dokuwiki_content = """
====== SRv6 L3VPN Topology & Configuration (Cleaned & Documented) ======
===== 1. Summary =====
This document details the configuration of a multi-tenant **SRv6 L3VPN** environment deployed using Containerlab and FRRouting (FRR). The network provides fully isolated, segmented Layer 3 Virtual Private Network (L3VPN) connectivity for two separate tenants: **Client RED** and **Client BLUE**.
==== 1.1 Architecture & Design Highlights ====
* **Underlay Routing**: IS-IS serves as the Interior Gateway Protocol (IGP) with Segment Routing over IPv6 (SRv6) extensions enabled.
* **Overlay Routing**: Multiprotocol iBGP (MP-BGP) exchanges **VPNv4** and **VPNv6** routes. Global IPv4/IPv6 unicast address families are disabled globally to ensure a clean, dedicated VPN-only overlay.
* **Route Reflectors**: Dual redundant Route Reflectors (RR1 and RR2) distribute overlay routing cleanly across the network, avoiding a complex full-mesh configuration between PEs.
* **Network Isolation**: Dedicated tenant routing is isolated using Linux VRF tables (RED and BLUE) bound to the physical interfaces.
* **Data-Plane MTU Engineering**: The Core transit MTU is explicitly engineered to **1578 bytes** to accommodate the heavy overhead of SRv6 headers (IPv6 header + Segment Routing Header + 128-bit VPN SIDs) so that standard client frames (1500-byte MTU) bypass core fragmentation or dropping.
----
===== 2. Containerlab Topology (clab topo) =====
The topology features 4 Provider Edge (PE) routers, 6 Provider Core (P) routers, 2 Route Reflectors (RRs), and Alpine client containers for testing.
name: srv6-l3vpn
mgmt:
network: clab-mgmt-net
ipv4-subnet: 172.99.20.0/24
ipv6-subnet: ""
topology:
nodes:
rr1:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- rr1/daemons:/etc/frr/daemons
- rr1/frr.conf:/etc/frr/frr.conf
- rr1/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
rr2:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- rr2/daemons:/etc/frr/daemons
- rr2/frr.conf:/etc/frr/frr.conf
- rr2/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
p1:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p1/daemons:/etc/frr/daemons
- p1/frr.conf:/etc/frr/frr.conf
- p1/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
p2:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p2/daemons:/etc/frr/daemons
- p2/frr.conf:/etc/frr/frr.conf
- p2/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth4.seg6_enabled=1
p3:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p3/daemons:/etc/frr/daemons
- p3/frr.conf:/etc/frr/frr.conf
- p3/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
p4:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p4/daemons:/etc/frr/daemons
- p4/frr.conf:/etc/frr/frr.conf
- p4/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
p5:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p5/daemons:/etc/frr/daemons
- p5/frr.conf:/etc/frr/frr.conf
- p5/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth4.seg6_enabled=1
p6:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- p6/daemons:/etc/frr/daemons
- p6/frr.conf:/etc/frr/frr.conf
- p6/vtysh.conf:/etc/frr/vtysh.conf
exec:
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth3.seg6_enabled=1
pe1:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- pe1/daemons:/etc/frr/daemons
- pe1/frr.conf:/etc/frr/frr.conf
- pe1/vtysh.conf:/etc/frr/vtysh.conf
exec:
- sleep 4
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- ip link add RED type vrf table 10
- ip link add BLUE type vrf table 11
- ip link set eth2 master RED
- ip link set eth3 master BLUE
- ip link set RED up
- ip link set BLUE up
