TechWiseTV Workshop: Segment Routing for the Datacenter

Manager, Product Management

Segment Routing in Datacenter

July 2016

Vipul Shah

2© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

• Deliver an amazing user experience• Differentiated user outcomes• System resiliency

• Maximize productivity• Efficient return on capex• Stretched opex / scale

The goals…

Costs Down

Service up


• Amazing user experiences:• Inability to treat individual packets the way they really want or need to be

treated• Spray and pray

• Assumption network has little value above connectivity• Lack of granular method of signaling application’s intent

• Blunt traffic steering tools

• Productivity / costs: What are the challenges?• Stranded and/or underutilized resources• Organizational disconnect (no link from app dev to network intent)

What was holding us back?


• Multiple forwarding domains, teams, mechanisms

• Diverse and sometimes unpredictable behaviors

• Network policy separated from application intentions or needs

Forwarding in today’s networksP

eerin

g

Data center fabric

Core /backbone

Data center fabric

Compute and storage

Compute and storage

InternetInternet MPLS

IP / ECMP

Overlay

IP / ECMP

Overlay

How do you build SDN capability into

that?


What is Segment Routing?

Segment Routing…..

• is an application-optimized network transport that provides strict network performance guarantees

• leverages the source routing paradigm• Label path is encoded at the source which

allows for traffic engineering based on the application requirements

Orchestrator

Applications

Segment Routing


• Predictable traffic steering technology

• Policy expression in the packet / “stateless”

• Capability independent of the “place in the network”

• An scalable, flexible, extensible framework

• The underpinnings of true SDN

The big picture

Scalable,Flexible,

Extensible,Programmable,and PredictableTraffic Steering

In summary

Segment Routing is an architectural approach to creating an end-to-end unified forwarding paradigm


• Source Routing• the source chooses a path and encodes it in the packet header as an ordered list of

segments• the rest of the network executes the encoded instructions

• Segment: an identifier for any type of instruction• forwarding or service

• Forwarding Plane:• MPLS: an ordered list of segments is represented as a stack of labels• IPv6: an ordered list of segments is encoded in a routing extension header

• Multi-Vendor solution

The technical picture


• Strong commitment for standardization andmulti-vendor support

• SPRING Working-Group (started Nov 2013)

• All key documents are WG-status

• Over 25 drafts maintained by SR team• Over 50% are WG status• Over 75% have a Cisco implementation

• Several interop reports are available

• First RFC document - RFC 7855 (May 2016)

IETFwww.segment-routing.nettools.ietf.org/wg/spring/

http://www.segment-routing.net/

https://tools.ietf.org/wg/spring/


• First deployments in 2015 with adoption in the WAN

• Strong start in 2016 with many new deployments.

• Soon-to-deploy in large Service Provider networks for end-to-end switching (DC to WAN)

Technology Adoption


• Leverage source routing for explicit path control to• create logical forwarding planes over the physical infrastructure• champion performance guarantee for SLA• create deterministic, yet adaptive networks• provide capacity and bandwidth management capability with on-demand provisioning• create stateless transit networks

• Network visibility for applications

• Consistent forwarding architecture between datacenter and WAN

• Reduce OpEx with simplified forwarding solution

• All the above & more with easy to Configure, Scale and Orchestrate

SR relevance inside datacenter Simple


Segment Routing Platform Support

Supported with all Nexus 3000 and Nexus 9000 series

Other Nexus platforms in the roadmap

Shipping since Feb CY 2016


Segment Routing Architecture on Nexus 9000 and 3000


13

Overview

• Built on top of existing MPLS forwarding infrastructure.

• MPLS label as a forwarding construct to identify segment (Segment ID).

• Predictable Label allocation schema across the network.

• BGP-LU as a control protocol to distribute Label.

