evpn vpws over srv6 or evpn l2vpn over srv6

[ale0524]

frrouting Does it support evpn l2vpn over srv6; Is DT2U and DX2 type SID supported ？？？

[ale0524]

I hope the expert can answer; If supported, please provide a reference case. Thank you

[cscarpitta]

Hi @ale0524, currently only L3VPN over SRv6 is supported. There is no support for L2VPN over SRv6.

[cscarpitta]

@ale0524 Anyway, this is something that we have on our roadmap. We are planning to implement it!

[ale0524]

@cscarpitta Thank you for your answer; I hope it can be used as soon as possible; thanks！

[ale0524]

@cscarpitta Can you provide a detailed configuration case for evpn l3vpn over srv6; I use Centos 7.6 as my operating system; How to choose between kernel version and frrouting version?

[ale0524]

R1# traceroute 2001:db8:200::20 traceroute to 2001:db8:200::20 (2001:db8:200::20), 30 hops max, 80 byte packets 1 2001:db8:200::20 (2001:db8:200::20) 0.583 ms !N 0.507 ms !N 0.488 ms !N

[ale0524]

May I ask if there is a problem with router insertion failure in the Linux kernel; Causing unreachable access to the target

[ale0524]

Current kernel version：Linux R1 4.14.131-generic #862.el7 SMP Sat Jul 18 07:37:47 CST 2020 x86_64 x86_64 x86_64 GNU/Linux

[cscarpitta]

@ale0524 For some reason, the kernel rejects the SRv6 routes. Can you share your FRR configuration ( show running-config ) and your IPv6 routes ( show ipv6 route vrf all ) ?

[ale0524]

@cscarpitta FRR configuration ；Provided to you on Monday；

[ale0524]

R1# show running-config Building configuration...

Current configuration: ! frr version 8.5 frr defaults traditional hostname R1 log file /tmp/zebra.log log stdout alerts log syslog informational ! debug zebra kernel debug zebra rib detailed ! ipv6 route 2001:db8:200::/64 2001::20 ! vrf evpn1 vni 50 ip router-id 192.168.100.100 exit-vrf ! interface ens33 description SRv6 ipv6 address 2001::10/64 ipv6 router isis SRv6 isis circuit-type level-2-only exit ! interface lo description test ipv6 router isis SRv6 exit ! interface ens33.100 ipv6 address 2001:db8:100::10/64 exit ! interface evpn1 ip address 192.168.100.100/24 exit ! interface tunnel-srv6 exit ! router bgp 65000 vrf evpn1 no bgp ebgp-requires-policy no bgp default ipv4-unicast ! address-family ipv4 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001::10 rt vpn both 65000:1 export vpn import vpn exit-address-family ! address-family ipv6 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001::10 rt vpn both 65000:1 export vpn import vpn exit-address-family exit ! router bgp 65000 bgp router-id 10.0.0.1 bgp log-neighbor-changes neighbor 2001::20 remote-as 65000 neighbor 2001::20 update-source ens33 neighbor 2001::20 capability extended-nexthop ! segment-routing srv6 locator UBNT_SRV6 exit sid vpn per-vrf export auto ! address-family ipv4 vpn neighbor 2001::20 activate exit-address-family ! address-family ipv6 vpn neighbor 2001::20 activate exit-address-family exit ! router isis SRv6 is-type level-2-only net 49.0001.0000.0000.0001.00 lsp-mtu 1300 topology ipv6-unicast segment-routing on segment-routing node-msd 8 exit ! segment-routing srv6 locators locator UBNT_SRV6 prefix 2001::10/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! traffic-eng exit exit ! end

[ale0524]

R2# show running-config Building configuration...

