--- lang: ja breaks: false --- <style> .ui-infobar, #doc.markdown-body { max-width: 1300px; } </style> # SRv6合宿 in 青森 2022 - slankdev: SRv6 Flex-Algoの移植 & IOS-XRとのInterop - qoo&yuyarin&satoru: SRv6MUPデモのための、5Gシミュレータ(Loadcore)とSRv6MUPネットワーク構築 # slankdev ## Summary - 下準備: - [ ] IS-IS databaseを　yang出力するようにする - 本番 - [ ] srv6 branchを更新する. - [ ] 動くようにする - [ ] locator reachability tlvを追加する - [ ] interopする ## IS-IS Database for Northbound API https://twitter.com/slankdev/status/1479010348179296256 rip ``` $ fdk-global-enter /tmp/topotests/rip_topo1.test_rip_topo1/r1.pid vtysh -c 'show yang module ripd' Flags: I - Implemented, D - Deviated Module Version Revision Flags Namespace ------------------------------------------------------------------------------------------------ ietf-yang-metadata 1.0 2016-08-05 urn:ietf:params:xml:ns:yang:ietf-yang-metadata yang 1.0 2021-04-07 I urn:ietf:params:xml:ns:yang:1 ietf-inet-types 1.0 2013-07-15 urn:ietf:params:xml:ns:yang:ietf-inet-types ietf-yang-types 1.0 2013-07-15 urn:ietf:params:xml:ns:yang:ietf-yang-types frr-filter 1.1 2019-07-04 I http://frrouting.org/yang/filter frr-interface 1.1 2020-02-05 I http://frrouting.org/yang/interface frr-vrf 1.1 2019-12-06 I http://frrouting.org/yang/vrf ietf-interfaces 1.1 2018-02-20 urn:ietf:params:xml:ns:yang:ietf-interfaces frr-ripd 1.1 2019-09-09 I http://frrouting.org/yang/ripd frr-route-map 1.1 2019-07-01 I http://frrouting.org/yang/route-map frr-route-types 1.1 2018-03-28 http://frrouting.org/yang/route-types $ fdk-global-enter /tmp/topotests/rip_topo1.test_rip_topo1/r1.pid vtysh -c 'show yang operational-data /frr-ripd:ripd ripd' { "frr-ripd:ripd": { "instance": [ { "vrf": "default", #<---key "state": { "neighbors": { "neighbor": [ { "address": "193.1.1.2", "bad-packets-rcvd": 0, "bad-routes-rcvd": 0 } ] }, "routes": { ...(snip)... } } ...(snip).. ``` is-is だいたい600行程度の追加だった ``` $ fdk-enter rt1.pid vtysh -c 'sho yang module isisd' Flags: I - Implemented, D - Deviated Module Version Revision Flags Namespace ------------------------------------------------------------------------------------------------ ietf-yang-metadata 1.0 2016-08-05 urn:ietf:params:xml:ns:yang:ietf-yang-metadata yang 1.0 2021-04-07 I urn:ietf:params:xml:ns:yang:1 ietf-inet-types 1.0 2013-07-15 urn:ietf:params:xml:ns:yang:ietf-inet-types ietf-yang-types 1.0 2013-07-15 urn:ietf:params:xml:ns:yang:ietf-yang-types frr-filter 1.1 2019-07-04 I http://frrouting.org/yang/filter frr-interface 1.1 2020-02-05 I http://frrouting.org/yang/interface frr-vrf 1.1 2019-12-06 I http://frrouting.org/yang/vrf ietf-interfaces 1.1 2018-02-20 urn:ietf:params:xml:ns:yang:ietf-interfaces frr-isisd 1.1 2021-02-15 I http://frrouting.org/yang/isisd frr-route-map 1.1 2019-07-01 I http://frrouting.org/yang/route-map frr-route-types 1.1 2018-03-28 http://frrouting.org/yang/route-types $ fdk-enter rt1.pid vtysh -c 'sho yang module frr-isisd compiled isisd' | less ...(snip)... container isis { config true; status current; ...