Instructions for using this template€¦ · Segment Routing for IPv6 data plane (SRv6) SDN...
Transcript of Instructions for using this template€¦ · Segment Routing for IPv6 data plane (SRv6) SDN...
Issue Date:
Revision:
Segment Routing for
IPv6 data plane (SRv6)SDN Workshop
[Date]
[xx]
WSDN01_v0.1
Disclaimer
The work on SRv6 within the IETF SPRING working group is
still in progress and rapidly evolving. This section of the
workshop aims to introduce the topic of SRv6 based on the
most current versions of IETF drafts. Some of these drafts
have a long way to go before they are published and may
change substantially from what is discussed here. The
workshop participant is encouraged to refer to the latest
versions of these documents to ensure that any recent
changes are appreciated.
3
Overview
• In a nutshell
• IPv6 data plane
• SRH
• Basic use cases
• NetPGM use cases
• References
4
5
In a nutshell
SDN architectural framework
6
Application
PlaneApplication Service
Topology Discovery & Management
Network Devices – IP/MPLS/Transport
Southbound Interfaces
REST/RESTCONF/NETCONF/XMPP
Control
Plane
(controller)
Traffic Engineering
Route selection & failover
Resource Management
BGP-LS PCE-Pi2RS
SNMP MIBs OpenFlow YANG
Configuration
Open
FlowSNMP Netconf
Data
Plane
BGP PCCRIBs
RSVP-TE
East/West-
bound
interfaces –
BGP
IPFIXForCES
Northbound Interfaces
Note: designations of north-bound and south-bound are relative to the control plane (“controller”)
Device & Resource Abstraction Layer (DAL)
Network Services Abstraction Layer
Segment
Routing
Segment routing: in a nutshell…
7
The source determines the path a packet should take
By encoding the path within the packet as a sequence of segments or instructions.
To reduce network state and allow centralised computation of paths
What?
How?
Why?
8
IPv6 data plane
IPv6 data plane
• Requires a new type of Routing Header
• A segment is encoded as an IPv6 address (prefix-SID is the prefix
itself).
• SRv6 Segment (abbreviated as SRv6 SID) is a 128-bit value
• An ordered list of segments is encoded as an ordered list of IPv6 SIDs
in the routing header
• The active segment is indicated by the Destination Address (DA) of the
packet. The DA of the packet changes at each segment completion.
The final DA of the packet is encoded as the last segment of the path
• The next active segment is indicated by a pointer (SegmentsLeft) in the
new routing header (SRH)
9
10
Segment
Routing Header
(SRH)
IPv6 refresher - header
11
next header:
- header immediately
following the IPv6
header
- uses same values as the
IPv4 protocol field
next header hop limit
source address (128-bit IPv6 address)
32 bits
version traffic class flow label
payload length
destination address (128-bit IPv6 address)
IPv6 refresher – extension headers
12
• Separate headers placed between the IPv6 header and the upper-
layer header in a packet
• Protocol numbers from IANA IP Protocol Numbers, the same values
used for IPv4 and IPv6: – https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
1 – ICMP
4 – IPv4
6 – TCP
17 – UDP
41 – IPv6
43 – IPv6 Routing Header
44 – IPv6 Fragment Header
• Extension headers can only be processed by the node identified in the
Destination Address field of the IPv6 header.
IPv6 refresher – Routing header
13
• Lists one or more intermediate nodes to be visited on the way to a
packet’s destination (Next Header value = 43)
next header:
- header immediately
following the SRH
routing type:
- Identifies the
particular Routing
header variant
- 2: Type 2 Routing
Header
- 4: Segment Routing
Header
segments left:
- number of explicitly
listed intermediate
nodes still to be
visited before reaching
the final destination
32 bits
next header hdr ext len routing type segments left
type-specific data
For the node processing the Routing
header (identified by the Destination
Address), the Segments Left field has
to be zero.
Segment Routing Header (SRH)
14
next header:
- header immediately
following the SRH
segments left:
- index of the next
segment to inspect
last entry:
- index of last element of
the segment list (zero-
based)
- equal to number of
intermediate nodes
segment list:
- list of segments in
reverse order i.e.
segment_list[n] is the
first node
segment_list[0] is the
last node
Optional TLVs:
- Currently only HMAC and
PAD TLVs defined
last entry flags
segment list[0] (128 bits IPv6 address)
32 bits
next header hdr ext len routing type segments left
tag
segment list[n] (128 bits IPv6 address)
optional TLVs
. . .
Definitions
• SR Global Block:
– set of global SRv6 SIDs in the SR domain
• SR Local Block (SRLB)
– set of local IPv6 addresses reserved for local SRv6 SIDs
• Global segment
– SID based on routable IPv6 address
• Local segment
– SID based on non-routable IPv6 address
• Prefix SID
– an IPv6 address that is explicitly instantiated as an SRv6 SID
15
Segment operations
16
Operation Segment Routing
semantic
IPv6 data plane
PUSH Insertion of a segment at the top
of the segment list
Setting of the first segment
in the IPv6 Segment
Routing Header
NEXT Signals completion of active
segment and activation of the
next segment in the segment list
Activation of the next
segment in the IPv6
Segment Routing Header
segment list by copying it
from the SRH to the
destination address of the
SRv6 header
CONTINUE Signals that the currently active
segment is not yet complete and
needs to remain active
Standard IPv6 forwarding
based on destination
address
SR node types (1)
17
R2 R4R3R1 R5
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SR Source Node
• Originates packets with a segment in the destination
address of the IPv6 header
• Packet may or may not contain an SRH
• Either:
• A host originating an IPv6 packet
• A router encapsulating a received packet in an outer
IPv6 header
SR node types (2)
18
R2 R4R3R1 R5
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
Transit Node
• Any IPv6 node where the destination address of the IPv6
packet does not match a locally configured segment or
interface.
