Think in SRv6 - cisco.com · • Hdr Ext Len: Any IPv6 device can skip this header • Segments...

思科首席工程师/工信部通信科技委委员

10/25/2018

Think in SRv6: 极简的编程化网络

苏远超

THANK YOU!

Peering optimization

Simplify MPLS WAN optimization

WAE

WAN

WAE

WA

Peer’s

ISP

ISP

ISPNSO

50ms protection(TI-LFA)

100

10

10 10

10

WA

N B

WAE

DC

WAE

Unified Forwarding Plane/SPDC

3GPP 5G Study Item C4-176400: SRv6

SR已经成为事实上的SDN架构标准

http://www.3gpp.org/ftp/tsg_ct/WG4_protocollars_ex-CN4/TSGCT4_81_Reno/Docs/C4-176400.zip

网络比以往任何时候都更需要成为一个平台

5G

5G

5G

5G/物联网

下一代数据中心

微服务

城域网/骨干网

现有网络

现有数据中心

行业

解决方案

下一代网络平台-基于Segment Routing

多云世界

SR回顾

SRv6理念&原理

SRv6案例

Agenda

应用驱动网络:Segment Routing简化 & 可扩展

Segment

Routing

SDN

控制器

应用1

应用提出需求 – 带宽, 时延, 保护…

2控制器从网络中收集拓扑，链路状态，链路利用率等信息

3

应用被映射到由Segment list所定义的路径上

只需网络边缘节点维持路径信息中间节点无状态

Segment Routing标准化进展

http://www.segment-routing.net/ietf/

•Segment Routing Architecture RFC 8402

•Source Packet Routing in Networking (SPRING) Problem Statement and Requirements RFC 7855

•Use Cases for IPv6 Source Packet Routing in Networking (SPRING) RFC 8354

•Label Switched Path (LSP) Ping/Trace for Segment Routing Networks Using MPLS Dataplane RFC 8287

•UDP Return Path for Packet Loss and Delay Measurement for MPLS Networks RFC 7876

•IS-IS Traffic Engineering (TE) Metric Extensions RFC 7810

•OSPF Traffic Engineering (TE) Metric Extensions RFC 7471

•Packet Loss and Delay Measurement for MPLS Networks RFC 6374

• Segment Routing最重要的架构标准”Segment Routing Architecture”已经完成了标准化: RFC8402

• Segment Routing目前已经有8个标准的RFC文件,另外有数量众多的技术草案预计在2019/2020年完成标准化• 25份工作组草案, 32份个人草案

https://datatracker.ietf.org/doc/rfc8402/
















MPLS+SDN+NFV World Congress 2018- EANTC多厂家互通测试

• 参与厂家

• 思科，华为，中兴，Juniper，Nokia，Arista，Spirent，IxiaErissson，ECI， UTStarcom

• 测试的项目

• SR, SR-FRR/TI-LFA

• SR与LDP互通，SRv6

• EVPN-E-line, E-Tree, IRB

• EVPN/VXLAN与EVPN/SR互通

• SDN

• PCEP，Netconfig/Yang

• 域内SR-TE，跨域SR-TE

• 时钟同步‘All our test scenarios involving MPLS in the Segment Routing, Ethernet VPNs andSoftware Defined Networking sections were carried out using Segment Routing...’

SR回顾

SRv6理念&原理

SRv6案例分析

Agenda

SR

MPLS数据平面SR MPLS

IPv6数据平面SRv6

IPv4控制平面:

ISIS/OSPF/BGP

IPv6控制平面:

ISISv6/OSPFv3/BGP4+

SR支持IPv6

Why this?

SR for Anything

Network as a Computer

服务器

CPU指令

程序

网络

SRv6

Segment

SDN

SRv6: 极简 & 编程

draft-filsfils-spring-srv6-network-programming

SRv6 Segment格式: Locator+Function

• SRv6 SIDs are 128-bit addresses

• Locator: most significant bits are used to route the segment to its parent node

• Function: least significant bits identify the action to be performed on the parent node

• Argument [optional]: Last bits can be used as a local function argument

• Flexible bit-length allocation

• Segment format is local knowledge on the parent node

• SIDs have to be specifically enabled as such on their parent node

• A local address is not by default a local SID

• A local SID does not have to be associated with an interface

1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : 8888

Locator Function Argument

编程化网络

Next Segment

Locator 1 Function 1






编程化网络

Next Segment





Locator2 Function2


编程化网络

Next Segment







目前定义的SRv6操作(Function)

