SRv6 (Segment Routing version 6) is a version of segment routing based on IPv6 tunneling mechanism, rather than on MPLS (MultiProtocol Label Switching) underlay. Therefore, with SRv6 underlying transport routers must be capable of forwarding IPv6 (Internet Protocol version 6) packets, and do not require MPLS support.
In the first series of SRv6 articles, I will present very basic SRv6 functionality. Which is the concept of SRv6 locator and SRv6 SID (Segment Identifier). To discuss this simple topic, a very basic topology will be used, as outlined in Figure 1.
Figure 1: Basic SRv6 topology
This blog post is based on the capabilities of Junos 20.3 running on MX Series and JUNOS 22.3 on ACX7000 routers. Config and show command outputs have been collected on vMX in our labs.
You can test yourself all the concepts described in this article, we created labs in JCL and vLabs:
Introduction
In this topology, all IP addresses in the transport infrastructure (loopbacks, links of PE and P routers) are IPv6 addresses from the IPv6 subnets listed in Figure 1. There are no IPv4 addresses at all, since SRv6 relies completely on IPv6. Obviously, SRv6 can be deployed in dual-stack (IPv4 + IPv6) transport infrastructure, but it unnecessarily complicates the design and is absolutely not required. The only ‘IPv4 like’ number used in the design is a router ID associated with each router in the transport infrastructure. Given the fact, that this ID is 32-bit, it looks like an IPv4 address (although, it isn’t).
SRv6 Locator
Apart from configuring a standard IPv6 network, what is needed to enable SRv6?
The most important and most basic piece of SRv6 configuration is the allocation of SRv6 locators to each router in the transport infrastructure.
But wait a minute, what is an SRv6 locator, actually?
An SRv6 locator is an IPv6 subnet. Apart from allocating for each router some host IPv6 prefix for loopback (/128), you need to allocate as well some IPv6 subnet to each router (for example /64).
And, what is it for, this locator?
In a very basic sense, SRv6 locator is the base for SRv6 SID. An SRv6 SID is 128-bit long number (thus, the same size as an IPv6 address) constructed from the SRv6 locator (most significanct bits in the SRv6 SID), and other values, defining the actual function of the locator. From this definition, it can be easily derived, that there could be multiple SRv6 SIDs associated with a single router – each SRv6 SID based on the same IPv6 prefix defined as the SRv6 locator.
In this topology, we are allocating the locators using bad:feed:0:<XX>::/64 subnet, where XX is the node ID, as pictured in Figure 1.
1 routing-options {
2 source-packet-routing {
3 srv6 {
4 locator SRV6-LOC-1 bad:feed:0:11::/64;
5 }
6 }
7 }
Configuration 1: SRv6 Locator on PE11
SRV6-LOC-1 is just a locally significant name. In addition to configuring the locator, you need to enable SRv6 extension in the IGP (Interior Gateway Protocol) - IS-IS (Intermediate System to Intermediate System) in this particular case - and specify, which locator should be used in IGP advertisements. Note that it is possible to use multiple locators per node; we will discuss scenarios, where multiple locators might be used, in some follow up SRv6 articles. The name of the SRv6 locator is not exchanged via the IGP extensions, just the SRv6 locator value.
1 protocols {
2 isis {
3 source-packet-routing {
4 srv6 {
5 locator SRV6-LOC-1;
6 }
7 }
8 }
9 }
Configuration 2: SRv6 IS-IS extensions on PE11
Now, after defining the SRv6 locator, and enabling IS-IS SRv6 extensions, you can verify the status.
1 root@PE11> show isis overview | find SPRING
2 W15: Fri 2022-04-15T06:08:22 PDT (UTC-0700)
3 Source Packet Routing (SPRING): Enabled
4 Node Segments: Disabled
5 SRv6: Enabled
6 Locator: bad:feed:0:11::/64, Algorithm: 0
7 (…)
CLI-Output 1: IS-IS Status
First success! SRv6 is enabled and local locator is shown! Note: we will discuss different algorithms in some follow-up SRv6 blog.
You can as well check the IS-IS database, and verify the SRv6 locator advertisements.
