Licensing Requirements
For a complete explanation of Cisco NX-OS licensing recommendations and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Configuring SRv6
This chapter contains information on how to configure SRv6.
About Segment Routing Over IPv6
Segment Routing (SR) can be applied on both MPLS and IPv6 data planes. In a SR-MPLS enabled network, an MPLS label is used as the Segment Identifier (SID) and the source router chooses a path to the destination and encodes the path in the packet header as a stack of labels. In a Segment Routing over IPv6 (SRv6) network, the IPv6 address serves as the SID. The source router encodes the path to destination as an ordered list of segments (list of IPv6 addresses) in the IPv6 packet. To encode an ordered list of IPv6 addresses in an IPv6 packet, a new routing header which is an extension header is used. This new header for SRv6 is called Segment Routing Header (SRH). In an SRv6 enabled network, the active segment is indicated by the destination address of the packet, and the next segment is indicated by a pointer in the SRH.
SRv6 works on IPv6 data forwarding and is suitable for all data center deployments. SRv6 with SRH facilitates traffic engineering and path protection capabilities. Minus the SRH, SRv6 also supports traffic forwarding for multi-tenants with only the IPv6 packet header. In this case, the IPv6 destination address (128-bit) represents the reachability (locator) and the VPN function.
The forwarding methodology is such that if the destination address is within the locator prefix space is not in the SID table, it checks the standard routing table for a match.
Beginning Cisco NX-OS Release 9.3(3), Cisco Nexus 9300-GX series switches support SRv6 functionality as follows:
-
IPv6
-
processing of packets with SRHs at line rate
-
BGP, OSPFv3, and IS-IS protocols
-
L3VPN over SRv6 for both, IPv4 and IPv6 VPN prefixes
-
global IPv4 and IPv6 (Internet) over SRv6
The following functions are supported in Cisco NX-Release 9.3(3):
-
End
-
End DT4/DT6/DT46
-
T Encaps Red
-
Transit Functionality (with and without SRH)
SRv6 Topology
This diagrams describes the SRv6 topology.
In this example, the underlay IPv6 is enable with IS-IS. The interface between PE1 and spine are enabled with the link local addresses, while the interfaces between PE2 and spine are configured with the IPv6 addresses. In this topology, the configuration spine is also enabled for SRv6. The spine can act as a pure IPv6 underlay. The PE1/Leaf1 peers with PE2/Leaf2 over iBGP session to exchange VPN prefixes. The PE1 is attached to CE1 in vrf1 and learns VPN prefixes via eBGP session. Similarly, the PE2 is attached to CE2 in vrf1 and learns VPN prefixes via eBGP session.
Guidelines and Limitations for SRv6
SRv6 has the following guidelines and limitations:
-
Beginning with Cisco NX-OS Release 9.3(3), SRv6 is supported on Cisco Nexus 9300-GX and 9300-GX2 platform switches.
-
In Cisco NX-OS Release 9.3(3), only a single locator is supported.
-
Layer 3 interface and Layer 3 port-channel are the supported uplinks toward the fabric. SVI and subinterfaces are not supported.
-
Coexistence of the SRv6 feature and the MPLS SR-TE feature is not supported on Cisco Nexus 9000 switches.
Configuring SRv6
You can enable SRv6 and configure the locator with its prefix.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
segment-routing Example: |
Enables segment routing over SRv6. |
| Step 3 |
srv6 Example: |
Enables segment routing over SRv6. |
| Step 4 |
locators Example: |
Enter locator configuration mode. |
| Step 5 |
locator name Example: |
Configure the locator. |
| Step 6 |
prefix ipv6 address/len Example: |
Configures the locator prefix. |
| Step 7 |
exit Example: |
Exits the locator configuration mode. |
Configuring Encapsulation Parameters
You can obtain the source IPv6 address using the SRv6 encapsulation configuration.
