![\"\"](\"https:\/\/blog.miguelsarmiento.com\/wp-content\/uploads\/2026\/01\/srv6-lab.png\")
<\/a>A few remarks.<\/p>\n
- \n
- CE1 and CE2 are the customer equipment devices. We just use IPv4 and a default route to connect to the core. Of course we could have also configured eBGP for this. I wanted to keep it simple.<\/li>\n
- The core consists of Nexus 9000v switches running version 9.3(5)<\/li>\n
- Enable srv6 and IS-IS.<\/li>\n
- On the 9000v you need to actually assign an IPv6 address for IPv6 to function.<\/li>\n
- NXOS is a transit router. We are also using ULA IPv6 addresses for the data plane. Of course you could use global addresses but remember global addresses are routable on the Internet. Thus in a production environment you need to have your firewall prevent access (you use an IPv6 firewall in your network don’t you!).<\/li>\n
- We implement IS-IS as the underlay.<\/li>\n
- We configure a VRF at the PE edges to communicate with the CE devices.<\/li>\n
- Notice, the clients are not running IPv6 just IPv4. Our data plane is IPv6 only but we are routing IPv4 on top of it.<\/li>\n<\/ul>\n
Configurations<\/h2>\n
CE1 and CE2<\/h3>\n
ce1#sh ip int bri\r\nInterface IP-Address OK? Method Status Protocol\r\nFastEthernet0\/0 unassigned YES unset administratively down down \r\nEthernet1\/0 unassigned YES unset up up \r\nEthernet1\/1 192.168.1.2 YES manual up up \r\nEthernet1\/2 unassigned YES unset up up \r\nEthernet1\/3 unassigned YES manual up up \r\n\r\nip route 0.0.0.0 0.0.0.0 192.168.1.1\r\n\r\nce2#sh ip int bri\r\nInterface IP-Address OK? Method Status Protocol\r\nFastEthernet0\/0 unassigned YES unset administratively down down \r\nEthernet1\/0 unassigned YES unset up up \r\nEthernet1\/1 192.168.2.2 YES manual up up \r\nEthernet1\/2 unassigned YES unset up up \r\nEthernet1\/3 unassigned YES unset up \r\n\r\nip route 0.0.0.0 0.0.0.0 192.168.2.1<\/pre>\n
NXOS<\/h3>\n
First the IS-IS router instance.<\/p>\n
router isis 1\r\n net 49.0001.0000.0000.0002.00\r\n is-type level-2\r\n metric-style transition\r\n address-family ipv6 unicast\r\n segment-routing srv6\r\n locator mylocator\r\n\r\ninterface Ethernet1\/2\r\n ipv6 router isis 1\r\n\r\ninterface Ethernet1\/3\r\n ipv6 router isis 1<\/pre>\n
Notice that I have defined the locator for SRV6 but I do not have such locator configured on this device. It is not needed.<\/p>\n
The interfaces.<\/p>\n
nxos-9k# sh ipv6 int bri\r\nIPv6 Interface Status for VRF \"default\"(1)\r\nInterface IPv6 Address\/Link-local Address Interface Status \r\n prot\/link\/admin\r\nEth1\/2 fc00::22 up\/up\/up\r\n fe80::200:ff:fe00:2002 \r\nEth1\/3 fc00::33 up\/up\/up\r\n fe80::200:ff:fe00:3003<\/pre>\n
interface Ethernet1\/2\r\n no switchport\r\n mac-address 0000.0000.2002\r\n ipv6 address fc00::22\/128\r\n ipv6 router isis 1\r\n no shutdown\r\n\r\ninterface Ethernet1\/3\r\n no switchport\r\n mac-address 0000.0000.3003\r\n ipv6 address fc00::33\/128\r\n ipv6 router isis 1\r\n no shutdown<\/pre>\n
One more thing, notice that I am giving each interface a custom MAC address. In my lab (EVE-NG) the interfaces are created with the same mac addresses, this cause issues thus the new assignment of mac addresses.<\/p>\n
PE1 and PE2<\/h3>\n
Below are relevant parts for each device configuration.<\/p>\n
PE1<\/h4>\n
