Created by - Orhan Ergun
Segment Routing v6: Revolutionizing the Future of Networking Introduction The ever-evolving nature of the Internet has given rise to the need for more efficient and flexible routing mechanisms to meet increasing demands for quality and high-performance connectivity. Segment Routing (SR) has emerged as a powerful solution, delivering the benefits of scalability, reduced complexity, and improved traffic engineering. With the growing adoption of IPv6, Segment Routing v6 (SRv6) has further solidified its place as a game-changer in modern networking. In this article, we will delve deep into SRv6, examining its core concepts, architecture, advantages, use cases, and the future of networking it enables. The Fundamentals of Segment Routing Segment Routing is a source routing paradigm that uses the concept of segments to define the forwarding path of a packet. A segment is a representation of a topological or functional subpath of a packet's route. The segment list, which is an ordered list of segments, is embedded in the packet's header, specifying the exact path the packet should follow through the network. There are two primary implementations of Segment Routing: SR-MPLS: Segment Routing with Multi-Protocol Label Switching SRv6: Segment Routing with IPv6 Segment Routing v6 (SRv6) Architecture SRv6 is a powerful extension of the Segment Routing paradigm that leverages the IPv6 address space to encode the segment list directly in the IPv6 header. It takes advantage of IPv6's large address space, allowing the encoding of complex paths and functions in a compact and efficient manner. SRv6 introduces the concept of Segment Routing Header (SRH), which is an optional IPv6 extension header. The SRH contains the segment list, along with other necessary information such as segment list length, active segment, and optional TLVs (Type-Length-Value). SRv6 Network Programming SRv6 network programming is a significant innovation in the SRv6 architecture. It provides a framework for encoding a sequence of network instructions (functions) in the segment list. These instructions dictate how a packet is to be processed as it traverses the network, enabling advanced traffic engineering, service chaining, and other complex network functions. SRv6 network programming uses a combination of endpoint functions and transit functions: Endpoint Functions (SIDs): These are performed by the endpoint node of a segment. Transit Functions: These are performed by the transit nodes as the packet traverses the network. Advantages of SRv6 SRv6 brings a plethora of benefits to the networking world, including: Simplification: SRv6 simplifies the network architecture by reducing the need for multiple control planes and overlay technologies. Scalability: SRv6's efficient use of the IPv6 address space enables the encoding of complex paths and functions, providing unparalleled scalability. Traffic Engineering: SRv6 offers advanced traffic engineering capabilities, allowing for better path selection, load balancing, and resource optimization. Service Chaining: SRv6 network programming enables seamless service chaining, facilitating the integration of various network services in a single path. Enhanced Security: SRv6 provides improved security features by supporting end-to-end encryption and allowing the implementation of security policies at the network layer. SRv6 Use Cases SRv6 has a wide range of applications in modern networking, including: Data Center Interconnect (DCI): SRv6 enables efficient interconnection of data centers, providing improved traffic engineering and load balancing. 5G Networks: SRv6 plays a critical role in 5G networks, delivering the required flexibility, scalability, and traffic engineering capabilities. VPN Services: SRv6 allows the creation of advanced VPN services with enhanced security, traffic SRv6 vs. SR-MPLS The two primary implementations of Segment Routing are SR-MPLS (Segment Routing with Multi-Protocol Label Switching) and SRv6 (Segment Routing with IPv6). Both implementations offer unique advantages, but they also differ in key aspects. This article provides a detailed comparison of SRv6 and SR-MPLS to help you understand the fundamental differences, strengths, and weaknesses of each approach. Overview of SR-MPLS and SRv6 SR-MPLS is an implementation of Segment Routing that leverages the MPLS data plane to forward packets based on label-switched paths (LSPs). In SR-MPLS, segments are represented by MPLS labels, and the segment list is encoded in the MPLS label stack. SRv6, on the other hand, is an IPv6-based implementation of Segment Routing that utilizes the large IPv6 address space to encode the segment list directly in the IPv6 header. SRv6 introduces a new IPv6 extension header, the Segment Routing Header (SRH), which contains the segment list and other necessary information. Addressing and Encapsulation The most significant difference between SR-MPLS and SRv6 lies in their addressing and encapsulation mechanisms. In SR-MPLS, segments are represented by MPLS labels (20-bit identifiers), which are pushed onto the MPLS label stack. The size of the MPLS label stack grows linearly with the number of segments in the segment list, increasing the packet overhead. SRv6, however, leverages the large IPv6 address space (128-bit addresses) to encode the segment list in the IPv6 header. The SRH contains the segment list and can be of variable length depending on the number of segments. Although IPv6 headers are larger than MPLS labels, SRv6 provides more flexibility in encoding complex paths and network functions, thanks to the vast IPv6 address space. Network Programming and Functions Both SR-MPLS and SRv6 support network programming, which enables the encoding of a sequence of network instructions (functions) in the segment list. However, SRv6 offers more flexibility and extensibility in network programming due to the large IPv6 address space and the use of the SRH. SR-MPLS relies on the MPLS label stack and can become complex when implementing advanced network functions. In contrast, SRv6's network programming model provides a more versatile framework for encoding and executing complex network functions at each segment endpoint. Traffic Engineering and Scalability Both SR-MPLS and SRv6 offer advanced traffic engineering capabilities, allowing for better path selection, load balancing, and resource optimization. However, SRv6 has an edge in terms of scalability due to the efficient use of the IPv6 address space. SR-MPLS, while effective in smaller networks, can face scalability challenges in large-scale deployments, primarily because of the limited MPLS label space. SRv6, on the other hand, is better suited for large-scale deployments and can accommodate more complex topologies and network functions with ease. Interoperability and Transition In terms of interoperability and transition, SR-MPLS has an advantage since it can be deployed as an extension to existing MPLS networks without significant changes to the underlying infrastructure. This makes SR-MPLS an attractive option for operators looking to evolve their MPLS networks gradually. SRv6, however, requires the deployment of IPv6, which may not be feasible for all network operators, especially those with a significant investment in legacy IPv4/MPL
