Instructions for using this template€¦ · Segment Routing for IPv6 data plane (SRv6) SDN...

Issue Date:

Revision:

SDN Workshop

Contact: [email protected]

[Date]

[xx]

WSDN01_v0.1

Issue Date:

Revision:

Segment Routing for

IPv6 data plane (SRv6)SDN Workshop

[Date]

[xx]

WSDN01_v0.1

Disclaimer

The work on SRv6 within the IETF SPRING working group is

still in progress and rapidly evolving. This section of the

workshop aims to introduce the topic of SRv6 based on the

most current versions of IETF drafts. Some of these drafts

have a long way to go before they are published and may

change substantially from what is discussed here. The

workshop participant is encouraged to refer to the latest

versions of these documents to ensure that any recent

changes are appreciated.

3

Overview

• In a nutshell

• IPv6 data plane

• SRH

• Basic use cases

• NetPGM use cases

• References

4

5

In a nutshell

SDN architectural framework

6

Application

PlaneApplication Service

Topology Discovery & Management

Network Devices – IP/MPLS/Transport

Southbound Interfaces

REST/RESTCONF/NETCONF/XMPP

Control

Plane

(controller)

Traffic Engineering

Route selection & failover

Resource Management

BGP-LS PCE-Pi2RS

SNMP MIBs OpenFlow YANG

Configuration

Open

FlowSNMP Netconf

Data

Plane

BGP PCCRIBs

RSVP-TE

East/West-

bound

interfaces –

BGP

IPFIXForCES

Northbound Interfaces

Note: designations of north-bound and south-bound are relative to the control plane (“controller”)

Device & Resource Abstraction Layer (DAL)

Network Services Abstraction Layer

Segment

Routing

Segment routing: in a nutshell…

7

The source determines the path a packet should take

By encoding the path within the packet as a sequence of segments or instructions.

To reduce network state and allow centralised computation of paths

What?

How?

Why?

8

IPv6 data plane

IPv6 data plane

• Requires a new type of Routing Header

• A segment is encoded as an IPv6 address (prefix-SID is the prefix

itself).

• SRv6 Segment (abbreviated as SRv6 SID) is a 128-bit value

• An ordered list of segments is encoded as an ordered list of IPv6 SIDs

in the routing header

• The active segment is indicated by the Destination Address (DA) of the

packet. The DA of the packet changes at each segment completion.

The final DA of the packet is encoded as the last segment of the path

• The next active segment is indicated by a pointer (SegmentsLeft) in the

new routing header (SRH)

9

10

Segment

Routing Header

(SRH)

IPv6 refresher - header

11

next header:

- header immediately

following the IPv6

header

- uses same values as the

IPv4 protocol field

next header hop limit

source address (128-bit IPv6 address)

32 bits

version traffic class flow label

payload length

destination address (128-bit IPv6 address)

IPv6 refresher – extension headers

12

• Separate headers placed between the IPv6 header and the upper-

layer header in a packet

• Protocol numbers from IANA IP Protocol Numbers, the same values

used for IPv4 and IPv6: – https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

1 – ICMP

4 – IPv4

6 – TCP

17 – UDP

41 – IPv6

43 – IPv6 Routing Header

44 – IPv6 Fragment Header

• Extension headers can only be processed by the node identified in the

Destination Address field of the IPv6 header.

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

IPv6 refresher – Routing header

13

• Lists one or more intermediate nodes to be visited on the way to a

packet’s destination (Next Header value = 43)

next header:


following the SRH

routing type:

- Identifies the

particular Routing

header variant

- 2: Type 2 Routing

Header

- 4: Segment Routing

Header

segments left:

- number of explicitly

listed intermediate

nodes still to be

visited before reaching

the final destination

32 bits

next header hdr ext len routing type segments left

type-specific data

For the node processing the Routing

header (identified by the Destination

Address), the Segments Left field has

to be zero.

Segment Routing Header (SRH)

14

next header:


following the SRH

segments left:

- index of the next

segment to inspect

last entry:

- index of last element of

the segment list (zero-

based)

- equal to number of

intermediate nodes

segment list:

- list of segments in

reverse order i.e.

segment_list[n] is the

first node

segment_list[0] is the

last node

Optional TLVs:

- Currently only HMAC and

PAD TLVs defined

last entry flags

segment list[0] (128 bits IPv6 address)

32 bits

next header hdr ext len routing type segments left

tag

segment list[n] (128 bits IPv6 address)

optional TLVs

. . .