1 root@PE11> show isis database extensive | match ", Lifetime:|Locator| V6 prefix"
2 W15: Fri 2022-04-15T06:24:10 PDT (UTC-0700)
3 P1.00-00 Sequence: 0x6, Checksum: 0xb448, Lifetime: 63949 secs
4 V6 prefix: bad:cafe::1/128 Metric: 0 Internal Up
5 V6 prefix: bad:feed:0:1::/64 Metric: 0 Internal Up
6 V6 prefix: beef::111:0/112 Metric: 1000 Internal Up
7 V6 prefix: beef::112:0/112 Metric: 1000 Internal Up
8 SRv6 Locator: bad:feed:0:1::/64, Metric: 0, MTID: 0, Flags: 0x0, Algorithm: 0
9 P2.00-00 Sequence: 0x6, Checksum: 0x3736, Lifetime: 63953 secs
10 V6 prefix: bad:cafe::2/128 Metric: 0 Internal Up
11 V6 prefix: bad:feed:0:2::/64 Metric: 0 Internal Up
12 V6 prefix: beef::211:0/112 Metric: 1000 Internal Up
13 V6 prefix: beef::212:0/112 Metric: 1000 Internal Up
14 SRv6 Locator: bad:feed:0:2::/64, Metric: 0, MTID: 0, Flags: 0x0, Algorithm: 0
15 PE11.00-00 Sequence: 0x9, Checksum: 0x1854, Lifetime: 64033 secs
16 V6 prefix: bad:cafe::11/128 Metric: 0 Internal Up
17 V6 prefix: bad:feed:0:11::/64 Metric: 0 Internal Up
18 V6 prefix: beef::111:0/112 Metric: 1000 Internal Up
19 V6 prefix: beef::211:0/112 Metric: 1000 Internal Up
20 SRv6 Locator: bad:feed:0:11::/64, Metric: 0, MTID: 0, Flags: 0x0, Algorithm: 0
21 PE12.00-00 Sequence: 0x8, Checksum: 0x2715, Lifetime: 63951 secs
22 V6 prefix: bad:cafe::12/128 Metric: 0 Internal Up
23 V6 prefix: bad:feed:0:12::/64 Metric: 0 Internal Up
24 V6 prefix: beef::112:0/112 Metric: 1000 Internal Up
25 V6 prefix: beef::212:0/112 Metric: 1000 Internal Up
26 SRv6 Locator: bad:feed:0:12::/64, Metric: 0, MTID: 0, Flags: 0x0, Algorithm: 0
CLI-Output 2: SRv6 Locator advertisement
As you can see, each node advertises the IPv6 subnet used for SRv6 locator as legacy IPv6 prefix (IS-IS TLV - Type-Length-Value - 236: IPv6 IP Reachability), as well as SRv6 locator (IS-IS TLV 27: SRv6 Locator). There is some other information (like flags) visible – this will be discussed in some follow-up articles.
1 kszarkowicz-mbp:Downloads kszarkowicz$ tshark -r isis-srv6-locator.pcap -V
2 (…)
3 Router Capability (t=242, l=42)
4 (…)
5 Segment Routing - Algorithms (t=19, l=1)
6 Algorithm: Shortest Path First (SPF) (0)
7 SRv6 Capability (t=25, l=2)
8 Flags: 0x0000
9 .0.. .... .... .... = OAM flag: Not set
10 0.00 0000 0000 0000 = Unused: 0x0000
11 (…)
12 SRv6 Locator (t=27, l=18)
13 Type: 27
14 Length: 18
15 0000 .... .... .... = Reserved: 0x0
16 .... 0000 0000 0000 = Topology ID: Standard topology (0)
17 Metric: 0
18 Flags: 0x00
19 0... .... = Down bit: Not set
20 .000 0000 = Reserved: 0x00
21 Algorithm: Shortest Path First (SPF) (0)
22 Locator Size: 64
23 Locator: bad:feed:0:11::
24 SubCLV Length: 0
25 IPv6 reachability (t=236, l=83)
26 Type: 236
27 Length: 83
28 IPv6 Reachability: bad:feed:0:11::/64
29 Metric: 0
30 0... .... = Distribution: Up
31 .0.. .... = Distribution: Internal
32 ..0. .... = Sub-TLV: No
33 Prefix Length: 64
34 IPv6 prefix: bad:feed:0:11::
35 no sub-TLVs present
36 (…)
CLI-Output 3: Packet dump with SRv6 Locator information
If you check the routing tables for SRv6 locators, you can observe they are present in both inet6.0 (installed based on IS-IS TLV 236: IPv6 IP Reachability) and in inet6.3 (installed based on IS-IS TLV 27: SRv6 Locator) RIBs (Routing Information Base). Having them in inet6.0 allows routing (i.e. IPv6 packet with the destination matching SRv6 locator prefix can be routed). Having them in inet6.3 allows for BGP (Border Gateway Protocol) protocol next-hop resolution for BGP services (like for example L3VPN) carried across SRv6 underlay. This will be discussed in the next blog in more detail.
