Segment Routing over IPv6

Objective

This guide provides instructions on how to enable Segment Routing over IPv6 (SRv6) for your Volterra sites. Segment routing is a source-based routing technology simplifying management of network domains and enhancing bandwidth efficiency.

Volterra supports the following for SRv6 functionality:

  • Configuring IPv6 addresses on physical interfaces of Volterra site.
  • BGP Peering between a SRv6 router and Volterra site with IPv6 address family.
  • SRv6 network slice in an operator network that uses SRv6.
  • SRv6 Virtual Network
  • Segment Identifier (SID) counters for ingress and egress traffic

Using the instructions provided in this guide, you can enable SRv6 for your Volterra site, configure Segment Identifier (SID), and enable BGP peering with another SRv6 capable router that acts as the ingress router for the network domain over which the traffic flows.


Prerequisites

The following prerequisites apply:

  • A valid Volterra Account. If you do not have an account, see Create a Volterra Account.
  • API certificate or token for Volterra API access. If you do not have a certificate or token, see My Credentials.
  • KVM or VMware or Baremetal for VoltStack site.
  • A peer router or device that is capable of SRv6.

Restrictions

The following restrictions apply:

  • Enabling SRv6 is supported using only Volterra API.
  • SRv6 is supported for only VoltStack sites created using Volterra API.
  • Only one-to-one mapping between the user namespace and SRv6 virtual network is supported Multiple namespaces cannot be referred inside the same SRv6 VN.
  • The SRv6 VN and slice must be created in system namespace.

Configuration

Configuring SRv6 for your Volterra site includes creating a VoltStack site, creating network slices, and creating a virtual network applying the network slice and fleet of VoltStack site to it.

The following figure shows an example SRv6 setup using Volterra site:

SRv6Sample
Figure: Volterra SRv6 Sample Setup

Note: The sample image does not show the IP addresses for brevity.

Perform the following steps to enable SRv6 for your sites:

Step 1: Create VoltStack site.

Create a VoltStack site with local control plane using the Volterra site API. The following example shows creating a KVM multi node VoltStack site using the API certificate and a sample request body:

curl -v -s -X POST https://<tenant>.console.ves.volterra.io/api/config/namespaces/system/voltstack_sites --cert-type P12 --cert /Users/bobmarley/Downloads/<tenant>.demo1.api-creds.p12:volterra -H 'Content-Type: application/json' -k -H 'cache-cotrol: no-cache' -d '{
    "namespace": "system",
    "metadata": {
      "name": "bob-srv6-v3-03",
      "namespace": null,
      "labels": {},
      "annotations": {},
      "description": null,
      "disable": null
    },
    "spec": {
      "volterra_certified_hw": "kvm-multi-nic-voltstack",
      "master_nodes": [
        "master-0",
        "master-1",
        "master-2"
      ],
      "worker_nodes": null,
      "no_bond_devices": {},
      "custom_network_config": {
        "default_config": {},
        "sli_config": {
          "static_routes": {
            "static_routes": [
              {
                "ip_prefixes": [
                  "1.2.3.0/24",
                  "2.3.4.0/24"
                ],
                "default_gateway": {},
                "attrs": [
                  "ROUTE_ATTR_INSTALL_HOST",
                  "ROUTE_ATTR_INSTALL_FORWARDING"
                ]
              }
            ]
          }
        },
        "interface_list": {
          "interfaces": [
            {
              "description": "eth0",
              "labels": {},
              "dedicated_interface": {
                "device": "eth0",
                "cluster": {},
                "mtu": null,
                "priority": null,
                "not_primary": {},
                "monitor_disabled": {}
              }
            },
            {
              "description": "master-0-eth1",
              "labels": {},
              "ethernet_interface": {
                "device": "eth1",
                "node": "master-0",
                "untagged": {},
                "dhcp_client": {},
                "static_ipv6_address": {
                  "node_static_ip": {
                    "ip_address": "21DA:D3:0:2F3D::31/64",
                    "default_gw": "21DA:D3:0:2F3D::50"
                  }
                },
                "site_local_inside_network": {},
                "mtu": null,
                "priority": null,
                "not_primary": {},
                "monitor_disabled": {}
              }
            },
            {
              "description": "master-1-eth1",
              "labels": {},
              "ethernet_interface": {
                "device": "eth1",
                "node": "master-1",
                "untagged": {},
                "dhcp_client": {},
                "static_ipv6_address": {
                  "node_static_ip": {
                    "ip_address": "21DA:D3:0:2F3D::76/64",
                    "default_gw": "21DA:D3:0:2F3D::50"
                  }
                },
                "site_local_inside_network": {},
                "mtu": null,
                "priority": null,
                "not_primary": {},
                "monitor_disabled": {}
              }
            },
            {
              "description": "master-2-eth1",
              "labels": {},
              "ethernet_interface": {
                "device": "eth1",
                "node": "master-2",
                "untagged": {},
                "dhcp_client": {},
                "static_ipv6_address": {
                  "node_static_ip": {
                    "ip_address": "21DA:D3:0:2F3D::220/64",
                    "default_gw": "21DA:D3:0:2F3D::50"
                  }
                },
                "site_local_inside_network": {},
                "mtu": null,
                "priority": null,
                "not_primary": {},
                "monitor_disabled": {}
              }
            }
          ]
        },
        "no_network_policy": {},
        "no_forward_proxy": {},
        "no_global_network": {},
        "outside_vip": null,
        "outside_nameserver": null,
        "bgp_router_id": null,
        "bgp_peer_address": null,
        "vip_vrrp_mode": null,
        "site_to_site_tunnel_ip": null,
        "tunnel_dead_timeout": null
      },
      "default_storage_config": {},
      "disable_gpu": {},
      "address": null,
      "coordinates": {
        "latitude": 11.22,
        "longitude": 77.88
      },
      "no_k8s_cluster": {},
      "logs_streaming_disabled": {},
      "deny_all_usb": {},
      "local_control_plane": {
        "inside_vn": {},
        "bgp_config": {
          "asn": 65534,
          "peers": [
            {
              "metadata": {
                "name": "peer-0",
                "description": "",
                "disable": false
              },
              "internal": {
                "address": "192.168.10.50",
                "port": 179,
                "family_inet6vpn": {
                    "enable": {}
                },
                "family_rtarget": {
                    "enable": {}
                },
                "family_inetvpn": {
                    "enable": {
                      "enable": {}
                    }
                },
                "disable_mtls": {}
              },
              "target_service": "phobos"
            }
          ]
        }
      },
      "sw": {
        "default_sw_version": {}
      },
      "os": {
        "default_os_version": {}
      }
    }
  }' --insecure

