SRv 6 Clarence Filsfils Cisco Fellow cfcisco com

SRv 6 Clarence Filsfils Cisco Fellow - cf@cisco. com

Segment Routing • Source Routing – the topological and service (NFV) path is encoded in the packet header • Scalability – the network fabric does not hold any per-flow state for TE or NFV • Simplicity – automation: TILFA – protocol elimination: LDP, RSVP-TE, NSH… • End-to-End – DC, Metro, WAN © 2014 Cisco and/or its affiliates. All rights reserved. 2

Industry at large backs up SR Strong customer adoption WEB, SP, Enterprise Standardization IETF De-Facto SDN Architecture Multi-vendor Consensus Interop testings © 2014 Cisco and/or its affiliates. All rights reserved. 3

Objective of SRv 6

IPv 6 provides reachability Micro-services Io. T services IP 5 G 4 G Metro/Core Network Legacy DC Next-Gen Data Center x. DSL FTTH 5 G 5 G Cable Source Address Support 5 G growth IPv 6 addresses summarization Destination Address Support container adoption for micro-services IPv 6 © 2014 Cisco and/or its affiliates. All rights reserved. 5

SRv 6 for underlay SRv 6 for Underlay RSVP for FRR/TE Horrendous states scaling in k*N^2 Simplification, FRR, TE, SDN IPv 6 for reach © 2014 Cisco and/or its affiliates. All rights reserved. 6

Opportunity for further simplification NSH for NFV UDP+Vx. LAN Overlay SRv 6 for Underlay Additional Protocol and State Additional Protocol just for tenant ID Simplification, FRR, TE, SDN IPv 6 for reach • Multiplicity of protocols and states hinder network economics © 2014 Cisco and/or its affiliates. All rights reserved. 7

Network Programming

Network instruction Locator Function(arg) Function • 128 -bit SRv 6 SID – Locator: routed to the node performing the function – Function: any possible function (optional argument) either local to NPU or app in VM/Container – Flexible bit-length selection © 2014 Cisco and/or its affiliates. All rights reserved. 9

Network Program in the packet header IPv 6 Header Segment Routing Header IPv 6 Payload Source Address Next Segment Destination Address Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 TCP, UDP, QUIC… © 2014 Cisco and/or its affiliates. All rights reserved. 10

Network Program Next Segment Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Locator 2 Locator 1 Function 2 Locator 3 © 2014 Cisco and/or its affiliates. All rights reserved. Function 3 11

Network Program Next Segment Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Locator 2 Locator 1 Function 2 Locator 3 © 2014 Cisco and/or its affiliates. All rights reserved. Function 3 12

Network Program Next Segment Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Locator 2 Locator 1 Function 2 Locator 3 © 2014 Cisco and/or its affiliates. All rights reserved. Function 3 13

Argument shared between functions Locator 1 Function 1 Argument 1 Locator 2 Function 2 Argument 2 Locator 3 Function 3 Argument 3 “Global” Argument Metadata TLV © 2014 Cisco and/or its affiliates. All rights reserved. 14

Group-Based Policy TAG Locator 1 Function 1 Argument 1 Locator 2 Function 2 Argument 2 Locator 3 Function 3 Argument 3 Metadata TLV © 2014 Cisco and/or its affiliates. All rights reserved. 15

SR Header TAG Segments Left Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Metadata TLV © 2014 Cisco and/or its affiliates. All rights reserved. 16

SRv 6 for anything TAG Segments Left Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Turing Metadata TLV © 2014 Cisco and/or its affiliates. All rights reserved. 17

SRv 6 for anything TAG Segments Left Locator 1 Function 1 Locator 2 Function 2 Locator 3 Function 3 Optimized for HW processing e. g. Underlay & Tenant use-cases Optimized for SW processing e. g. NFV, Container, Micro-Service Metadata TLV © 2014 Cisco and/or its affiliates. All rights reserved. 18

Lead Operators • Standardization • Multi-Vendor Consensus © 2014 Cisco and/or its affiliates. All rights reserved. 19