Current configuration: ! frr version 8.5 frr defaults traditional hostname R2 log file /tmp/zebra.log log stdout alerts log syslog informational vni 1000 ! debug zebra kernel debug zebra rib detailed ! ipv6 route 2001:db8:100::/64 2001::10 ! vrf evpn1 vni 50 ip router-id 192.168.100.200 exit-vrf ! interface ens33 description SRv6 ipv6 address 2001::20/64 ipv6 router isis SRv6 isis circuit-type level-2-only exit ! interface lo description test ipv6 router isis SRv6 exit ! interface ens33.100 ipv6 address 2001:db8:200::20/64 exit ! interface evpn1 ip address 192.168.100.200/24 exit ! router bgp 65000 vrf evpn1 ! address-family ipv4 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001::20 rt vpn both 65000:1 export vpn import vpn exit-address-family ! address-family ipv6 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001::20 rt vpn both 65000:1 export vpn import vpn exit-address-family exit ! router bgp 65000 bgp router-id 10.0.0.2 bgp log-neighbor-changes neighbor 2001::10 remote-as 65000 neighbor 2001::10 update-source ens33 neighbor 2001::10 capability extended-nexthop ! segment-routing srv6 locator UBNT_SRV6 exit sid vpn per-vrf export auto ! address-family ipv4 vpn neighbor 2001::10 activate exit-address-family ! address-family ipv6 vpn neighbor 2001::10 activate exit-address-family exit ! router isis SRv6 is-type level-2-only net 49.0001.0000.0000.0002.00 lsp-mtu 1300 topology ipv6-unicast segment-routing on segment-routing node-msd 8 exit ! segment-routing srv6 locators locator UBNT_SRV6 prefix 2001::20/64 block-len 40 node-len 24 func-bits 16 exit ! exit ! exit ! traffic-eng exit exit ! end

[ale0524]

R1# show ipv6 route

K> ::/96 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> ::ffff:0:0/96 [0/1024] unreachable (ICMP unreachable), 02:44:02 C> 2001::/64 is directly connected, ens33, 00:04:21 B>r 2001::1:0:0:10/128 [20/0] is directly connected, evpn1, seg6local End.DT4 table 32, seg6 ::, weight 1, 02:44:01 B> 2001::2:0:0:10/128 [20/0] is directly connected, evpn1, seg6local End.DT6 table 32, seg6 ::, weight 1, 02:44:01 S> 2001:db8:200::/64 [1/0] via 2001::20, ens33, weight 1, 00:04:21 K> 2002:a00::/24 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 2002:7f00::/24 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 2002:a9fe::/32 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 2002:ac10::/28 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 2002:c0a8::/32 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 2002:e000::/19 [0/1024] unreachable (ICMP unreachable), 02:44:02 K> 3ffe:ffff::/32 [0/1024] unreachable (ICMP unreachable), 02:44:02 C>* fe80::/64 is directly connected, ens33, 00:05:19 R1# show ipv6 route vrf evpn1

VRF evpn1: C> 2001:db8:100::/64 is directly connected, ens33.100, 00:04:29 B> 2001:db8:200::/64 [200/0] via fe80::c94b:bf20:3fdd:e1a8, ens33 (vrf default), label 32, seg6local unspec unknown(seg6local_context2str), seg6 2001::2:0:0:20, weight 1, 00:03:40 C> fe80::/64 is directly connected, ens33.100, 00:05:28 K> ff00::/8 [0/256] is directly connected, ens33.100, 00:05:30

[ale0524]

R2# show ipv6 route

K> ::/96 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> ::ffff:0:0/96 [0/1024] unreachable (ICMP unreachable), 02:44:01 C> 2001::/64 is directly connected, ens33, 00:04:36 B>r 2001::1:0:0:20/128 [20/0] is directly connected, evpn1, seg6local End.DT4 table 32, seg6 ::, weight 1, 02:44:01 B> 2001::2:0:0:20/128 [20/0] is directly connected, evpn1, seg6local End.DT6 table 32, seg6 ::, weight 1, 02:44:01 S> 2001:db8:100::/64 [1/0] via 2001::10, ens33, weight 1, 00:04:36 K> 2002:a00::/24 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 2002:7f00::/24 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 2002:a9fe::/32 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 2002:ac10::/28 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 2002:c0a8::/32 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 2002:e000::/19 [0/1024] unreachable (ICMP unreachable), 02:44:01 K> 3ffe:ffff::/32 [0/1024] unreachable (ICMP unreachable), 02:44:01 C>* fe80::/64 is directly connected, ens33, 00:05:20 R2# show ipv6 route vrf evpn1

