Add srv6_te_l3vpn example

.gitignore

@@ -19,5 +19,3 @@ themes/
 # Other
 .DS_Store
 *.swp
-polad.yaml
-!examples/sr-mpls_l3vpn/polad/polad.yaml

README.md

@@ -13,7 +13,9 @@ PCEP Library and Stateful PCE Implementation with Go
 
 ## Installation & Use
 - [Getting Started](docs/sources/getting-started.md)
-- [Tinet Example](examples/tinet/sr-mpls_te_l3vpn)
+- Examples (powered by [Containerlab](https://containerlab.dev/)/[Tinet](https://github.com/tinynetwork/tinet))
+  - [SR-MPLS Example](examples/tinet/sr-mpls_te_l3vpn)
+  - [SRv6 Example](examples/containerlab/srv6_te_l3vpn)
 
 ## Interoperability
 - Cisco IOS-XR

cmd/.gitignore

@@ -0,0 +1 @@
+*.yaml

examples/containerlab/srv6_te_l3vpn/README.md

@@ -0,0 +1,189 @@
+# SRv6 TE + VPNv4/VPNv6
+
+Example topology powered by [Containerlab](https://containerlab.dev/)
+
+![](./topo.png)
+
+## Requirements
+* container host (Linux)
+* Juniper vMX image
+
+## Usage
+
+### Install Containerlab & Juniper vMX
+[Install Containerlab](https://containerlab.dev/install/)
+```bash
+$ sudo bash -c "$(curl -sL https://get.containerlab.dev)"
+```
+
+Install Juniper vMX on [Vrnetlab](https://containerlab.dev/manual/vrnetlab/)
+```bash
+$ sudo apt install make
+$ git clone https://github.com/hellt/vrnetlab && cd vrnetlab/vmx
+$ cp ~/vmx-bundle-22.4R1.10.tgz .
+$ sudo make
+^Cmake[1]: *** [../makefile-install.include:39: docker-build] Interrupt
+make: *** [../makefile.include:9: docker-image] Interrupt
+
+$ sudo docker images                                       
+REPOSITORY            TAG         IMAGE ID       CREATED         SIZE
+vrnetlab/vr-vmx       22.4R1.10   6d2704750cd7   3 minutes ago   10.8GB
+
+$ sudo rm -rf vrnetlab
+$ sudo docker builder prune -a
+```
+
+### Building a Lab Network
+Create bridge
+```bash
+$ sudo ip link add switch type bridge
+$ sudo ip link set dev switch up
+```
+
+Start Containerlab network
+```bash
+$ git clone https://github.com/nttcom/pola
+$ cd pola/examples/containerlab/srv6_te_l3vpn
+
+$ sudo containerlab deploy
+```
+
+Wait for starting vMX after execute `sudo containerlab deploy` (it takes some time).
+```bash
+$ docker logs clab-srv6_te_l3vpn-pe01 -f
+<snip.>
+2023-02-20 15:03:26,233: launch     INFO     Startup complete in: 0:09:06.969773
+```
+
+### Apply SR Policy
+Connect to PCEP container, check PCEP session and SR policy
+```bash
+$ sudo docker exec -it clab-srv6_te_l3vpn-pola-pce bash
+
+# polad -f polad.yaml  > /dev/null 2>&1 & 
+
+# pola session
+sessionAddr(0): fd00::1
+sessionAddr(1): fd00::2
+
+# pola sr-policy list
+no SR Policies
+```
+
+Apply and check SR Policy
+```bash
+# pola sr-policy add -f pe01-policy1.yaml --no-link-state
+success!
+# pola sr-policy add -f pe02-policy1.yaml --no-link-state
+success!
+
+# pola sr-policy list
+Session: fd00::1
+  PolicyName: pe01-policy1
+    SrcAddr: fd00:ffff::1
+    DstAddr: fd00:ffff:2:0:1::
+    Color: 1
+    Preference: 100
+    SegmentList: fd00:ffff:3:0:1:: -> fd00:ffff:4:0:1::
+
+Session: fd00::2
+  PolicyName: pe02-policy1
+    SrcAddr: fd00:ffff::2
+    DstAddr: fd00:ffff:1:0:1::
+    Color: 1
+    Preference: 100
+    SegmentList: fd00:ffff:3:0:1:: -> fd00:ffff:1:0:1::
+```
+
+Enter container pe01 and check SR Policy
+* user: admin
+* pass: admin@123
+```bash
+# exit
+$ ssh clab-srv6_te_l3vpn-pe01 -l admin
+
+admin@pe01> show path-computation-client lsp
+
