Configuring BGP IPv6 FlowSpec Route Redirection to an SRv6 TE Policy (Manual Configuration)

Procedure

• Configure a public network End.DT6 SID.
  1. Run system-view

     The system view is displayed.

  2. Run segment-routing ipv6

     SRv6 is enabled, and the SRv6 view is displayed.

  3. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]

     A source address is specified for SRv6 VPN encapsulation.

  4. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] ^* ]

     An SRv6 locator is configured.

  5. Run opcode func-opcode end-dt6

     A public network End.DT6 SID is configured.

  6. Run quit

     Exit the SRv6 locator view.

  7. Run quit

     Exit the SRv6 view.

  8. Run commit

     The configuration is committed.

• Configure a BGP IPv6 FlowSpec route.
  1. Run flow-route flowroute-name ipv6

     A static BGP IPv6 FlowSpec route is created, and the BGP-Flow-IPv6 address family view is displayed.

  2. (Optional) Configure if-match clauses. For details, see "BGP Flow Specification Configuration" in Configuration - Security.
  3. Run apply redirect ipv6 redirectIPv6RT color colorValue [ prefix-sid prefix-sid-value ]

     The traffic that matches the if-match clauses is precisely redirected to the specified SRv6 TE Policy.

  4. Run quit

     Exit the BGP-Flow-IPv6 address family view.

  5. Run commit

     The configuration is committed.

• (Optional) Configure a BGP peer relationship in the BGP-Flow-IPv6 address family.

  Establish a BGP IPv6 FlowSpec peer relationship between the headend of the SRv6 TE Policy and the device on which the BGP IPv6 FlowSpec route is manually configured. If the BGP IPv6 FlowSpec route is manually configured on the headend of the SRv6 TE Policy, skip this step.

  1. Run bgp as-number

     The BGP view is displayed.

  2. Run ipv6-family flow

     The BGP-Flow-IPv6 address family view is displayed.

  3. Run peer { ipv4-address | ipv6-address } enable

     A BGP IPv6 FlowSpec peer relationship is established.

     After the BGP IPv6 FlowSpec peer relationship is established in the BGP-Flow-IPv6 address family view, the manually configured BGP IPv6 FlowSpec route is imported automatically to the BGP routing table and then advertised to the specified BGP IPv6 FlowSpec peer.

  4. Run quit

     Exit the BGP-Flow-IPv6 address family view.

  5. Run commit

     The configuration is committed.

• Allow the device to recurse static BGP IPv6 FlowSpec routes to corresponding tunnels.
  1. Run system-view

     The system view is displayed.

  2. Run bgp as-number

     The BGP view is displayed.

  3. Run ipv6-family flow

     The BGP-Flow-IPv6 address family view is displayed.

  4. Run local-route redirect ipv6 recursive-lookup tunnel tunnel-selector tunnel-selector-name

     The device is allowed to recurse static BGP IPv6 FlowSpec routes to corresponding tunnels.

  5. Run commit

     The configuration is committed.