segment-routing\r\n srv6\r\n locators\r\n locator mylocator\r\n prefix fc00:0:0:1::\/64\r\n encapsulation\r\n source-address fc00::1\r\n\r\nroute-map EVERYTHING permit 10\r\nvrf context management\r\nvrf context one\r\n rd 1:1\r\n address-family ipv4 unicast\r\n route-target import 1:1\r\n route-target export 1:1\r\n-----\r\ninterface Ethernet1\/1\r\n no switchport\r\n mac-address 0000.0000.aaaa\r\n vrf member one\r\n ip address 192.168.1.1\/24\r\n no shutdown\r\n\r\ninterface Ethernet1\/2\r\n no switchport\r\n mac-address 0000.0000.1001\r\n ipv6 address fc00::11\/128\r\n ipv6 router isis 1\r\n no shutdown\r\n-----\r\nrouter isis 1\r\n net 49.0001.0000.0000.0001.00\r\n metric-style transition\r\n address-family ipv6 unicast\r\n segment-routing srv6\r\n locator mylocator\r\nrouter bgp 64512\r\n router-id 10.0.0.1\r\n segment-routing srv6\r\n locator mylocator\r\n alloc mode per-vrf\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n address-family vpnv4 unicast\r\n neighbor fc00::3\r\n remote-as 64512\r\n update-source loopback0\r\n address-family ipv4 unicast\r\n address-family vpnv4 unicast\r\n send-community\r\n send-community extended\r\n vrf one\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n segment-routing srv6\r\n alloc mode per-vrf\r\n address-family ipv6 unicast\r\n redistribute direct route-map EVERYTHING\r\n<\/pre>\n
PE2<\/h4>\n
segment-routing\r\n srv6\r\n locators\r\n locator mylocator\r\n prefix fc00:0:0:3::\/64\r\n encapsulation\r\n source-address fc00::3\r\n\r\nroute-map EVERYTHING permit 10\r\nvrf context management\r\nvrf context one\r\n rd 1:1\r\n address-family ipv4 unicast\r\n route-target import 1:1\r\n route-target export 1:1\r\n\r\ninterface Ethernet1\/1\r\n no switchport\r\n mac-address 0000.0000.bbbb\r\n vrf member one\r\n ip address 192.168.2.1\/24\r\n no shutdown\r\n\r\ninterface Ethernet1\/3\r\n no switchport\r\n mac-address 0000.0000.1002\r\n ipv6 address fc00::13\/128\r\n ipv6 router isis 1\r\n no shutdown\r\n\r\ninterface loopback0\r\n ipv6 address fc00::3\/128\r\n ipv6 router isis 1\r\n\r\nrouter isis 1\r\n net 49.0001.0000.0000.0003.00\r\n metric-style transition\r\n address-family ipv6 unicast\r\n segment-routing srv6\r\n locator mylocator\r\nrouter bgp 64512\r\n router-id 10.0.0.3\r\n segment-routing srv6\r\n locator mylocator\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n address-family vpnv4 unicast\r\n neighbor fc00::1\r\n remote-as 64512\r\n update-source loopback0\r\n address-family ipv4 unicast\r\n address-family vpnv4 unicast\r\n send-community\r\n send-community extended\r\n vrf one\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n segment-routing srv6\r\n alloc mode per-vrf\r\n address-family ipv6 unicast\r\n redistribute direct route-map EVERYTHING<\/pre>\n
Of course the values I did use for AS, ULA and IS-IS routing will need to change for your particular case.<\/p>\n
Notice the definition of the locator (on a 9000v you can only have one locator).<\/p>\n
We use encapsulation, the loopback interface. We also define the VRF we will use to the CE devices.<\/p>\n
Finally we use a route map to redistribute connected routes. the 9000v does not have a “redistribute connected” command anymore why I do not know.<\/p>\n
Verification and Testing<\/h2>\n
If everything goes well you should be able to complete some verification steps and tests.<\/p>\n
First you should be able to ping between PE1 and the spine.<\/p>\n