Note: Replace <tenant> with your tenant name. Ensure that you add the appropriate values for the fields in the local_control_plane section and IPv6 addresses for the interfaces for all nodes in the interface_list section of the request body. For more information on VoltStack API, see Create VoltStack Site API.

Step 2: Create network slices.

For enabling SRv6, you must first configure SID. This example shows creating network slices using IPv6 SIDs:

curl -v -s -X POST https://<tenant>.console.ves.volterra.io/api/config/namespaces/system/srv6_network_slices --cert-type P12 --cert /Users/bobmarley/Downloads/<tenant>.demo1.api-creds.p12:volterra -H 'Content-Type: application/json' -k -H 'cache-cotrol: no-cache' -d '{
   "metadata": {
      "name": "bob-srv6-v3-03-slice-vn1",
      "namespace": "system"
   },
   "spec": {
       "sid_prefixes": [
         "2201:f00f::0/32"
        ],
       "connect_to_internet": true
   }
}' --insecure

Note: Replace <tenant> with your tenant name. For more information on network slice API, see Create Network Slice API.

Step 3: Create virtual network.

Create an SRv6 virtual network specifying the SIDs and associating with the fleet of VoltStack site created in previous steps. The following example shows a sample API request using curl:

curl -v -s -X POST https://<tenant>.console.ves.volterra.io/api/config/namespaces/system/virtual_networks --cert-type P12 --cert /Users/bobmarley/Downloads/<tenant>.demo1.api-creds.p12:volterra -H 'Content-Type: application/json' -k -H 'cache-cotrol: no-cache' -d '{
   "metadata": {
      "name": "bob-srv6-v3-03-vn1",
      "namespace": "system"
   },
   "spec": {
      "srv6_network": {
         "srv6_network_ns_params": {
            "namespace": "bob-test-1"
         },
         "interface_ip_vip": {},
         "site_snat_pool": {
           "node_snat_pool": {
             "master-0": {
               "ipv4_prefixes": [
                 "4.4.4.0/28"
               ]
             }
           }
         },
         "slice": {
             "tenant": "demo-hagrmdbk",
             "namespace": "system",
             "name": "bob-srv6-v3-01-slice-vn1"
         },
         "fleets": [
           {
             "tenant": demo-hagrmdbk",
             "namespace": "system",
             "name": "ves-io-voltstack-site-bob-srv6-v3-01"
           }
         ],
         "access_network_rtargets": null,
         "internet_rtargets": [
           {
             "asn2byte_rtarget": {
                "as_number": 65534,
                "value": 4294967294
             }
           }
         ],
         "enterprise_network_rtargets": null,
         "export_rtargets": [
           {
             "asn2byte_rtarget": {
                "as_number": 65534,
                "value": 4294967293
             }
           }
         ]
      }
   }
}' --insecure

Note: Replace <tenant> with your tenant name. Ensure you specify the SNAT pool with IPv4 prefixes so that the address translation happens from IPv6 to IPv4. See Create Virtual Network API for information on virtual network creation.

