hpsr-2020-srv6-tutorial

This presentation is partly based on slide decks that have been kindly provided by Cisco Systems
Segment Routing over IPv6 (SRV6)
and the Network Programming Model
Stefano Salsano – University of Rome Tor Vergata / CNIT
stefano.salsano@uniroma2.it
IEEE HPSR – May 11th 2020

Tutorial highlights - part 1
• What is Segment Routing ?
• What is SRv6 ?
(Segment Routing over IPv6) • Why is SRv6 so cool?
Hint: SDN and scalability !
• How does it work ?
few protocol details…
• SRv6 for typical applications:
Fast Rerouting, VPNs,
Traffic Engineering
2

• What is the Network Programming Model?
from “waypoints” to “instructions”
• How can we use the Network Programming
Model for VPNs/SD-WANs and for SFC?
3

• SRv6 standardization and deployments
• SRv6 open source implementations and tools
• The ROSE ecosystem (Linux)
• Scientific activities on SRv6
4

• Hands-on using the rose-srv6 Virtual Machine
• Advanced topics and research issues
• Conclusions
5

The ROSE ecosystem
6
Data
Plane
Control
Plane
web
dashboard
Controller
Apache Kafka
NorthBound APIs
(gRPC)
SouthBound APIs
(gRPC)
Orchestrator
ArangoDB
InfluxDB

© 2018 Cisco and/or its affiliates. All rights reserved.© 2018 Cisco and/or its affiliates. All rights reserved.
Acknowledgements
• This slideset originated from the following presentations:
• Segment Routing
Clarence Filsfils (CISCO), Kris Michielsen (CISCO)
http://www.segment-routing.net/tutorials/2016-09-27-segment-routing-introduction/
• Introduction to Segment Routing
Alberto Donzelli (CISCO)
CISCO Live! – January 29 February 2 2018 Barcelona, Spain
• SRv6 Network Programming
Francois Clad (CISCO)
(which in turn acknowledge several CISCO people)
8

The ROSE team Pier Luigi Ventre
Ahmed AbdelSalam
Bogdan Iatco
Mahdi Tajiki
Lorenzo Bracciale
Pierpaolo Loreti
Angelo Tulumello
Marco Bonola
Luca Chiaraviglio
Fabio D'Andreagiovanni
Marco Ferrari
Daniele Zaccariello
Emanuele Altomare
9
Andrea Mayer
Paolo Lungaroni
Francesco Lombardo
Carmine Scarpitta
Giulio Sidoretti
Stefano Salsano
The team involved in the setup of the tutorial VM and experiments

Agenda
SR and SRv6 introduction
SR-MPLS Dataplane (short mention)
SRv6 Dataplane
Traffic Engineering, Fault Protection (TI-LFA)
SRv6 Network Programming Model
Security
SD-WAN / Service Function Chaining
Standards, deployments, open source, scientific activities
Advanced topics & further research
Hands-on part

Segment Routing : a form of source routing
Seattle
New-York
Toronto
Segment Routing
11
1. A unique and global luggage
tag is attached to the luggage
with the list of stops to the final
destination
2. At each stop, the luggage is
simply routed to the next hop
listed on the luggage tag
Mission - Route the luggage to Berlin
via Mexico and Madrid
Mexico
Madrid
Berlin
London

Seattle
New-York
Toronto
Segment Routing
12
MEX
MAD
BER
destination
Mexico
Madrid
Berlin
London

Seattle
New-York
Berlin
Mexico
Toronto London
Segment Routing
MEX
MAD
BER
13
MEX
MAD
BER
destination
Madrid

Seattle
New-York
BerlinToronto London
Segment Routing
MEX
MAD
BER
MEX
MAD
BER
14
MEX
MAD
BER
destination
Mexico
Madrid

Seattle
New-York
Berlin
Madrid
Toronto London
Segment Routing
MEX
MAD
BER
MEX
MAD
BER
15
MEX
MAD
BER
MEX
MAD
BER
destination
Mexico

Seattle
New-York
Segment Routing
MEX
MAD
BER
MEX
MAD
BER
MEX
MAD
BER
16
MEX
MAD
BER
MEX
MAD
BER
destination
Mexico
Madrid

Seattle
New-York
Segment Routing
MEX
MAD
BER
MEX
MAD
BER
MEX
MAD
BER
17
MEX
MAD
BER
MEX
MAD
BER
MEX
MAD
BER
destination
Path can be controlled
Simple and scalable
RESULT
:
Mexico
Madrid

• Strict Source Routing
• all routing steps should be listed by the source
• Loose Source Routing
• the source can add “waypoints” to the path
• Segment Routing uses Loose Source Routing
18
Source Routing variants

• SR is based on Source Routing
• the source chooses a path and encodes it in the packet header as an ordered
list of segments
• the rest of the network executes the encoded instructions
• Segment: an identifier for any type of instruction
• forwarding (segment=>waypoint) or service (segment=>operation)
• SR Policy: an ordered list of segments (segment list)
19
Segment Routing (SR)

SR Policy and SR domain
S1
S2
S3Headend
Node
P=<S1,S2,S3> SR domain
SR Policy
20
Ingress node
(edge node)
Egress node
(edge node)
Datacenter
Server

SR path and SR segments
S1
S2
S3Headend
Node
SR Policy
21
Ingress node Egress node
Datacenter
Server
S1 S2 S3
The path is split in three segments

