Segment routing
- lower latency because of no signalling before transmitting
- less state information (RSVP, tunnel state)
- OSPF (opaque LSA 10), IS-IS (IS neighbor sub-TLV, capability TLV), BGP
- segment = router or link (SID), globally (router) or locally (link) unique
- SRGB = 16000 to 23999 (Cisco)
- SID = base + index, announced via IGP, base can vary ⇒ would just use another base (announced by IGP)
- link-state-like approach in lieu of distance-vector-link of LDP ⇒ TI-LFA
- on-demand BGP next-hop
- bandwidth signalling for TE is not available (offloaded to controller)
Binding SID
- decreases imposed segment depth
- instead of <B,C,D,E,F> stack PE A can impose <B,Z,F> where B is an aggregation router that maps <Z> to <C,D,E>
- allocates a locally significant label for every SR policy
(config)# segment-routing
(config-sr)# traffic-eng
(config-sr-te)# policy <NAME>
(config-sr-te-policy)# binding-sid mpls <BSID>
CS-SR
- circuit-style SR: LSP is bidirectional
- predictable and symmetrical latency
- minimal jitter
- bit stream packetization: SyncE, no MTU limit, transparent to control protocol (e.g. OTN)
PLE
- private line emulation
- uses CS-SR, SyncE, EVPN VPWS
- bit-stream packetization (like OTN from outside)
- no MTU limit
Flex-Algo
- descendant of multi-topology routing (MTR)
- CSFP
- based on IGP metric, link delay
- avoid SRLG or affinity
- default algorithms
- 0 = SPF based on link metric, may be overriden locally
- 1 = SPF based on link metric, cannot be overriden locally
- algorithm definition flooded with IGP
- if tie, higher priority wins → higher System ID/Router ID wins
- node uses algorithm, if it is enabled for it, has a definition and supports it
- nodes not advertising algorithm are excluded from computation
(config)# router isis 1
(config-router)# flex-algo <n>
(config-isis-flex-algo)# metric-type delay
(config-isis-flex-algo)# advertise-definition
(config-isis)#performance-measurement
(config-isis)#interface GigabitEthernet0/2/0/3
(config-isis-if)#delay-measurement
SR MPLS
- segment ≡ MPLS
- label swap preserves label (SID) unless it performs its function or because of PHP (for router SID)
- no need for IGP-LDP sync
- flow identitication by MPLS Entropy label – used for load share on intermediate router
CLI
IOS XR
(config-ospf)# segment-routing forwarding mpls
(config-ospf)# segment-routing mpls
(config-ospf)# segment-routing sr-prefer
(config-ospf)# area <N>
(config-ospf-ar)# interface <INTF>
(config-ospf-ar-if)# prefix-sid index <INDEX>
IOS XE
(config-srmpls)# set-attributes
(config-srmpls-attr)# address-family ipv4
(config-srmpls-attr-af)# sr-label-preferred
(config-if)# tunnel mpls traffic-eng path-option <n> explicit name <PATH> segment-routing
Mapping server
- SR-to-SR: if it passes through LDP, LDP routers allocate prefixes based on RIB
- LDP-to-SR: LDP routers allocate labels based on RIB, SR&LDP routers do label swap
- SR-to-LDP: by default SR has no information about LDP prefixes – mapping needed
CLI
IOS XR
; announce local mapping through OSPF
(config-ospf)# segment-routing prefix-sid-map advertise-local
(config)# segment-routing
(config-sr)# mapping-server
(config-sr-ms)# prefix-sid-map
(config-sr-ms-map)# address-family ipv4|ipv6
(config-sr-ms-map-af)# <PREFIX> <INDEX> range <RANGE>
IOS XE
(config-router)# segment-routing mpls
(config-router)# segment-routing prefix-sid-map advertise-local
(config-router)# segment-routing area <n> mpls
(config)# segment-routing mpls
(config-srmpls)# connected-prefix-sid-map
(config-srmpls-conn)# address-family ipv4
(config-srmpls-conn-af)# <prefix> index <n> [range <m>]
SRv6
- uses routing extension header (SRH, type = 4) ≡ segment list
- segment ≡ IPv6 address
- aggregation of segments
