Srv6
No description available
Install / Use
/learn @agantonov/Srv6README
SRv6 Demo
Table of contents
SRv6 is a new alternative to traditional MPLS services that operators have been using for decades. Here I'd like to demonstrate a way to build a virtual lab using Juniper devices and to configure the most popular services over SRv6 underlay.
Topology
The first step is building a topology. You can go with physical devices if you have enough of them at your hand or opt for a virtual lab, which is a more cost-effective option available to anyone. Nowadays, Juniper and most network vendors provide virtualized and containerized Network Operating Systems. In my lab I'm using virtual MX and virtual EX. Setting up all virtual machines manually can be time-consuming, especially for complex network topologies with a Network Operating System consisting of two VMs (vMX). That is where the Containterlab project comes into play making the topology building process much easier.
To begin with, we need to create containers from vMX and vEX images. This can be accomplished with the help of vrnetlab through the following steps:
- Clone the vrnetlab project.
- Download vMX and vEX images and copy them to the
vrnetlab/vmxandvrnetlab/vjunosswitchfolders, respectively. - Run
makein each folder.
As a result, you have the following Docker images:
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vrnetlab/vr-vjunosswitch 23.2R1.14 e64bbda0e0dc 3 days ago 4.36GB
vrnetlab/vr-vmx 23.4R1.10 bb5ef5b27530 3 days ago 10.9GB
Once the docker images are in place, you start building the actual topology. I'm going to deploy three PE routers connected to two P routers, each PE router having a CE device connected to it: PE1-CE1, PE2-CE2, PE3-CE3. In addition, there is a multihomed CE12 connected to both PE1 and PE2 with an ae12 bundle. <img src="images/phys_topo.png">
I created a container lab topology file where I specified Docker images and connections between containers. You can find more information about the syntax in the user guide.
Now let's deploy the topology:
$ sudo containerlab deploy -t srv6-vmx.yml
+---+----------------+--------------+------------------------------------+----------------------+---------+-----------------+----------------------+
| # | Name | Container ID | Image | Kind | State | IPv4 Address | IPv6 Address |
+---+----------------+--------------+------------------------------------+----------------------+---------+-----------------+----------------------+
| 1 | clab-srv6-ce1 | e82cefae2584 | vrnetlab/vr-vjunosswitch:23.2R1.14 | juniper_vjunosswitch | running | 172.20.20.7/24 | 2001:172:20:20::7/64 |
| 2 | clab-srv6-ce12 | 2f11d3e4c57e | vrnetlab/vr-vjunosswitch:23.2R1.14 | juniper_vjunosswitch | running | 172.20.20.4/24 | 2001:172:20:20::4/64 |
| 3 | clab-srv6-ce2 | c250931e5676 | vrnetlab/vr-vjunosswitch:23.2R1.14 | juniper_vjunosswitch | running | 172.20.20.2/24 | 2001:172:20:20::2/64 |
| 4 | clab-srv6-ce3 | c8cd5381d9ac | vrnetlab/vr-vjunosswitch:23.2R1.14 | juniper_vjunosswitch | running | 172.20.20.5/24 | 2001:172:20:20::5/64 |
| 5 | clab-srv6-p1 | 14752a8f36df | vrnetlab/vr-vmx:23.4R1.10 | juniper_vmx | running | 172.20.20.9/24 | 2001:172:20:20::9/64 |
| 6 | clab-srv6-p2 | 592017f1f182 | vrnetlab/vr-vmx:23.4R1.10 | juniper_vmx | running | 172.20.20.10/24 | 2001:172:20:20::a/64 |
| 7 | clab-srv6-pe1 | 02d66fda7dae | vrnetlab/vr-vmx:23.4R1.10 | juniper_vmx | running | 172.20.20.8/24 | 2001:172:20:20::8/64 |
| 8 | clab-srv6-pe2 | 3cf341de328f | vrnetlab/vr-vmx:23.4R1.10 | juniper_vmx | running | 172.20.20.6/24 | 2001:172:20:20::6/64 |
| 9 | clab-srv6-pe3 | 8eada5d37273 | vrnetlab/vr-vmx:23.4R1.10 | juniper_vmx | running | 172.20.20.3/24 | 2001:172:20:20::3/64 |
+---+----------------+--------------+------------------------------------+----------------------+---------+-----------------+----------------------+
The devices are up and running and it's time to configure them:
Core-facing interfaces
Many operators use multiple links aggregated into LAGs for connections between routers in the core. I follow this approach and create ae0-ae6 LAGs between PE and P routers, although there is a single link in each bundle. Additionally, I'm configuring family iso and family inet6; family inet and family mpls are not required. The typical core interface configuration is below:
ae0 {
description to-p1:ae0;
mtu 9192;
aggregated-ether-options {
lacp {
active;
periodic fast;
fast-failover;
}
}
unit 0 {
family iso;
family inet6 {
address 2001::10:100:0:0/127;
}
}
}
You can configure all core interfaces with the following command:
$ ansible-playbook -i inventory/srv6.yml playbook/interfaces.yml
Configuration files (core_iface_ae.conf and core_iface_p2p.conf) for core-facing interfaces on all routers are available at this link.