VRF evpn1: B>r 2001:db8:100::/64 [200/0] via fe80::57e6:2f5e:f254:460a, ens33 (vrf default), label 32, seg6local unspec unknown(seg6local_context2str), seg6 2001::2:0:0:10, weight 1, 00:04:22 C> 2001:db8:200::/64 is directly connected, ens33.100, 00:05:21 C> fe80::/64 is directly connected, ens33.100, 00:06:06 K>* ff00::/8 [0/256] is directly connected, ens33.100, 00:06:07

[ale0524]

@cscarpitta Hi friend; I have published the FRR configuration and related routing table information. Please guide me. Thank you! Two FRRs have the same kernel version; However, the R1 routing table was successfully inserted; R2 route insertion failed!

[ale0524]

R1-log.txt R2-log.txt @cscarpitta These are two FRR related logs

[ale0524]

frr version 8.4 frr defaults traditional hostname R1 log file /tmp/zebra.log log stdout alerts log syslog informational ! debug zebra kernel debug zebra rib detailed ! vrf evpn1 vni 50 ip router-id 192.168.111.128 exit-vrf ! interface ens33 description SRv6 ipv6 address 2001:db8:100::10/64 ipv6 router isis SRv6 isis circuit-type level-2-only exit ! interface ens33.100 ip address 1.1.1.1/32 ipv6 address 2001:bcda:abcd::100/128 ipv6 router isis srv6 exit ! router bgp 65000 bgp router-id 10.0.0.1 bgp log-neighbor-changes no bgp hard-administrative-reset no bgp graceful-restart notification neighbor 2001:db8:100::20 remote-as 65000 neighbor 2001:db8:100::20 update-source ens33 ! segment-routing srv6 locator srv6 exit ! address-family ipv4 vpn neighbor 2001:db8:100::20 activate exit-address-family ! address-family ipv6 unicast neighbor 2001:db8:100::20 activate exit-address-family ! address-family ipv6 vpn neighbor 2001:db8:100::20 activate exit-address-family exit ! router bgp 65000 vrf evpn1 bgp log-neighbor-changes no bgp hard-administrative-reset no bgp default ipv4-unicast no bgp graceful-restart notification ! address-family ipv4 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001:db8:100::10 rt vpn both 65000:1 export vpn import vpn exit-address-family ! address-family ipv6 unicast redistribute connected sid vpn export auto rd vpn export 65000:1 nexthop vpn export 2001:db8:100::10 rt vpn both 65000:1 export vpn import vpn exit-address-family exit ! router isis SRv6 is-type level-2-only net 49.0001.0000.0000.0001.00 lsp-mtu 4352 topology ipv6-unicast segment-routing on segment-routing node-msd 8 exit ! segment-routing srv6 locators locator srv6 prefix 2001:db8:1000::1000/64 exit ! exit ! exit ! traffic-eng exit exit ! end

R1# show ipv6 route K> ::/0 [0/100] via 2001:db8:100::1, ens33, 01:07:18 K> ::/96 [0/1024] unreachable (ICMP unreachable), 01:07:18 K> ::ffff:0:0/96 [0/1024] unreachable (ICMP unreachable), 01:07:18 C> 2001:db8:100::/64 is directly connected, ens33, 01:07:18 B>r 2001:db8:1000:0:100::1000/128 [20/0] is directly connected, evpn1, seg6local End.DT4 table 32, seg6 ::, weight 1, 01:05:00 B>* 2001:db8:1000:0:200::1000/128 [20/0] is directly connected, evpn1, seg6local End.DT6 table 32, seg6 ::, weight 1, 01:05:00