(snip)... ### AS-IS ### $ fdk-enter rt1.pid vtysh -c 'show yang oper /frr-isisd:isis isisd' % Failed to fetch operational data. ### TO-BE ### $ fdk-enter rt1.pid vtysh -c 'sh yang operational-data /frr-isisd:isis isisd' | jq '."frr-isisd:isis".instance[0].state.database' [ { "lsp-id": "0000.0000.0001.00-00", "hostname": "rt1", "router-capability": { "subtlvs": { "segment-routing-algorithm": { "algorithm": [ 0, 1, 201, 202, 203, 204, 205, 206, 207 ] }, "flex-algo-definitions": { "flex-algo-definition": [ { "algorithm": 201, "priority": 128, "exclude-any": [ 1 ], "include-any": [ 0 ], "include-all": [ 0 ] }, { "algorithm": 202, "priority": 128, "exclude-any": [ 2 ], "include-any": [ 0 ], "include-all": [ 0 ] }, ...(snip)... { "algorithm": 207, "priority": 128, "exclude-any": [ 0 ], "include-any": [ 0 ], "include-all": [ 24 ] } ] } } } }, ...(snip)... { "lsp-id": "0000.0000.0003.00-00", "hostname": "rt3", "router-capability": { "subtlvs": { "segment-routing-algorithm": { "algorithm": [ 0, 1, 201, 202, 203, 204, 205, 206, 207 ] } } } } ] ``` ## Port SRv6 IS-IS Extension (partially) from Old Implementation to Latest 1k LoC弱で実装できた. 微妙な部分もあるけど, サクッと移植したにしてはかなりキレイ ろけーちゃーりっちゃびりちーもすぐに実装できた. `lib/flex_algo`が素敵. https://twitter.com/slankdev/status/1479076773170409478 https://github.com/slankdev/frr/compare/69ad22eae...slankdev:srv6camp-aomori  ``` # fdk-enter rt1.pid ip -6 route 2001:db8:201:f2::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:201:f3::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:202:f2::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:202:f3::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:203:f2::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:203:f3::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:204:f2::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:204:f3::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:205:f2::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:205:f3::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:206:f2::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:206:f3::/64 nhid 8 via fe80::5054:ff:fe01:202 dev eth-rt2 proto isis metric 20 pref medium 2001:db8:207:f2::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium 2001:db8:207:f3::/64 nhid 14 via fe80::5054:ff:fe03:103 dev eth-rt3 proto isis metric 20 pref medium fe80::/64 dev eth-rt2 proto kernel metric 256 pref medium fe80::/64 dev eth-rt3 proto kernel metric 256 pref medium fe80::/64 dev lo proto kernel metric 256 pref medium # fdk-enter rt1.pid vtysh -c 'sh yang oper /frr-isisd:isis isisd' | jq '."frr-isisd:isis".instance[0].state.database[2]."srv6-locators"' { "srv6-locator": [ { "prefix": "2001:db8:201:f3::/64", "algorithm": 201 }, { "prefix": "2001:db8:202:f3::/64", "algorithm": 202 }, { "prefix": "2001:db8:203:f3::/64", "algorithm": 203 }, { "prefix": "2001:db8:204:f3::/64", "algorithm": 204 }, { "prefix": "2001:db8:205:f3::/64", "algorithm": 205 }, { "prefix": "2001:db8:206:f3::/64", "algorithm": 206 }, { "prefix": "2001:db8:207:f3::/64", "algorithm": 