Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP
Benefits of SRv6 Network Programming
SRv6 Network Programming provides the following benefits in an IPv6 network:
BGP leverages the segment routing capability of devices to set up Layer 3 VPN tunnels. IPv4 packets can be transported through an SRv6 ingress node even if the transit routers are not SRv6-capable, thereby eliminating the need to deploy segment routing on all nodes in an IPv6 network.
Network Programming depends entirely on the IPv6 header and the header extension to transport a packet, eliminating protocols such as MPLS. This ensures a seamless deployment without any major hardware or software upgrade in a core IPv6 network.
Junos OS supports all function behaviors on a single SID and can inter-operate in the insert mode and the encapsulation mode. This allows a single device to simultaneously play the provider (P) router and the provider edge (PE) router roles.
SRv6 Network Programming in BGP Networks
Network Programming is the capability of a network to encode a network program into individual instructions that are inserted into the IPv6 packet headers. Segment Routing Header (SRH) is a type of IPv6 routing extension header that contains a segment list encoded as an SRv6 SID. An SRv6 SID consists of the locator, which is an address and a function that defines a particular task for each SRv6-capable node in the SRv6 network. SRv6 network programming eliminates the need for MPLS and provides flexibility to leverage segment routing.
Ensure that you use a unique SID, which BGP uses to allocate an SRv6 SID.
To configure IPv4 transport over the SRv6 core, include the end-dt4-sid sid statement at the [edit protocols bgp source-packet-routing srv6 locator name] hierarchy level.
To configure IPv6 transport over the SRv6 core, include the end-dt6-sid sid statement at the [edit routing protocols bgp source-packet-routing srv6 locator name] hierarchy level.
End dt4 is the endpoint SID with decapsulation and IPv4 table lookup and end dt6 is the endpoint with decapsulation and IPv6 table lookup. BGP allocates these for IPv4 and IPv6 Layer3 VPN service SIDs.
Layer 3 VPN Services over the SRv6 Core
When connecting to the egress PE, the ingress PE encapsulates the payload in an outer IPv6 header where the destination address is the SRv6 service SID associated with the related BGP route update. The egress PE sets the next hop to one of its IPv6 addresses that is also the SRv6 locator from which the SRv6 service SID is allocated. Multiple routes can resolve through the same segment routing policy.
Starting in Junos OS Release 20.4R1, you can configure BGP-based Layer 3 service over the SRv6 core. You can enable Layer 3 overlay services with BGP as the control plane and SRv6 as the dataplane. SRv6 network programming provides flexibility to leverage segment routing without deploying MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data.
Ensure that the end-dt4-sid sid and the end-dt6-sid sid are the last SIDs in the segment list, or the destination address of the packet with no SRH header.
To configure IPv4 VPN services over the SRv6 core, include the end-dt4-sid statement at the [edit routing-instances instance-name protocols bgp source-packet-routing srv6 locator name] hierarchy level.
To configure IPv6 VPN services over the SRv6 core, include the end-dt6-sid statement at the [edit routing-instances instance-name protocols bgp source-packet-routing srv6 locator name] hierarchy level.
Advertising Layer 3 VPN Services to BGP Peers
BGP advertises the reachability of prefixes of a particular service from an egress PE device to ingress PE nodes. BGP messages exchanged between PE devices carry SRv6 service SIDs, which BGP uses to interconnect PE devices to form VPN sessions. For Layer 3 VPN services where BGP uses a per-VRF SID allocation, the same SID is shared across multiple network layer reachability information (NLRI) address families.
To advertise SRv6 services to BGP peers at the egress node, include the advertise-srv6-service statement at the [edit protocols bgp family inet6 unicast] hierarchy level.
Egress PE devices that support SRv6-based Layer 3 services advertise overlay service prefixes along with a service SID. The BGP ingress node receives these advertisements and adds the prefix to the corresponding virtual routing and forwarding (VRF) table.
To accept SRv6 services at the ingress node, include the accept-srv6-service statement at the [edit protocols bgp family inet6 unicast] hierarchy level.
Supported and Unsupported Features for SRv6 Network Programming in BGP
Junos OS supports the following features with SRv6 Network Programming in BGP:
Ingress devices support seven SIDs in the reduced mode including the VPN SID
Egress devices support seven SIDs including the VPN SID
Junos OS does not support the following features in conjunction with SRv6 Network Programming in BGP:
Fragmentation and reassembly in SRv6 tunnels
VPN options B and C
Detection of duplicate SIDs
Endpoint with decapsulation and specific IP table lookup (End.DT46 SID)