1 root@PE11> show route bad:feed:0::/48
2 W15: Fri 2022-04-15T06:59:21 PDT (UTC-0700)
3
4 inet6.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)
5 + = Active Route, - = Last Active, * = Both
6
7 bad:feed:0:1::/64 *[IS-IS/18] 01:01:13, metric 1000
8 > to fe80::5604:dff:fe00:560b via ge-0/0/1.0
9 bad:feed:0:2::/64 *[IS-IS/18] 00:29:52, metric 1000
10 > to fe80::5604:dff:fe00:4b92 via ge-0/0/2.0
11 bad:feed:0:11::/64 *[IS-IS/18] 01:00:11, metric 0
12 Reject
13 bad:feed:0:12::/64 *[IS-IS/18] 00:29:52, metric 2000
14 > to fe80::5604:dff:fe00:560b via ge-0/0/1.0
15 to fe80::5604:dff:fe00:4b92 via ge-0/0/2.0
16
17 inet6.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
18 + = Active Route, - = Last Active, * = Both
19
20 bad:feed:0:1::/64 *[SRV6-ISIS/14] 01:00:11, metric 1000
21 > to fe80::5604:dff:fe00:560b via ge-0/0/1.0, SRV6-Tunnel, Dest: bad:feed:0:1::
22 bad:feed:0:2::/64 *[SRV6-ISIS/14] 00:29:52, metric 1000
23 > to fe80::5604:dff:fe00:4b92 via ge-0/0/2.0, SRV6-Tunnel, Dest: bad:feed:0:2::
24 bad:feed:0:12::/64 *[SRV6-ISIS/14] 00:29:52, metric 2000
25 > to fe80::5604:dff:fe00:560b via ge-0/0/1.0, SRV6-Tunnel, Dest: bad:feed:0:12::
26 to fe80::5604:dff:fe00:4b92 via ge-0/0/2.0, SRV6-Tunnel, Dest: bad:feed:0:12::
CLI-Output 4: Packet dump with SRv6 Locator information
SRv6 SID
OK. We successfully configured SRv6 locators on the routers, and verified that these locators are distributed across entire network. Now, if you try to verify the forwarding:
1 root@PE11> ping bad:cafe::12 count 1
2 W15: Fri 2022-04-15T07:17:50 PDT (UTC-0700)
3 PING6(56=40+8+8 bytes) beef::111:11 --> bad:cafe::12
4 16 bytes from bad:cafe::12, icmp_seq=0 hlim=63 time=20.581 ms
5
6 --- bad:cafe::12 ping6 statistics ---
7 1 packets transmitted, 1 packets received, 0% packet loss
8 round-trip min/avg/max/std-dev = 20.581/20.581/20.581/0.000 ms
9
10 root@PE11> ping bad:feed:0:12:: count 1
11 W15: Fri 2022-04-15T07:18:02 PDT (UTC-0700)
12 PING6(56=40+8+8 bytes) beef::111:11 --> bad:feed:0:12::
13 64 bytes from beef::212:12: Destination Host Unreachable
14 Vr TC Flow Plen Nxt Hlim
15 6 00 00000 0010 3a 3f
16 beef::111:11->bad:feed:0:12::
17 ICMP6: type = 128, code = 0
18
19 --- bad:feed:0:12:: ping6 statistics ---
20 1 packets transmitted, 0 packets received, 100% packet loss
CLI-Output 5: Forwarding towards SRv6 locator
You can observe that forwarding towards IPv6 loopback is OK, but forwarding towards SRv6 locator fails with failure code “Destination Host Unreachable” provided by the destination node itself (beef::212:12 is the link address on PE12 for the P2-PE12 link). In essence, the packet reached the destination node, but the destination node has no idea what it is supposed to do with it.
Well, this is, actually, expected. The piece that is missing is SRv6 SID. As mentioned earlier, SID defines some functions. Meaning: what is supposed to happen with the packet that uses the SID as IPv6 destination address, when the packet arrives at the endpoint advertising the SRv6 locator. An exemplary structure of the SRv6 SID is outlined in Figure 2.
Figure 2: SRv6 SID structure
In essence, the 128-bit long SRv6 SID can be divided into two main parts: SRv6 locator and FUNC:ARG (Function:Argument).
SRv6 standard doesn’t specify any fixed boundaries between these parts. The boundaries can be limited by the particular SRv6 implementation (Junos doesn’t have such limitation) or can be freely chosen by the operator to align to particular design requirements.