207 } ] } ``` # qoo ## Summary - 下準備: 検証用のネットワークの作成 - [x] LoadCoreのデプロイ - [x] LoadCoreの初期設定 - [x] ArcOSのデプロイ - [x] ArcOSの初期設定 - [x] SRv6 IGPの設定 - [x] 5GC収容L3VPNの設定 - [x] SRv6 MUPの設定 - 本番 ## ArcOSの設定 ### 初期設定 ``` /* 初期パスワードでログイン */ ArcOS (c) Arrcus, Inc. localhost login: root Password: YouReallyNeedToChangeThis 2022-01-06 01:41:08 ArcOS ztp INFO: Sending DHCP requests on interfaces [ma1] Linux localhost 4.19.84-arrcus #1634066277 SMP Mon Oct 18 15:28:38 UTC 2021 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. /* CLIを起動 */ root@localhost:~# cli Welcome to the ArcOS CLI root connected from 127.0.0.1 using console on localhost root@localhost# 2022-01-06 01:41:26 ArcOS ztp INFO: Sending DHCP requests on interfaces [ma1] 2022-01-06 01:41:31 ArcOS ztp INFO: No DHCP responses received with config-url or script-url options. Retrying... /* ZTPを止める */ root@localhost# request system ztp stop System message at 2022-01-06 01:41:59... Commit performed by system via tcp using system. 2022-01-06 01:41:59 ArcOS ztp INFO: Zero Touch Provisioning (ZTP) stopped. /* Adminユーザのパスワード変更 */ root@localhost(config)# system aaa authentication admin-user admin-password yanaginoyu /* SSHサーバ起動、Rootログイン有効化 */ root@localhost(config)# system ssh-server enable true root@localhost(config)# system ssh-server permit-root-login true /* Hostname変更 */ root@localhost(config)# system hostname srv6p1 /* management interfaceのIPアドレス割り当て */ root@srv6p1(config)# interface ma1 subinterface 0 ipv4 address 192.168.255.61 prefix-length 24 /* management VRFの経路設定 */ root@srv6p1(config)# network-instance management protocol STATIC management root@srv6p1(config-protocol-STATIC/management)# static-route 0.0.0.0/0 next-hop-index 99 root@srv6p1(config-next-hop-index-99)# next-hop 192.168.255.1 root@srv6p1(config-next-hop-index-99)# commit /* 接続性確認 */ root@srv6p1# ping vrf management 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=1.44 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=1.47 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 1.443/1.460/1.477/0.017 ms ``` ### IS-IS/SRv6/RC ``` network-instance default protocol BGP default global as 17676 global router-id 192.168.255.67 global segment-routing enabled true global afi-safi L3VPN_IPV4_UNICAST ! neighbor 2400:2020:90:ff::66 peer-group COMMON exit ! peer-group COMMON peer-as 17676 transport local-address loopback0 afi-safi L3VPN_IPV4_UNICAST extended-nexthop enable true exit ! ! ! protocol ISIS 200 global net [ 49.9000.1921.6825.5067.00 ] global level-capability LEVEL_2 global srv6 enabled true global srv6 locator name default global af IPV6 UNICAST enabled true multi-topology enabled true exit ! level 2 enabled true exit ! interface swp1 enabled true network-type POINT_TO_POINT af IPV6 UNICAST enabled true ! level 2 enabled true exit ! exit ! interface loopback0 enabled true passive true af IPV6 UNICAST enabled true ! level 2 enabled true exit ! exit ! ! srv6 locator default prefix 2400:2020:a:67::/64 ! ! ``` ## Address