+  Name                                Status            PLSP-Id  LSP-Type       Controller       Path-Setup-Type       Template
+  pe01-policy1                        (Act)             1        ext-provised   POLA-PCE         srv6-te
+
+admin@pe01> show spring-traffic-engineering lsp detail
+Name: pe01-policy1
+  Tunnel-source: Path computation element protocol(PCEP)
+  Tunnel Forward Type: SRV6
+  To: fd00:ffff:2:0:1::-1<c6>
+  From: fd00:ffff::1
+  State: Up
+    Path Status: NA
+    Outgoing interface: NA
+    Auto-translate status: Disabled Auto-translate result: N/A
+    BFD status: N/A BFD name: N/A
+    BFD remote-discriminator: N/A
+    Segment ID : 129
+    ERO Valid: false
+      SR-ERO hop count: 2
+        Hop 1 (Strict):
+          NAI: None
+          SID type: srv6-sid, Value: fd00:ffff:3:0:1::
+        Hop 2 (Strict):
+          NAI: None
+          SID type: srv6-sid, Value: fd00:ffff:4:0:1::
+
+admin@pe01> show route table CUST-A.inet.0 192.168.2.0/24
+
+CUST-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
++ = Active Route, - = Last Active, * = Both
+
+192.168.2.0/24     *[BGP/170] 00:32:05, localpref 100, from fd00:ffff::2
+                      AS path: I, validation-state: unverified
+                    >  to fe80::5254:ff:feac:7101 via ge-0/0/0.0, SRV6-Tunnel, Dest: fd00:ffff:2:0:1::-1<c6>
+
+admin@pe01> show route table CUST-A.inet6.0 fd00:a2::/64
+
+CUST-A.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
++ = Active Route, - = Last Active, * = Both
+
+fd00:a2::/64       *[BGP/170] 00:32:08, localpref 100, from fd00:ffff::2
+                      AS path: I, validation-state: unverified
+                    >  to fe80::5254:ff:feac:7101 via ge-0/0/0.0, SRV6-Tunnel, Dest: fd00:ffff:2:0:1::-1<c6>
+```
+
+Enter container host01 and check SRv6-TE
+
+* ping over VPN
+```bash
+admin@pe01> exit
+
+$ docker exec -it  clab-srv6_te_l3vpn-host01 /bin/bash
+
+bash-5.1# ping 192.168.2.1
+PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
+64 bytes from 192.168.2.1: icmp_seq=1 ttl=62 time=3.05 ms
+64 bytes from 192.168.2.1: icmp_seq=2 ttl=62 time=2.57 ms
+64 bytes from 192.168.2.1: icmp_seq=3 ttl=62 time=2.70 ms
+
+bash-5.1# ping fd00:a2::1
+PING fd00:a2::1(fd00:a2::1) 56 data bytes
+64 bytes from fd00:a2::1: icmp_seq=1 ttl=62 time=2.83 ms
+64 bytes from fd00:a2::1: icmp_seq=2 ttl=62 time=2.63 ms
+64 bytes from fd00:a2::1: icmp_seq=3 ttl=62 time=2.94 ms
+```
+
+* Capture on containerlab host
+```bash
+$ sudo ip netns exec clab-srv6_te_l3vpn-pe01 tcpdump -nni eth1
+tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
+listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
+^C01:05:32.064070 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt]
+01:05:32.066018 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt]
+01:05:33.064501 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt]
+01:05:33.066597 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt]
+01:05:34.065873 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt]
+01:05:34.067531 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt]
+```
+
+Also, you can analyze with Wireshark on your Local PC ([ref: Packet capture & Wireshark](https://containerlab.dev/manual/wireshark/)).
+
+```bash
+ssh $clab_host "sudo -S ip netns exec clab-srv6_te_l3vpn-pe01 tcpdump -U -nni eth1 -w -"  | wireshark -k -i -
+```