• May or may not be an SR node
• Performs standard IPv6 routing
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SR node types (3)
19
R2 R4R3R1 R5
SRH
IPv6
SL: 0
SList:
{R3,R5}
SA: R1
DA: R5
SR Segment Endpoint Node
• Any IPv6 node where the destination address of the IPv6
packet does matches a locally configured segment or
interface.
• Performs SRH processing (if one exists):
• Decrements Segments Left
• Sets DA to next address in Segment List
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SR node types (4)
20
R2 R4R3R1 R5
SRH
IPv6
SL: 0
SList:
{R3,R5}
SA: R1
DA: R5
Transit Node
• Any IPv6 node where the destination address of the IPv6
packet does not match a locally configured segment or
interface.
• May or may not be an SR node
• Performs standard IPv6 routing
SRH
IPv6
SL: 0
SList:
{R3,R5}
SA: R1
DA: R5
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SR node types (5)
21
R2 R4R3R1 R5
SR Segment Endpoint Node (ultimate endpoint)
• Any IPv6 node where the destination address of the IPv6
packet does matches a locally configured segment or
interface.
• Process upper-layer header
SRH
IPv6
SL: 0
SList:
{R3,R5}
SA: R1
DA: R5
SRH
IPv6
SL: 0
SList:
{R3,R5}
SA: R1
DA: R5
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SRH
IPv6
SL: 1
SList:
{R3,R5}
SA: R1
DA: R3
SRv6 packet processing (1)
22
• SR Source Node:– Steers packet into an SR policy
– If segment list contains a single segment, SRH may not be required
– Building the SRH:
Set SA = address of source SR node/SR-domain ingress node
Set DA = value of the first segment
Set first element of segment list = last segment
Set second element of segment list = penultimate segment
<and so on – segment list is encoded in the reverse order of the path>
Set Segments Left = n-1
where n = number of elements in the Segment List
Set Last Entry field = n-1
where n = number of elements in the Segment List
SRv6 packet processing (2)
23
• Transit Node:– Not allowed to inspect the Routing Extension Header (as per RFC8200)
– Only has to forward the packet towards the Destination Address according
to its IPv6 routing table
– A SID in the DA is routed through an IPv6 network like any other IPv6
address
SRv6 packet processing (3)
24
• SR Segment Endpoint Node:– Creates FIB entries for its local SIDs
– If lookup of IPv6 packet destination address matches a locally instantiated
SRv6 SID, the node processes the ‘next header’ chain of the IPv6 header
– Processing the SRH:
If Segments Left == 0
Process the next header in the packet as
identified by the Next Header field
Else
Decrement Segments Left by 1
Set DA = Segment List[Segments Left] from the SRH
FIB lookup on updated DA
Forward according to the matched entry
Securing the SR domain
25
• Two levels of access control:
1. Drop any packet entering the SR domain and destined to a SID
within the SR domain:
• Configured on all external interfaces of edge nodes
2. On every node in the SR domain, drop any packet to SIDs from
source addresses outside the SR domain:
• Configured on all internal interfaces of all SR nodes in the domain
26
Basic SRv6 Use
Cases
27
• Addressing:
– Global SRv6 SIDs
– Node SID values
• 2001:db8::/64
– Infrastructure addressing
• 2001:db8::/48
Use cases:
Base topology
27
Topology (1)
28
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128 SID: 2001:db8::14/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SR Domain
edge routers
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Topology (2)
29
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SR Domain
routers
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
30
• Perimeter security
• Per-node security
Securing the
domain
30
Securing the domain (1)
31
CE2CE1
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SR Domain
If (DA or SA in 2001:db8::/64)
Drop the packet
If (DA or SA in 2001:db8::/64)
Drop the packet
Secure the perimeter
R10 R20SID: 2001:db8::A/128
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R1 R3
R4 R6
R2
R5
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Securing the domain (2)
32
CE2CE1
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
Per-node protection
R1 R3
R4 R6
R2
R5
R10 R20SID: 2001:db8::A/128
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
If (DA in 2001:db8::/64)
AND (SA (NOT in
2001:db8::/48))
Drop the packet
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR Domain
33
• Routing:
– According to SR policy
Use case 1:
Intra-SR domain
TE packet flow
33
Intra-SR domain TE packet flow (1)
34
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:
• Deliver traffic
between H1 and
H2 via R5
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Intra-SR domain TE packet flow (2)
35
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:
• Deliver traffic
between H1 and
H2 via R5
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
SRH
IPv6
SL: 1
SList:
{R5,H2}
SA: H1
DA: R5
Payload
1. H1 builds IPv6 packet with SRH
• SA=H1
• DA=R5 (first intermediate node)
• SRH:
• Segments Left = 1
• Seg List is {R5, H2}
2. H1 does FIB lookup for R5 and sends to R1
3. H1 is an SR source node for this SR packet.
Intra-SR domain TE packet flow (3)
36
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R1 does FIB lookup for R5. Since it
is not a local address, it routes to it
via the shortest path which is the
direct link to R5.
