Configuring EVPN L3VPNv4 over SRv6 TE Policy

This section describes how to configure EVPN L3VPNv4 over SRv6 TE Policy so that EVPN L3VPNv4 services can be carried over SRv6 TE Policies.

Usage Scenario

EVPN L3VPNv4 over SRv6 TE Policy uses public SRv6 TE Policies to carry EVPN L3VPNv4 services. As shown in Figure 1, PE1 and PE2 communicate through an IPv6 public network. An SRv6 TE Policy is deployed on the network to carry EVPN L3VPNv4 services.

Figure 1 EVPN L3VPNv4 over SRv6 TE Policy networking

Pre-configuration Tasks

Before configuring EVPN L3VPNv4 over SRv6 TE Policy, complete the following tasks:

Configure an SRv6 TE Policy manually or use a controller to dynamically deliver an SRv6 TE Policy.

You need to apply a tunnel policy to a specified EVPN L3VPNv4 instance when configuring traffic steering.

Procedure

Configure an L3VPN instance.
1. Run ip vpn-instance vpn-instance-name
  
  A VPN instance is created, and the VPN instance view is displayed.
2. Run ipv4-family
  
  The VPN instance IPv4 address family is enabled, and the view of this address family is displayed.
3. Run route-distinguisher route-distinguisher
  
  An RD is configured for the VPN instance IPv4 address family.
4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn
  
  VPN targets are added to the VPN target list of the VPN instance IPv4 address family, so that routes of the VPN instance can be added to the routing table of the EVPN instance configured with a matching VPN target.
5. (Optional) Run default-color color-value evpn
  The default color value is specified for the L3VPNv4 service to recurse to an SRv6 TE Policy.
  
  If a remote EVPN route without carrying the Color Extended Community is leaked to a local VPN instance, the default color value is used for the recursion.
6. (Optional) Run import route-policy policy-name evpn
  
  The VPN instance IPv4 address family is associated with an import route-policy that is used to filter routes imported from the EVPN instance to the VPN instance IPv4 address family. To control route import more precisely, specify an import route-policy to filter routes and set route attributes for routes that meet the filter criteria.
7. (Optional) Run export route-policy policy-name evpn
  
  The VPN instance IPv4 address family is associated with an export route-policy that is used to filter routes advertised from the VPN instance IPv4 address family to the EVPN instance. To control route advertisement more precisely, specify an export route-policy to filter routes and set route attributes for routes that meet the filter criteria.
8. Run quit
  
  Exit the VPN instance IPv4 address family view.
9. Run quit
  
  Exit the VPN instance view.
1. Run commit
  The configuration is committed.
Bind the L3VPN instance to an access-side interface.
1. Run interface interface-type interface-number
  The interface view is displayed.
2. Run ip binding vpn-instance vpn-instance-name
  The L3VPN instance is bound to the interface.
3. Run ip address ip-address { mask | mask-length }
  An IPv4 address is configured for the interface.
4. Run quit
  Exit the interface view.
5. Run commit
  The configuration is committed.
Configure BGP EVPN peer relationships.

If a BGP RR needs to be configured on the network, establish BGP EVPN peer relationships between all the PEs and the RR.
1. Run bgp { as-number-plain | as-number-dot }
  BGP is enabled, and the BGP view is displayed.
2. Run peer { ipv6-address | group-name } as-number { as-number-plain | as-number-dot }
  The remote PE is configured as a peer.
3. (Optional) Run peer { ipv6-address | group-name } connect-interface interface-type interface-number
  A source interface and a source address are specified to set up a TCP connection with the BGP peer.
  
  If loopback interfaces are used to establish a BGP connection, you are advised to run the peer connect-interface command on both ends to ensure the connectivity. If this command is run on one end only, the BGP connection may fail to be established.
4. Run ipv4-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv4 address family view is displayed.
5. Run import-route { direct | isis process-id | static | ospf process-id | rip process-id } [ med med | route-policy route-policy-name ] ^*
  Routes of other protocols are imported to the BGP-VPN instance IPv4 address family. To advertise host IP routes, configure import of direct routes. To advertise routes on the network segment where the host resides, use a dynamic routing protocol (such as OSPF) to advertise routes on the network segment and then perform this step to import the routes of the dynamic routing protocol.
6. Run advertise l2vpn evpn [ import-route-multipath ]
  The device is enabled to advertise IP prefix routes. IP prefix routes are used to advertise host IP routes as well as routes on the network segment where the host resides.
  
