SRv6 Network Programming: deployment use-cases

Ketan Talaulikar – Technical Leader, Routing
ketant@cisco.com
APRICOT 2018
Network as a computer and deployment use-cases
SRv6 Network Programming

© 2018 Cisco and/or its affiliates. All rights reserved.
Agenda
1 SRv6 101
2 SRv6 LocalSIDs Functions
3 Deployment use-cases
4 VPN Overlay
5 Service Chainning
7 SD-WAN
6 Spray
8 5G and Network Slicing

Industry at large backs up SR
De-facto SDN
Architecture
Standardization
IETF
Multi-vendor
Consensus
Open Source
Linux, VPP
Strong customer
adoption
WEB, SP, DC,
Metro, Enterprise

• Source Routing
• the topological and service (NFV) path is encoded in packet header
• Scalability
• the network fabric does not hold any per-flow state for TE or NFV
• Simplicity
• automation: TILFA sub-50msec FRR
• protocol elimination: LDP, RSVP-TE, NSH…
• End-to-End
• DC, Metro, WAN
Segment Routing

IPv6
• leverages RFC8200 provision for source routing extension header
• 1 segment = 1 address
• a segment list = an address list in the SRH
Two dataplane instantiations
MPLS
• leverage the mature MPLS HW with only SW upgrade
• 1 segment = 1 label
• a segment list = a label stack
Segment Routing

IPv6 adoption is a reality
% Web pages available over IPv6 Sources: 6lab.cisco.com – Web content
Cisco VNI Global IP Traffic Forecast, 2016-2021
Global IPv6 traffic
grew 241% in 2016
Globally IPv6 traffic will grow
16-fold from 2016 to 2021
IPv6 will be 37% of total
Internet traffic in 2021

IPv6 provides reachability

• Simplicity
• Protocol elimination
• SLA
• FRR and TE
• Overlay
• NFV
• SDN
• SR is de-facto SDN architecture
• 5G
SRv6 – Segment Routing & IPv6
IPv6 for reachability
SR for anything else

SRv6 for underlay
RSVP for FRR/TE Horrendous states scaling in k*N^2

SRv6 for underlay
SRv6 for Underlay
Simplification through protocol reduction
SLA through automated FRR and TE
De-facto SDN architecture

Multiplicity of protocols and states hinder network economics
SRv6 for underlay and overlay
SRv6 for Underlay Simplification, FRR, TE, SDN
UDP+VxLAN Overlay Additional Protocol just for tenant ID
NSH for NFV Additional Protocol and State
Opportunity for further simplification … Service Chaining
?

SR for anything:
Network as a Computer

• 128-bit SRv6 SID
• Locator: routed to the node performing the function
• Function: any possible function
either local to NPU or app in VM/Container
• Flexible bit-length selection
Network instruction
FunctionLocator

• 128-bit SRv6 SID
• Locator: routed to the node performing the function
• Function: any possible function
either local to NPU or app in VM/Container
• Arguments: optional argument bits to be used only by that SID
• Flexible bit-length selection
Network instruction
FunctionLocator Args*

Network Program
Next Segment
Locator 1 Function 1

Network Program
Next Segment

Network Program in the Packet Header
TCP, UDP, QUIC
Locator 1 Function 1Source Address
Active Segment
IPv6 header
Segment
Routing
Header
IPv6 payload

Argument shared between functions
“Global”
Argument
Metadata TLV
Segments Left
TAG

Group-Based Policy
Metadata TLV
Segments Left
TAG

SRv6 Header
Metadata TLV
Segments Left
TAG

SRv6 for anything
Optimized for HW processing
e.g. Underlay & Tenant use-cases
Optimized for SW processing
e.g. NFV, Container, Micro-Service
Metadata TLV
Segments Left
TAG

