Segment routing refers to a source routing mechanism that provides Traffic

Engineering, Fast Reroute, and MPLS VPNS without LDP or RSVP-TE.

As you are reading this post, you will learn everything about segment routing. With some extension
to the existing protocols, this source routing mechanism will assist you to solve all the complex
problems related toTraffic Engineering, Fast Reroute, and MPLS VPNS.

With RSVP-TE, you can use MPLS to create BGP free core, VPN services (layer 2 and layer 3), and
traffic engineering capability.

In this post, I will explain Segment Routing and all the problems associated with MPLS. After that, I
will elucidate how Segment Routing can provide solutions to those problems.

If you are knowledgeable about Segment Routing, you can continue with the use cases.

What is Segment Routing ?

The answer is no brainer. Segment Routing refers to a source routing mechanism.

I implore you not to confuse source routing with policy based routing (PBR), as both of them are
different.

While the source is an edge node, it can be a server, a top of rack switch, a virtual switch, or an edge
router. Source allows service chaining, and its entire path can be exposed to ingress/head end router.

What does segment means ?

Segment is the component path that allows the packets to travel, a task specified by the
user.

For instance, you could direct a component travelling from firewall X to go to router A, and
then to router B. Yes, you can do that. In fact, service chaining can be achieved with
Segment Routing.

Even though Segment Routing uses IP control plane, it employs MPLS data plane in
its operation. Segment ID is equivalent to MPLS label, and segment list is exposed to
label stack.

Some extensions of OSPF and IS-IS is necessary for the Segment Routing because
segment/label moves within the link state IGP protocol messages.
To understand how Segment Routing functions, you need to understand MPLS VPN
operation.

MPLS VPN Operation

If you know everything about MPLS VPN operation already, you can skip this section.

The below diagram depicts the MPLS VPN operation.

The diagram has two labels: core label, also known as transport tunnel; and topmost label. In MPLS
layer 2 or layer 3 VPN operations, the topmost label moves from PE1 loopback to PE2 loopback.
While the topmost label provides an edge-to-edge reachability, LDP, RSV, or BGP allows
core/transport label.

In the context of MPLS VPN, LDP is the most commonly used label distribution protocol.

If you want to use MPLS Traffic Engineering architecture, then you need to enable RSVP-TE for
label distribution. And of course, LDP and RSVP can coexist in the network.

VPN label is provided by BGP, specifically Multi-protocol BGP.

PE routers change BGP next hop as their loopback addresses to the VPN prefixes. Also,
core/transport label is used to reach the BGP next hop.

PE1 pushes two labels: the red label and the blue label. Sent by P1 to PE1 via LDP, red label – which
is the core/transport label – is changed at every hop.

The red label is removed at P2 if PE2 sends an implicit null label, a process known as PHP
(Penultimate hop popping).
The blue label is the VPN label sent by PE2 to PE1 through MP-BGP session.

Next, I will explain MPLS VPN operations with Segment Routing.

MPLS VPN with Segment Routing

If similar operation is done with Segment Routing, the red label is sent from PE2 to all the routers
within the IGP domain via link state protocols (OSPF or IS-IS), not within the LDP label messages
(see picture below).

Node segment ID, also known as prefix segment ID, is used for specifying the loopback interface of
Segment Routing enabled device.

Within the loopback interface, Segment Routing is enabled; because of that, Node/Prefix Segment
identifier is assigned to such loopback interface.

Throughout this post, I will use the SID abbreviation for Segment ID.

Node/Prefix SID is sent via either IS-IS or OSPF LSP and LSAs.

All the Segment Routing enabled routers receive and learn Node/Prefix SID from one another.

To assist you to understand this topic, I will explain MPLS Layer 3 VPN operation as well as
segment routing.

As you must have observed, there is no LDP in the above diagram. Label 100 is advertised in the IGP
protocol, and all the routers use identical label.
As for LDP, label 100 does not change hop by hop.

Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes.

BGP next hop is PE2 loopback. PE2 loopback uses label 100 in the IS-IS sub-TLV or OSPF
Opaque LSA.

