Configuring SRv6 OAM

This chapter contains information on SRv6 OAM.

About SRv6 OAM

Segment Routing over IPv6 (SRv6) Operation, Administration, and Maintenance (OAM) feature monitors SRv6 path connectivity and isolates forwarding problems to assist with fault detection and troubleshooting in the network. SRv6 OAM uses IPv6 ping and pathtrace for diagnosis.

SRv6 OAM provides the capability to choose a particular path when there are multiple equal cost destination paths. It also allows you to verify the reachability to an end host.

The SRv6 OAM feature is enabled using the Next Generation OAM (NGOAM) feature.

SRv6 OAM provides the following functions for diagnostics purposes:

  • Ping or pathtrace to loopback

  • Ping or pathtrace to SID

  • Ping or pathtrace to a host in a VRF

Terminology used in SRv6 OAM is as follows:

  • Ping - One or more probe packets are sent to a specific destination in order to elicit an ICMP response.

  • Pathtrace - Includes a series of probe packets that are sent with a monotonically increasing IPv6 Hop-Count (HC) value used to map a path to a destination node. A pathtrace differs from a traceroute only in that additional TLVs are included in the request and response to facilitate advanced diagnostics and reporting.

  • Probe Packet - Also referred to as a probe, this is a single request packet sent by either a ping or pathtrace.

  • Initiator Node - Is the node where the ping or pathtrace is run. The probe packets are crafted by NGOAM on this node, and sent out the appropriate interface, passing through transit nodes, and finally reaching the egress or final node.

  • Transit Node - Nodes traversed by ping or pathtrace packets. In the case of ping, unless the transit node is a segment end no special action is taken (routing is performed as normal). In the case of a pathtrace, OAM on transit nodes processes the packet and sends a response due to TTL expiry.

  • Egress Node - The remote node, that is the fabric edge node that the probe packets reach. Specifically this term is used in the overlay host ping cases where the probe is processed by OAM, but a proxy probe may be sent to the host.

  • Final Node - The remote node to which the probe packets are destined to.

Guidelines and Limitations for SRv6 OAM

SRv6 OAM has the following guidelines and limitations:

  • Beginning with Cisco NX-OS Release 9.3(3), SRv6 OAM is supported on Cisco Nexus 9300-GX and 9300-GX2 platform switches.

  • The SRv6 OAM feature requires time synchronization mechanism such as PTP or NTP used on Cisco NX-OS devices in order to measure one-way delay measurements.

SRv6 OAM Operations

SRv6 OAM operations include:

  • Ping and pathtrace to an IPv6 address via a segment list

  • Ping and pathtrace to a SID

  • Ping and pathtrace to SID with Segment List

  • Ping and trace to a SID function

  • Ping to IPv6 address or SID in Segment-by-Segment mode

  • Ping to host in overlay

  • Ping to host in overlay following Specific Application Path (Flow Tracking)

  • Diagnostic Information in Replies

  • Asynchronous Probes

  • CLI Profiles

The following features are supported:

  • Ping and pathtrace to an IPv6 address through a segment list - The ping or pathtrace is normal, but the path of the probe packets is modified to follow the configured SID list. The probes are sent with a SRH that directs the packets to follow the SID list.

  • Ping and pathtrace to a SID - Instead of the IP address of a node, the ping or pathtrace is to the SID itself. Since SIDs do not terminate a packet, in order for the OAM to respond to the probe packet, End OP or End OTP SID are used

  • Ping and pathtrace to a SID with a segment list - Supports the specified path using a segment list.

  • Ping to an IPv6 address or SID in Segment-by-Segment mode - Supports segment-by-segment ping which provides multiple proof of transit responses. The probes use the O-bit mechanism to trigger responses from each SRv6 segment terminus, except for the last one for which the End OTP SID is used.

  • Ping to host in overlay - Supports a ping from the PE to a host that is beyond a remote PE.

  • Ping to Host in overlay (flow tracking) - Supports a ping based on the outer packet destination address, source address, and the flow label.

  • Diagnostic Information in replies - Pathtrace includes additional fields in the packet that allow responses to carry diagnostic information, for example, interface load and statistics of the hops taken by these messages. If an intermediate device does not have SRv6 OAM enabled, the pathtrace behaves as a simple traceroute for those hops and it provides only the hop information

  • Asynchronous probes - Supports ping commands in an asynchronous mode. In this case, the ping commands sends the probes in the background and does not wait for the replies.

  • CLI profiles - The NGOAM feature provides an option to configure profiles that can be used in the ping and the pathtrace commands. The parameters provided in these commands can be stored as a profile and reused in the ping or pathtrace commands.

Configuring SRv6 OAM

Beginning Cisco NX-OS Release 9.3(3), you can configure SRv6 OAM on Cisco Nexus 9364C-GX, Cisco Nexus 9316D-GX, and Cisco Nexus 93600CD-GX switches.

Before you begin

Ensure that the feature srv6 feature is enabled.

SUMMARY STEPS

  1. configure terminal
  2. [no] feature ngoam

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch#configure terminal

Enters global configuration mode.

Step 2

[no] feature ngoam

Example:

switch(config)#feature ngoam

Enables or disables NGOAM feature.

SRv6 OAM Commands

SRv6 OAM supports the following commands:

Table 1. SRv6 OAM Commands

Commands

Description

{ping | pathtrace} srv6 IP address [via SID1, SID2 sid-list-end] [no-reduced-srh]

Initiates a ping or a pathtrace to a regular IPv6 address.

The via keyword defines a list of SRv6 SIDs.

The no-reduced-srh keyword causes the ping or the pathtrace to use a full SRH instead of the default reduced SRH.

{ping | pathtrace} srv6 sid SID [via SID1, SID2 sid-list-end] [end-otp SID3]

Initiates a ping or a pathtrace to the IPv6 SID instead of the IPv6 address.