Definitions

• SR Global Block:

– set of global SRv6 SIDs in the SR domain

• SR Local Block (SRLB)

– set of local IPv6 addresses reserved for local SRv6 SIDs

• Global segment

– SID based on routable IPv6 address

• Local segment

– SID based on non-routable IPv6 address

• Prefix SID

– an IPv6 address that is explicitly instantiated as an SRv6 SID

15

Segment operations

16

Operation Segment Routing

semantic

IPv6 data plane

PUSH Insertion of a segment at the top

of the segment list

Setting of the first segment

in the IPv6 Segment

Routing Header

NEXT Signals completion of active

segment and activation of the

next segment in the segment list

Activation of the next

segment in the IPv6

Segment Routing Header

segment list by copying it

from the SRH to the

destination address of the

SRv6 header

CONTINUE Signals that the currently active

segment is not yet complete and

needs to remain active

Standard IPv6 forwarding

based on destination

address

SR node types (1)

17

R2 R4R3R1 R5

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SR Source Node

• Originates packets with a segment in the destination

address of the IPv6 header

• Packet may or may not contain an SRH

• Either:

• A host originating an IPv6 packet

• A router encapsulating a received packet in an outer

IPv6 header

SR node types (2)

18

R2 R4R3R1 R5

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

Transit Node

• Any IPv6 node where the destination address of the IPv6

packet does not match a locally configured segment or

interface.

• May or may not be an SR node

• Performs standard IPv6 routing

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SR node types (3)

19

R2 R4R3R1 R5

SRH

IPv6

SL: 0

SList:

{R3,R5}

SA: R1

DA: R5

SR Segment Endpoint Node


packet does matches a locally configured segment or

interface.

• Performs SRH processing (if one exists):

• Decrements Segments Left

• Sets DA to next address in Segment List

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SR node types (4)

20

R2 R4R3R1 R5

SRH

IPv6

SL: 0

SList:

{R3,R5}

SA: R1

DA: R5

Transit Node


packet does not match a locally configured segment or

interface.

• May or may not be an SR node

• Performs standard IPv6 routing

SRH

IPv6

SL: 0

SList:

{R3,R5}

SA: R1

DA: R5

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SR node types (5)

21

R2 R4R3R1 R5

SR Segment Endpoint Node (ultimate endpoint)


packet does matches a locally configured segment or

interface.

• Process upper-layer header

SRH

IPv6

SL: 0

SList:

{R3,R5}

SA: R1

DA: R5

SRH

IPv6

SL: 0

SList:

{R3,R5}

SA: R1

DA: R5

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SRH

IPv6

SL: 1

SList:

{R3,R5}

SA: R1

DA: R3

SRv6 packet processing (1)

22

• SR Source Node:– Steers packet into an SR policy

– If segment list contains a single segment, SRH may not be required

– Building the SRH:

Set SA = address of source SR node/SR-domain ingress node

Set DA = value of the first segment

Set first element of segment list = last segment

Set second element of segment list = penultimate segment

<and so on – segment list is encoded in the reverse order of the path>

Set Segments Left = n-1

where n = number of elements in the Segment List

Set Last Entry field = n-1

where n = number of elements in the Segment List


23

• Transit Node:– Not allowed to inspect the Routing Extension Header (as per RFC8200)

– Only has to forward the packet towards the Destination Address according

to its IPv6 routing table

– A SID in the DA is routed through an IPv6 network like any other IPv6

address


24

• SR Segment Endpoint Node:– Creates FIB entries for its local SIDs

– If lookup of IPv6 packet destination address matches a locally instantiated

SRv6 SID, the node processes the ‘next header’ chain of the IPv6 header

– Processing the SRH:

If Segments Left == 0

Process the next header in the packet as

identified by the Next Header field

Else

Decrement Segments Left by 1

Set DA = Segment List[Segments Left] from the SRH

FIB lookup on updated DA

Forward according to the matched entry

Securing the SR domain

25

• Two levels of access control:

1. Drop any packet entering the SR domain and destined to a SID

within the SR domain:

• Configured on all external interfaces of edge nodes

2. On every node in the SR domain, drop any packet to SIDs from

source addresses outside the SR domain:

• Configured on all internal interfaces of all SR nodes in the domain

26

Basic SRv6 Use

Cases

27

• Addressing:

– Global SRv6 SIDs

– Node SID values

• 2001:db8::/64

– Infrastructure addressing

• 2001:db8::/48

Use cases:

Base topology

27

Topology (1)

28

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128 SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128 SID: 2001:db8::14/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SR Domain

edge routers

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Topology (2)

29

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SR Domain

routers

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

30

• Perimeter security

• Per-node security

Securing the

domain

30

Securing the domain (1)

31

CE2CE1



SR Domain

If (DA or SA in 2001:db8::/64)

Drop the packet


Drop the packet

Secure the perimeter

R10 R20SID: 2001:db8::A/128

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R1 R3

R4 R6

R2

R5

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


32

CE2CE1



Per-node protection

R1 R3

R4 R6

R2

R5

R10 R20SID: 2001:db8::A/128

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

If (DA in 2001:db8::/64)

AND (SA (NOT in

2001:db8::/48))

Drop the packet

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SR Domain

33

• Routing:

– According to SR policy

Use case 1:

