Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1
Segment Routing Evoluce MPLS směrem k SDN
Josef Ungerman CSE, CCIE #6167
Oct 2013
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 2
Kde jste?
Klikněte na mapu šipkou z webexu J
Segment Routing Connect Club 10.října 2013
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
MPLS Segment Routing Overview
• Emergence of Stateless MPLS • Simplification – label distribution via IGP; no need for LDP and RSVP • Scale – less state for routers to maintain to maintain • Combined with SDN WAN Platform controller for path computation and programming • Backward compatible with existing networks
A B C
M N O
Z
D
P
Nodal segment to Z (shortest path)
Nodal segment to Z
Adj Segment
Nodal segment : a shortest-path to the related node
Adjacency segment: one-hop through the related adjacency
Nodal segment to C
The state is no longer in the network, it’s in the packet.
draft-previdi-filsfils-isis-segment-routing draft-gredler-rtgwg-igp-label-advertisement
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Simplicity – less protocols to operate & troubleshoot – no LDP sessions between routers – deliver automated FRR for any topology
• Scale – avoid millions of labels in LDP database – avoid millions of TE LSP’s in the network – avoid millions of tunnels to configure
• Simple to deploy and operate – coexistence, incremental deployment – MPLS: segment = label (push, pop, swap) – Same behavior – ECMP, PHP, LFA…
X LFA <50ms (Loop-free alternate backup route+label)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Nodes advertises adjacency label per link – simple IGP extension
• Only advertising node installs adjacency segment in data plane
• Enables source routing along any explicit path (segment list)
B C
N O
Z
D
P
A
9101
9105 9107
9103 9105
9101
9105
9107
9103
9105
9105
9107
9103
9105
9107
9103
9105
9103
9105 9105
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• Nodes advertise a node segment – simple IGP extension
• All remote nodes install node segment ids in data plane
A packet injected anywhere with top label 65 will reach Z
via IGP shortest path A B C
Z
D
65
FEC Z push 65
swap 65 to 65
swap 65 to 65 pop 65
Packet to Z
Packet to Z
65
Packet to Z
65
Packet to Z
65
Packet to Z
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
• Source Routing
• Any explicit path can be expressed: ABCOPZ
A B C
M N O
Z
D
P
Pop 9003
Packet to Z
65
9003
Packet to Z
65
Packet to Z
Packet to Z
65
Packet to Z
65
9003
72
Packet to Z
65
9003
72
72 72
65
65
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
• IP-based FRR is guaranted in any topology
– 2002, LFA FRR project at Cisco – draft-bryant-ipfrr-tunnels-03.txt
• Directed LFA (DLFA) is guaranteed when metrics are symetric
• No extra computation (RLFA)
• Simple repair stack – node segment to P node – adjacency segment from P to Q
Backbone
C1 C2
E1 E4
E3 E2 1000
Node segment to P node
Default metric: 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Non-Disjoint Traffic A sends traffic with [65] Classic ecmp “a la IP”
Disjoint Traffic A sends traffic with [111, 65] Packet gets attracted in blue plane and then uses classic ecmp “a la IP”
SR avoids state in the core
SR avoids enumerating RSVP-TE tunnels for each ECMP paths
ECMP-awareness!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
• Tokyo to Brussels – data: via US: cheap capacity
– VoIP: via Russia: low latency
• CoS-based TE with SR – IGP metric set such as
> Tokyo to Russia: via Russia
> Tokyo to Brussels: via US
> Russia to Brussels: via Europe
– Anycast segment “Russia” advertised by Russia core routers
• Tokyo CoS-based policy – Data and Brussels: push the node segment to Brussels
– VoIP and Brussels: push the anycast node to Russia, push Brussels
Node segment to Brussels
Node segment to Russia
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• At entry of the SR domain, two headers are pushed – outer IPv6 header > DA is within SRB block, active SID is within the DA
– intermediate Routing Ext header with new type T (“the SR header” 43) > I and E, Segment list and active pointer
• Any node within SR domain is configured with SRB block (e.g. 0xCAFFE0123456789A/64)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Path ABCOPZ is ok. I account the BW. Then I steer the traffic on this path
FULL 66
65 68
Tunnel AZ onto {66, 68, 65}
The network is simple, highly programmable and responsive to rapid changes
2G from A to Z please
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Towards an Open Network Environment for SDN Implementation Perspective: Evolve the Control- and Management Plane Architecture
• Agility = simplicity + flexibility
• ISIS/OSPF costs 0$, don’t fix what is no broken
• Adding intelligence, and CPU power
Distributed Control Plane (selfish view of each node)
Evolved Control Plane Architecture (Examples)
…
Control/Network/Services-plane component(s) Data-plane component(s) Applications
Centralized Control (Master of Puppets?)