2. R1 is a transit node for this SR
packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SRH
IPv6
SL: 1
SList:
{R5,H2}
SA: H1
DA: R5
Payload
Objectives:
• Deliver traffic
between H1 and
H2 via R5
Intra-SR domain TE packet flow (4)
37
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R5 does FIB lookup for R5. Since it is a locally defined SID, it processes the SRH and updates the IPv6 packet:
• SA=H1 (unchanged)• DA=H2 (next segment in list)• SRH:
• Decrement Segments Left by 1 => Segments Left = 0• Seg List is {R5, H2}
2. H1 does FIB lookup for H2 and routes to it via the shortest path which is via the direct link to R3.
3. R5 is an SR Segment Endpoint node for this SR packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SRH
IPv6
SL: 0
SList:
{R5,H2}
SA: H1
DA: H2
Payload
Objectives:
• Deliver traffic
between H1 and
H2 via R5
Intra-SR domain TE packet flow (5)
38
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R3 does FIB lookup for H2. Since it
is not a local address, it routes to it
via the direct link to H2.
2. R3 is a transit node for this SR
packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SRH
IPv6
SL: 0
SList:
{R5,H2}
SA: H1
DA: H2
Payload
Objectives:
• Deliver traffic
between H1 and
H2 via R5
Intra-SR domain TE packet flow (6)
39
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 1
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. H2 does FIB lookup for H2. Since it is a locally defined SID, it processes the SRH:
• Segments Left = 0 so packet is valid• SRH:
• Look at Next Header value to determine upper-layer protocol2. Process upper-layer payload3. H2 is an SR Segment Endpoint node for this SR packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SRH
IPv6
SL: 0
SList:
{R5,H2}
SA: H1
DA: H2
Payload
Objectives:
• Deliver traffic
between H1 and
H2 via R5
40
• Routing:
– Shortest path
Use case 2:
Intra-SR domain
packet flow
40
Intra-SR domain packet flow (1)
41
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Intra-SR domain packet flow (2)
42
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
IPv6 SA: H1
DA: H2
Payload
1. H1 builds IPv6 packet with no SRH
• SA=H1
• DA=H2
2. H1 does FIB lookup for H2 and sends
to R1
3. H1 is an SR source node for this SR
packet.
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
Intra-SR domain packet flow (3)
43
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R1 does FIB lookup for H2. Since it
is not a local address, it routes to it
via the shortest path which is the link
to R2.
2. R1 is a transit node for this SR
packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
IPv6 SA: H1
DA: H2
Payload
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
Intra-SR domain packet flow (4)
44
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R2 does FIB lookup for H2. Since it
is not a local address, it routes to it
via the shortest path which is the link
to R3.
2. R2 is a transit node for this SR
packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
IPv6 SA: H1
DA: H2
Payload
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
Intra-SR domain packet flow (4)
45
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. R3 does FIB lookup for H2. Since it
is not a local address, it routes to it
via the shortest path which is the
direct link to H2.
2. R3 is a transit node for this SR
packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
IPv6 SA: H1
DA: H2
Payload
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
Intra-SR domain packet flow (5)
46
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
SID: 2001:db8::14/128
1. H2 does FIB lookup for H2. Since it is a locally defined SID, it processes the IPv6 packet:• Look at Next Header value to determine upper-layer protocol
2. Process upper-layer payload3. H2 is an SR Segment Endpoint node for this SR packet.
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 2
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
IPv6 SA: H1
DA: H2
Payload
Objectives:
• Deliver traffic
between H1 and
H2 via the
shortest path
Observations
• When an SRH is not used (as in the case of shortest path
routing) routing behaviour is indistinguishable from
standard IPv6 routing.
• The one thing to be aware of (and is implied) is that the
Destination Address of the outer IPv6 header is explicitly
instantiated as an SRv6 SID. However, it is routed through
the IPv6 network as any other IPv6 packet.
47
48
• Routing:
– According to SR policy
Use case 3:
Inter-SR domain
TE packet flow
48
Inter-SR domain TE packet flow (1)
49
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Inter-SR domain TE packet flow (2)
50
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
Data packet 1. CE1 sends a data packet to R10 –
could be IPv4, IPv6, L2 etc.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Inter-SR domain TE packet flow (3)
51
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
SRH
IPv6
SL: 3
SList:
{R4,R2,R6,R20}
SA: R10
DA: R4
Payload
1. R10 builds IPv6 packet with SRH
• SA=R10
• DA=R4 (first intermediate node)
• SRH:
• Segments Left = 3
• Seg List is {R4,R2,R6,R20}
• Payload is the packet received from CE1
2. R10 does FIB lookup for R4 and sends it via direct link to R4
3. R10 is an SR source node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Inter-SR domain TE packet flow (4)
52
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
SRH
IPv6
SL: 2
SList:
{R4,R2,R6,R20}
SA: R10
DA: R2
Payload
1. R4 does FIB lookup for R4. Since it is a locally defined SID, it processes the SRH and updates the IPv6 packet:
• SA=R10 (unchanged)• DA=R2 (next segment in list)• SRH:
• Decrement Segments Left by 1 => Segments Left = 2• Seg List is {R4,R2,R6,R20} (unchanged)
2. R4 does FIB lookup for R2 and routes to it via the shortest path which is via the direct link to R2.
3. R4 is an SR Segment Endpoint node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Inter-SR domain TE packet flow (5)
53
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
SRH
IPv6
SL: 1
SList:
{R4,R2,R6,R20}
SA: R10
DA: R6
Payload
1. R2 does FIB lookup for R2. Since it is a locally defined SID, it processes the SRH and updates the IPv6 packet:
• SA=R10 (unchanged)• DA=R6 (next segment in list)• SRH:
• Decrement Segments Left by 1 => Segments Left = 1• Seg List is {R4,R2,R6,R20} (unchanged)