Published - 21 Hours Ago
Created by - Orhan Ergun
MPLS VPN and Segment Routing. Many people have been asking what are the differences between MPLS VPN and Segment Routing. In fact, this is a wrong question, because Segment Routing provides transport, MPLS VPN provides Service. They are not mutually exclusive but they are complementary. In order to create end to end MPLS VPN service, Segment routing and MPLS VPN have to be provisioned in the network together. So, Segment Routing is Underlay, MPLS VPN is Overlay. MPLS VPN can be setup without Segment Routing. Instead of Segment Routing as a Transport mechanism, LDP, RSVP,BGP or plane IP can be a Transport for the VPNs. Let me explain all of the above with the below example.Segment Routing Architecture is covered in RFC 8402. If you are not familiar with Segment Routing at all, I suggest you to read my Segment Routing Key Points post now. If you are okay with the basics, please continue reading. Label 100 for the PE2 (Egress PE) loopback is advertised with the IGP protocol (Not via LDP or RSVP), and all the routers use identical label.(Node/Prefix Label is unique throughout the network) Unlike LDP, label 100 does not change hop by hop with Segment Routing. Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes from PE2. BGP next hop is PE2 loopback on PE1. PE2 loopback is assigned label 100 and advertised in the IS-IS sub-TLV or OSPF Opaque LSA advertisements. In the above picture, Label 2000 is the VPN label which is advertised by PE2 to PE1 for the CE2 prefix. If you are familiar with MPLS VPNs, remember that P routers (P-1 and P-2 in the topology) are not aware of VPN label. P1 does not change the core/transport label (Label 100) , it just sends the packet to the P2. If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In sum, only the VPN label is sent to the PE2. Without using LDP but just by using IGP, MPLS VPN service is provided. Segment Routing does not require LDP for the transport tunnel because it uses IGP for the label advertisement. Please note that Segment Routing eliminates to use LDP only for the transport label operation only. If you setup MPLS layer 2 VPN service and use LDP for PW signaling , Segment Routing and Targeted LDP are used as two control plane protocols to setup MPLS L2 VPN. MPLS is very powerful with its applications. MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic Engineering are the most common applications of IP/MPLS networks. MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and Web OTT. More importantly, you can use all the MPLS applications with Segment Routing. Resource consumption such as the CPU and Memory can be reduced with Segment Routing greatly. Summary: Segment Routing and MPLS VPN are used in today networks together. Segment Routing just eliminates removing LDP and RSVP as Transport Mechanism , for the Service LDP and BGP is used to provision MPLS Layer 2 or MPLS Layer 3 VPNs. Segment Routing still requires LDP or BGP for the MPLS VPN service. They have to be running together in the network to create end to end MPLS VPN service.
Published - Tue, 26 Nov 2019
Created by - Orhan Ergun
Segment Routing (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment ‘.State is kept in the packet header, not on the router, with Segment Routing. Resources such as the CPU and Memory are saved. If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network. If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries. As for the scalability, everything is perfect. However, there is a caveat. Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support. Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit path scenarios. You can use Segment Routing to provide MPLS VPN service without using LDP for the transport label distribution. Segment Routing provides Traffic Engineering without having soft state RSVP-TE protocol on your network. Soft state protocols require a lot of processing power.Although Segment Routing does not have permission control, you can use routers to specify, for instance, 50Mbs LSP path for traffic A and 30 Mbps for traffic B using centralized controller, a process that allows you to use traffic engineering. Segment Routing provides Fast Reroute without RSVP-TE, and you do not need to have thousands of forwarding state in the network, as it uses IP FRR technology, specifically Topology Independent LFA. Segment Routing has many use cases. This article explains MPLS VPN, Traffic Engineering, and Fast Reroute even though Dual Plane topologies are other use cases for the operators. With Traffic Engineering, you can have ECMP capability, a task that is very difficult to achieve with MPLS Traffic Engineering. This is because you need to create two tunnels. There are other use cases such as Egress peering engineering. Today, this can be achieved by the complex BGP policy or LISP . However, with Segment Routing, BGP Egress peer engineering is much easier. I will explain this process and other use cases in a separate article. Major vendors – including Alcatel, Ericson, and Juniper – support segment Routing. If you have devices not supported by Segment Routing but by LDP, you can use Segment Routing to interwork the LDP enabled devices. Also, the Segment Routing Mapping Server provides interworking functionality. One of Cisco’s objectives is to allow Segment Routing to provide native IPv6 transport.Today, Segment Routing supports IPv6 more than MPLS.
