INTRODUCTION TO SRv6
The SP core networking landscape has undergone significant transformation—from early forwarding models based on ATM and Frame Relay, to MPLS label switching, to SR-MPLS source routing, and now to native IPv6-based forwarding with SRv6. Historically, routing was seen as lower performance compared to switching; however, SRv6 changes this narrative. It combines routing intelligence with hardware-accelerated performance, offering capabilities that rival or exceed traditional MPLS-based forwarding. Despite involving routing decisions at every hop, SRv6 differs from conventional IP routing: it does not require maintaining a full routing table per destination. Instead, it forwards based on a compact set of prefix-SIDs distributed via IGP (typically IS-IS or OSPFv3), enabling stateless source routing with rich service-awareness. This architecture allows SRv6 to scale efficiently while offering programmability, service chaining, and integrated telemetry without complex tunnel overlays.
INTRODUCTION TO BGP-EVPN VXLAN FABRICS
Data center networking has evolved significantly over time. What began with classic LAN designs based on Spanning Tree Protocol (STP) and inter-VLAN routing with First Hop Redundancy Protocols (FHRPs) has transitioned into modern overlays like VXLAN. Today, many data centers use VXLAN with BGP EVPN as the control plane, enabling scalable and efficient multi-tenant networks. While this model has worked well within the data center, service providers are increasingly advocating for SRv6 as the next-generation fabric forwarding solution. The rationale is clear: SRv6 is simpler than existing solutions, inherently scalable, and IPv6-native—eliminating the complexity of IPv4 address exhaustion. Most importantly, SRv6 enables true end-to-end uniformity across the provider and data center domains. This uniformity is not just a technical advantage—it is foundational to achieving cohesive orchestration, streamlined operations, and consistent security across the entire infrastructure. In today’s fragmented landscape, pursuing such end-to-end alignment is not only beneficial—it is essential.
Inter-working/Inter-networking between DC and Transport
While a fully evolved SRv6-based data center fabric represents an ideal future state, it’s clear that the industry will take time to reach that level of adoption. In the interim, what will prevail is interworking—or internetworking, if you prefer—between existing DC architectures and SRv6-based transport networks. The goal is simple yet critical: to exchange routes effectively between the data center and the transport domain, while preserving the strengths and operational models of both. This delicate balance is made possible through BGP, which continues to serve as the foundational control plane that enables interoperability at scale. Its flexibility, extensibility, and resilience have made BGP the backbone of modern networking—and it remains just as vital in stitching together disjointed architectures into a cohesive, forward-looking fabric.
Topology
Devices used:
Cisco Nexus9k : Nexus9000 GX2B switch
XR : NCS5501
XRv : ASR9000v
In this topology, we have two SRv6 available paths: one shorter and one longer, with three virtual routers. This design intentionally introduces path diversity to enable future demonstrations of SRv6-based traffic engineering. For the sake of brevity, the configuration examples in this document will focus on just three key devices: the Nexus GX2B (DC leaf), XR1 (transit), and XR2 (edge PE).
Here we are trying to achieve l3vpn over SRv6 Data-plane.
Configurations
Nexus 9k(GX2B)
install feature-set mpls
feature-set mpls
nv overlay evpn
feature bgp
feature pim
feature isis
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature ngoam
feature srv6
feature ofm
!
interface loopback1
ip address 10.3.0.2/32
ipv6 address fc00::4/128
ipv6 router isis SRISIS
!
interface Ethernet1/27
ipv6 address 2001::1/126
ipv6 router isis SRISIS
!
interface Vlan2301
description VXLAN-Prod-BD
no shutdown
vrf member vxlan-prod
ip address 192.20.1.254/24 tag 12345
ipv6 address abcd::1/64 tag 12345
fabric forwarding mode anycast-gateway
!
router isis SRISIS
net 49.0000.0000.0000.0004.00
is-type level-2
metric-style transition
address-family ipv6 unicast
segment-routing srv6
locator myLoc
!
router bgp 65100
router-id 10.2.0.2
segment-routing srv6
locator myLoc
alloc mode per-vrf
address-family ipv4 unicast
redistribute direct route-map fabric-rmap-redist-subnet
address-family ipv6 unicast
redistribute direct route-map fabric-rmap-redist-subnet
neighbor fc00::2
remote-as 65500
update-source loopback1
ebgp-multihop 5
address-family ipv4 unicast
address-family ipv6 unicast
address-family vpnv4 unicast
send-community
send-community extended
import l2vpn evpn reoriginate
address-family vpnv6 unicast
send-community
send-community extended
import l2vpn evpn reoriginate
neighbor 10.2.0.3
remote-as 65100
description to-Nxos-Spine-BGW
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf vxlan-prod
segment-routing srv6
alloc mode per-vrf
address-family ipv4 unicast
advertise l2vpn evpn
redistribute direct route-map fabric-rmap-redist-subnet
maximum-paths ibgp 2
address-family ipv6 unicast
advertise l2vpn evpn
redistribute direct route-map fabric-rmap-redist-subnet
maximum-paths ibgp 2
!