2. R2 does FIB lookup for R6 and routes to it via the shortest path which is via the direct link to R6.
3. R2 is an SR Segment Endpoint node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Inter-SR domain TE packet flow (6)
54
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
SRH
IPv6
SL: 0
SList:
{R4,R2,R6,R20}
SA: R10
DA: R20
Payload
1. R6 does FIB lookup for R6. Since it is a locally defined SID, it processes the SRH and updates the IPv6 packet:
• SA=R10 (unchanged)• DA=R20 (next segment in list)• SRH:
• Decrement Segments Left by 1 => Segments Left = 0• Seg List is {R4,R2,R6,R20} (unchanged)
2. R6 does FIB lookup for R20 and routes to it via the shortest path which is via the direct link to R20.
3. R6 is an SR Segment Endpoint node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Inter-SR domain TE packet flow (6)
55
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 3
Routing TE
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
1. R20 does FIB lookup for R20. Since it is a locally defined SID, it processes the SRH:
• Segments Left = 0 so packet is valid• SRH:
• Look at Next Header value to determine upper-layer protocol2. Process upper-layer payload => send packet to CE23. R20 is an SR Segment Endpoint node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via R4,
R2 and R6
Data packet
56
• Routing:
– Shortest path
Use case 4:
Inter-SR domain
packet flow
56
Inter-SR domain packet flow (1)
57
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
SID: 2001:db8::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Inter-SR domain packet flow (2)
58
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
Data packet 1. CE1 sends a data packet to R10 –
could be IPv4, IPv6, L2 etc.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Inter-SR domain packet flow (3)
59
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
IPv6 SA: R10
DA: R20
Payload
1. R10 builds IPv6 packet with no SRH
• SA=R10
• DA=R20
• Payload is packet received from CE1
2. R10 does FIB lookup for R20 and sends it via link to R1
3. R10 is an SR source node for this SR packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Inter-SR domain packet flow (4)
60
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
IPv6 SA: R10
DA: R20
Payload
1. R1 does FIB lookup for R20. Since it
is not a local address, it routes to it
via the shortest path which is the link
to R2.
2. R1 is a transit node for this SR
packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Inter-SR domain packet flow (5)
61
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
IPv6 SA: R10
DA: R20
Payload
1. R2 does FIB lookup for R20. Since it
is not a local address, it routes to it
via the shortest path which is the link
to R3.
2. R2 is a transit node for this SR
packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Inter-SR domain packet flow (6)
62
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
IPv6 SA: R10
DA: R20
Payload
1. R3 does FIB lookup for R20. Since it
is not a local address, it routes to it
via the shortest path which is the link
to R20.
2. R3 is a transit node for this SR
packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Inter-SR domain packet flow (6)
63
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SID: 2001:db8::1/128
Use case 4
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/64
Infrastructure 2001:db8::/48
SID: 2001:db8::2/128 SID: 2001:db8::3/128
SID: 2001:db8::4/128 SID: 2001:db8::5/128 SID: 2001:db8::6/128
SID: 2001:db8::A/128
SR Domain
H1 H2
SID: 2001:db8::101/128 SID: 2001:db8::102/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SID: 2001:db8::14/128
1. R20 does FIB lookup for R20. Since it is a locally defined SID, it processes the IPv6 packet:• Look at Next Header value to determine upper-
layer protocol2. Process upper-layer payload => send packet to
CE23. R20 is an SR Segment Endpoint node for this SR
packet.
Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
Data packet
64
SRv6 Network
Programming
SRv6 Network Programming
• Mechanism to specify a packet processing program by encoding a
sequence of instructions in the IPv6 packet header
• Each instruction is implemented by a node in the network and is
identified by an SRv6 Segment Identifier (SID) in the packet
• An instruction represents a function to be called at a specific location in
the network
– The semantics of the function are local to the node – from simple topological
instructions to complex behaviour
• Allows creation of overlay services together with underlay optimisation
65
Network Programming: combining simple
and complex Segment Routing functions to
achieve a networking objective that goes
beyond mere packet routing.
