-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
535 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,5 +19,3 @@ themes/ | |
# Other | ||
.DS_Store | ||
*.swp | ||
polad.yaml | ||
!examples/sr-mpls_l3vpn/polad/polad.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,189 @@ | ||
# SRv6 TE + VPNv4/VPNv6 | ||
|
||
Example topology powered by [Containerlab](https://containerlab.dev/) | ||
|
||
![](./topo.png) | ||
|
||
## Requirements | ||
* container host (Linux) | ||
* Juniper vMX image | ||
|
||
## Usage | ||
|
||
### Install Containerlab & Juniper vMX | ||
[Install Containerlab](https://containerlab.dev/install/) | ||
```bash | ||
$ sudo bash -c "$(curl -sL https://get.containerlab.dev)" | ||
``` | ||
|
||
Install Juniper vMX on [Vrnetlab](https://containerlab.dev/manual/vrnetlab/) | ||
```bash | ||
$ sudo apt install make | ||
$ git clone https://github.com/hellt/vrnetlab && cd vrnetlab/vmx | ||
$ cp ~/vmx-bundle-22.4R1.10.tgz . | ||
$ sudo make | ||
^Cmake[1]: *** [../makefile-install.include:39: docker-build] Interrupt | ||
make: *** [../makefile.include:9: docker-image] Interrupt | ||
|
||
$ sudo docker images | ||
REPOSITORY TAG IMAGE ID CREATED SIZE | ||
vrnetlab/vr-vmx 22.4R1.10 6d2704750cd7 3 minutes ago 10.8GB | ||
|
||
$ sudo rm -rf vrnetlab | ||
$ sudo docker builder prune -a | ||
``` | ||
|
||
### Building a Lab Network | ||
Create bridge | ||
```bash | ||
$ sudo ip link add switch type bridge | ||
$ sudo ip link set dev switch up | ||
``` | ||
|
||
Start Containerlab network | ||
```bash | ||
$ git clone https://github.com/nttcom/pola | ||
$ cd pola/examples/containerlab/srv6_te_l3vpn | ||
|
||
$ sudo containerlab deploy | ||
``` | ||
|
||
Wait for starting vMX after execute `sudo containerlab deploy` (it takes some time). | ||
```bash | ||
$ docker logs clab-srv6_te_l3vpn-pe01 -f | ||
<snip.> | ||
2023-02-20 15:03:26,233: launch INFO Startup complete in: 0:09:06.969773 | ||
``` | ||
|
||
### Apply SR Policy | ||
Connect to PCEP container, check PCEP session and SR policy | ||
```bash | ||
$ sudo docker exec -it clab-srv6_te_l3vpn-pola-pce bash | ||
|
||
# polad -f polad.yaml > /dev/null 2>&1 & | ||
|
||
# pola session | ||
sessionAddr(0): fd00::1 | ||
sessionAddr(1): fd00::2 | ||
|
||
# pola sr-policy list | ||
no SR Policies | ||
``` | ||
|
||
Apply and check SR Policy | ||
```bash | ||
# pola sr-policy add -f pe01-policy1.yaml --no-link-state | ||
success! | ||
# pola sr-policy add -f pe02-policy1.yaml --no-link-state | ||
success! | ||
|
||
# pola sr-policy list | ||
Session: fd00::1 | ||
PolicyName: pe01-policy1 | ||
SrcAddr: fd00:ffff::1 | ||
DstAddr: fd00:ffff:2:0:1:: | ||
Color: 1 | ||
Preference: 100 | ||
SegmentList: fd00:ffff:3:0:1:: -> fd00:ffff:4:0:1:: | ||
|
||
Session: fd00::2 | ||
PolicyName: pe02-policy1 | ||
SrcAddr: fd00:ffff::2 | ||
DstAddr: fd00:ffff:1:0:1:: | ||
Color: 1 | ||
Preference: 100 | ||
SegmentList: fd00:ffff:3:0:1:: -> fd00:ffff:1:0:1:: | ||
``` | ||
|
||
Enter container pe01 and check SR Policy | ||
* user: admin | ||
* pass: admin@123 | ||
```bash | ||
# exit | ||
$ ssh clab-srv6_te_l3vpn-pe01 -l admin | ||
|
||
admin@pe01> show path-computation-client lsp | ||
|
||
Name Status PLSP-Id LSP-Type Controller Path-Setup-Type Template | ||
