Total 3 Blogs

Created by - Orhan Ergun

Segment Routing and MPLS VPN

MPLS VPN and Segment Routing. Many people have been asking what are the differences between MPLS VPN and Segment Routing. In fact, this is a wrong question, because Segment Routing provides transport, MPLS VPN provides Service. They are not mutually exclusive but they are complementary. In order to create end to end MPLS VPN service, Segment routing and MPLS VPN have to be provisioned in the network together. So, Segment Routing is Underlay, MPLS VPN is Overlay. MPLS VPN can be setup without Segment Routing. Instead of Segment Routing as a Transport mechanism, LDP, RSVP,BGP or plane IP can be a Transport for the VPNs. Let me explain all of the above with the below example.Segment Routing Architecture is covered in RFC 8402. If you are not familiar with Segment Routing at all, I suggest you to read my Segment Routing Key Points post now. If you are okay with the basics, please continue reading. Label 100 for the PE2 (Egress PE) loopback is advertised with the IGP protocol (Not via LDP or RSVP), and all the routers use identical label.(Node/Prefix Label is unique throughout the network) Unlike LDP, label 100 does not change hop by hop with Segment Routing. Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes from PE2. BGP next hop is PE2 loopback on PE1. PE2 loopback is assigned label 100 and advertised in the IS-IS sub-TLV or OSPF Opaque LSA advertisements. In the above picture, Label 2000 is the VPN label which is advertised by PE2 to PE1 for the CE2 prefix. If you are familiar with MPLS VPNs, remember that P routers (P-1 and P-2 in the topology) are not aware of VPN label. P1 does not change the core/transport label (Label 100) , it just sends the packet to the P2. If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In sum, only the VPN label is sent to the PE2. Without using LDP but just by using IGP, MPLS VPN service is provided. Segment Routing does not require LDP for the transport tunnel because it uses IGP for the label advertisement. Please note that Segment Routing eliminates to use LDP only for the transport label operation only. If you setup MPLS layer 2 VPN service and use LDP for PW signaling , Segment Routing and Targeted LDP are used as two control plane protocols to setup MPLS L2 VPN. MPLS is very powerful with its applications. MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic Engineering are the most common applications of IP/MPLS networks. MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and Web OTT. More importantly, you can use all the MPLS applications with Segment Routing. Resource consumption such as the CPU and Memory can be reduced with Segment Routing greatly. Summary: Segment Routing and MPLS VPN are used in today networks together. Segment Routing just eliminates removing LDP and RSVP as Transport Mechanism , for the Service LDP and BGP is used to provision MPLS Layer 2 or MPLS Layer 3 VPNs. Segment Routing still requires LDP or BGP for the MPLS VPN service. They have to be running together in the network to create end to end MPLS VPN service.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Segment Routing Key Points

Segment Routing (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment ‘.State is kept in the packet header, not on the router, with Segment Routing.   Resources such as the CPU and Memory are saved.   If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network.   If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries. As for the scalability, everything is perfect. However, there is a caveat.   Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support.   Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit path scenarios.   You can use Segment Routing to provide MPLS VPN service without using LDP for the transport label distribution. Segment Routing provides Traffic Engineering without having soft state RSVP-TE protocol on your network. Soft state protocols require a lot of processing power.Although Segment Routing does not have permission control, you can use routers to specify, for instance, 50Mbs LSP path for traffic A and 30 Mbps for traffic B using centralized controller, a process that allows you to use traffic engineering. Segment Routing provides Fast Reroute without RSVP-TE, and you do not need to have thousands of forwarding state in the network, as it uses IP FRR technology, specifically Topology Independent LFA. Segment Routing has many use cases. This article explains MPLS VPN, Traffic Engineering, and Fast Reroute even though Dual Plane topologies are other use cases for the operators. With Traffic Engineering, you can have ECMP capability, a task that is very difficult to achieve with MPLS Traffic Engineering. This is because you need to create two tunnels. There are other use cases such as Egress peering engineering. Today, this can be achieved by the complex BGP policy or LISP . However, with Segment Routing, BGP Egress peer engineering is much easier. I will explain this process and other use cases in a separate article. Major vendors – including Alcatel, Ericson, and Juniper – support segment Routing. If you have devices not supported by Segment Routing but by LDP, you can use Segment Routing to interwork the LDP enabled devices. Also, the Segment Routing Mapping Server provides interworking functionality. One of Cisco’s objectives is to allow Segment Routing to provide native IPv6 transport.Today, Segment Routing supports IPv6 more than MPLS.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Segment Routing Traffic Engineering