Intra-SR domain

TE packet flow

33

Intra-SR domain TE packet flow (1)

34

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6

SID values 2001:db8::/64

Infrastructure 2001:db8::/48

SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128 Objectives:

• Deliver traffic

between H1 and

H2 via R5

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


35

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2


• Deliver traffic

between H1 and

H2 via R5

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

SRH

IPv6

SL: 1

SList:

{R5,H2}

SA: H1

DA: R5

Payload

1. H1 builds IPv6 packet with SRH

• SA=H1

• DA=R5 (first intermediate node)

• SRH:

• Segments Left = 1

• Seg List is {R5, H2}

2. H1 does FIB lookup for R5 and sends to R1

3. H1 is an SR source node for this SR packet.


36

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

1. R1 does FIB lookup for R5. Since it

is not a local address, it routes to it

via the shortest path which is the

direct link to R5.

2. R1 is a transit node for this SR

packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SRH

IPv6

SL: 1

SList:

{R5,H2}

SA: H1

DA: R5

Payload

Objectives:

• Deliver traffic

between H1 and

H2 via R5


37

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

1. R5 does FIB lookup for R5. Since it is a locally defined SID, it processes the SRH and updates the IPv6 packet:

• SA=H1 (unchanged)• DA=H2 (next segment in list)• SRH:

• Decrement Segments Left by 1 => Segments Left = 0• Seg List is {R5, H2}

2. H1 does FIB lookup for H2 and routes to it via the shortest path which is via the direct link to R3.

3. R5 is an SR Segment Endpoint node for this SR packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SRH

IPv6

SL: 0

SList:

{R5,H2}

SA: H1

DA: H2

Payload

Objectives:

• Deliver traffic

between H1 and

H2 via R5


38

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

1. R3 does FIB lookup for H2. Since it


via the direct link to H2.


packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SRH

IPv6

SL: 0

SList:

{R5,H2}

SA: H1

DA: H2

Payload

Objectives:

• Deliver traffic

between H1 and

H2 via R5


39

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 1

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

1. H2 does FIB lookup for H2. Since it is a locally defined SID, it processes the SRH:

• Segments Left = 0 so packet is valid• SRH:

• Look at Next Header value to determine upper-layer protocol2. Process upper-layer payload3. H2 is an SR Segment Endpoint node for this SR packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SRH

IPv6

SL: 0

SList:

{R5,H2}

SA: H1

DA: H2

Payload

Objectives:

• Deliver traffic

between H1 and

H2 via R5

40

• Routing:

– Shortest path

Use case 2:

Intra-SR domain

packet flow

40

Intra-SR domain packet flow (1)

41

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 2

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2


• Deliver traffic

between H1 and

H2 via the

shortest path

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


42

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

IPv6 SA: H1

DA: H2

Payload

1. H1 builds IPv6 packet with no SRH

• SA=H1

• DA=H2

2. H1 does FIB lookup for H2 and sends

to R1

3. H1 is an SR source node for this SR

packet.

Use case 2

Routing SPF

SIDs Global SRv6



Objectives:

• Deliver traffic

between H1 and

H2 via the

shortest path


43

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128



via the shortest path which is the link

to R2.


packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

IPv6 SA: H1

DA: H2

Payload

Use case 2

Routing SPF

SIDs Global SRv6



Objectives:

• Deliver traffic

between H1 and

H2 via the

shortest path


44

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128




to R3.


packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

IPv6 SA: H1

DA: H2

Payload

Use case 2

Routing SPF

SIDs Global SRv6



Objectives:

• Deliver traffic

between H1 and

H2 via the

shortest path


45

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128



via the shortest path which is the

direct link to H2.


packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

IPv6 SA: H1

DA: H2

Payload

Use case 2

Routing SPF

SIDs Global SRv6



Objectives:

• Deliver traffic

between H1 and

H2 via the

shortest path


46

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5



SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

SID: 2001:db8::14/128

1. H2 does FIB lookup for H2. Since it is a locally defined SID, it processes the IPv6 packet:• Look at Next Header value to determine upper-layer protocol

2. Process upper-layer payload3. H2 is an SR Segment Endpoint node for this SR packet.

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 2

Routing SPF

SIDs Global SRv6



IPv6 SA: H1

DA: H2

Payload

Objectives:

• Deliver traffic

between H1 and

H2 via the

shortest path

Observations

• When an SRH is not used (as in the case of shortest path

routing) routing behaviour is indistinguishable from

standard IPv6 routing.

• The one thing to be aware of (and is implied) is that the

Destination Address of the outer IPv6 header is explicitly

instantiated as an SRv6 SID. However, it is routed through

the IPv6 network as any other IPv6 packet.

47

48

• Routing:

– According to SR policy

Use case 3:

Inter-SR domain

TE packet flow

48

Inter-SR domain TE packet flow (1)

49

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2


• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


50

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

Data packet 1. CE1 sends a data packet to R10 –

could be IPv4, IPv6, L2 etc.

Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6


51

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

SRH

IPv6

SL: 3

SList:

{R4,R2,R6,R20}

SA: R10

DA: R4

Payload

1. R10 builds IPv6 packet with SRH

• SA=R10

• DA=R4 (first intermediate node)

• SRH:


• Seg List is {R4,R2,R6,R20}

• Payload is the packet received from CE1

2. R10 does FIB lookup for R4 and sends it via direct link to R4

3. R10 is an SR source node for this SR packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6


52

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

SRH

IPv6

SL: 2

SList:

{R4,R2,R6,R20}

SA: R10

DA: R2

Payload


• SA=R10 (unchanged)• DA=R2 (next segment in list)• SRH:

• Decrement Segments Left by 1 => Segments Left = 2• Seg List is {R4,R2,R6,R20} (unchanged)

2. R4 does FIB lookup for R2 and routes to it via the shortest path which is via the direct link to R2.


Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6


53

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

SRH

IPv6

SL: 1

SList:

{R4,R2,R6,R20}

SA: R10

DA: R6

Payload






Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6


54

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

SRH

IPv6

SL: 0

SList:

{R4,R2,R6,R20}

SA: R10

DA: R20

Payload






Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6


55

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 3

Routing TE

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

1. R20 does FIB lookup for R20. Since it is a locally defined SID, it processes the SRH:

• Segments Left = 0 so packet is valid• SRH:

• Look at Next Header value to determine upper-layer protocol2. Process upper-layer payload => send packet to CE23. R20 is an SR Segment Endpoint node for this SR packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via R4,

R2 and R6

Data packet

56

• Routing:

– Shortest path

Use case 4:

Inter-SR domain

packet flow

56

Inter-SR domain packet flow (1)

57

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2


• Deliver traffic

between CE1

and CE2 via the

shortest path

SID: 2001:db8::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


58

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

Data packet 1. CE1 sends a data packet to R10 –

could be IPv4, IPv6, L2 etc.

Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path


59

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

IPv6 SA: R10

DA: R20

Payload

1. R10 builds IPv6 packet with no SRH

• SA=R10

• DA=R20

• Payload is packet received from CE1

2. R10 does FIB lookup for R20 and sends it via link to R1


Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path


60

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

IPv6 SA: R10

DA: R20

Payload




to R2.


packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path


61

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

IPv6 SA: R10

DA: R20

Payload




to R3.


packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path


62

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

IPv6 SA: R10

DA: R20

Payload




to R20.


packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path


63

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SID: 2001:db8::1/128

Use case 4

Routing SPF

SIDs Global SRv6



SID: 2001:db8::2/128 SID: 2001:db8::3/128


SID: 2001:db8::A/128

SR Domain

H1 H2

SID: 2001:db8::101/128 SID: 2001:db8::102/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SID: 2001:db8::14/128

1. R20 does FIB lookup for R20. Since it is a locally defined SID, it processes the IPv6 packet:• Look at Next Header value to determine upper-

layer protocol2. Process upper-layer payload => send packet to

CE23. R20 is an SR Segment Endpoint node for this SR

packet.

Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path

Data packet

64

SRv6 Network

Programming

SRv6 Network Programming

• Mechanism to specify a packet processing program by encoding a

sequence of instructions in the IPv6 packet header

• Each instruction is implemented by a node in the network and is

identified by an SRv6 Segment Identifier (SID) in the packet

• An instruction represents a function to be called at a specific location in

the network

– The semantics of the function are local to the node – from simple topological

instructions to complex behaviour

• Allows creation of overlay services together with underlay optimisation

65

Network Programming: combining simple

and complex Segment Routing functions to

achieve a networking objective that goes

beyond mere packet routing.

Terminology

• SRv6 SID function:

– Opaque part of the SID that identifies a local behaviour bound to the SID

• Arguments:

– Information related to the flow, service or any other information required by the

associated function

• SRv6 segment behaviour:

– Packet processing behaviour implemented at an SRv6 segment endpoint

66

SID format

67

Location (LOC)Function

(FUNC)

Arguments

(ARG)

SRv6 SID

L bits F bits A bits

L + F + A <= 128

B N

SRv6 SID block (IPv6 subnet allocated for

SRv6 SIDs by the operator)

Node identifier(identifier of parent node

instantiating the SID)

SR endpoint behaviours

68

Name Function Application

End Endpoint function The SRv6 instantiation of a prefix SID

End.X Endpoint with Layer-3 cross-connect The SRv6 instantiation of a Adj SID

End.T Endpoint with specific IPv6 table lookup

End.DX6 Endpoint with decaps and IPv6 cross-connect e.g. IPv6-L3VPN (equivalent to per-CE VPN label)

End.DX4 Endpoint with decaps and IPv4 cross-connect e.g. IPv4-L3VPN (equivalent to per-CE VPN label)

