Listen to this article if you do not want to read
SRv6 L3 VPN | In this article we will discuss SRv6 L3VPN service using IPV6 dataplane. We have already discussed basics of SRv6 and SRv6 header in my previous articles .Please go through following links for the same,
SRv6 SID represents 128 bit majorly consist of Locator and Function, (it can have optional argument bits as well)
Locator – This is the first part of the SID which identify address of SRV6 node
Function – This is the other part of SRv6 SID which identify network instruction that is executed on a particular node (node is identified by locator bits). For example, Network instruction can be L3 VPN function .
Lets understand how L3 VPN service works using SRv6. We will use below sample topology for the illustration purpose,
In the above topology, CE nodes exchanging IPV4 prefixes with respective PE nodes S1 and S8. PE-CE routing protocol can be EBGP, OSPF or IS-IS. L3VPN service is required between PE nodes S1 and S8 which are SRv6 enabled nodes.CE nodes need not to be SRv6 aware . Here are the steps of SRv6 L3 VPN to work,
- As part of SRv6 base configuration, admin has to define locator information along with prefix associated with it. For example, SRv6 locator for S1 is 2001:DB8:0:A1::/64 and for S8 is 2001:DB8:0:A8::/64. IGP (ISIS or OSPF) will distribute locator prefix in the IPv6 network (with neighbours) .
- SRv6 manager in the each node automatically allocates SIDs for each SRv6 application or function , remember SID is combination of locator + Function. In this example , SRv6 manager in S8 allocates 2001:DB8:0:A8:40::/64 for End.DX4 function associated with 10.10.1.0/24 CE routes and SRv6 manager in S1 allocates 2001:DB8:0:A1:40::/64 for End.DX4 function for ingress 10.10.2.0/24 CE routes. SIDs to these functions are allocated automatically .
- End.DX4 is a BGP function and SID allocated for End.DX4 is called BGP SID under VPNv4 address family. End.DX4 represents PE endpoint with decapsulation and IPv4 cross-connect, means egress PE will decapsulate packet while sending original IPv4 packet towards CE link.
- MP-BGP encodes SRv6 SID in L3 VPN NLRI advertisement towards its BGP peer over IPv6 network. And each node install these SID information in the forwarding table which is combination and mapping between SID (locator+function) and CE prefixes.
- See below figure for packet walk,
When packet arrives at S8 (ingress node) with destination address of remote CE , S8 encapsulate VRF IPV4 packet with SRv6 BGP VPN SID and send it over to egress PE node S1. S1 decapsulate packet and send original IPv4 packet towards directly connected CE. Same process happens when traffic flows in other direction.
This is how L3 VPN establish using SRv6 over IPv6 network and customer device neither support SRv6 nor aware of SRv6 in the provider network. I hope this article is helpful , please drop comment below if you have any query or clarification.