SRv6 With IPv6 for Transport
In this article
We have talked a lot about SR-MPLS, which implements Segment Routing (SR) over the MPLS data plane utilizing traditional MPLS label switching. Although SR-MPLS is a significant breakthrough from traditional networking by offering features like fast reroute, delay-based routing, and distributed and centralized traffic engineering, it is still an overlay technology with MPLS label shims.
SRv6 utilizes the IPv6 data plane natively to deliver Segment Routing capabilities which dramatically simplifies network deployments. By eliminating the need for MPLS label shims and transporting SRv6 SIDs as IPv6 addresses, any IPv6 capable router can forward an SRv6 packet. This means that you can run SRv6 services over any IPv6-enabled infrastructure. This opens the possibility of running L3VPN and L2VPN services over the IPv6 Public Internet without a private network. All the advanced features of SR like Flex-Algo, Delay and constraint-based traffic engineering, and TI-LFA are available or are planned for SRv6 in Cisco IOS XR Network Operating Systems.
Like SR-MPLS, SRv6 was conceived by Clarence Filsfils of Cisco Systems to bridge the gap between SDN and traditional networking. There are many advantages to SRv6 that we will explore in this article. At the same time, we will try to demystify the complexities of IPv6. Let's take a closer look at SRv6 and IPv6 and how they can pave the way for a new programmable networking paradigm.
IPv6 for Transport
Over the years, we have become very comfortable with IPv4 addressing and implementation and its relative simplicity. On the other hand, although IPv6 is widely adopted and deployed, there is still considerable hesitancy outside the Service Provider arena to truly embrace IPv6. Therefore, many organizations have yet to deploy IPv6. For better or for worse, IPv6 is more flexible, extensible and hence, more complicated than IPv4. The IP address is a 128-bit binary address expressed in hexadecimal notation, whereas IPv4 is only 32-bits and expressed in decimal notation. This alone creates a problem for many people who are not accustomed to counting in hexadecimal. Beyond that, IPv6 has many nuances like SLAAC, ICMPv6 Neighbor Discovery Protocol, IPv6 Extension Headers, IPsec Encapsulation and Tunneling, and IPv6 routing protocols; it's a lot to digest. The good thing is that most of this is not relevant to deploying an IPv6 Transport network. Apart from the new address structure, ISIS with IPv6 is just as simple as IPv4. And if you have not deployed ISIS before, you will find it very easy to navigate and administer.
Like SR-MPLS, ISIS is required for SRv6 because Segment Routing depends on an SPF protocol like OSPF or ISIS to propagate the Segment Routing data or TLVs (Type-length-values). The SPF protocol distributes the necessary Segment Identifiers or SIDs and provides TI-LFA, responsible for SR's 50ms Fast Reroute capability. Traditionally deployed in SP networks only, ISIS has become more attractive with the implementation of IPv6. ISIS has multi-protocol and SRv6 support, unlike OSPF, making ISIS the ideal choice for IPv6 networks. ISIS is relatively easy to configure, and troubleshooting is straightforward. With SRv6, ISIS is the future of IP routed networks.
A closer look
Let's look at the IPv6 address and packet and how SRv6 takes advantage of this new paradigm. An IPv6 address is composed of eight four-digit hexadecimal numbers. Typically, the network portion of the address is the first 64 bits, and the host portion is the last 64 bits. Although this is not always the case, it will simplify our discussion. Below is a sample of an IPv6 address. There is nothing special about this address; it is just a standard IPv6 address.
Now let's take the same IPv6 address, but instead of denoting the Network Portion and Interface Identifier like above, we will rename them to Locator and Function, respectively so.
What changed? If you guessed nothing, you are correct! This is how simple SRv6 is; let me explain what this means and how we use it. The Locator is used by any IPv6 device to route the packet to the destination router. The Locator is an address owned by one single entity in the network. The Function is an instruction on how to process the packet and is only relevant on the end device. It could represent a dozen or more different operations, including the L3VPN or L2VPN function. The other functions are documented in "RFC 8986 Segment Routing over IPv6 (SRv6) Network Programming."
We chose a GUA or Global Unicast Address in this example, but we could use a ULA or Unique Local Address. The reason we chose a GUA is that this address is Internet Routable. We will assume that our organization owns the 2001:0000/32 address and allocated one subnet 2001:0000:0001/48 for SRv6. SRv6 is not restricted to assigning 64 bits for the Locator and 64 bits for the Function but makes for an excellent example. This means that 216 (64 – 48 = 16) or 65,536 devices in our network can run SRv6.
SRv6 and the programmable network
Now let's explore the idea of SRv6 functions and programming. In SRv6, typically, only the endpoint devices or PE routers need to run SRv6, and the remainder of the routers only need to have IPv6 enabled for forwarding. In the previous example, we have a single IPv6 address that contains one Function or programming instruction. However, it is possible to have multiple functions embedded in the IPv6 packet, which we will discuss in the next section.
Let's take a deeper look at some of the essential SRv6 functions. Below is a table of some of the more common SRv6 Functions.
This is only a section of the current RFC 8986 functions, which is an ever-expanding list. These functions only need to be processed by the Endpoint routers. Notice that there are different functions for how the endpoint router handles the incoming packet. For example, End.DX4 and End.DT4 is the same IPv4 L3VPN Function differing only in how the destination device forwards the packet. In the first instance, the End.DX4 is similar to doing per-CE VPN. The packet is forwarded out the appropriate interface and, in the second instance, the End.DT4 is identical to a per-VRF VPN, requiring an IPv4 Table lookup and a layer 2 re-write to forward the destination packet.
IPv6 header extensions
The IPv6 Protocol specification documented in RFC 2460 was written almost 25 years ago. It outlines something referred to as IPv6 Extension Headers and, in particular, IPv6 Routing Extension Headers. SRv6 utilizes this extension header to carry multiple IPv6 addresses that can, in our case, contain multiple SRv6 SIDs. If you think that an SRv6 SID which is 128 bits or 16 bytes compared to 32 bits or 4 bytes like in MPLS, creates a lot of overhead, you are correct. This is where Cisco's latest feature, SRv6 uSID, is extremely useful. SRv6 uSID is a complete replacement for traditional MPLS technology in Service Provider, Enterprise and Public Sector networks. uSID is a technique that allows a single 128-bit IPv6 address to carry as many as seven individual SIDs. We will discuss uSID in a future article where we delve more into the details of SRv6.
Conclusion
We have examined SRv6 at a high level, so hopefully you have a basic understanding of SRv6 and its integration with IPv6. IPv6 has been available for quite some time, but SRv6 makes this transition more attractive. I hope this article convinced you that SRv6 changes how we think about traditional networking and makes SDN a reality.
Feel free to contact us today with any questions or details on SRv6.