Terminology
• SRv6 SID function:
– Opaque part of the SID that identifies a local behaviour bound to the SID
• Arguments:
– Information related to the flow, service or any other information required by the
associated function
• SRv6 segment behaviour:
– Packet processing behaviour implemented at an SRv6 segment endpoint
66
SID format
67
Location (LOC)Function
(FUNC)
Arguments
(ARG)
SRv6 SID
L bits F bits A bits
L + F + A <= 128
B N
SRv6 SID block (IPv6 subnet allocated for
SRv6 SIDs by the operator)
Node identifier(identifier of parent node
instantiating the SID)
SR endpoint behaviours
68
Name Function Application
End Endpoint function The SRv6 instantiation of a prefix SID
End.X Endpoint with Layer-3 cross-connect The SRv6 instantiation of a Adj SID
End.T Endpoint with specific IPv6 table lookup
End.DX6 Endpoint with decaps and IPv6 cross-connect e.g. IPv6-L3VPN (equivalent to per-CE VPN label)
End.DX4 Endpoint with decaps and IPv4 cross-connect e.g. IPv4-L3VPN (equivalent to per-CE VPN label)
End.DT6 Endpoint with decaps and IPv6 table lookup e.g. IPv6-L3VPN (equivalent to per-VRF VPN label)
End.DT4 Endpoint with decaps and IPv4 table lookup e.g. IPv4-L3VPN (equivalent to per-VRF VPN label)
End.DT46 Endpoint with decaps and IP table lookup e.g. IP-L3VPN (equivalent to per-VRF VPN label)
End.DX2 Endpoint with decaps and L2 cross-connect e.g. L2VPN use-case
End.DX2V Endpoint with decaps and VLAN L2 table lookup EVPN Flexible cross-connect use-cases
End.DT2UEndpoint with decaps and unicast MAC L2table
lookup
EVPN Bridging unicast use-cases
End.DT2M Endpoint with decaps and L2 table flooding EVPN Bridging BUM use-cases with ESI filtering
End.B6.Insert Endpoint bound to an SRv6 policy SRv6 instantiation of a Binding SID
End.B6.Insert.RED [...] with reduced SRH insertion SRv6 instantiation of a Binding SID
End.B6.Encaps Endpoint bound to an SRv6 policy with encaps SRv6 instantiation of a Binding SID
End.B6.Encaps.RED [...] with reduced SRH insertion SRv6 instantiation of a Binding SID
End.BM Endpoint bound to an SR-MPLS Policy SRv6 instantiation of an SR-MPLS Binding SID
Behaviours that apply to SR Segment Endpoint nodes
Behaviour: End
• Simplest behaviour
• SRv6 instantiation of a Prefix-SID
69
When node N receives a packet whose IPv6 DA is S and S is a local End SID:
If (Segments Left == 0) //must not be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
Decrement Hop Limit by 1
Decrement Segments Left by 1
Set DA = Segment List[Segments Left] from the SRH
FIB lookup on updated DA
Forward according to the matched entry
Behaviour: End.X
• Variant of the End behaviour
• Cross-connect to an array of layer-3 adjacencies. Typically, at least one End.X
SID per layer-3 adjacency.
• SRv6 instantiation of an Adjacency-SID
70
When node N receives a packet whose IPv6 DA is S and S is a local End.X SID:
If (Segments Left == 0) //must not be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
Decrement Hop Limit by 1
Decrement Segments Left by 1
Set DA = Segment List[Segments Left] from the SRH
Forward packet on adjacency associated with the End.X SID
Behaviour: End.T
• Variant of the End behaviour
• Lookup in a specific IPv6 table. Used when multiple IPv6 tables are used in the
core
• The End.T behaviour is associated with IPv6 FIB table T in the SR domain
core.
71
When node N receives a packet whose IPv6 DA is S and S is a local End.T SID:
If (Segments Left == 0) //must not be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
Decrement Hop Limit by 1
Decrement Segments Left by 1
Set DA = Segment List[Segments Left] from the SRH
FIB lookup on updated DA in IPv6 FIB table T
Forward according to the matched entry
Behaviour: End.DX6
• Variant of the End.X behaviour
• Decapsulation and cross-connect to an array of IPv6 adjacencies.
• Has to be the last segment in the SR policy
• Can be used to emulate L3VPNv6 use-case where a FIB lookup in a specific
tenant table at the egress PE is not required. This is equivalent to the per-CE
VPN label in MPLS
72
When node N receives a packet whose IPv6 DA is S and S is a local End.DX6
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
If (Upper-layer Header Type == 41) //has to be IPv6
Remove outer IPv6 Header and all extension headers
Forward inner IPv6 packet on adjacency associated with
the End.DX6 SID
End if
Behaviour: End.DX4
• Variant of the End.X behaviour
• Decapsulation and cross-connect to an array of IPv4 adjacencies.
• Has to be the last segment in the SR policy.
• Can be used to emulate L3VPNv4 use-case where a FIB lookup in a specific
tenant table at the egress PE is not required. This is equivalent to the per-CE
VPN label in MPLS
73
When node N receives a packet whose IPv6 DA is S and S is a local End.DX4
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
If (Upper-layer Header Type == 4) //has to be IPv4
Remove outer IPv6 Header and all extension headers
Forward inner IPv4 packet on adjacency associated with
the End.DX4 SID
End if
Behaviour: End.DT6
• Variant of the End.T behaviour
• Decapsulation and lookup in a specific IPv6 table.
• Has to be the last segment in the SR policy.
• Can be used to emulate L3VPNv6 use-case where a FIB lookup in a specific
tenant table at the egress PE is not required. This is equivalent to the single
per-VRF VPN label in MPLS
74
When node N receives a packet whose IPv6 DA is S and S is a local End.DT6
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
If (Upper-layer Header Type == 41) //has to be IPv6
Remove outer IPv6 Header and all extension headers
FIB lookup on inner IPv6 header DA in IPv6 FIB table T
Forward according to the matched entry
End if
Behaviour: End.DT4
• Variant of the End.T behaviour
• Decapsulation and lookup in a specific IPv4 table.
• Can be used to emulate L3VPNv4 use-case where a FIB lookup in a specific
tenant table at the egress PE is not required. This is equivalent to the single
per-VRF VPN label in MPLS
75
When node N receives a packet whose IPv6 DA is S and S is a local End.DT4
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
If (Upper-layer Header Type == 4) //has to be IPv4
Remove outer IPv6 Header and all extension headers
FIB lookup on inner IPv4 header DA in IPv4 FIB table T
Forward according to the matched entry
End if
Behaviour: End.DT46
• Variant of the End.DT4 and End.DT6 behaviour
• Decapsulation and lookup in a specific IPv6 or IPv4 table.
