::. In this example the returning path is not shown. The user must create another SR policy at C4 with the appropriate SR LocalSIDs at the different nodes for the returning path.

Configuration on C1

set sr encaps source addr C1::
sr policy add bsid C1::999:1 next C2:: next C4::6 encap
sr steer l3 B::/112 via sr policy bsid C1::999:1

This configuration can be verified with the CLI:

show sr policies
show sr steering policies

Configuration on C2

sr localsid address C2:: behavior end

This configuration can be verified with the CLI:

show sr localsid

Note that each SR LocalSID has counters for good and bad processed traffic. These counters can be cleared with

clear sr localsid counters

Configuration on C3

None

Configuration on C4

sr localsid address C4::6 behavior end.dx6 GigabitEthernet0/5/0 B:C5::B

L3VPN for IPv4 traffic

SRv6 L3VPN IPv4 traffic

In this example what we will do is on C1 create a SR Policy with only one SID list. This SID list will be <C2::, C4::4>. The SR policy will be using encapsulation. On C1 I will add an steering policy to steer all the L3 traffic destined to 2.2.2.0/24 via the BindingSID of the SR policy we just created before.

On C2 I will create one SR LocalSID with behavior End. (Endpoint)

On C4 I will create one SR LocalSID with behavior End.DX4 (Endpoint with Decapsulation and IPv4 cross-connect).

Note that this is a L3VPN for all traffic from 1.1.1.0/24 to 2.2.2.0/24. In this example the returning path is not shown. The user must create another SR policy at C4 with the appropriate SR LocalSIDs at the different nodes for the returning path.

Configuration on C1

set sr encaps source addr C1::
sr policy add bsid C1::999:2 next C2:: next C4::4 encap
sr steer l3 2.2.2.0/24 via sr policy bsid C1::999:2

Configuration on C2

sr localsid address C2:: behavior end

Note here that this is the same SR LocalSID as the one created for the L3VPN for IPv6 traffic. Hence, you don't need to type this again.

Configuration on C3

None

Configuration on C4

sr localsid address C4::4 behavior end.dx4 GigabitEthernet0/6/0 2.2.2.2

Difference between revisions of "VPP/Segment Routing for IPv6"

