Segment Routing (SR) is a proposed solution to
replace MPLS in the wireline networks which is picking up a lot of traction.
RFC 8402 is the Segment Routing
Architecture standard which was accepted & published in July last year, it
had been worked on for around 5 years before becoming an RFC. It is considered
a relatively new protocol. There are currently 42 draft IETF standards in progress for various features around the SR architecture. Lots of information can be found on SR at https://www.segment-routing.net/
It works currently by leveraging either
MPLS or IPv6 to represent segments in a network.
A segment can be a network link, the link
between two router. It can be a node, identifying the router itself, or it can
represent a service – which is essentially the customer network.
Each segment in the network is
represented by a Segment Identifier or SID. As you can see in the diagram below, Segment routing works together with an IGP. IGP stands for Interior
Gateway Protocol, which is an umbrella term for the routing protocols that
share routing information within a common routing domain. Segment Routing
currently leverages IGPs to spread
information of the SIDs throughout the network. The two IGPs that SR can use at
the moment are OSPF and IS-IS. When SR uses OSPF, the SIDs are distributed in
the extended prefix Link State Advertisements. When using IS-IS they are
distributed using the router capability advertisements
In
SR, every node has a unique identifier called the node SID. This identifier is
globally unique and would normally be configured on a loopback address on the
device.
In
IPv4 networks, the SID is encoded as a standard MPLS label, whereas in IPv6 it
is encoded as an IPv6 address associated with the segment.
I’m going to work through an example that focuses on SR-MPLS. This has been done in VIRL and I will attach the VIRL file at the end of this blog post.
You
can see in this network the SID allocated to each of the routers.
There
is a concept of the global block in
segment routing which begins at 16000, in my case I’ve kicked the
numbering off at 19000, just because I could. The last digit of the SID
corresponds to the router number in this network.
By
default in this network, when a router goes into the ingress router it will
take the best path through the network as determined by IS-IS. In this case, it
is vi R1, R2, R3 and finally through R4.
To
demonstrate one of the features of SR, I’m going to force a packet to go via
R5.
In the configuration below I’ve set up a
tunnel through to R4 which an explicit path titled SIDLIST1.
In the example you can see I’m explicitly
stating the pathway to be 19002, 19003 and then 19005 before going to 19004.
interface
tunnel-te1
ipv4 unnumbered Loopback0
autoroute
destination 100.0.0.4
destination 100.0.0.4
path-option 1 explicit name SIDLIST1
segment-routing
explicit-path
name SIDLIST1
index 10 next-label 19002
index 20 next-label 19003
index 30 next-label 19005
index 40 next-label 19004
The options for defining path are fairly
extensive. It can be configured to avoid a router, to always go through a
particular router and many other options. But for now we’ll see what happens
when we apply this to the lab network.
I have the explicit SID list configured
and what I’ve done is tapped each link and opened the traffic in wireshark so
we can see exactly what the packet looks like as it goes through a segment
routed network.
I have set up a ping from R7 to R8 across
the SR network. The packet goes straight into the ingress router. The router
will look up the route and then put the appropriate stack of segments within
the packet and forward to the next router. This is were I first tap it.
Here (above) between R1 and R2 you can see the
stack of MPLS labels indicating the segment route to take.
The active segment is on the top and is
the segment that the router inspects when it arrives at R2. In this case R2
will see 19003 and will forward the packet on to R3. Before forward it will
remove the top label.
Between R2 and R3 (above) we can see that stack
is slightly smaller and the active SID is now 19005. This means R3 will forward
the packet to R5, once again removing one of the labels.
Between R3 and R5 (above) we see the active SID
is now 19004, meaning that R5 will forward to R4 removing the SID before doing
so.
Above we see between R5 and R4 all the
SIDs have been removed, there is just a final label which represents the
customers vrf, and
so R4 knows to forward to R8.
In summary, we can see how segment
routing uses the MPLS labels to represent SIDS and how it is possible to
configure explicit routes through the providers network.
Click here for the VIRL demo file
Click here for the VIRL demo file