Orhan Ergun 12 Comments

Segment routing fundamentals

Segment routing refers to a source routing mechanism that provides Traffic Engineering, Fast Reroute, and MPLS VPNS without LDP or RSVP-TE.

As you are reading this post, you will learn everything about segment routing. With some extension to the existing protocols, this source routing mechanism will assist you to solve all the complex problems related to Traffic Engineering, Fast Reroute, and MPLS VPNS.

With RSVP-TE, you can use MPLS to create BGP free core, VPN services (layer 2 and layer 3), and traffic engineering capability.

In this post, I will explain Segment Routing and all the problems associated with MPLS. After that, I will elucidate how Segment Routing can provide solutions to those problems.

If you are knowledgeable about Segment Routing, you can continue with the use cases.

What is Segment Routing ?

The answer is no brainer. Segment Routing refers to a source routing mechanism.

I implore you not to confuse source routing with policy based routing (PBR), as both of them are different.

While the source is an edge node, it can be a server, a top of rack switch, a virtual switch, or an edge router. Source allows service chaining, and its entire path can be exposed to ingress/head end router.

What does segment means ?

Segment is the component path that allows the packets to travel, a task specified by the user.

For instance, you could direct a component travelling from firewall X to go to router A, and then to router B. Yes, you can do that.

In fact, service chaining can be achieved with Segment Routing.

Even though Segment Routing uses IP control plane, it employs MPLS data plane in its operation. Segment ID is equivalent to MPLS label, and segment list is exposed to label stack.

Some extensions of OSPF and IS-IS is necessary for the Segment Routing because segment/label moves within the link state IGP protocol messages.

To understand how Segment Routing functions, you need to understand MPLS VPN operation.

MPLS VPN Operation 

If you know everything about MPLS VPN operation already, you can skip this section.

The below diagram depicts the MPLS VPN operation.

 

mpls vpnThe diagram has two labels: core label, also known as transport tunnel; and topmost label. In MPLS layer 2 or layer 3 VPN operations, the topmost label moves from PE1 loopback to PE2 loopback. While the topmost label provides an edge-to-edge reachability, LDP, RSV, or BGP allows core/transport label.

In the context of MPLS VPN, LDP is the most commonly used label distribution protocol.

If you want to use MPLS Traffic Engineering architecture, then you need to enable RSVP-TE for label distribution. And of course, LDP and RSVP can coexist in the network.

VPN label is provided by BGP, specifically Multi-protocol BGP.

PE routers change BGP next hop as their loopback addresses to the VPN prefixes. Also, core/transport label is used to reach the BGP next hop.

PE1 pushes two labels: the red label and the blue label. Sent by P1 to PE1 via LDP, red label – which is the core/transport label – is changed at every hop.

The red label is removed at P2 if PE2 sends an implicit null label, a process known as PHP (Penultimate hop popping).

The blue label is the VPN label sent by PE2 to PE1 through MP-BGP session.

Next, I will explain MPLS VPN operations with Segment Routing.

MPLS VPN with Segment Routing

If similar operation is done with Segment Routing, the red label is sent from PE2 to all the routers within the IGP domain via link state protocols (OSPF or IS-IS), not within the LDP label messages (see picture below).

Node segment ID, also known as prefix segment ID, is used for specifying the loopback interface of Segment Routing enabled device.

Within the loopback interface, Segment Routing is enabled; because of that, Node/Prefix Segment identifier is assigned to such loopback interface.

Throughout this post, I will use the SID abbreviation for Segment ID.

Node/Prefix SID is sent via either IS-IS or OSPF LSP and LSAs.

All the Segment Routing enabled routers receive and learn Node/Prefix SID from one another.

To assist you to understand this topic, I will explain MPLS Layer 3 VPN operation as well as segment routing.

segment routing

As you must have observed, there is no LDP in the above diagram. Label 100 is advertised in the IGP protocol, and all the routers use identical label.

As for LDP, label 100 does not change hop by hop.

Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes.

BGP next hop is PE2 loopback. PE2 loopback uses label 100 in the IS-IS sub-TLV or OSPF Opaque LSA.

PE1 assumes label 100 as a core / transport label, and so too does the outer label consider label 2000 the inner VPN label .

P1 does not change the core/transport label; rather, it sends the packet to the P2.

If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In sum, only the VPN label is sent to the PE2.

Without using LDP but by using IGP, MPLS VPN service is provided. Segment Routing does not require LDP for the transport tunnel because it uses IGP for the label advertisement.

Please note that Segment Routing eliminates  to use LDP only for the transport label operation.

If you setup MPLS layer 2 VPN for the PW label, you will use either LDP or BGP because Segment Routing does not provide such capability.

PW (Pseudowire) can be signaled via LDP or RSVP. LDP signaled pseudowire is also known as Martini pseudowire, while BGP signaled pseudowire is also known as Kompella psedowire.

So, if you provide layer 2 VPN service with Segment Routing, you will notice two labels: transport label provided by the IGP to reach the correct PE; and LDP or BGP assigned label for the end customer AC (Attachment circuit) identification in the remote PE.

MPLS is very powerful with its applications.

MPLS and its applications are very powerful.

MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic Engineering are the most common applications of IP/MPLS networks.

MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and Web OTT.

More importantly, you can use all the MPLS applications with Segment Routing.

If you read this article, you should continue to read the  “Segment Routing Use Cases,Segment Routing Fast Reroute” articles as well.

I include couple references and resources in case you want to learn more about Segment Routing.

http://www.segment-routing.net

http://www.ietf.org/proceedings/88/slides/slides-88-spring-13.pdf

http://blogs.cisco.com/sp/segment-routing-impact-on-software-defined-networks

https://datatracker.ietf.org/doc/draft-filsfils-spring-segment-routing-msdc/

https://datatracker.ietf.org/doc/draft-filsfils-spring-segment-routing-use-cases/?include_text=1

https://www.youtube.com/watch?v=8qGVmrArU7o

https://www.youtube.com/watch?v=lujkWfdB4NM

https://www.youtube.com/watch?v=4G0h5XBnyGc

What about you ? 

Do you have MPLS Traffic Engineering on your network ? 

What sorts of problems you have if you have MPLS Traffic Engineering ?

What might be other use cases of Segment Routing ? 

Let’s discuss in the comments below.