Revision as of 11:28, 29 March 2017

Contents

Introduction

Topology Diagram

L3VPN for IPv6 traffic

Configuration on C1

Configuration on C2

Configuration on C3

Configuration on C4

L3VPN for IPv4 traffic

Configuration on C1

Configuration on C2

Configuration on C3

Configuration on C4

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Tools

@@ Line 1: / Line 1: @@
-This example shows how to use the VPP platform for IPv6 segment routing.
+VPP has an up-to-date implementation of [https://tools.ietf.org/html/draft-filsfils-spring-srv6-network-programming SRv6 Network Programming].
+This example shows how to use the VPP platform to setup a L3VPN with SRv6. For further information regarding the SRv6 implementation and CLI please visit the [https://docs.fd.io/vpp/17.07/srv6_doc.html doxygen documentation]. For further information on SRv6, tutorials and videos please visit [https://www.segment-routing.net www.segment-routing.net].
 __TOC__
-=== Introduction ===
+== Introduction ==
+Segment Routing changes the way packets are forwarded inside a network to enable network operators to have better control on the path followed by the packets. Networks using Segment Routing route the packets through a list of segments within the packet. The packets will always follow the shortest path up to each segment. In this way, no state is maintained in the network.
+Segment Routing can be applied to the MPLS and IPv6 dataplanes. In the IPv6 dataplane, SR -a.k.a SRv6- uses an IPv6 Routing Extension header where each one of the segments is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing extension header.  The segment to process is indicated by a pointer in the routing extension header. Upon completion of a segment, the pointer is incremented.
+In SRv6, each segment is an SR LocalSID. An SR LocalSID is a SID associated with a processing function on the local node, which may go from advancing to the next SID in the SRH, to complex user-defined behaviors.
+In this example we will leverage SRv6 to create a L3VPN for both IPv4 and IPv6 traffic. We will also leverage SRv6 to do underlay optimization in our overlay VPN.
+Note that the SRv6 is not limited to this use-case. Please review the [https://docs.fd.io/vpp/17.07/srv6_doc.html doxygen documentation] for further info.
+== Topology Diagram ==
+[[File:SRv6 L3VPN.png|x400px]]
+Our topology is simply going to be four VPP nodes with both, an IPv4 and IPv6 clients and servers attached to this core network. The 'core' network is running IPv6 only.
+== L3VPN for IPv6 traffic ==
+[[File:SRv6 L3VPN IPv6 traffic.png|thumb|upright=1.5|SRv6 L3VPN IPv6 traffic]]
+In this example what we will do is on C1 create a SR Policy with only one SID list. This SID list will be <C2::, C4::6>. The SR policy will be using encapsulation.
+On C1 I will add an steering policy to steer all the L3 traffic destined to B::/112 via the BindingSID of the SR policy we just created before.
+On C2 I will create one SR LocalSID with behavior End. (Endpoint)
+On C4 I will create one SR LocalSID with behavior End.DX6 (Endpoint with Decapsulation and IPv6 cross-connect).
+Note that this is a L3VPN for all traffic from A:: to B::. In this example the returning path is not shown. The user must create another SR policy at C4 with the appropriate SR LocalSIDs at the different nodes for the returning path.
+==== Configuration on C1 ====
+ set sr encaps source addr C1::
+ sr policy add bsid C1::999:1 next C2:: next C4::6 encap
+ sr steer l3 B::/112 via sr policy bsid C1::999:1
-Segment routing changes the way packets are forwarded inside a network to enable network operators to have better control on the path followed by the packets.
+This configuration can be verified with the CLI:
-Segment Routing can be applied to the IPv6 architecture, with a new type of routing extension header.  A segment is encoded as an IPv6 address.  An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing extension header.  The segment to process is indicated by a pointer in the routing extension header. Upon completion of a segment, the pointer is incremented.
+  show sr policies
+  show sr steering policies
-The topology and VPP debug CLI configuration below show how to configure an IPv6 segment routing network.
+==== Configuration on C2 ====
-=== VIRL File ===
+ sr localsid address C2:: behavior end
-It can be tedious to configure this scenario manually. For help, see the example:
+This configuration can be verified with the CLI:
+ show sr localsid
-[[VPP/IPv6 SR VIRL topology file|IPv6 SR VIRL topology file]]
+Note that each SR LocalSID has counters for good and bad processed traffic. These counters can be cleared with
+ clear sr localsid counters