SRv6 for anything
Turing
Metadata TLV
Segments Left
TAG

• Standardization
• Multi-Vendor Consensus
Lead Operators

SRv6 LocalSIDs

• For simplicity function 1 denotes the most basic function
• Shortest-path to the Node
Endpoint function
A1
A1::
A3
A3::
A2
A2::
A5
A5::
A4
A4::
50
A6
A6::
A7
A7::
A8
A8::
Default metric 10
SR: 〈A4::1, A6::1, A8::〉
>VPP: show sr localsid
LocalSID Behavior
A6::1 End
Total SR LocalSIDs: 1
LocalSID Behavior
A4::1 End

Endpoint then xconnect to neighbor function
A1
A1::
A3
A3::
A2
A2::
A5
A5::
A4
A4::
50
A6
A6::
A7
A7::
A8
A8::
Default metric 10
SR: 〈A4::C5, A6::1, A8::〉
LocalSID Behavior
A6::1 End
LocalSID Behavior
A4::C5 End.X {TenGE0/1/0 A5::}
• For simplicity Ak::Cj denotes:
• Shortest-path to the Node K and then x-connect (function C) to the neighbor J

SID allocation for illustration purposes
A1
A1::
A3
A3::
A2
A2::
A5
A5::
A4
A4::
50
A6
A6::
A7
A7::
A8
A8::
Default metric 10
SR: 〈A4::C5, A6::1, A8::〉
LocalSID Behavior
A6::1 End
LocalSID Behavior
A4::C5 End.X {TenGE0/1/0 A5::}
• Node K advertises prefix Ak::/64
• Each node Ak has a function ::1 associated with End behavior
• Each node Ak has a function ::Cj associated with End.X behavior to neighbor j

Deployment use-cases

• 50msec Protection upon
local link, node or SRLG failure
• Simple to operate and understand
• automatically computed by the router’s IGP process
• 100% coverage across any topology
• predictable (backup = postconvergence)
• Optimum backup path
• leverages the post-convergence path, planned to carry the traffic
• avoid any intermediate flap via alternate path
• Incremental deployment
• Distributed and Automated Intelligence
TILFA
2 4
6 5
1
A5::0
A5::/64
Pri → via 5
A2::C4
A5::0
FRR → insert A2::C4
A5::0
<50mec FRR
100

• IGP minimizes cost instead of latency
Distributed & Automated TE
SFO
4
NY
5
BRU
1
MOS
2
TOK
3
A2::0
A3::0
A3::0
FIB
A2::/64 → OIF MOS
A3::/64 → OIF NY
FIB
A3::/64 → OIF TOK
BGP
Advert X/64
Advert Y/64 with Latency

• Distributed and Automated Intelligence
• Dynamic SRTE Policy triggered by learning a BGP route with SLA contract
• No PBR steering complexity, No PBR performance tax, No RSVP, No tunnel to configure
Distributed & Automated TE
SFO
4
NY
5
BRU
1
MOS
2
TOK
3
Y/64 via A3::0 Low-Latency
X/64 via A3::0 along IGP path
BGP
X/64 → A3::0
Y/64 → A3::0 with Lat.
FIB
A2::/64 → OIF MOS
A3::/64 → OIF NY
X/64 → A3::0
Y/64 → insert <A2::1, A3::1>
On-Demand distributed TE

Input Acquisition
• BGP-LS
• Telemetry
Policy Instantiation
• PCEP
• BGP-TE
• Netconf / Yang
Algorithm
• SR native
Centralized TE
DC (BGP-SR)
10
11
12
13
14
2 4
6 5
7
WAN (IGP-SR)
3
1
PEER
Low Lat, Low BW
50
Default ISIS cost metric: 10
<A1::1,
A2::C4,
A4::C7>
Low-Latency to 7
for application …

• Automated
• No tunnel to configure
• Simple
• Efficient
• SRv6 for everything
Overlay
1
2
4
V/64
3
T/64
IPv6 Hdr SA = A1::0, DA = A2::C4
Payload
IPv6 Hdr SA = T::1, DA = V::2
Green Overlay
V/64
via A2::C4
Payload
Payload

