Configuring VPN MPLS/VPN SRv6 Dual-Stack Tunnels

Configuring VPN MPLS/VPN SRv6 dual-stack tunnels on networks where IPv4 and IPv6 services coexist prevents potential traffic interruption when IPv4 services are directly migrated to IPv6.

Usage Scenario

When an MPLS backbone network that carries VPN routes spans multiple ASs, inter-AS VPN technology is used to deploy L3VPN over MPLS services. As IPv4 addresses gradually run out, IPv6 networks will be increasingly deployed to solve this issue. However, such an evolution cannot take place overnight, causing IPv4 and IPv6 services to coexist.

To prevent existing services from being compromised during the upgrade and evolution of existing networks, L3VPN supports dual-stack tunnels. A route with an IPv4 next hop can recurse to an MPLS tunnel, and a route with an IPv6 next hop can recurse to an SRV6 tunnel. Different tunnels can be selected based on the routes with different next hops, which greatly improves the feasibility of the transition from the IPv4 network to the IPv6 network.

Pre-configuration Tasks

Before configuring VPN MPLS/VPN SRv6 dual-stack tunnels, complete the following tasks:

Configure an IGP for each AS on the MPLS backbone network to ensure IP connectivity of the backbone network within each AS.

Configure basic MPLS capabilities and MPLS LDP in each AS on the MPLS backbone network.
Establish an IBGP peer relationship between the PE and ASBR in each AS.
Configure a VPN instance on each PE that connects to a CE and bind the PE interface that connects to the CE to the VPN instance.
Configure an IP address for each CE interface that connects to a PE.
The inter-AS VPN has been configured. For example, the inter-AS VPN option C (solution 1) has been configured.

Procedure

Configure priority-based route selection on each PE.
1. Run system-viewcommand to
  
  The system view is displayed.
2. Run bgp as-number
  
  The BGP view is displayed.
3. Run ipv4-family vpnv4
  
  The BGP-VPNv4 address family view is displayed.
4. Run peer ipv4-address high-priority or peer peerGroupName high-priority
  
  BGP VPNv4 routes learned from the IPv4 peer or peer group are enabled to participate in route selection based on the high priority.
5. Run commit
  
  The configuration is committed.
Configure a VPN instance with the IPv4 address family enabled on each PE.
1. Run system-view
  The system view is displayed.
2. Run ip vpn-instance vpn-instance-name
  A VPN instance is created, and the VPN instance view is displayed.
3. Run ipv4-family
  The VPN instance IPv4 address family is enabled, and its view is displayed.
4. Run route-distinguisher route-distinguisher
  An RD is configured for the VPN instance IPv4 address family.
5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
  VPN targets are configured for the VPN instance IPv4 address family.
6. Run commit
  The configuration is committed.
7. Run quit
  Exit the VPN instance IPv4 address family view.
8. Run quit
  Exit the VPN instance view.
9. Run interface interface-type interface-number
  The view of the interface to be bound to the VPN instance is displayed.
10. Run ip binding vpn-instance vpn-instance-name
  The interface is bound to the VPN instance.
  
  The ip binding vpn-instance command deletes IPv4 and IPv6 Layer 3 features on the interface, such as the configured IP address and routing protocol. You have to reconfigure them if they are required.
11. Run ip address ip-address { mask | mask-length }
  An IP address is configured for the interface.
  
  Layer 3 features such as PE-CE route exchange can be configured only after an IP address is configured for the PE interface that connects to a CE.
12. Run commit
  The configuration is committed.
13. Run quit
  Exit the interface view.
Configure IPv4 route exchange between the PE and CE in each AS. For configuration details, see Configuring the PE and CE to Exchange Routes.
Establish an MP-IBGP peer relationship between PEs.
1. Run bgp as-number
  The BGP view is displayed.
2. Run router-id ipv4-address
  A router ID is set.
3. Run peer ipv4-address as-number as-number
  A remote PE as a peer is specified.
4. Run peer ipv4-address connect-interface loopback interface-number
  The interface to be used to establish a TCP connection for BGP is specified.
5. Run peer ipv6-address as-number as-number
  A remote PE is specified as a peer.
6. Run peer ipv6-address connect-interface loopback interface-number
  The interface to be used to establish a TCP connection for BGP is specified.
7. Run ipv4-family vpnv4
  The BGP-VPNv4 address family view is displayed.
8. Run peer ipv4-address enable
  The device is enabled to exchange VPNv4 routing information with the peer.
9. Run peer ipv6-address enable
  The device is enabled to exchange VPNv4 routing information with the peer.
10. Run commit
  The configuration is committed.
11. Run quit
  Exit the BGP-VPNv4 address family view.
12. Run quit
  Exit the BGP view.
Establish an SRv6 BE tunnel between PEs.
1. Run segment-routing ipv6
  SR is enabled on the IPv6 forwarding plane, and the SRv6 view is displayed.
2. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
  A source address is specified for SRv6 VPN encapsulation.
3. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] ^* ]
  A SID node route locator is configured.
4. Run opcode func-opcode end-dt4 vpn-instance vpn-instance-name
  The opcode of a static SID is configured.
5. Run quit
  Exit the SRv6 locator view.
6. Run quit
  Exit the SRv6 view.
7. Run bgp as-number
  The BGP view is displayed.
8. Run ipv4-family vpnv4
  The BGP-VPNv4 address family view is displayed.
9. Run peer ipv6-address prefix-sid
  The device is enabled to exchange IPv4 prefix SID information with a specified IPv6 peer.
10. Run quit
  Exit the BGP-VPNv4 address family view.
11. Run ipv4-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv4 address family view is displayed.
12. (Optional) Run bestroute nexthop-priority { ipv4 | ipv6 }
  The device is configured to select the route with a higher priority after routes learned by the VPNv4 instance are leaked to a private network.
13. Run segment-routing ipv6 best-effort
  The device is enabled to recurse VPN routes based on the SID carried in the routes
14. Run segment-routing ipv6 locator locator-name [ auto-sid-disable ]
  The VPN route is enabled to carry the SID attribute. If auto-sid-disable is not specified, dynamic SID allocation is supported. If static SIDs are configured using locator-name, the static SIDs are used. Otherwise, dynamically allocated SIDs are used.
15. Run commit
  The configuration is committed.
On the PE, disable BGP VPNv4 routes learned from IPv4 peers from participating in route selection based on the high priority and enable BGP VPNv4 routes learned from IPv6 peers to do so, so that user traffic is switched to the SRv6 tunnel.
1. Run system-view
  The system view is displayed.
2. Run bgp as-number
  The BGP view is displayed.
3. Run ipv4-family vpnv4
  The BGP-VPNv4 address family view is displayed.
4. Run undo peer ipv4-address high-priority
  BGP VPNv4 routes learned from the IPv4 peer are disabled from participating in route selection based on the high priority.
5. Run peer ipv6-address high-priority or peer peerGroupName high-priority
  BGP VPNv4 routes learned from the IPv6 peer or peer group are enabled to participate in route selection based on the high priority, so that user traffic can be switched to the SRv6 tunnel.
6. Run commit
  The configuration is committe.

Verifying the Configuration

After the configuration is complete, verify the configuration:

Run the display bgp vpnv4 all routing-table command in the system view to check information about BGP VPNv4 routes and BGP VPN routes.
Run the display bgp vpnv4 all peer command in the system view to check information about BGP peers.