End.DT6 Endpoint with decaps and IPv6 table lookup e.g. IPv6-L3VPN (equivalent to per-VRF VPN label)

End.DT4 Endpoint with decaps and IPv4 table lookup e.g. IPv4-L3VPN (equivalent to per-VRF VPN label)

End.DT46 Endpoint with decaps and IP table lookup e.g. IP-L3VPN (equivalent to per-VRF VPN label)

End.DX2 Endpoint with decaps and L2 cross-connect e.g. L2VPN use-case

End.DX2V Endpoint with decaps and VLAN L2 table lookup EVPN Flexible cross-connect use-cases

End.DT2UEndpoint with decaps and unicast MAC L2table

lookup

EVPN Bridging unicast use-cases

End.DT2M Endpoint with decaps and L2 table flooding EVPN Bridging BUM use-cases with ESI filtering

End.B6.Insert Endpoint bound to an SRv6 policy SRv6 instantiation of a Binding SID

End.B6.Insert.RED [...] with reduced SRH insertion SRv6 instantiation of a Binding SID

End.B6.Encaps Endpoint bound to an SRv6 policy with encaps SRv6 instantiation of a Binding SID

End.B6.Encaps.RED [...] with reduced SRH insertion SRv6 instantiation of a Binding SID

End.BM Endpoint bound to an SR-MPLS Policy SRv6 instantiation of an SR-MPLS Binding SID

Behaviours that apply to SR Segment Endpoint nodes

Behaviour: End

• Simplest behaviour

• SRv6 instantiation of a Prefix-SID

69

When node N receives a packet whose IPv6 DA is S and S is a local End SID:

If (Segments Left == 0) //must not be the ultimate end segment

Send ICMP Parameter Problem Message

Discard the packet

End if

Decrement Hop Limit by 1



FIB lookup on updated DA


Behaviour: End.X

• Variant of the End behaviour

• Cross-connect to an array of layer-3 adjacencies. Typically, at least one End.X

SID per layer-3 adjacency.

• SRv6 instantiation of an Adjacency-SID

70

When node N receives a packet whose IPv6 DA is S and S is a local End.X SID:



Discard the packet

End if




Forward packet on adjacency associated with the End.X SID

Behaviour: End.T


• Lookup in a specific IPv6 table. Used when multiple IPv6 tables are used in the

core

• The End.T behaviour is associated with IPv6 FIB table T in the SR domain

core.

71

When node N receives a packet whose IPv6 DA is S and S is a local End.T SID:



Discard the packet

End if




FIB lookup on updated DA in IPv6 FIB table T


Behaviour: End.DX6

• Variant of the End.X behaviour

• Decapsulation and cross-connect to an array of IPv6 adjacencies.

• Has to be the last segment in the SR policy

• Can be used to emulate L3VPNv6 use-case where a FIB lookup in a specific

tenant table at the egress PE is not required. This is equivalent to the per-CE

VPN label in MPLS

72

When node N receives a packet whose IPv6 DA is S and S is a local End.DX6

SID:

If (Segments Left != 0) //must be the ultimate end segment


Discard the packet

End if

//process upper-layer header

If (Upper-layer Header Type == 41) //has to be IPv6

Remove outer IPv6 Header and all extension headers

Forward inner IPv6 packet on adjacency associated with

the End.DX6 SID

End if

Behaviour: End.DX4


• Decapsulation and cross-connect to an array of IPv4 adjacencies.

• Has to be the last segment in the SR policy.


tenant table at the egress PE is not required. This is equivalent to the per-CE

VPN label in MPLS

73


SID:



Discard the packet

End if




Forward inner IPv4 packet on adjacency associated with

the End.DX4 SID

End if

Behaviour: End.DT6

• Variant of the End.T behaviour

• Decapsulation and lookup in a specific IPv6 table.

• Has to be the last segment in the SR policy.


tenant table at the egress PE is not required. This is equivalent to the single

per-VRF VPN label in MPLS

74

When node N receives a packet whose IPv6 DA is S and S is a local End.DT6

SID:



Discard the packet

End if




FIB lookup on inner IPv6 header DA in IPv6 FIB table T


End if

Behaviour: End.DT4

• Variant of the End.T behaviour

• Decapsulation and lookup in a specific IPv4 table.




75

When node N receives a packet whose IPv6 DA is S and S is a local End.DT4

SID:



Discard the packet

End if




FIB lookup on inner IPv4 header DA in IPv4 FIB table T


End if

Behaviour: End.DT46

• Variant of the End.DT4 and End.DT6 behaviour

• Decapsulation and lookup in a specific IPv6 or IPv4 table.