-The example page is a VIRL topology description in plain text. You will need to store the text to a file and give it the <tt>.virl</tt> extension.
+==== Configuration on C3 ====
-The <tt>iosv-1</tt>, <tt>iosv-2</tt>, and <tt>iosv-4</tt> nodes are virtual IOS Classic routers, which could be easily replaced with Linux hosts or other network devices capable of sending IPv6 ICMP echo requests.
+ None
-=== Topology Diagram ===
+==== Configuration on C4 ====
-[[File:IPv6 Segment Routing Topology.jpg|IPv6 Segment Routing Topology]]
+ sr localsid address C4::6 behavior end.dx6 GigabitEthernet0/5/0 B:C5::B
-=== Configuration ===
+== L3VPN for IPv4 traffic ==
-==== iosv-1 relevant configuration ====
+[[File:SRv6 L3VPN IPv4 traffic.png|thumb|upright=1.5|SRv6 L3VPN IPv4 traffic]]
- interface GigabitEthernet0/1
+In this example what we will do is on C1 create a SR Policy with only one SID list. This SID list will be <C2::, C4::4>. The SR policy will be using encapsulation.
-  description to vpp-1
+On C1 I will add an steering policy to steer all the L3 traffic destined to 2.2.2.0/24 via the BindingSID of the SR policy we just created before.
-  ipv6 address ::A:1:1:0:6/126
- ! route to iosv-2
- ipv6 route ::A:1:1:0:16/128 ::A:1:1:0:7
- ! route to iosv-4
- ipv6 route ::A:1:1:0:22/128 ::A:1:1:0:7
-==== iosv-2 relevant configuration ====
+On C2 I will create one SR LocalSID with behavior End. (Endpoint)
- interface GigabitEthernet0/1
+On C4 I will create one SR LocalSID with behavior End.DX4 (Endpoint with Decapsulation and IPv4 cross-connect).
-  description to vpp-2
-  ipv6 address ::A:1:1:0:16/126
- !
- ipv6 route ::A:1:1:0:6/128 ::A:1:1:0:17
-==== iosv-4 relevant configuration ====
+Note that this is a L3VPN for all traffic from 1.1.1.0/24 to 2.2.2.0/24. In this example the returning path is not shown. The user must create another SR policy at C4 with the appropriate SR LocalSIDs at the different nodes for the returning path.
- interface GigabitEthernet0/1
+==== Configuration on C1 ====
-  description to vpp-2
-  ipv6 address ::A:1:1:0:22/126
- ! Route to iosv-1
- ipv6 route ::A:1:1:0:6/128 ::A:1:1:0:23
-==== vpp-1 relevant configuration ====
+ set sr encaps source addr C1::
+ sr policy add bsid C1::999:2 next C2:: next C4::4 encap
+ sr steer l3 2.2.2.0/24 via sr policy bsid C1::999:2
- set interface ip address GigabitEthernet0/4/0 ::a:1:1:0:7/126
+==== Configuration on C2 ====
- set interface state GigabitEthernet0/4/0 up
- set interface ip address GigabitEthernet0/5/0 ::a:1:1:0:b/126
- set interface state GigabitEthernet0/5/0 up
- set interface ip address GigabitEthernet0/6/0 ::a:1:1:0:e/126
- set interface state GigabitEthernet0/6/0 up
- set interface ip address GigabitEthernet0/7/0 ::a:1:1:0:12/126
- set interface state GigabitEthernet0/7/0 up
- sr tunnel src 0::a:1:1:0:6 dst 0::a:1:1:0:16/128 next 0::a:1:1:0:f next 0::a:1:1:0:1a next 0::a:1:1:0:16 tag 0::a:1:1:0:7 InPE 1 clean
- sr tunnel src 0::a:1:1:0:6 dst 0::a:1:1:0:22/128 next 0::a:1:1:0:f next 0::a:1:1:0:1a next 0::a:1:1:0:22 tag 0::a:1:1:0:7 InPE 1 clean
-==== vpp-3 relevant configuration ====
+ sr localsid address C2:: behavior end
- set interface ip address GigabitEthernet0/4/0 ::a:1:1:0:f/126
+Note here that this is the same SR LocalSID as the one created for the L3VPN for IPv6 traffic. Hence, you don't need to type this again.
- set interface state GigabitEthernet0/4/0 up
- set interface ip address GigabitEthernet0/5/0 ::a:1:1:0:1b/126
- set interface state GigabitEthernet0/5/0 up
- comment { to avoid dropping all SR traffic due to source rpf check failures }
- ip route add ::a:1:1:0:6/128 via drop
- ip route add ::a:1:1:0:16/128 via drop
- ip route add ::a:1:1:0:22/128 via drop
-==== vpp-2 relevant configuration ====
+==== Configuration on C3 ====
-  set interface ip address GigabitEthernet0/4/0 ::a:1:1:0:1a/126
+  None
- set interface state GigabitEthernet0/4/0 up
- set interface ip address GigabitEthernet0/5/0 ::a:1:1:0:1e/126
- set interface state GigabitEthernet0/5/0 up
- set interface ip address GigabitEthernet0/6/0 ::a:1:1:0:17/126
- set interface state GigabitEthernet0/6/0 up
- set interface ip address GigabitEthernet0/7/0 ::a:1:1:0:23/126
- set interface state GigabitEthernet0/7/0 up
- sr tunnel src 0::a:1:1:0:16 dst 0::a:1:1:0:6/128 next 0::a:1:1:0:1b next 0::a:1:1:0:e next 0::a:1:1:0:6 tag 0::a:1:1:0:17 InPE 1 clean
-==== vpp-4 relevant configuration ====
+==== Configuration on C4 ====
-  set interface ip address GigabitEthernet0/4/0 ::a:1:1:0:13/126
+  sr localsid address C4::4 behavior end.dx4 GigabitEthernet0/6/0 2.2.2.2
- set interface state GigabitEthernet0/4/0 up
- set interface ip address GigabitEthernet0/5/0 ::a:1:1:0:1f/126
- set interface state GigabitEthernet0/5/0 up