No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S V800R010C10SPC500 Feature Description - Value-Added-Service 01

This is NE20E-S V800R010C10SPC500 Feature Description - Value-Added-Service
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SRv6 VPN

SRv6 VPN

SRv6 VPN transmits VPN data along SRv6 tunnels. SRv6 tunnels include SRv6 LSPs and SRv6 TE tunnels. Table 3-3 describes the comparison between the SRv6 VPN and BGP/MPLS IPv6 VPN.
Table 3-3 Comparison between the SRv6 VPN and BGP/MPLS IPv6 VPN

Item

SRv6 VPN

BGP/MPLS IPv6 VPN

VPN service type

IPv4 VPN over SRv6 tunnel

IPv6 VPN over MPLS tunnel

VPNv4 route identifier and crossing

RD: identifies a specified VPN address space.

RT: the local import RT must be the same as the peer export RT.

RD: identifies a specified VPN address space.

RT: the local import RT must be the same as the peer export RT.

Route transfer

The IPv6 peer relationship is enabled in the BGP VPNv4 address family to transfer IPv4 route information.

The IPv4 peer relationship is enabled in the BGP VPNv6 address family to transfer IPv6 route information.

Public network route interworking

BGP + IS-IS

BGP + IGP or static route

VPN label

VPN labels do not exist. SRv6 VPN SIDs are used instead.

BGP assigns VPN labels.

VPN labels are inner labels carried in BGP/MPLS IPv6 VPN public-network packets and used to identify VPN instances.

MPLS label

MPLS labels do not exist.

MPLS LDP or TE assigns labels.

MPLS labels are outer labels carried in BGP/MPLS IPv6 VPN public-network packets and used to identify tunnels.

Private network table lookup

The egress removes SRv6 VPN SIDs, identifies VPN instances based on SRv6 VPN SIDs, and searches the local SID table of each VPN instance.

The egress removes MPLS labels and VPN labels, identifies VPN instances based on VPN labels, searches VPN routing tables, and forwards packets over IP.

Figure 3-8 shows the typical SRv6 VPN networking.
Figure 3-8 Typical SRv6 VPN networking

SRv6 VPN characteristics are as follows:

  • Transmits packets using extended BGP.

  • Encapsulates and transmits private network data packets over SRv6 LSPs or TE tunnels serving as public network tunnels.

  • Allows a device that may play PE, P, and CE roles to play only a single role at a time.

IPv4 VPN over SRv6 LSP

IPv4 VPN over SRv6 LSP allows SRv6 LSPs on public networks to carry IPv4 VPN data. The implementation of IPv4 VPN over SRv6 LSP involves establishing SRv6 LSPs, implementing VPN route interworking, and forwarding data.

Figure 3-9 shows the implementation of IPv4 VPN over SRv6 LSP.
Figure 3-9 IPv4 VPN over SRv6 LSP implementation
IPv4 VPN over SRv6 LSP implementation is as follows:
  1. SRv6 and SRv6 VPN functions are configured on each PE, and IPv6 must be supported on intermediate devices.
  2. CEs and PEs exchange route information.

    CE2 advertises an IPv4 route to the local site to PE2. The CEs can communicate with the PEs over static routes or routes created using RIP, OSPF, IS-IS, or BGP.

  3. PEs advertise route information to each other.

    After learning VPN route information advertised by CE2, PE1 installs these routes to VRF routing tables. PE1 then converts them to VPNv4 routes and runs MP-BGP to advertise them to the egress PE1. Update packets carry the RT attribute and SRv6 VPN SID attribute.

  4. PE1 receives VPNv4 route information.

    If the next hop carried in the VPNv4 route is reachable and the route matches the BGP import policy, PE1 injects the route into the local routing table, iterates the route to an SRv6 LSP, and filters the route based on a VRF import policy. PE1 then decides whether to add the route to its VRF routing table. The VPN route to be delivered is associated with an SRv6 VPN SID.

  5. CEs and PEs exchange route information.

    CE1 can learn VPN routes from PE2 over static routes or routes established using RIP, OSPF, IS-IS, or BGP. Route advertisement from CE2 to PE2 is similar to that from CE1 to PE2.

Figure 3-10 describes the process of advertising the routes and forwarding data in IPv4 VPN over SRv6 LSP.
Figure 3-10 Process of advertising the routes and forwarding data in IPv4 VPN over SRv6 LSP
In the route advertisement phase:
  1. An END.SID is set on PE2 and advertised to PE1 using an IGP.
  2. PE1 runs an IGP to learn the network segment route to A2:1::/64 that is mapped to the SRv6 SID.
  3. PE2 automatically generates an END.DT4 SID of A2:1::B100 within the END.SID range for the VPN instance and a local SID table.
  4. After receiving the VPNv4 route advertised by CE2, PE2 converts it to a BGP VPNv4 route and advertises the route to PE1 through a BGP peer relationship. The route carries the SRv6 VPN SID that is the END.DT4 SID of A2:1::B100 in the VPN instance.
  5. Upon receipt of the VPNv4 route, PE1 injects the route to the VRF routing table, converts it to a common IPv4 route, and advertises it to CE1.
In the data forwarding phase:
  1. CE1 sends a common IPv4 packet to PE1.

  2. After receiving the private network packet on an interface bound to a VPN instance, PE1 searches a VRF routing table for an IPv4 prefix matching the destination and finds an associated SRv6 VPN SID and next hop information. PE1 encapsulates the SRv6 VPN SID of A2:1::B100 as a destination address into the IPv6 packet.

  3. PE1 finds the route to A2:1::/64 based on the longest match rule and forwards the packet to the P over the shortest path.

  4. The P finds the route to A2:1::/64 based on the longest match rule and forwards the packet to PE2 over the shortest path.

  5. PE2 searches the local SID table for a behavior matching A2:1::B100, removes the IPv6 packet header, matches the packet against a VPN instance based on the END.DT4 SID, and searches for a matching entry in the VRF routing table for forwarding. The packet is restored to a common IPv4 packet.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055132

Views: 3036

Downloads: 5

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next