© 2014 Cisco and/or its affiliates. All rights reserved. 20

SRv 6 for Next-generation Mobile © 2014 Cisco and/or its affiliates. All rights reserved. 21

Use-Cases

SID allocation for illustration purpose • For simplicity • Node K advertises 12 10 prefix AK: : /64 • The function is encoded in the last 64 bits A 1: : /64 2 4 1 7 13 3 11 6 5 A 5: : /64 14 DC WAN © 2014 Cisco and/or its affiliates. All rights reserved. PEER 23

Endpoint • For simplicity • Function 0 denotes 12 10 the most basic function • Shortest-path to A 1: : 0 2 4 1 7 13 the Node 3 11 6 5 A 5: : 0 14 DC WAN © 2014 Cisco and/or its affiliates. All rights reserved. PEER 24

A 1: : 0 and then A 5: : 0 12 10 A 1: : 0 2 4 1 7 13 3 11 6 5 A 5: : 0 14 DC WAN © 2014 Cisco and/or its affiliates. All rights reserved. PEER 25

Endpoint then xconnect to neighbor • For simplicity • AK: : CJ denotes Shortest-path to the Node K and then x-connect (function C) to the neighbor J 12 10 A 1: : C 2 2 4 1 7 13 3 6 5 A 5: : C 7 11 14 DC WAN © 2014 Cisco and/or its affiliates. All rights reserved. PEER 26

A 1: : 0 and then A 5: : C 7 12 10 A 1: : 0 2 4 1 7 13 3 6 5 A 5: : C 7 11 14 DC WAN © 2014 Cisco and/or its affiliates. All rights reserved. PEER 27

TILFA 2 100 4 • 50 msec Protection upon local link, node or SRLG failure • Simple to operate and understand 1 6 – automatically computed by the router’s IGP process 5 A 5: : 0 – 100% coverage across any topology – predictable (backup = postconvergence) • Optimum backup path – leverages the post-convergence path, planned to carry the traffic A 5: : /64 Pri → via 5 FRR → insert A 2: : C 4 – avoid any intermediate flap via alternate path • Incremental deployment • Distributed and Automated Intelligence © 2014 Cisco and/or its affiliates. All rights reserved. 28

INSERT A 2: : C 4 TILFA 2 100 4 A 5: : 0 • 50 msec Protection upon local link, node or SRLG failure • Simple to operate and understand – automatically computed by the router’s IGP process 1 6 A 5: : 0 5 <50 mec FRR – 100% coverage across any topology – predictable (backup = postconvergence) • Optimum backup path – leverages the post-convergence path, planned to carry the traffic – avoid any intermediate flap via alternate path • Incremental deployment • Distributed and Automated Intelligence © 2014 Cisco and/or its affiliates. All rights reserved. 29

Overlay IPv 6 ( T: : 1, V: : 1 ) payload • Simple – Protocol elimination • Automated – No tunnel to configure • Efficient – SRv 6 for everything – Reuse BGP/VPN signaling T/64 3 1 Green Overlay V/64 via A 2: : C 4 IPv 6 ( A 1: : 0, A 2: : C 4 ) IPv 6 ( T: : 1, V: : 1 ) payload 2 IPv 6 ( T: : 1, V: : 1 ) payload 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 30

Overlay with Underlay SLA • SRv 6 does not only eliminate unneeded overlay protocols • SRv 6 solves problems that these protocols cannot solve • Also support IPv 4 and Ethernet VPN’s IPv 6 T/64 ( T 1: : 0, V: : 1 ) payload IPv 6 3 ( A 1: : 0, A 3: : 0 ) 1 SRH { A 3: : 0, A 2: : C 4 } IPv 6 ( A 1: : 0, A 2: : C 4 ) ( T 1: : 0, V: : 1 ) IPv 6 payload SRH { A 3: : 0, A 2: : C 4 } IPv 6 Green Overlay V/64 via A 2: : C 4 with Latency 3 ( T 1: : 0, V: : 1 ) payload 2 IPv 6 ( T 1: : 0, V: : 1 ) payload 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 31