Boundaries mentioned in the figure are just examples used in this blog:
- SRv6 Locator block: bad:feed:0::/48
- SRv6 Locator: bad:feed:0:<Node-ID>:/64
There is large number of functions (called as well end-point behaviors) defined in the SRv6 standard (RFC 8986). The most basic function is the ‘Endpoint’ behavior (End SID in short), which instructs the router to locally ‘consume’ the packet. Thus, to successfully perform previous ping tests, we need to define End SID for each node.
1 protocols {
2 isis {
3 source-packet-routing {
4 srv6 {
5 locator SRV6-LOC-1 {
6 end-sid bad:feed:0:11::;
7 }
8 }
9 }
10 }
11 }
Configuration 3: SRv6 End SID on PE11
End SID is a host (/128) IPv6 address from within the SRv6 locator subnet allocated to the router. In this particular case I used SID with ‘all zeros’ in the FUNC:ARG portion of the SRv6 SID. The defined SRv6 End SID appears similar to the SRv6 locator, which is probably easier from an operational perspective. Saying that, any value in the FUNC:ARG portion could be used. Now, if you perform some checks:
1 root@PE11> show isis overview | find SPRING
2 W15: Fri 2022-04-15T08:20:38 PDT (UTC-0700)
3 Source Packet Routing (SPRING): Enabled
4 Node Segments: Disabled
5 SRv6: Enabled
6 Locator: bad:feed:0:11::/64, Algorithm: 0
7 END-SID: bad:feed:0:11::, Flavor: None
8 (…)
9 root@PE11> show isis database extensive | match ", Lifetime:|SRv6 SID"
10 W15: Fri 2022-04-15T08:24:36 PDT (UTC-0700)
11 P1.00-00 Sequence: 0xb, Checksum: 0x6c12, Lifetime: 64923 secs
12 SRv6 SID: bad:feed:0:1::, Flavor: None
13 P2.00-00 Sequence: 0xb, Checksum: 0xbed2, Lifetime: 64935 secs
14 SRv6 SID: bad:feed:0:2::, Flavor: None
15 PE11.00-00 Sequence: 0xf, Checksum: 0xb19c, Lifetime: 64912 secs
16 SRv6 SID: bad:feed:0:11::, Flavor: None
17 PE12.00-00 Sequence: 0xd, Checksum: 0x8f0, Lifetime: 64859 secs
18 SRv6 SID: bad:feed:0:12::, Flavor: None
CLI-Output 6: IS-IS SRv6 End SID states
These SRv6 End SIDs are flooded via SRv6 IS-IS extensions, and allow the router to accept and process the packets with IPv6 address equal to locally defined End SID. Please note, there are no changes in the routing tables. The routing still uses SRv6 locators. It is just endpoint behavior (meaning, what happens, when the packet eventually arrives at the end node), which is now defined. And now, ping works!
1 root@PE11> ping bad:feed:0:12:: count 1
2 W15: Fri 2022-04-15T08:32:15 PDT (UTC-0700)
3 PING6(56=40+8+8 bytes) beef::111:11 --> bad:feed:0:12::
4 16 bytes from beef::112:12, icmp_seq=0 hlim=63 time=5.216 ms
5
6 --- bad:feed:0:12:: ping6 statistics ---
7 1 packets transmitted, 1 packets received, 0% packet loss
8 round-trip min/avg/max/std-dev = 5.216/5.216/5.216/0.000 ms
CLI-Output 7: Forwarding towards SRv6 locator
Conclusion
In the next article, we will discuss how the L3 services (global IPv4/IPv6, L3VPN with IPv4/IP6) can be implemented with SRv6 underlay.
Useful links
Glossary
- BGP: Border Gateway Protocol
- CE: Customer Edge
- ID: Identifier
- IGP: Interior Gateway Protocol
- IS-IS: Intermediate System to Intermediate System
- P: Provider
- PE: Provider Edge
- IP: Internet Protocol
- IPv4: Internet Protocol version 4
- IPv6: Internet Protocol version 6
- L3VPN: Layer 3 Virtual Private Network
- MPLS: MultiProtocol Label Switching
- RIB: Routing Information Base
- SID: Segment Identifier
- SRv6: Segment Routing version 6
- TLV: Type-Length-Value
Acknowledgements
Thanks to Anton Elita for thorough review, and Abhishek Murali for preparing JCL and vLabs topologies.
Comments
If you want to reach out for comments, feedback or questions, drop us a mail at
Revision History
Version |
Date |
Author(s) |
Comments |
1 |
June 2022 |
Krzysztof Szarkowicz |
Initial publication |
#SolutionsandTechnology
#Routing