• Can be used to emulate L3VPN use-case where a FIB lookup in a specific
tenant table at the egress PE is not required. This is equivalent to the single
per-VRF VPN label in MPLS
76
When node N receives a packet whose IPv6 DA is S and S is a local End.DT46 SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
If (Upper-layer Header Type == 41) //if IPv6
Remove outer IPv6 Header and all extension headers
FIB lookup on inner IPv6 header DA in IPv6 FIB table T6
Forward according to the matched entry
Else If (Upper-layer Header Type == 4) //if IPv4
Remove outer IPv6 Header and all extension headers
FIB lookup on inner IPv4 header DA in IPv4 FIB table T4
Forward according to the matched entry
End if
Behaviour: End.DX2
• Variant of the End.X behaviour
• Decapsulation and cross-connect to an outgoing layer-2 interface, I, associated
with the End.DX2 SID.
• Can be used to emulate the L2VPN/EVPN[RFC7432] VPWS use-case.
77
When node N receives a packet whose IPv6 DA is S and S is a local End.DX2
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
Remove outer IPv6 Header and all extension headers
Forward packet on layer-2 adjacency I associated with the End.DX2
SID
Behaviour: End.DX2V
• Variant of the End.DX2 behaviour
• Decapsulation and lookup of VLAN in a particular L2 table, T, associated with
the End.DX2V SID.
• Can be used to emulate the EVPN Flexible cross-connect use-case.
78
When node N receives a packet whose IPv6 DA is S and S is a local End.DX2V
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
Remove outer IPv6 Header and all extension headers
Lookup the exposed VLANs in L2 table T associated with the
End.DX2V SID and forward as per the matched table entry
Behaviour: End.DT2U
• Variant of the End behaviour
• Decapsulation and lookup of MAC in a particular unicast MAC L2 table, T,
associated with the End.DT2U SID.
• Can be used to emulate the EVPN Bridging use-case.
79
When node N receives a packet whose IPv6 DA is S and S is a local End.DT2U
SID:
If (Segments Left != 0) //must be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
//process upper-layer header
Remove outer IPv6 Header and all extension headers
Learn the exposed MAC Source Address in L2 Table T
Lookup the exposed MAC Destination Address in L2 table T associated
with the End.DT2U SID and forward as per the matched table entry
(flood if there is no match)
Behaviour: End.B6.Encaps
• Variant of the End behaviour
• Used to express scalable traffic-engineering policies across multiple domains.
Associated with an SR policy B and a source address A.
• SRv6 instantiation of a Binding SID
80
When node N receives a packet whose IPv6 DA is S and S is a local End.B6.Encaps SID:
If (Segments Left == 0) //must not be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
Decrement Hop Limit by 1
Decrement Segments Left by 1
Push a new outer IPv6 header with its own SRH containing B
Set outer IPv6 SA = A
Set outer IPv6 DA = first SID of B
FIB lookup on outer IPv6 DA
Forward according to the matched entry
Behaviour: End.BM
• Variant of the End behaviour
• Used to express scalable traffic-engineering policies across multiple domains
where some domains support the MPLS instantiation of Segment Routing.
Associated with an SR policy B
• SRv6 instantiation of an SR-MPLS Binding SID
81
When node N receives a packet whose IPv6 DA is S and S is a local End.BM SID:
If (Segments Left == 0) //must not be the ultimate end segment
Send ICMP Parameter Problem Message
Discard the packet
End if
Decrement Hop Limit by 1
Decrement Segments Left by 1
Push the MPLS stack for B
LFIB lookup on top MPLS label
Forward according to the matched entry
SR policy headend behaviours
82
Name Function Operation
H.EncapsSR headend behavior with encapsulation in an SRv6
policy
Transit node steers packets into an SR
Encapsulation Policy.
H.Encaps.RedSR headend behavior with reduced encaps in an SRv6
policy
H.Encaps.L2 H.Encaps applied to received L2 frames
H.Encaps.L2.Red H.Encaps.Red applied to received L2 frames
Behaviours that apply to SR Source and Transit nodes
Behaviour: H.Encaps
• Headend node steers packets into an SR Encapsulation Policy with Source
Address T and Segment List {S1,S2,S3}
• Valid for any kind of layer-3 traffic. Commonly used for L3VPNv4/L3VPNv6.
Also used for TI-LFA.
83
When node N receives a packet which it is configured to steer into a policy:
Push a new outer IPv6 header with its own SRH:
Set outer IPv6 SA = T
Set outer IPv6 DA = S1
Set Segment List = {S1,S2,S3}
Set Segments Left = 2
Update the Next Header value
Decrement inner Hop Limit by 1
Set DA = Segment List[Segments Left] from the SRH
FIB lookup on outer IPv6 DA
Forward according to the matched entry
Behaviour: H.Encaps.L2
• Encapsulates a received Ethernet frame and its attached VLAN header,
if present, in an IPv6 packet with an SRH.
• The Ethernet frame becomes the payload of the new IPv6 packet.
84
Control Plane
• The endpoint and transit SIDs described in this section would typically
be provisioned or discovered by a controller. The IGP would signal
specific SIDs related to topological behaviours.
• Applications running on top of the controller would then be used to
discover the required SIDs and use them in order to form a distributed
network program.
• "SRv6 network programming" refers to the capability for an application
to encode any complex program as a set of individual functions
distributed through the network. Some functions relate to underlay SLA,
others to overlay/tenant, others to complex applications residing in VM
and containers.