Adding Intelligence (what is the best for the network)
Traditional Control Plane Architecture
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
14
SDN WAN Collector Program
NB API
WAN Off-Net R1
R2
R3
Hi-Prio Cust App
1
2
3
4
① Network conditions reported to collector, accessible to App
② Congestion threshold triggers app to request Prem Cust to Prem Path Mapping
③ SDN WAN computes 1-7-2-3 SR path;
④ Programs: <SR stack via PCEP> < prem cust classifer via OF>
Premium
Normal Congested!!
R7
PCEP OF OF
4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Evolution of MPLS “MPLSDN”
G-MPLS
WAN Controller
DC
Cross Domain Orchestration
FlexLSP for transport orientated services
Baseline MPLS Architecture
DC Controller
Segment Routing
Segment Routing – simplified control plane; more scalable data plane
IP+Optical Multi-Layer Optimization (nLight)
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 16
Co tomu říkáte?
Klikněte na mapu šipkou z webexu J
Connect Club 10.října 2013
MPLS zhyne, bude nahraženo IPv6.
SDN je budoucnost. MPLS se musí přizpůsobit.
Jak vidíte budoucnost MPLS a SP páteří (5 let)?
MPLS pojede dál, jen k němu přibyde ta trocha SDN.
MPLS pojede dál v nezměněné podobě. SDN je jen výstřelek.
Cisco Confidential 17 © 2011 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
asr9000-pe1 ! router isis DEFAULT is-type level-2-only net 49.0000.1720.1625.5001.00 address-family ipv4 unicast metric-style wide ! interface Loopback0 passive address-family ipv4 unicast nodal-sid sid-value 16001 ! ! interface GigabitEthernet0/0/0/4 point-to-point address-family ipv4 unicast ! ! interface GigabitEthernet0/0/0/5 point-to-point address-family ipv4 unicast ! ! !
Packets with label 16001 forwarded
towards PE1 via IS-IS shortest path. PHP enabled by default.
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
asr9000-p2 ! router isis DEFAULT is-type level-2-only net 49.0000.1720.1625.5102.00 address-family ipv4 unicast metric-style wide ! interface Loopback0 passive address-family ipv4 unicast nodal-sid sid-value 16102 PHP-disable ! ! interface GigabitEthernet0/0/0/4 point-to-point address-family ipv4 unicast ! ! interface GigabitEthernet0/0/0/5 point-to-point address-family ipv4 unicast ! ! interface GigabitEthernet0/0/0/6 point-to-point address-family ipv4 unicast ! ! !
Packets with label 16102 forwarded
towards P2 via IS-IS shortest path. PHP
disabled.
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
RP/0/RSP0/CPU0:asr9000-pe1#sh isis database detail verbose asr9000-pe2.00 Tue May 7 12:49:07.939 PDT IS-IS DEFAULT (Level-2) Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL asr9000-pe2.00-00 0x0000076b 0xe36c 1123 0/0/0 Area Address: 49.0000 NLPID: 0xcc Hostname: asr9000-pe2 IP Address: 172.16.255.2 Metric: 10 IS-Extended asr9000-p2.00 Metric: 10 IS-Extended asr9000-p1.00 Metric: 10 IP-Extended 172.16.0.0/31 Metric: 10 IP-Extended 172.16.0.2/31 Metric: 0 IP-Extended 172.16.255.2/32 Nodal-SID: 16002 PHP-off:1 Ext:0 Total Level-2 LSP count: 1 Local Level-2 LSP count: 0 RP/0/RSP0/CPU0:asr9000-pe1#
Node segment id associated with PE2
loopback
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
RP/0/RSP0/CPU0:asr9000-pe1#sh isis database detail verbose asr9000-p2.00 Tue May 7 12:54:57.779 PDT IS-IS DEFAULT (Level-2) Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL asr9000-p2.00-00 0x0000001a 0x39d4 1169 0/0/0 Area Address: 49.0000 NLPID: 0xcc Hostname: asr9000-p2 IP Address: 172.16.255.102 Metric: 10 IS-Extended asr9000-pe2.00 Metric: 10 IS-Extended asr9000-pe1.00 Metric: 10 IS-Extended asr9000-p1.00 Metric: 10 IP-Extended 172.16.0.2/31 Metric: 10 IP-Extended 172.16.0.4/31 Metric: 10 IP-Extended 172.16.0.8/31 Metric: 0 IP-Extended 172.16.255.102/32 Nodal-SID: 16102 PHP-off:1 Ext:0 Total Level-2 LSP count: 1 Local Level-2 LSP count: 0 RP/0/RSP0/CPU0:asr9000-pe1#