• End Endpoint function The SRv6 instantiation of a prefix SID

• End.X Endpoint function with Layer-3 cross-connect The SRv6 instantiation of a Adj SID

• End.T Endpoint function with specific IPv6 table lookup

• End.DX2 Endpoint with decapsulation and Layer-2 cross-connect L2VPN use-case

• End.DX6 Endpoint with decapsulation and IPv6 cross-connect IPv6 L3VPN use (equivalent

of a per-CE VPN label)

• End.DX4 Endpoint with decapsulation and IPv4 cross-connect IPv4 L3VPN use (equivalent

of a per-CE VPN label)

• End.DT6 Endpoint with decapsulation and IPv6 table lookup IPv6 L3VPN use (equivalent

of a per-VRF VPN label)

• End.DT4 Endpoint with decapsulation and IPv4 table lookup IPv4 L3VPN use (equivalent

of a per-VRF VPN label)

• End.B6 Endpoint bound to an SRv6 policy SRv6 instantiation of a Binding SID

• End.B6.Encaps Endpoint bound to an SRv6 encapsulation Policy SRv6 instantiation of a

Binding SID

• End.BM Endpoint bound to an SR-MPLS Policy SRv6/SR-MPLS instantiation of a Binding SID

• End.S Endpoint in search of a target in table T

• End.AS Endpoint to SR-unaware APP via static proxy

• End.AM Endpoint to SR-unaware APP via masquerading

• T.Insert Transit behavior with insertion of an SRv6 Policy

• T.Encaps Transit behavior with encapsulation in an SRv6 policy

• T.Encaps.L2 T.Encaps behavior of the received L2 frame

And more...

SRv6业界支持情况

• 用户接受度• 多个运营商/OTT的RFP中, SRv6都是必选项• 2019年初首个客户商用案例

• 业界共识• 主流厂商都将SRv6作为5G承载的终极目标

• 开源社区• Linux(内核4.10以上), FD.IO/VPP, IPtables,

Snort...

• 芯片• Cisco全系列路由/交换芯片支持SRv6

• Broadcom Jericho2芯片全面支持SRv6

• Barefoot P4芯片• 产品实现

• Cisco全系列路由器/交换机从2018年底开始支持SRv6

• 基于Broadcom Jericho2芯片的设备预计1HCY19支持SRv6

Linux支持SRv6情况

*srext: a Linux kernel module for the SRv6 Network Programming modelSource: http://www.segment-routing.net/open-software/linux/

IPv6很早就支持源路由了

• Generic routing extension header

• Defined in RFC 2460

• Next Header: UDP, TCP, IPv6…

• Hdr Ext Len: Any IPv6 device can skip this header

• Segments Left: Ignore extension header if equal to 0

• Routing Type field:• 0 Source Route (deprecated since 2007)

• 1 Nimrod (deprecated since 2009)

• 2 Mobility (RFC 6275)

• 3 RPL Source Route (RFC 6554)

• 4 Segment Routing

43

SRv6定义了新的路由扩展头类型但不止是为了支持源路由

• NH = 43, Type = 4

43

RFC

24

60

SR s

pec

ific

4

draft-ietf-6man-segment-routing-header

源节点(Source Node)

• Source node is SR-capable

• SR Header (SRH) is created with

• Segment list in reversed order of the path

• Segment List [ 0 ] is the LAST segment

• Segment List [ 𝑛 − 1 ] is the FIRST segment

• Segments Left is set to 𝑛 − 1

• First Segment is set to 𝑛 − 1

• IP DA is set to the first segment

• Packet is send according to the IP DA

• Normal IPv6 forwarding

Version Traffic Class

Next = 43 Hop LimitPayload Length

Source Address = A1::

Destination Address = A2::

Segment List [ 0 ] = A4::


Next Header Len= 6 Type = 4 SL = 2

First = 2 Flags TAG

IPv6

Hd

r


SR H

dr

Payload

Flow LabelFlow Label

4A4::

1A1::

SR Hdr

IPv6 Hdr SA = A1::, DA = A2::

( A4::, A3::, A2:: ) SL=2

Payload

2A2::

3A3::

