skorpion17
commented
3 years ago Hi, I need more info to understand both the scenario and the network topology. However, I will try to make some assumptions and give you some hints.
I have been following https://segment-routing.org to make a srv6 setup. I am facing one issue in the egress node End function. I found the discussion posted in this group #4 on similar topic. This is quite helpful. Hence posting the question here.
Here is my setup- Source -> SRv6 Ingress node -> end point-0 -> end point 1 -> end point 2 -> end point 3 -> Srv6 egress node -> Destination.
All the above nodes are K8s Pods/containers running on ubuntu kernel version 5.8.0-41-generic, Ubuntu 20.10. Here there are total 3 subnets.
Source, SRv6 Ingress node => 14.1.32.0/27 SRv6 Ingress node, end point-0, end point-1, end point-2, end point-3, egress node =>fcff:fffe::0E01:2020/123. SRv6 SID is setup with this subnet through via rules. egress node, destination => 14.1.32.64/27
I am trying to do a ping from source ip 14.1.32.29 to destination 14.1.32.66 and i want above path to be followed i..e Source -> SRv6 Ingress node -> end point-0 -> end point 1 -> end point 2 -> end point 3 -> egress node -> Destination.
In all the Pods/containers, following kernel parameters are on for all the interfaces and both for ipv4/ipv6
Could you please attach your network topology? It would be great even if you could show the IP(s) and the networks you are going to use right in the network diagram. The clearer the scenario, the easier it is to find a way to fix what is not working.
seg6_enabled forwarding accept_ra autoconf
If you use SRv6 Behaviors you do not need to turn on the seg6_enabled unless you want to use the default kernel behavior (and that doesn't seem to be the case).
Turn on also the IPv4 forwarding, i.e: sysctl -w net.ipv4.ip_forward=1
Disable IPv4 rp_filter, i.e: sysctl -w net.ipv4.conf.XXX.rp_filter=0
you should consider disabling rp_filter on the interfaces used to handle ipv4 traffic. For testing purposes disable rp_filter on any interface in each node (remember to consider also XXX such as 'all' and 'default').
In the SRv6 ingress node, following route is made - ip route add 14.1.32.66 encap seg6 mode encap segs fcf0:12::100,fcf0:12::101,fcf0:12::102,fcf0:12::103,fcf0:12::104 dev eth1
I can see packet is reached to Egress node properly from source via ingress and all the endpoints but after that it just gets dropped doesn't got move out to destination.
Following are the different possible commands tried out in the egress nodes. Here fcf0:12::104 is egress nodes SID, 14.1.32.66 destination IP , 14.1.32.67 egress node IP.
ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth1 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.67 dev eth1 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth2 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth2
If I understood correctly from what you wrote, below I drew a part of your network where there are egress and destination nodes. I have also shown the networks, IPs and the IPv6 route to set up the SRv6 End.DX4 Behavior (the nh4 should point to the next hop which is in this case the destination address i.e.: 14.1.32.66).
I have also shown the expected configuration that the packet should have when it arrives on the egress node. It is important that the segment left in the SRH is 0 so that the decap operation can be performed.
Andrea
subrnath
I have been following https://segment-routing.org to make a srv6 setup. I am facing one issue in the egress node End function. I found the discussion posted in this group https://github.com/netgroup/p4-srv6-usid/issues/4 on similar topic. This is quite helpful. Hence posting the question here.
Here is my setup- Source -> SRv6 Ingress node -> end point-0 -> end point 1 -> end point 2 -> end point 3 -> Srv6 egress node -> Destination.
All the above nodes are K8s Pods/containers running on ubuntu kernel version 5.8.0-41-generic, Ubuntu 20.10. Here there are total 3 subnets.
Source, SRv6 Ingress node => 14.1.32.0/27 SRv6 Ingress node, end point-0, end point-1, end point-2, end point-3, egress node =>fcff:fffe::0E01:2020/123. SRv6 SID is setup with this subnet through via rules. egress node, destination => 14.1.32.64/27
I am trying to do a ping from source ip 14.1.32.29 to destination 14.1.32.66 and i want above path to be followed i..e Source -> SRv6 Ingress node -> end point-0 -> end point 1 -> end point 2 -> end point 3 -> egress node -> Destination.
In all the Pods/containers, following kernel parameters are on for all the interfaces and both for ipv4/ipv6
seg6_enabled forwarding accept_ra autoconf
In the SRv6 ingress node, following route is made - ip route add 14.1.32.66 encap seg6 mode encap segs fcf0:12::100,fcf0:12::101,fcf0:12::102,fcf0:12::103,fcf0:12::104 dev eth1
I can see packet is reached to Egress node properly from source via ingress and all the endpoints but after that it just gets dropped doesn't got move out to destination.
Following are the different possible commands tried out in the egress nodes. Here fcf0:12::104 is egress nodes SID, 14.1.32.66 destination IP , 14.1.32.67 egress node IP.
ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth1 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.67 dev eth1 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth2 ip -6 route add fcf0:12::104/64 encap seg6local action End.DX4 nh4 14.1.32.66 dev eth2
what is missing in Egress node ?
Thanks in advance.