pe01-policy1 (Act) 1 ext-provised POLA-PCE srv6-te | ||
|
||
admin@pe01> show spring-traffic-engineering lsp detail | ||
Name: pe01-policy1 | ||
Tunnel-source: Path computation element protocol(PCEP) | ||
Tunnel Forward Type: SRV6 | ||
To: fd00:ffff:2:0:1::-1<c6> | ||
From: fd00:ffff::1 | ||
State: Up | ||
Path Status: NA | ||
Outgoing interface: NA | ||
Auto-translate status: Disabled Auto-translate result: N/A | ||
BFD status: N/A BFD name: N/A | ||
BFD remote-discriminator: N/A | ||
Segment ID : 129 | ||
ERO Valid: false | ||
SR-ERO hop count: 2 | ||
Hop 1 (Strict): | ||
NAI: None | ||
SID type: srv6-sid, Value: fd00:ffff:3:0:1:: | ||
Hop 2 (Strict): | ||
NAI: None | ||
SID type: srv6-sid, Value: fd00:ffff:4:0:1:: | ||
|
||
admin@pe01> show route table CUST-A.inet.0 192.168.2.0/24 | ||
|
||
CUST-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) | ||
+ = Active Route, - = Last Active, * = Both | ||
|
||
192.168.2.0/24 *[BGP/170] 00:32:05, localpref 100, from fd00:ffff::2 | ||
AS path: I, validation-state: unverified | ||
> to fe80::5254:ff:feac:7101 via ge-0/0/0.0, SRV6-Tunnel, Dest: fd00:ffff:2:0:1::-1<c6> | ||
|
||
admin@pe01> show route table CUST-A.inet6.0 fd00:a2::/64 | ||
|
||
CUST-A.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) | ||
+ = Active Route, - = Last Active, * = Both | ||
|
||
fd00:a2::/64 *[BGP/170] 00:32:08, localpref 100, from fd00:ffff::2 | ||
AS path: I, validation-state: unverified | ||
> to fe80::5254:ff:feac:7101 via ge-0/0/0.0, SRV6-Tunnel, Dest: fd00:ffff:2:0:1::-1<c6> | ||
``` | ||
|
||
Enter container host01 and check SRv6-TE | ||
|
||
* ping over VPN | ||
```bash | ||
admin@pe01> exit | ||
|
||
$ docker exec -it clab-srv6_te_l3vpn-host01 /bin/bash | ||
|
||
bash-5.1# ping 192.168.2.1 | ||
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. | ||
64 bytes from 192.168.2.1: icmp_seq=1 ttl=62 time=3.05 ms | ||
64 bytes from 192.168.2.1: icmp_seq=2 ttl=62 time=2.57 ms | ||
64 bytes from 192.168.2.1: icmp_seq=3 ttl=62 time=2.70 ms | ||
|
||
bash-5.1# ping fd00:a2::1 | ||
PING fd00:a2::1(fd00:a2::1) 56 data bytes | ||
64 bytes from fd00:a2::1: icmp_seq=1 ttl=62 time=2.83 ms | ||
64 bytes from fd00:a2::1: icmp_seq=2 ttl=62 time=2.63 ms | ||
64 bytes from fd00:a2::1: icmp_seq=3 ttl=62 time=2.94 ms | ||
``` | ||
|
||
* Capture on containerlab host | ||
```bash | ||
$ sudo ip netns exec clab-srv6_te_l3vpn-pe01 tcpdump -nni eth1 | ||
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
^C01:05:32.064070 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt] | ||
01:05:32.066018 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt] | ||
01:05:33.064501 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt] | ||
01:05:33.066597 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt] | ||
01:05:34.065873 IP6 fd00:ffff::1 > fd00:ffff:3:0:1::: srcrt (len=4, type=4, segleft=1[|srcrt] | ||
01:05:34.067531 IP6 fd00:ffff::2 > fd00:ffff:1:0:4:a::: srcrt (len=4, type=4, segleft=0[|srcrt] | ||
``` | ||
Also, you can analyze with Wireshark on your Local PC ([ref: Packet capture & Wireshark](https://containerlab.dev/manual/wireshark/)). | ||
```bash | ||
ssh $clab_host "sudo -S ip netns exec clab-srv6_te_l3vpn-pe01 tcpdump -U -nni eth1 -w -" | wireshark -k -i - | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