Integrated NFV • Stateless Service Chaining – NSH creates per-chain state in the fabric – SR does not • App is SR aware or not • App can work on IPv 6 or IPv 4 inner packets T/64 IPv 6 ( T 1: : 0, V 2: : 0 ) payload 3 1 IPv 6 Server 3 ( A 1: : 0, A 3: : A 32 ) SRH { A 3: : A 32, A 4: : 0, A 5: : A 76, A 2: : C 4 } IPv 6 ( T 1: : 0, V 2: : 0 ) 3 App 32 Container 4 Server 5 payload 5 App 76 VM 2 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 32

T/64 Integrated NFV 3 1 • Integrated SLA IPv 6 Server 3 ( A 1: : 0, A 4: : 0 ) SRH { A 3: : A 32, A 4: : 0, A 5: : A 76, A 2: : C 4 } IPv 6 ( T 1: : 0, V 2: : 0 ) 3 App 32 Container 4 Server 5 payload 5 App 76 VM 2 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 33

T/64 Integrated NFV • Stateless Service Chaining – NSH creates per-chain state in the fabric – SR does not • App is SR aware or not • App can work on IPv 6 or IPv 4 inner packets 3 1 IPv 6 Server 3 ( A 1: : 0, A 5: : A 76 ) SRH { A 3: : A 32, A 4: : 0, A 5: : A 76, A 2: : C 4 } IPv 6 ( T 1: : 0, V 2: : 0 ) 3 App 32 Container 4 Server 5 payload 5 App 76 VM 2 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 34

T/64 Integrated NFV 3 1 • Integrated with Overlay Server 3 ( A 1: : 0, A 2: : C 4 ) IPv 6 SRH { A 3: : A 32, A 4: : 0, A 5: : A 76, A 2: : C 4 } IPv 6 ( T 1: : 0, V 2: : 0 ) 3 4 Server 5 payload IPv 6 ( T 1: : 0, V 2: : 0 ) payload App 32 Container 5 App 76 VM 2 4 V/64 © 2014 Cisco and/or its affiliates. All rights reserved. 35

More use-cases • 6 CN: enhancing IP to search for Content • 6 LB: enhancing load-balancers – Better flow stickiness and load distribution • Video Pipeline • 5 G Slicing • 5 G Ultra-Low Latency © 2014 Cisco and/or its affiliates. All rights reserved. 36

Implementations • Cisco HW – NCS 5 k - XR – ASR 9 k - XR – ASR 1 k – XE • Open-Source – Linux 4. 10 – FD. IO • Barefoot HW © 2014 Cisco and/or its affiliates. All rights reserved. 37

• VPN (v 4 and v 6) & TE & NFV • Cisco HW with XR and XE • Barefoot HW with P 4 code • FD. IO blogs. cisco. com/sp/segment-routing-ipv 6 -interoperability-demo-is-already-there • Linux © 2014 Cisco and/or its affiliates. All rights reserved. 38

Deployments • Comcast – Efficient transport of video traffic • Others © 2014 Cisco and/or its affiliates. All rights reserved. 39

Conclusion

Segment Routing • Strong industry support • Fantastic deployment rate • Bold architecture: network programming • Numerous use-cases • Feel free to join the lead-operator team! © 2014 Cisco and/or its affiliates. All rights reserved. 41

Stay Up-To-Date amzn. com/B 01 I 58 LSUO segment-routing. net linkedin. com/groups/8266623 twitter. com/Segment. Routing facebook. com/Segment. Routing/ © 2014 Cisco and/or its affiliates. All rights reserved. 42