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
Node segment id associated with P2
loopback
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
RP/0/RSP0/CPU0:asr9000-pe1#sh mpls forwarding Tue May 7 12:22:53.650 PDT Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16001 Aggregate default: Per-VRF Aggr[V] \ default 59 16002 16002 No ID Gi0/0/0/4 172.16.0.4 18722 16002 No ID Gi0/0/0/5 172.16.0.7 0 16020 Aggregate RED: Per-VRF Aggr[V] \ RED 4500 16101 16101 No ID Gi0/0/0/5 172.16.0.7 0 16102 16102 No ID Gi0/0/0/4 172.16.0.4 0 RP/0/RSP0/CPU0:asr9000-pe1#
Local node segment id
Node segment id to reach PE1 via ECMP
Node segment id to reach P1
Node segment id to reach P2
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
RP/0/RSP0/CPU0:asr9000-p2#sh mpls forwarding Tue May 7 13:17:35.480 PDT Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16001 Pop No ID Gi0/0/0/4 172.16.0.5 0 16002 16002 No ID Gi0/0/0/6 172.16.0.2 21258 16101 16101 No ID Gi0/0/0/5 172.16.0.8 0 RP/0/RSP0/CPU0:asr9000-p2#
Node segment id to reach PE1 (PHP)
Node segment id to reach P1
Node segment id to reach PE2
172.16.255.101/32 SID=16101
PE2
P1
P2
PE1
172.16.255.102/32 SID=16102
172.16.255.2/32 SID=16002
172.16.255.1/32 SID=16001
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
PE2 PE1 VRF RED
192.168.255.1/32 VRF RED
192.168.255.2/32 IP/MPLS
(segment routing)
hostname asr9000-pe1 ! vrf RED address-family ipv4 unicast import route-target 65172:0 ! export route-target 65172:0 ! ! ! interface Loopback11 vrf RED ipv4 address 192.168.255.1 255.255.255.255 ! router bgp 65172 address-family ipv4 unicast ! address-family vpnv4 unicast ! neighbor 172.16.255.2 remote-as 65172 update-source Loopback0 address-family ipv4 unicast ! address-family vpnv4 unicast ! ! vrf RED rd 65172:0 address-family ipv4 unicast redistribute connected ! ! !
L3VPN usual configuration
172.16.255.1/32 SID=16001
172.16.255.2/32 SID=16002
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
RP/0/RSP0/CPU0:asr9000-pe1#sh bgp vpnv4 unicast labels Tue May 7 13:21:11.106 PDT BGP router identifier 172.16.255.1, local AS number 65172 BGP generic scan interval 60 secs BGP table state: Active Table ID: 0x0 RD version: 1269798720 BGP main routing table version 23 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Rcvd Label Local Label Route Distinguisher: 65172:0 (default for vrf RED) *> 192.168.255.1/32 0.0.0.0 nolabel 16020 *>i192.168.255.2/32 172.16.255.2 16000 nolabel Processed 2 prefixes, 2 paths RP/0/RSP0/CPU0:asr9000-pe1# RP/0/RSP0/CPU0:asr9000-pe1#sh cef vrf RED 192.168.255.2 Tue May 7 13:20:58.960 PDT 192.168.255.2/32, version 15, internal 0x14004001 (ptr 0xad279764) [1], 0x0 (0x0), 0x410 (0xadf7a4b0) Updated May 7 09:41:16.371 Prefix Len 32, traffic index 0, precedence n/a, priority 3 via 172.16.255.2, 3 dependencies, recursive [flags 0x6010] path-idx 0 [0xae0429a8 0x0] next hop VRF - 'default', table - 0xe0000000 next hop 172.16.255.2 via 16002/0/21 next hop 172.16.0.4/32 Gi0/0/0/4 labels imposed {16002 16000} next hop 172.16.0.7/32 Gi0/0/0/5 labels imposed {16002 16000} RP/0/RSP0/CPU0:asr9000-pe1#
Label stack to forward traffic to
192.168.255.2/32 (VRF RED) via
ECMP (as usual)
PE2 PE1 VRF RED
192.168.255.1/32 VRF RED
192.168.255.2/32 IP/MPLS
(segment routing)
172.16.255.1/32 SID=16001
172.16.255.2/32 SID=16002
BGP local/remote labels for VPNv4
prefixes (as usual)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
• External mailing list [email protected]
• Segment Routing public material
http://www.slideshare.net/getyourbuildon/tagged/cisco_segment_routing • Cisco internet draft (“Segment Routing with IS-IS Routing Protocol”)
http://tools.ietf.org/html/draft-previdi-filsfils-isis-segment-routing • Google NANOG 57 presentation (“Topology Aware Blackbox Monitoring”)
http://www.nanog.org/meetings/abstract?id=2058
Thank you.