cisco-iosxrv-srv6: initial import

lab-cisco-iosxrv-srv6/.gitignore

@@ -0,0 +1,7 @@
+/cisco-r1.conf
+/cisco-r2.conf
+/cisco-r3.conf
+/cisco-r4.conf
+/cisco-r5.conf
+/bird.ce6.conf
+/bird.ce7.conf

lab-cisco-iosxrv-srv6/README.md

@@ -0,0 +1,89 @@
+#  Cisco SRv6 L3 VPN with Flexible Algorithm and TI-LFA
+
+This lab is heavily derivated from the lab of the same name in Cisco
+dCloud. The main differences are:
+
+- using RFC5737 for IP addresses used by CE devices
+- Linux is used as a CE device (less memory)
+- use LLA for interface between P and PE routers
+
+From ce6, you should be able to `ping 192.0.2.7`.
+
+Useful commands:
+
+```
+show route ipv6
+show segment-routing srv6 locator
+show segment-routing srv6 sid all
+show cef ipv6 2001:0:0:1:1::
+show isis database verbose r1
+show bgp vrf 1
+show route vrf 1 ipv4
+show cef vrf 1 192.0.2.7/32
+```
+
+## TI-LFA
+
+`r4` has built a backup path to reach `r3` (when using flex algo 128):
+
+```
+RP/0/RP0/CPU0:r4#show route ipv6 2001:0:8:3::/64 detail
+Tue Dec 14 18:37:22.335 UTC
+
+Routing entry for 2001:0:8:3::/64
+  Known via "isis 1", distance 115, metric 100, SRv6-locator (algo 128), type level-2
+  Installed Dec 14 18:16:13.890 for 00:21:08
+  Routing Descriptor Blocks
+    fe80::5254:33ff:fe00:d, from 2001::3, via GigabitEthernet0/0/0/0, Protected
+      Route metric is 100
+      Label: None
+      Tunnel ID: None
+      Binding Label: None
+      Extended communities count: 0
+      Path id:1       Path ref count:0
+      NHID:0x20001(Ref:14)
+      Backup path id:65
+    fe80::5254:33ff:fe00:15, from 2001::3, via GigabitEthernet0/0/0/1, Backup (TI-LFA)
+      Repair Node(s): 2001::2
+      Route metric is 8100
+      Label: None
+      Tunnel ID: None
+      Binding Label: None
+      Extended communities count: 0
+      Path id:65              Path ref count:1
+      NHID:0x20002(Ref:14)
+      SRv6 Headend: H.Insert.Red [base], SID-list {2001:0:8:1:41::}
+  Route version is 0x2 (2)
+  No local label
+```
+
+If we shutdown `Gi0/0/0/0` on `r4` while pinging "fast", we can see the encapsulated packet when `r4` falls back to the backup path until the topology converges:
+
+```
+Frame 547: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits)
+Ethernet II, Src: 50:54:33:00:00:12 (50:54:33:00:00:12), Dst: 50:54:33:00:00:15 (50:54:33:00:00:15)
+Internet Protocol Version 6, Src: 2001::1, Dst: 2001:0:8:1:41::
+    0110 .... = Version: 6
+    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
+    .... 1111 0110 1101 1001 1000 = Flow Label: 0xf6d98
+    Payload Length: 108
+    Next Header: Routing Header for IPv6 (43)
+    Hop Limit: 253
+    Source Address: 2001::1
+    Destination Address: 2001:0:8:1:41::
+    Routing Header for IPv6 (Segment Routing)
+        Next Header: IPIP (4)
+        Length: 2
+        [Length: 24 bytes]
+        Type: Segment Routing (4)
+        Segments Left: 1
+        Last Entry: 0
+        Flags: 0x00
+        Tag: 0000
+        Address[0]: 2001:0:8:3:42::
+Internet Protocol Version 4, Src: 203.0.113.1, Dst: 192.0.2.7
+Internet Control Message Protocol
+```
+
+New destination is the repair node `r1` on the interface to `r2`. And
+the SRH header contains the original destination address.

lab-cisco-iosxrv-srv6/bird.ceX.conf

@@ -0,0 +1,31 @@
+log "/var/log/bird.log" all;
+router id from "dummy0";
+
+protocol device {
+  scan time 10;
+}
+
+protocol kernel KERNELv4 {
+  merge paths yes;
+  ipv4 {
+    import none;
+    export all;
+  };
+}
+protocol direct {
+  ipv4;
+  interface "dummy0";
+}
+
+protocol bgp PE {
+  connect delay time 1;
+  connect retry time 5;
+  error wait time 1,5;
+  error forget time 10;
+  local as {{ 65100 + index }};
+  ipv4 {
+    export all;
+    import all;
+  };
+  neighbor 203.0.113.{{ index * 2 - 2 }} as 65000;
+}

