{"id":813,"date":"2026-01-18T19:08:54","date_gmt":"2026-01-18T19:08:54","guid":{"rendered":"http:\/\/blog.miguelsarmiento.com\/?p=813"},"modified":"2026-01-18T19:09:51","modified_gmt":"2026-01-18T19:09:51","slug":"srv6-l3vpn-route-reflector-oh-my","status":"publish","type":"post","link":"https:\/\/blog.miguelsarmiento.com\/?p=813","title":{"rendered":"SRV6, L3VPN, Route Reflector, Oh My!"},"content":{"rendered":"

Hello, there.<\/p>\n

This blog is a follow up to my previous blog.<\/p>\n

I decided to make it a bit more realistic. So I added another IOS router for redundancy and also use a route reflector for BGP.<\/p>\n

Let’s go.<\/p>\n

Motivation<\/h2>\n

In a previous blog I had a very simple SRV6 setup. Functional but not quite what you would setup in a real situation. Thus I decided to add another IOS router and use a route reflector, this makes the setup a bit more practical.<\/p>\n

Setup<\/h2>\n

Figure 1. shows the new setup.<\/p>\n

\"\"<\/a>
Fig. 1. SRV6 with route reflector<\/figcaption><\/figure>\n
    \n
  • NXOS is now the route reflector. In this fashion, your clients configure eBGP against it. You then configure peering accordingly.<\/li>\n
  • Added two IOS routers (7200). This to show that the data plane only needs IPv6 and nothing more.<\/li>\n
  • \u00a0We peer to CE1 and CE2 via eBGP. In this fashion you can announce certain routes or a default route if needed.<\/li>\n<\/ul>\n