BRKDCN-2050


Dataplane• MPLS: an ordered list of segments is represented as a stack of labels

• SR re-uses MPLS dataplane without any change – Current implementation

• IPv6: an ordered list of segments is represented as a routing extension header, see 4.4 of RFC2460

Control Plane• BGP-based segments with minor extensions to communicate neighbor relationships –

Current implementation

• IGP-based segments require minor extension to the existing link-state routing protocols (OSPF and IS-IS)

Segment Routing


• Node segment ID• A global value “100” means “100” everywhere

inside the domain• An instruction to forward the packet over the

ECMP-aware shortest-path to the node(s) that own(s) the SID

• Adjacency segment ID• A local value representing an outgoing

adjacency or set of adjacencies• An adjacency can be thought of similar to

“outgoing interface”

What is a segment?

9001

9002

Adjacency SIDNodal SID

66

65

65900166Data

900166Data

66Data Data

1.1.1.0

Prefix

A

Z


SR operations illustration • Steer traffic on any path through the network

• Path is specified by list of segments in packet header, a stack of labels

• No path is signaled

• No per-flow state is created

• IS-IS, OSPF, BGP all supported

Node Z56056

1 3 5 7

2 4 6 8

101Payload to Z

16101

56056

16005

Payload to Z

16101

56056

16005

Payload to Z

16101

56056

Payload to Z

16101

Payload to Z

16101

Payload to Z

Goal: Go to Z but avoid node 7

Source A


Control Plane: Segment Routing Global Block (SRGB)• Consistent and predictable label values across

network.

• Carve a subset of Label block from wider MPLS Label range.

• Default SRGB range is 16,000 to 23,999.

• New attribute “Label Index” is carried in BGP update.

• Label at every node is calculated based on following formula.

Label = SRGB base + Label Index (Received in BGP update)E.g. Prefix 172.0.11.0/24 with Label Index of 1 gets label 16001

3

2

1

3

2

1…

…

…

…

20 22 1600116001

1600116001

Application172.0.11.0/24 Label Index: 1


• Anycast prefixes: same prefix advertised by multiple nodes

• Anycast prefix-SID: prefix-SID associated with anycast prefix• Same prefix-SID for the same prefix!

• Traffic is forwarded to one of the Anycast prefix-SID originators based on best IGP path

• If primary node fails, traffic is auto re-routed to another node

• High-availability• If one of the Eastern Region routers fail, the policy survives

Anycast prefix segments


BGP-LS used to signal topology information to route controller

BGP Peering Segment

DC

10

11

12

13

143

1

PEERS

• Used to identify peer adjacencies that are either internal or external to the administrative domain

• Three types:PeerNode

PeerAdj

PeerSet


AS1

AS3

AS4B

C

D

E

BGP-LS

Controller

A9.9.9.9/32

1. Node C configures EPE for eBGP Peers2. Node C allocates unique PeerNode SID to

peer D & E3. Node C allocates Adjacency SID for ECMP

links for each E4. Node C allocates a single PeerSet SID for

both D & E

The controller learns the BGP Peering SID’s and the external topology of the egress border

router

BGP-LU

Controller can program the ingress node A to steer traffic to

9.9.9.9/32 via egress node C and AS3 (peer E)

Egress Peer Engineering (EPE)

END RESULTAS2


How is Segment Routing different than Traditional MPLS?

21

• Simple extensions in IGP/BGP protocol • No LDP/RSVP complexities and limitsStandardized Control Plane

• Dedicated forwarding path & bandwidth• Performance guaranteesAdaptive SLA

• End-to-end forwarding and TE• Removes multiple layers of technology

Single Operational Model

• Support ECMP• Minimize LSP state in network• CPU & memory saving

Efficient Datapath

• Optimal path creation directly at source• Remove complexities of RSVP

Simplified Traffic Engineering

• Support for NXAPI/DME• Future support for Puppet/AnsibleProgrammatic Interface


SR Use Cases


Deployment reasons for SR

23

• VRF Segmentation and Multi-Tenancy• Optimal path programmed at host/TORApplication Segmentation

• Controller Solution for network visibility• Leverage congestion feedback forbetter intelligence

Adaptive network

• Create deterministic networks• Network-wide resource optimization Traffic steering

• Allocate bandwidth capacity on-demand• Control which path apps can take

On-demand Bandwidth

• Logical separation of physical infra• Separation of different traffic typesMulti-plane networks


Cisco Confidential 24© 2013 Cisco and/or its affiliates. All rights reserved.