segment-routing
srv6
locators
locator myLoc
prefix fc00:1:1:4::/64
!
vrf context vxlan-prod
vni 2883590
rd auto
address-family ipv4 unicast
route-target import 50000:1
route-target export 50000:1
XR1(Transit)
!
interface FortyGigE0/0/1/2
desc "Towards DC"
ipv6 address 2001::2/126
ipv6 enable
!
interface Loopback0
ipv4 address 10.100.0.1 255.255.255.255
ipv6 address fc00::1/128
!
interface FortyGigE0/0/1/1
desc "towards ISP core"
ipv4 address 132.1.1.1 255.255.255.252
ipv6 enable
!
router isis SRISIS
is-type level-2-only
net 49.0000.0000.0000.0001.00
address-family ipv6 unicast
metric-style wide
single-topology
segment-routing srv6
locator myLoc
!
!
!
interface Loopback0
address-family ipv6 unicast
!
!
interface TenGigE0/0/0/16
address-family ipv6 unicast
!
!
interface FortyGigE0/0/1/0
address-family ipv6 unicast
!
!
segment-routing
global-block 16000 23999
srv6
locators
locator myLoc
prefix ac00:1:1:1::/64
!
XR2 (PE)
!
interface Loopback0
ipv4 address 10.100.0.2 255.255.255.255
ipv6 address fc00::2/128
!
interface Loopback3
vrf DATA
ipv4 address 3.3.3.3 255.255.255.255
ipv6 address abc3::1/64
!
interface FortyGigE0/0/1/0
ipv6 enable
!
segment-routing
global-block 16000 23999
!
srv6
locators
locator myLoc
prefix fc00:1:1:2::/64
!
router bgp 65500
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
!
address-family vpnv6 unicast
!
neighbor fc00::4
remote-as 65100
ebgp-multihop 5
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS_ALL in
route-policy PASS_ALL out
!
address-family vpnv6 unicast
route-policy PASS_ALL in
route-policy PASS_ALL out
!
!
vrf DATA
rd 50000:1
address-family ipv4 unicast
segment-routing srv6
locator myLoc
alloc mode per-vrf
!
redistribute connected
!
address-family ipv6 unicast
segment-routing srv6
locator myLoc
alloc mode per-vrf
!
redistribute connected
!
!
!
Verification:
Nexus 9k will have just vpnv4 neighborship with XR2 , i.e. PE router (fc00::2)
below we see srv6 sid table and vpnv4 neighborship
Nexus 9k(GX2B)# show srv6 sid *** Locator: 'myLoc' *** SID Function Context Owner State RW -------------------------- -------------------- ------------------------------------------------ --------------- -------------- ---- fc00:1:1:4:1:: End (PSP) 'default' sidmgr_internal InUse Y fc00:1:1:4:4:: End 'default' sidmgr_internal InUse Y fc00:1:1:4:12:: End.OTP ngoam InUse Y fc00:1:1:4:42:: End.DT46 'default' bgp-65100 InUse Y fc00:1:1:4:43:: End.DT46 'vxlan-prod' bgp-65100 InUse Y Nexus 9k(GX2B)# sh bgp vpnv4 un summary BGP summary information for VRF default, address family VPNv4 Unicast BGP router identifier 10.2.0.2, local AS number 65100 BGP table version is 161, VPNv4 Unicast config peers 1, capable peers 1 8 network entries and 9 paths using 2392 bytes of memory BGP attribute entries [1/368], BGP AS path entries [1/6] BGP community entries [0/0], BGP clusterlist entries [1/4] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd fc00::2 4 65500 14299 14292 161 0 0 6d02h 1
Now, lets see how the IP addresses are learned on Nexus. This IP is residing in vrf at the XR2 (PE) router.
