 Okay, so good afternoon everyone last talk of today, and then you can go for beers So this is my colleague Ahmed. He's a PhD student from Italy and I'm a software engineer at Cisco working in the segment routing architecture team and Today I'm here to talk about segment routing Which is something quite different from all the talks that we've been seeing today Because all of them were focusing on different platforms and this one what is focusing is on the actual protocols on the network actually on SP networks So what I'll try to do is give you a brief overview of segment routing the deployment use cases and then Talk a bit about BBP Linux and Sarah which which you will see later what what it actually is So what is segment routing? The idea behind signal routing is that we actually leverage the parting of source routing So what does this mean that instead of programming all the routers in the network? What we are actually doing is that on the head end we are actually adding the list of segments That a packet has to traverse through the network So what this means is that if I want to go from Madrid to? Amsterdam by a Brussels what I just need to do is when my package is out for Madrid I just add one little segment that is saying Brussels and then Amsterdam and the package will follow the shortest path to Brussels and then it will go to Amsterdam That's simple and this is actually really a scalable because what this means is that you can implement any traffic engineering policy that you want and you can actually put this together with any NFV deployment that you want and Actually one of the main benefits is that we can have policies end to end so starting from the data center and For him going traversing the entire networks through the metro on one So we have two data plane instantiations one of them is MPLS and the other one is IPv6 So in MPLS what we are just doing is one segment is one MPLS label and that's it The second instantiation is IPv6. So in IPv6 what we are doing is we are using an IPv6 routing extension How which it was defined? 15 years ago, and we have one segment is one IPv6 address and That's it. So the one I'm going to focus here today is on SRV6. So it's the IPv6 instantiation of segment routing So IPv6 adoption is a reality. This is a no-brainer. I can skip it But what is interesting about IPv6 is that it's providing us with stability and this is changing the way that Spies are building up their actual network because before they would have their MPLS core network Then they would have the legacy data center Then would have the access network and now with IPv6 what you get is reachability from one end to the other end so What is the cool thing of what we are trying to achieve with SRV6? Well, what we want to do is okay Let's use the SRV6 for the underlay IPv6 is given as reachability now You want to be given traffic engineering or first of all techniques? Well, what did you do? Would you use RSVP? Okay, I don't know if you know a bit about it, but it actually is case really really bad So let's use instead of segment routing But we can go even farther because what would you do if you want to if you want to build an overlay What do you use? UDP and BXLAN? Okay, that's we are adding UDP and BXLAN two additional protocols I think for memories 12 bytes of information just to convey a tenant ID We believe this is stupid. We can include actually our overlay in the segment routing policy itself and Then we have NFB Well, it's people doing today for an FB They're actually doing an SH and SH is an additional protocol that has a state for every chain And we actually believe that we can remove it. So we can also use the SRV6 here And so what is this concept of? SRV6 network programming so well what I we actually want to do is to Have the network behaving as an actual computer So our segments which before was saying that it was 120 bits will be a spirit in between locator and function So the locator it will be just a first part of the address and it will give us routing up to a given device in the network And then when we get to that device what we are doing is we are executing that given function And this function can be anything it can be MPU related. So we're related to the IP fabric like to a cross-connect or That's it sort of spattered to X and then do cross-connect or it can be something very Intensive like container a VM, etc. I'm very mad that there's flexible bit selection And actually if you look at any programming language where you have the functions, but then of course you also have arguments So these seed these segments can also have an argument part of it And all these there is a flexible bit selection that you can put here And so what we are doing is where we are actually a network program is just going to be a list of segments at What we are doing going to do is just go through the network go first to locator one execute function one Then we are going to go to locator to an execute function to and then we are going to locator three And we are going to execute the function three. So it's kind of simple and straightforward So if we look at an IP packet Well, what we are seeing is that we would have our IPv6 header and within this IPv6 header We have an extension header that is going to be the segment routing header And we are just going to have our list of segments and we are just going to have the active segment copied into the actual destination errors And then we will have the IPv6 payload as it would be expected So this segment routing header, what does it have? It has the actual list of segments But then it also has some more things. It has global arguments Let's say we want to give performance information security Location information. So we have this metadata that we can add Then we also have on the other hand, we have a tag that is going to be used for group-based policies and If you look These were simple structure that is just attack the segment left point into the active segment and this metadata is exactly What we have defined on the ITF So it's very simple So what is a segment routing? What is a seed? What is a segment? What