Cisco Systems, Inc.

Belgium cf@cisco.com

Cisco Systems, Inc.

France fclad@cisco.com

Cisco Systems, Inc.

Spain pcamaril@cisco.com

Gran Sasso Science Institute

Italy ahmed.abdelsalam@gssi.it

Universita di Roma "Tor Vergata"

Italy stefano.salsano@uniroma2.it

Universite catholique de Louvain

Belgium olivier.bonaventure@uclouvain.be

Cisco

USA jakuhorn@cisco.com

Cisco

USA jliste@cisco.com

General SPRING SRv6 Segment Routing IPv6 Segment Routing Segment Routing (SR) can be applied to the IPv6 data plane by leveraging a new type of routing extension header, called Segment Routing Header (SRH). An SRH contains an ordered list, or sequence, of segments representing topological or service-based instructions, or any combination of those. This draft provides an overview of IPv6 Segment Routing (SRv6) implementations and interoperability. It makes an inventory of the various pieces of hardware and software that have been demonstrated to support the processing of an SRH, and details some interoperability scenarios that have been showcased at a public event.

Segment Routing (SR), defined in , allows a node to steer packets through a controlled sequence of instructions, called segments, by prepending an SR header to the packets. The IPv6 instantiation of Segment Routing (SRv6) leverages the Segment Routing Header (SRH), a new type of IPv6 routing extension header defined in . As described in , an SRv6 segment is a network instruction composed of a locator and a function that is encoded as an IPv6 address. The segment locator is an IPv6 prefix used by routing devices to steer the packet along the shortest IGP path up to the node that advertises this prefix. Since the active segment is placed in the Destination Address field of the IPv6 header, steering by intermediate devices only involves plain IPv6 forwarding and does not require any SR-specific capability. Once the packet reaches the node indicated by the segment locator, the segment function is identified and the packet is processed accordingly. Although the SR functions are locally defined on each node, a set of general purpose functions have been proposed for standardization in in order to ease interoperability. This set is further extended with specific purposes functions in and .

The hardware and software platforms listed below have been demonstrated to support the processing of an SRH as described in . This section also indicates the supported SRv6 functions and transit behaviors on open-source software. Open-source platforms: Linux kernel: End, End.X, End.T, End.DX2, End.DX6, End.DX4, End.DT6, End.B6, End.B6.Encaps, T.Insert, T.Encaps, T.Encaps.L2 Linux srext module: End, End.X, End.DX2, End.DX6, End.DX4, End.AD, End.AM FD.io VPP: End, End.X, End.DX2, End.DX6, End.DX4, End.DT6, End.DT4, End.B6, End.B6.Encaps, End.AS, End.AD, End.AM, T.Insert, T.Encaps, T.Encaps.L2 Cisco: Cisco ASR 1000 with IOS XE engineering code Cisco ASR 9000 with IOS XR engineering code Cisco NCS 5500 with IOS XR engineering code Barefoot Networks: Barefoot Networks Tofino

In addition to the aforementioned routing platforms, the following open-source applications have been extended to support the processing of IPv6 packets containing an SRH. For Wireshark, tcpdump, iptables and nftables, these extensions have been included in the mainstream version. Wireshark tcpdump iptables nftables Snort

The following interoperability testing scenarios were publicly showcased on August 21-24, 2017 at the SIGCOMM conference. Five different implementations of SRv6 behaviors were used for this testing: Software implementation in Linux using the srext kernel module created by University of Rome, Tor Vergata, Italy. Software implementation in the FD.io Vector Packet Processor (VPP) virtual router. Hardware implementation in Barefoot Networks Tofino NPU using the P4 programming language. Hardware implementation in Cisco NCS 5500 router using commercially available NPU. Hardware implementation in Cisco ASR 1000 router using custom ASIC.

As shown in the figure above, the testbed consisted of 9 different nodes: Nodes 1 and 3 are Cisco ASR 1000 routers running IOS XE engineering code Node 2 is a Cisco ASR 9000 router (realizing IPv6 forwarding only) Node 4 is a Barefoot Wedge 100BF router Node 5 is a Cisco NCS 5500 router running IOS XR engineering code Node 6 is a Linux server running the srext kernel module Node 7 is a Linux server running the FD.io VPP Node 8 is a Linux container running Snort Node 9 is a Linux container running iptables On sites A and B the TRex software is used for traffic generation. In addition, after every layer 3 operation in the network, Wireshark traffic analyzer is used to verify proper functionality.

This scenario covers simple L3 VPN functionality for IPv6 traffic using the SRv6 behaviors T.Encaps and End.DX6 in conjunction with regular IPv6 routing. IPv6 traffic is generated in site A and sent towards a destination in site B. Node 1 performs the T.Encaps operation on the received traffic. Each packet is encapsulated with an IPv6 header and an SRH containing 1 segment, owned by node 3, then forwarded along the shortest path to 3. Node 2 performs standard IPv6 forwarding. Node 3 performs the End.DX6 function on the received traffic. Each packet is decapsulated then forwarded on the appropriate interface towards site B. Traffic generator in site B captures and verifies the received traffic.

This scenario covers L3 VPN overlay with underlay optimization in a single SRv6 encapsulation (IPv6 header + SRH). It leverages the same T.Encaps and End.DX6 behaviors as the first scenario, combined with the End and End.X functions. IPv6 traffic is generated in site A and sent towards a destination in site B. Node 1 performs the T.Encaps operation on the received traffic. Each packet is encapsulated with an IPv6 header and an SRH containing 3 segments, respectively owned by nodes 4, 5 and 3. The outer IPv6 Destination Address is set to the first segment and the packets are forwarded accordingly. Node 4 performs the End function, forwarding the packets on the shortest paths towards node 5. Node 5 performs the End.X function, forwarding the packets on a specific interface towards node 3. Node 3 performs the End.DX6, decapsulating and then forwarding each packet on the appropriate interface towards site B. Traffic generator in site B captures and verifies the received traffic.

This scenario covers L3 VPN overlay with underlay optimization and service chaining. Snort and iptables are SR-unaware services in this situation and accessed via SRv6 dynamic proxy endpoint functions implemented on nodes 6 and 7. IPv6 traffic is generated in site A and sent towards a destination in site B. Node 1 performs the T.Encaps operation on the received traffic. Each packet is encapsulated with an IPv6 header and an SRH containing 5 segments, respectively owned by nodes 4, 6, 5, 7 and 3. The outer IPv6 Destination Address is set to the first segment and the packets are forwarded accordingly. Node 4 performs the End.X function, forwarding the packets on a specific interface towards node 6. Node 6 performs the End.AD function, sending the inner IPv6 packet via 8 (Snort) and restoring the encapsulation on the way back. Node 5 performs the End function, forwarding the packets on the shortest paths towards node 7. Node 7 performs the End.AD function, sending the inner IPv6 packet via 9 (iptables) and restoring the encapsulation on the way back. Node 3 performs the End.DX6, decapsulating and then forwarding each packet on the appropriate interface towards site B. Traffic generator in site B captures and verifies the received traffic.

David Lebrun, Prem Jonnalagadda and Milad Sharif substantially contributed to the content of this document.

TBD

This document does not require any action from IANA.

This document does not introduce any security consideration.