Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | robb-boyd |
View: | 360 times |
Download: | 0 times |
Manager, Product Management
Segment Routing in Datacenter
July 2016
Vipul Shah
2© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Deliver an amazing user experience• Differentiated user outcomes• System resiliency
• Maximize productivity• Efficient return on capex• Stretched opex / scale
The goals…
Costs Down
Service up
3© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Amazing user experiences:• Inability to treat individual packets the way they really want or need to be
treated• Spray and pray
• Assumption network has little value above connectivity• Lack of granular method of signaling application’s intent
• Blunt traffic steering tools
• Productivity / costs: What are the challenges?• Stranded and/or underutilized resources• Organizational disconnect (no link from app dev to network intent)
What was holding us back?
4© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Multiple forwarding domains, teams, mechanisms
• Diverse and sometimes unpredictable behaviors
• Network policy separated from application intentions or needs
Forwarding in today’s networksP
eerin
g
Data center fabric
Core /backbone
Data center fabric
Compute and storage
Compute and storage
InternetInternet MPLS
IP / ECMP
Overlay
IP / ECMP
Overlay
How do you build SDN capability into
that?
5© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is Segment Routing?
Segment Routing…..
• is an application-optimized network transport that provides strict network performance guarantees
• leverages the source routing paradigm• Label path is encoded at the source which
allows for traffic engineering based on the application requirements
Orchestrator
Applications
Segment Routing
6© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Predictable traffic steering technology
• Policy expression in the packet / “stateless”
• Capability independent of the “place in the network”
• An scalable, flexible, extensible framework
• The underpinnings of true SDN
The big picture
Scalable,Flexible,
Extensible,Programmable,and PredictableTraffic Steering
In summary
Segment Routing is an architectural approach to creating an end-to-end unified forwarding paradigm
7© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Source Routing• the source chooses a path and encodes it in the packet header as an ordered list of
segments• the rest of the network executes the encoded instructions
• Segment: an identifier for any type of instruction• forwarding or service
• Forwarding Plane:• MPLS: an ordered list of segments is represented as a stack of labels• IPv6: an ordered list of segments is encoded in a routing extension header
• Multi-Vendor solution
The technical picture
8© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Strong commitment for standardization andmulti-vendor support
• SPRING Working-Group (started Nov 2013)
• All key documents are WG-status
• Over 25 drafts maintained by SR team• Over 50% are WG status• Over 75% have a Cisco implementation
• Several interop reports are available
• First RFC document - RFC 7855 (May 2016)
IETFwww.segment-routing.nettools.ietf.org/wg/spring/
9© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• First deployments in 2015 with adoption in the WAN
• Strong start in 2016 with many new deployments.
• Soon-to-deploy in large Service Provider networks for end-to-end switching (DC to WAN)
Technology Adoption
10© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Leverage source routing for explicit path control to• create logical forwarding planes over the physical infrastructure• champion performance guarantee for SLA• create deterministic, yet adaptive networks• provide capacity and bandwidth management capability with on-demand provisioning• create stateless transit networks
• Network visibility for applications
• Consistent forwarding architecture between datacenter and WAN
• Reduce OpEx with simplified forwarding solution
• All the above & more with easy to Configure, Scale and Orchestrate
SR relevance inside datacenter Simple
11© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Segment Routing Platform Support
Supported with all Nexus 3000 and Nexus 9000 series
Other Nexus platforms in the roadmap
Shipping since Feb CY 2016
12© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Segment Routing Architecture on Nexus 9000 and 3000
13© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
13
Overview
• Built on top of existing MPLS forwarding infrastructure.
• MPLS label as a forwarding construct to identify segment (Segment ID).
• Predictable Label allocation schema across the network.
• BGP-LU as a control protocol to distribute Label.