Assignment ### Address Range | Prefix | Description | | ------------------------ | -------------------- | | 172.16.0.0/16 | UE | | 172.30.0.0/16 | Sentan Lab | | 100.64.0.0/16 | Mobile Transport | | 192.168.255.0/24 | Management IPv4 | | 198.51.100.0/24 | DN | | 203.0.113.0/27 | Volterra MEC | | 2400:2020:90:ff::/64 | Loopback | | 2400:2020:b0:b00::/56 | MUP-GW gtp4e Locator | | 2400:2020:000a:XX::/64 | default Locator | | 2604:1380:3000:1310::/64 | Management IPv6 | | fc66:4d::/48 | MUP-C gtp4d Locator | | fc66:89d0::/32 | Volterra Locator | ### Management | Hostname | Mgmt v4 Address | Mgmt v6 Address | | ---------- | --------------- |---------------------------------------| | S1(MUP-GW) | 192.168.255.61 | 2604:1380:3000:1310:5054:ff:fe1e:681e | | P1 | 192.168.255.62 | 2604:1380:3000:1310:5054:ff:fe13:957c | | S2 | 192.168.255.63 | 2604:1380:3000:1310:5054:ff:fe19:db99 | | S3 | 192.168.255.64 | 2604:1380:3000:1310:5054:ff:fe0f:6489 | | P2 | 192.168.255.65 | 2604:1380:3000:1310:5054:ff:fe1f:45e8 | | MUP-C | 192.168.255.66 | 2604:1380:3000:1310:5054:ff:fe16:2b56 | | S4 | 192.168.255.67 | 2604:1380:3000:1310:5054:ff:fe1d:e28d | | Middleware | 192.168.255.70 | 2604:1380:3000:1310:5054:ff:fe16:7b8b | | UE-gNB-SMF | 192.168.255.71 | 2604:1380:3000:1310:5054:ff:fe02:7417 | | UPF | 192.168.255.72 | 2604:1380:3000:1310:5054:ff:fe0e:d6fd | | DN | 192.168.255.73 | 2604:1380:3000:1310:5054:ff:fe1d:4d22 | | MEC | 192.168.255.74 | 2604:1380:3000:1310:5054:ff:fe0f:6a2b | | Volterra | 192.168.255.75 | 2604:1380:3000:1310::X | | Volterra-2 | 192.168.255.76 | 2604:1380:3000:1310::Y | | Middleware-2 | 192.168.255.80 | | | Kuma-Agent-2 | 192.168.255.81 | | | Kuma-Agent-2 | 192.168.255.82 | | | Kuma-Middleware-2 | 192.168.255.83 | | ### SRv6 Backbone Loopback & Locator ID | Hostname | Loopback IPv6 Address | Locator ID | Name | | ---------- |-------------------------|------------------------|---------| | mupgw1 | 2400:2020:90:ff::61/128 | 2400:2020:000a:61::/64 | default | | mupgw1 | 2400:2020:90:ff::61/128 | 2400:2020:b0:b00::/56 | gtp4e | | srv6p1 | 2400:2020:90:ff::62/128 | 2400:2020:000a:62::/64 | default | | muppe1 | 2400:2020:90:ff::63/128 | 2400:2020:000a:63::/64 | default | | srv6pe1 | 2400:2020:90:ff::64/128 | 2400:2020:000a:64::/64 | default | | srv6p2 | 2400:2020:90:ff::65/128 | 2400:2020:000a:65::/64 | default | | MUP-C | fc66:2020:90:ff::66/128 | 2400:2020:000a:66::/64 | default | | MUP-C | fc66:2020:90:ff::66/128 | 2400:2020:b0:b00::/56 | gtp4e | | MUP-C | fc66:2020:90:ff::66/128 | fc66:4d::/48 | gtp4d | | muppe2 | 2400:2020:90:ff::67/128 | 2400:2020:000a:67::/64 | default | | MEC | 2400:2020:90:ff::74/128 | 2400:2020:000a:74::/64 | default | | Volterra | 2400:2020:90:ff::75/128 | fc66:89d0::/32 | default | ### L3VPN(Mobile Transport Network) | Hostname | Interface | v4 Address | VRF | RD | import RT | | ----------- | --------- | -------------- | ----- | -------------- | ---------- | | MUP-C | lo0 | 100.64.0.66/24 | | | | | S1 | swp2 | 100.64.1.1/24 | N3RAN | 10.64.1.1:5963 | 17676:4180 | | S1 | N/A | N/A. | N6DN | 10.64.1.1:4989 | 17676:4100 | | gNB-SMF(N3) | ens3 | 100.64.1.2/24 | | | | | MUP-C | swp2 | 100.64.2.1/24 | | | | | gNB-SMF(N4) | ens4 | 100.64.2.2/24 | | | | | MUP-C | swp3 | 100.64.3.1/24 | | | | | UPF(N4) | ens4 | 100.64.3.2/24 | | | | | S3 | swp2 | 100.64.4.2/24 | N3UPF | 自動割り当て | 17676:4180 | | UPF(N3) | ens3 | 100.64.4.1/24 | | | | | S3 | swp4 | 100.64.5.1/24 | N6UPF | | | | UPF(N6) | ens5 | 100.64.5.2/24 | | | | | S2 | swp2 | 100.64.6.1/24 | N6DN | 自動割り当て | 17676:4100 | | DN | ens3 | 100.64.6.2/24 | | | | | S4 | swp2 | 100.64.7.1/24 | N6DN | 自動割り当て | 17676:4100 | | MEC | ens2 | 100.64.7.2/24 | | | | | MEC | ens2 | 100.64.8.0/24 | | | | | P2 | swp3 | 100.64.9.1/24 | N6DN | 自動割り当て | 17676:4100 | | Volterra-1 | ens2 | 100.64.9.2/24 | | | | | S2 | swp3 | 100.64.10.1/24 | N6DN | 自動割り当て | 17676:4100 | | Volterra-2 | ens2 | 100.64.10.2/24 | | | | ## BGP - AS Number: 65182 - Router ID: Mgmt Address ## PFCP-Proxy in MUP-C ### configuration ``` system pfcp-proxy 1 pid 1 smf 100.64.2.2 upf 100.64.3.2 pfcp 100.64.0.66 smf-port 50001 upf-port 50002 timeout 10 ! ``` ### 5GC Parameters | Network Instance Type | Instance Name | | --------------------- | ---------------- | | N3 Network Instance | n3-nw | | N6 Network Instance | dnn.keysight.com | | N4-u Network Instance | n4-nw | ### iptables ``` root@pfcp-proxy:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT udp -- 100.64.2.2 100.64.3.2 udp dpt:8805 to:100.64.0.66 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT udp -- 100.64.0.66 100.64.3.2 udp dpt:8805 to:100.64.2.2 ``` # satoru ## Wiregard ### Choose your ip address | IP Address | User | Pub-key | ---------------- |----------------|------------------------ | 10.244.244.2/24 | satoru |vBdghhhLdFXdu4YqE547N91LuDNifaRcF3SZHSRAsxg= | 10.244.244.3/24 | qoo | ImJUk+sRrHFekl77VFi2PX3qd5EQnA1cMBnBChgKkAQ= | 10.244.244.4/24 | yuyarin |Lh63rGj+d8DPriJbKvhmVDt/avd27+pA1zmh56fDg1w= | 10.244.244.10/24 | sentan |zi2YC7k0wXYz3YHp+fVbC4Gl6P2I3Fm5p5seRKmiYyY= | 10.244.244.11/24 | sentan2 |dC8h7bVuhntmO3rBwKsEkw8oZPZcEZGNuDbLehT8O0M= | 10.244.244.12/24 | satoru(iPad) |iyT0gU5PZEoC+HDTxX+eUYZ0cpHu4NPO96ffffFoJ1g= | 10.244.244.13/24 | Nakamura |txyDMI5/BmpX5dLxiRLWGIUttswkyQiKFLH4jJJHhSc= | 10.244.244.14/24 | Nakamura2 |B6pxm9i3yw6Vn6JFNoGvRDvhPNYCOOPzpcrEl6vydSE= | 10.244.244.15/24 | sentan-aws1 |1ONnyQLGyT0EsYUR9JfYsz2/UxOvmMOCHFpzTOS8G0M= | 10.244.244.16/24 | sentan-aws2 |vBSbctr4XECNXkROgKi7DqS0sFTydFYgjeo7ZDtIBS0= | 10.244.244.17/24 | sentan-aws3(LC Tokyo) |liI/wCIpGhK3F86jjrVJx3AiAVSav6YVD90882EsaWM= | 10.244.244.18/24 | sentan-aws4(LC Soul) |3s/huG/OcHv64DkjOH8S3IDjzn3qP18WzvRlDgAE9j8= | 10.244.244.24/24 | sentan-aws5(shima) |5aakbKLXSvYmCpAPXtzRZR9cDjzmFTL48xa47YmSIhA= | 10.244.244.30/24 | itot-kumagai | raqupO9m2joqS15qjT7J8Qib/GRiV0r/XLfZR5UjfTE= | 10.244.244.31/24 | itot-tajima | NyBXzNme9h2Q+Kvm06lUvveuZZFJz6X2awbBfg80u1k= | 10.244.244.32/24 | core-network | qNCAN1ORtV5IUA5cdV+h3LXeokBeRyeXMwAjoGBwDjU=