Before you begin
Ensure that feature srv6 is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
segment-routing Example: |
Enters the segment routing configuration mode. |
| Step 3 |
srv6 Example: |
Enables segment routing over SRv6. |
| Step 4 |
locators Example: |
Enters the locators configuration mode. |
| Step 5 |
locator name Example: |
Configures the global locator that can be used for all IPv4 and IPv6 VRFs and enters the locator configuration mode. |
| Step 6 |
encapsulation Example: |
Enters the encapsulation configuration mode. |
| Step 7 |
source-address ipv6-address Example: |
Configures the source IPv6 address for SRv6 encapsulation. |
Configuring IPv6 Underlay
You can configure IPv6 underlay with one of the following:
-
IS-IS
-
OSPFv3
-
BGP
Configuring SRv6 with IS-IS Protocol
You can configure SRv6 with IS-IS protocol.
Before you begin
Ensure that the following conditions are met:
-
The feature srv6 is enabled.
-
The feature isis is enabled.
-
SRv6 is enabled under the IPv6 address-family in IS-IS.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router isis instance-tag Example: |
Creates a new IS-IS instance with the configured instance tag. |
| Step 3 |
address-family ipv6 unicast Example: |
Enters address family configuration mode. |
| Step 4 |
segment-routing srv6 Example: |
Configures SRv6 with IS-IS protocol. |
| Step 5 |
locator name Example: |
Configure the locator. |
Configuring SRv6 with OSPFv3 Protocol
Before you begin
-
Ensure that feature srv6 is enabled.
-
Ensure that feature ospfv3 is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
route-map LOCATOR_MAP permit 10 Example: |
|
| Step 3 |
router ospfv3 process_tag Example: |
Enables the OSPF mode. |
| Step 4 |
address-family ipv6 unicast Example: |
Enters address family configuration mode. |
| Step 5 |
redistribute srv6 locator route-map LOCATOR_MAP Example: |
|
Configuring SRv6 with BGP
When locator is configured under BGP, it creates route of the locator prefix in its IPv6 unicast table and advertises it to its peers.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 4 |
locator name Example: |
Configures the locator. |
| Step 5 |
exit Example: |
Exits the SRv6 configuration mode. |
Configuring Layer 3 VPN over SRv6
When a locator is configured under BGP, it creates route of the locator prefix in its IPv6 unicast table and advertises it to it's peers. This locator is used for allocating SRv6 SIDs for VRFs.
In Cisco NX-OS Release 9.3(3), the Cisco NX-OS switches support only one locator.
You can configure DT4 and DT6 SIDs separately under each address family. If the DT46 is configured under the VRF, then End.DT4 and End.DT6 configurations are not allowed under each address family.
Allocating DT46 SIDs for VRF
You can configure SRv6 with Layer 3 VPN fabric.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 4 |
locator name Example: |
Configures the locator. |
| Step 5 |
exit Example: |
Exits the SRv6 configuration mode. |
| Step 6 |
vrf name Example: |
Configures the VRF. |
| Step 7 |
segment-routing srv6 Example: |
Configures SRv6 and enters the VRF SRv6 configuration mode. |
| Step 8 |
alloc mode per-vrf Example: |
Allocates SRv6 End DT46 per VRF. |
Allocating DT4 and DT6 SIDs Per VRF
You can configure SRv6 with Layer 3 VPN fabric.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 4 |
locator name Example: |
Configures the locator. |
| Step 5 |
exit Example: |
Exits the SRv6 configuration mode. |
| Step 6 |
vrf name Example: |
Configures the VRF. |
| Step 7 |
address-family (ipv4 | ipv6} unicast Example: |
Configures the IPv4 or IPv6 address family and enters the address family configuration mode. |
| Step 8 |
segment-routing srv6 Example: |
Configures SRv6 and enters the VRF SRv6 configuration mode. |
| Step 9 |
alloc mode per-vrf Example: |
Allocates SRv6 End DT4 or DT6 per VRF. |
Allocating SRv6 DT46 SIDs for Global VRF
You can allocate SRv6 DT46 SIDs for global VRF with Layer 3 VPN fabric.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 4 |
locator name Example: |
Configures the locator. |
| Step 5 |
alloc mode per-vrf Example: |
Allocates SRv6 End DT4 or DT6 for the global VRF. |
Allocating SRv6 DT4 SIDs for IPv4 AF in Global VRF
You can allocate SRv6 DT4 SIDs for IPv4 address family in the global VRF with Layer 3 VPN fabric.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
address-family ipv4 unicast Example: |
Configures the IPv4 address family and enters the address family configuration mode. |
| Step 4 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 5 |
alloc mode per-vrf Example: |
Allocates SRv6 End DT4 for address family in global VRF. |
Allocating SRv6 DT6 SIDs for IPv6 AF in Global VRF
You can allocate SRv6 DT6 SIDs for IPv6 address family in the global VRF with Layer 3 VPN fabric.