• Automated
• No tunnel to configure
• Simple
• Efficient
• SRv6 for everything
• All VPN services
• L2, IPv4, IPv6
Overlay - VPNs
1
2
4
10.0.4.0/24
3
10.0.3.0/24
IPv4 Hdr SA = 10.0.3.1, DA = 10.0.4.1
Payload
Green Overlay
10/8
via A2::C4
IPv4 Hdr SA = 10.0.3.1, DA = 10.0.4.1
Payload
IPv4 Hdr SA = 10.0.3.1, DA = 10.0.4.1
Payload

• SRv6 does not only eliminate
unneeded overlay protocols
• SRv6 solves problems that
these protocols cannot solve
Overlay with Underlay Control
1
2
4
V/64
3
T/64
Green Overlay
V/64
via A2::C4
with Latency
Payload
Payload
3
IPv6 Hdr SA = A1::0, DA = A3::1
Payload
SR Hdr < A3::1, A2::C4 >
Payload
SR Hdr < A3::1, A2::C4 >

• Stateless
• NSH creates per-chain state
in the fabric
• SR does not
• App is SR aware or not
• App can work on IPv4, IPv6
or L2
Integrated NFV
1
2
4
V/64
3
T/64
4
App 76
VM
Server 5
5
3
App 32
Container
Server 3IPv6 HdrSA = A1::0, DA = A3::A32
Payload
SR Hdr
< A3::A32, A4::1,
A5::A76, A2::C4 >
Payload

• Integrated with underlay SLA
Integrated NFV
1
2
4
V/64
3
T/64
4
App 76
VM
Server 5
5
3
App 32
Container
Server 3
IPv6 Hdr SA = A1::0, DA = A4::1
Payload
SR Hdr
< A3::A32, A4::1,
A5::A76, A2::C4 >

• Stateless
• NSH creates per-chain state
in the fabric
• SR does not
• App is SR aware or not
• App can work on IPv4, IPv6
or L2
Integrated NFV
1
2
4
V/64
3
T/64
4
App 76
VM
Server 5
5
3
App 32
Container
Server 3
IPv6 HdrSA = A1::0, DA = A5::A76
Payload
SR Hdr
< A3::A32, A4::1,
A5::A76, A2::C4 >

• Integrated with Overlay
Integrated NFV
1
2
4
V/64
3
T/64
4
App 76
VM
Server 5
5
3
App 32
Container
Server 3
Payload
SR Hdr
< A3::A32, A4::1,
A5::A76, A2::C4 >
Payload

Endpoint behaviors specs summary
Codename Behavior
End Endpoint [PSP/USP flavors]
End.X Endpoint with Layer-3 cross-connect [PSP/USP flavors]
End.B6 Endpoint bound to an SRv6 policy
End.B6.Encaps Endpoint bound to an SRv6 Encapsulation policy
End.DX6 Endpoint with decapsulation and IPv6 cross-connect (per-CE VPN label)
End.DT6 Endpoint with decapsulation and specific IPv6 table lookup (per-VRF VPN label)
End.DX2 Endpoint with decapsulation and Layer-2 cross-connect
Codename Behavior
Codename Behavior
Codename Behavior
Codename Behavior
End.DT2U/M Endpoint with decapsulation and Layer-2 unicast lookup / flooding (EVPN)
End.BM Endpoint bound to an SR/MPLS Policy

Transit behaviors specs summary
Codename Behavior
T Transit
T.Insert Transit with insertion of an SRv6 policy
T.Encaps Transit with encapsulation in an SRv6 policy
T.Encaps.L2 Transit with encapsulation of L2 frame in an SRv6 policy
Codename Behavior
T Transit
T.Encaps Transit with encapsulation in an SRv6 policy
Codename Behavior
T Transit
Codename Behavior
T Transit

• IGP:
• Local SIDs expressing topological functions
• e.g. End, End.X for TE and TI-LFA
• BGP-LS:
• SRv6 capabilities
• e.g. How many SIDs can I push efficiently?
• My Local SID Table
• BGP IP/VPN:
• Local SIDs expressing the VPN functionalities
• e.g. End.DX2, End.DX4, End.DX6, End.DT4, End.DT6
Signaling