Step 4: Deploy your app and advertise over the virtual network.

Deploy your web app using Volterra vK8s, create the origin pool, and advertise the services using a load balancer on the created virtual network. Ensure that you select virtual network created in previous step for VIP advertisement section of load balancer.

After this, the VoltStack site exports the routes for the advertised services and the BGP peer imports the routes. The requests to your services are steered through the segments imported by the peer.

Note: See vK8s Deployment for information on app deployment. See Origin Pools and Create HTTP Load Balancer for information on origin pools and load balancer creation.

Step 5: Verify that the traffic is routed over the SRv6 network.

Enter the following command to verify the SID counters for ingress and egress traffic:

curl  POST https://<tenant>.console.ves.volterra.io/api/data/namespaces/system/virtual_network/sid_counters -d '{
  "namespace": "system",
  "group_by": [
    "SITE",
    "VIRTUAL_NETWORK",
    "SID_PREFIX"
  ],
  "filter": "{SITE=\"bob-srv6-v3-01\"}",
  "field_selector": [
    "SID_COUNTER_IN_BYTES",
    "SID_COUNTER_IN_PACKETS",
    "SID_COUNTER_OUT_BYTES",
    "SID_COUNTER_OUT_PACKETS"
  ],
  "step": "300s",
  "range": "300s"
}'  --cert-type P12 --cert /Users/bobmarley/Downloads/testcorp.demo1.api-creds.p12:volterra -H 'Content-Type: application/json' -k -H 'cache-cotrol: no-cache' --insecure
curl: (6) Could not resolve host: POST
{
  "data": [
    {
      "type": "SID_COUNTER_OUT_PACKETS",
      "data": [
        {
          "key": {
            "SID_PREFIX": "2201:f00f:199:a001:26::/80",
            "SITE": "bob-srv6-v3-01",
            "VIRTUAL_NETWORK": "bob-srv6-v3-01-vn1"
          },
          "value": [
            {
              "timestamp": 1621277400,
              "value": "0"
            },
            {
              "timestamp": 1621277700,
              "value": "18"
            },
            {
              "timestamp": 1621278000,
              "value": "0"
            }
          ]
        }
      ]
    },
    {
      "type": "SID_COUNTER_IN_BYTES",
      "data": [
        {
          "key": {
            "SID_PREFIX": "2101:f00f:199:9003:2c::/128",
            "SITE": "bob-srv6-v3-01",
            "VIRTUAL_NETWORK": "bob-srv6-v3-01-vn1"
          },
          "value": [
            {
              "timestamp": 1621277400,
              "value": "0"
            },
            {
              "timestamp": 1621277700,
              "value": "2270"
            },
            {
              "timestamp": 1621278000,
              "value": "0"
            }
          ]
        }
      ]
    },
    {
      "type": "SID_COUNTER_OUT_BYTES",
      "data": [
        {
          "key": {
            "SID_PREFIX": "2201:f00f:199:a001:26::/80",
            "SITE": "bob-srv6-v3-01",
            "VIRTUAL_NETWORK": "bob-srv6-v3-01-vn1"
          },
          "value": [
            {
              "timestamp": 1621277400,
              "value": "0"
            },
            {
              "timestamp": 1621277700,
              "value": "6085"
            },
            {
              "timestamp": 1621278000,
              "value": "0"
            }
          ]
        }
      ]
    },
    {
      "type": "SID_COUNTER_IN_PACKETS",
      "data": [
        {
          "key": {
            "SID_PREFIX": "2101:f00f:199:9003:2c::/128",
            "SITE": "bob-srv6-v3-01",
            "VIRTUAL_NETWORK": "bob-srv6-v3-01-vn1"
          },
          "value": [
            {
              "timestamp": 1621277400,
              "value": "0"
            },
            {
              "timestamp": 1621277700,
              "value": "18"
            },
            {
              "timestamp": 1621278000,
              "value": "0"
            }
          ]
        }
      ]
    }
  ]
}

Note: Verify the value for the following counters to confirm that traffic is flowing through the SRv6 network:

  • SID_COUNTER_IN_BYTES
  • SID_COUNTER_IN_PACKETS
  • SID_COUNTER_OUT_BYTES
  • SID_COUNTER_OUT_PACKETS

Concepts


API References