SR operations : PUSH / NEXT / CONTINUE
S1
S2
S3Headend
Node
SR Policy
22
Ingress node Egress node
Datacenter
Server
S1 S2 S3
PUSH
NEXT CONTINUE

SRv6: extending the SR domain (1/2)
S1
S2
S3Headend
Node
SR Policy
23
Ingress node
Datacenter
Server
Edge node

SRv6: extending the SR domain (2/2)
S1
S2
S3
Headend
Node
SR Policy
24
Edge node
Datacenter
Server
Edge node

© 2018 Cisco and/or its affiliates. All rights reserved.
Two dataplane instantiations
IPv6 : SRv6
• uses IPv6 source routing extension header (SRH) - RFC8200
• 1 segment = 1 address
• a segment list = an address list in the SRH
MPLS : SR-MPLS
• uses the mature MPLS HW with only SW upgrade
• 1 segment = 1 label
• a segment list = a label stack
Segment Routing
25

Segment Routing – Forwarding Plane
• SR-MPLS: a segment list is represented as a stack of labels
• Segment → Label
• The SR labels needs to be distributed by the routing protocols (IGP or BGP)
that have been properly extended
• SRv6: a segment list is encoded in a routing extension header (SRH)
• Segment → IPv6 Address
• The routing protocols natively distribute the addresses
(no changes needed for topological instructions)
26

Global and Local Segments
• Global Segment
• Any node in the SR domain can execute the associated instruction
• Each node in the SR domain installs the associated instruction in its forwarding table
• MPLS label pool: Value in Segment Routing Global Block (SRGB)
• Local Segment
• Only a specific node can execute the associated instruction
• MPLS label pool: locally allocated label
27

• Scalability (thanks to Source Routing)
• the topological and service (NFV) path is encoded in packet header
• the network fabric does not hold any per-flow state for TE or NFV
• Simplicity
• automation: sub-50msec FRR (Fast ReRouting) with TI-LFA (Topology Independent
Loop Free Alternates)
• protocol elimination: LDP, RSVP-TE, NSH…
• End-to-End applicability (with SRv6)
• e.g. integrated view of Mobile Access, Data Center, Metro, WAN
Segment Routing: key advantages
28

Scalability and SDN: traditional approach
State information (match/action)
per flow in all nodes!
29
example: “traditional” MPLS label
lookup tables with per-flow state

Scalability and SDN: traditional approach
SDN controller needs to talks with
all nodes (per flow)
30
example: “traditional”
SDN/OpenFlow solution
with per-flow state

Scalability and SDN: SR approach
State information (match/action)
per flow only in the headend node
31

Scalability and SDN: SR approach
SDN controller only talks with
edge nodes (per flow)
32

22
4
SR-MPLS label stack example
A flow from 1 to 5, adding waypoints 3 and 4
34
3
4
1
5
1
5

Packet to 5
22
4
SR-MPLS label stack example
3
4
3-4-5
1
5
1
5
35
3-4-5 Packet to 5
4-5 Packet to 5
5 Packet to 5
Packet to 5
A flow from 1 to 5, adding waypoints 3 and 4
NB: MPLS Penultimate Hop Pop is used!

• Two basic building blocks distributed by IGP
• Prefix Segments
• Adjacency Segments
36
SR-MPLS
IGP (Interior Gateway Protocol) segments

SR-MPLS Dataplane
Global Segments – Global Label Indexes
• SRGB = Segment Routing Global Block
• Default SRGB: 16,000 – 23,999
• Global Segments always distributed as a label range
(SRGB) + Index
• Index must be unique in Segment Routing Domain
• Best practice: same SRGB on all nodes
• Global Segments are global label values, simplifying network operations
37

Different SRGBs per node
S1
S2
S3
Headend
Node
P=<S1,S2,S3>
SR domain
SR Policy
PUSH
NEXT CONTINUE
N4
S1 : index = 1, SRGB = 1000
S2 : index = 2, SRGB = 2000
S3 : index = 3, SRGB = 3000
N4 : SRGB = 4000, N5 : SRGB = 5000,
N6 : SGRB = 6000, N7 : SRGB = 7000
N51002
2003
2003
2003
IP
IP
IP
5003
IP
3003
IP
1001
4002
2002
2003
IP
6002
N6 N7
2003
IP
2002
7003
IP
3003
IP
38

Identical SRGB in all nodes (recommended!)
S1
S2
S3Headend
Node
PUSH N4
SRGB = 1000 (same for all nodes)
S1 : index = 1
S2 : index= 2
S3 : index = 3
N51002
1003
1003
1003
IP
IP
IP
1003
IP
1003
IP
1001
1002
1002
1003
IP
1002
1003
IP
1002 1003
IP
1003
IP
SR domain
N6 N7
P=<S1,S2,S3>
SR Policy
NEXT CONTINUE
39

SR-MPLS TI-LFA : Zero-Segment Example
• TI-LFA for link R1R2 on R1
• Calculate post-convergence SPT
• SPT with link R1R2 removed from topology
• Derive SID-list to steer traffic on
post-convergence path
• R1 will steer the traffic towards
LFA R5
40
1000
Default cost: 10
A
5
4
Packet to Z
Packet to Z
prefix-SID(Z)
1 2
Z
3
Packet to Z
prefix-SID(Z)