Endpoint functions signaling
Codename Behavior IGP BGP-LS BGP IP/VPN
End Endpoint + [PSP/USP] X X
End.X Endpoint with Layer-3 cross-connect + [PSP/USP] X X
End.B6 Endpoint bound to an SRv6 policy X
End.B6.Encaps Endpoint bound to an SRv6 Encapsulation policy X
End.DX6 Endpoint with decapsulation and IPv6 cross-connect X X X
End.DX4 Endpoint with decapsulation and IPv4 cross-connect X X
End.DT6 Endpoint with decapsulation and specific IPv6 table lookup X X X
End.DT4 Endpoint with decapsulation and specific IPv4 table lookup X X
End.DX2 Endpoint with decapsulation and Layer-2 cross-connect X X

Service chaining

Service Chaining
Packets from are steered through a sequence of services on their way to the server

Service Chaining – traditional approach
• Services are placed on the traffic route
• Static configurations
• Traffic bottlenecks

Service Chaining with NSH
• Dedicated encapsulation header
• State to be maintained for each service chain

• Services are expressed with segments
• Flexible
• Scalable
• Stateless
Service Chaining with SRv6
S1 S2 S3 DSR: 〈S1, S2, S3, D〉

• Services are expressed with segments
• Flexible
• Scalable
• Stateless
S1
S2
S3
DSR: 〈S1, C1, S2, S3, D〉
C1

SR-UnAware VNFs:
• Application is not aware of SR at all
• Leverage VPP as a vm/container vSwitch to do SRv6 processing
SR-Aware VNFs:
• Leverage SRv6 Kernel support to create smarter applications
• SERA: SR-Aware Firewall (extension to iptables)
Types of VNFs

• Linux Kernel 4.14 includes support for TE and VPN functions
• srext module complements Linux Kernel and provides full support
for SRv6 Network Programming
• SERA: SR-aware firewall
• Firewall rules based on the SRH
• Firewall actions on the SRH
SRv6 support in the Linux Kernel

• Extensible framework that provides out-of-the-box production quality
switch/router functionality (dataplane only)
• We’ve implemented the entire SRv6 Network Programming on it
Vector Packet Processing
Extremely
fast
Packet
processing
stack
Open Source
Runs on
commodity CPU

• End.AM – Endpoint to SR-unaware app via masquerading
• End.AD – Endpoint to SR-unaware app via dynamic proxy
• End.ASM – Endpoint to SR-unaware app via shared memory
SR-UnAware VNFs
S1
DSR: 〈S1, C1, S2, S3, D〉
C1
S2 S3

• Why Application Responsive Networking?
• Revenue opportunities are moving towards the applications (hosted experiences, contextual experiences, etc)
• Applications have no visibility over the network or mechanisms to request optimization objectives
• IETF: Path Aware Networking RG (panrg)
“This proposed research group aims to support research in bringing path awareness to transport and
application layer protocols…”
• Smarter applications allows to distribute function processing over the network’s edges
• Let’s rethink service chains policies
• Leverage ”Loc::Fun:Arg” SRv6 SID format to embed function parameters
• Leverage TLVs for complex metadata or in-band telemetry
SR to the Host
B1:2605:A800:FFFE:1111:A100: :0100Firewall with Policy Identifier -> Policy ID
C1:2605:A800:FFFE:1111:A100: :1234Rate-Limiting Policy -> Threshold
D1:2605:A800:FFFE:1111:A100: A15 : 273Video transcoder -> Format/bitrate
F1:2605:A800:FFFE:1111:A100: A :0512JIT video packaging -> Package format
Locator Function Arguments

Agenda
1 SRv6 101
2 SRv6 LocalSIDs functions
3 Deployment use-cases
4 VPN Overlay
5 Service Chaining
7 SD-WAN
6 Spray
8 5G and network slicing

GW1
C::1
GW3
C::3
GW5
C::5
Content
Provider
Replicate traffic to every CMTS
through TE-Engineered core
path then to access mcast tree
then to anycast TV
2
3
SRv6 domain (Unicast)
SRv6 node Non SRv6 node
Peering to Content Provider Multicast domain
Subscribed to M1 channel
Flexible, SLA-enabled and efficient content injection without multicast core
Spray
CMTS4
4
CMTS5
5
Spray Policy 2: <B3::1, B5::1, M1>
Spray Policy 1: <B2::1, B4::1, M1>
Unicasted
VPP1
B::1