examples/containerlab/srv6_te_l3vpn/polad/polad.yaml

@@ -0,0 +1,12 @@
+global:
+  pcep:
+    address: "[fd00::ffff]"
+    port: 4189
+  grpc-server:
+    address: "127.0.0.1"
+    port: 50051
+  log:
+    path: "/var/log/pola/"
+    name: "polad.log"
+  ted:
+    enable: false

examples/containerlab/srv6_te_l3vpn/sr-policies/pe01-policy1.yaml

@@ -0,0 +1,11 @@
+srPolicy:
+  pcepSessionAddr: "fd00::1"
+  srcAddr: "fd00:ffff::1"
+  dstAddr: "fd00:ffff:2:0:1::"
+  name: pe01-policy1
+  color: 1
+  segmentList:
+    - sid: "fd00:ffff:3:0:1::"
+      nai: "fd00:ffff::3"
+    - sid: "fd00:ffff:4:0:1::"
+      nai: "fd00:ffff::4"

examples/containerlab/srv6_te_l3vpn/sr-policies/pe02-policy1.yaml

@@ -0,0 +1,13 @@
+srPolicy:
+  pcepSessionAddr: "fd00::2"
+  srcAddr: "fd00:ffff::2"
+  dstAddr: "fd00:ffff:1:0:1::"
+  name: pe02-policy1
+  color: 1
+  segmentList:
+    - sid: "fd00:ffff:3:0:1::"
+      nai: "fd00:ffff::3"
+    - sid: "fd00:ffff:4:0:1::"
+      nai: "fd00:ffff::4"
+    - sid: "fd00:ffff:3:0:1::"
+      nai: "fd00:ffff::3"

examples/containerlab/srv6_te_l3vpn/srv6_te_l3vpn.clab.yml

@@ -0,0 +1,62 @@
+name: srv6_te_l3vpn
+
+topology:
+  kinds:
+    vr-vmx:
+      image: vrnetlab/vr-vmx:22.4R1.10
+
+  nodes:
+    pola-pce:
+      kind: linux
+      image: ghcr.io/nttcom/pola:latest
+      binds:
+        - polad/polad.yaml:/polad.yaml
+        - sr-policies/pe01-policy1.yaml:/pe01-policy1.yaml
+        - sr-policies/pe02-policy1.yaml:/pe02-policy1.yaml
+      exec:
+        - ip -6 addr add fd00::ffff/64 dev eth1
+    pe01:
+      kind: vr-vmx
+      startup-config: startup-configs/pe01.cfg
+    pe02:
+      kind: vr-vmx
+      startup-config: startup-configs/pe02.cfg
+    p01:
+      kind: vr-vmx
+      startup-config: startup-configs/p01.cfg
+    p02:
+      kind: vr-vmx
+      startup-config: startup-configs/p02.cfg
+    host01:
+      kind: linux
+      image: wbitt/network-multitool:latest
+      exec:
+        - ip -4 addr add 192.168.1.1/24 dev eth1
+        - ip -4 route add 192.168.2.0/24 via 192.168.1.254
+        - ip -6 addr add fd00:a1::1/64 dev eth1
+        - ip -6 route add fd00:a2::/64 via fd00:a1::ffff
+    host02:
+      kind: linux
+      image: wbitt/network-multitool:latest
+      exec:
+        - ip -4 addr add 192.168.2.1/24 dev eth1
+        - ip -4 route add 192.168.1.0/24 via 192.168.2.254
+        - ip -6 addr add fd00:a2::1/64 dev eth1
+        - ip -6 route add fd00:a1::/64 via fd00:a2::ffff
+    switch:
+      kind: bridge
+
+  links:
+    # SRv6 domain
+    - endpoints: ["pe01:eth1", "p01:eth1"]
+    - endpoints: ["pe01:eth2", "p02:eth1"]
+    - endpoints: ["pe02:eth1", "p01:eth2"]
+    - endpoints: ["pe02:eth2", "p02:eth2"]
+    - endpoints: ["p01:eth3", "p02:eth3"]
+    # cust-A hosts
+    - endpoints: ["pe01:eth3", "host01:eth1"]
+    - endpoints: ["pe02:eth3", "host02:eth1"]
+    # Switch
+    - endpoints: ["pola-pce:eth1", "switch:eth1"]
+    - endpoints: ["pe01:eth4", "switch:eth2"]
+    - endpoints: ["pe02:eth4", "switch:eth3"]