SR-MPLS TI-LFA : Single-Segment Example
• Calculate post-convergence
Shortest Path Tree (SPT)
post-convergence path 
<Prefix-SID(R4)>
• Also known as “PQ-node”
• R1 will push the prefix-SID of R4
on the backup path
41
Packet to Z
prefix-SID(Z)
prefix-SID(R4)
Default cost:10
5
21
A Z
3
Packet to Z
prefix-SID(Z)
Packet to Z
Packet to Z
prefix-SID(Z)
4

SR-MPLS TI-LFA : Double-Segment Example
42
• Derive SID-list to steer traffic on post-
convergence path  <Prefix-SID(R4),
Adj-SID(R4-R3)
• Also known as “P- and Q-node”
• R1 will push the prefix-SID of R4 and
the adj-SID of R4-R3 link on the
backup path
Default cost: 10
5
21
A Z
34
Packet to Z
prefix-SID(Z)
Packet to Z
Packet to Z
prefix-SID(Z)
adj-SID(R4-R3)
prefix-SID(R4)
Packet to Z
prefix-SID(Z)
adj-SID(R4-R3)
1000
Packet to Z
prefix-SID(Z)

SRv6 forwarding operations
S1
S2
S3
SR source
node SR domain
DA : Destination Address
SL : Segments Left
N4 N5
N6
N7Transit
node SR endpoint
node 46
Packet

PUSH
S1
S2
S3
SR source
node SR domain
SR Policy
P=<S1,S2,S3>
SL : Segments Left
N4 N5
N6
N7Transit
node SR endpoint
node 47
Packet
(encapsulation)

S1
S2
S3
SR source
node SR domain
SR Policy
P=<S1,S2,S3>
SL : Segments Left
IPv6 DA = S1
(S3, S2, S1) SL=2
Payload
SR H
IPv6 H
N4 N5
N6
N7Transit
node SR endpoint
node 48
Packet
PUSH
(encapsulation)

S1
S2
S3
SR source
node SR domain
SR Policy
P=<S1,S2,S3>
NEXT
SL : Segments Left
IPv6 DA = S2
(S3, S2, S1) SL=1
Payload
SR H
IPv6 H
IPv6 DA = S1
(S3, S2, S1) SL=2
Payload
SR H
IPv6 H
N4 N5
N6
N7Transit
node SR endpoint
node 49
Packet
(encapsulation)
PUSH

S1
S2
S3
SR source
node SR domain
SR Policy
P=<S1,S2,S3>
NEXT CONTINUE
SL : Segments Left
IPv6 DA = S2
(S3, S2, S1) SL=1
Payload
SR H
IPv6 H
IPv6 DA = S1
(S3, S2, S1) SL=2
Payload
SR H
IPv6 H IPv6 DA = S2
(S3, S2, S1) SL=1
Payload
SR H
IPv6 H
N4 N5
N6
N7Transit
node SR endpoint
node 50
Packet
(encapsulation)
PUSH

S1
S2
S3
SR source
node SR domain
SR Policy
P=<S1,S2,S3>
NEXT CONTINUE
SL : Segments Left
IPv6 DA = S2
(S3, S2, S1) SL=1
Payload
SR H
IPv6 H IPv6 DA = S3
(S3, S2, S1) SL=0
Payload
SR H
IPv6 H
IPv6 DA = S1
(S3, S2, S1) SL=2
Payload
SR H
IPv6 H IPv6 DA = S2
(S3, S2, S1) SL=1
Payload
SR H
IPv6 H IPv6 DA = S3
(S3, S2, S1) SL=0
Payload
SR H
IPv6 H
N4 N5
N6
N7Transit
node SR endpoint
node 51
Packet
(encapsulation)
PUSH

SRv6 Dataplane - Node Segment
• Shortest-path to the IGP prefix
• Equal Cost Multi-Path (ECMP)-aware
• (Already) distributed by ISIS/OSPF
52
A5::
A5::
A1
A1::
A2
A2::
A3
A3::
A4
A4::
A5
A5::
A5::/56
A5::
A5::
A5::
A5::

SRv6 Dataplane - Node Segment
• Shortest-path to the IGP prefix
• Equal Cost Multi-Path (ECMP)-aware
• (Already) distributed by ISIS/OSPF
53
A1
A1::
A2
A2::
A3
A3::
A4
A4::
A5
A5::
A4::
A4::
A4::/56
A4::
A4::
A4::
A4::

A1
A1::
A2
A2::
A3
A3::
A4
A4::
A5
A5::
SRv6 Dataplane - IGP Adjacency Segment
• Forward on the IGP adjacency
• Advertised as an IPv6 SID
• Distributed by ISIS/OSPF in
specific TLVs
54
A4::C2
A4::C5
Adj to
A5
Adj to
A2
A4::C3
Adj to A3

A1
A1::
A2
A2::
A3
A3::
A4
A4::
A5
A5::
SRv6 Dataplane - IGP Adjacency Segment
• Steer traffic on any path through the
network
• Path is specified by a list of IPv6
addresses (Segment List) in the SRH
header
• No path is signaled
• Per-flow state is created only in the
source node
• Single protocol: IS-IS or OSPF
55
SRH (A4::C5)
Packet to A5
SRH (A4::C5)
Packet to A5

