SRv6 uSID w/ EVPN-VPWS and BGP IPv4/IPv6

Load top1.vpnv4v6.srv6.configured.cfg

#IOS-XR
configure
load top1.vpnv4v6.srv6.usid.services.init.cfg
commit replace
y

#IOS-XE
config replace flash:top1.vpnv4v6.srv6.usid.services.init.cfg

SRv6 uSID is already preconfigured in the core.

Configure an EVPN-VPWS service between CSR1 and CSR3 using SRv6 as the underlay.

  • CSR1 is configured for 10.0.0.1/24 on Gi2.3311

  • CSR3 is configured for 10.0.0.3/24 on Gi2.3333

  • This will not work in the data plane on XRd

Configure BGP IPv4/IPv6 in the global table between CSR2 and CSR4 also using SRv6 as the underlay.

  • The BGP peerings are already setup in the global table

Answer

#XR5
evpn
 segment-routing srv6
  locator CCIE
!
l2vpn
 xconnect group VPWS
  p2p CUSTOMER
   interface GigabitEthernet0/0/0/0.3311
   neighbor evpn evi 100 service 100 segment-routing srv6
 
#XR7
evpn
 segment-routing srv6
  locator CCIE
!
l2vpn
 xconnect group VPWS
  p2p CUSTOMER
   interface GigabitEthernet0/0/0/0.3333
   neighbor evpn evi 100 service 100 segment-routing srv6

#XR6, XR8
router bgp 100
 segment-routing srv6
  locator CCIE
 !
 address-family ipv4 unicast
  segment-routing srv6
   alloc mode per-vrf
 !
 address-family ipv6 unicast
  segment-routing srv6
   alloc mode per-vrf
 !
 neighbor-group RR
  address-family ipv4 unicast
   next-hop-self
   encapsulation-type srv6
  !
  address-family ipv6 unicast
   next-hop-self
   encapsulation-type srv6

Explanation

SRv6 can be used as the data plane for EVPN-VPWS and global IPv4/IPv6 unicast. It does not appear to be supported for bridged EVPN. But bridge-domains are not configurable on XRv9K anyways.

For EVPN-VPWS, we must do two things. First, we configure the locator that EVPN will use:

evpn
 segment-routing srv6
  locator CCIE

Next, we configure the encapsulation as SRv6 on the xconnect:

l2vpn
 xconnect group VPWS
  p2p CUSTOMER
   neighbor evpn evi 100 service 100 segment-routing srv6

Alternatively, we can specify the locator on the individual p2p xconnect. However, we still must activate SRv6 under EVPN:

evpn
 segment-routing srv6
!
l2vpn
 xconnect group VPWS
  p2p CUSTOMER
   neighbor evpn evi 100 service 100 segment-routing srv6 locator CCIE

The SID advertisement works the same as we have seen with L3VPN. The SID is advertised within a Prefix SID Sub TLV. The label field contains the function bits.

The PE installs this ::/64 SID into the FIB with a uDX2 instruction, which means to decapsulate and cross-connect for a layer 2 service.

Note that on XRv9K, this L2 service works in the data plane. However, on XRd, it seems that the node cannot do vlan rewrite operations, so this is not working in the data plane.

Next, we configure BGP IPv4/IPv6 unicast in the global VRF for SRv6. This is just like 6PE, in which global IPv6 unicast is tunneled across an MPLS core by advertising a service label with the ipv6/unicast prefix. To configure this, we first need to fix an issue. The PEs are not setting next-hop-self on the routes. This causes the RRs to not select these prefixes as best because the nexthop is inaccessible. When these were VRF routes, the PE automatically sets next-hop-self for the VPNv4/v6 route, as the PE is technically the router originating the VPN route.

We fix this by setting next-hop-self:

#XR6, XR8
router bgp 100
 neighbor-group RR
  address-family ipv4 unicast
   next-hop-self
  !
  address-family ipv6 unicast
   next-hop-self

Next, we enable SRv6 for BGP the same as we did for L3VPN. We can also configure the locator to be used by default:

#XR6, XR8
router bgp 100
 segment-routing srv6
  locator CCIE

We must do two other things. We must set the SRv6 alloc mode under the global AFIs, and we must set the encapsulation type as SRv6 under the iBGP neighbor statements.

#XR6, XR8
router bgp 100
 address-family ipv4 unicast
  segment-routing srv6
   alloc mode per-vrf
 !
 address-family ipv6 unicast
  segment-routing srv6
   alloc mode per-vrf
 !
 neighbor-group RR
  address-family ipv4 unicast
   encapsulation-type srv6
  !
  address-family ipv6 unicast
   encapsulation-type srv6

Now the global prefixes have a SID associated with them. The difference with global IPv4/IPv6 unicast is that BGP-LU is not used, so there is no label field to place the function bits inside. This is just an optimization to better pack BGP updates, so it is not a major drawback.

Traffic between the two pairs of CEs should now be working:

PreviousSRv6 uSIDNextSRv6 uSID w/ SR-TE

Last updated