SR Hdr


( A4::, A3::, A2:: ) SL=2

Payload

中转节点(Non-SR Transit Node)

• Plain IPv6 forwarding

• Solely based on IPv6 DA

• No SRH inspection or update

4A4::

1A1::

2A2::

3A3::

SR Hdr


( A4::, A3::, A2:: ) SL=1

Payload

Segment端节点(SR Segment Endpoints)

• SR Endpoints: SR-capable nodes whose address is in the IP DA

• SR Endpoints inspect the SRH and do:

• IF Segments Left > 0, THEN

• Decrement Segments Left ( -1 )

• Update DA with Segment List [ Segments Left ]

• Forward according to the new IP DA








First = 2 Flags TAG

IPv6

Hd

r


SR H

dr

Payload


4A4::

AA1::

2A2::

3A3::

SR Hdr


( A4::, A3::, A2:: ) SL=0

Payload

Segment端节点

• SR Endpoints: SR-capable nodes whose address is in the IP DA

• SR Endpoints inspect the SRH and do:

• IF Segments Left > 0, THEN

• Decrement Segments Left ( -1 )

• Update DA with Segment List [ Segments Left ]

• Forward according to the new IP DA

• ELSE (Segments Left = 0)

• Remove the IP and SR header

• Process the payload:

• Inner IP: Lookup DA and forward

• TCP / UDP: Send to socket

• …








First = 2 Flags TAG

IPv6

Hd

r


SR H

dr

Payload


4A4::

1A1::

2A2::

3A3::

Standard IPv6 processingThe final

destination does not have to be SR-

capable.

Segment端节点转发流程

SRv6实现VPN

• Automated

• No tunnel to configure

• Simple

• Protocol elimination

• Efficient• SRv6 for everything

1

2

Green Overlay V/64via A2::C4

4

V

3

T1

IPv6 ( A1::0, A2::C4 )

payload

IPv4 ( T1, V)

IPv4 ( T1, V )

payload

IPv4 ( T1, V)

payload

End.DX4/End.DT4

BGP SRv6 VPN–控制平面

1 2

5

A2::1A1::1

eBGPAFI:1 -IPv4SAFI:1NLRI:4.0.0.0/8NH:4.4.4.1

eBGPAFI:1 -IPv4SAFI:1NLRI:4.0.0.0/8NH:.3.3.3.2

A2::C4end.DX4

A1::C3end.DX4

33.0.0.0/8

3.3.

3.1

3.3.

3.2

44.0.0.0/8

4.4

.4.1

4.4.

4.2

iBGPAFI:1 -IPv4SAFI:128NLRI:4.0.0.0/8NH:A2::1Label:ImplNullSID: A2::C4

A2::/64IGP

A1::/64IGP

draft-dawra-idr-srv6-vpn-03

BGP SRv6 VPN–数据平面

1 2 4 4.0.0.0/833.0.0.0/8

5

A2::1A1::1

A2::C4end.DX4

A1::C3end.DX43

.3.3

.1

3.3

.3.2

4.4

.4.1

4.4

.4.2

IPv4 ( 3.1.1.1, 4.1.1.1)

payload

IPv6 ( A1::1, A2::C4 )

payload

IPv4 ( 3.1.1.1, 4.1.1.1)

IPv4 ( 3.1.1.1, 4.1.1.1) )

payload

SRv6实现VPN+TE

• SRv6 does not only eliminate unneeded overlay protocols

• SRv6 solves problems that these protocols cannot solve

1

2

Green Overlay Vvia A2::C4with Latency

4

V

3

T1

3

IPv4 ( T1, V )

payload

IPv4 ( T1, V )

payload

IPv6 ( A1::0, A2::C4 )

payload

IPv4 ( T1, V )

SRH {A2::C4 ,A3::0}

IPv6 ( A1::0, A3::0 )

payload

IPv4 ( T1, V )

SRH {A2::C4 ,A3::0}

SRv6实现SD-WAN

ISP1

A BISP3 ISP4

ISP22

C

SD-WAN控制器

站点A 站点 B

1 3

X

主机T 主机R

B to R

IP: (T, R) (Payload)IP: (T, R) (Payload)

Packet T to R(A, C1:B31::; NH=SRH)

(B, C1:B31::; SL=1; NH=ESP)

(ESP(T,R)Payload)

A to 1

(A, C2::; NH=SRH)