lab-cisco-iosxrv-srv6/data.yaml

@@ -0,0 +1,36 @@
+r1:
+  pe: true
+  index: 1
+  otherpe: r3
+  ipce: 203.0.113.0/31
+  ceas: 65101
+  delays:
+    - 5000
+    - 100
+r2:
+  pe: false
+  index: 2
+  delays:
+    - 5000
+    - 2000
+r3:
+  pe: true
+  index: 3
+  otherpe: r1
+  ipce: 203.0.113.2/31
+  ceas: 65102
+  delays:
+    - 2000
+    - 1000
+r4:
+  pe: false
+  index: 4
+  delays:
+    - 100
+    - 1000
+r5:
+  pe: false
+  index: 5
+  delays:
+    - 1000
+    - 100

lab-cisco-iosxrv-srv6/rX.conf.j2

@@ -0,0 +1,137 @@
+{% set alldata = yaml("data.yaml") %}
+{% set data = alldata[uts] %}
+{% set index = data.index %}
+
+{% if data.pe %}
+vrf 1
+ address-family ipv4 unicast
+  import route-target
+   1:1
+  !
+  export route-target
+   1:1
+  !
+ !
+!
+{% endif %}
+
+interface Loopback0
+ ipv6 address 2001::{{ index }}/128
+!
+interface GigabitEthernet0/0/0/0
+ ipv6 enable
+ no shut
+!
+interface GigabitEthernet0/0/0/1
+ ipv6 enable
+ no shut
+!
+{% if data.pe %}
+interface GigabitEthernet0/0/0/2
+ description Towards CE
+ vrf 1
+ ipv4 address {{ data.ipce | ipaddr("address") }} {{ data.ipce | ipaddr("netmask") }}
+ no shut
+!
+
+route-policy PASS
+  pass
+end-policy
+{% endif %}
+
+router isis 1
+ is-type level-2-only
+ net 49.0000.0000.000{{ index }}.00
+ flex-algo 128
+  metric-type delay
+  advertise-definition
+ !
+ address-family ipv6 unicast
+  metric-style wide
+  segment-routing srv6
+   locator MAIN
+   !
+   locator LATENCY
+   !
+  !
+ !
+ interface Loopback0
+  address-family ipv6 unicast
+  !
+ !
+ interface GigabitEthernet0/0/0/0
+  point-to-point
+  address-family ipv6 unicast
+   fast-reroute per-prefix
+   fast-reroute per-prefix ti-lfa
+  !
+ !
+ interface GigabitEthernet0/0/0/1
+  point-to-point
+  address-family ipv6 unicast
+   fast-reroute per-prefix
+   fast-reroute per-prefix ti-lfa
+  !
+ !
+!
+
+{% if data.pe %}
+router bgp 65000
+ bgp router-id {{ index }}.{{ index }}.{{ index }}.{{ index }}
+ address-family vpnv4 unicast
+ !
+ neighbor 2001::{{ alldata[data.otherpe].index }}
+  remote-as 65000
+  update-source Loopback0
+  address-family vpnv4 unicast
+  !
+ !
+ vrf 1
+  rd 1:1
+  address-family ipv4 unicast
+   segment-routing srv6
+    locator LATENCY
+    alloc mode per-ce
+   !
+   redistribute connected
+  !
+  neighbor {{ data.ipce | ipaddr("peer") }}
+   remote-as {{ data.ceas }}
+   address-family ipv4 unicast
+    route-policy PASS in
+    route-policy PASS out
+ !
+!
+{% endif %}
+
+segment-routing
+ srv6
+{% if data.pe %}
+  encapsulation
+   source-address 2001::{{ index }}
+  !
+{% endif %}
+  locators
+   locator MAIN
+    prefix 2001:0:0:{{ index }}::/64
+   !
+   locator LATENCY
+    prefix 2001:0:8:{{ index }}::/64
+    algorithm 128
+   !
+  !
+ !
+!
+
+performance-measurement
+ interface GigabitEthernet0/0/0/0
+  delay-measurement
+   advertise-delay {{ data.delays[0] }}
+  !
+ !
+ interface GigabitEthernet0/0/0/1
+  delay-measurement
+   advertise-delay {{ data.delays[1] }}
+  !
+ !
+!

lab-cisco-iosxrv-srv6/setup

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+cd "$(dirname "$(readlink -f "$0")")"
+. ../common/lab-setup
+
+if onhost; then
+    for R in 1 2 3 4 5; do
+        uts=r$R template rX.conf.j2 cisco-r$R.conf index=$R
+    done
+fi
+
+spawn cisco-iosxrv r1 networks r1r2,r1r5,r1r6
+spawn cisco-iosxrv r2 networks r1r2,r2r3
+spawn cisco-iosxrv r3 networks r2r3,r3r4,r3r7
+spawn cisco-iosxrv r4 networks r3r4,r4r5
+spawn cisco-iosxrv r5 networks r4r5,r1r5
+spawn vm ce6 network r1r6
+spawn vm ce7 network r3r7
+
+run
+
+case $uts in
+    ce6)
+        ip addr add 192.0.2.6/32 dev dummy0
+        ip addr add 203.0.113.1/31 dev eth0
+        template bird.ceX.conf bird.ce6.conf index=1
+        service bird
+        ;;
+    ce7)
+        ip addr add 192.0.2.7/32 dev dummy0
+        ip addr add 203.0.113.3/31 dev eth0
+        template bird.ceX.conf bird.ce7.conf index=2
+        service bird
+        ;;
+esac