Published - Tue, 26 Nov 2019
Created by - Orhan Ergun
Segment Routing Traffic Engineering - First, you need to remember MPLS-Traffic engineering operation. MPLS-traffic engineering requires four steps, as shown below, for its operation. Link information such as bandwidth, IGP metric, TE metric, and SRLG is flooded throughout the IGP domain by the link state protocols. The path is calculated either with CSPF in a distributed manner or with offline tools as a centralized fashion. If a suitable path is found, it is signalled via RSVP-TE and the RSVP assigns the label for the tunnels. The traffic is placed in the tunnels. Figure - IP MPLS Traffic EngineeringIn the diagram shown above – if the traffic flows between R1 and R5 when the packet travels to R2 – the IGP chooses the top path as the shortest path. This is because the cost of R2 to R5 through R3 is smaller than that of R2 to R5 through R6. As you must have observed, R2-R6-R7-R4 link is not used during this operation. With MPLS-traffic engineering, both the top and bottom path can be used. The top path has high latency and high throughput path; as a result, it can be used for data traffic. On the other hand, the bottom path has low latency, low throughput path, and expensive link; thus, it can be used for latency sensitive traffic, including voice and video. To complete this operation, we need to create two MPLS-traffic engineering tunnels: one tunnel for data and the other tunnel for voice traffic. After doing that, we can place CBTS (Class based traffic selection) option of MPLS TE and voice traffic into voice LSP (TE tunnel). Next, we can identify data traffic and place it into LSP (TE tunnel). How can we achieve the Traffic Engineering operation with Segment Routing? Segment routing traffic engineering I have explained Node/Prefix SID in one of the previous sections. Now, you know that Node/Prefix SID is assigned to the loopback addresses of all segment router enabled devices, and SID is unique in the routing domain. Also, there is another SID type flooded with IGP packet. Adjacency Segment ID While Adjacency SID is unique to the local router, it is globally not as unique as Node/Prefix SID. Routers automatically allocate an Adjacency Segment ID to their interfaces, especially when the segment routing is enabled on the device. In the topology shown above, R2 allocates Adjacency SID to the interface of R6. Label 22001 is the adjacency SID of R2 towards R3 interface, and it is used for steering traffic from the shortest path (perhaps, you do not desire to use only the shortest path). Label 16005 is the Node/Prefix SID of R5. If the packet is sent from R1 to R5 with two SID, 22001 and 16005 (since R2 usually send 22001 for its local adjacency), R1 will send the packet to R2; R2 will pop 22001, sending the remaining packet towards R6 with16005 – which is Node/Prefix SID of R5. R6 will send the packet to R7 because it is the shortest path to R5. Node/Prefix SID is used in the shortest path routing, and it has ECMP capability. What’s more, Adjacency SID is used in explicit path routing. NOTE: While Adjacency SID is used for Explicit Path Routing, Node/Prefix SID follows the shortest path. I will provide more examples so that you can understand how to use node and Adjacency SID to provide an explicit path for the traffic flows. Figure - Node and adjacency segment idOur aim is to send traffic between router A and router J; however, we do not want to use E-G link. In this operation, we will use the A-C-E-F-H-J path. To achieve our aim, we need to reach E. After that, we will divert the traffic to the E-F link. Next, F will transfer the traffic to J, which is the final destination. Router A should put three label/Segment ID on the packet. SID 1600, the first SID, will travel to router E. The second SID is 16002, which is the Adjacency SID for the R2-R3 interface. This SID is unique, and it is known only by the ingress router, not by C. The third SID is 16003, which is the Node/Prefix SID of Router J. Router C receives the packet with three SID, pops the 16001, and sends the remaining two labels to router E. Router E receives the packet with 16002 SID, which is the Adjacency SID towards router F. Thus, router E pops it, and sends the remaining packet to router F. Router F receives the packet with SID 16003, which is the Node/Prefix SID of router J. So, router F follows the shortest path, sending the packet to router H as well as swapping 16003 with 16003 without changing it. If router J sends implicit null label, router H pops the 16003 and undergoes PHP, sending the IP packet to the router J. If we want to carry out this operation using MPLS-TE, we can create an explicit path by providing ERO. Also read : Segment routing fundamentals
Published - Tue, 26 Nov 2019