(B,C3::,C2::; SL=2; NH=ESP)

(ESP(T,R)Payload)

1 to 3 3 to B

(A, B; NH=ESP)

(ESP (T,R)Payload)

节点1上生成BSID:BSID C1:B31:: to SR Policy to 3

draft-dukes-spring-sr-for-sdwan-00

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Strictly Confidential

Payload

IPv6 SA = C1::, DA = C2::1

SR(E2::1, C2::1, E1::A2)

SL=1IPv4 SA = A.A.A.A, DA = B.B.B.B

SRv6实现服务链(End.AD)

TenGE0/1/0 TenGE0/2/0

Service192.168.0.10

Proxy E1::/6

4

Dynamically learned SR information on the proxy.

Note: IFACE-OUT and IFACE-IN may be virtual interfaces

Payload

IPv4SA = A.A.A.A, DA =

B.B.B.B

Payload

IPv6 SA = C1::, DA = E1::A2

SR(E2::1, C2::1, E1::A2)

SL=2IPv4 SA = A.A.A.A, DA = B.B.B.B

• Ingress: SID E1::A2 with dynamic proxy behavior

• Advance to next segment

• Store IPv6 and extension headers in local cache

• Pop IPv6 and extension headers

• Forward towards S-ADDR on IFACE-OUT

• Egress: Inbound policy on IFACE-IN

• Encapsulate with cached IP and SR header

• Forward based on outer destination address

• Inner header can be IPv4, IPv6 or Ethernet

• SR policy can combine service and topological segments

• Per-chain dynamic configuration

>VPP: show sr localsidSID BehaviorE1::A2 Dynamic proxy

INNER-TYPE: IPv4,S-ADDR: 192.168.0.10,IFACE-OUT: TenGE0/1/0,IFACE-IN: TenGE0/2/0

IPv6 SA = C1::, DA = C2::1

SR(E2::1, C2::1, E1::A2)

SL=1

Cache:

draft-xuclad-spring-sr-service-chaining-01


SRv6实现服务链(End.AM)

• SRv6 insertion mode only

• SR policy can combine service and topological segments

• Chain agnostic configuration

Payload

IPv6 SA = C1::, DA = C2::1

SR (B::, C2::1, E1::A4) SL=1

TenGE0/1/0 TenGE0/2/0

Service2001::A

Proxy E1::/6

4

Payload

IPv6 SA = C1::, DA = E1::A4

SR (B::, C2::1, E1::A4) SL=2

>VPP: show sr localsidSID BehaviorE1::A4 Masquerading proxy

S-ADDR: 2001::A,IFACE-OUT: TenGE0/1/0,IFACE-IN: TenGE0/2/0

IPv6 SA = C1::, DA = B::

SR (B::, C2::1, E1::A4) SL=1

Payload

• Ingress: SID E1::A4 with masquerading proxy behavior

• Decrement SL value (2 → 1)

• Replace DA with last segment (B::)

• Forward towards S-ADDR on IFACE-OUT

• Egress: Inbound policy on IFACE-IN

• Restore DA based on SR header SL value

• Forward based on destination address

Replace active segment with final destination address.


• Proxy functions

• Linux (srext kernel module)

• FD.io VPP (18.04)

• SR-capable open-source services

• iptables (mainstream)

• nftables (mainstream)

• Snort

SR服务链支持情况

And also:• Wireshark (mainstream)• tcpdump (mainstream)• pyroute2 (mainstream)

Note: SRv6 is supported in the Linux kernel since version 4.10 (Feb 2017).

SRv6与传统IPv6网络互操作

root@sr:~#ip -6 route add b::/64 via a::1 encap seg6 mode encap segs 2001:718:1c01:eeee::1,2001:718:1:20:a::2

Ubuntu 16.04.2 LTS

Source: http://www.segment-routing.net/conferences/

root@sr:~#sr localsid address 2001:718:1c01:eeee::2 behavior end.dt6 1

VPP/FD.IO

SRv6与SR MPLS网络互操作

MPLS { L1, L2, L3 }

SR Hdr (…,E::, D::30,…) SL=k-1

Payload

IPv6 Hdr SA = A::, DA = E::SR Hdr

IPv6 Hdr SA = A::, DA = D::30

(…,E::, D::30,…) SL=k

Payload

D

D:: /64

End.BM: Binding-SID(D:30), 对应于SR Policy标签栈(<L1,L2,L3>)