pe1# ping6 fc00::22 source-interface ethernet 1\/2 \r\nPING6 fc00::22 (fc00::22): 56 data bytes\r\n64 bytes from fc00::22: icmp_seq=0 time=7.433 ms\r\n64 bytes from fc00::22: icmp_seq=1 time=4.94 ms\r\n64 bytes from fc00::22: icmp_seq=2 time=5.453 ms\r\n64 bytes from fc00::22: icmp_seq=3 time=7.608 ms\r\n64 bytes from fc00::22: icmp_seq=4 time=4.382 ms<\/pre>\n
Pings to the spine from the PEs should work. If not you need to fix IPv6.<\/p>\n
Then check that IS-IS has formed adjacencies, if not fix the issue, SRV6 will not work.<\/p>\n
\u00a0pe1# sh isis 1 topology \r\nIS-IS process: 1\r\nVRF: default\r\nTopology ID: 0\r\n\r\nIS-IS Level-1 IS routing table\r\n\r\nIS-IS Level-2 IS routing table\r\nnxos-9k.00, Instance 0x00000014\r\n *via nxos-9k, Ethernet1\/2, metric 40\r\nnxos-9k.02, Instance 0x00000014\r\n *via nxos-9k, Ethernet1\/2, metric 80\r\npe2.00, Instance 0x00000014\r\n *via nxos-9k, Ethernet1\/2, metric 80<\/pre>\n
You should see something similar on the other 9000v switches.<\/p>\n
pe1# sh ipv6 route isis-1\u00a0\r\nIPv6 Routing Table for VRF \"default\"\r\n'*' denotes best ucast next-hop\r\n'**' denotes best mcast next-hop\r\n'[x\/y]' denotes [preference\/metric]\r\n\r\nfc00::3\/128, ubest\/mbest: 1\/0\r\n *via fe80::200:ff:fe00:2002, Eth1\/2, [115\/81], 19:42:53, isis-1, L2\r\nfc00::13\/128, ubest\/mbest: 1\/0\r\n *via fe80::200:ff:fe00:2002, Eth1\/2, [115\/120], 19:42:53, isis-1, L2\r\nfc00::22\/128, ubest\/mbest: 1\/0\r\n *via fe80::200:ff:fe00:2002, Eth1\/2, [115\/80], 19:42:54, isis-1, L2\r\nfc00::33\/128, ubest\/mbest: 1\/0\r\n *via fe80::200:ff:fe00:2002, Eth1\/2, [115\/80], 19:42:54, isis-1, L2\r\nfc00:0:0:3::\/64, ubest\/mbest: 1\/0\r\n *via fe80::200:ff:fe00:2002, Eth1\/2, [115\/80], 16:05:06, isis-1, L2<\/pre>\n
On PE2 you should see something similar. Finally show the locator information.<\/p>\n
pe1# show srv6 locator detail \r\nName ID Prefix Status \r\n-------------------- ------- ------------------------ ------------\r\nmylocator 1 fc00:0:0:1::\/64 Up \r\nNumber of SID: 4\r\nCreate time: 01-14 00:07:48.960784\r\nModify time: 01-14 03:17:45.982995, reason: Locator up<\/pre>\n
It should be up. I forgot the encapsulation command and could not understand why things were not working!<\/p>\n
Now BGP should be working.<\/p>\n
pe1# sh bgp all summary \r\nBGP summary information for VRF default, address family IPv4 Unicast\r\nBGP router identifier 10.0.0.1, local AS number 64512\r\nBGP table version is 3, IPv4 Unicast config peers 1, capable peers 1\r\n0 network entries and 0 paths using 0 bytes of memory\r\nBGP attribute entries [0\/0], BGP AS path entries [0\/0]\r\nBGP community entries [0\/0], BGP clusterlist entries [0\/0]\r\n\r\nNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up\/Down State\/PfxRcd\r\nfc00::3 4 64512 1189 1186 3 0 0 19:31:06 0 \r\n\r\nBGP summary information for VRF default, address family IPv6 Unicast\r\n\r\nBGP summary information for VRF default, address family VPNv4 Unicast\r\nBGP router identifier 10.0.0.1, local AS number 64512\r\nBGP table version is 9, VPNv4 Unicast config peers 1, capable peers 1\r\n2 network entries and 2 paths using 488 bytes of memory\r\nBGP attribute entries [1\/172], BGP AS path entries [0\/0]\r\nBGP community entries [0\/0], BGP clusterlist entries [0\/0]\r\n\r\nNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up\/Down State\/PfxRcd\r\nfc00::3 4 64512 1189 1186 9 0 0 19:31:06 1 \r\n\r\nBGP summary information for VRF default, address family VPNv6 Unicast<\/pre>\n