global: | ||
pcep: | ||
address: "[fd00::ffff]" | ||
port: 4189 | ||
grpc-server: | ||
address: "127.0.0.1" | ||
port: 50051 | ||
log: | ||
path: "/var/log/pola/" | ||
name: "polad.log" | ||
ted: | ||
enable: false |
11 changes: 11 additions & 0 deletions
11
examples/containerlab/srv6_te_l3vpn/sr-policies/pe01-policy1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
srPolicy: | ||
pcepSessionAddr: "fd00::1" | ||
srcAddr: "fd00:ffff::1" | ||
dstAddr: "fd00:ffff:2:0:1::" | ||
name: pe01-policy1 | ||
color: 1 | ||
segmentList: | ||
- sid: "fd00:ffff:3:0:1::" | ||
nai: "fd00:ffff::3" | ||
- sid: "fd00:ffff:4:0:1::" | ||
nai: "fd00:ffff::4" |
13 changes: 13 additions & 0 deletions
13
examples/containerlab/srv6_te_l3vpn/sr-policies/pe02-policy1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
srPolicy: | ||
pcepSessionAddr: "fd00::2" | ||
srcAddr: "fd00:ffff::2" | ||
dstAddr: "fd00:ffff:1:0:1::" | ||
name: pe02-policy1 | ||
color: 1 | ||
segmentList: | ||
- sid: "fd00:ffff:3:0:1::" | ||
nai: "fd00:ffff::3" | ||
- sid: "fd00:ffff:4:0:1::" | ||
nai: "fd00:ffff::4" | ||
- sid: "fd00:ffff:3:0:1::" | ||
nai: "fd00:ffff::3" |
62 changes: 62 additions & 0 deletions
62
examples/containerlab/srv6_te_l3vpn/srv6_te_l3vpn.clab.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
name: srv6_te_l3vpn | ||
|
||
topology: | ||
kinds: | ||
vr-vmx: | ||
image: vrnetlab/vr-vmx:22.4R1.10 | ||
|
||
nodes: | ||
pola-pce: | ||
kind: linux | ||
image: ghcr.io/nttcom/pola:latest | ||
binds: | ||
- polad/polad.yaml:/polad.yaml | ||
- sr-policies/pe01-policy1.yaml:/pe01-policy1.yaml | ||
- sr-policies/pe02-policy1.yaml:/pe02-policy1.yaml | ||
exec: | ||
- ip -6 addr add fd00::ffff/64 dev eth1 | ||
pe01: | ||
kind: vr-vmx | ||
startup-config: startup-configs/pe01.cfg | ||
pe02: | ||
kind: vr-vmx | ||
startup-config: startup-configs/pe02.cfg | ||
p01: | ||
kind: vr-vmx | ||
startup-config: startup-configs/p01.cfg | ||
p02: | ||
kind: vr-vmx | ||
startup-config: startup-configs/p02.cfg | ||
host01: | ||
kind: linux | ||
image: wbitt/network-multitool:latest | ||
exec: | ||
- ip -4 addr add 192.168.1.1/24 dev eth1 | ||
- ip -4 route add 192.168.2.0/24 via 192.168.1.254 | ||
- ip -6 addr add fd00:a1::1/64 dev eth1 | ||
- ip -6 route add fd00:a2::/64 via fd00:a1::ffff | ||
host02: | ||
kind: linux | ||
image: wbitt/network-multitool:latest | ||
exec: | ||
- ip -4 addr add 192.168.2.1/24 dev eth1 | ||
- ip -4 route add 192.168.1.0/24 via 192.168.2.254 | ||
- ip -6 addr add fd00:a2::1/64 dev eth1 | ||
- ip -6 route add fd00:a1::/64 via fd00:a2::ffff | ||
switch: | ||
kind: bridge | ||
|
||
links: | ||
# SRv6 domain | ||
- endpoints: ["pe01:eth1", "p01:eth1"] | ||
- endpoints: ["pe01:eth2", "p02:eth1"] | ||
- endpoints: ["pe02:eth1", "p01:eth2"] | ||
- endpoints: ["pe02:eth2", "p02:eth2"] | ||
- endpoints: ["p01:eth3", "p02:eth3"] | ||
# cust-A hosts | ||
- endpoints: ["pe01:eth3", "host01:eth1"] | ||
- endpoints: ["pe02:eth3", "host02:eth1"] | ||
# Switch | ||
- endpoints: ["pola-pce:eth1", "switch:eth1"] | ||
- endpoints: ["pe01:eth4", "switch:eth2"] | ||
- endpoints: ["pe02:eth4", "switch:eth3"] |
29 changes: 29 additions & 0 deletions
29
