Wednesday, 23 October 2019

Segment Routing


Segment Routing (SR) is a proposed solution to replace MPLS in the wireline networks which is picking up a lot of traction.

RFC 8402 is the Segment Routing Architecture standard which was accepted & published in July last year, it had been worked on for around 5 years before becoming an RFC. It is considered a relatively new protocol. There are currently 42 draft IETF standards in progress for various features around the SR architecture. Lots of information can be found on SR at https://www.segment-routing.net/

It works currently by leveraging either MPLS or IPv6 to represent segments in a network.
A segment can be a network link, the link between two router. It can be a node, identifying the router itself, or it can represent a service – which is essentially the customer network.

Each segment in the network is represented by a Segment Identifier or SID. As you can see in the diagram below, Segment routing works together with an IGP. IGP stands for Interior Gateway Protocol, which is an umbrella term for the routing protocols that share routing information within a common routing domain. Segment Routing currently leverages  IGPs to spread information of the SIDs throughout the network. The two IGPs that SR can use at the moment are OSPF and IS-IS. When SR uses OSPF, the SIDs are distributed in the extended prefix Link State Advertisements. When using IS-IS they are distributed using the router capability advertisements




In SR, every node has a unique identifier called the node SID. This identifier is globally unique and would normally be configured on a loopback address on the device.
In IPv4 networks, the SID is encoded as a standard MPLS label, whereas in IPv6 it is encoded as an IPv6 address associated with the segment.

I’m going to work through an example that focuses on SR-MPLS. This has been done in VIRL and I will attach the VIRL file at the end of this blog post.

You can see in this network the SID allocated to each of the routers.

There is a concept of the global block in  segment routing which begins at 16000, in my case I’ve kicked the numbering off at 19000, just because I could. The last digit of the SID corresponds to the router number in this network.
By default in this network, when a router goes into the ingress router it will take the best path through the network as determined by IS-IS. In this case, it is vi R1, R2, R3 and finally through R4.
To demonstrate one of the features of SR, I’m going to force a packet to go via R5.

In the configuration below I’ve set up a tunnel through to R4 which an explicit path titled SIDLIST1.
In the example you can see I’m explicitly stating the pathway to be 19002, 19003 and then 19005 before going to 19004.

  interface tunnel-te1
    ipv4 unnumbered Loopback0
    autoroute destination 100.0.0.4
    destination 100.0.0.4
    path-option 1 explicit name SIDLIST1 segment-routing
  explicit-path name SIDLIST1
    index 10 next-label 19002
    index 20 next-label 19003
    index 30 next-label 19005
    index 40 next-label 19004

The options for defining path are fairly extensive. It can be configured to avoid a router, to always go through a particular router and many other options. But for now we’ll see what happens when we apply this to the lab network.

I have the explicit SID list configured and what I’ve done is tapped each link and opened the traffic in wireshark so we can see exactly what the packet looks like as it goes through a segment routed network.

I have set up a ping from R7 to R8 across the SR network. The packet goes straight into the ingress router. The router will look up the route and then put the appropriate stack of segments within the packet and forward to the next router. This is were I first tap it.



Here (above) between R1 and R2 you can see the stack of MPLS labels indicating the segment route to take.
The active segment is on the top and is the segment that the router inspects when it arrives at R2. In this case R2 will see 19003 and will forward the packet on to R3. Before forward it will remove the top label.

Between R2 and R3 (above) we can see that stack is slightly smaller and the active SID is now 19005. This means R3 will forward the packet to R5, once again removing one of the labels.


Between R3 and R5 (above) we see the active SID is now 19004, meaning that R5 will forward to R4 removing the SID before doing so.


Above we see between R5 and R4 all the SIDs have been removed, there is just a final label which represents the customers vrf, and so R4 knows to forward to R8.

In summary, we can see how segment routing uses the MPLS labels to represent SIDS and how it is possible to configure explicit routes through the providers network.

Click here for the VIRL demo file