- sysctl -w net.ipv4.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
pe4:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- pe4/daemons:/etc/frr/daemons
- pe4/frr.conf:/etc/frr/frr.conf
- pe4/vtysh.conf:/etc/frr/vtysh.conf
exec:
- sleep 4
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- ip link add RED type vrf table 10
- ip link add BLUE type vrf table 11
- ip link set eth2 master RED
- ip link set eth3 master BLUE
- ip link set RED up
- ip link set BLUE up
- sysctl -w net.ipv4.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
pe3:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- pe3/daemons:/etc/frr/daemons
- pe3/frr.conf:/etc/frr/frr.conf
- pe3/vtysh.conf:/etc/frr/vtysh.conf
exec:
- sleep 4
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- ip link add RED type vrf table 10
- ip link add BLUE type vrf table 11
- ip link set eth2 master RED
- ip link set eth3 master BLUE
- ip link set RED up
- ip link set BLUE up
- sysctl -w net.ipv4.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
pe6:
kind: linux
image: quay.io/frrouting/frr:10.6.1
cmd: bash -c "ip link add sr0 type dummy; ip link set sr0 up; /usr/lib/frr/frrinit.sh start && tail -f /dev/null"
sysctls:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.forwarding: 1
net.ipv6.conf.all.forwarding: 1
net.ipv6.conf.default.forwarding: 1
net.ipv6.seg6_flowlabel: 1
net.ipv6.conf.default.seg6_enabled: 1
net.ipv6.conf.all.seg6_enabled: 1
net.vrf.strict_mode: 1
net.ipv6.conf.all.accept_source_route: 1
binds:
- pe6/daemons:/etc/frr/daemons
- pe6/frr.conf:/etc/frr/frr.conf
- pe6/vtysh.conf:/etc/frr/vtysh.conf
exec:
- sleep 4
- ip link add dummy0 type dummy
- ip link set dummy0 up
- ip link add sr0 type dummy
- ip link set sr0 up
- ip link add RED type vrf table 10
- ip link add BLUE type vrf table 11
- ip link set eth2 master RED
- ip link set eth3 master BLUE
- ip link set RED up
- ip link set BLUE up
- sysctl -w net.ipv4.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.forwarding=1
- sysctl -w net.ipv6.conf.sr0.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth1.seg6_enabled=1
- sysctl -w net.ipv6.conf.eth2.seg6_enabled=1
clientred-1:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.131.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.131.1
- ip -6 address add fdd8:8b9e:07c5::2/64 dev eth1
- ip -6 route add ::/0 via fdd8:8b9e:07c5::1
clientred-3:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.133.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.133.1
- ip -6 address add fdf2:f16f:a002::2/64 dev eth1
- ip -6 route add ::/0 via fdf2:f16f:a002::1
clientred-4:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.134.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.134.1
- ip -6 address add fde4:1b4c:2ef0::2/64 dev eth1
- ip -6 route add ::/0 via fde4:1b4c:2ef0::1
clientred-6:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.136.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.136.1
- ip -6 address add fdcb:a001:3440::2/64 dev eth1
- ip -6 route add ::/0 via fdcb:a001:3440::1
clientblue-1:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.231.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.231.1
- ip -6 address add fdd9:8b9e:07c5::2/64 dev eth1
- ip -6 route add ::/0 via fdd9:8b9e:07c5::1
clientblue-3:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.233.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.233.1
- ip -6 address add fdf9:f16f:a002::2/64 dev eth1
- ip -6 route add ::/0 via fdf9:f16f:a002::1
clientblue-4:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.234.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.234.1
- ip -6 address add fde9:1b4c:2ef0::2/64 dev eth1
- ip -6 route add ::/0 via fde9:1b4c:2ef0::1
clientblue-6:
kind: linux
image: alpine:latest
exec:
- apk add iputils-ping
- ip -4 addr add 192.168.236.2/24 dev eth1
- ip link set dev eth1 up
- ip -4 route del default
- ip -4 route add 0.0.0.0/0 via 192.168.236.1
- ip -6 address add fdc9:a001:3440::2/64 dev eth1
- ip -6 route add ::/0 via fdc9:a001:3440::1
links:
- endpoints: ["p1:eth1", "p2:eth1"]
mtu: 1578
- endpoints: ["p1:eth2", "p4:eth2"]
mtu: 1578
- endpoints: ["p2:eth2", "p3:eth2"]
mtu: 1578
- endpoints: ["p2:eth3", "p5:eth3"]
mtu: 1578
- endpoints: ["p3:eth1", "p6:eth1"]
mtu: 1578
- endpoints: ["p6:eth2", "p5:eth2"]
mtu: 1578
- endpoints: ["p5:eth1", "p4:eth1"]
mtu: 1578
- endpoints: ["p1:eth3", "pe1:eth1"]
mtu: 1578
- endpoints: ["p4:eth3", "pe4:eth1"]
mtu: 1578
- endpoints: ["p3:eth3", "pe3:eth1"]
mtu: 1578
- endpoints: ["p6:eth3", "pe6:eth1"]
mtu: 1578
- endpoints: ["p2:eth4", "rr1:eth1"]
mtu: 1578
- endpoints: ["p5:eth4", "rr2:eth1"]
mtu: 1578
- endpoints: ["pe1:eth2", "clientred-1:eth1"]
mtu: 1500
- endpoints: ["pe3:eth2", "clientred-3:eth1"]
mtu: 1500
- endpoints: ["pe4:eth2", "clientred-4:eth1"]
mtu: 1500
- endpoints: ["pe6:eth2", "clientred-6:eth1"]
mtu: 1500
- endpoints: ["pe1:eth3", "clientblue-1:eth1"]
mtu: 1500
- endpoints: ["pe3:eth3", "clientblue-3:eth1"]
mtu: 1500
- endpoints: ["pe4:eth3", "clientblue-4:eth1"]
mtu: 1500
- endpoints: ["pe6:eth3", "clientblue-6:eth1"]
mtu: 1500
----
===== 3. Provider Edge (PE) Configurations =====
==== 3.1 PE1 ====
frr version 10.6.1_git
frr defaults traditional
hostname pe1
!
ip router-id 172.16.0.11
!
vrf RED
exit-vrf
!
vrf BLUE
exit-vrf
!
interface eth1
description "to p1 - eth3"
ipv6 address 2001:db8:1a::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to clientred-1 - eth1"
ip address 192.168.131.1/24
ipv6 address fdd8:8b9e:7c5::1/64
exit
!
interface eth3
description "to clientblue-1 - eth1"
ip address 192.168.231.1/24
ipv6 address fdd9:8b9e:7c5::1/64
exit
!
interface lo
ipv6 address 2001:db8:b::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 65577
neighbor RR bfd
neighbor RR password cisco123
neighbor RR update-source 2001:db8:b::1
neighbor RR capability extended-nexthop
neighbor 2001:db8:101::1 peer-group RR
neighbor 2001:db8:102::1 peer-group RR
!
segment-routing srv6
locator locator0
exit
!
address-family ipv4 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
exit
!
router bgp 101 vrf RED
bgp router-id 172.16.0.11
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.11:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.11:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
exit
!
router bgp 102 vrf BLUE
bgp router-id 172.16.0.11
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.11:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.11:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0011.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
locators
locator locator0
prefix 2001:db8:b::/48
exit
exit
exit
exit
!
bfd
peer 2001:db8:101::1 multihop local-address 2001:db8:b::1
minimum-ttl 250
exit
!
peer 2001:db8:102::1 multihop local-address 2001:db8:b::1
minimum-ttl 250
exit
exit
!
==== 3.2 PE3 ====
frr version 10.6.1_git
frr defaults traditional
hostname pe3
!
ip router-id 172.16.0.13
!
vrf RED
exit-vrf
!
vrf BLUE
exit-vrf
!
interface eth1
description "to p3 - eth3"
ipv6 address 2001:db8:3a::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to clientred-3 - eth1"
ip address 192.168.133.1/24
ipv6 address fdf2:f16f:a002::1/64
exit
!
interface eth3
description "to clientblue-1 - eth1"
ip address 192.168.233.3/24
ipv6 address fdf9:f16f:a002::1/64
exit
!
interface lo
ipv6 address 2001:db8:d::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 65577
neighbor RR bfd
neighbor RR password cisco123
neighbor RR update-source 2001:db8:d::1
neighbor RR capability extended-nexthop
neighbor 2001:db8:101::1 peer-group RR
neighbor 2001:db8:102::1 peer-group RR
!
segment-routing srv6
locator locator0
exit
!
address-family ipv4 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
exit
!
router bgp 101 vrf RED
bgp router-id 172.16.0.13
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.13:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.13:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
exit
!
router bgp 102 vrf BLUE
bgp router-id 172.16.0.13
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.13:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.13:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0013.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
locators
locator locator0
prefix 2001:db8:d::/48
exit
exit
exit
exit
!
bfd
peer 2001:db8:101::1 multihop local-address 2001:db8:d::1
minimum-ttl 250
exit
!
peer 2001:db8:102::1 multihop local-address 2001:db8:d::1
minimum-ttl 250
exit
exit
!
==== 3.3 PE4 ====
frr version 10.6.1_git
frr defaults traditional
hostname pe4
!
ip router-id 172.16.0.14
!
interface eth1
description "to p4 - eth3"
ipv6 address 2001:db8:4a::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
vrf RED
exit-vrf
!
vrf BLUE
exit-vrf
!
interface eth2
description "to clientred-4 - eth1"
ip address 192.168.134.1/24
ipv6 address fde4:1b4c:2ef0::1/64
exit
!
interface eth3
description "to clientblue-4 - eth1"
ip address 192.168.234.1/24
ipv6 address fde9:1b4c:2ef0::1/64
exit
!
interface lo
ipv6 address 2001:db8:e::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 65577
neighbor RR bfd
neighbor RR password cisco123
neighbor RR update-source 2001:db8:e::1
neighbor RR capability extended-nexthop
neighbor 2001:db8:101::1 peer-group RR
neighbor 2001:db8:102::1 peer-group RR
!
segment-routing srv6
locator locator0
exit
!
address-family ipv4 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
exit
!
router bgp 101 vrf RED
bgp router-id 172.16.0.14
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.14:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.14:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
exit
!
router bgp 102 vrf BLUE
bgp router-id 172.16.0.14
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.14:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.14:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0014.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
locators
locator locator0
prefix 2001:db8:e::/48
exit
exit
exit
exit
!
bfd
peer 2001:db8:101::1 multihop local-address 2001:db8:e::1
minimum-ttl 250
exit
!
peer 2001:db8:102::1 multihop local-address 2001:db8:e::1
minimum-ttl 250
exit
exit
!
==== 3.4 PE6 ====
frr version 10.6.1_git
frr defaults traditional
hostname pe6
!
ip router-id 172.16.0.16
!
interface eth1
description "to p6 - eth3"
ipv6 address 2001:db8:6a::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
vrf RED
exit-vrf
!
vrf BLUE
exit-vrf
!
interface eth2
description "to clientred-6 - eth1"
ip address 192.168.136.1/24
ipv6 address fdcb:a001:3440::1/64
exit
!
interface eth3
description "to clientblue-6 - eth1"
ip address 192.168.236.1/24
ipv6 address fdc9:a001:3440::1/64
exit
!
interface lo
ipv6 address 2001:db8:10::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 65577
neighbor RR bfd
neighbor RR password cisco123
neighbor RR update-source 2001:db8:10::1
neighbor RR capability extended-nexthop
neighbor 2001:db8:101::1 peer-group RR
neighbor 2001:db8:102::1 peer-group RR
!
segment-routing srv6
locator locator0
exit
!
address-family ipv4 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 vpn
neighbor RR activate
neighbor RR next-hop-self
neighbor RR soft-reconfiguration inbound
exit-address-family
exit
!
router bgp 101 vrf RED
bgp router-id 172.16.0.16
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.16:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.16:65500
rt vpn both 65000:101
export vpn
import vpn
exit-address-family
exit
!
router bgp 102 vrf BLUE
bgp router-id 172.16.0.16
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
sid vpn per-vrf export auto
!