    Configurations<\/h2>\n

    P routers<\/h3>\n

    The PP and P2 routers just have IPv6 enabled and IS-IS enabled.<\/p>\n

    PP<\/h4>\n
    interface Ethernet1\/0\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::100\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\ninterface Ethernet1\/2\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::222\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\ninterface Ethernet1\/4\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::444\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\nrouter isis 1\r\n net 49.0001.0000.0000.0004.00\r\n is-type level-2-only\r\n metric-style transition\r\n!<\/pre>\n
    P2<\/h4>\n
    interface Ethernet1\/0\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::110\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\ninterface Ethernet1\/3\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::333\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\ninterface Ethernet1\/6\r\n no ip address\r\n duplex full\r\n ipv6 address FC00::666\/128\r\n ipv6 router isis 1\r\n isis ipv6 tag 1\r\n!\r\nrouter isis 1\r\n net 49.0001.0000.0000.0005.00\r\n is-type level-2-only\r\n metric-style transition\r\n!<\/pre>\n
    NXOS<\/h4>\n
    NXOS in addition to IPv6 and IS-IS, is configured as a route reflector. I will not show IPv6 or IS-IS configuration but the BGP setup. We added a Lookback interface for peering.<\/p>\n
    router bgp 64512\r\n router-id 10.0.0.2\r\n address-family ipv4 unicast\r\n address-family vpnv4 unicast\r\n neighbor fc00::1\r\n remote-as 64512\r\n update-source loopback0\r\n address-family ipv4 unicast\r\n route-reflector-client\r\n address-family vpnv4 unicast\r\n send-community\r\n send-community extended\r\n route-reflector-client\r\n neighbor fc00::3\r\n remote-as 64512\r\n update-source loopback0\r\n address-family ipv4 unicast\r\n route-reflector-client\r\n address-family vpnv4 unicast\r\n send-community\r\n send-community extended\r\n route-reflector-client<\/pre>\n
    We peer to the loopback interfaces of the CE routers, using the newly created loopback interface for updates. We also set the CE routers as route reflector clients.<\/p>\n
    PE1\u00a0 and PE2<\/h4>\n
    Here the configuration has not changed with the exception that\u00a0 we peer to\u00a0 the loopback interface of NXOs instead. In addition we now peer to the CE routers.<\/p>\n
    Below is the configuration for PE1, PE2 is the same change the corresponding IP address for peering.<\/p>\n
    router bgp 64512\r\n router-id 10.0.0.1\r\n segment-routing srv6\r\n locator mylocator\r\n alloc mode per-vrf\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n address-family vpnv4 unicast\r\n neighbor fc00::2\r\n remote-as 64512\r\n update-source loopback0\r\n address-family ipv4 unicast\r\n address-family vpnv4 unicast\r\n send-community\r\n send-community extended\r\n vrf one\r\n address-family ipv4 unicast\r\n redistribute direct route-map EVERYTHING\r\n segment-routing srv6\r\n alloc mode per-vrf\r\n address-family ipv6 unicast\r\n redistribute direct route-map EVERYTHING\r\n neighbor 192.168.1.2\r\n remote-as 100\r\n address-family ipv4 unicast<\/pre>\n
    This is an eBGP peering, we use AS 100, also we use peering under the VRF ONE towards CE1.<\/p>\n
    CE1 and CE2<\/h4>\n
    Here we now need to add eBGP peering to the PE routers. I will show the CE1 configuration, CE2 is the same with the appropriate IP addresses.<\/p>\n
    router bgp 100\r\n bgp log-neighbor-changes\r\n neighbor 192.168.1.1 remote-as 64512\r\n !\r\n address-family ipv4\r\n network 192.168.1.0\r\n neighbor 192.168.1.1 activate\r\n neighbor 192.168.1.1 soft-reconfiguration inbound\r\n exit-address-family\r\n!<\/pre>\n
    We also delete the default route we put in since we are now getting prefixes directly.<\/p>\n
    Verification<\/h3>\n
    We should now see peering between the route reflector and the PE routers.<\/p>\n
    nxos-9k# sh bgp vpnv4 unicast summary \r\nBGP summary information for VRF default, address family VPNv4 Unicast\r\nBGP router identifier 10.0.0.2, local AS number 64512\r\nBGP table version is 7, VPNv4 Unicast config peers 2, capable peers 2\r\n2 network entries and 2 paths using 488 bytes of memory\r\nBGP attribute entries [2\/344], BGP AS path entries [0\/0]\r\nBGP community entries [0\/0], BGP clusterlist entries [0\/0]\r\n\r\nNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up\/Down State\/PfxRcd\r\nfc00::1 4 64512 1357 1360 7 0 0 22:26:53 1 \r\nfc00::3 4 64512 1355 1359 7 0 0 22:25:28 1<\/pre>\n
    You can see that we are receiving prefixes for the VPNV4 unicast address family.<\/p>\n
    nxos-9k# sh ip bgp all \r\nBGP routing table information for VRF default, address family VPNv4 Unicast\r\nBGP table version is 7, Local Router ID is 10.0.0.2\r\nStatus: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best\r\nPath type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected\r\nOrigin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2\r\n\r\n Network Next Hop Metric LocPrf Weight Path\r\nRoute Distinguisher: 1:1\r\n*>i192.168.1.0\/24 fc00::1 0 100 0 ?\r\n*>i192.168.2.0\/24 fc00::3 0 100 0 ?<\/pre>\n
    We are receiving both prefixes from the CE routers. The next hop is the loopback interfaces for each router (IPv6 if you notice!).<\/p>\n
    If we go to PE1, we will see:<\/p>\n
    pe1# sh bgp all summary\u00a0\r\nBGP summary information for VRF default, address family VPNv4 Unicast\r\nBGP router identifier 10.0.0.1, local AS number 64512\r\n\r\nBGP table version is 12, VPNv4 Unicast config peers 1, capable peers 1\r\n2 network entries and 3 paths using 608 bytes of memory\r\nBGP attribute entries [1\/172], BGP AS path entries [0\/0]\r\nBGP community entries [0\/0], BGP clusterlist entries [1\/4]\r\n\r\nNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up\/Down State\/PfxRcd\r\nfc00::2 4 64512 1364 1361 12 0 0 22:32:38 1<\/pre>\n
    We are peering with the route reflector.<\/p>\n
    pe1# sh ip bgp all\r\nBGP routing table information for VRF default, address family IPv6 Unicast\r\nBGP table version is 4, Local Router ID is 10.0.0.1\r\nStatus: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best\r\nPath type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected\r\nOrigin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2\r\n\r\n Network Next Hop Metric LocPrf Weight Path\r\n*>lfc00:0:0:1::\/64 0:: 100 32769 i\r\n\r\nBGP routing table information for VRF default, address family VPNv4 Unicast\r\nBGP table version is 12, Local Router ID is 10.0.0.1\r\nStatus: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best\r\nPath type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected\r\nOrigin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2\r\n\r\n Network Next Hop Metric LocPrf Weight Path\r\nRoute Distinguisher: 1:1 (VRF one)\r\n*>r192.168.1.0\/24 0.0.0.0 0 100 32768 ?\r\n* e 192.168.1.2 0 0 100 i\r\n*>i192.168.2.0\/24 fc00:0:0:3:: 0 100 0 ?<\/pre>\n
    We see information regarding the locator, in addition we see information of the prefixes CE1 and CE2 advertise, You will see the same information on CE2.<\/p>\n
    CE1\u00a0 and CE2<\/h4>\n
    ce1#sh ip bgp\r\nBGP table version is 3, local router ID is 192.168.1.2\r\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal, \r\n r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \r\n x best-external, a additional-path, c RIB-compressed, \r\nOrigin codes: i - IGP, e - EGP, ? - incomplete\r\nRPKI validation codes: V valid, I invalid, N Not found\r\n\r\n Network Next Hop Metric LocPrf Weight Path\r\n * 192.168.1.0 192.168.1.1 0 0 64512 ?\r\n *> 0.0.0.0 0 32768 i\r\n *> 192.168.2.0 192.168.1.1 0 64512 ?<\/pre>\n
    And here we see the prefix from CE2 in the BGP table. And of course you will be able to ping across. Same thing for CE2.<\/p>\n
    Conclusions<\/h2>\n
    Above lab is a more realistic setup. You can add as more routers in between your PE routers as long as they support IPv6. This will give you redundancy for your cloud.<\/p>\n
    You can also add a second router reflector also for redundancy.<\/p>\n
    There you have it.<\/p>\n
    Hope you enjoy this lab.<\/p>\n
    Ciao.<\/p>\n
     <\/p>\n","protected":false},"excerpt":{"rendered":"
    Hello, there. This blog is a follow up to my previous blog. I decided to make it a bit more realistic. So I added another IOS router for redundancy and also use a route reflector for BGP. Let’s go.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-813","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=813"}],"version-history":[{"count":16,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/813\/revisions"}],"predecessor-version":[{"id":829,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/813\/revisions\/829"}],"wp:attachment":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}