is the function that we are executing? so The most easy and a straightforward example go through the ECMP or shortest path up to a given node in the network So let's say I'm on a one and I want to go through the shortest path up to a four And then I want to go through the shortest path up to a six So then I just have to add into my packet a signal routing Header with the segments a four a six and a eight and that's it But let's say that now I want to cross this link over here that has a extremely high metric So then what I do is instead of the end function I would just I would just do the endpoint with cross-connect to neighbor function So then what I have is that my first segment is going to be a for conchromacy five Which is going to mean go to the node a four and then do a cross-connect to the neighbor five and that's it So what we are doing is really from the source We just add a list of segments and the packet is going to follow that through the network So I want to give you a brief overview of what are our deployment use cases so We have a bunch of deployment use cases related with traffic engineering and we often have been deploying in SRM PLS We have a lot of customers for SRM PLS that have deployed and they're extremely happy and the main Deployment use cases. Well, the first one is TLFA So TLFA what it is is a fast route mechanism that in a sense is really cool because what it's doing is that the the actual repair is following the post-convergence path and it actually works in Any topology so actually TLFA stands from topology independent loop free alternates So in a sense the way this works is that in case you have for example a flow from one to up to node five Then there is this low there's this node six in between and what he's going to know is okay So my primary path towards a five is just going to be bad this straight link that in case there is a failure in This link what I have to do is just insert a segment a two column C4 So then now let's say that there is a failure in the network in this link And so what is actually going to happen is that a five is just going to insert in all the traffic this segment a Two column C4 that what it's going to do is it's going to route the traffic up to the node two And then it's going to do a cross-connect and This faster route mechanism is active as long as the IGP hasn't reconverged But you can see that once the IGP reconverged the traffic will actually follow that path So that's a really good use case and then the other use case that all the service providers have deployed is in a sense Centralized T so you have an SDN controller that is computing has visibility of all the network and what it's going to do Is that in case that I have an application on 12th and he says okay I want to go up to seven give me a low latency path So this SDN controller is going to compute a path and he's just going to return the list of segments And then 12 he's just going to add that list of segments And as simple as that it can cross several different domains and we can well We have all the input that is standard things that are there BGP less telemetry All the policies are PCP T net convianc and all the algorithms that are segment routing native algorithms that we actually develop But all of this is completely standardized But now with SRV6 we can do some things which are a bit more interesting So we can do the overlays. So let's say that they have a Green customer And I want to build a green overlay. So what actually what is going to happen is that two is going to advertise Okay, I have a neighbor vs last 64 and it's reachable by a two column column C4 So now I'm on the node one and I receive traffic for my neighbor three that is testing Towards this neighbor vs last 64 So what one is going to do is he's just going to encapsulate it and he's just going to add the segment that was advertised a two column column C4 And the traffic will reach to two and then it will be decapsulated and sent towards four Now But what I said at the beginning is that we cannot only do overlays that we can do also overlays with underlay control because what we want to do is eliminate all the Protocols from the network which are not necessary like RSVP So let's say that in this case our neighbor two is just advertising Then the green tenant vs last 64 by a two concom c4 But with a given latency contract an ESLA contract So then in this case what is going to happen is that the node one is going to add It's going to encapsulate the packet and it's going to add two segments So the first segment is just going to be a segment to do trafficking in airing in the network so in order to achieve that low latency objective and then I'm just going to have my cross-connect segment through it's my customer vs last 64 and And in the same way I can also have integrated NFP and the good thing about signal routing is that well as opposed to NSH We are not creating any per shame in this fabric and We have actually developed some mechanisms such that the applications can be signal routing a world note and we can actually do IPv4 IPv6 and layer 2 traffic So let's give it the same example that we had before but in this case We want to have a low latency and a survey chain that is going through two appliances on the server three and server five So what is going to happen is that my note one is going to add simply two more segments into the signal routing header And these two segments are going to be a three column from a 32 Which is just going to be an application a container running in that server Then I'm going to have a segment a four Which is just going to be for traffic engineering in the network And then just going to have another segment for going through another server And then the final segment that is doing the my Decapsulation and cross-connect and as simple as that I can build my NFP all together integrated with the overlay and the underlay and Is as simple as that? So Survey chain Well, what I mentioned is there are two types of NFVs We can actually have segment routing aware NFVs, and we can have segment routing unaware So for the segment routing