Configuring L3VPNv6 over SRv6 BE

This section describes how to configure L3VPNv6 over SRv6 BE.

Context

L3VPNv6 over SRv6 BE allows SRv6 BE paths on a public network to carry L3VPNv6 data. The key implementation of L3VPNv6 over SRv6 BE involves establishing SRv6 BE paths, advertising VPN routes, and forwarding data.

Figure 1 shows an example where an IPv6 public network is established between PE1 and PE2 and the involved VPNs are also IPv6 networks. SRv6 BE paths can be deployed on the IPv6 public network to carry L3VPNv6 services.

Figure 1 L3VPNv6 over SRv6 BE networking

Pre-configuration Tasks

Before configuring L3VPNv6 over SRv6 BE, complete the following tasks:

Configure a link-layer protocol.
Configure network-layer addresses for interfaces to ensure that neighboring devices are reachable at the network layer.

Procedure

Configure IPv6 IS-IS on the PEs and P. For configuration details, see Configuring Basic IPv6 IS-IS Functions.
Configure a VPN instance on each PE and enable the IPv6 address family.
1. Run system-view
  The system view is displayed.
2. Run ip vpn-instance vpn-instance-name
  A VPN instance is created, and its view is displayed.
3. Run ipv6-family
  The VPN instance IPv6 address family is enabled, and its view is displayed.
4. Run route-distinguisher route-distinguisher
  An RD is configured for the VPN instance IPv6 address family.
5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
  VPN targets are configured for the VPN instance IPv6 address family.
6. Run commit
  The configuration is committed.
7. Run quit
  Exit the VPN instance IPv6 address family view.
8. Run quit
  Exit the VPN instance view.
9. Run interface interface-type interface-number
  The view of the interface to be bound to the VPN instance is displayed.
10. Run ip binding vpn-instance vpn-instance-name
  The interface is bound to the VPN instance.
  
  The ip binding vpn-instance command deletes IPv4 and IPv6 Layer 3 configurations on the interface, such as the configured IP addresses and routing protocols. You have to reconfigure them if they are required.
11. Run ipv6 enable
  IPv6 is enabled on the interface.
12. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
  An IPv6 address is configured for the interface.
  
  Layer 3 features such as PE-CE route exchange can be configured for PE-CE communication only after an IPv6 address is configured for the involved VPN interface.
13. Run commit
  The configuration is committed.
14. Run quit
  Exit the interface view.
Configure PE-CE IPv6 route exchange. For configuration details, see Configuring Route Exchange Between PEs and CEs.
Establish an MP-IBGP peer relationship between the PEs.
1. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
2. Run router-id ipv4-address
  A router ID is configured.
3. Run peer ipv6-address as-number { as-number-plain | as-number-dot }
  The remote PE is configured as a peer.
4. Run peer ipv6-address connect-interface loopback interface-number
  The interface on which a TCP connection to the specified BGP peer is established is specified.
5. Run ipv6-family vpnv6
  The BGP-VPNv6 address family view is displayed.
6. Run peer ipv6-address enable
  The device is enabled to exchange VPN-IPv6 routing information with the specified peer.
7. Run commit
  The configuration is committed.
8. Run quit
  Exit the BGP-VPNv6 address family view.
9. Run quit
  Exit the BGP view.
Configure basic SRv6 functions.
1. Run segment-routing ipv6
  SRv6 is enabled, and the SRv6 view is displayed.
2. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
  A source address is specified for SRv6 VPN encapsulation.
3. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] ^* ]
  An SRv6 locator is configured.
4. (Optional) Run opcode func-opcode end-dt6 vpn-instance vpn-instance-name
  An opcode for static SIDs is configured.
  
  An End.DT6 SID can be either dynamically allocated through BGP or manually configured. If you want to run the segment-routing ipv6 locator locator-name command to enable dynamic End.DT6 SID allocation through BGP, this step can be skipped.
5. Run quit
  Exit the SRv6 locator view.
6. Run quit
  Exit the SRv6 view.
Enable IS-IS SRv6 on each PE.
1. Run isis [ process-id ]
  The IS-IS view is displayed.
2. Run ipv6 enable topology ipv6
  The IPv6 capability is enabled for the IS-IS process in the IPv6 topology.
3. Run segment-routing ipv6 locator locator-name [ auto-sid-disable ]
  IS-IS SRv6 is enabled.
4. Run quit
  Exit the IS-IS view.
Configure each PE to carry SIDs in VPN routes and recurse the routes to SRv6 BE paths based on the SIDs.
1. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
2. Run ipv6-family vpnv6
  The BGP-VPNv6 address family view is displayed.
3. Run peer ipv6-address prefix-sid [ advertise-srv6-locator ]
  The device is enabled to exchange IPv6 prefix SIDs with the specified IPv6 peer.
4. Run quit
  Exit the BGP-VPNv6 address family view.
5. Run ipv6-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv6 address family view is displayed.
6. Run segment-routing ipv6 best-effort
  The device is enabled to recurse VPN routes based on the SIDs carried in the routes.
7. Run segment-routing ipv6 locator locator-name
  The device is enabled to add SIDs to VPN routes.
8. Run commit
  The configuration is committed.

Verifying the Configuration

After configuring L3VPNv6 over SRv6 BE, verify the configuration.

Run the display segment-routing ipv6 locator [ locator-name ] verbose command to check SRv6 locator information.
Run the display segment-routing ipv6 local-sid { end | end-x | end-dt6 } [ sid ] forwarding command to check information about the SRv6 local SID table.
Run the display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table ipv6-address [ prefix-length ] command to check BGP VPNv6 routing information.
Run the ping ipv6 command to check the connectivity between CEs.