Thank you

Appendix

Other use-cases

Spray Policy 1: <A 2: : 0, A 4: : 0, M 1, DD: : > CMTS 4 4 Spray Policy 2: <A 3: : 0, A 5: : 0, M 1, DD: : > Content Provider VPP 1 B: : 1 Unicasted 2 3 Replicate traffic to every CMTS through TE-Engineered core path then to access mcast tree then to anycast TV Peering to Content Provider WIFI TV-1 DD: : GW 2 C: : 2 WIFI TV-2 DD: : GW 3 C: : 3 WIFI TV-3 DD: : GW 4 C: : 4 WIFI TV-4 DD: : GW 5 C: : 5 WIFI TV-5 DD: : CMTS 5 5 SRv 6 domain (Unicast) SRv 6 node GW 1 C: : 1 Multicast domain Non SRv 6 node Anycast Subscribed to M 1 channel Flexible, SLA-enabled and Efficient content injection without multicast core © 2014 Cisco and/or its affiliates. All rights reserved. 46

SRH Processing

Source Node 2 A 2: : IPv 6 Hdr SA = A 1: : , DA = A 2: : SR Hdr ( A 4: : , A 3: : , A 2: : ) SL=2 3 A 3: : 4 A 4: : IPv 6 Hdr Payload SR Hdr • 1 A 1: : Version Traffic Class Payload Length Flow Label Next = 43 Hop Limit Source Address = A 1: : Destination Address = A 2: : Next Header Len= 6 First = 2 Flags Type = 4 SL = 2 TAG Segment List [ 0 ] = A 4: : Segment List [ 1 ] = A 3: : Segment List [ 2 ] = A 2: : Payload © 2014 Cisco and/or its affiliates. All rights reserved. 48

Non-SR Transit Node 1 A 1: : 2 A 2: : IPv 6 Hdr SA = A 1: : , DA = A 2: : SR Hdr ( A 4: : , A 3: : , A 2: : ) SL=2 3 A 3: : 4 A 4: : Payload • Plain IPv 6 forwarding • Solely based on IPv 6 DA • No SRH inspection or update © 2014 Cisco and/or its affiliates. All rights reserved. 49

SR Segment Endpoints • SR Endpoints: SR-capable nodes whose A A 1: : 2 A 2: : address is in the IP DA IPv 6 Hdr 3 A 3: : 4 A 4: : SA = A 1: : , DA = A 3: : SR Hdr ( A 4: : , A 3: : , A 2: : ) SL=1 Payload • SR Endpoints inspect the SRH and do: – IF Segments Left > 0, THEN > Forward according to the new IP DA SR Hdr > Update DA with Segment List [ Segments Left ] IPv 6 Hdr > Decrement Segments Left ( -1 ) Version Traffic Class Payload Length Flow Label Next = 43 Hop Limit Source Address = A 1: : Destination Address = A 3: : Next Header Len= 6 First = 2 Flags Type = 4 SL = 1 TAG Segment List [ 0 ] = A 4: : Segment List [ 1 ] = A 3: : Segment List [ 2 ] = A 2: : Payload © 2014 Cisco and/or its affiliates. All rights reserved. 50

SR Segment Endpoints • SR Endpoints: SR-capable nodes whose 1 A 1: : 2 A 2: : address is in the IP DA 3 A 3: : IPv 6 Hdr 4 A 4: : SA = A 1: : , DA = A 4: : SR Hdr ( A 4: : , A 3: : , A 2: : ) SL=0 Payload • SR Endpoints inspect the SRH and do: – IF Segments Left > 0, THEN > Forward according to the new IP DA – ELSE (Segments Left = 0) > Remove the IP and SR header > Process the payload: • Inner IP: Lookup DA and forward • TCP / UDP: Send to socket • … Standard IPv 6 processing The final destination does not have to be SR-capable. SR Hdr > Update DA with Segment List [ Segments Left ] IPv 6 Hdr > Decrement Segments Left ( -1 ) Version Traffic Class Payload Length Flow Label Next = 43 Hop Limit Source Address = A 1: : Destination Address = A 4: : Next Header Len= 6 First = 2 Flags Type = 4 SL = 0 TAG Segment List [ 0 ] = A 4: : Segment List [ 1 ] = A 3: : Segment List [ 2 ] = A 2: : Payload © 2014 Cisco and/or its affiliates. All rights reserved. 51