Segment Routing Traffic Engineering
vs. “traditional” Traffic Engineering
• In “traditional” TE, a connection (LSP) is setup updating the forwarding
tables of ALL crossed nodes,
• By combining prefix and adjacency segments we have the same
expressiveness of traditional TE
• The average number of segments (waypoints) needed to enforce a TE
path is very low in typical scenarios
• Equal Cost Multipath (ECMP) can be exploited in a natural way with SR
57

Using Segment Routing for fault protection
TI-LFA
Topology Independent Loop-Free Alternate

TI-LFA example (needs an Adjacency Segment)
2 4
6 5
1
A5::0
A5::/64
Pri → via 5
FRR → insert A2::C4
100
Primary route FRR Route
(Using Adiacency Segment)
1
1
1
1
59

2 4
6 5
1
A5::0
A5::/64
Pri → via 5
1001
1
1
1
60

2 4
6 5
1
A2::C4
A5::0
A5::0
<50mec FRR
A5::/64
Pri → via 5
1001
1
1
1
61

TI-LFA – SRv6 Zero-Segment Example
• SPT with link R1R2 removed from topology
post-convergence path: no need to
change the SID-list
• R1 will steer the traffic towards LFA
R5
62
1000
Default cost: 10
B
5
4
Packet to C
AC::0
1 2
C
3
Packet to C
AC::0

TI-LFA – SRv6 Prefix Segment Example
• Calculate post-convergence
Shortest Path Tree (SPT)
post-convergence path  ADD
<Prefix-SID(R4)>
• Also known as “PQ-node”
• R1 will push the prefix-SID of R4
on the backup path
63
Packet to C
<A4::0,AC::0>
Default cost:10
5
21
B C
3
Packet to C
<A4::0,AC::0>
Packet to C
AC::0
4

TI-LFA – SRv6 Adjacency Segment Example
64
• Derive SID-list to steer traffic on post-
convergence path 
<Adj-Segment(R4-R3)>
• Also known as “P- and Q-node”
• R1 will push the adjacency SID of R4-
R3 link on the backup path : A4::C3
Default cost: 10
5
21
B C
34
Packet to C
<A4::C3,AC::0>
Packet to C
<A4::C3,AC::0>
Packet to C
<A4::C3,AC::0>
1000
Packet to C
AC::0

• 50msec Protection upon
local link, node or SRLG failure
• Simple to operate and understand
• can be automatically computed by the router’s IGP process
• 100% coverage across any topology
• predictable (backup = postconvergence)
• Optimum backup path
• leverages the post-convergence path, planned to carry the traffic
• avoid any intermediate flap via alternate path
• Incremental deployment
• Distributed and Automated Intelligence
TI-LFA
65

Network Transport Evolution
Simplify - Optimize - Enable
66
Service
Protocol
s
Transpor
t
Protocol
s
IGP/SR
BGP-EVPN
Unified MPLS
SR
Enabled Transport
Do more with less !!
IP

Path expressed in the packet Data
Dynamic path
Explicit path
Paths options
Dynamic
(Headend computation)
Explicit
(Operator / Controller)
Control Plane
Routing protocols with
extensions
(IS-IS,OSPF, BGP)
SDN controller
Data Plane
MPLS
(segment labels)
IPv6
(+SR header)
Segment Routing
67
Segment routing architecture seeks the right balance between
distributed intelligence and centralized optimization

IPv6 adoption is a reality
https://6lab.cisco.com/stats/ 69

IPv6 adoption trend
70
https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption

IPv6 provides reachability
71

IPv6 provides reachability: IoT, Core, Data Centers
72

Underlay and Overlay domains
Underlay
Overlay
73

• Simplicity
• Protocol elimination
• SLA
• Fast ReRoute and TE
• Overlay
• NFV
• SDN
• SR is de-facto SDN architecture
• 5G
SRv6 – Segment Routing & IPv6 : the Vision
IPv6 for reachability
SR for anything else
74

SRv6 for underlay
RSVP for FRR/TE Horrendous states scaling in k*N^2
75

SRv6 for underlay
SRv6 for Underlay
Simplification through protocol reduction
SLA through automated FRR and TE
De-facto SDN architecture
76

Multiplicity of protocols and states hinder network economics
SRv6 for underlay and overlay
SRv6 for Underlay Simplification, FRR, TE, SDN
UDP+VxLAN Overlay Additional Protocol just for tenant ID
NSH for NFV Additional Protocol and State
77

SRv6 for underlay and overlay
SRv6 for Underlay Simplification, FRR, TE, SDN
SRv6 for Overlay SRv6 for SFC, VPNs…
78

• Simplicity
• Protocol elimination
• SLA
• Fast ReRoute and TE
• Overlay
• NFV
• SDN
• SR is de-facto SDN architecture
• 5G
SRv6 – Segment Routing & IPv6
SR for anything else
79

SR for anything:
Network as a Computer or
Network Programming model

• 128-bit SRv6 SID
• Locator: routed to the node performing the function
• Function: any possible function
either local to network node or app in VM/Container
• Flexible bit-length selection
Network instruction
FunctionLocator
81

• 128-bit SRv6 SID
• Locator: routed to the node performing the function
• Function: any possible function
either local to network node or app in VM/Container
• Arguments: optional argument bits to be used only by that SID
• Flexible bit-length selection
• USE WITH CAUTION… it may have side effects if it changes on a packet by packet
base for packets of the same flow
Network instruction
FunctionLocator Args*
82