BRKDCN-2050
14© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Dataplane• MPLS: an ordered list of segments is represented as a stack of labels
• SR re-uses MPLS dataplane without any change – Current implementation
• IPv6: an ordered list of segments is represented as a routing extension header, see 4.4 of RFC2460
Control Plane• BGP-based segments with minor extensions to communicate neighbor relationships –
Current implementation
• IGP-based segments require minor extension to the existing link-state routing protocols (OSPF and IS-IS)
Segment Routing
15© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Node segment ID• A global value “100” means “100” everywhere
inside the domain• An instruction to forward the packet over the
ECMP-aware shortest-path to the node(s) that own(s) the SID
• Adjacency segment ID• A local value representing an outgoing
adjacency or set of adjacencies• An adjacency can be thought of similar to
“outgoing interface”
What is a segment?
9001
9002
Adjacency SIDNodal SID
66
65
65900166Data
900166Data
66Data Data
1.1.1.0
Prefix
A
Z
16© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SR operations illustration • Steer traffic on any path through the network
• Path is specified by list of segments in packet header, a stack of labels
• No path is signaled
• No per-flow state is created
• IS-IS, OSPF, BGP all supported
Node Z56056
1 3 5 7
2 4 6 8
101Payload to Z
16101
56056
16005
Payload to Z
16101
56056
16005
Payload to Z
16101
56056
Payload to Z
16101
Payload to Z
16101
Payload to Z
Goal: Go to Z but avoid node 7
Source A
17© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Control Plane: Segment Routing Global Block (SRGB)• Consistent and predictable label values across
network.
• Carve a subset of Label block from wider MPLS Label range.
• Default SRGB range is 16,000 to 23,999.
• New attribute “Label Index” is carried in BGP update.
• Label at every node is calculated based on following formula.
Label = SRGB base + Label Index (Received in BGP update)E.g. Prefix 172.0.11.0/24 with Label Index of 1 gets label 16001
3
2
1
3
2
1…
…
…
…
20 22 1600116001
1600116001
Application172.0.11.0/24 Label Index: 1
18© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Anycast prefixes: same prefix advertised by multiple nodes
• Anycast prefix-SID: prefix-SID associated with anycast prefix• Same prefix-SID for the same prefix!
• Traffic is forwarded to one of the Anycast prefix-SID originators based on best IGP path
• If primary node fails, traffic is auto re-routed to another node
• High-availability• If one of the Eastern Region routers fail, the policy survives
Anycast prefix segments
19© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP-LS used to signal topology information to route controller
BGP Peering Segment
DC
10
11
12
13
143
1
PEERS
• Used to identify peer adjacencies that are either internal or external to the administrative domain
• Three types:PeerNode
PeerAdj
PeerSet
20© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AS1
AS3
AS4B
C
D
E
BGP-LS
Controller
A9.9.9.9/32
1. Node C configures EPE for eBGP Peers2. Node C allocates unique PeerNode SID to
peer D & E3. Node C allocates Adjacency SID for ECMP
links for each E4. Node C allocates a single PeerSet SID for
both D & E
The controller learns the BGP Peering SID’s and the external topology of the egress border
router
BGP-LU
Controller can program the ingress node A to steer traffic to
9.9.9.9/32 via egress node C and AS3 (peer E)
Egress Peer Engineering (EPE)
END RESULTAS2
21© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How is Segment Routing different than Traditional MPLS?
21
• Simple extensions in IGP/BGP protocol • No LDP/RSVP complexities and limitsStandardized Control Plane
• Dedicated forwarding path & bandwidth• Performance guaranteesAdaptive SLA
• End-to-end forwarding and TE• Removes multiple layers of technology
Single Operational Model
• Support ECMP• Minimize LSP state in network• CPU & memory saving
Efficient Datapath
• Optimal path creation directly at source• Remove complexities of RSVP
Simplified Traffic Engineering
• Support for NXAPI/DME• Future support for Puppet/AnsibleProgrammatic Interface
22© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SR Use Cases
23© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployment reasons for SR
23
• VRF Segmentation and Multi-Tenancy• Optimal path programmed at host/TORApplication Segmentation
• Controller Solution for network visibility• Leverage congestion feedback forbetter intelligence
Adaptive network
• Create deterministic networks• Network-wide resource optimization Traffic steering
• Allocate bandwidth capacity on-demand• Control which path apps can take
On-demand Bandwidth
• Logical separation of physical infra• Separation of different traffic typesMulti-plane networks
24© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Confidential 24© 2013 Cisco and/or its affiliates. All rights reserved.