Some obvious SID functions

Segment format Locator Function 1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : 8888 • SRv 6 SIDs are 128 -bit addresses – Locator: most significant bits are used to route the segment to its parent node – Function: least significant bits identify the action to be performed on the parent node > Argument [optional]: Last bits can be used as a local function argument • Flexible bit-length allocation – Segment format is local knowledge on the parent node • SIDs have to be specifically enabled as such on their parent node – A local address is not by default a local SID – A local SID does not have to be associated with an interface © 2014 Cisco and/or its affiliates. All rights reserved. 53

END – Default endpoint • Default endpoint behavior (node segment) – Decrement Segments Left, update DA – Forward according to new DA • Node 2 advertises prefix A 2: : /64 (A 2: : /64 is the SID locator) – Packets are forwarded to node 2 along the default routes (shortest path) • On 2, the default endpoint behavior is associated with ID 0 (0 is the function) • The SID corresponding to the default endpoint behavior on node 2 is A 2: : 0 IPv 6 Hdr SA = A 1: : , DA = A 2: : 0 SR Hdr (…, A 3: : , A 2: : 0, …) SL=k Payload 2 A 2: : /64 3 IPv 6 Hdr SA = A 1: : , DA = A 3: : SR Hdr (…, A 3: : , A 2: : 0, …) SL=k-1 Payload © 2014 Cisco and/or its affiliates. All rights reserved. 54

END. X – Endpoint then Xconnect • Endpoint xconnect behavior (adjacency segment) – Decrement Segments Left, update DA – Forward on the interface associated with the Xconnect segment • Node 3 advertises prefix A 3: : /64 – Packets are forwarded to node 3 along the default routes (shortest path) • On 3, the endpoint xconnect behavior for link 1 is associated with ID C 1 • The SID corresponding to endpoint xconnect-1 behavior on node 3 is A 3: : C 1 IPv 6 Hdr SA = A 1: : , DA = A 4: : SR Hdr (…, A 4: : , A 3: : C 1, …) SL=k-1 Payload IPv 6 Hdr SA = A 1: : , DA = A 3: : C 1 SR Hdr (…, A 4: : , A 3: : C 1, …) SL=k Payload 1 4 3 A 3: : /64 2 © 2014 Cisco and/or its affiliates. All rights reserved. 55

END. B 6. ENCAPS – IPv 6 Binding Segment (encap) • IPv 6 binding segment – Decrement Segments Left, update DA – Push outer IP and SR headers associated with the binding segment – Forward according to outer header DA (first segment of the new SRH) • Node 4 advertises prefix A 4: : /64 • The SR encaps policy (SA = A 4: : , SL = 〈 S 1, S 2, S 3 〉) is associated with ID 10 • The corresponding binding SID is A 4: : 10 IPv 6 Hdr SA = A 1: : , DA = A 4: : 10 SR Hdr (…, A 5: : , A 4: : 10, …) SL=k Payload 4 A 4: : /64 SA = A 4: : , DA = S 1 SR Hdr (S 3, S 2, S 1) SL=2 IPv 6 Hdr SA = A 1: : , DA = A 5: : SR Hdr (…, A 5: : , A 4: : 10, … ) SL=k-1 Payload © 2014 Cisco and/or its affiliates. All rights reserved. 56

END. B 6 – IPv 6 Binding Segment (insert) • IPv 6 binding segment – Do not decrement Segments Left – Push outer SR header associated with the binding segment – Update DA with the first segment of the outer SR header – Forward according to outer header DA (first segment of the new SRH) • Node 4 advertises prefix A 4: : /64 • On 4, the SR insert policy 〈 S 1, S 2, S 3 〉 is associated with ID 20 • The corresponding binding SID is A 4: : 20 IPv 6 Hdr SA = A 1: : , DA = A 4: : 20 SR Hdr (…, A 5: : , A 4: : 20, …) SL=k Payload IPv 6 Hdr SA = A 1: : , DA = S 1 4 SR Hdr ( S 3, S 2, S 1 ) SL=2 A 4: : /64 SR Hdr (…, A 5: : , A 4: : 20, …) SL=k Payload © 2014 Cisco and/or its affiliates. All rights reserved. 57