• Can be used to emulate L3VPN use-case where a FIB lookup in a specific



76

When node N receives a packet whose IPv6 DA is S and S is a local End.DT46 SID:



Discard the packet

End if


If (Upper-layer Header Type == 41) //if IPv6


FIB lookup on inner IPv6 header DA in IPv6 FIB table T6


Else If (Upper-layer Header Type == 4) //if IPv4


FIB lookup on inner IPv4 header DA in IPv4 FIB table T4


End if

Behaviour: End.DX2


• Decapsulation and cross-connect to an outgoing layer-2 interface, I, associated

with the End.DX2 SID.

• Can be used to emulate the L2VPN/EVPN[RFC7432] VPWS use-case.

77


SID:



Discard the packet

End if



Forward packet on layer-2 adjacency I associated with the End.DX2

SID

Behaviour: End.DX2V

• Variant of the End.DX2 behaviour

• Decapsulation and lookup of VLAN in a particular L2 table, T, associated with

the End.DX2V SID.

• Can be used to emulate the EVPN Flexible cross-connect use-case.

78

When node N receives a packet whose IPv6 DA is S and S is a local End.DX2V

SID:



Discard the packet

End if



Lookup the exposed VLANs in L2 table T associated with the

End.DX2V SID and forward as per the matched table entry

Behaviour: End.DT2U


• Decapsulation and lookup of MAC in a particular unicast MAC L2 table, T,

associated with the End.DT2U SID.

• Can be used to emulate the EVPN Bridging use-case.

79

When node N receives a packet whose IPv6 DA is S and S is a local End.DT2U

SID:



Discard the packet

End if



Learn the exposed MAC Source Address in L2 Table T

Lookup the exposed MAC Destination Address in L2 table T associated

with the End.DT2U SID and forward as per the matched table entry

(flood if there is no match)

Behaviour: End.B6.Encaps


• Used to express scalable traffic-engineering policies across multiple domains.

Associated with an SR policy B and a source address A.

• SRv6 instantiation of a Binding SID

80

When node N receives a packet whose IPv6 DA is S and S is a local End.B6.Encaps SID:



Discard the packet

End if



Push a new outer IPv6 header with its own SRH containing B

Set outer IPv6 SA = A

Set outer IPv6 DA = first SID of B

FIB lookup on outer IPv6 DA


Behaviour: End.BM


• Used to express scalable traffic-engineering policies across multiple domains

where some domains support the MPLS instantiation of Segment Routing.

Associated with an SR policy B

• SRv6 instantiation of an SR-MPLS Binding SID

81

When node N receives a packet whose IPv6 DA is S and S is a local End.BM SID:



Discard the packet

End if



Push the MPLS stack for B

LFIB lookup on top MPLS label


SR policy headend behaviours

82

Name Function Operation

H.EncapsSR headend behavior with encapsulation in an SRv6

policy

Transit node steers packets into an SR

Encapsulation Policy.

H.Encaps.RedSR headend behavior with reduced encaps in an SRv6

policy

H.Encaps.L2 H.Encaps applied to received L2 frames

H.Encaps.L2.Red H.Encaps.Red applied to received L2 frames

Behaviours that apply to SR Source and Transit nodes

Behaviour: H.Encaps

• Headend node steers packets into an SR Encapsulation Policy with Source

Address T and Segment List {S1,S2,S3}

• Valid for any kind of layer-3 traffic. Commonly used for L3VPNv4/L3VPNv6.

Also used for TI-LFA.

83

When node N receives a packet which it is configured to steer into a policy:

Push a new outer IPv6 header with its own SRH:

Set outer IPv6 SA = T

Set outer IPv6 DA = S1

Set Segment List = {S1,S2,S3}

Set Segments Left = 2

Update the Next Header value

Decrement inner Hop Limit by 1


FIB lookup on outer IPv6 DA


Behaviour: H.Encaps.L2

• Encapsulates a received Ethernet frame and its attached VLAN header,

if present, in an IPv6 packet with an SRH.

• The Ethernet frame becomes the payload of the new IPv6 packet.

84

Control Plane

• The endpoint and transit SIDs described in this section would typically

be provisioned or discovered by a controller. The IGP would signal

specific SIDs related to topological behaviours.

• Applications running on top of the controller would then be used to

discover the required SIDs and use them in order to form a distributed

network program.

• "SRv6 network programming" refers to the capability for an application

to encode any complex program as a set of individual functions

distributed through the network. Some functions relate to underlay SLA,

others to overlay/tenant, others to complex applications residing in VM

and containers.