PE1 assumes label 100 as a core / transport label, and so too does the outer label consider
label 2000 the inner VPN label .

P1 does not change the core/transport label; rather, it sends the packet to the P2.

If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In
sum, only the VPN label is sent to the PE2.

Without using LDP but by using IGP, MPLS VPN service is provided. Segment Routing
does not require LDP for the transport tunnel because it uses IGP for the label
advertisement.

Please note that Segment Routing eliminates to use LDP only for the transport label
operation.

If you setup MPLS layer 2 VPN for the PW label, you will use either LDP or BGP because
Segment Routing does not provide such capability.

PW (Pseudowire) can be signaled via LDP or RSVP. LDP signaled pseudowire is also
known as Martini pseudowire, while BGP signaled pseudowire is also known as Kompella
psedowire.

So, if you provide layer 2 VPN service with Segment Routing, you will notice two labels:
transport label provided by the IGP to reach the correct PE; and LDP or BGP assigned label
for the end customer AC (Attachment circuit) identification in the remote PE.

MPLS is very powerful with its applications. MPLS and its applications are very powerful.

MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic
Engineering are the most common applications of IP/MPLS networks.

MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and
Web OTT.

More importantly, you can use all the MPLS applications with Segment Routing.
If you read this article, you should continue to read the “Segment Routing Use
Cases,Segment Routing Fast Reroute” articles as well.

I include couple references and resources in case you want to learn more about Segment
Routing.

http://www.segment-routing.net

http://www.ietf.org/proceedings/88/slides/slides-88-spring-13.pdf

http://blogs.cisco.com/sp/segment-routing-impact-on-software-defined-networks

https://datatracker.ietf.org/doc/draft-filsfils-spring-segment-routing-msdc/

https://datatracker.ietf.org/doc/draft-filsfils-spring-segment-routing-use-
cases/?include_text=1

https://www.youtube.com/watch?v=8qGVmrArU7o

https://www.youtube.com/watch?v=lujkWfdB4NM

https://www.youtube.com/watch?v=4G0h5XBnyGc

What about you ?

Do you have MPLS Traffic Engineering on your network ?

What sorts of problems you have if you have MPLS Traffic Engineering ?

What might be other use cases of Segment Routing ?

============================================================

When I read the latest posts about Fast ReRoute from Russ White and as I
had an introduction from a coworker contributing to some drafts, I thought it
was the right time to write my first article on PacketPushers. And here it is the
Introduction to Segment Routing!

What is it?
It is a new technology that will add benefit to IP and MPLS networks. It will
allow to have FRR protection for any topology, simpler to operate and more
scalable. For future SDN services it provides a quicker interaction with the
applications.

How it works?
Like in MPLS, Segment Routing is based on label switching but with no extra
protocol just extensions to the IGP (ISIS/OSPF).
Labels are called segments where we have the traditional Push, Swap, Pop
actions.

There are two types of Segments: Nodal and Adjacency where a segment
identifies a prefix:

 a Nodal Segment identifies the Node and exactly the prefix of his loopback
interface and it’s globally significant so it must be unique among nodes
 an Adjacency Segment represents the local segment (interface) to a
specific SR node, it is locally significant (don’t have to be unique among
nodes)
Figure 1:

In this example (Fig. 1) all links have the same metric. ISIS or OSPF
automatically builds segments where the Nodal segment uses the shortest-
path to the related node and for the adjacency segment it is one-hop through
the related interface:

 Each node advertises its global label with its loopback address (ISIS sub-
TLV or OSPF Opaque sub-TLV extension), the other nodes install the
nodal segment in the Segment Routing dataplane. Here B advertises 70,
nodes S and R uses 70 to reach B
 F allocates a local segment 10000 for its link B-F then advertises the
adjacency segment in the IGP but only B installs it in the dataplane
The “operator” allocates a Segment Routing block [ n, m ] then allocates to
each node from the SR block a global label (nodal SR). The adjacency
segment is outside the SR block and it is automatically allocated by each
node.

With this in mind, you clearly see that with the nodal segment attach to a
prefix, you will reach it via a shortest-path it could be ECMP or not it depends
on the IGP topology.

Let’s see two examples in detail.