GW1
C::1
GW3
C::3
GW5
C::5
Content
Provider
Perform video transcoding
2
3
SRv6 domain (Unicast)
SRv6 node Non SRv6 node
Peering to Content Provider Multicast domain
Subscribed to M1 channel
Efficient distribution with flexible video processing
Spray + Service Pipeline
CMTS4
4
CMTS5
5
BSID A3::10 (Spray):
<B2::1, B4::1>
<B3::1, B5::1>
VPP3
A3::
VPP1
A1::
VPP2
A2::
SR Policy: <A2::1, A3::10, M1>

SD-WAN

• A Binding SID is a unique ‘alias’ of an SR policy. *
• If a packet arrives with the BSID, then the SR policy is applied on such packet
• Several Binding SIDs may point to the same SR policy
• Upon topology changes within the core of the network, the low-latency path may
change. While the path of an intermediate policy changes, its BSID does not change.
• Provides scaling, network opacity and service independence.
• A BSID acts as a stable anchor point which isolates one domain from the churn of
another domain.
Binding SID
* Naïve definition of a BSID

• Delegates the application recognition and policy decision to the
Entreprise who knows better when an application needs a non-
default path and which non-default path is needed
• NFV service chaining and Traffic-Engineering policies can be
integrated in a SR policy
• Applicability to both SR-MPLS and SRv6
• To simplify, let’s focus on
• TE/SLA policy
• SRv6
SD-WAN

• Lisbon (1) to Athens (7)
• Default
• <A7::>
• BW: Guaranteed 50Mbps
• <A10::1, A11::1, A7::>
• BSID: A1::999:1
• Low-Latency
• <A9::1, A7::>
• BSID: A1::999:2
1
2
3
4
5
6
7
8 9
Default
Latency
A1::999:2
10
11
A1::999:1
BW
Default versus BW versus Latency

• E1 encrypts the inner packet and encapsulate in outer packet to E2
• E1 does not push any BSID
App needs best-effort
E1 E2
App 1 needs default
Site 2
push no BSID

• E1 pushes A1::999:1
• The network provides the guaranteed BW service to App2
App needs guaranteed BW
E1 E2
App 2 needs 10Mbps
Site 2
push A1::999:1

• E1 pushes A1::999:2
• The network provides the low-latency service to App3
App needs low-latency
E1 E2
App 3 needs low-latency
Site 2
push A1::999:2

• App 4 needs flow F4A and F4B to reach site 2 via disjoint paths
• E1 encrypts the inner packets and encapsulate in outer packet to E2
• For F4A, E1 additionally pushes A1::999:3
• For F4B, E1 additionally pushes A1::999:4
Disjointness
E1 E2
push A1::999:4
push A1::999:3
Flow 4A
Flow 4B
Site 2

• Identifier for a customized SLA per application per Entreprise
• Secured
• Per-BSID counters for usage-based billing
• Delegates the application recognition and policy decision
to the Entreprise who knows better when an application
needs a non-default path and which non-default path is
needed
Binding SID is crucial in SD-WAN

• Enterprise-based
• Enterprise can easily monitors each individual service
• Simply sends the probes with the related BSID
• Service Provider-based
• The SP can enable per-SR-policy performance monitoring (latency/loss)
• These metrics can be leveraged by SDWAN controller and provided to
the Enterprise
• BSID Metadata to select which application to steer
Performance monitoring

5G and Network Slicing

• Well fragmented RAN, EPC, SGi
• Inefficient data paths
• Protocol stack gets large
• Per-session tunnel creation
• Per-mobility event tunnel handling
Current mobility networks
UE eNB
SGW
SGW
L2 Anchor
PGW
L3 Anchor Service Functions Internet
Does not scale to 5G requirements:
• Increased number of connected devices
• Ultra-low latency
• Network slicing
• Mobile edge computing