address-family ipv4 unicast
redistribute connected
rd vpn export 172.16.0.16:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
!
address-family ipv6 unicast
redistribute connected
rd vpn export 172.16.0.16:65501
rt vpn both 65000:102
export vpn
import vpn
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0016.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
locators
locator locator0
prefix 2001:db8:10::/48
exit
exit
exit
exit
!
bfd
peer 2001:db8:101::1 multihop local-address 2001:db8:10::1
exit
!
peer 2001:db8:102::1 multihop local-address 2001:db8:10::1
exit
exit
!
----
===== 4. Route Reflector (RR) Configurations =====
==== 4.1 RR1 ====
frr version 10.6.1_git
frr defaults traditional
hostname rr1
!
interface eth1
description "to p2 - eth4"
ipv6 address 2001:db8:2101::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:101::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
bgp route-reflector allow-outbound-policy
neighbor PE peer-group
neighbor PE remote-as 65577
neighbor PE bfd
neighbor PE password cisco123
neighbor PE update-source 2001:db8:101::1
neighbor PE capability extended-nexthop
neighbor 2001:db8:b::1 peer-group PE
neighbor 2001:db8:b::1 description "PE1"
neighbor 2001:db8:d::1 peer-group PE
neighbor 2001:db8:d::1 description "PE3"
neighbor 2001:db8:e::1 peer-group PE
neighbor 2001:db8:e::1 description "PE4"
neighbor 2001:db8:10::1 peer-group PE
neighbor 2001:db8:10::1 description "PE6"
neighbor 2001:db8:11::1 peer-group PE
neighbor 2001:db8:11::1 description "GW1"
neighbor 2001:db8:12::1 peer-group PE
neighbor 2001:db8:12::1 description "GW2"
!
address-family ipv4 vpn
neighbor PE activate
neighbor PE route-reflector-client
exit-address-family
!
address-family ipv6 vpn
neighbor PE activate
neighbor PE route-reflector-client
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0101.00
segment-routing srv6
locator locator0
exit
exit
!
bfd
peer 2001:db8:b::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
!
peer 2001:db8:d::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
!
peer 2001:db8:e::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
!
peer 2001:db8:10::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
!
peer 2001:db8:11::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
!
peer 2001:db8:12::1 multihop local-address 2001:db8:101::1
minimum-ttl 250
exit
exit
!
==== 4.2 RR2 ====
frr version 10.6.1_git
frr defaults traditional
hostname rr2
!
ip router-id 172.16.0.102
!
interface eth1
description "to p5 - eth4"
ipv6 address 2001:db8:5102::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:102::1/128
ipv6 router isis SR
isis passive
exit
!
router bgp 65577
no bgp default ipv4-unicast
bgp route-reflector allow-outbound-policy
neighbor PE peer-group
neighbor PE remote-as 65577
neighbor PE bfd
neighbor PE password cisco123
neighbor PE update-source 2001:db8:102::1
neighbor PE capability extended-nexthop
neighbor 2001:db8:b::1 peer-group PE
neighbor 2001:db8:b::1 description "PE1"
neighbor 2001:db8:d::1 peer-group PE
neighbor 2001:db8:d::1 description "PE3"
neighbor 2001:db8:e::1 peer-group PE
neighbor 2001:db8:e::1 description "PE4"
neighbor 2001:db8:10::1 peer-group PE
neighbor 2001:db8:10::1 description "PE6"
neighbor 2001:db8:11::1 peer-group PE
neighbor 2001:db8:11::1 description "GW1"
neighbor 2001:db8:12::1 peer-group PE
neighbor 2001:db8:12::1 description "GW2"
!
address-family ipv4 vpn
neighbor PE activate
neighbor PE route-reflector-client
exit-address-family
!
address-family ipv6 vpn
neighbor PE activate
neighbor PE route-reflector-client
exit-address-family
exit
!
router isis SR
net 49.0000.0000.0000.0102.00
segment-routing srv6
locator locator0
exit
exit
!
bfd
peer 2001:db8:b::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
!
peer 2001:db8:d::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
!
peer 2001:db8:e::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
!
peer 2001:db8:10::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
!
peer 2001:db8:11::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
!
peer 2001:db8:12::1 multihop local-address 2001:db8:102::1
minimum-ttl 250
exit
exit
!
