SRv6 Simulation with FRR
SRv6 stands for Segment Routing over IPv6 and will be the replacement of MPLS.
Prerequisites
To have SRv6 working with FRR and Linux, you need at least the Linux kernel 5.19, iproute2 version 6.x and FRR 8.4.1. This document describe how to create a QEMU image with those minimal version and two VRFs.
This configuration could be used in such simulation:
Simulation
IP Base configuration
All interfaces of the core network are configured with IPv6 addresses and IP point-to-point connectivity is already up and running.
The IPv4 and IPv6 forwarding is enable:
ip forwarding
ipv6 forwarding
It is also interesting to use Loopback interface addressed in IPv6 to create the BGP sessions between the PE. Those interfaces will also participate in the ISIS route exchange.
IS-IS Configuration
The base configuration is the following, having all nodes in the same area and using Level-1 connections.
<x>
is your router number, for exemple 1,2 or 3 ;-)<n>
is your interfaces where isis is configured
As an example:
router isis <Process Name>
is-type level-1
net 49.0001.0001.0001.000<x>.00
lsp-mtu 1300
topology ipv6-unicast
!
interface eth<n>
ipv6 router isis <Process Name>
isis circuit-type level-1
!
interface lo
ipv6 router isis <Process Name>
isis circuit-type level-1
isis passive
SRv6 Configuration
The configuration is completed as shown in this example:
<x>
is your router number, for exemple 1,2 or 3 ;-)
segment-routing
srv6
locators
locator <Router-Name>
prefix 2001:dead:<x>::/64
exit
!
exit
!
exit
interface lo1
ipv6 address 2001:dead:<x>::1/64
ipv6 router isis <Process Name>
isis circuit-type level-1
isis passive
Add the following two commands in the ISIS configuration:
router isis SRv6
segment-routing on
segment-routing node-msd 8
exit
!
BGP Configuration
The base configuration is completed as shown in this example (for the router FRR-3):
router bgp 65000
bgp router-id 3.3.3.3
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp graceful-restart
neighbor 2001:db8:66::6 remote-as 65000
neighbor 2001:db8:66::6 description FRR-6
neighbor 2001:db8:66::6 update-source lo
neighbor 2001:db8:66::6 capability extended-nexthop
!
segment-routing srv6
locator FRR3
exit
!
address-family ipv4 unicast
neighbor 2001:db8:66::6 activate
exit-address-family
!
address-family ipv4 vpn
neighbor 2001:db8:66::6 activate
exit-address-family
!
address-family ipv6 unicast
network 2001:dead:30::/64
aggregate-address 2001:dead:30::/64 summary-only
neighbor 2001:db8:66::6 activate
exit-address-family
!
address-family ipv6 vpn
neighbor 2001:db8:66::6 activate
exit-address-family
exit
We also have to configure the different VRF for the routing exchange:
router bgp 65000 vrf Client1
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp graceful-restart
!
address-family ipv4 unicast
redistribute connected
redistribute ospf
sid vpn export auto
rd vpn export 65000:1
nexthop vpn export 2001:dead:30::
rt vpn both 65000:1
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
redistribute ospf6
sid vpn export auto
rd vpn export 65000:1
nexthop vpn export 2001:dead:30::
rt vpn both 65000:1
export vpn
import vpn
exit-address-family
exit
!
router bgp 65000 vrf Client2
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp graceful-restart
!
address-family ipv4 unicast
redistribute connected
redistribute ospf
sid vpn export auto
rd vpn export 65000:2
nexthop vpn export 2001:dead:30::
rt vpn both 65000:2
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
redistribute ospf6
sid vpn export auto
rd vpn export 65000:2
nexthop vpn export 2001:dead:30::
rt vpn both 65000:2
export vpn
import vpn
exit-address-family
exit
L3 VPN
The route exchange between the PE and the CE of the customer (VRF Client1 or Client2) is done through OSPFv3 for IPv6 and with OSPFv2 for IPv4. The default route is announced from the PE. On the PE, add the following configuration for the Customer “side”, as exemple for FRR-3:
vrf Client1
interface eth3
description Part of VRF Client1 (configured at linux level)
ip address 172.16.11.3/24
ipv6 address 2001:cafe:11::3/64
router ospf vrf Client1
ospf router-id 3.3.3.3
network 172.16.11.0/24 area 0
redistribute BGP
default-information originate always
exit
!
router ospf6 vrf Client1
ospf6 router-id 3.3.3.3
redistribute BGP
default-information originate always
exit
!
The configuration assigned for the VRF Client 1 is completed as shown in this example:
router bgp 65000 vrf Client1
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp graceful-restart
!
address-family ipv4 unicast
redistribute connected
redistribute ospf
sid vpn export auto
rd vpn export 65000:1
nexthop vpn export 2001:dead:30::
rt vpn both 65000:1
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
redistribute ospf6
sid vpn export auto
rd vpn export 65000:1
nexthop vpn export 2001:dead:30::
rt vpn both 65000:1
export vpn
import vpn
exit-address-family
exit
Warning
To enable the use of END.DT4 (bug), you need to run the following commands (as a root user) once your configuration is complete, in the Linux console (not in the FRR CLI):
sysctl -w net.vrf.strict_mode=1
systemctl restart frr
Configurations
Here are all the configuration of the equipment used in this simulation:
- Configuration of VRF Client1 devices
- Configuration of VRF Client2 devices
- Configuration of the Core Network devices