• What about if SRv6 becomes an alternative to GTP-U?
• Removing the per-session tunneling has obvious benefits
• Optimal data path (ultra-low latency)
• Integrated service chaining
• Native support for network slicing
• Achieved either via a centralized SDN solution or via SR TE with IGP FlexAlg
• Optimal resource utilization
• Well-progressed standardization
• IETF: draft-ietf-dmm-srv6-mobile-uplane-00
• 3GPP: Accepted study item in CT4 (#29.892)
SRv6 for mobile user-plane

Multi-cloud overlays

snort
Cisco
ASAv
VPC
• How do you interconnect several cloud-provider regions (as an end-customer)?
• Transit is plain IPv6 which we do not control
• Let’s use SRv6 for the overlay and service chaining only
• Deployed VPP as VPC gateway
Multi-cloud overlays
All nodes in green are SRv6 capable
Server
2
iptables
Server
1
Internet
Cloud provider A in region 1
Cloud provider B in region 2
VPP
VPC
VPP
VPC
VPP

Multi-cloud use-case
VPP
C2
snort
4 Cisco
ASAv
All nodes in green are SRv6 capable
VPP
C3
Server
2
iptables
VPP
C1
Server
1
Internet
Cloud provider B in region 2
IPv6 Hdr SA = C1::, DA = C2::C4
SR Hdr ( C3::C2, C2::C4 ) SL=1
IPv4 Hdr SA = 1.1.1.0, DA = 2.2.2.2
Payload
IPv4 Hdr SA=1.1.1.0, DA=2.2.2.2
Payload
IPv4 Hdr SA=1.1.1.0, DA=2.2.2.2
Payload
IPv6 Hdr SA = C1::, DA = C3::C2
SR Hdr ( C3::C2, C2::D3 ) SL=0
IPv4 Hdr SA = 1.1.1.0, DA = 2.2.2.2
Payload

Where are we?

Mar 2017 Apr 2017 Jun 2017 Aug 2017 2018Apr 2016 May 2017
SRv6 timeline
First SRv6 demo:
Spray use-case
VPP
ASR9k
ASR1k
NCS55xx
First SRv6 HW demo in
merchant sillicon
VPN DP use-case
Cisco Live US
SRv6 VPN
ASR1k
ASR9k
NCS55xx
VPP+NFV
BGP Control Plane
SD-WAN summit
SRv6 for the SD-WAN
ASR1k
SRv6 VPN+NFV:
MPLS World Con.
VPP
Linux
Barefoot
SRv6 VPN HW demo
SR VPN InterOp
Fretta
ASR9k
ASR1k
VPP
Linux
Barefoot
More to come…
5G + Network slicing
Sep 2017

 2018 Cisco and/or its affiliates. All rights reserved.
• VPN (v4 and v6)
& TE
& NFV
• Cisco HW with XR and XE
• Barefoot HW with P4 code
• FD.IO
• Linux
blogs.cisco.com/sp/segment-routing-ipv6-interoperability-demo-is-already-there

Conclusion

• Bold architecture
• Numerous use-cases
• FRR, TE, SDN, Overlay with SLA, NFV, Spray, SD-WAN, 5G & NS, ...
• First HW implementation demonstrated
• First FCS, field trial and deployment
• Feel free to join the lead-operator team!
SRv6 Leadership

• Track-record collaboration with operators
• Focus on real operator needs
• Seamless Deployment
• Standardization
• Multi-Vendor consensus
• Looking forward to working together
Partnering

SRv6 unleashes IPv6 potential
Scalability Single
protocol
NFVVPNFRRTE Automation

Stay Up-To-Date
http://www.segment-routing.net/
https://www.linkedin.com/groups/8266623
https://twitter.com/SegmentRouting
https://www.facebook.com/SegmentRouting/

Thank you!
ketant@cisco.com
www.segment-routing.net

SRv6 Network Programming: deployment use-cases

More Related Content

What's hot

Similar to SRv6 Network Programming: deployment use-cases

More from APNIC

Recently uploaded

In this document

SRv6 Network Programming: deployment use-cases