85

Control plane interactions

86

IGP(End, End.X, End.T, End.DX6, End.DX4, End.DT6,

End.DT4, End.DT46, H.Encaps, H.Encaps.Red)

Controller

Network Programming

Application

BGP (IP/VPN/EVPN)(End.DX6, End.DX4, End.DT6, End.DT4, End.DT46,

End.DX2, End.DX2V, End.DT2U, End.DT2M)

BGP-LS (SRv6 capabilities, locators and SIDs)

87

SRv6 Network

Programming

Use Cases

88

• Addressing:


• 2001:db8::/48

Use cases:

Base topology

88

Addressing plan (1)

• SRv6 SID space:

– SID space: 2001:db8:0::/48

– Local SIDs: 2001:db8:0:x::/64

• Where x is the router number

• Internal non-SID address space - 2001:db8:1::/48

– Loopback space: 2001:db8:1:0::/64

– Loopback address: 2001:db8:1::x/128

• Where x is the router number

• SID space for node k – 2001:db8:0:k::/64

– Advertised by node k in its IGP

89

Addressing plan (2)

• SR PGM:

– LOC – 64 bits

– FUNC – 56 bits

– ARG – 8 bits

• End functions:

– Function 0:0:0:100 represents End function with PSP support

– Function 0:0:0:C02 represents End.X function towards neighbor 2

– Function 0:0:0:D410 represents End.DT4 function using IPv4 table 10

• End functions for node 3:

– Function 2001:db8:0:3:0:0:0:100 represents End function with PSP support

– Function 2001:db8:0:3:0:0:0:C02 represents End.X function towards neighbor 2

– Function 2001:db8:0:3:0:0:0:D410 represents End.DT4 function using IPv4 table 10

90

Location (LOC) Function (FUNC)Arguments

(ARG)

SRv6 SID

2001:db8:0:k 56 bits 8 bits

91

• Addressing:


• 2001:db8::/32

Use cases:

Base topology

91

Topology (1)

92

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128

Local SIDs: 2001:db8:0:A::/64

lo0: 2001:db8:1::A/128Local SIDs: 2001:db8:0:14::/64

lo0: 2001:db8:1::14/128

SR Domain

SR Domain

edge routers

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Topology (2)

93

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

SR Domain

routers

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

94

• Perimeter security

• Per-node security

Securing the

domain

94


95

CE2CE1

SR Domain


Drop the packet


Drop the packet

Secure the perimeter

R10 R20

R1 R3

R4 R6

R2

R5R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128


96

CE2CE1

Per-node protection

R1 R3

R4 R6

R2

R5

R10 R20

If (DA in 2001:db8::/48)

AND (SA (NOT in

2001:db8::/32))

Drop the packet

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

SR Domain

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

97

• Underlay Routing:

– Shortest path

• Overlay

– IPv4 using private addressing

Use case 1:

SR-L3VPN

97

SR-L3VPN (1)

98

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain Objectives:

• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (2)

99

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

1. R10’s VRF 10 configured for the following (via either BGP

signaling or an SDN controller)

• Route 10.1.2.0/24 via SRv6 policy {2001:db8:0:14::d410}

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (3)

100

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

1. R20 is configured with a locally instantiated End.DT4 SID

2001:db8:0:14::d410 bound to IPv4 VRF 10

• This SID value will result in the DA for the inner IPv4 packet

being looked up in VRF 10

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (4)

101

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

IPv4 packet 1. CE1 sends an IP4 data packet to R10

with DA 10.1.2.1

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (5)

102

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

IPv6 SA: 2001:db8:1::A

DA: 2001:db8:0:14::d410

IPv4 packet

1. R10 looks up 10.1.2.1 in VRF 10 and finds an entry via

SRv6 policy {2001:db8:0:14::d410}

2. R10 builds IPv6 packet with no SRH

• SA=2001:db8:1::A (it’s loopback)

• DA=2001:db8:0:14::d410 (as per SR policy)

• Payload is IPv4 packet received from CE1

2. R10 does FIB lookup for 2001:db8:0:14::d410 and

sends it via link to R1


Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (6)

103

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

IPv6 SA: 2001:db8:1::A

DA: 2001:db8:0:14::d410

IPv4 packet

1. R1 does FIB lookup for 2001:db8:0:14::d410. Since it

is not a local address, it routes to it via the shortest

path which is the link to R2.

2. R1 is a transit node for this SR packet.

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (7)

104

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

IPv6 SA: 2001:db8:1::A

DA: 2001:db8:0:14::d410

IPv4 packet





Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (8)

105

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

IPv6 SA: 2001:db8:1::A

DA: 2001:db8:0:14::d410

IPv4 packet





Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

SR-L3VPN (9)

106

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

shortest path

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

Use case 1

Routing SPF

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

1. R20 does FIB lookup for 2001:db8:0:14::d410. Since it is a locally defined SID, it processes the IPv6 packet:• SID is an End.DT4(10) function

2. R20 decapsulates the IPv6 header and looks up the inner IPv4 packet DA in VRF 10 where it matches an entry with next-hop CE2

3. R20 sends packet to CE24. R20 is an SR Segment Endpoint node for this SR packet.

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

IPv4 packet

107

• Underlay Routing:

– Traffic-engineered

• Overlay

– IPv4 using private addressing

Use case 2:

SR-L3VPN + TE

107

SR-L3VPN with TE (1)

108

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


109

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5


• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R10’s VRF 10 configured for the following (via either BGP signaling or an SDN

controller)