R1# show ipv6 route vrf evpn1 VRF evpn1: B> 2001:abcd:bcda::200/128 [20/0] via fe80::80b:88a9:6d6e:f1a9, ens33 (vrf default), label 8192, seg6local unspec unknown(seg6local_context2str), seg6 2001:db8:2000:0:200::2000, weight 1, 00:59:39 C> 2001:bcda:abcd::100/128 is directly connected, ens33.100, 00:59:07 C>* fe80::/64 is directly connected, ens33.100, 01:07:51

linux configuration VRF：

linux vrf route： [root@R1 ~]# ip -6 route show table 32 2001:abcd:bcda::200 encap unknown via fe80::80b:88a9:6d6e:f1a9 dev ens33 proto 186 metric 20 pref medium local 2001:bcda:abcd::100 dev ens33.100 proto kernel metric 0 pref medium 2001:bcda:abcd::100 dev ens33.100 proto kernel metric 256 pref medium anycast fe80:: dev ens33.100 proto kernel metric 0 pref medium local fe80::20c:29ff:fe0c:ddcf dev ens33.100 proto kernel metric 0 pref medium fe80::/64 dev ens33.100 proto kernel metric 256 pref medium multicast ff00::/8 dev ens33.100 proto kernel metric 256 pref medium log.txt

@cscarpitta @donaldsharp Please ask the FRR developer to help me solve the problem. Thank you

[cscarpitta]

@ale0524 the SRv6 route is rejected because you have a static route for the same destination (the line ipv6 route 2001:db8100:/64 2001::10 in your FRR configuration). You need to remove this line, otherwise the SRv6 route cannot be installed.

In general, I see several mistakes in your configuration. Could you explain what is your use case, what are you trying to do, what is your topology, ... ? In this way, I can give you more precise information and help you solve the problem.

Also, make sure that your use case is supported by FRR and the kernel.

Currently, only these use cases are supported: IPv6 L3VPN (with SRv6 End.DT6) -> kernel >=4.14 -> config example here IPv4 L3VPN (with SRv6 End.DT4) -> kernel >= 5.11 -> config example here IPv4/IPv6 L3VPN (with SRv6 End.DT46) -> kernel >= 5.14 -> config example here

You are using kernel version 4.14. Therefore, you can only deploy an IPv6 L3VPN configuration. To support IPv4 L3VPN or IPv4/IPv6 L3VPN, you need to upgrade the kernel.

[ale0524]

Configuration Case Reference：IPv6 L3VPN (with SRv6 End.DT6) -> kernel >=4.14 -> config example here @cscarpitta

[ale0524]

FRR-R1.txt FRR-R2.txt FRR-1 access FRR-2 target address unreachable；

I have uploaded FRR-1 and FRR-2; Configuration file. Hope to point out the problem May I ask if there is an evpn L3vpnv6 over srv6; Super detailed configuration case; Thank you! @cscarpitta

[ale0524]

I have already accessed the target on the virtual machine; Unfortunately, the access failed and an icmpv6 request message was received during packet capture on the peer FRR-2; It's strange why FRR-2 did not respond; I hope the routing development team can point out the problem.

@cscarpitta

[ale0524]

Check the show ipv6 route vrf evpn1 Routing table (via fe80:: 20ec: 74c0:9bad: fa26) to see if there is a problem??? @cscarpitta

[ale0524]

@cscarpitta May I ask if routing supports evpn l3vpn over srv6? I hope to provide a configuration case! Thank you!

[github-actions[bot]]

This issue is stale because it has been open 180 days with no activity. Comment or remove the autoclose label in order to avoid having this issue closed.

[frrbot[bot]]

This issue will be automatically closed in the specified period unless there is further activity.