Example 1 (Fig. 2): Node R advertises segment 70 to all other nodes. If S
wants to reach R, it will use the segment 70 (source routing), the path inherits
the ECMP behavior of IGP where nodes A, C will swap segment 70 with 70
and nodes B, D pops the label (PHP) and transmits the packet to the
destination R.

Figure 2:

With the adjacency segment (Fig. 3) you can steer the traffic through a
specific interface/segment. Let’s see if S wants to reach R (Nodal segment
70) but through B-D segment/link, we will use at the source the Path { 71,
10000, 70 }, at node A we pop the 1st label 71 which corresponds to B
loopback (Nodal Seg.), then B will force the traffic to D with the adj. segment
10000 and we use the IGP path to reach the destination.
Figure 3:

For the MPLS dataplane the segment is 32 bits size with the 20 right-most bits
encoded as a label. In classical MPLS a stack of label represents a list of
segments in SR, the active segment is the top label. The transport can be
IPv4 or IPv6 and can co-exist with LDP or RSVP control plane.

Use Cases

 FRR protection in any topology especially where in remote LFA we have

no PQ node. It is simple as we don’t have extra computation (T-LDP) just
put in the repair path a nodal segment to the P node and an adjacency
segment to the Q node
 Traffic Engineering, you can define per-flow CoS policies based on
latency, bandwidth
 SDN, to program a network it must be simple (no LDP or RSVP), scalable
(no LDP/IGP sync and Label database has much less labels) and
responsive (no signaling delay). For instance, an application can request
to the SDN controller a circuit with specific SLAs then the controller will
provide the segment to use. The controller can learn the topology with
various tools like BGP Link State.
Last but not least, SR is a multi-vendor solution and here are the references
that I used: www.segment-routing.net

I hope that this article gave you an idea of Segment Routing. Personaly, I
hope we will soon receive an EFT image from Cisco to test it and maybe write
another post with “real” examples.

=====================================================================
Segment Routing on IOS-XR
Posted on 11th August 2014 by Darren

Cisco has released some support for segment-routing on IOS-XR 5.2.0 so what better
time to lab it up. I’ve got four IOS-XRv boxes running 5.2.0:

RP/0/0/CPU0:XR1#sh ver | include XR

Cisco IOS XR Software, Version 5.2.0[Default]

Currently IS-IS is the only protocol with support in XR. There are drafts to get this
working in both OSPFv2 and OSPFv3

Segment Routing?
Segment routing is a huge topic. In the long run it’ll make it very easy for an SDN
controller to force packets through the network in any way it wants. The draft says that
it can use the existing MPLS data plane (aka labels) or the IPv6 data plane (header
extensions). Right now support is for the MPLS data plane only. The nice thing here is
that all devices that can currently switch based on labels should really only need a
software upgrade to run segment routing in it’s current form.

Currently, in order to populate the MPLS data plane with labels you need a MPLS
control plane protocol to distribute those labels. With segment routing, those labels are
distributed with the IGP. Your core is now simplified as it’s only running the IGP with
no LDP or RSVP. Your core no longer needs to keep LDP or RSVP state at all.

Traffic Engineering
Take the following simple diagram into consideration:

I’d like to use both paths to get from PE1 to PE2 for different taffic flows. This is possible
with RSVP by creating multiple RSVP-TE tunnels:

The above works perfectly fine, but those P routers need to keep state for each and every
RSVP tunnel going through them. In segment routing, there is a concept of a node
segment and adjaceny segment. There are also other segment types but I won’t go into
that yet. With the MPLS dataplane, each segment has a label. I can therefore force traffic
to go over a certain segment by adding the segment label to the stack.

In the above diagram, if I want PE1 to send to PE2 via the shortest path, it simply
imposes the node segment of PE2 onto the packet and sends it on. Every router in the
core knows what PE2’s node segment is and as such the packet is pushed through using
only that single label. Note that standard MPLS PHP behaviour is still used:

If I wanted to force traffic to PE2 to go over the P1-P2 link and then the P2-P3 link, I
would stack the labels to ensure it went that way. It’s the ingress PE that decides this:
PE1 has stacked the labels in such a way that it forces the packet to go to particular
segments. The core does not need to contain any of the LSP state. It simply installs the
labels from the IGPs previously sent.

