Segment Routing for IPv6 Networks (SRv6) Stefano Previdi Distinguished Engineer BRKRST-3123 Agenda • Introduction to Segment Routing • Segment Routing and the IPv6 Source Routing Model • IPv6 Segment Routing Header (SRH) • SRH Procedures • SR-IPv6 Examples • Use Cases • Standardization • Conclusion 3 Introduction to Segment Routing 4 What is Segment Routing ? • An architecture that seeks the right balance between distributed intelligence and centralized optimization and programming. • simplifies operation (lower opex) • enables application-based service creation (new revenue) • allows for better utilization of the installed infrastructure (lower capex) • Applies to both IPv6 and MPLS dataplanes with wide application • (SP, OTT/Web, GET) across (WAN, Metro/Agg, DC) • SDN controller • An architecture designed with SDN in mind • Segment Routing technology is extensively explained in • http://www.segment-routing.net (includes all published IETF drafts) 5 Segment Routing • Source Routing • the source chooses a path and encodes it in the packet header as an ordered list of segments • the rest of the network executes the encoded instructions without any further per-flow state • SR-IPv6: the list of segment is encoded into a new (and secure) Routing Header called the “Segment Routing Header” • Segment: an identifier for any type of instruction • forwarding or service • Segment Routing leverages the benefit of IPv6 • Source routing capability through the use of extension headers • Full interoperability with non-source routing nodes (with no signaling) 6 Segment Routing – Scalability and Virtualization • Each engineered application flow is mapped on a path Millions of Application • millions of paths flow paths • A path is expressed as an ordered list of segments A path is mapped on a • The network maintains segments list of segments • thousands of segments • completely independent of application size/frequency The network only maintains • Excellent scaling and virtualization segments No per-flow • the application state is no longer within the router but application within the packet state 7 Segment Routing - Strong Operator Partnership • Fundamental to the velocity and success • Significant commitment • technical transparency • multi-vendor commitment • Many more operators now involved • Segment Routing MPLS now standardized and (almost) deployed… • Segment Routing IPv6 is getting up to speed • Open and standardized technology • More than 25 drafts under standardization process in IETF WGs: • SPRING, 6MAN, IS-IS, IDR, OSPF, PCE • For both MPLS and IPv6 dataplanes 8 Segment Routing and the IPv6 Source Routing model 9 Segment Routing and the Source Based Routing Model • By combining type of segments (i.e.: instructions) Segment Routing allows to address a variety of use cases from edge to edge Controller AS W Ap SR DC SR WAN BR AS p Z AS Fwrdr TOR Leaf Spine DCI BR core X Ap p BR AS Y Top Segment provides Next segments implement WAN Policy: Last segment Classify flow and ECMP-path to selected . Cost vs Latency Disjointness selects egress push SR segment list DCI . Select egress BR peer 10 Segment Routing and the Source Based Routing Model Wait a Moment !! • There are two ways of using Segment Routing on v6 networks • IPv6 control plane with a MPLS dataplane • IPv6 control plane with a IPv6 dataplane • This presentation covers Segment Routing for IPv6 control & data planes i.e.: no MPLS dataplane is involved… but interop is granted 11 Segment Routing and the Source Based Routing Model • SR-IPv6 allows IPv6 dataplane networks to benefit from all features deployed over the years on MPLS network: • Traffic Engineering • VPNs • Fast Reroute • … • As well as new features such as • Conduit • Service Chaining • BGP Traffic Engineering • BGP Peer Engineering • Application Engineered Routing 12 Segment Routing IPv6 and the Source Based Routing Model • In the source based routing model the source chooses a path and encodes it in the packet header as an ordered list of segments • A new type of the existing IPv6 Routing Extension Header is used for Segment Routing: SRH • The Segment Routing Header (SRH) contains the list of segments • Path state in the packet, not in the network • The segment identifier (SID) is a 128-bit IPv6 address • The Segment List expressing the source routed path is a list of IPv6 addresses 13 Segment Routing IPv6 and the Source Based Routing Model • A segment is an instruction applied to the packet: • IGP-based forwarding construct • BGP-based forwarding construct • local adjacency • service/application • location, • context, … 14 Segment Routing and the IPv6 Dataplane • Segment Routing applies to both IPv6 and MPLS dataplanes • Difference is in the bits encoded in the packet not in the architecture • Enabling