SRv6/MPLS L3 Service Interworking Gateway does not work

Soushi Takata · ‎02-01-2022

Thank you for your answer.

I used the NCS55A2-MOD-SE-S and the ASR9901 to create a verification environment for the SRv6/MPLS L3 Service Interworking Gateway.

NCS55-1 is SR-MPLS and NCS55-2 is Gateway and ASR9901 is SRv6.

Version is 7.5.1.

-----------------------------------------------------

[vrf RED] - (NCS55-1) - (NCS55-2) - (ASR9901) - [vrf RED]

SR-MPLS Gateway SRv6

-----------------------------------------------------

I have created a configuration from the manual, but I cannot communicate between L3VPN services.

It looks like the Gateway is getting the prefix information for both routers, but not sending it to the other router.

[Gateway: show bgp vpnv4 unicast]

Route Distinguisher: 1:1 (default for vrf RED)
*>i101.1.1.0/24       1.1.1.1                       100      0 11 i
*>i101.2.2.0/24       b:0:0:2::1                    100      0 21 i

Processed 2 prefixes, 2 paths

[NCS55-1:show bgp vpnv4 unicast summary]

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
1.1.1.3           0 65000      59      58        7    0    0 00:54:55          0

[ASR9901:show bgp vpnv4 unicast summary]

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
b:0:0:3::1        0 65000      56      56        7    0    0 00:52:06          0

However, it looks like the prefix information is being sent from the Gateway to both routers.

[Gateway:show bgp vpnv4 unicast advertised]

Route Distinguisher: 1:1
101.1.1.0/24 is advertised to b:0:0:2::1
  Path info:
    neighbor: 1.1.1.1         neighbor router id: 1.1.1.1
    (Received from a RR-client)  valid  internal  best  import-candidate  imported  reoriginated  with stitching-rt
Received Path ID 0, Local Path ID 1, version 5
  Attributes after inbound policy was applied:
    next hop: 1.1.1.1
    ORG AS LOCAL EXTCOMM
    origin: IGP  neighbor as: 11  local pref: 100
    aspath: 11
    extended community: RT:1:1
  Attributes after outbound policy was applied:
    next hop: 1.1.1.1
    ORG AS LOCAL EXTCOMM
    origin: IGP  neighbor as: 11  local pref: 100
    aspath: 11
    extended community: RT:1:1
    originator: 1.1.1.1    cluster list: 1.1.1.3

Route Distinguisher: 1:1
101.2.2.0/24 is advertised to 1.1.1.1
  Path info:
    neighbor: b:0:0:2::1      neighbor router id: 1.1.1.2
    (Received from a RR-client)  valid  internal  best  import-candidate  imported  reoriginated
Received Path ID 0, Local Path ID 1, version 8
  Attributes after inbound policy was applied:
    next hop: b:0:0:2::1
    ORG AS LOCAL EXTCOMM PSID-L3-SID
    origin: IGP  neighbor as: 21  local pref: 100
    aspath: 21
    extended community: RT:10:1
  Attributes after outbound policy was applied:
    next hop: b:0:0:2::1
    ORG AS LOCAL EXTCOMM PSID-L3-SID
    origin: IGP  neighbor as: 21  local pref: 100
    aspath: 21
    extended community: RT:10:1
    originator: 1.1.1.2    cluster list: 1.1.1.3

Can you figure out what is causing it to not work?

Finally, the configuration of the Gateway is shown below.

[Gateway's configuration.]

vrf RED
 address-family ipv4 unicast
  import route-target
   1:1
   10:1 stitching
  !
  export route-target
   1:1
   10:1 stitching
  !
router isis 1
 is-type level-2-only
 net 13.1113.1113.1113.00
 address-family ipv4 unicast
  metric-style wide
  router-id Loopback0
  segment-routing mpls
 !
 address-family ipv6 unicast
  metric-style wide
  router-id Loopback0
  segment-routing srv6
   locator Loc1
   !
  !
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 3
  !
  address-family ipv6 unicast
  !
 !
 interface GigabitEthernet0/0/0/0
  circuit-type level-2-only
  point-to-point
  address-family ipv4 unicast
  !
 !
 interface GigabitEthernet0/0/0/1
  circuit-type level-2-only
  point-to-point
  address-family ipv6 unicast
  !
router bgp 65000
 bgp router-id 1.1.1.3
 segment-routing srv6
  locator Loc1
 !
 address-family vpnv4 unicast
 !
 neighbor 1.1.1.1
  remote-as 65000
  update-source Loopback0
  address-family vpnv4 unicast
   import reoriginate stitching-rt
   route-reflector-client
   advertise vpnv4 unicast re-originated
  !
 !
 neighbor b:0:0:2::1
  remote-as 65000
  update-source Loopback0
  address-family vpnv4 unicast
   import stitching-rt reoriginate
   route-reflector-client
   encapsulation-type srv6
   advertise vpnv4 unicast re-originated stitching-rt
  !
 !
 vrf RED
  rd 1:1
  address-family ipv4 unicast
   mpls alloc enable
   label mode per-vrf
   segment-routing srv6
    alloc mode per-vrf
   !
segment-routing
 srv6
  encapsulation
   source-address b:0:0:3::1
  !
  locators
   locator Loc1
    prefix b:0:0:3::/64
   !

MHM Cisco World · ‎02-01-2022

follow

Harold Ritter · ‎02-02-2022

Hi @Soushi Takata ,

The gateway should be connected to two different ISIS domains. SRv6 and SR-MPLS. Please refer to the following document for more information.

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-0/segment-routing/configuration/guide/b-segment-routing-cg-asr9000-70x/b-segment-routing-cg-asr9000-70x_chapter_011.html#id_133508

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Soushi Takata · ‎02-02-2022

Hi Harold,

Thank you for your reply.