- flow identification by IPv6 Flow label – used for load share on intermediate router
- push of SRH may be omitted if there is only one segment and no need for flag, tag or TLV
- border routers should use ACLs to drop traffic to SID prefix space
- does not remove segments from SRH, just updates SL
IOS XR CLI
Global
(config)# segment-routing srv6
(config-srv6)# locators
(config-srv6-locators)# locator <LOCNAME>
(config-srv6-locator)# prefix <SRV6_PREFIX>
IS-IS
(config-isis)# address-family ipv6 unicast
(config-isis-af)# segment-routing srv6
(config-isis-srv6)# locator myLoc1
(config-isis-srv6-loc)# level 1|2
BGP
(config)# router bgp <ASN>
(config-bgp)# segment-routing srv6
(config-srv6)# locator <LOCNAME>
(config-bgp)# address-family vpnv4 unicast
(config-bgp-af)# vrf all
(config-bgp-af-vrfall)# segment-routing srv6
; replace MPLS label with SRv6 segment
(config-bgp-af-vrfall-srv6)# alloc mode per-ce|per-vrf
Verification
; show endpoint SRv6 capabilities
# show segment-routing srv6
; SID-function mapping
# show segment-routing srv6 sid
Header
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len | 0x04 | Segments Left | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Last Entry | Flags | Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Segment List[0] (128-bit IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Segment List[n] (128-bit IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ Optional Type Length Value objects (variable) \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Segments Left: number of segements to be visited
Last Entry: zero-based, index of last entry in Segment List
Flags: 0x00, unused
Tag: can be used as SGT
Pad1 TLV
0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | 0x00 | +-+-+-+-+-+-+-+-+
PadN TLV
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0x04 | Length | Padding (variable) = 0x00 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Length: in bytes, [0,5]
HMAC TLV
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0x05 | Length |D| RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HMAC Key ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ HMAC \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Length: in bytes
D: 1 ≡ dst address verification disabled due to reduced segment list
SRv6 behaviours
- head-end
- H.Encaps
- SR head-end with encapsulation in an SR policy
- ≈ push label on PE
- for L3 traffic
- L3VPN at PE, TI-LFA at PLR
- H.Encaps.Red
- H.Encaps with reduced encapsulation
- first SID is placed only in dst IPv6, not placed in SRH
- H.Encaps.L2
- for Ethernet traffic
- Next Header of SRH = 143
- does not include preamble, FCS
- H.Encaps.L2.Red
- first SID is placed only in dst IPv6, not placed in SRH
- H.Insert
- inserts SRH after outer IPv6 (~ push label without adding extra IPv6 header)
- (A,B2)(B3,B2,B1; SL=1) ⇒ (A,S1)(B2,S3,S2,S1; SL=3)(B3,B2,B1; SL=1)
- H.Insert.Red
- first SID is placed only in dst IPv6, not placed in SRH
- (A,B2)(B3,B2,B1; SL=1) ⇒ (A,S1)(B2,S3,S2; SL=3)(B3,B2,B1; SL=1)
- H.Encaps
- endpoint
- End
- endpoint
- prefix-SID
- usually ::1
- IANA 0x0001, 0x0002 (PSP), 0x0003 (USP), 0x0004 (PSP & USP), 0x001c (USD), 0x001d (PSP & USD), 0x001e (USP & USD), 0x001f (PSP, USP & USD)
- End.X
- endpoint with L3 cross-connect
- adj-SID
- usually ::Cx
- IANA 0x0005, 0x0006 (PSP), 0x0007 (USP), 0x0008 (PSP & USP), 0x0020 (USD), 0x0021 (PSP & USD), 0x0022 (USP & USD), 0x0023 (PSP, USP & USD)
- End.T
- Specific IPv6 table lookup (in VRF)
- IANA 0x0009, 0x000a (PSP), 0x000b (USP), 0x000c (PSP * USP), 0x0024 (USD), 0x0025 (PSP & USD), 0x0026 (USP & USD), 0x0027 (PSP, USP & USD)
- End.DX6
- decapsulation + IPv6 cross-connect
- IPv6-L3VPN per-CE VPN label
- IANA 0x0010
- End.DX4
- decapsulation + IPv4 cross-connect