aware NFVs what we have done is we have added support into the Linux kernel So we have just had a support in the Linux in order to create the smart applications And one of the examples is Sarah that Amity is going to talk in five minutes about it And then for the segment watching and aware BNS what we have done is we have leveraged BVP as a BMO container be switched to do This segment routing processing So starting by BVP Well, I think we had plenty of introductions about BVP But what I would like to mention is that we have entire we have developed our entire ITF drafts on SRB 6 on BVP which is available open source and in the specific case of For doing survey chaining what we have done is we have developed three different segment routing functionalities such that what we can do is well when I have traffic for example coming And I have BVP running and I have for example to BNS running in containers I actually remove here the segment routing header I send it to my container and then when the traffic is back I add back the segment routing header with my list of segments So that's pretty stupid, but it actually works with all the appliances that are not segment routing aware and then On BVP what we have actually done also for in the context of BNS and survey chaining is we have done an SRB 6 Locacy development kit that we call it That in essence what we are giving you is a complete template such that in case that you want to develop any SRB 6 functionality you only need to write a few lines of code So we are giving you a BVP graph node We are we are doing the segment routing header processing And in essence what you need to do is just type into there the lines of code That you want to do into all of your packets But you don't have to take care of anything Handling the feed all these things you don't need to take care of it. We do it for you. So it's just really feeling like Very few lines of code and I think literally there is one line saying insert code here Like it's really really simple So Then linux Um So i'm gonna cover the the implementation or the support of srv6 in the linux kernel Okay, we agree that srv6 is cool and we can use it in many stuff So first srv6 was supported in linux 4.10 Which was released in february 2017 The first the first release or the first support in the linux kernel support the basic operation Which is end Which basically means read the segment routing header Update the destination address of the bucket to be the next the next seed in that chain and then forward the bucket other Other behavior that was that were supported is the insert and the encab where you want to take the ibv6 traffic and Insert it into into srv6 policy which you add an ibv6 header and segment routing header This srv6 behavior is supported on Interface spaces so any ibv6 address that is associated with an interface in linux and this interface has srv6 enabled So we consider it as local seed Also ibv2 with was extended to support adding an srv6 policy and here if you want to enable srv6 you have to enable for the srv6 and then per interface you can Just like cctl for per interface to enable the srv6 And if you want to add the segment routing policy What you have to do is it's implemented like In as a lightweight tunnel in the linux kernel. So basically you match on this prefix. This is your local seed and here you choose the encapsulation node which is segment routing v6 and the node of the encapsulation in segment routing v6 which can be insert or or encapsulation and you add the the seed list that you that you want to That you want to encapsulate or you want to add on the top of the bucket And then in kernel 4.14 which was released in last november More support comes to the linux kernel regarding srv6 Like the encad layer 2 which allow you to encapsulate layer 2 frames and segment routing encapsulation for the use cases of layer 2 vbm And also it supports this encapsulation of ibv4 traffic into srv6 and some other Functions that you can find more information in the segment routing ietf draft Also ib route again was extended to support the new feature here you can choose which function you want to to add your local seed and The action required for this local seed and then the device or Which which is the routing table that is that is used as the as a local seed table This This what what what is in the in the linux tree? There are some other implementations that is out of the tree Basically this one for supporting the chaining of of srv6 unaware function So basically you have network service function that is running into a container and but this service This kernel dual is inserted in the pre routing Hook and it takes the bucket remove the sr encapsulation Before handing the bucket to the service function and then cache the header and when the buckets comes back from the the service The service function We insert the segment routing Information that we cached and then the bucket continue the traverse of the linux kernel So this was for the unaware service function But then there are more advantage of having your service function or network function service routing aware first is If you have a service function that's segment routing then you need to configure their Vmf or their service function as state in In your machine But if you have your segment routing, if you have your service function segment routing aware, you do need to have this state information Basically you can leverage all of the information the segment routing header And the service function has a complete vision of the bus of the bucket So if you have a firewall it has a complete vision of the bus of the bucket so it can filter Is a bucket So what we implemented as a segment routing aware service function that we consider which is a segment routing aware firewall This is the first ever segment routing aware function Basically what it is it's an advanced firewall With extended matching capabilities that can match Buckets based on the outer header or the segment routing header or even the inner bucket And also it can perform some segment routing Specific application, especially for the