I have changed the ISIS on the Gateway Router to Multidomain.

router isis 1
 is-type level-2-only
 net 13.1113.1113.1113.00
 address-family ipv4 unicast
  metric-style wide
  router-id Loopback0
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 3
  !
 !
 interface GigabitEthernet0/0/0/0
  circuit-type level-2-only
  point-to-point
  address-family ipv4 unicast
  !
 !
!
router isis 2
 is-type level-2-only
 net 13.1113.1113.1113.00
 address-family ipv6 unicast
  metric-style wide
  router-id Loopback0
  segment-routing srv6
   locator Loc1
   !
  !
 !
 interface Loopback0
  address-family ipv6 unicast
  !
 !
 interface GigabitEthernet0/0/0/1
  circuit-type level-2-only
  point-to-point
  address-family ipv6 unicast
  !

But the situation did not change.

On the other hand, when I tried "debug bgp all" command on NCS55-1 and ASR9901, I got the following message.

[NCS55-1]

bgp[1084]: [default-rtr] (vpn4u): Received UPDATE from 1.1.1.3 with attributes: 
bgp[1084]: [default-rtr] (vpn4u): nexthop 1.1.1.3/32, origin i, localpref 100, originator 1.1.1.2, clusterlist 3.1.1.1, path 21, extended community RT:10:1 
bgp[1084]: [default-rtr] (vpn4u): Received prefix 2ASN:1:1:101.2.2.0/24 (path ID: none) with MPLS label 24002  from neighbor 1.1.1.3
bgp[1084]: [default-rtr] (vpn4u): Prefix 2ASN:1:1:101.2.2.0/24 (path ID: none) received from 1.1.1.3 DENIED RT extended community is not imported locally
bgp[1084]: [default-rtr]: Received UPDATE from 1.1.1.3 (length incl. header = 104)

[ASR9901]

bgp[1087]: [default-rtr] (vpn4u): Received UPDATE from b:0:0:3::1 with attributes:
bgp[1087]: [default-rtr] (vpn4u): nexthop b:0:0:3::1/128, origin i, localpref 100, originator 1.1.1.1, clusterlist 3.1.1.1, path 11, extended community RT:1:1
bgp[1087]: [default-rtr] (vpn4u): Received prefix 2ASN:1:1:101.1.1.0/24 (path ID: none) with MPLS label 1024  from neighbor b:0:0:3::1
bgp[1087]: [default-rtr] (vpn4u): Prefix 2ASN:1:1:101.1.1.0/24 (path ID: none) received from b:0:0:3::1 DENIED RT extended community is not imported locally

Looking at these, it looks like the RT is not being rewritten at the Gateway.

I'm having trouble because the vrf config and bgp config that seem to be relevant here don't seem to be wrong.

Best Regards,

Soushi

Soushi Takata · ‎03-06-2022

Thank you for your answer.

Perhaps this problem has been resolved.

If the RD of the gateway router is different from the other routers(SR-MPLS's PE router and SRv6's PE router), the PE routers can receive the prefix information correctly.

Here is the vpnv4 information for each routers.

[SR-MPLS's PE router]

RP/0/RP0/CPU0:RouterA#show bgp vpnv4 unicast
<snip>
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:0 (default for vrf RED)
*> 101.1.1.0/24       21.1.111.11                            0 11 i
*>i101.2.2.0/24       1.1.1.3                       100      0 21 i
Route Distinguisher: 1.1.1.3:0
*>i101.2.2.0/24       1.1.1.3                       100      0 21 i

[SRv6's PE router]

RP/0/RSP0/CPU0:RouterB#show bgp vpnv4 unicast
<snip>
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.2:0 (default for vrf RED)
*>i101.1.1.0/24       b:0:0:3::1                    100      0 11 i
*> 101.2.2.0/24       21.2.121.12                            0 21 i
Route Distinguisher: 1.1.1.3:0
*>i101.1.1.0/24       b:0:0:3::1                    100      0 11 i

[Gateway router]

RP/0/RP0/CPU0:RouterC#show bgp vpnv4 unicast
<snip>
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:0
*>i101.1.1.0/24       1.1.1.1                       100      0 11 i
Route Distinguisher: 1.1.1.2:0
*>i101.2.2.0/24       b:0:0:2::1                    100      0 21 i
Route Distinguisher: 1.1.1.3:0 (default for vrf RED)
*>i101.1.1.0/24       1.1.1.1                       100      0 11 i
*>i101.2.2.0/24       b:0:0:2::1                    100      0 21 i

Although I do not fully understand the logic, I believe this to be correct since interwork communication is possible.

Best Regards,

Soushi

Harold Ritter · ‎03-06-2022

Hi @Soushi Takata ,

Glad that it is now working for you. Using a separate RD is best practice in general and that is what I have been successfully been testing in my interworking lab.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Soushi Takata · ‎03-06-2022

Hi Harold,

Thank you for your reply.

I too believe that the best solution is to have different RDs.

However, there are examples where the same user uses the same RD at each location.

So I don't understand the logic that RD must be a different value, but I will assume that it is a Cisco Router specification.

Best Regards,

Soushi

Harold Ritter · ‎03-06-2022

Hi @Soushi Takata

> So I don't understand the logic that RD must be a different value, but I will assume that it is a Cisco Router specification.

Thanks for your comment. I certainly think that this restriction should be documented. I will follow up with the appropriate team.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

gdiazmez · ‎12-07-2023

Thank you very much for this information, i have used same RD too initially and when i configured gateway (NCS55A1) with unique RD everything started working. Before RD fix, control plane was broken (no re-origination in any way). Just for reference, i'm making usage of same ISIS L2 domain but splitted only using BGP vpnv4 to try a migration scenario.

Best regards!