Nexus 9k(GX2B)# sh ip route vrf vxlan-prod
IP Route Table for VRF "vxlan-prod"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
3.1.1.1/32, ubest/mbest: 2/0, attached
*via 3.1.1.1, Lo3, [0/0], 1w4d, local, tag 12345
*via 3.1.1.1, Lo3, [0/0], 1w4d, direct, tag 12345
3.3.3.3/32, ubest/mbest: 1/0
*via fe80::c28b:2aff:feb3:d0c8%default, Eth1/27, [20/0], 00:14:20, bgp-65100, external, tag 65500
192.20.1.0/24, ubest/mbest: 1/0, attached
*via 192.20.1.254, Vlan2301, [0/0], 3w1d, direct, tag 12345
192.20.1.11/32, ubest/mbest: 1/0, attached
*via 192.20.1.11, Vlan2301, [190/0], 3w1d, hmm
Nexus 9k(GX2B)# show bgp vpnv4 unicast 3.3.3.3/32 vrf vxlan-prod
BGP routing table information for VRF default, address family VPNv4 Unicast
Route Distinguisher: 10.2.0.2:5 (VRF vxlan-prod)
BGP routing table entry for 3.3.3.3/32, version 109
Paths: (1 available, best #1)
Flags: (0x800c001a) (high32 0x000020) on xmit-list, is in urib, is best urib route, is in HW, exported
vpn: version 164, (0x00000000100002) on xmit-list
local sid: fc00:1:1:4:43::
Advertised path-id 1, VPN AF advertised path-id 1
Path type: external, path is valid, is best path, no labeled nexthop, in rib
Imported from 50000:1:3.3.3.3/32
AS-Path: 65500 , path sourced external to AS
fc00:1:1:2:: (metric 12) from fc00::2 (10.100.0.2)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 64
Extcommunity: RT:50000:1 RT:65100:60 COLOR:2000 PCTAG:0:0:0
Prefix-SID Attribute: Length: 37
SRv6 SID TLV: Length 34 Sub type: 1 IPv6 SID fc00:1:1:2::
Function-Length 16 Tpose-Length 16 TPose-Offset 64
Nexus 9k(GX2B)# ping 3.3.3.3 vrf vxlan-prod
PING 3.3.3.3 (3.3.3.3): 56 data bytes
64 bytes from 3.3.3.3: icmp_seq=0 ttl=255 time=1.727 ms
64 bytes from 3.3.3.3: icmp_seq=1 ttl=255 time=1.084 ms
64 bytes from 3.3.3.3: icmp_seq=2 ttl=255 time=0.818 ms
64 bytes from 3.3.3.3: icmp_seq=3 ttl=255 time=0.877 ms
64 bytes from 3.3.3.3: icmp_seq=4 ttl=255 time=0.99 ms
--- 3.3.3.3 ping statistics ---
I think this is enough of the configs and verification. Lets see some packet capture and how does it look when we ping in SRv6.
Notice the destination address and then notice below output. The destination given below is the service sid that was generated by the XR router when we configured SRv6. This service SID is of type DT4 means Decap and Transit to IPv4 routing table.
When a packet reaches a router with the DT4 segment:
- The outer IPv6 + SRH headers are removed (decapsulation).
- The inner payload, typically an IPv4 packet, is extracted.
- The inner IPv4 packet is then forwarded using the local IPv4 routing table.
XR2#show segment-routing srv6 sid
Thu Aug 7 13:47:40.089 UTC
*** Locator: 'myLoc' ***
SID Behavior Context Owner State RW
-------------------------- ---------------- ------------------------------ ------------------ ----- --
fc00:1:1:2:1:: End (PSP/USD) 'default':1 sidmgr InUse Y
fc00:1:1:2:40:: End.DT4 'DATA' bgp-65500 InUse Y
fc00:1:1:2:41:: End.X (PSP/USD) [Fo0/0/1/0, Link-Local] isis-SRISIS InUse Y
fc00:1:1:2:42:: End.DT6 'DATA' bgp-65500 InUse Y
fc00:1:1:2:43:: End.X (PSP/USD) [Te0/0/0/16, Link-Local] isis-SRISIS InUse Y Conclusion
The transition to SRv6 represents a significant step forward in simplifying, unifying, and scaling modern network architectures. While a fully native SRv6 fabric in the data center remains a future goal, today’s networks demand practical interworking between VXLAN EVPN-based DC fabrics and SRv6-enabled transport cores. This seamless handoff preserves the operational strengths of both domains—leveraging BGP as the trusted control plane to bridge them. By enabling stateless service delivery, programmable routing, and transport-agnostic integration, SRv6 positions itself as the foundation for end-to-end uniformity, orchestration, and observability. As the industry evolves, adopting SRv6 not only simplifies the network—it future-proofs it.