Configuration
Segment Routing in 5.2.0 has been enabled, but at a preliminary level only. IS-IS is the
only IGP supported. MPLS dataplane is only supported. I can’t seem to find a way to
advertise adjaceny segments yet, only node segments. All of the above is fine for an
MPLS L3VPN lab. I’ll be using the following topology:
The CEs are running OSPFv2 and advertising their loopbacks into OSPF:

interface Loopback0

ip address 100.100.100.100 255.255.255.255

ip ospf 1 area 0

interface GigabitEthernet0/0.11

encapsulation dot1Q 11

ip address 10.0.11.1 255.255.255.0

 ip ospf 1 area 0

The PE config is pretty standard:

vrf CUS1

address-family ipv4 unicast

import route-target

100:1

export route-target

100:1

router ospf CUS1

vrf CUS1

redistribute bgp 100

area 0

interface GigabitEthernet0/0/0/0.11

!
!

router bgp 100

address-family vpnv4 unicast

neighbor 4.4.4.4

remote-as 100

update-source Loopback0

address-family vpnv4 unicast

vrf CUS1

rd 100:4

address-family ipv4 unicast

redistribute ospf CUS1

XR1 has a VPNv4 session with XR4 and advertising the prefixes over. Segment routing
is now enabled under the core IGP, IS-IS:

router isis 1

is-type level-2-only
 net 49.0001.0000.0000.0001.00

address-family ipv4 unicast

metric-style wide

segment-routing mpls

interface Loopback0

address-family ipv4 unicast

prefix-sid index 1000

interface GigabitEthernet0/0/0/1

address-family ipv4 unicast

interface GigabitEthernet0/0/0/2

address-family ipv4 unicast

For now you can only configure the node ID under the loopback interface. Once this is
all done, I should have a labbeled router to R4’s loopback, without LDP or RSVP:
RP/0/0/CPU0:XR1#show cef 4.4.4.4 | include labels

Sun Aug 10 19:48:51.587 UTC

local label 904000 labels imposed {904000}

local label 904000 labels imposed {904000}

RP/0/0/CPU0:XR1#show mpls int gigabitEthernet 0/0/0/1 detail

Sun Aug 10 19:49:25.145 UTC

Interface GigabitEthernet0/0/0/1:

LDP labelling not enabled

LSP labelling not enabled

MPLS ISIS enabled

MPLS enabled

There are two labels are XR1 has two equal cost paths to XR4. A quick traceroute will
show the same label:

RP/0/0/CPU0:XR1#traceroute 4.4.4.4

Sun Aug 10 19:50:16.191 UTC

Type escape sequence to abort.

Tracing the route to 4.4.4.4

1 10.0.12.2 [MPLS: Label 904000 Exp 0] 9 msec 0 msec 0 msec

 2 10.0.24.4 0 msec * 0 msec

Note that L3VPN still uses an inner label, the service/VPN label. The outer transport
label has been replaced with the segment routing label. A traceroute from CE1 to CE2
will confirm this:

CE1#traceroute 200.200.200.200 so lo0 numeric

Type escape sequence to abort.

Tracing the route to 200.200.200.200

VRF info: (vrf in name/id, vrf out name/id)

1 10.0.11.10 1 msec 1 msec 1 msec

2 10.0.12.2 [MPLS: Labels 904000/16001 Exp 0] 4 msec 3 msec 3

msec

3 10.0.24.4 [MPLS: Label 16001 Exp 0] 3 msec 7 msec 3 msec

4 10.0.42.2 4 msec * 4 msec

Conclusions
 Basic segment routing is increadibly easy to enable

 I don’t see ISPs changing from RSVP-TE to SR anytime soon, but I think it will happen
eventually

 SDN is a great use case for SR, as the controller can inform PEs which segment labels to
stack onto a packet as it ingresses the router

 Perhaps even the host itself could send a packet with an SR stack imposed. Maybe that
host has learnt this stack from the SDN controller? Time will tell