• Route 10.1.2.0/24 via SRv6 policy

{2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


110

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

1. R20 is configured with a locally instantiated End.DT4 SID

2001:db8:0:14::d410 bound to IPv4 VRF 10

• This SID value will result in the DA for the inner IPv4 packet

being looked up in VRF 10

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


111

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

IPv4 packet 1. CE1 sends an IP4 data packet to R10

with DA 10.1.2.1

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated


112

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R10 looks up 10.1.2.1 in VRF 10 and finds entry via SRv6 policy

2. R10 builds IPv6 packet with SRH

• SA=2001:db8:1::A (it’s loopback)

• DA=2001:db8:0:5::100 (first intermediate node)

• SRH:


• Seg List is {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

• Payload is IPv4 packet received from CE1

2. R10 does FIB lookup for 2001:db8:0:5::100 and sends it via link to R4


SRH

IPv6

SL: 2SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

SA: 2001:db8:1::A

DA: 2001:db8:0:5::100

IPv4 packet


113

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R4 does FIB lookup for

2001:db8:0:5::100. Since it is not a local

address, it routes to it via the shortest

path which is the direct link to R5.


SRH

IPv6

SL: 2SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

SA: 2001:db8:1::A

DA: 2001:db8:0:5::100

IPv4 packet


114

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R5 does FIB lookup for 2001:db8:0:5::100. Since it is a locally

defined SID, it processes the SRH and updates the IPv6 packet:

• SA=2001:db8:1::A (unchanged)• DA=2001:db8:0:3::100 (next segment in list)

• SRH:• Decrement Segments Left by 1 => Segments Left = 1• Seg List is unchanged

2. R5 does FIB lookup for 2001:db8:0:3::100 and routes to it via the shortest path which is via the direct link to R3.


SRH

IPv6 SA: 2001:db8:1::A

DA: 2001:db8:3::100

SL: 1SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

IPv4 packet


115

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R3 does FIB lookup for 2001:db8:0:3::100. Since it is a locally

defined SID, it processes the SRH and updates the IPv6 packet:• SA=2001:db8:1::A (unchanged)• DA=2001:db8:0:14::d410 (next segment in list)

• SRH:• Decrement Segments Left by 1 => Segments Left = 0• Seg List is unchanged

2. R3 does FIB lookup for 2001:db8:0:14::d410 and routes to it via the shortest path which is via the direct link to R20.


SRH

IPv6

SL: 0SList: {2001:db8:0:5::100, 2001:db8:0:3::100, 2001:db8:0:14::d410}

SA: 2001:db8:1::A

DA: 2001:db8:14:d410::

IPv4 packet


116

R1 R3

R4 R6

R10 R20 CE2CE1

R2

R5

SR Domain

R

CE

H1

Provider

Router

Customer

Router

Provider

Host

All IGP metrics are

equal to 10 unless

otherwise indicated

VRF

10

VRF

10

10.1.1.0/24 10.1.2.0/24

Local SIDs: 2001:db8:0:1::/64

lo0: 2001:db8:1::1/128

Local SIDs: 2001:db8:0:2::/64

lo0: 2001:db8:1::2/128

Local SIDs: 2001:db8:0:3::/64

lo0: 2001:db8:1::3/128

Local SIDs: 2001:db8:0:4::/64

lo0: 2001:db8:1::4/128

Local SIDs: 2001:db8:0:5::/64

lo0: 2001:db8:1::5/128

Local SIDs: 2001:db8:0:6::/64

lo0: 2001:db8:1::6/128



lo0: 2001:db8:1::14/128

Use case 2

Routing TE

SIDs Global SRv6


Application L3VPN

Objectives:

• Deliver traffic

between CE1

and CE2 via the

underlay TE

path

{R5,R3,R20}

1. R20 does FIB lookup for 2001:db8:0:14::d410. Since it is a locally defined SID, it processes the IPv6 packet:• SID is an End.DT4(10) function

2. R20 decapsulates the IPv6 header and looks up the inner IPv4 packet DA in VRF 10 where it matches an entry with next-hop CE2

3. R20 sends packet to CE24. R20 is an SR Segment Endpoint node for this SR packet.

IPv4 packet

117

References

References

• RFC7855 - Source Packet Routing in Networking (SPRING) Problem Statement and

Requirements

• RFC 8354 - Use Cases for IPv6 Source Packet Routing in Networking (SPRING)

• draft-ietf-6man-segment-routing-header-26 - IPv6 Segment Routing Header (SRH)

• draft-ietf-spring-srv6-network-programming-07 - SRv6 Network Programming

118

Issue Date:

Revision:

Thank You !

End of session

[Date]

[xx]

WSDN01_v0.1

Instructions for using this template€¦ · Segment Routing for IPv6 data plane (SRv6) SDN...

Documents

Transcript of Instructions for using this template€¦ · Segment Routing for IPv6 data plane (SRv6) SDN...