END. BM – MPLS Binding Segment • MPLS binding segment – Decrement Segments Left – Push outer MPLS label stack associated with the binding segment – Forward according to the top MPLS label • Node 4 advertises prefix A 4: : /64 • On 4, the MPLS SR policy <L 1, L 2, L 3> is associated with ID 30 • The corresponding binding SID is A 4: : 30 IPv 6 Hdr SA = A 1: : , DA = A 4: : 30 SR Hdr (…, A 5: : , A 4: : 30, …) SL=k Payload 4 A 4: : /64 MPLS { L 1, L 2, L 3 } IPv 6 Hdr SA = A 1: : , DA = A 5: : SR Hdr (…, A 5: : , A 4: : 30, …) SL=k-1 Payload © 2014 Cisco and/or its affiliates. All rights reserved. 58

END. PSP – Penultimate Segment Popping • Penultimate Segment Popping (PSP) behavior – Decrement Segments Left, update DA – If Segments Left = 0, remove SRH – Forward according to new DA • Node 5 advertises prefix A 5: : /64 • On 5, the Penultimate Segment Popping behavior is associated with ID 1 • The corresponding SID is A 5: : 1 IPv 6 Hdr SA = A 1: : , DA = A 5: : 1 SR Hdr ( A 6: : , A 5: : 1, … ) SL=1 5 SR Hdr ( …, A 7: : , … ) SL=k A 5: : /64 Payload IPv 6 Hdr SA = A 1: : , DA = A 6: : SR Hdr ( …, A 7: : , … ) SL=k Payload © 2014 Cisco and/or its affiliates. All rights reserved. 60

END. USP – Ultimate Segment Popping • Ultimate Segment Popping (USP) behavior – If Segments Left = 0 > Pop the top SRH > Restart the END function processing on the modified packet • Decrement Segments Left, update DA • Forward according to new DA • Node 6 advertises prefix A 6: : /64 • A 6: : is the last segment in the top SRH IPv 6 Hdr SA = A 1: : , DA = A 6: : SR Hdr ( A 6: : , … ) SL=0 6 SR Hdr ( …, A 8: : , A 7: : , … ) SL=k A 6: : /64 Payload IPv 6 Hdr SA = A 1: : , DA = A 8: : SR Hdr (…, A 8: : , A 7: : , …) SL=k-1 Payload © 2014 Cisco and/or its affiliates. All rights reserved. 61

SID Function – Anything • SID functions are locally defined on their parent node – They can do anything… SR Hdr • An SR header contains a network program Next Header Len= 6 First = 2 Flags Type = 4 SL = 2 TAG Function 3 Args Segment List [ 0 ] Function 2 Args Segment List [ 1 ] Function 1 Segment List [ 2 ] Global arguments TLVs © 2014 Cisco and/or its affiliates. All rights reserved. 62

IPv 6 Segment Routing L 3 VPN and VNF chanining

SRv 6 Interoperability Demonstration ASR 9 k 2 T. ENCAP ASR 1 k Site A ASR 1 k 1 NCS 5500 5 4 srext END. DX 6 6 END. A S 9 Site B END. X 8 3 END. A S 7

L 3 VPN with SRv 6 BGP installs Prefix into RIB Prefix: 6001: : /64 VPN SID: 2001: 0: 0: 3: 1: : i. BGP-VPNv 6 BGP Signaling VPN SID Session: BGP VPNv 6 Prefix: 6001: : /64 NH: 2001: 0: 0: 3: : 1 VPN SID: 2001: 0: 0: 3: 1: : Locator 2 Lo 0 2001: 0: 0: 1: : 1 Site A END. DX 6 - 2001: 0: 0: 3: 1: : VRF: Enterprise 100 1 3 Site B SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 3: 1: : NH: IPv 6 SA: 4001: : 1 DA: 6001: : 1 NH: UDP UDP Header/Data Best Effort Traffic Function