ISIS SRv6
First, you need to create locators which will be advertised by ISIS and used by PEs to forward VPN prefixes. All PE routers are provisioned with two locators. For instance, PE1 has the following configuration:
set routing-options source-packet-routing srv6 locator myloc1 1111:1111:1111::/48
set routing-options source-packet-routing srv6 locator myloc2 2222:2222:1111::/48
set routing-options source-packet-routing srv6 locator myloc2 micro-sid
myloc1 is a locator for regular SIDs and myloc2 is a locator for micro-SIDs. Detailed information about locators can be found in this blog as well as in the RFC8986 and draft-filsfils-spring-net-pgm-extension-srv6-usid.
Next, you configure ISIS protocol on all core-facing interfaces, disable IPv4 routing and specify SRv6 locators which are to be advertised to the other PEs:
pe1# show protocols isis| display set
set protocols isis interface ae0.0 level 2 post-convergence-lfa
set protocols isis interface ae0.0 point-to-point
set protocols isis interface ae1.0 level 2 post-convergence-lfa
set protocols isis interface ae1.0 point-to-point
set protocols isis interface lo0.0 passive
set protocols isis source-packet-routing srv6 locator myloc1 end-sid 1111:1111:1111:: flavor psp
set protocols isis source-packet-routing srv6 locator myloc1 end-sid 1111:1111:1111:: flavor usd
set protocols isis source-packet-routing srv6 locator myloc2 micro-node-sid
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8
set protocols isis backup-spf-options use-source-packet-routing
set protocols isis traffic-engineering l3-unicast-topology
set protocols isis traffic-engineering ipv6
set protocols isis traffic-engineering advertisement always
set protocols isis no-ipv4-routing
You can configure ISIS on all routers with the following command:
$ ansible-playbook -i inventory/srv6.yml playbook/isis.yml
ISIS configuration files (isis.conf) for all routers are available at this link.
ISIS is advertising to and recieving IPv6 SIDs from all routers:
pe1# run show isis database extensive | match SID
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
SRv6 SID: 1111:1111:1111::, Flavor: PSP, USD
SRv6 micro-node-SID: 2222:2222:1111::, Flavor: PSP, USD
Locator block length: 32, Locator node length: 16, SID function length: 0, SID argument length: 80
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
SRv6 SID: 1111:1111:2222::, Flavor: PSP, USD
SRv6 micro-node-SID: 2222:2222:2222::, Flavor: PSP, USD
Locator block length: 32, Locator node length: 16, SID function length: 0, SID argument length: 80
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
SRv6 SID: 1111:1111:3333::, Flavor: PSP, USD
SRv6 micro-node-SID: 2222:2222:3333::, Flavor: PSP, USD
Locator block length: 32, Locator node length: 16, SID function length: 0, SID argument length: 80
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
SRv6 SID: 1111:1111:4444::, Flavor: PSP, USD
SRv6 micro-node-SID: 2222:2222:4444::, Flavor: PSP, USD
Locator block length: 32, Locator node length: 16, SID function length: 0, SID argument length: 80
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
SRv6 SID: 1111:1111:5555::, Flavor: PSP, USD
SRv6 micro-node-SID: 2222:2222:5555::, Flavor: PSP, USD
Locator block length: 32, Locator node length: 16, SID function length: 0, SID argument length: 80
You are finally done with the ISIS part.
BGP
BGP configuration is pretty straightforw