SR Policy for IPv6:直接根据IPv6目的地址/Color或者flow信息把数据包引导至SR Policy

MPLS { L1, L2, L3 }

SR Hdr (…,E::, D::10,…) SL=k

Payload

IPv6 Hdr SA = A::, DA = D::10SR Hdr

IPv6 Hdr SA = A::, DA = D::10

(…,E::, D::10,…) SL=k

Payload

R

Color

ToS

(Color,Endpoint)

1 7711 7

EVPN prefixes with VNI: 1001

NH: 1.1.1.4

EVPN prefixes with SRv6 VPN SID A7::DX4

2 53 6

4

SRv6 PoDVxLAN PoD

SRv6与VXLAN互操作(控制平面)

37

44

Stitching

1. Node 7 advertises EVPN prefixes with SRv6 VPN SID A7::DX4

2. Node4/44 install prefixes in respective VRF table

3. Node4/44 will originate EVPN prefix with VNI 1001 with NH as 1.1.1.4

4. Node1 install prefixes in respective VRF table

1

23

4

• IPv6 SID can be A7::DX6 A7::DT6 or A7::DT46

1 77

Payload

VNI:1001

IPv4

Payload

SA = B4::DA = A7::DX4

IPv6

Payload

VNI:1001

IPv4

Payload

SA = B4::DA = A7::DX4

IPv6

11 7

2 53 6

4

SRv6 PoDVxLAN PoD

SRv6与VXLAN互操作(数据平面)

38

44

Stitching

1

2 3

4

SR回顾

SRv6理念&原理

SRv6案例分析

Agenda

某运营商网络改造目标

初期5G接入/汇聚基于SRv6, 未来支持端到端SRv6

近期目标: 5G承载接入/汇聚采用SRv6

AN APT

SRv6

ISISv6

MP-BGP

SR MPLS

ISISv6

APTSRv6-VPN IXCR CR

SR MPLS

ISISv6

CR

LDP

RSVP-TE

CR

OSPF

VPNv4

MP-BGP

IPv6 Global

VPNv4/PBB-EVPN

MP-BGP

APTN

SRv6 Domain

VLAN连接

VLAN

VLAN

VLAN

BB Core

Mobile Core

Enterprise Core

AN PTN

MPLS-TP

PTN

现有PTN

PE

PEPE

PE

SRv6

ISISv6

SRv6

ISISv6

IXCR CR

BB Core

SRv6

ISISv6

CR

Mobile Core

SRv6

ISISv6

CR

Enterprise Core

AN PTNPTN

SRv6-VPN(EVPN)

SRv6 Global

SRv6-VPN(EVPN)

MP-BGP

APTN

现有PTN

终极目标: 端到端SRv6

MP-BGP

AN

MP-BGP

MP-BGP

MP-BGP

SRv6 Domain for Mobile

APTAPT

SRv6SRv6

SRv6

SRv6连接

SRv6 Domain for BB

PEPE

PEPE

MPLS-TP

5G核心网采用SRv6

5G核心网采用GTP作为用户面的问题

用户已经获得IPv6地址的情况下继续使用GTP承载用户数据开销很大(532bits)且很难扩展(每session一隧道)

532bits

多UPF场景下使用GTP的问题(N9接口)

SRv6用于5G核心网

draft-ietf-dmm-srv6-mobile-uplane-02

多个UE共享同一条SR Policy

多个UE共享多条SR Policy(网络切片)

SRv6: 全新的思考、设计、运营网络的方式！

更多内容...

SR最新信息: http://www.segment-routing.net/

SR中文内容: https://www.cisco.com/c/zh_cn/solutions/service-provider/segment_routing.html

Segment Routing详解(第一卷)

架构 & 原理

中文版Q12019

Segment Routing详解(第二卷)

SRTE

中文版2H2019

Segment Routing详解(第三卷)

SRv6

http://www.segment-routing.net/

https://www.cisco.com/c/zh_cn/solutions/service-provider/segment_routing.html

Think in SRv6 - cisco.com · • Hdr Ext Len: Any IPv6 device can skip this header • Segments...

Documents

Transcript of Think in SRv6 - cisco.com · • Hdr Ext Len: Any IPv6 device can skip this header • Segments...