The via keyword defines a list of intermediate SRv6 SIDs that can be traversed by the probe packets.

This command introduces SRH into the SRv6 probe packets.

The end-otp keyword is used to override the SID used for the End.OTP function on the remote node.

ping srv6 IP address [via SID1, SID2 sid-list-end]

By default, initiates a ping in the segment-by-segment mode. In this mode, the node that each SID represents sends a response to the ping.

The no-proof-of-transit keyword is used to not receive any replies from each node in the SID list.

ping srv6 sid SID[via SID1, SID2 sid-list-end] [no-proof-of-transit]

{ping | pathtrace} srv6 IP address vrf VRF [verify-host]

Initiates a ping or pathtrace to a host in a specified layer3 overlay network. The ping is initiated from a PE node of the VPN and terminated at either the remote PE node or at the specified host in the VRF.

The verify-host keyword is used to generate a secondary ping probe and send it from the remote PE node to the host in the VRF. This validates the connectivity.

{ping |pathtrace} srv6 IP address VRF VRF [payload [ip | ipv6] DST-IP SRC-IP [port PORT ] [proto PROTO ] payload-end] [verify-host]

The use of the payload keyword ensures where possible that the ECMP choices at each hop are the same as for the actual data traffic matching the profile described in the payload. This can be used to troubleshoot the case where flows for a specific application are failing due to only some links being faulty in an ECMP set.

This command can also be used to validate the specific ECMP path in case of partial fabric failures.

Examples for SRv6 OAM Configuration

The following examples show ping and pathtrace configurations:

  • The following example shows a ping to IPv6 address 4::4.
    ping srv6 4::4
  • The following example shows a ping to IPv6 address 4::4 via SID list cafe:0:0:2:1:: using the default proof of transit.
    ping srv6 4::4 via cafe:0:0:2:1:: sid-list-end
  • The following example shows a ping to IPv6 address 4::4 via SID list cafe:0:0:2:1:: without proof of transit.
    ping srv6 4::4 via cafe:0:0:2:1:: sid-list-end no-proof-of-transit
  • The following example shows a ping to IPv6 address 4::4 via SID list cafe:0:0:2:1:: using a non-reduced SRH.
    ping srv6 4::4 via cafe:0:0:2:1:: sid-list-end no-reduced-srh
  • The following example shows a ping to SID cafe:0:0:4:1:: using the default end-otp SID.
    ping srv6 sid cafe:0:0:4:1::
  • The following example shows a ping to SID cafe:0:0:4:1::using the user provided end-otp SID cafe:0:0:4:2:: .
    ping srv6 sid cafe:0:0:4:1:: end-otp cafe:0:0:4:2::
  • The following example shows a ping to IPv4 host 10.10.10.10 in vrf red without host verification.
    ping srv6 1.1.1.1 vrf red
  • The following example shows a ping to IPv6 host 104::4 in vrf red via SID list cafe:0:0:2:1:: with the default proof of transit and without host verification.
    ping srv6 104::4 vrf red via cafe:0:0:2:1:: sid-list-end
  • The following example shows a ping to IPv6 host 104::4 in vrf red via SID list cafe:0:0:2:1:: without proof of transit and without host verification.
    ping srv6 104::4 vrf red via cafe:0:0:2:1:: sid-list-end no-proof-of-transit
  • The following example shows a ping to IPv4 host 40.40.40.40 in the Global vrf without host verification.
    ping srv6 40.40.40.40
  • The following example shows a ping to IPv6 host 104::4 in vrf red using flow tracing and without host verification.
    ping srv6 104::4 vrf red payload ipv6 104::4 101::1 payload-end
  • The following example shows a ping to IPv6 host 104::4 in vrf red using flow tracing and with host verification.
    ping srv6 104::4 vrf red payload ipv6 104::4 101::1 payload-end verify-host
  • The following example shows a pathtrace to IPv6 address 4::4.
    pathtrace srv6 4::4
  • The following example shows a pathtrace to IPv6 address 4::4 via SID list cafe:0:0:2:1:: using the default proof of transit.
    pathtrace srv6 4::4 via cafe:0:0:2:1:: sid-list-end
  • The following example shows a pathtrace to IPv6 address 4::4 via SID list cafe:0:0:2:1:: using a non-reduced SRH.
    pathtrace srv6 4::4 via cafe:0:0:2:1:: sid-list-end no-reduced-srh
  • The following example shows a pathtrace to SID cafe:0:0:4:1:: using the default end-otp SID.
    pathtrace srv6 sid cafe:0:0:4:1::
  • The following example shows a pathtrace to SID cafe:0:0:4:1::using the user provided end-otp SID cafe:0:0:4:2:: .
    pathtrace srv6 sid cafe:0:0:4:1:: end-otp cafe:0:0:4:2::
  • The following example shows a pathtrace to IPv4 host 10.10.10.10 in vrf red.
    pathtrace srv6 1.1.1.1 vrf red
  • The following example shows a pathtrace to IPv6 host 104::4 in vrf red via SID list cafe:0:0:2:1:: .
    pathtrace srv6 104::4 vrf red via cafe:0:0:2:1:: sid-list-end
  • The following example shows a pathtrace to IPv4 host 40.40.40.40 in the Global vrf.
    pathtrace srv6 40.40.40.40
  • The following example shows an pathtrace to IPv6 host 104::4 in vrf red using flow tracing.
    pathtrace srv6 104::4 vrf red payload ipv6 104::4 101::1 payload-end
  • The following example shows a pathtrace to IPv6 host 104::4 in vrf red using flow tracing and with host verification.
    pathtrace srv6 104::4 vrf red payload ipv6 104::4 101::1 payload-end verify-host