Redirecting a Public IPv4 BGP FlowSpec Route to an SRv6 TE Policy (Manual Configuration)

Manually generate a BGP FlowSpec route and configure redirection rules to redirect the route to an SRv6 TE Policy.

Prerequisites

Before redirecting a public IPv4 BGP FlowSpec route to an SRv6 TE Policy in manual configuration mode, complete the following tasks:

Context

If no controller is deployed, perform the following operations to manually redirect a public IPv4 BGP FlowSpec route to an SRv6 TE Policy:

  1. Manually configure an SRv6 TE Policy.
  2. Manually configure a BGP FlowSpec route and define redirection rules. BGP FlowSpec route redirection is based on <Redirection IP address, Color, Public End.DT4 SID>. If the redirection IP address, color, and public End.DT4 SID attributes of a BGP FlowSpec route match the endpoint, color, and public End.DT4 SID attributes of an SRv6 TE Policy, the route can be successfully redirected to the SRv6 TE Policy.
  3. To enable the device to advertise the BGP FlowSpec route to another device, establish a BGP peer relationship in the BGP-Flow address family.

Procedure

  • Configure a public End.DT4 SID.

    1. Run system-view

      The system view is displayed.

    2. Run segment-routing ipv6

      SRv6 is enabled, and the SRv6 view is displayed.

    3. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]

      A source address is specified for SRv6 VPN encapsulation.

    4. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] * ]

      An SRv6 locator is configured.

    5. Run opcode func-opcode end-dt4

      A public End.DT4 SID is configured.

    6. Run quit

      Exit the SRv6 locator view.

    7. Run quit

      Exit the SRv6 view.

    8. Run commit

      The configuration is committed.

  • Configure a BGP FlowSpec route.

    1. Run flow-route flowroute-name

      A static BGP FlowSpec route is created, and the Flow-Route view is displayed.

    2. (Optional) Configure if-match clauses. For details, see "BGP Flow Specification Configuration" in Configuration - Security.
    3. Run apply redirect ipv6 redirectIPv6RT color colorValue [ prefix-sid prefix-sid-value ]

      The traffic that matches the if-match clauses is precisely redirected to the specified SRv6 TE Policy.

    4. Run quit

      Exit the Flow-Route view.

    5. Run commit

      The configuration is committed.

  • (Optional) Configure a BGP peer relationship in the BGP-Flow address family.

    Establish a BGP FlowSpec peer relationship between the ingress of the SRv6 TE Policy and the device on which the BGP FlowSpec route is manually generated. If the BGP FlowSpec route is manually generated on the ingress of the SRv6 TE Policy, skip this step.

    1. Run bgp as-number

      The BGP view is displayed.

    2. Run ipv4-family flow

      The BGP-Flow address family view is displayed.

    3. Run peer ipv4-address enable

      The BGP FlowSpec peer relationship is enabled.

      After the BGP FlowSpec peer relationship is established in the BGP-Flow address family view, the manually generated BGP FlowSpec route is automatically imported to the BGP-Flow routing table and then sent to each peer.

    4. Run peer ipv4-address redirect tunnelv6

      The device is enabled to process the redirection next-hop IPv6 address, color, and prefix SID attributes carried in BGP FlowSpec routes received from a peer.

    5. Run redirect tunnelv6 tunnel-selector tunnel-selector-name

      The device is enabled to recurse received routes with the redirection next-hop IPv6 address, color, and prefix SID attributes to SRv6 TE Policies.

    6. Run commit

      The configuration is committed.

Verifying the Configuration

After configuring the redirection, verify the configuration.

Parent Topic: Redirecting a Public IPv4 BGP FlowSpec Route to an SRv6 TE Policy
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >