Upload
trandang
View
229
Download
0
Embed Size (px)
Citation preview
Segment RoutingClarence FilsfilsDistinguished [email protected]
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Segment Routing
• Unified
– DC + WAN + Aggregation
– from server in the DC, through WAN and to the service edge
• Policy-aware
– DC: disjoint planes, flow-based congestion avoidance
– WAN: disjoint services, latency-sensitive traffic, scheduled bulk transfer
• Application programs the end-to-end policy
– The end-to-end policy is encoded by the application as an SR segment list in the packet header
• Balance between distributed and centralized intelligence
– Distributed: automated sub-30msec FRR link/node in any topology with optimum backup path
– Centralized: traffic optimization for better use of the installed capacity
• Applicable to MPLS and IPv6 dataplanes
• Much simpler to operate than MPLS Classic
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Source Routing: the source chooses a path and encodes it in the packet header as an ordered list of segments.
Segment: an identifier for any type of instruction
Service
Context
Locator
IGP-based forwarding construct
BGP-based forwarding construct
Local value or Global Index
Segment Routing
Segment = Instructions such as "go to node N using the shortest path"
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MPLS: an ordered list of segments is represented as a stack of labels
SR re-uses MPLS dataplane without any change
IPv6: an ordered list of segments is represented as a routing extension header, see 4.4 of RFC2460
IGP-based segments require minor extension to the existing link-state routing protocols (OSPF and IS-IS).
Segment Routing
The remainder of this session focuses on SR on MPLS dataplane
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Simple extension to let IGP install segments in the MPLS dataplane
Excellent Scale: a node installs N+A FIB entries
N node segments and A adjacency segments
IGP Segments
A B C
M N O
Z
D
P
Node segment to C
Node segment to Z
Adj Segment
Node segment to C
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Node Segment
• Z advertises a global node segment 16065 with its loopback
– simple ISIS sub-TLV extension
> default SRGB [16000, 23999] at all nodes is a request from all lead operators for operational simplicity. The protocol and implementation allows for different SRGB at every node
• All remote nodes install in their FIB the node segment 16065 to Z
A B C
Z
D
16065
FEC Z push 16065
swap 16065 to 16065
swap 16065 to 16065
pop 16065
A packet injected anywhere with top
segment 16065 will reach Z via
shortest-path
Packet to Z
Packet to Z
16065
Packet to Z
16065
Packet to Z
16065
Packet to Z
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Node Segment
• ECMP– A node segment to 16078 distributes traffic across all ECMP paths
to O
A B C
M N O
Z
D
P
16078
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Adjacency Segment
• C allocates a local segment 29003 and maps it to the instruction “complete the segment and forward along the interface CO”
• C advertises the adjacency segment in ISIS
– simple sub-TLV extension
• C is the only node to install the adjacency segment in FIB
A B C
M N O
Z
D
P
Pop 29003
A packet injected at node C with segment
29003 is forced through datalink CO
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Explicit path as Segment List
• ECMP– Node segment
• Per-flow state only at head-end– not at midpoints
• Source Routing– the path state is in the packet
header
A B C
M N O
Z
D
P
16078
Packet to Z
1606516078
Packet to Z
16065
Packet to Z
Packet to Z
16065
Packet to Z
16065
16078
16072
Packet to Z
16065
16078
16072
1607216072
16065
16065
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Guaranteed Link/Node FRR in any topology
50msec protection
Simplicity
Entirely automated
No directed LDP session
No RSVP-TE tunnels
Incremental deployment
Applicable to LDP primary traffic
Optimal backup path along postconvergence path
Prevents transient congestion and suboptimal routing
Automated 50-msec Protection for IGP Segments
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IP/MPLS architecture that seeks the right balance between distributed intelligence and centralizedoptimization and programming.
simplifies operation (lower opex)
enables application-based service creation (new revenue)
allows for better utilization of the installed infrastructure (lower capex)
An IP/MPLS architecture with wide application
(SP, OTT/Web, GET) across (WAN, Metro/Agg, DC)
MPLS and IPv6 dataplanes
SDN controller
An architecture designed with SDN in mind
What is Segment Routing?
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Fundamental to the velocity and success
Significant commitment
technical transparency
multi-vendor commitment
beta and poc
Many more operators now involved
Deployments in a few months
Strong Operator Partnership
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IETF
• Working-Group is created
• Use-Case is WG status
• Architecture is WG status
• Protocol Extension is WG status
• ~ 25 drafts maintained by SR teamOver 50% are WG status
Over 75% have a Cisco implementation
www.segment-routing.net
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SR ToolBoxImpressive in < 24months
ISIS Prefix and Adjacency Segment with 50msec link-FRR IOS-XR 5.2.2
SR/LDP seamless interworking for ISIS IOS-XR 5.2.2
OSPF Prefix and Adjacency Segment with 50msec link-FRR IOS-XR 5.3.0
SRTE Head-end on ASR9k Beta
SRTE head-end on VPEF Beta
BGP Peering Segment Beta
BGP Prefix Segment Beta
SR Planning and Design Mate Design 6.0
Get involved and provide ideas and requirementsLeverage dcloud.cisco.com virtual labs
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SRTE Headend
• Classify packets and push the matching segment-list
– All the TE functionality is leveraged (counters, autoroute, PBTS...)
• Network Design– Virtual PE facing Application VM’s: VPP beta available
– DCI, PE or Aggregation: IOS-XR/ASR9k beta available
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SRTE midpoint
• Does not exist– No state overhead
– No signalling overhead
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SR Policy Computation
Router (headend) WAE Mate Design
Latency V V V
Avoid a topological resource V V V
Disjoint from another service V (if both originate on the same head-
end)
V V
BW - V V
Inter-Area/Inter-Domain - V V
Integration with IP/Optical - V V
Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The benefits of centralized TE
www.opennetsummit.org/archives/apr12/hoelzle-tue-openflow.pdf
Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The benefits of centralized TE
• Centralized Traffic Engineering
Better optimum
Better predictability
Faster convergence
Better suited for Application Programmability (Nbound-API)
Network Programmability (Sbound-API, PCEP)
• Centralized TE with Segment Routing
Controller expresses path as segment list
Network maintains segments and provide FRR for them
ECMP-awareness
No signalling and per-flow state at midpoint
www.opennetsummit.org/archives/apr12/hoelzle-tue-openflow.pdf
Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Traffic Engineering
2G from A to Z please
Link CD is full, I cannot use the shortest-path 65 straight to Z
16065
FULL
16065
Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Traffic Engineering
Path ABCOPZ is ok. I account the BW. Then I steer the traffic on this path
FULL
16066
1606516068
• Highly programmable and responsive to rapid changes– perfect support for centralized optimization efficiency, if required
Tunnel AZ onto {16066, 16068, 16065}
Cisco Confidential 26© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SR-TE and Centralized Controller: 50% capex gain with better predictibility and optimality than RSVP-TE and with 1000 times less
tunnels
1000 times less
tunnels
Real Data-Set 2014
Cisco Confidential 29© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Automated BGP Peering SID allocation
BGP Peering SID’s in C’s MPLS Dataplane
PeerNode SID’s:16012: pop and fwd to 1.0.1.2/3216022: pop and fwd to 1.0.2.2/3216052: pop and fwd to 1.0.5.2/32 (ecmp!)
PeerAdj SID’s:16032: pop and fwd to 1.0.3.2/3216042: pop and fwd to 1.0.4.2/32
Cisco Confidential 30© 2013-2014 Cisco and/or its affiliates. All rights reserved.
BGP-LS extensions to signal Peering SID to controller
• The controller learns the BGP Peering SID’s and the external topology of the egress border router via BGP-LS EPE routes
BGP EPE Signalling from egress PE to Controller
Cisco Confidential 32© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MSDC
• Massive Scale DC
– Built on BGP3107
• BGP Prefix Segment
– Straightforward BGP3107 extension
– BGP equivalent to IGP Prefix SID
– Any node within the topology allocates the same BGP Segment for the same switch
eBGP ipv4labeled-unicast
eBGP ipv4 unicast
https://www.nanog.org/meetings/nanog55/presentations/Monday/Lapukhov.pdfhttps://www.nanog.org/sites/default/files/wed.general.brainslug.lapukhov.20.pdf
Cisco Confidential 33© 2013-2014 Cisco and/or its affiliates. All rights reserved.
BGP Prefix SID
• Same benefits as IGP Prefix SID– ECMP
– Automated FRR (BGP PIC)
– Building block for Traffic Engineering
Cisco Confidential 35© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Guaranteed Link/Node FRR in any topology
50msec protection
Simplicity
Entirely automated
No directed LDP session
No RSVP-TE tunnels
Incremental deployment
Applicable to LDP primary traffic
Optimal backup path along postconvergence path
Prevents transient congestion and suboptimal routing
TI-LFA: Automated 50-msec Protection for IGP Segments
Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Mate Design – TILFA Simulation
• How many segments in backup chain
• Capacity analysis during FRR transient state
Cisco Confidential 37© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IPv4 MPLS Transport with FRR
• IPv4 over MPLS: the obvious way it should have been done
– Just the IGP to operate
– Sub50msec FRR integrated and automated
• Seamless migration
– SR/LDP interworking
A B
M N
PE2PE1
All VPN services ride on the prefix segment to PE2
Any service resolving on IGP IPv4 Prefix SID
Internet
VPNv4
6PE
PW
Cisco Confidential 38© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IPv6 MPLS Transport with FRR
• IPv6: the opportunity to do it right from the start
– Just the IGP to operate
– Sub50msec FRR integrated and automated
A B
M N
PE2PE1
Internet/v6 rides on the Prefix segment to PE2
Any service resolving on IGP IPv6 Prefix SID
Internet v6
VPNv6
Cisco Confidential 39© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MPLS dataplane monitoring
B C
N O
A
9101
9105
9107
9104
9101
9105
9107
9108
9104
9105
Nanog57, Feb 2013
9108 91059108
9102
9108
9102
draft-geib-spring-oam-usecase-02
OAM
Cisco Confidential 40© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Disjoint TE Service• A to Z any plane
– IGP shortest-path
– PrefixSID of Z (65)
• A to Z via blue plane
– SRTE policy pushes one additional segment “Blue Anycast” (111)
• Benefits
– ECMP
– No hop-by-hop signalling load and delay
– No midpoint state
Beta Available
16065
pkt
16065
pkt
16111
Cisco Confidential 41© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Latency TE Service
• Data from Tokyo to Brussels
– IGP shortest-path via US, higher and cheaper capacity
– PrefixSID of Brussels
• Voice from Tokyo to Brussels
– SRTE policy pushes one additional segment “Russia Anycast”
– Low-latency path
• Benefits
– ECMP
– Availability of the anycast segment against node failure
– No hop-by-hop signalling load and delay
– No midpoint state
Node segment to Brussels
Node segment to Russia
Brussels
pkt
Data
Brussels
pkt
Russia
Voice
Cisco Confidential 42© 2013-2014 Cisco and/or its affiliates. All rights reserved.
AS1
AS2
AS3
Content producer engineers its WAN traffic to egress peers
AS4
B
C
D
E
Payload
9.9.9.9/32
Payload
PeeringSID(E)
PrefixSID (C)
Engineered Path
TE Policyinstalled by Controller
Payload
PrefixSID(B) Payload
Best BGP and IGP
Path
Payload
PeeringSID(E)
Engineered Path
ISIS/SR-based WAN
A
Cisco Confidential 43© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SR-based MSDC
• MPLS dataplane
• BGP control-plane
– No LDP, No RSVP-TE
– Integrated/Automated FRR
> no hop-by-hop manual configuration of static routes and their FRR behaviors
• Global label for easier operation
– Same SRGB at each switch
• SRTE WAN Optimization Controller applicable to DC fabric
Cisco Confidential 44© 2013-2014 Cisco and/or its affiliates. All rights reserved.
AS1
AS2
AS3
Distributed DC for Content Engineering to local Peers
AS4
B
C
D
E
Payload
9.9.9.9/32
Payload
PeeringSID(E)
PrefixSID (C)
Engineered Path
TE Policyinstalled by Controller
Payload
PrefixSID(B) Payload
Best BGP Path
Payload
PeeringSID(E)
Engineered Path
BGP/SR-based DC Fabric
Cisco Confidential 45© 2013-2014 Cisco and/or its affiliates. All rights reserved.
End-to-end policy from DC, through WAN to peer
vPEF
App
App
ToR Leaf Spine DCE BRLSR
BR
BR
Classify flow and push SR segment
list
SR DC SR WAN
Top Segment provides
ECMP-path to selected DCI
Next segments implement
WAN Policy:Cost vs Latency
DisjointnessSelect egress
BR
Last segment selects egress
peer
Cisco Confidential 46© 2013-2014 Cisco and/or its affiliates. All rights reserved.
End-to-end policy from DC, through WAN to peer
ToR Leaf Spine DCE BRLSR
BR
BR
SR DC SR WAN
Illustrated end-to-end policy implemented by the application:
• Two service hops in the DC
• Low-latency path in the WAN
• Engineered peering exit to Internet consumer
Cisco Confidential 47© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Large-Scale Aggregation
• Only IGP/SR (no BGP)
– Automated FRR including ASBR failure
• SRGB (k) << # access nodes (100k)
• SDN Controller programs the segment list together with service creation
CoreAcces1 Acces2A 70
B72
ASBR2A 1002
ASBR2B 1002
C 72
ASBR SID’s are anycast
ASBR SID’s are unique across the entire domain
ASBR anycast prefixes and SID are redistributed within each access region
Access Nodes are provided a SID which is unique with respect to its attached ASBR’s but not necessarily unique across the whole domain
{72} leads to B within Access1{72} leads to C within Access2{1001, 72} leads to B from anywhere{1002, 72} leads to C from anywhere
ASBR1A 1001
ASBR1B 1001
Cisco Confidential 49© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Segment Routing
• Unified
– DC + WAN + Aggregation
– from server in the DC, through WAN and to the service edge
• Policy-aware
– DC: disjoint planes, flow-based congestion avoidance
– WAN: disjoint services, latency-sensitive traffic, scheduled bulk transfer
• Application programs the end-to-end policy
– The end-to-end policy is encoded by the application as an SR segment list in the packet header
• Balance between distributed and centralized intelligence
– Distributed: automated sub-30msec FRR link/node in any topology with optimum backup path
– Centralized: traffic optimization for better use of the installed capacity
• Applicable to MPLS and IPv6 dataplanes
• Much simpler to operate than MPLS Classic
Cisco Confidential 50© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Get involved
• All of these use-cases are either FCS or beta available
• Leverage dcloud.cisco.com virtual labs
• Get involved and provide ideas and requirements
• SR is operator driven
• Visit the lab/demo offered by Kris Michielsen
• Your help is key
Cisco Confidential 52© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Complete Your Online Session Evaluation
• Please complete your online sessionevaluations after each session.Complete 4 session evaluations& the Overall Conference Evaluation(available from Thursday)to receive your Cisco Live T-shirt.
• All surveys can be completed viathe Cisco Live Mobile App or theCommunication Stations
52
Cisco Confidential 53© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Leverage MPLS dataplane and services
Drastically improve MPLS control-plane while enabling new services
Simplicity, Scale, Functionality, Centralized Optimization and Programmability
Strong operator adoption and tight involvement
Innovation and Standardization
Aggressive productization by Cisco
PoC and Beta code available
Segment Routing
Cisco Confidential 54© 2013-2014 Cisco and/or its affiliates. All rights reserved.
http://www.segment-routing.net/
Stay Informed