85
Control plane interactions
86
IGP(End, End.X, End.T, End.DX6, End.DX4, End.DT6,
End.DT4, End.DT46, H.Encaps, H.Encaps.Red)
Controller
Network Programming
Application
BGP (IP/VPN/EVPN)(End.DX6, End.DX4, End.DT6, End.DT4, End.DT46,
End.DX2, End.DX2V, End.DT2U, End.DT2M)
BGP-LS (SRv6 capabilities, locators and SIDs)
87
SRv6 Network
Programming
Use Cases
88
• Addressing:
– Global SRv6 SIDs
• 2001:db8::/48
Use cases:
Base topology
88
Addressing plan (1)
• SRv6 SID space:
– SID space: 2001:db8:0::/48
– Local SIDs: 2001:db8:0:x::/64
• Where x is the router number
• Internal non-SID address space - 2001:db8:1::/48
– Loopback space: 2001:db8:1:0::/64
– Loopback address: 2001:db8:1::x/128
• Where x is the router number
• SID space for node k – 2001:db8:0:k::/64
– Advertised by node k in its IGP
89
Addressing plan (2)
• SR PGM:
– LOC – 64 bits
– FUNC – 56 bits
– ARG – 8 bits
• End functions:
– Function 0:0:0:100 represents End function with PSP support
– Function 0:0:0:C02 represents End.X function towards neighbor 2
– Function 0:0:0:D410 represents End.DT4 function using IPv4 table 10
• End functions for node 3:
– Function 2001:db8:0:3:0:0:0:100 represents End function with PSP support
– Function 2001:db8:0:3:0:0:0:C02 represents End.X function towards neighbor 2
– Function 2001:db8:0:3:0:0:0:D410 represents End.DT4 function using IPv4 table 10
90
Location (LOC) Function (FUNC)Arguments
(ARG)
SRv6 SID
2001:db8:0:k 56 bits 8 bits
91
• Addressing:
– Global SRv6 SIDs
• 2001:db8::/32
Use cases:
Base topology
91
Topology (1)
92
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR Domain
SR Domain
edge routers
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Topology (2)
93
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
SR Domain
routers
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
94
• Perimeter security
• Per-node security
Securing the
domain
94
Securing the domain (1)
95
CE2CE1
SR Domain
If (DA or SA in 2001:db8::/48)
Drop the packet
If (DA or SA in 2001:db8::/48)
Drop the packet
Secure the perimeter
R10 R20
R1 R3
R4 R6
R2
R5R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Securing the domain (2)
96
CE2CE1
Per-node protection
R1 R3
R4 R6
R2
R5
R10 R20
If (DA in 2001:db8::/48)
AND (SA (NOT in
2001:db8::/32))
Drop the packet
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR Domain
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
97
• Underlay Routing:
– Shortest path
• Overlay
– IPv4 using private addressing
Use case 1:
SR-L3VPN
97
SR-L3VPN (1)
98
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (2)
99
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
1. R10’s VRF 10 configured for the following (via either BGP
signaling or an SDN controller)
• Route 10.1.2.0/24 via SRv6 policy {2001:db8:0:14::d410}
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (3)
100
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
1. R20 is configured with a locally instantiated End.DT4 SID
2001:db8:0:14::d410 bound to IPv4 VRF 10
• This SID value will result in the DA for the inner IPv4 packet
being looked up in VRF 10
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (4)
101
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
IPv4 packet 1. CE1 sends an IP4 data packet to R10
with DA 10.1.2.1
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (5)
102
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
IPv6 SA: 2001:db8:1::A
DA: 2001:db8:0:14::d410
IPv4 packet
1. R10 looks up 10.1.2.1 in VRF 10 and finds an entry via
SRv6 policy {2001:db8:0:14::d410}
2. R10 builds IPv6 packet with no SRH
• SA=2001:db8:1::A (it’s loopback)
• DA=2001:db8:0:14::d410 (as per SR policy)
• Payload is IPv4 packet received from CE1
2. R10 does FIB lookup for 2001:db8:0:14::d410 and
sends it via link to R1
3. R10 is an SR source node for this SR packet.
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (6)
103
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
IPv6 SA: 2001:db8:1::A
DA: 2001:db8:0:14::d410
IPv4 packet
1. R1 does FIB lookup for 2001:db8:0:14::d410. Since it
is not a local address, it routes to it via the shortest
path which is the link to R2.
2. R1 is a transit node for this SR packet.
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (7)
104
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
IPv6 SA: 2001:db8:1::A
DA: 2001:db8:0:14::d410
IPv4 packet
1. R2 does FIB lookup for 2001:db8:0:14::d410. Since it
is not a local address, it routes to it via the shortest
path which is the link to R2.
2. R2 is a transit node for this SR packet.
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (8)
105
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
IPv6 SA: 2001:db8:1::A
DA: 2001:db8:0:14::d410
IPv4 packet
1. R3 does FIB lookup for 2001:db8:0:14::d410. Since it
is not a local address, it routes to it via the shortest
path which is the link to R2.