Segment Routing Traffic Engineering - First, you need to remember MPLS-Traffic engineering operation. MPLS-traffic engineering requires four steps, as shown below, for its operation. Link information such as bandwidth, IGP metric, TE metric, and SRLG is flooded throughout the IGP domain by the link state protocols. The path is calculated either with CSPF in a distributed manner or with offline tools as a centralized fashion. If a suitable path is found, it is signalled via RSVP-TE and the RSVP assigns the label for the tunnels. The traffic is placed in the tunnels.     Figure - IP MPLS Traffic EngineeringIn the diagram shown above – if the traffic flows between R1 and R5 when the packet travels to R2 – the IGP chooses the top path as the shortest path. This is because the cost of R2 to R5 through R3 is smaller than that of R2 to R5 through R6. As you must have observed, R2-R6-R7-R4 link is not used during this operation. With MPLS-traffic engineering, both the top and bottom path can be used. The top path has high latency and high throughput path; as a result, it can be used for data traffic. On the other hand, the bottom path has low latency, low throughput path, and expensive link; thus, it can be used for latency sensitive traffic, including voice and video. To complete this operation, we need to create two MPLS-traffic engineering tunnels: one tunnel for data and the other tunnel for voice traffic. After doing that, we can place CBTS (Class based traffic selection) option of MPLS TE and voice traffic into voice LSP (TE tunnel). Next, we can identify data traffic and place it into LSP (TE tunnel). How can we achieve the Traffic Engineering operation with Segment Routing? Segment routing traffic engineering I have explained Node/Prefix SID in one of the previous sections. Now, you know that Node/Prefix SID is assigned to the loopback addresses of all segment router enabled devices, and SID is unique in the routing domain. Also, there is another SID type flooded with IGP packet. Adjacency Segment ID While Adjacency SID is unique to the local router, it is globally not as unique as Node/Prefix SID. Routers automatically allocate an Adjacency Segment ID to their interfaces, especially when the segment routing is enabled on the device.     In the topology shown above, R2 allocates Adjacency SID to the interface of R6. Label 22001 is the adjacency SID of R2 towards R3 interface, and it is used for steering traffic from the shortest path (perhaps, you do not desire to use only the shortest path). Label 16005 is the Node/Prefix SID of R5. If the packet is sent from R1 to R5 with two SID, 22001 and 16005 (since R2 usually send 22001 for its local adjacency), R1 will send the packet to R2; R2 will pop 22001, sending the remaining packet towards R6 with16005 – which is Node/Prefix SID of R5. R6 will send the packet to R7 because it is the shortest path to R5. Node/Prefix SID is used in the shortest path routing, and it has ECMP capability. What’s more, Adjacency SID is used in explicit path routing. NOTE: While Adjacency SID is used for Explicit Path Routing, Node/Prefix SID follows the shortest path. I will provide more examples so that you can understand how to use node and Adjacency SID to provide an explicit path for the traffic flows.   Figure - Node and adjacency segment idOur aim is to send traffic between router A and router J; however, we do not want to use E-G link. In this operation, we will use the A-C-E-F-H-J path. To achieve our aim, we need to reach E. After that, we will divert the traffic to the E-F link. Next, F will transfer the traffic to J, which is the final destination. Router A should put three label/Segment ID on the packet. SID 1600, the first SID, will travel to router E. The second SID is 16002, which is the Adjacency SID for the R2-R3 interface. This SID is unique, and it is known only by the ingress router, not by C. The third SID is 16003, which is the Node/Prefix SID of Router J. Router C receives the packet with three SID, pops the 16001, and sends the remaining two labels to router E. Router E receives the packet with 16002 SID, which is the Adjacency SID towards router F. Thus, router E pops it, and sends the remaining packet to router F. Router F receives the packet with SID 16003, which is the Node/Prefix SID of router J. So, router F follows the shortest path, sending the packet to router H as well as swapping 16003 with 16003 without changing it. If router J sends implicit null label, router H pops the 16003 and undergoes PHP, sending the IP packet to the router J. If we want to carry out this operation using MPLS-TE, we can create an explicit path by providing ERO. Also read : Segment routing fundamentals

Published - Tue, 26 Nov 2019