examples/containerlab/srv6_te_l3vpn/startup-configs/p01.cfg

@@ -0,0 +1,29 @@
+configure
+set chassis network-services enhanced-ip
+set interfaces ge-0/0/0 description to:pe01
+set interfaces ge-0/0/0 unit 0 family iso
+set interfaces ge-0/0/0 unit 0 family inet6
+set interfaces ge-0/0/1 description to:pe02
+set interfaces ge-0/0/1 unit 0 family iso
+set interfaces ge-0/0/1 unit 0 family inet6
+set interfaces ge-0/0/2 description to:p02
+set interfaces ge-0/0/2 unit 0 family iso
+set interfaces ge-0/0/2 unit 0 family inet6
+set interfaces lo0 unit 0 family iso address 49.0000.0000.0aff.0003.00
+set interfaces lo0 unit 0 family inet6 address fd00:ffff::3/128
+set routing-options source-packet-routing srv6 locator LOC1 fd00:ffff:3::/64
+set routing-options resolution preserve-nexthop-hierarchy
+set routing-options router-id 10.255.0.3
+set routing-options autonomous-system 65000
+set routing-options forwarding-table srv6-chain-merge
+set protocols isis interface ge-0/0/0.0 point-to-point
+set protocols isis interface ge-0/0/1.0 point-to-point
+set protocols isis interface ge-0/0/2.0 point-to-point
+set protocols isis interface lo0.0 passive
+set protocols isis source-packet-routing srv6 locator LOC1 end-sid fd00:ffff:3:0:1::
+set protocols isis level 1 disable
+set protocols isis level 2 wide-metrics-only
+set protocols isis no-ipv4-routing
+set protocols isis topologies ipv6-unicast
+set protocols source-packet-routing srv6
+commit

examples/containerlab/srv6_te_l3vpn/startup-configs/p02.cfg

@@ -0,0 +1,29 @@
+configure
+set chassis network-services enhanced-ip
+set interfaces ge-0/0/0 description to:pe01
+set interfaces ge-0/0/0 unit 0 family iso
+set interfaces ge-0/0/0 unit 0 family inet6
+set interfaces ge-0/0/1 description to:pe02
+set interfaces ge-0/0/1 unit 0 family iso
+set interfaces ge-0/0/1 unit 0 family inet6
+set interfaces ge-0/0/2 description to:p02
+set interfaces ge-0/0/2 unit 0 family iso
+set interfaces ge-0/0/2 unit 0 family inet6
+set interfaces lo0 unit 0 family iso address 49.0000.0000.0aff.0004.00
+set interfaces lo0 unit 0 family inet6 address fd00:ffff::4/128
+set routing-options source-packet-routing srv6 locator LOC1 fd00:ffff:4::/64
+set routing-options resolution preserve-nexthop-hierarchy
+set routing-options router-id 10.255.0.4
+set routing-options autonomous-system 65000
+set routing-options forwarding-table srv6-chain-merge
+set protocols isis interface ge-0/0/0.0 point-to-point
+set protocols isis interface ge-0/0/1.0 point-to-point
+set protocols isis interface ge-0/0/2.0 point-to-point
+set protocols isis interface lo0.0 passive
+set protocols isis source-packet-routing srv6 locator LOC1 end-sid fd00:ffff:4:0:1::
+set protocols isis level 1 disable
+set protocols isis level 2 wide-metrics-only
+set protocols isis no-ipv4-routing
+set protocols isis topologies ipv6-unicast
+set protocols source-packet-routing srv6
+commit