Network Program
Next Segment
Locator 1 Function 1
83

Network Program
Next Segment
84

Network Program
Next Segment
85

Network Program in the Packet Header
TCP, UDP, QUIC
Locator 1 Function 1Source Address
Active Segment
IPv6 header
Segment
Routing
Header
IPv6 payload
IPv6 destination addressIPv6 source address
86

SRv6 Header
Metadata TLV
Segments Left
TAG
87

Argument shared between functions
“Global”
Argument
Metadata TLV
Segments Left
TAG
88

SRv6 for anything
Optimized for HW processing
e.g. Underlay & Tenant use-cases
Optimized for SW processing
e.g. NFV, Container, Micro-Service
Metadata TLV
Segments Left
TAG
89

SRv6 for anything
Turing
Metadata TLV
Segments Left
TAG
90

SRv6 Network Programming model
End Endpoint function
The SRv6 instantiation of a prefix SID
End.X Endpoint function with Layer-3 cross-connect
The SRv6 instantiation of a Adj SID
End.T Endpoint function with specific IPv6 table lookup
End.DX2 Endpoint with decapsulation and Layer-2 cross-connect
L2VPN use-case
End.DX2V Endpoint with decapsulation and VLAN L2 table lookup
EVPN Flexible cross-connect use-cases
End.DT2U Endpoint with decaps and unicast MAC L2 table lookup
EVPN Bridging unicast use-cases
End.DT2M Endpoint with decapsulation and L2 table flooding
EVPN Bridging BUM use-cases with ESI filtering
91

End.DX6 Endpoint with decapsulation and IPv6 cross-connect
IPv6 L3VPN use (equivalent of a per-CE VPN label)
End.DX4 Endpoint with decapsulation and IPv4 cross-connect
IPv4 L3VPN use (equivalent of a per-CE VPN label)
End.DT6 Endpoint with decapsulation and IPv6 table lookup
IPv6 L3VPN use (equivalent of a per-VRF VPN label)
End.DT4 Endpoint with decapsulation and IPv4 table lookup
IPv4 L3VPN use (equivalent of a per-VRF VPN label)
End.DT46 Endpoint with decapsulation and IP table lookup
IP L3VPN use (equivalent of a per-VRF VPN label)
End.B6 Endpoint bound to an SRv6 policy
SRv6 instantiation of a Binding SID
92

End.B6.EncapsEndpoint bound to an SRv6 encapsulation Policy
SRv6 instantiation of a Binding SID
End.BM Endpoint bound to an SR-MPLS Policy
SRv6/SR-MPLS instantiation of a Binding SID
End.S Endpoint in search of a target in table T
The list is not exhaustive. In practice, any function can be
attached to a local SID: e.g. a node N can bind a SID to a local VM
or container which can apply any complex function on the packet.
93

• Default endpoint behavior (node segment)
• Decrement Segments Left, update DA
• Forward according to new DA
• Node 2 advertises prefix A2::/64 (A2::/64 is the SID locator)
• Packets are forwarded to node 2 along the default routes (shortest path)
• On 2, the default endpoint behavior is associated with ID 1 (1 is the function)
• The SID corresponding to the default endpoint behavior on node 2 is A2::1
END – Default endpoint function
SR Hdr
IPv6 Hdr
SA = A1::, DA =
A2::1
(…,A3::,A2::1,…)
SL=k
Payload
2
A2:: /64
SR Hdr
IPv6 Hdr SA = A1::, DA = A3::
(…, A3::, A2::1,…)
SL=k-1
Payload
3
94

• For simplicity function 1 denotes the most basic function
• Shortest-path to the Node
Endpoint function (END)
A1
A1::
A3
A3::
A2
A2::
A5
A5::
A4
A4::
50
A6
A6::
A7
A7::
A8
A8::
Default metric 10
SR: 〈A4::1, A6::1, A8::〉
>VPP: show sr localsid
LocalSID Behavior
A6::1 End
Total SR LocalSIDs: 1
LocalSID Behavior
A4::1 End
95

• Endpoint xconnect behavior (adjacency segment)
• Decrement Segments Left, update DA
• Forward on the interface associated with the Xconnect segment
• Node 3 advertises prefix A3::/64
• Packets are forwarded to node 3 along the default routes (shortest path)
• On 3, the endpoint xconnect behavior for adjacency 1 is associated with ID C1
• The SID corresponding to endpoint xconnect-1 behavior on node 3 is A3::C1
END.X – Endpoint then layer3 Xconnect
SR Hdr
IPv6 Hdr
SA = A1::, DA =
A3::C1
(…,A4::, A3::C1,…)
SL=k
Payload
SR Hdr
IPv6 Hdr SA = A1::, DA = A4::
(…, A4::, A3::C1,…) SL=k-1
Payload
3
A3:: /64
4
1 2
96

END.X – Endpoint then layer3 Xconnect
A1
A1::
A3
A3::
A2
A2::
A5
A5::
A4
A4::
50
A6
A6::
A7
A7::
A8
A8::
Default cost: 10
SR: 〈A4::C5, A6::1, A8::〉
LocalSID Behavior
A6::1 End
LocalSID Behavior
A4::C5 End.X
{TenGE0/1/0 A5::}
• For simplicity Ak::Cj denotes:
• Shortest-path to the Node K and then x-connect (function C) to the neighbor J
97

