Understanding SRv6 Network Programming in IS-IS Networks
Benefits of SRv6 Network Programming
SRv6 Network Programming provides the following benefits in an IPv6 network:
Network Programming depends entirely on the IPv6 header and the header extension to transport a packet, eliminating protocols such as MPLS. This ensures a seamless deployment without any major hardware or software upgrade in a core IPv6 network.
IPv4 packets can be transported through an SRv6 ingress node even if the transit routers are not SRv6-capable, thereby eliminating the need to deploy segment routing on all nodes in an IPv6 network.
Junos OS supports multiple functions on a single SID and can inter-operate in the insert mode and the encapsulation mode. This allows a single device to simultaneously perform the provider (P) router and the provider edge (PE) router roles.
SRv6 Networking Programming Overview
Network Programming is the capability of a network to encode a network program into individual instructions that are then inserted into the IPv6 packet headers. The IPv6 packet carrying the network instructions explicitly tells the network about the precise SRv6 nodes available for packet processing. The network instruction is the SRv6 segment identifier (SID) that is represented by a 128-bit IPv6 address. The IS-IS protocol encodes the network instructions in IPv6 packet headers and distributes them through the network. Along with the addressing, network instructions define a particular task or function for each SRv6-capable node in the SRv6 network.
Starting in Junos OS Release 20.3R1, you can configure segment routing in a core IPv6 network without an MPLS data plane on MX Series devices with MPC7E, MPC8E and MPC9E line cards.
This feature is useful for service providers whose networks are predominantly IPv6 and have not deployed MPLS. Such networks depend only on IPv6 headers and header extensions for transmitting data. This feature also benefits networks that need to deploy segment routing traffic through transit routers that do not have segment routing capability yet. In such networks, the SRv6 network programming feature can provide flexibility to leverage segment routing without deploying MPLS.
What is a Segment Routing Extension Header (SRH)?
A Segment Identifier represents a specific segment in a segment routing domain. In an IPv6 network, the SID-type used is a 128-bit IPv6 address also referenced as SRv6 Segment or SRv6 SID. SRv6 stacks up these IPv6 addresses instead of MPLS labels in a segment routing extension header. Segment Routing Extension Header (SRH) is a type of IPv6 routing extension header. Typically, the SRH contains a segment list encoded as an SRv6 SID. An SRv6 SID consists of the following parts:
Locator— Locator is the first part of a SID that consists of the most significant bits representing the address of a particular SRv6 node. The locator is very similar to a network address that provides a route to its parent node. The IS-IS protocol installs the locator route in the inet6.0 routing table. IS-IS routes the segment to its parent node, which subsequently performs a function defined in the other part of the SRv6 SID. You can also specify the algorithm associated with this locator. You can define a flexible algorithm as per your network requirements.
Function—The other part of the SID defines a function that is performed locally on the node that is specified by the locator. There are several functions that have already been defined in the Internet draft draft-ietf-spring-srv6-network-programming-07draft, SRv6 Network Programming. However, we have implemented the following functions that are signalled in IS-IS. IS-IS installs these function SIDs in the inet6.0 routing table.
End— An endpoint function for SRv6 instantiation of a Prefix SID. It does not allow for decapsulation of an outer header for the removal of an SRH. Therefore, an End SID cannot be the last SID of a SID list and cannot be the Destination Address (DA) of a packet without an SRH (unless combined with the PSP, USP or USD flavors).
End.X— An endpoint X function is an SRv6 instantiation of an adjacent SID. It is a variant of the endpoint function with Layer 3 cross-connect to an array of Layer 3 adjacencies.
You can specify End SID behavior such as Penultimate Segment Pop (PSP), Ultimate Segment Pop (USP) or Ultimate Segment Decapsulation (USD).
PSP— When the last SID is written in the destination address, the End and End.X functions with the PSP flavor pop the top-most SRH. Subsequent stacked SRHs may be present but are not processed as part of the function.
USP— When the next header is SRH and there are no more segments left, the IS-IS protocol pops the top SRH, looks up the updated destination address and forwards the packet based on match table entry.
USD— When the next Header in the packet is 41 or is SRH and there are no more segments left, IS-IS pops the outer IPv6 header and its extension headers, looks up the exposed inner IP destination address and forwards the packet to the matched table entry.
The size of the locator and function is flexible and you can customize the size per your requirements. You must configure the locator before you define the functions. Each locator can advertise multiple end SIDs and end.X SIDs associated with it. Ensure that the locator and SIDs belong to the same subnet to avoid commit error.