SR-IPv6, means that ONLY the nodes that have to process the packet header must have SR-IPv6 dataplane support • All other nodes in the infrastructure are just plain IPv6 nodes IPv6 Hdr Label(C) Label(F) SR Header B C D Label(H) Segments: C,F,H A H IPv4 or IPv6 hdr E F G PAYLOAD PAYLOAD SR-IPv6 SR-MPLS 15 Example of Segments Service Segment to S1 S1 Node segment to C Node segment to C Peer Segment A B C D 1 Adj Segment Z M N O P 2 Peer Segment Node segment to Z • Examples: • Go to this node using shortest path (Node-SID) • Go to this prefix using shortest path (Prefix-SID) • Go through this specific link (no matter what SPT says, Adj-SID) • Go through this egress interface / peering AS (Adj-SID, Peer-SID) • Etc. • Simple protocol extensions allowing advertisement of segments • IGP, BGP, BGPLS, PCEP, … 16 Segment Routing and the Source Based Routing Model • Segment Routing IPv6: • The notion of a “segment” is not new in IPv6 • Routing Extension Header has been defined in RFC 2460 and defines the “segment” • In both RFC 2460 and Segment Routing a segment is identified by an IPv6 address • Segment Routing leverages RFC 2460 Routing Header by defining a new type • Improves Routing Header • Enhance the source routing model • Introduces security • Segment Routing does NOT require a forklift upgrade of the network • SR and non-SR nodes can co-exist • Gradual deployment • Full interoperability • Backward compatibility 17 The Segment Routing Header Insertion Vs. Encapsulation 18 Segment Routing Header and encapsulation • While not explicitly mentioned, RFC2460 assumes only the source is allowed to insert a routing header – Remember: the SRH is a type of routing header • Segment Routing for IPv6 allows multiple operational modes – All compliant to base IPv6 specification 19 Insertion Vs. Encapsulation • Header Insertion at the Source: – Source originates the packet with the SRH – SRH is kept and used along the path – Packet is delivered to destination with the SRH (plain IPv6 operations) > Optionally, the SRH may be removed prior to deliver the packet to destination – Use case: source is SRv6 capable Source C D IPv6 Hdr: SA=A, DA=D A IPv6 Hdr: SA=A, DA=G IPv6 Hdr: SA=A, DA=B SR Hdr: SL= B, D, G, Z Destination SR Hdr: SL= B, D, G, Z SR Hdr: SL= B, D, G, Z B PAYLOAD PAYLOAD Z PAYLOAD Ingress E F G IPv6 Hdr: SA=A, DA=Z Egress SR Hdr: SL= B, D, G, Z PAYLOAD SR domain 20 Insertion Vs. Encapsulation • Header Insertion at Ingress: – Source originates the packet without any SRH – SRH is inserted at ingress – SRH is removed prior to deliver the packet to the destination – Use case: source is not SRv6 capable Source C D IPv6 Hdr: SA=A, DA=D A IPv6 Hdr: SA=A, DA=G SR Hdr: SL= D, G, Z Destination IPv6 Hdr: SA=A, DA=Z B SR Hdr: SL= D, G, Z PAYLOAD PAYLOAD Z Ingress PAYLOAD E F G IPv6 Hdr: SA=A, DA=Z PAYLOAD Egress SR domain 21 Insertion Vs. Encapsulation • Encapsulation at Ingress : – Source originates the packet without any SRH – Ingress encapsulates the incoming packet into a new outer IPv6 header followed by the SRH – Packet is decapsulated at egress (both outer IPv6 header and SRH are removed) – Use Case: Source B C IPv6 Hdr: SA=A, DA=C A IPv6 Hdr: SA=A, DA=E IPv6 Hdr: SA=A, DA=Z SR Hdr: SL= C, E Destination A SR Hdr: SL= C, E PAYLOAD IPv6 Hdr: SA=A, DA=Z IPv6 Hdr: SA=A, DA=Z Z Ingress PAYLOAD PAYLOAD B D IPv6 Hdr: SA=A, DA=Z E PAYLOAD Egress SR domain 22 Segment Routing Example 23 Example of Explicit Path • How to express an explicit (source routed) path knowing that: • Nodes may represent routers, hosts, servers, application instances, services, chains of services, etc. • A path is encoded into the packet by the originator (or ingress) node using a list of IPv6 addresses • The network may have plurality of nodes not all supporting Segment Routing • A path can be “loose” or “strict” • Likely to be loose… • A single mechanism, a single placeholder where the “path” of the packet is expressed 24 SR-IPv6 Explicit Path Example • In following topology: B C D – Q: How to best express path: [A, B, C, F, G, H] A H • Note well: node A has two shortest E F G paths to C (ECMP) • A: Source rooted path with segments: [C,F,H] First segment: set of shortest paths from A to C (ECMP aware) Second segment: adjacency/link from C to F Third segment: shortest path from F to H • Loose Source Routing B C D A H E F G 25 SR-IPv6 Explicit Path Example Interoperability B C D A H E F G • Not all nodes needs to be SR capable • Example: – Traffic Engineering from A to H through path ABCFGH – Nodes A, C and F are SR capable – Nodes B, D, E, G and H are plain ipv6 forwarders 26 SR-IPv6 Explicit Path Example B C IPv6 Hdr: SA=A, DA=C SR Hdr: SL= C, F, H A PAYLOAD • At node A: – Path is computed or received by a controller (e.g.: SDN Controller) – Path is instantiated