Overlay
• Automated
– No tunnel to configure
• Simple
– Protocol elimination
• Efficient
– SRv6 for everything
1
2
Green Overlay
V:: /16
via A:2::C4
4
V:: /16
3
T:: /16
IPv6 ( A:1::, A:2::C4 )
Payload
IPv6 ( T:1::, V:2:: )
IPv6 ( T:1::, V:2:: )
Payload
IPv6 ( T:1::, V:2:: )
Payload
99

Overlay with Underlay Control
• SRv6 does not only
eliminate unneeded
overlay protocols
• SRv6 solves problems that
these protocols cannot
solve
1
2
Green Overlay
V:: /16
via A:2::C4
with Latency
4
V:: /16
3
T:: /16
3
IPv6 ( T:1::, V:2:: )
Payload
IPv6 ( A:1::, A:3::0 )
Payload
IPv6 ( T:1::, V:2:: )
SRH (A:2::C4, A:3::0 )
100

Overlay with Underlay Control
• SRv6 does not only
eliminate unneeded
overlay protocols
• SRv6 solves problems that
these protocols cannot
solve
IPv6 ( A:1::, A:2::C4 )
Payload
IPv6 ( T:1::, V:2:: )
SRH ( A:2::C4, A:3::0 )
1
2
Green Overlay
V:: /16
via A:2::C4
with Latency
4
V:: /16
3
T:: /16
3
IPv6 ( T:1::, V:2:: )
Payload
IPv6 ( T:1::, V:2:: )
Payload
101

Integrated NFV
• A:3::A32 means
– App in Container 32
– @ node A:3::/64
• Stateless
– NSH creates per-chain state
in the fabric
– SR does not
• App is SR aware or not
IPv6 ( A:1::, A:3::A32 )
Payload
IPv6 ( T:1::, V:2:: )
SRH
( A:2::C4, A:5::A76,
A:4::0, A:3::A32 )
1
2
4
V:: /16
3
T:: /16
4
3
App 32
Container
Server 3
5
App 76
VM
Server 5
IPv6 ( T:1::, V:2:: )
Payload
102

IPv6 ( A:1::, A4::0 )
Payload
IPv6 ( T:1::, V:2:: )
SRH
( A:2::C4, A:5::A76,
A:4::0, A:3::A32 )
3
App 32
Container
Server 3
Integrated NFV
• Integrated with underlay SLA 1
2
4
V:: /16
3
T:: /16
4
5
App 76
VM
Server 5
103

IPv6 ( A:1::, A:5::A76 )
Payload
IPv6 ( T:1::, V:2:: )
SRH
( A:2::C4, A:5::A76,
A:4::0, A:3::A32 )
3
App 32
Container
Server 3
Integrated NFV
• A:5::A76 means
– App in VM 76
– @ node A:5::/64
• Stateless
– NSH creates per-chain state
in the fabric
– SR does not
• App is SR aware or not
1
2
4
V:: /16
3
T:: /16
4
5
App 76
VM
Server 5
104

IPv6 ( A:1::, A:2::C4 )
Payload
IPv6 ( T:1::, V:2:: )
SRH
( A:2::C4, A:5::A76,
A:4::0, A:3::A32 )
3
App 32
Container
Server 3
Integrated NFV
• Integrated with Overlay 1
2
4
V:: /16
3
T:: /16
4
5
App 76
VM
Server 5
IPv6 ( T:1::, V:2:: )
Payload
105

SRv6 domain and its
security
(few simple considerations…)

SR Domain
• The set of trusted nodes participating in
the SR solution
• May be organized in multiple
IGP areas and BGP AS
SRv6 Domain
AS
AS
area area
108

Domain Blocks
• The SR domain has
– a classic address block (e.g. B::/4)
– a SID block (e.g. A::/4)
SRv6 Domain
Classic
address Block
B::/4
SID Block
A::/4
109

Trust inside the domain
• Any source A inside the domain can inject
SR traffic using any SID of the domain
– via SID list <S1, S2, S3>
S1
S2
S3
A
Z
(A, S1)(Z, S3, S2, S1, SL=3)
110

External traffic is not trusted
• Any external source A cannot
leverage the SID’s of the domain
• Any border router drops any external traffic
destined to its blocks
– A::/4 and B::/4 S1
S2
S3
A
Z
(A, S1)(Z, S3, S2, S1, SL=3)
111

Validating SR Headers
• The HMAC TLV can be carried in Segment Routing Header to
validate the header
– “SR Source Nodes not directly connected to the SR Domain may access
specific sets of segments within the SR Domain when secured with the SRH
HMAC TLV. The SRH HMAC TLV provides a means of verifying the validity of
ingress packets SRH, limiting access to the segments in the SR Domain to
only those source nodes with permission.”
112

SRv6 standardization
•Large standardization efforts in IETF (around 70 document)
– Driven by vendors (CISCO is the main supporter)
– See full list here: www.segment-routing.net/ietf/
• Main RFCs
– RFC 8402 Segment Routing Architecture
defines SR concepts both for MPLS and SRv6
– RFC 8660 Segment Routing with MPLS data plane
– RFC 8754 IPv6 Segment Routing Header (SRH)
defines the SRv6 dataplane encapsulation (SRH)
114