SR Datacenter Transport Network : Topology Reference

ToR 16111 ToR ToR

ToR16114

Leaf1711118100

Lef1711218200

L L

SpineUnicast:17101Anycast:18100

Spine1710218100

Spine1720118200

Spine1720218200

Spine1730118300

Spine1730218300

Spine1740118400

Spine1740218400

ToR16121

ToR1612

2ToR ToR

L1721118100

L L L

ToR ToRToR 1613

3ToR

L L L L

POD 1 POD 2 POD 3

DCI DCI

2 path options:- Full ECMP: ToR/DCI prefix-SID- Specific plane: anycast SID + ToR/DCI prefix-SIDPCE

BGP LU + prefix-SID

PCE

ToR ToRToR 1613

7ToR

L L LLeaf

1741818400

Spine1740318400

Spine1740418400


Content Delivery or Service Provider Network Application Traffic Steering Across Optimal Path

• BGP-LU control plane establishes SR channels from ToRs to Spines for a particular IP segment

• Label allocated at the ToRs for IP segments. Multiple IP segments can be associated with single labels

• Stack of labels is encoded at TOR or host to allow path splicing

• Traffic is directed to Spines over desired path

ToR ToR ToR ToR

Leaf Leaf Leaf Leaf

Spine Spine

POD 1

IP (1.1.1.0/24)

IP or MPLS packet


Financial ApplicationMulti-plane Network

• Explicit path expressed in labeled packets either at the TOR or at the Hypervisor

• Each ToR can have multiple uplinks and each uplink takes the flow to a different routing plane for traffic segmentation

ToR ToR ToR ToR

Leaf Leaf Leaf Leaf

Spine Spine

IP or MPLS packet

IP (1.1.1.0/24) IP (2.2.2.0/24)

POD 1


Enterprise NetworksAnycast Forwarding

• Anycast prefixes: same prefix advertised by multiple nodes

• Anycast prefix-SID: prefix-SID associated with anycast prefix. Same prefix-SID for the same prefix

• Traffic is forwarded to one of the Anycast prefix-SIDs based on best path.

• If primary node fails, traffic is re-routed through another node

ToR ToR ToR ToR

Leaf Leaf Leaf Leaf

Spine Spine

POD 1

IP (1.1.1.0/24)

IP or MPLS packet


Route scale with Multi hop BGP overlay and SR underlay

• Multi-hop eBGP sessions between Spines and TORs to advertise Vanilla IP prefixes

• ToRs install routes for learnt prefixes with Spines as ECMP next hops over Tunnel underlays

• ToRs impose Labels on IP packets received from Hosts and direct them to Spines over ECMP Tunnels

Benefits• Optimize label usage in SR

domain (labels are tied to the next-hop through MPLS)

• Reduce state in the fabric

ToR ToR ToR ToR

Leaf Leaf L L

Spine Spine

POD 1

BGP-LU

BGP-LU

IP

MPLS

MPLS

Multihop eBGP

IP or MPLS packet


MPLS layer 2 VPNs, L3 VPNs are most common applications of IP/MPLS networks.

Segment Routing can provide an efficient and scalable transport for VPN services

IGP/EGP only– No LDP, no RSVP-TE

ECMP support

1

2 3

4

6 5

7

Site1 CPE

pkt

16200VPN Label

pkt

16100VPN label

pkt

pktvpn

pkt

PESR

Transport w/ ECMP

Site2 CPE Site2

CPESite1 CPE

pktvpn

Enterprise NetworksSimple and Efficient Transport of MPLS services


• Solve Micro-loop avoidance• Topology Independent Loop-free Alternate Fast Re-route (TI-LFA)• Egress Peering for low latency vs high cost path• Low Latency path selection• Multi-pod stitching• DC to DC transit• etc

And the possibilities are many more…..