- IPv4-L3VPN per-CE VPN label
- IANA 0x0011
- End.DT6
- decapsulation + specific IPv6 table lookup
- IPv6-L3VPN per-VRF VPN label
- IANA 0x0012
- End.DT4
- decapsulation + specific IPv4 table lookup
- IPv4-L3VPN per-VRF VPN label
- IANA 0x0013
- End.DT46
- decapsulation + specific IP table lookup
- IP-L3VPN per-VRF VPN label
- IANA 0x0014
- End.DX2
- decapsulation + L2 cross-connect
- VPWS
- IANA 0x0015
- End.DX2V
- decapsulation + VLAN L2 lookup
- EVPN cross-connect
- IANA 0x0016
- End.DT2U
- decapsulation + unicast MAC L2 lookup
- EVPN bridging
- IANA 0x0017
- End.DT2M
- decapsulation + L2 lookup
- EVPN BUM bridging with ESI filtering
- IANA 0x0018
- End.B6.Encaps
- binding SID
- pushes new IPv6 outer header with its own SRH
- IANA 0x000e
- End.B6.Encaps.Red
- binding SID with reduced SRH
- IANA 0x001b
- End.BM
- SR-MPLS binding SID
- 0x000f
- End.B6.Insert
- inserts new SRH with binding SIDs between IPv6 header and existing SRH
- does not decrease SL in original SRH, otherwise one original segment would have been skipped at the tail of binding SID path
- IANA 0x000d
- End.B6.Insert.Red
- IANA 0x001a
- End,OP
- OAM endpoint
- End
Endpoint behaviour flavours
- penultimate segment pop (PSP) of SRH variant
- penultimate SR segment endpoint removes SRH (segments left = 0)
- ultimate segment pop (USP) of SRH variant
- SRH removed by ultimate SR segment endpoint
- may be useful to deliver metadata to ultimate hop (e.g. smartNIC)
- ultimate segment decapsulation (USD)
- removes SRH and outer IPv6 header
uSID
- locator
- SID block: well-known IPv6 prefix
- node ID
- format = Fbbuu
- bb: block size in bits
- uu: ID size in bits
- Cisco IOS XR supports F3216, /48-based routing if SRv6 not supported
- pop label:
- remove SID from IPv6 destination address, rewrite it
- append 0x0000 – end of carrier
- IOS XR: adj-SID begins with 0xe000
- behaviours:
- uN
- next-CSID (compressed SID) End: shift & lookup
- PSP/USD flavours
- uA
- next-CSID End.X
- PSP/USD flavours
- uDT
- next-CSID End.DT (DT4, DT6, DT46, DT2U, DT2M)
- uDX
- next-CSID End.DX (DX4, DX6, DX2)
- uN
IOS XR CLI
(config-srv6-locator)# micro-segment behavior unode psp-usd|shift-only
Spray
- head-end multicast replication
- mcast address is included in SRH as last segment (<PE, MCAST>)
IS-IS
Node MSD (23) or Link MSD (15) sub-TLV
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MSD-Type | MSD-Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MSD-Type | MSD-Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
MSD-Type:
- 1 = base MPLS Imposition MSD
BGP
- max message size = 4096 words, may impact large policies
- uses Prefix-SID path attribute: optional, transitive
Egress Peer Engineering (EPE)
- allows traffic steering on border (no IGP, only eBGP available)
- manual config or controller (collects info using BGP-LS)
- SID types
- PeerNode SID
- PeerAdjacency SID
- PeerSet SID
CLI
(config-bgp-nbr)# egress-engineering
(config-bgp-nbr)# peer-node-sid index <600>
(config-bgp)# adjacencies
(config-bgp-adj)# <directly connected neighbor IP> adjacency-sid index <n>
(config-bgp-afi)# peer-set-id <k>
(config-bgp-peer-set)# peer-set-sid <n>
; assigning peer to the set
(config-bgp-nbr)# peer-set <k>
(config)# mpls static
; egress interface towards eBGP peer
(config-mpls-static)# interface <intf>
Headers
Prefix-SID
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|O|T|P|E|Unused | Type code | Length | TLVs |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
O: optional, = 1
T: transitive, = 1
P: partial, = 0
E: extended length, = 0
Unused: = 0x0
Type code: 40
TLVs:
- 1 = Label-Index TLV
- 3 = Originator SRGB TLV
- 5 = SRv6 L3 Service TLV
- 6 = SRv6 L2 Service TLV
MPLS TLVs