SRv6 standardization
• Main WG docs
– draft-ietf-spring-srv6-network-programming
defines the SRv6 Network Programming model
– draft-ietf-spring-segment-routing-policy
– draft-ietf-spring-sr-service-programming
covers SFC aspects
•IETF docs can be classified in several categories:
Architecture, Use-Cases and Requirements, Deployments and Interoperability, Fast Reroute
(FRR), OAM, Performance Measurements, Multicast/Replication, Protocol Extensions
115

SRv6 deployments
• Large-scale commercial deployments
– Softbank, Iliad, China Telecom, LINE corporation, China Unicom, CERNET2, China Bank
and Uganda MTN.
•Hardware linerate implementations
– Cisco Systems, Huawei
– Broadcom, Barefoot, Intel, Marvell, Mellanox
– Multiple Interop Reports
•Open-source platforms/ Applications
– Linux kernel, FD.io VPP, P4, Wireshark, tcpdump, iptables, nftables, snort, ExaBGP,
Contiv-VPP
116

SRv6 Open Source Platforms / Applications
• SRv6 Data path
– Linux kernel
– FD.io VPP (https://wiki.fd.io/view/VPP)
– P4 SRv6 (http://bit.ly/onos-p4-srv6)
• Applications and tools
– Wireshark, Tcpdump
– scapy
– iptables, nftables
– Snort NIDS (https://github.com/SRouting/SR-Snort)
• Control plane
– ExaBGP (https://www.segment-routing.net/open-software/exabgp/)
– Contiv-VPP
117

ROSE - Research on Open SRv6 Ecosystem
• SRv6 uSID (micro segment) implementation in Linux
• SRv6 uSID (micro segment) implementation on P4
• SRv6-PM (SRv6 Performance monitoring)
• rose-srv6 VM
118
• SREXT - Segment Routing Extension Linux kernel module
• SRNK – SR proxy Native Kernel
• pyroute2 extensions to support SRv6
• SRv6-SDN – An SDN ecosystem for SRv6 on Linux
• SRPerf - a Performance Evaluation Framework for
SRv6 implementations
https://netgroup.github.io/rose/
The ROSE ecosystem includes several sub-projects:
The hands-on part of this tutorial is based on the ROSE ecosystem, in particular on the rose-srv6 VM

Segment Routing scientific work
• More than 90 papers
– http://www.segment-routing.net/scientific-papers/ (lists 60 papers)
– See this survey on arxiv (http://arxiv.org/abs/1904.03471)
“Segment Routing: a Comprehensive Survey of Research Activities,
Standardization Efforts and Implementation Results”
119

Segment Routing scientific work
• In our survey we have identified the following categories:
– Monitoring (8)
– Traffic Engineering (22)
– Failure Recovery / Resiliency (9)
– Centrally Controlled Architectures (16 )
– Path Encoding (8)
– Network programming (8)
– Performance Evaluation (4)
– Miscellaneous (9)
120

Our contributions…
• SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks
P. L. Ventre, M. M. Tajiki, S. Salsano, C. Filsfils,
IEEE Transactions on Network and Service Management (TNSM), December 2018.
• The Network as a Computer with IPv6 Segment Routing: a Novel Distributed Processing Model for the Internet of Things
A. Mayer, E. Altomare, S. Salsano, F. Lo Presti, C. Filsfils,
NGOSCPS workshop at the CPS-IoT Week 2019, April 15 2019, Montreal, Canada (pdf)
• SR-Snort: IPv6 Segment Routing Aware IDS/IPS
A. Abdelsalam, S. Salsano, F. Clad, P. Camarillo, C. Filsfils,
IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Verona, Italy, November 2018.
• Performance of IPv6 Segment Routing in Linux Kernel
A. Abdelsalam, P. L. Ventre, A. Mayer, S. Salsano, P. Camarillo, F. Clad, C. Filsfils,
CNSM Workshop on Segment Routing and Service Function Chaining (SR+SFC), Rome, Italy, 2018.
• SERA: SEgment Routing Aware Firewall for Service Function Chaining scenarios
A. Abdelsalam, S. Salsano, F. Clad, P. Camarillo, C. Filsfils, IFIP Networking, Zurich, Switzerland, May 2018.
• Implementation of Virtual Network Function Chaining through Segment Routing in a Linux-based NFV Infrastructure
A. AbdelSalam, F. Clad, C. Filsfils, S. Salsano, G. Siracusano and L. Veltri
IEEE Conference on Network Softwarization (NetSoft), Bologna, Italy, 2017.
• An Efficient Linux Kernel Implementation of Service Function Chaining for legacy VNFs based on IPv6 Segment Routing,
A. Mayer, S. Salsano, P. L. Ventre, A. Abdelsalam, L. Chiaraviglio, C. Filsfils,
5th IEEE International Conference on Network Softwarization (NetSoft 2019), 24-28 June 2019, Paris, France
121