For example, you can have an SRv6 SID where 2019:AC05:FF01:FF01: is the locator and A000:B000:C000:A000 is the function:
Table 1: 128-bit SRv6 SID
Flexible Algorithm for SRv6 Dataplane
In a core IPv6 domain configured with segment routing you can define flexible algorithms that compute paths using different parameters and link constraints based on your requirements. For example, you can define a flexible algorithm that computes a path to minimize the IGP metric and define another flexible algorithm to compute a path based on the traffic engineering metric to divide the network into separate planes. You can configure the flexible algorithm locators to steer packets along the constraint-based paths in an SRv6 domain.
To configure a flexible algorithm for SRv6, see How to Configure Flexible Algorithms in IS-IS for Segment Routing Traffic Engineering
To advertise the flexible algorithm mapped to the locator, include the algorithm option at the [edit protocols isis segment-packet-routing srv6 locator] hierarchy level. The mapped flexible algorithm is applied to End SIDs and End-X-SID under SRv6 locators.
If a node is participating in a specific flexible algorithm it would apply to both SR MPLS and SRv6 nodes. You cannot define flexible algorithms specifically for either SR MPLS or SRv6.
For ingress traffic, Junos OS uses the encapsulation mode by default. Therefore the destination needs to have USD capable SIDs. Other SRH anchor nodes in the flexible algorithm path can be of any flavor.
For transit traffic in the insert mode, the last anchor node for the flexible algorithm path must have a PSP-capable SID. In the absence of the PSP-capable SID, IS-IS does not download a path through that anchor node. In such cases, IS-IS downloads other ECMP paths with the appropriate flavored SIDs.
TI-LFA for SRv6
Topology Independent- Loop Free Alternate (TI-LFA) establishes a Fast Reroute (FRR) path that is aligned to a post-convergence path. An SRv6-capable node inserts a single segment into the IPv6 header or multiple segments into the SRH. Multiple SRHs can significantly raise the encapsulation overhead that can sometimes be more than the actual packet payload. Therefore, by default, Junos OS supports SRv6 tunnel encapsulation with reduced SRH. The point-of-local repair (PLR) adds the FRR path information to the SRH containing the SRv6 SIDs.
The TI-LFA backup path is represented as a group of SRv6 SIDs inside an SRH. At the ingress router, IS-IS encapsulates the SRH in a fresh IPv6 header. However, at transit routers, IS-IS inserts the SRH into the data traffic in the following manner:
Insert Mode— IS-IS inserts an SRH as the next header in the original IPv6 packet header and modifies the next header according to the value of the SRH. The IPv6 destination address is replaced with the IPv6 address of the first SID in the segment list and the original IPv6 destination address is carried in the SRH header as the last segment in the list. To enable the insert mode at transit routers, include the transit-srh-insert statement at the [edit protocols isis source-packet-routing srv6] hierarchy level.
Encap Mode— In the encap mode, the original IPv6 packet is encapsulated and transported as the inner packet of an IPv6-in-IPv6 encapsulated packet. The outer IPv6 packet carries the SRH with the segment list. The original IPv6 packet travels unmodified in the network. By default, Junos OS supports SRv6 tunnel encapsulation in reduced SRH. However, you can choose one of the following tunnel encapsulation methods:
Reduced SRH— With the reduced SRH mode, because there is only one SID, there is no SRH added and the last SID is copied into the IPV6 destination address. You cannot preserve the entire SID list in the SRH with a reduced SRH.
Non-reduced SRH— You can configure the tunnel encapsulation mode and might still want to preserve the entire SID list in the SRH.
Fate-sharing configuration is currently not supported in IPv6 only networks. Also, SRv6 TI-LFA does not take Shared Risk Link Group (SRLG) into consideration when computing backup paths. For more information on TI-LFA, see Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.
Supported and Unsupported Features for SRv6 Network Programming in IS-IS
SRv6 Network Programming in IS-IS Networks currently supports::
Core IPv6 and dual stack. IPv4 and IPv6 transport is supported for dual stack.
IPv4 and IPv6 payloads.
Upto 6 SIDs in reduced mode at ingress router.
Upto 7 SIDs in transit routers.
SRv6 Network Programming in IS-IS Networks currently does not support:
Anycast for locator prefix.
Shared Risk Link Group (SRLG) when computing backup paths.
Static SRv6 tunnel with segment lists.
ICMP error handling.
SR-TE policy configuration for SRv6 Tunnel.
Conflict resolution for Flexible Algorithm locators. Multiple nodes sharing the same locator prefix with different algorithm values could result in unexpected routing behavior.
Interface group for End-X-SID.
Configuring normal and extended admin-groups for IPv6 networks without MPLS, which is only allowed at [edit protocols mpls] hierarchy level.