Before you begin
Ensure that feature srv6 is enabled.
Ensure that feature bgp is enabled.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
router bgp as-number Example: |
Enter BGP router configuration mode. |
| Step 3 |
address-family ipv6 unicast Example: |
Configures the IPv6 address family and enters the address family configuration mode. |
| Step 4 |
segment-routing srv6 Example: |
Configures SRv6 with the BGP. |
| Step 5 |
alloc mode per-vrf Example: |
Allocates SRv6 End DT6 for address family in global VRF. |
Verifying the SRv6 Configuration
To display BGP specific SRv6 configuration, perform one of the following tasks:
| Command | Purpose |
|---|---|
|
Show bgp segment-routing srv6 |
Displays the BGP SRv6 locator and SID for all VRFs. |
|
Show bgp process name |
Displays the BGP SRv6 SID for that VRF and the configured locator. |
Configuration Example for SRv6
This example shows the SRv6 configuration:
feature bgp
feature isis
feature srv6
segment-routing
srv6
locators
locator first
prefix 6abc:0:1::/64
encapsulation
source-address 6666::1
route-map EVERYTHING permit 10
vrf context vrf1
rd auto
address-family ipv4 unicast
route-target import 6603:1
route-target export 6603:1
address-family ipv6 unicast
route-target import 6603:1
route-target export 6603:1
interface Ethernet1/7/1
no shutdown
interface Ethernet1/7/1.1
encapsulation dot1q 101
vrf member vrf1
ip address 31.0.1.2/24
ipv6 address 31::1:2/124
no shutdown
interface Ethernet1/9
ipv6 address use-link-local-only
ipv6 router isis SR-ISIS-6
no shutdown
interface loopback0
ip address 6.6.6.1/32
ipv6 address 6666::1/128
ipv6 router isis SR-ISIS-6
router isis SR-ISIS-6
net 66.0000.0000.0000.6001.00
metric-style transition
log-adjacency-changes
address-family ipv6 unicast
segment-routing srv6
locator first
maximum-paths 16
router bgp 6603
router-id 6.6.6.1
segment-routing srv6
locator first
alloc mode per-vrf
address-family ipv4 unicast
redistribute direct route-map EVERYTHING
address-family ipv6 unicast
redistribute direct route-map EVERYTHING
neighbor 6666::3
remote-as 6603
update-source loopback0
address-family ipv4 unicast
address-family ipv6 unicast
address-family vpnv4 unicast
send-community
send-community extended
address-family vpnv6 unicast
send-community
send-community extended
vrf vrf1
address-family ipv4 unicast
redistribute direct route-map EVERYTHING
segment-routing srv6
alloc mode per-vrf
address-family ipv6 unicast
redistribute direct route-map EVERYTHING
segment-routing srv6
alloc mode per-vrf
neighbor 31::1:1
remote-as 1001
update-source Ethernet1/7/1.1
address-family ipv6 unicast
neighbor 31.0.1.1
remote-as 1001
update-source Ethernet1/7/1.1
address-family ipv4 unicast
Feedback