SR Datacenter Transport Network : Topology Reference
ToR 16111 ToR ToR
ToR16114
Leaf1711118100
Lef1711218200
L L
SpineUnicast:17101Anycast:18100
Spine1710218100
Spine1720118200
Spine1720218200
Spine1730118300
Spine1730218300
Spine1740118400
Spine1740218400
ToR16121
ToR1612
2ToR ToR
L1721118100
L L L
ToR ToRToR 1613
3ToR
L L L L
POD 1 POD 2 POD 3
DCI DCI
2 path options:- Full ECMP: ToR/DCI prefix-SID- Specific plane: anycast SID + ToR/DCI prefix-SIDPCE
BGP LU + prefix-SID
PCE
ToR ToRToR 1613
7ToR
L L LLeaf
1741818400
Spine1740318400
Spine1740418400
25© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Content Delivery or Service Provider Network Application Traffic Steering Across Optimal Path
• BGP-LU control plane establishes SR channels from ToRs to Spines for a particular IP segment
• Label allocated at the ToRs for IP segments. Multiple IP segments can be associated with single labels
• Stack of labels is encoded at TOR or host to allow path splicing
• Traffic is directed to Spines over desired path
ToR ToR ToR ToR
Leaf Leaf Leaf Leaf
Spine Spine
POD 1
IP (1.1.1.0/24)
IP or MPLS packet
26© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Financial ApplicationMulti-plane Network
• Explicit path expressed in labeled packets either at the TOR or at the Hypervisor
• Each ToR can have multiple uplinks and each uplink takes the flow to a different routing plane for traffic segmentation
ToR ToR ToR ToR
Leaf Leaf Leaf Leaf
Spine Spine
IP or MPLS packet
IP (1.1.1.0/24) IP (2.2.2.0/24)
POD 1
27© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise NetworksAnycast Forwarding
• Anycast prefixes: same prefix advertised by multiple nodes
• Anycast prefix-SID: prefix-SID associated with anycast prefix. Same prefix-SID for the same prefix
• Traffic is forwarded to one of the Anycast prefix-SIDs based on best path.
• If primary node fails, traffic is re-routed through another node
ToR ToR ToR ToR
Leaf Leaf Leaf Leaf
Spine Spine
POD 1
IP (1.1.1.0/24)
IP or MPLS packet
28© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Route scale with Multi hop BGP overlay and SR underlay
• Multi-hop eBGP sessions between Spines and TORs to advertise Vanilla IP prefixes
• ToRs install routes for learnt prefixes with Spines as ECMP next hops over Tunnel underlays
• ToRs impose Labels on IP packets received from Hosts and direct them to Spines over ECMP Tunnels
Benefits• Optimize label usage in SR
domain (labels are tied to the next-hop through MPLS)
• Reduce state in the fabric
ToR ToR ToR ToR
Leaf Leaf L L
Spine Spine
POD 1
BGP-LU
BGP-LU
IP
MPLS
MPLS
Multihop eBGP
IP or MPLS packet
29© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MPLS layer 2 VPNs, L3 VPNs are most common applications of IP/MPLS networks.