  To implement SID-based load balancing, specify the import-route-multipath parameter for the device to advertise all IP prefix routes with the same destination address.
7. Run quit
  Exit the BGP-VPN instance IPv4 address family view.
8. Run l2vpn-family evpn
  The BGP EVPN address family view is displayed.
9. Run peer { ipv6-address | group-name } enable
  The device is enabled to exchange EVPN routes with the specified peer or peer group.
10. Run peer { ipv6-address | group-name } advertise encap-type srv6
  The device is enabled to send EVPN routes carrying SRv6-encapsulated attributes to the specified peer or peer group.
11. Run quit
  Exit the BGP EVPN address family view.
12. Run quit
  Exit the BGP view.
13. Run commit
  The configuration is committed.
On each PE, configure EVPN L3VPNv4 services to recurse to an SRv6 TE Policy.
1. Run segment-routing ipv6
  SRv6 is enabled, and the SRv6 view is displayed.
2. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
  A source address is specified for SRv6 VPN encapsulation.
3. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] ^* ]
  An SRv6 locator is configured.
4. (Optional) Run opcode func-opcode end-dt4 vpn-instance vpn-instance-name evpn
  A static SID operation code (opcode) is configured.
  
  Alternatively, run the opcode func-opcode end-dx4 vpn-instance vpn-instance-name evpn interface interface-type interface-number nexthop nexthop-address command to configure a static SID opcode.
  
  In EVPN scenarios, end-dx4 is used to allocate SIDs based on interfaces to which VPN instances are bound, and end-dt4 is used to allocate SIDs based on VPN instances.
  
  End.DT4 and End.DX4 SIDs can be either dynamically allocated by BGP or manually configured. If you want to enable dynamic End.DT4 and End.DX4 SID allocation using the segment-routing ipv6 locator locator-name command, skip this step.
5. Run quit
  Exit the SRv6 locator view.
6. Run quit
  Exit the SRv6 view.
7. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
8. Run ipv4-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv4 address family view is displayed.
9. Run segment-routing ipv6 locator locator-name evpn
  The device is enabled to add SIDs to VPN routes before sending the routes to EVPN.
10. Run segment-routing ipv6 traffic-engineer [ best-effort ] evpn
  The function to recurse EVPN L3VPNv4 services to SRv6 TE Policies is enabled.
  
  If an SRv6 BE path exists on the network, you can set the best-effort parameter, allowing the SRv6 BE path to function as a best-effort path in the case of an SRv6 TE Policy fault.
11. (Optional) Run segment-routing ipv6 apply-sid all-nexthop evpn
  The device is configured to allocate SIDs to BGP VPN IPv4 routes based on all next hops, thereby implementing SID-based load balancing.
  
  To configure the device to allocate a SID to a BGP VPN IPv4 route with a specified next hop, run the segment-routing ipv6 apply-sid specify-nexthop evpn command. Then, run the nexthop nexthop-address interface { interface-name | interfaceType interfaceNum } command to specify a next hop and an outbound interface.
12. Run commit
  The configuration is committed.

Verifying the Configuration

After configuring EVPN L3VPNv4 over SRv6 TE Policy, verify the configuration.

Run the display bgp vpnv4 { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table [ network [ prefix-length ] ] command to check BGP VPNv4 route information. The command output shows that the value of Relay Tunnel Out-Interface is SRv6 TE Policy.
Run the display bgp evpn all routing-table prefix-route prefix command to check EVPN IP prefix route information.
Run the display ip vpn-instance vpn-instance-name tunnel-info nexthop nexthopIpv6Addr command to check information about the tunnel to which the route with the specified next hop recurses in each address family of the current VPN instance.
Run the display ip routing-table vpn-instance vpn-instance-name command to check information about IPv4 VPN routes received from the remote end.