----
===== 5. Provider Core (P) Configurations =====
==== 5.1 P1 ====
frr version 10.5.1_git
frr defaults traditional
hostname p1
!
ip router-id 172.16.0.1
!
interface eth1
description "to p2 - eth1"
ipv6 address 2001:db8:12::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p4 - eth2"
ipv6 address 2001:db8:14::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to pe1 - eth3"
ipv6 address 2001:db8:1a::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth4
description "to gw1 - eth1"
ipv6 address 2001:db8:f11::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:1::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0001.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:1::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:1::/48
exit
exit
exit
exit
!
==== 5.2 P2 ====
frr version 10.5.1_git
frr defaults traditional
hostname p2
!
ip router-id 172.16.0.2
!
interface eth1
description "to p1 - eth1"
ipv6 address 2001:db8:12::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p3 - eth2"
ipv6 address 2001:db8:23::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to p5 - eth3"
ipv6 address 2001:db8:25::2/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth4
description "to rr1 - eth1"
ipv6 address 2001:db8:2101::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:2::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0002.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:2::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:2::/48
exit
exit
exit
exit
!
==== 5.3 P3 ====
frr version 10.5.1_git
frr defaults traditional
hostname p3
!
ip router-id 172.16.0.3
!
interface eth1
description "to p6 - eth1"
ipv6 address 2001:db8:36::3/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p2 - eth2"
ipv6 address 2001:db8:23::3/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to pe3 - eth1"
ipv6 address 2001:db8:3a::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:3::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0003.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:3::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:3::/48
exit
exit
exit
exit
!
==== 5.4 P4 ====
frr version 10.5.1_git
frr defaults traditional
hostname p4
!
ip router-id 172.16.0.4
!
interface eth1
description "to p5 - eth1"
ipv6 address 2001:db8:45::4/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p1 - eth2"
ipv6 address 2001:db8:12::4/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to pe4 - eth1"
ipv6 address 2001:db8:4a::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:4::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0004.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:4::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:4::/48
exit
exit
exit
exit
!
==== 5.5 P5 ====
frr version 10.5.1_git
frr defaults traditional
hostname p5
!
ip router-id 172.16.0.5
!
interface eth1
description "to p4 - eth1"
ipv6 address 2001:db8:45::5/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p6 - eth2"
ipv6 address 2001:db8:56::5/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to p2 - eth3"
ipv6 address 2001:db8:25::5/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth4
description "to rr2 - eth1"
ipv6 address 2001:db8:5102::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:5::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0005.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:5::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:5::/48
exit
exit
exit
exit
!
==== 5.6 P6 ====
frr version 10.5.1_git
frr defaults traditional
hostname p6
!
ip router-id 172.16.0.6
!
interface eth1
description "to p3 - eth1"
ipv6 address 2001:db8:36::6/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth2
description "to p5 - eth2"
ipv6 address 2001:db8:56::6/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth3
description "to pe6 - eth1"
ipv6 address 2001:db8:6a::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface eth4
description "to gw2 - eth1"
ipv6 address 2001:db8:f62::1/64
ipv6 router isis SR
isis network point-to-point
exit
!
interface lo
ipv6 address 2001:db8:6::1/128
ipv6 router isis SR
isis passive
exit
!
router isis SR
net 49.0000.0000.0000.0006.00
segment-routing srv6
locator locator0
exit
exit
!
segment-routing
srv6
static-sids
sid 2001:db8:6::1/128 locator locator0 behavior uN
exit
exit
srv6
locators
locator locator0
prefix 2001:db8:6::/48
exit
exit
exit
exit
!
"""