examples/containerlab/srv6_te_l3vpn/startup-configs/p01.cfg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
configure | ||
set chassis network-services enhanced-ip | ||
set interfaces ge-0/0/0 description to:pe01 | ||
set interfaces ge-0/0/0 unit 0 family iso | ||
set interfaces ge-0/0/0 unit 0 family inet6 | ||
set interfaces ge-0/0/1 description to:pe02 | ||
set interfaces ge-0/0/1 unit 0 family iso | ||
set interfaces ge-0/0/1 unit 0 family inet6 | ||
set interfaces ge-0/0/2 description to:p02 | ||
set interfaces ge-0/0/2 unit 0 family iso | ||
set interfaces ge-0/0/2 unit 0 family inet6 | ||
set interfaces lo0 unit 0 family iso address 49.0000.0000.0aff.0003.00 | ||
set interfaces lo0 unit 0 family inet6 address fd00:ffff::3/128 | ||
set routing-options source-packet-routing srv6 locator LOC1 fd00:ffff:3::/64 | ||
set routing-options resolution preserve-nexthop-hierarchy | ||
set routing-options router-id 10.255.0.3 | ||
set routing-options autonomous-system 65000 | ||
set routing-options forwarding-table srv6-chain-merge | ||
set protocols isis interface ge-0/0/0.0 point-to-point | ||
set protocols isis interface ge-0/0/1.0 point-to-point | ||
set protocols isis interface ge-0/0/2.0 point-to-point | ||
set protocols isis interface lo0.0 passive | ||
set protocols isis source-packet-routing srv6 locator LOC1 end-sid fd00:ffff:3:0:1:: | ||
set protocols isis level 1 disable | ||
set protocols isis level 2 wide-metrics-only | ||
set protocols isis no-ipv4-routing | ||
set protocols isis topologies ipv6-unicast | ||
set protocols source-packet-routing srv6 | ||
commit |
29 changes: 29 additions & 0 deletions
29
examples/containerlab/srv6_te_l3vpn/startup-configs/p02.cfg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
configure | ||
set chassis network-services enhanced-ip | ||
set interfaces ge-0/0/0 description to:pe01 | ||
set interfaces ge-0/0/0 unit 0 family iso | ||
set interfaces ge-0/0/0 unit 0 family inet6 | ||
set interfaces ge-0/0/1 description to:pe02 | ||
set interfaces ge-0/0/1 unit 0 family iso | ||
set interfaces ge-0/0/1 unit 0 family inet6 | ||
set interfaces ge-0/0/2 description to:p02 | ||
set interfaces ge-0/0/2 unit 0 family iso | ||
set interfaces ge-0/0/2 unit 0 family inet6 | ||
set interfaces lo0 unit 0 family iso address 49.0000.0000.0aff.0004.00 | ||
set interfaces lo0 unit 0 family inet6 address fd00:ffff::4/128 | ||
set routing-options source-packet-routing srv6 locator LOC1 fd00:ffff:4::/64 | ||
set routing-options resolution preserve-nexthop-hierarchy | ||
set routing-options router-id 10.255.0.4 | ||
set routing-options autonomous-system 65000 | ||
set routing-options forwarding-table srv6-chain-merge | ||
set protocols isis interface ge-0/0/0.0 point-to-point | ||
set protocols isis interface ge-0/0/1.0 point-to-point | ||
set protocols isis interface ge-0/0/2.0 point-to-point | ||
set protocols isis interface lo0.0 passive | ||
set protocols isis source-packet-routing srv6 locator LOC1 end-sid fd00:ffff:4:0:1:: | ||
set protocols isis level 1 disable | ||
set protocols isis level 2 wide-metrics-only | ||
set protocols isis no-ipv4-routing | ||
set protocols isis topologies ipv6-unicast | ||
set protocols source-packet-routing srv6 | ||
commit |
Oops, something went wrong.