SRv 6 VNF Chaining Site A SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 5: 58: : NH: IPv 6 Type: 4(SRH) NH: IPv 6|SL: 4 Segment List: [0]: 2001: 0: 0: 3: 1: : [1]: 2001: 0: 0: 6: a: : [2]: 2001: 0: 0: 4: : [3]: 2001: 0: 0: 8: a: : [4]: 2001: 0: 0: 5: 58: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data 1 3 Site B 5 END. DX 6 2001: 0: 0: 3: 1: : 4 END. X 2001: 0: 0: 5: 58: : END 2001: 0: 0: 4: : 8 END. AS 2001: 0: 0: 8: a: : 6 snort 9 END. AS 2001: 0: 0: 6: a: : iptables 7

VNF Chaining ASR 1 k Site A SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 8: a: : NH: IPv 6 Type: 4(SRH) NH: IPv 6|SL: 3 Segment List: [0]: 2001: 0: 0: 3: 1: : [1]: 2001: 0: 0: 6: a: : [2]: 2001: 0: 0: 4: : [3]: 2001: 0: 0: 8: a: : [4]: 2001: 0: 0: 5: 58: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP 6 END. AS 2001: 0: 0: 6: a: : iptables 7

VNF Chaining ASR 1 k Site A 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP 6 END. AS 2001: 0: 0: 6: a: : iptables 7

VNF Chaining ASR 1 k Site A SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 4: : NH: IPv 6 Type: 4(SRH) NH: IPv 6|SL: 2 Segment List: [0]: 2001: 0: 0: 3: 1: : [1]: 2001: 0: 0: 6: a: : [2]: 2001: 0: 0: 4: : [3]: 2001: 0: 0: 8: a: : [4]: 2001: 0: 0: 5: 58: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP 6 END. AS 2001: 0: 0: 6: a: : iptables 7

VNF Chaining ASR 1 k Site A 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP Type: 4(SRH) NH: IPv 6|SL: 1 Segment List: 6 END. AS 2001: 0: 0: 6: a: : iptables 7 SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 6: a: : NH: IPv 6 [0]: 2001: 0: 0: 3: 1: : [1]: 2001: 0: 0: 6: a: : [2]: 2001: 0: 0: 4: : [3]: 2001: 0: 0: 8: a: : [4]: 2001: 0: 0: 5: 58: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data

VNF Chaining ASR 1 k Site A 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP 6 END. AS 2001: 0: 0: 6: a: : iptables 7 SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data

VNF Chaining ASR 1 k Site A 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP Type: 4(SRH) NH: IPv 6|SL: 0 Segment List: 6 END. AS 2001: 0: 0: 6: a: : iptables 7 SA: 2001: 0: 0: 1: : 1 DA: 2001: 0: 0: 3: 1: : NH: IPv 6 [0]: 2001: 0: 0: 3: 1: : [1]: 2001: 0: 0: 6: a: : [2]: 2001: 0: 0: 4: : [3]: 2001: 0: 0: 8: a: : [4]: 2001: 0: 0: 5: 58: : SA: 4001: : 1 DA: 7001: : 1 NH: UDP Header/Data

VNF Chaining ASR 1 k Site A 1 ASR 1 k NCS 5500 5 END. X 2001: 0: 0: 5: 58: : 8 END. AS 2001: 0: 0: 8: a: : Site B END. DX 6 2001: 0: 0: 3: 1: : 4 Linux srext snort 9 3 END 2001: 0: 0: 4: : VPP 6 SA: 4001: : 1 DA: 7001: : 1 NH: UDP END. AS 2001: 0: 0: 6: a: : iptables 7 UDP Header/Data

We Demonstrated • L 3 VPN and VNF chaining • SRv 6 Hardware based forwarding • • ASR 1000, Cisco ASR 9000, Cisco NCS 5500, Cisco SRv 6 Software based forwarding • • VPP fd. io Linux srext © 2014 Cisco and/or its affiliates. All rights reserved. 74

Stay Up-To-Date http: //www. segment-routing. net/ https: //www. linkedin. com/groups/8266623 https: //twitter. com/Segment. Routing https: //www. facebook. com/Segment. Routing/ Segment Routing, Part I - Textbook

Thank you