You see two entries because you have vpnv4 and ipv4 unicast entries.<\/p>\n
Now for the pay-off:<\/p>\n
pe1# sh ip route vrf one\r\nIP Route Table for VRF \"one\"\r\n'*' denotes best ucast next-hop\r\n'**' denotes best mcast next-hop\r\n'[x\/y]' denotes [preference\/metric]\r\n'%<string>' in via output denotes VRF <string>\r\n\r\n192.168.1.0\/24, ubest\/mbest: 1\/0, attached\r\n *via 192.168.1.1, Eth1\/1, [0\/0], 20:05:28, direct\r\n192.168.1.1\/32, ubest\/mbest: 1\/0, attached\r\n *via 192.168.1.1, Eth1\/1, [0\/0], 20:05:28, local\r\n192.168.2.0\/24, ubest\/mbest: 1\/0<\/strong>\r\n *via fe80::200:ff:fe00:2002%default, Eth1\/2, [200\/0], 16:14:39, bgp-64512, internal, tag 64512<\/strong><\/pre>\n
As you can see we see the network from CE2 received via Eth1\/2. You will see the same on PE2 and the CE1 IPv4 network will be visible.<\/p>\n
Finally from either CE we should be able to ping the other side.<\/p>\n
ce2#ping 192.168.1.2\r\nType escape sequence to abort.\r\nSending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:\r\n!!!!!\r\n\r\nce1#ping 192.168.2.2\r\nType escape sequence to abort.\r\nSending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:\r\n!!!!!<\/pre>\n
Bingo! We are done.<\/p>\n
Final Remarks<\/h2>\n
Of course this is a very simple setup. While you could load the complete configurations at once, I would recommend the steady approach.<\/p>\n
Configure IPv6, then IS-IS, go onto the locator and VRFs and finally BGP. To me at least it gave me a workflow on how to configure it from scratch.<\/p>\n
- \n
- In a data center or production environment you will need more spines routers (redundancy).<\/li>\n
- You will also have several PEs and CEs. You will then use eBGP to exchange routes between them.<\/li>\n
- You can use OSPF or BGP for the underlay. I did use IS-IS because it is very simple to implement.<\/li>\n
- In a data center environment a Route Reflector or reflectors should also be used. Cisco recommends this since it will allow scalability as your PEs will peer with the reflector(s).<\/li>\n<\/ul>\n
You can use GUAs addresses as stated. However, ULAs gives you flexibility, do not need to waste addresses (although with the vast amount of IPv6 addresses that is not a problem).<\/p>\n
Using SRV6 eliminates the use of MPLS labels, LDP or RSVP-TE. This simplifies your control plane and because the scalability of the IPv6 address space it gives you native support for advanced capabilities like network slicing, traffic engineering, end-to-end encryption and more.<\/p>\n
There you have it.<\/p>\n
Hope you enjoy this lab.<\/p>\n
Ciao.<\/p>\n","protected":false},"excerpt":{"rendered":"
Hello there. For something completely different now. I have read about SRV6 and the benefits it brings. Never used it in production though. Thus I decided give it a try, created a lab and configured it to use SRV6. So let’s go.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-775","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=775"}],"version-history":[{"count":36,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/775\/revisions"}],"predecessor-version":[{"id":811,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/775\/revisions\/811"}],"wp:attachment":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}