2. R3 is a transit node for this SR packet.
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
SR-L3VPN (9)
106
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
shortest path
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
Use case 1
Routing SPF
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
1. R20 does FIB lookup for 2001:db8:0:14::d410. Since it is a locally defined SID, it processes the IPv6 packet:• SID is an End.DT4(10) function
2. R20 decapsulates the IPv6 header and looks up the inner IPv4 packet DA in VRF 10 where it matches an entry with next-hop CE2
3. R20 sends packet to CE24. R20 is an SR Segment Endpoint node for this SR packet.
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
IPv4 packet
107
• Underlay Routing:
– Traffic-engineered
• Overlay
– IPv4 using private addressing
Use case 2:
SR-L3VPN + TE
107
SR-L3VPN with TE (1)
108
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR-L3VPN with TE (2)
109
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R10’s VRF 10 configured for the following (via either BGP signaling or an SDN
controller)
• Route 10.1.2.0/24 via SRv6 policy
{2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR-L3VPN with TE (3)
110
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
1. R20 is configured with a locally instantiated End.DT4 SID
2001:db8:0:14::d410 bound to IPv4 VRF 10
• This SID value will result in the DA for the inner IPv4 packet
being looked up in VRF 10
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR-L3VPN with TE (4)
111
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
IPv4 packet 1. CE1 sends an IP4 data packet to R10
with DA 10.1.2.1
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
SR-L3VPN with TE (5)
112
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R10 looks up 10.1.2.1 in VRF 10 and finds entry via SRv6 policy
2. R10 builds IPv6 packet with SRH
• SA=2001:db8:1::A (it’s loopback)
• DA=2001:db8:0:5::100 (first intermediate node)
• SRH:
• Segments Left = 2
• Seg List is {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
• Payload is IPv4 packet received from CE1
2. R10 does FIB lookup for 2001:db8:0:5::100 and sends it via link to R4
3. R10 is an SR source node for this SR packet.
SRH
IPv6
SL: 2SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
SA: 2001:db8:1::A
DA: 2001:db8:0:5::100
IPv4 packet
SR-L3VPN with TE (6)
113
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R4 does FIB lookup for
2001:db8:0:5::100. Since it is not a local
address, it routes to it via the shortest
path which is the direct link to R5.
2. R4 is a transit node for this SR packet.
SRH
IPv6
SL: 2SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
SA: 2001:db8:1::A
DA: 2001:db8:0:5::100
IPv4 packet
SR-L3VPN with TE (7)
114
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R5 does FIB lookup for 2001:db8:0:5::100. Since it is a locally
defined SID, it processes the SRH and updates the IPv6 packet:
• SA=2001:db8:1::A (unchanged)• DA=2001:db8:0:3::100 (next segment in list)
• SRH:• Decrement Segments Left by 1 => Segments Left = 1• Seg List is unchanged
2. R5 does FIB lookup for 2001:db8:0:3::100 and routes to it via the shortest path which is via the direct link to R3.
3. R5 is an SR Segment Endpoint node for this SR packet.
SRH
IPv6 SA: 2001:db8:1::A
DA: 2001:db8:3::100
SL: 1SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
IPv4 packet
SR-L3VPN with TE (8)
115
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R3 does FIB lookup for 2001:db8:0:3::100. Since it is a locally
defined SID, it processes the SRH and updates the IPv6 packet:• SA=2001:db8:1::A (unchanged)• DA=2001:db8:0:14::d410 (next segment in list)
• SRH:• Decrement Segments Left by 1 => Segments Left = 0• Seg List is unchanged
2. R3 does FIB lookup for 2001:db8:0:14::d410 and routes to it via the shortest path which is via the direct link to R20.
3. R3 is an SR Segment Endpoint node for this SR packet.
SRH
IPv6
SL: 0SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}
SA: 2001:db8:1::A
DA: 2001:db8:14:d410::
IPv4 packet
SR-L3VPN with TE (9)
116
R1 R3
R4 R6
R10 R20 CE2CE1
R2
R5
SR Domain
R
CE
H1
Provider
Router
Customer
Router
Provider
Host
All IGP metrics are
equal to 10 unless
otherwise indicated
VRF
10
VRF
10
10.1.1.0/24 10.1.2.0/24
Local SIDs: 2001:db8:0:1::/64
lo0: 2001:db8:1::1/128
Local SIDs: 2001:db8:0:2::/64
lo0: 2001:db8:1::2/128
Local SIDs: 2001:db8:0:3::/64
lo0: 2001:db8:1::3/128
Local SIDs: 2001:db8:0:4::/64
lo0: 2001:db8:1::4/128
Local SIDs: 2001:db8:0:5::/64
lo0: 2001:db8:1::5/128
Local SIDs: 2001:db8:0:6::/64
lo0: 2001:db8:1::6/128
Local SIDs: 2001:db8:0:A::/64
lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64
lo0: 2001:db8:1::14/128
Use case 2
Routing TE
SIDs Global SRv6
SID values 2001:db8::/48
Application L3VPN
Objectives:
• Deliver traffic
between CE1
and CE2 via the
underlay TE
path
{R5,R3,R20}
1. R20 does FIB lookup for 2001:db8:0:14::d410. Since it is a locally defined SID, it processes the IPv6 packet:• SID is an End.DT4(10) function
2. R20 decapsulates the IPv6 header and looks up the inner IPv4 packet DA in VRF 10 where it matches an entry with next-hop CE2
3. R20 sends packet to CE24. R20 is an SR Segment Endpoint node for this SR packet.
IPv4 packet
117
References
References
• RFC7855 - Source Packet Routing in Networking (SPRING) Problem Statement and
Requirements
• RFC 8354 - Use Cases for IPv6 Source Packet Routing in Networking (SPRING)
• draft-ietf-6man-segment-routing-header-26 - IPv6 Segment Routing Header (SRH)
• draft-ietf-spring-srv6-network-programming-07 - SRv6 Network Programming
118
Issue Date:
Revision:
Thank You !
End of session
[Date]
[xx]
WSDN01_v0.1