These are suggested use case for future validation


SR Provisioning & Orchestration


32

Zero Touch Node Isolation

Controller

16004

18101

17104

18101

17104

18101

… … … …ToR

Leaf

Spine

16001 16002

17001 17002 17003 17004 17101 17102 17103 17104

18001 18050 18101 18150

Applications

20001

• Isolate a node with zero touch provisioning.

• A new Anycast SID represents only Active members.

• Controller pushes the new SID/Label to the network

BRKDCN-2050


• Orchestrate an end-to-end segment routing path, as governed with a stateful PCE controller running native SRTE algorithms

• Deliver performance-engineered paths per the SLA

• Real-time reactive feed via BGP-LS/ISIS/OSPF from multiple domains

• SR PCE deployment model more like BGP Route Reflectors

SR PCE

vPE120001

ToR20002

Spine20003

LSR17002

LSR16003

vPE220001

ToR20002

Spine20003

LSR18002

DC A1 METRO A METRO BWAN DC B2

Multi-Domain Topology SR PCECompute

DCI117001

AGG116001

AGG216002

DCI218001


34

Global Configuration!Enable Required Feature setsN9K1#config terminalN9K1(config)#feature-set mplsN9K1(config)#install feature-set mplsN9K1(config)#feature bgpN9K1(config)#feature mpls segment-routingN9K1(config)#segment-routing mplsN9K1(config-segment-routing-mpls))#endN9K1#..!Enable mpls forwarding on respective interfacesN9K1#config terminalN9K1(config)#interface <x>N9K1(config-if)#mpls ip forwardingN9K1(config-if)#end

BRKDCN-2050


35

OrchestrationProgrammability support with Nexus 3K/9K platforms


36

OrchestrationProgrammability support with Nexus 3K/9K platforms

import requestsimport json url='http://172.x.x.x/ins' switchuser='administrator'switchpassword='cisco123' myheaders={'content-type':'application/json-rpc'}payload=[ { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "config t", "version": 1 }, "id": 1 }, { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "segment-routing mpls", "version": 1 }, "id": 2 }]response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(switchuser,switchpassword)).json()


Conclusions


• Amazing user experiences• Differentiated user outcomes by treating individual packets the way

they really want or need to be treated• Built-in resiliency• Unprecedented application control of its own destiny• One forwarding domain / behavior / organization

• Cost containment / productivity enhancement• Simple method to scale network capacity with minimal network state

on low-cost devices• Policy framework with no need to constantly reconfigure the network• Optimal use of internal resources• One forwarding domain / behavior / organization

Meeting the goals…


Key Benefits of Segment RoutingLabel Switching Domain

Inter-DC Network and Peering Sites

Optical Core

DisaggregatedCore

DC FabricLayers

Computeand Storage

Internet Peers

100G

… … … …

…

…

Other DC

Application aware network creation 1

No Signaling - All state travels in the packet!2

Performance guarantees3

ECMP-aware traffic steering4

Adaptive traffic switching5

Significant cost reduction & Investment protection6


• http://www.segment-routing.net

• http://www.segment-routing.net/home/tutorial

• http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-737536.html

• http://blogs.cisco.com/datacenter/application-level-intelligence-in-the-data-center-using-segment-routing?_ga=1.127143757.1347823405.1468366647

Still need more info

http://www.segment-routing.net/home/tutorial

http://www.segment-routing.net/home/tutorial

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-737536.html



http://blogs.cisco.com/datacenter/application-level-intelligence-in-the-data-center-using-segment-routing?_ga=1.127143757.1347823405.1468366647



Date post:	16-Apr-2017
Category:	Technology
Upload:	robb-boyd
View:	360 times
Download:	0 times