SRv4 - LAB.
RFC 8402 Abstract :
Segment Routing (SR) leverages the source routing paradigm. A node steers a packet through an ordered list of instructions, called segments. A segment can represent any instruction, topological or service-based. A segment can have a semantic local to an SR node or global within an SR domain. SR allows to enforce a flow through any topological path while maintaining per-flow state only at the ingress nodes to the SR domain. Segment Routing can be directly applied to the MPLS architecture with no change on the forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels. The segment to process is on the top of the stack. Upon completion of a segment, the related label is popped from the stack. Segment Routing can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address of the packet. The next active segment is indicated by a pointer in the new routing header.
As defined above, source routing "the Source Router" will put in order a list labels on how the packet will be transported over the network, these instructions can be based on the Shortest path or a traffic-engineered path.
this abstract also mentions
Segment Routing can be directly applied to the MPLS architecture with no change on the forwarding plane.
from the RFC8402 we can understand then that normal label forwarding functions (such as pop, swap/ push) are still performed at data plane by the Routers.
https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
When a labeled packet is received by an MPLS router, the topmost label is examined. Based on the contents of the label a swap, push (impose), or pop (dispose of) operation is performed on the packet's label stack. Routers can have prebuilt lookup tables that tell them which kind of operation to do based on the topmost label of the incoming packet so they can process the packet very quickly.
- In a swap operation, the label is swapped with a new label, and the packet is forwarded along the path associated with the new label.
- In a push operation, a new label is pushed on top of the existing label, effectively "encapsulating" the packet in another layer of MPLS. This allows hierarchical routing of MPLS packets. Notably, this is used by MPLS VPNs.
- In a pop operation, the label is removed from the packet, which may reveal an inner label below. This process is called "decapsulation". If the popped label was the last on the label stack, the packet "leaves" the MPLS tunnel. This can be done by the egress router, but see Penultimate Hop Popping (PHP) below.
Before SRV4 at the control plane, we had to have an IGP for your IP Routing, we also had to signal the Inter-Domain LSPs using protocols such as LDP or (TDP / tag switching) also if you needed FRR you need another protocol for traffic engineering protocols such as RSVP-TE.
A segment can have a semantic local to an SR node or global within an SR domain. SR allows to enforce a flow through any topological path while maintaining per-flow state only at the ingress nodes to the SR domain.
With Segment routing, you collapse all these protocols into the IGP
basically SV4 is eliminating the use protocols in the network such as LDP, BGP-LU, RSVP-TE by integrating all these functions into Routing Protocol Extensions (ISIS/OSPF/BGP) and signal labels at the control plane.
IGP SR Extensions (rfc8665, rfc8666, rfc8667)
from the abstract:
A segment is encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels. Segment Routing can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address of the packet. The next active segment is indicated by a pointer in the new routing header.
Basically, on our IGP/BGP we just signal label values as segments for the case of MPLS at Dataplane, and for the case of IPv6 we use IPv6 addresses as segments
we can also read that segments can be Global to the domain or Local to the Router.
A segment can have a semantic local to an SR node or global within an SR domain.
the IGP can signal at control plane Prefix Segments and Adjacency Segments.
the Prefix Segment is distributed by the IGP (OSPF/ISIS) generating a label value based on the Global Segment Block, and the Node ID this value is allocated by the operator in every node.
let's look quickly at an example:
for this setup
each device was configured with ISIS as the IGP.
on each node we just configured the node segment ID manually
as for example:
R1
R1# run show configuration protocols isis
source-packet-routing {
node-segment ipv4-index 1; <<<<<<<
}
level 1 disable;
interface all {
point-to-point;
}
R2
R2# run show configuration protocols isis
source-packet-routing {
node-segment ipv4-index 2; <<<<<<<<
}
level 1 disable;
interface all {
point-to-point;
}
and so on..
Now, the cool stuff stats, from the point of view of R1 to reach R5. R1 will push Label 804101
root@R1# run show route 5.5.5.5 inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5.5.5.5/32 *[IS-IS/18] 00:07:20, metric 30 > to 10.1.12.2 via ge-0/0/1.0 inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5.5.5.5/32 *[L-ISIS/14] 00:07:20, metric 30 > to 10.1.12.2 via ge-0/0/1.0, Push 804101
The interesting part of this is how R1 got to know this label note that this label 804101? that is where Global Segment Block enters in play - R1 will use the base label plus the IPv4 Index that we manually configured at R5 as advertised by the IGP (804096 + 5) to use label 804101 as Node Label Segment ID
[edit]
root@R5# edit protocols isis
[edit protocols isis]
root@R5# show
source-packet-routing {
node-segment ipv4-index 5; <<<<<
}
level 1 disable;
interface all {
