Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …
Transcript of Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …
![Page 1: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/1.jpg)
1
Advanced Networking Topics:
BGP, BGP Hijacking, MPLS, MPLS-based VPNs,
Segment Routing, and others
Segment Routing over IPv6 (SRv6)
Jorge Crichigno, Elie Kfoury
University of South Carolina
WASTC 2021 virtual Faculty Development Weeks (vFDW)
June 18, 2021
![Page 2: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/2.jpg)
Introduction to Segment Routing
Segment Routing 2
![Page 3: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/3.jpg)
Conventional IP Routing
3
• When a packet arrives to a router, the router looks up in its forwarding table to match
the incoming packet and determine the corresponding action (e.g., forward the packet
to port 1)
Segment Routing
J. Kurose, K. Ross, “Computer networking, a top-down approach,” 7th Edition, Pearson, 2017
Local Forwarding Table
Header value Output link
8.8.8.8 1... ...
Routing algorithm
... ...
Local Forwarding Table
Header value Output link
8.8.4.4 3... ...
Routing algorithm
![Page 4: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/4.jpg)
Conventional IP Routing
4
• Every router in the network maintains a routing table
• Routing table lookup determines the appropriate output port for an incoming packet
• Conventional IP routing uses the packet’s destination IP address
Segment Routing
![Page 5: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/5.jpg)
Segment Routing
5
• Segment Routing (SR) is a form of source routing that encodes path information in the
packet
• A node inserts a header that contains a list of segments to packets
• Subsequent nodes in the network execute the instructions in the segments
Segment Routing
Juniper Networks, “What is Segment Routing?”. Online: https://tinyurl.com/2tp2njb5
![Page 6: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/6.jpg)
Advantages of Segment Routing
6
• Scalability; SR removes network state information from transit routers and nodes
• Flexibility and agility; highly responsive to network changes
• Simplicity; SR eliminates protocols: LDP, RSVP-TE, VxLAN, NSH, GTP
• End-to-end; zero modification for the packet outside the segment routing domain
Segment Routing
![Page 7: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/7.jpg)
Segment Routing Data Plane Implementations
7Segment Routing
• Segment routing can be implemented using two different data planes
• Segment routing over Multiprotocol Label Switching (SR-MPLS)➢ Each segment is a label
➢ The segment list is a label stack
➢ No change in the forwarding plane
• Segment routing over IPv6 (SRv6)➢ Each segment is an address
➢ The segment list is an address list
➢ New header Segment Routing Header (SRH) is defined in RFC8754
![Page 8: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/8.jpg)
Segment Routing Data Plane Implementations
8Segment Routing
• Segment routing can be implemented using two different data planes
• Segment routing over Multiprotocol Label Switching (SR-MPLS)➢ Each segment is a label
➢ The segment list is a label stack
➢ No change in the forwarding plane
• Segment routing over IPv6 (SRv6) Focus of this session➢ Each segment is an address
➢ The segment list is an address list
➢ New header Segment Routing Header (SRH) is defined in RFC8754
![Page 9: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/9.jpg)
SRv6 Features
9Segment Routing
• SRv6 leverages the IPv6 Extension Headers (RFC 8200)
• SRv6 benefits from all features deployed over the years on MPLS network➢ Traffic engineering
➢ Fast reroute
➢ etc.
• With SRv6, it is possible to pack more than IPv6 addresses into a segment ID
• SRv6 enables functionalities that go beyond routing and traffic steering➢ Service Function Chaining (SFC)
➢ Virtual Private Networks (VPNs)
➢ etc.
• The focus of this session is on SRv6 basic configuration for traffic steering
![Page 10: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/10.jpg)
Near-stateless Traffic Engineering
10
• SRv6 enables stateless traffic engineering (TE)
• SRv6 eliminates the need for complex RSVP-TE and complex TE configurations
Segment Routing
Hernán Contreras G, Cisco Systems. “Network Programming with SRv6”. LACNOG, September 2018
![Page 11: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/11.jpg)
SRv6 Header Format
11Segment Routing
IPv6 addresses
![Page 12: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/12.jpg)
SRv6 Header Format
12Segment Routing
Original IPv6 addresses
SRv6 header
Segment list
![Page 13: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/13.jpg)
SRv6 Example
13Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 14: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/14.jpg)
SRv6 Example
14Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 15: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/15.jpg)
SRv6 Example
15Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 16: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/16.jpg)
SRv6 Example
16Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 17: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/17.jpg)
SRv6 Example
17Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 18: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/18.jpg)
SRv6 Example
18Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 19: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/19.jpg)
SRv6 Example
19Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 20: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/20.jpg)
SRv6 Example
20Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 21: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/21.jpg)
SRv6 Example
21Segment Routing
• SR path: R1-R2-R4
2001:192:168:1::10
R1Ingress
R2
R3
R4Egress
2001:192:168:4::10
h1 h2
Segment Routing Domain
![Page 22: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/22.jpg)
SRv6 beyond Traffic Steering
Segment Routing 22
![Page 23: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/23.jpg)
SRv6 Network Programming
23Segment Routing
• SRv6’s original intention was only to steer traffic
• Unlike SR-MPLS, SRv6 was viewed as a more distant goal and received less attention
• SRv6 gained back the attention when the SRv6 Network Programming draft was
submitted to the IETF
![Page 24: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/24.jpg)
SRv6 Network Programming
24Segment Routing
• Network instruction: 128-bit SRv6 SID
• Locator: routed to the node performing the function
• Function: either local to a Network Processing Unit (NPU) or app in VM/Container
• Flexible bit-length selection
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
![Page 25: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/25.jpg)
SRv6 Functions
25Segment Routing
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
![Page 26: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/26.jpg)
End SID
26Segment Routing
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
• Endpoint function ("End" for short) is the most basic function
• End function pseudocode
![Page 27: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/27.jpg)
IPv6-enabled Provider Infrastructure
27Segment Routing
• IPv4, IPv6 or L2 frame is encapsulated within the SR Domain
• Outer IPv6 header includes an SRH with the list of segments
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
![Page 28: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/28.jpg)
Use Case: Integrated NFV
28Segment Routing
• Stateless Service Chaining
• App is SR aware or not
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
![Page 29: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/29.jpg)
SRv6 Interoperability
31Segment Routing
Clarence Filsfils, Cisco “SRv6”. Online: https://www.segment-routing.net/tutorials/2017-12-05-srv6-introduction/
![Page 30: Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …](https://reader031.fdocuments.in/reader031/viewer/2022012510/618847d93f6465692e5be28b/html5/thumbnails/30.jpg)
Further Readings
32Segment Routing
• State of SR (Cisco-maintained website): https://www.segment-routing.net/
• SRv6 Linux implementation: https://segment-routing.org/
Segment Routing, Part IClarence Filsfils
Segment Routing, Part IIClarence Filsfils
IP Network eBook Series - SRv6, Huawei