Label-Index TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x01 | Length = 7 | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Label Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Label Index: index in SRGB space
Originator SRGB TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | |
+-+-+-+-+-+-+-+-+ SRGB 1 +-+-+-+-+-+-+-+-+-+
| | .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| SRGB n +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SRGB: first label in range (3 bytes) + number of labels in range (3 bytes)
SRv6 TLVs and sub-TLVs
SRv6 Service TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV Type | TLV Length | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SRv6 Service Sub-TLVs /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub-TLVs:
- 1 = SRv6 SID Information
SRv6 SID Information Sub-TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x01 | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| SRv6 SID Value |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SID Flags | SRv6 Endpoint Behavior | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SRv6 Service Data Sub-Sub-TLVs /
\ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub-Sub-TLVs:
- 1 = SRv6 SID Structure
SRv6 SID Structure Sub-Sub-TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x01 | Length | Locator Block |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Locator Node | Function | Argument | TranspLen |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TranspOffset |
+-+-+-+-+-+-+-+-+
Locator Block: SRv6 SID Locator block length in bits
Locator Node: SRv6 SID Locator node length in bits
Function: SRv6 SID Locator function length in bits
Argument: SRv6 SID Locator argument length in bits
TranspLen: transposition length in bits, part of SID that was shifted into MPLS label
TranspOffset: transposition offset, start of insertion in bits
PCEP
- path computation element (PCE): server
- path computation client (PCC): LSR
- PCE discovery: LSA 10 or capability TLV
- TCP 4189
- messages:
- Open: capabilities, parameters
- Keepalive: acknowledge Open, beacon ≡ does not trigger response
- Request: request path computation, carries constraints
- Response: explicit route or error
- Notify
- Error: refuse Open
- Close
(config-bgp)# address-family link-state link-state
PCE
(config)# pce
(config-pce)# address ipv4 <IP>
(config)# route isis <ISIS>
(config-isis)# distribute link-state
(config-isis)# segment-routing mpls
(config-isis)# address-family ipv4 unicast
(config-isis-af)# mpls traffic-eng level-1-2
(config-isis-af)# mpls traffic-end router-id <INTF>
(config)# pce
(config-pce)# segment-routing
(config-pce-sr)# traffic-eng
(config-pce-sr-te)# segment-list name <SEG_LST>
(config-pce-sr-te-sl)# index <N> address ipv4 <IP>
(config-pce-sr-te)# peer ipv4 <PCC_IP>
(config-pce-sr-te-peer)# policy <NAME>
(config-pce-sr-te-peer-policy)# color <COLOR> end-point ipv4 <PE_IP>
(config-pce-sr-te-peer-policy)# candidate-paths
(config-pce-sr-te-peer-policy-path)# preference <PREF>
(config-pce-sr-te-peer-policy-path-preference)# explicit segment-list <SEG_LST>
# show pce ipv4 peer
# show pce ipv4 topology
PCC
(config)# segment-routing traffic-eng
(config-sr-te)# pcc
(config-sr-te-pcc)# source address ipv4 <IP>
(config-sr-te-pcc)# pce address ipv4 <SRV_IP>
(config)# router static
(config-static)# address-family ipv4 unicast
; required to pass next-hop BGP check, should encompass PE loopback range
(config-static-afi)# <PE_PREFIX> Null0
# show segment-routing traffic-eng pcc ipv4 peer
BRPC
- backward recursive path computation
- PCE knows PCEs from peer domains + knows destination domain PCE
- calculate from the tail: PCE calculates best paths from domain entry points to destination, then sends the results to peers