point-to-point;
}
[edit protocols isis]
when R1 received this information via the IGP it would contain the Index value for R5 and the Label Range
root@R1# run show isis database extensive level 2 R5 IS-IS level 2 link-state database: R5.00-00 Sequence: 0x6, Checksum: 0x2343, Lifetime: 803 secs IPV4 Index: 5 <<<<<<**** Node Segment Blocks Advertised: Start Index : 0, Size : 4096, Label-Range: [ 804096, 808191 ] <<<<<<** IS neighbor: R3.00 Metric: 10 Two-way fragment: R3.00-00, Two-way first fragment: R3.00-00 P2P IPv4 Adj-SID: 299776, Weight: 0, Flags: --VL-- IS neighbor: R4.00 Metric: 10 Two-way fragment: R4.00-00, Two-way first fragment: R4.00-00 P2P IPv4 Adj-SID: 299792, Weight: 0, Flags: --VL-- IP prefix: 5.5.5.5/32 Metric: 0 Internal Up IP prefix: 10.1.35.0/24 Metric: 10 Internal Up IP prefix: 10.1.36.0/24 Metric: 10 Internal Up IP prefix: 10.1.45.0/24 Metric: 10 Internal Up
all routers in this domain could function as the entry point to reach networks behind R5 (pushing labels), or they can just be LSRs in the path performing regular MPLS swap. As for example Router 2 point of view operation at the Dataplane level
this device could swap the label - as traffic coming from R1 with already a top label of 804101
root@R2# run show route label 804101 mpls.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 804101 *[L-ISIS/14] 00:27:51, metric 20 > to 10.1.23.3 via ge-0/0/0.0, Swap 804101 >>> Swap <<< to 10.1.24.4 via ge-0/0/2.0, Swap 804101 <<<
or if in case of being the source of the segment then this Router could just push a label to reach R5
root@R2# run show route 5.5.5.5 inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5.5.5.5/32 *[L-ISIS/14] 00:27:56, metric 20 > to 10.1.23.3 via ge-0/0/0.0, Push 804101 >>PUSH>> to 10.1.24.4 via ge-0/0/2.0, Push 804101 <<<<
The IGP Adjacency Segment is however dynamically allocated by device and distributed by the IGP - here the router will allocate adjacencies labels based on neighbors to represent the adjacency
as in our diagram, R3 will have then 3 adjacencies labels
root@R3# run show isis adjacency extensive R2 R2 Interface: ge-0/0/0.0, Level: 2, State: Up, Expires in 21 secs Priority: 0, Up/Down transitions: 1, Last transition: 01:28:09 ago Circuit type: 2, Speaks: IP, IPv6 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise IP addresses: 10.1.23.2 Level 2 IPv4 Adj-SID: 299808 <<<<<<< State: Up [edit] root@R3# run show isis adjacency extensive R4 R4 Interface: ge-0/0/3.0, Level: 2, State: Up, Expires in 23 secs Priority: 0, Up/Down transitions: 1, Last transition: 01:50:05 ago Circuit type: 2, Speaks: IP, IPv6 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise IP addresses: 10.1.34.4 Level 2 IPv4 Adj-SID: 299776 <<<<<<< State: Up [edit] root@R3# run show isis adjacency extensive R5 R5 Interface: ge-0/0/2.0, Level: 2, State: Up, Expires in 20 secs Priority: 0, Up/Down transitions: 1, Last transition: 01:49:27 ago Circuit type: 2, Speaks: IP, IPv6 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise IP addresses: 10.1.35.5 Level 2 IPv4 Adj-SID: 299792 <<<<<<< State: Up
Adjacency Segment is a local segment - is only used at R3 FIB, however, every router in the topology knows the label value in the topology- as you can see above then every router in the IGP Database knows the label of the adjacencies, but only R3 uses this label for a pop operation without consulting the IGP - This is very useful for Traffic engineering
The same holds true for all Routers running SPF
root@R5# run show isis adjacency extensive R4 R4 Interface: ge-0/0/0.0, Level: 2, State: Up, Expires in 23 secs Priority: 0, Up/Down transitions: 1, Last transition: 01:37:14 ago Circuit type: 2, Speaks: IP, IPv6 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise IP addresses: 10.1.45.4 Level 2 IPv4 Adj-SID: 299792 State: Up [edit protocols isis] root@R5# run show isis adjacency extensive R3 R3 Interface: ge-0/0/2.0, Level: 2, State: Up, Expires in 21 secs Priority: 0, Up/Down transitions: 1, Last transition: 01:54:19 ago Circuit type: 2, Speaks: IP, IPv6 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise IP addresses: 10.1.35.3 Level 2 IPv4 Adj-SID: 299776 State: Up [edit protocols isis] root@R5#
This labels are dynamically allocated by the device and advertised as Adjacency SID as labels
R1# run show isis database R3 detail IS-IS level 1 link-state database: IS-IS level 2 link-state database: R3.00-00 Sequence: 0xe, Checksum: 0x1737, Lifetime: 973 secs IPV4 Index: 3 Node Segment Blocks Advertised: Start Index : 0, Size : 4096, Label-Range: [ 804096, 808191 ] IS neighbor: R2.00 Metric: 10 P2P IPv4 Adj-SID: 299808, Weight: 0, Flags: --VL-- IS neighbor: R4.00 Metric: 10 P2P IPv4 Adj-SID: 299776, Weight: 0, Flags: --VL-- IS neighbor: R5.00 Metric: 10 P2P IPv4 Adj-SID: 299792, Weight: 0, Flags: --VL-- IP prefix: 3.3.3.3/32 Metric: 0 Internal Up IP prefix: 10.1.23.0/24 Metric: 10 Internal Up IP prefix: 10.1.34.0/24 Metric: 10 Internal Up IP prefix: 10.1.35.0/24 Metric: 10 Internal Up IP prefix: 10.1.36.0/24 Metric: 10 Internal Up
IGP adjacency segment is a local segment attached to one or more IGP adjacencies basically it instructs the router to forward the packet over a link that the adjacency is attached.
The adjacency segment will allow you to manipulate how packets are forwarded over the defined interface.
JNCIE x 2 | CCNP x 2 | Azure Architect
4 年nice stuff! I wonder what would Cisco IOS-XR style configuration look like for the SRv4?
Network Engineer | CCNP R&S | JNCIS-SP | JNCIS-ENT | JNCIA-DevOps | JNCIA-SEC
4 年Cool stuff bro!