Hands-on session
• We run our experiments on the rose-srv6 Virtual Machine, if you want to
replicate them, see https://netgroup.github.io/rose/rose-vm.html
• The experiments performed are reported in this technical report:
“ROSE-SRv6 Tutorial on Linux – Part 1. Manual creation of SRv6 tunnels in the data plane”
https://netgroup.github.io/rose/rose-vm.html#rose-srv6-tutorial-on-linux---part-1
• This technical reports describes further experiments with the SDN controller:
“ROSE-SRv6 tutorial on Linux - Part 2. ROSE Control Plane : setting up SRv6 tunnels from the
controller”
https://netgroup.github.io/rose/rose-vm.html#rose-srv6-tutorial-on-linux---part-2
123

Compressing the SR Header
• An SRv6 segment list is a sequence of IPv6 addresses. The SRH always
introduces 8 bytes. Each IPv6 address is 16 bytes long.
Example for 5 segments => 8 + 5 * 16 = 88 bytes of overhead.
Example for 10 segments => 8 + 10 * 16 = 168 bytes of overhead.
• In most cases the number of segments is limited (e.g. up to 3-4 segments), but
what happens if many segments are needed for a particular service or service
scenario ?
• A more compact representation of the Segment List is needed !
125

SRv6 uSID (micro-SID)
• A new extension of the SRv6 Network Programming model
– https://datatracker.ietf.org/doc/draft-filsfils-spring-net-pgm-extension-srv6-usid/
• It allows expressing SRv6 segments with a very compact and efficient representation.
– For example, using two bytes for uSID instead of using a normal IPv6 address (16
bytes) for a regular SRv6 segment.
• Leverages the SRv6 control and data planes without any change
• Provides better scaling and minimum MTU overhead
126

SRv6 uSID interop event
127
https://www.youtube.com/watch?v=pVFkmwYIgmo
Developed by the ROSE team

Other proposals in IETF for SRH compression
• Segment Routing Mapped To IPv6 (SRm6)
– draft-bonica-spring-sr-mapped-six-01
– draft-bonica-6man-comp-rtg-hdr-22
•Compressed SRv6 Network Programming
– draft-li-spring-compressed-srv6-np-02
128

The network as a computer with SRv6 (SR-IoT)
• The Network as a Computer with IPv6 Segment Routing: a Novel Distributed Processing Model for the Internet of Things
A. Mayer, E. Altomare, S. Salsano, F. Lo Presti, C. Filsfils,
NGOSCPS workshop at the CPS-IoT Week 2019, April 15 2019, Montreal, Canada (pdf)
A position (or visionary…) paper. Assuming that it is possible to exploit
distributed processing in the “things/gateways”, the application logic and the
computation state is transferred “on the fly” with IP packets (using SRv6!) : “SR-
IoT”
129

In SR-IoT, the Segment List can be seen as a “Network program”, where the next
segment is the Instruction Pointer and a network node is a CPU that executes
the instruction
130

In SR-IoT, we extend the SRv6 network programming model, considering the
Functions as “operation codes” of a processor ISA (Instruction Set Architecture)
The whole IoT infrastructure is seen as a logical machine with I/O ports
(corresponding to the ports of IoT devices), that can be programmed through an
Instruction Set Architecture
131

In SR-IoT, we extend the SRv6 network programming model, considering the
Functions as “operation codes” of a processor ISA (Instruction Set Architecture)
The whole IoT infrastructure is seen as a logical machine with I/O ports
(corresponding to the ports of IoT devices), that can be programmed through an
Instruction Set Architecture
132

We designed a prototype of SR-IoT, considering the Instruction Set Architecture
(ISA) of Atmel AVR microcontroller (Arduino) and using the the SimAVR emulator
on Linux to emulate the AVR microcontroller.
An SR-IoT packet corresponds to a process. It includes the program in the SRv6
segment list, and the serialization of registers, stack and RAM. All need to fit in
less than 1500 bytes ! For TinyAVR microcontrollers, RAM used can be as low as
128 or 256 bytes.
We designed an efficient solution to encode operations in the IPv6 segment list.
For example, 100 instructions over 10 different nodes can be represented with
320 bytes, leaving 1000 bytes for RAM, stack and CPU registers…
133

Segment Routing hottest open issues
• In our survey http://arxiv.org/abs/1904.03471 we have identified the following
research directions:
– Service Function Chaining support
– SRv6 end-host implementation aspects / SmartNICs and SRv6
– Cloud Orchestration
– Integration with Applications
– 5G and SRv6
– Internet of Things and SRv6
134

Conclusions
• Segment Routing architecture seeks the right balance between distributed
intelligence and centralized optimization
• Segment Routing over IPv6 (SRv6) brings in the
Network Programming model
• SRv6 provides underlay and overlay services in a unified way, possibly across
access, metro, core and data center networking domains
• Lots of issues are still open, very good for researchers ☺
135

Thank you. Questions?
Contacts
Stefano Salsano
University of Rome Tor Vergata / CNIT
stefano.salsano@uniroma2.it
136

References and acknowledgements
Research on Open SRv6 Ecosystem
https://netgroup.github.io/rose/
5G European Validation Platform for Extensive Trials
https://www.5g-eve.eu/
The 5G EVE project has received funding from the European Horizon 2020 Programme for research,
technological development and demonstration under grant agreement n° 815074

hpsr-2020-srv6-tutorial

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a hpsr-2020-srv6-tutorial

Similar a hpsr-2020-srv6-tutorial (20)

Más de Stefano Salsano

Más de Stefano Salsano (18)

Último

Último (20)

hpsr-2020-srv6-tutorial