Segment Routing can provide an efficient and scalable transport for VPN services
IGP/EGP only– No LDP, no RSVP-TE
ECMP support
1
2 3
4
6 5
7
Site1 CPE
pkt
16200VPN Label
pkt
16100VPN label
pkt
pktvpn
pkt
PESR
Transport w/ ECMP
Site2 CPE Site2
CPESite1 CPE
pktvpn
Enterprise NetworksSimple and Efficient Transport of MPLS services
30© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Solve Micro-loop avoidance• Topology Independent Loop-free Alternate Fast Re-route (TI-LFA)• Egress Peering for low latency vs high cost path• Low Latency path selection• Multi-pod stitching• DC to DC transit• etc
And the possibilities are many more…..
These are suggested use case for future validation
31© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SR Provisioning & Orchestration
32© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
32
Zero Touch Node Isolation
Controller
16004
18101
17104
18101
17104
18101
… … … …ToR
Leaf
Spine
16001 16002
17001 17002 17003 17004 17101 17102 17103 17104
18001 18050 18101 18150
Applications
20001
• Isolate a node with zero touch provisioning.
• A new Anycast SID represents only Active members.
• Controller pushes the new SID/Label to the network
BRKDCN-2050
33© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Orchestrate an end-to-end segment routing path, as governed with a stateful PCE controller running native SRTE algorithms
• Deliver performance-engineered paths per the SLA
• Real-time reactive feed via BGP-LS/ISIS/OSPF from multiple domains
• SR PCE deployment model more like BGP Route Reflectors
SR PCE
vPE120001
ToR20002
Spine20003
LSR17002
LSR16003
vPE220001
ToR20002
Spine20003
LSR18002
DC A1 METRO A METRO BWAN DC B2
Multi-Domain Topology SR PCECompute
DCI117001
AGG116001
AGG216002
DCI218001
34© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
34
Global Configuration!Enable Required Feature setsN9K1#config terminalN9K1(config)#feature-set mplsN9K1(config)#install feature-set mplsN9K1(config)#feature bgpN9K1(config)#feature mpls segment-routingN9K1(config)#segment-routing mplsN9K1(config-segment-routing-mpls))#endN9K1#..!Enable mpls forwarding on respective interfacesN9K1#config terminalN9K1(config)#interface <x>N9K1(config-if)#mpls ip forwardingN9K1(config-if)#end
BRKDCN-2050
35© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
35
OrchestrationProgrammability support with Nexus 3K/9K platforms
36© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
36
OrchestrationProgrammability support with Nexus 3K/9K platforms
import requestsimport json url='http://172.x.x.x/ins' switchuser='administrator'switchpassword='cisco123' myheaders={'content-type':'application/json-rpc'}payload=[ { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "config t", "version": 1 }, "id": 1 }, { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "segment-routing mpls", "version": 1 }, "id": 2 }]response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(switchuser,switchpassword)).json()
37© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Conclusions
38© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Amazing user experiences• Differentiated user outcomes by treating individual packets the way
they really want or need to be treated• Built-in resiliency• Unprecedented application control of its own destiny• One forwarding domain / behavior / organization
• Cost containment / productivity enhancement• Simple method to scale network capacity with minimal network state
on low-cost devices• Policy framework with no need to constantly reconfigure the network• Optimal use of internal resources• One forwarding domain / behavior / organization
Meeting the goals…
39© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Benefits of Segment RoutingLabel Switching Domain
Inter-DC Network and Peering Sites
Optical Core
DisaggregatedCore
DC FabricLayers
Computeand Storage
Internet Peers
100G
… … … …
…
…
Other DC
Application aware network creation 1
No Signaling - All state travels in the packet!2
Performance guarantees3
ECMP-aware traffic steering4
Adaptive traffic switching5
Significant cost reduction & Investment protection6
40© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• http://www.segment-routing.net
• http://www.segment-routing.net/home/tutorial
• http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-737536.html
• http://blogs.cisco.com/datacenter/application-level-intelligence-in-the-data-center-using-segment-routing?_ga=1.127143757.1347823405.1468366647
Still need more info