case of service function chaining where you can do branching inside your Urechain So let's take an example of Firewall, this is a normal firewall if the firewall receives a segment routing bucket it has no way to To see the information of the segment routing Information so the firewall has a limited view of the of the packet If I run this firewall with the proxy solution So When it receives iB this SRv6 packet it will remove the segment routing information and basically the firewall can just just see the the inner bucket If I have a segment routing firewall, which is our implementation when you receive the bucket the firewall Can Do matching based on all of this information based on the outer header the inner header the segment routing information the TLV or And also the bay load of the bucket How we implemented our firewall Basically, we extended the iB6 table implementation the Linux kernel. We added three new extensions with the net filter framework The segment routing header and the inner for matching the inner bucket and a new segment routing target for for performing segment routing specific Infra action and the first the first the first module is already now Merged into the Linux 3 it should be available in Linux 4.16 And from the user space, we also in We also extended the iB tables implementation to support these new Functionalities we add three shared libraries to iB table implementation And also one the one for already Merged with iB tables 3 How the how the command line of the of the new firewall looks like so basically this is the SRH module And this is the the the new matching option that you get you can match basically on All of the fields of the segment routing header You can match the inner Source and destination of the of the of the packet and also you can perform as segment routing specific information action, which means that For example, if you receive a segment routing bucket and this bucket match some criteria, you can say Either go to the next which is the default go to the next seed in the in the seed list or you can Skip the next seed for example, if you have a firewall followed by intrusion detection system And you want to skip the intrusion detection system for a subset of the traffic You can say just skip the next the next seed and continue Or you can skip all of the seed list and go to the last one in the service chain and here an example of Rule extended rule that match based on the inner iB address of the packet and the segment routing header and the action can be an Standard reaction which is drop or it can also be an extended segment routing action which go to the last Service in the chain and that's it Okay, so actually at the beginning I was saying that ipv6 is providing reachability Well, what we actually believe is that um srb6 is actually enlisting The full ipv6 potential because we can actually do on top of ipv6 traffic engineering first route bpns nfb Things like for example network slicing for 5g And sd1 for example and all these with great scalability with A huge amount of automation and all together in a single protocol And also and I would like to give you a brief overview of the srb6 project assets for srm pls Which started four years ago So for srb6 we actually did the very first demo for concast was actually in april 2016 But when we pushed really strong it was uh on march 2017 laxia where we published the atf draft and we actually Showed in um pls world congress with the bbp and the linux implementations And then from there we added some sys complementations on sysco hardware some birth food implementations and then it interrupts and then Late last year we covered sd1 in the in the sd1 summit and then this year What I can advance is that we are focusing a lot on 5g and network slicing And this final slide What I would like is if you have time just check our website Maybe try to read the draft play with bbp and srx and really Create your own signal routing our applications. It's extremely simple. We are saying that there is Um a huge market for it from the service provider markets And in case you have any question you can always Write us and we'll be glad to support you So that's it now you can go for beers So anybody have any questions We've got a few minutes How do you think signal routing will be compatible with all the off-road technologies from the from the nick like TCP off-road gdp off-road checks on off-road and so on I'm not sure I understood the question So I think the question was whether our signal routing is um compatible with all the off-loading capabilities of the nick um, so Well, uh, yes, it is but I mean, where do you want the compatibility I mean, usually the question why I say this is well, usually the you would have a tcp You would have a an end customer that is adding the tcp packet and then it just reaches the sp network And from there you add encapsulation um, so Where do you want to have the off-road compatibility? Okay. Yeah. So for example in bbp, that is the example that we are We're ambi Where our expertise it is compatible with the off-loading capabilities where we do the proxy mechanisms Then in other platforms, I would need to check I don't know, but I don't see any reason why it would not be compatible The the how for example, how you compute a tcp checksum When you have a signal routing header is defined like 15 years ago in the year of c20 or 60 So there is nothing really to add compatibility for srv6 Any other questions? I will come around with the mic Anybody up the back down sides left side right side Is that the right or the left? No In that case, thank you. Um I didn't get your name I'm ed and uh, Pedro um, and that is the end of our Our stn and nfv dev room for at least for another couple of hours um You're all invited uh to the uh mankin piss cafe at 7 30 p.m There will be a round of drinks sponsored by red hot and a round of drinks sponsored by sisco dev net So you're welcome to join us And we are we're looking forward to seeing you all next year if we manage to get this dev room again I think this has been a great day. Thank you very much to my co-organizers Um, I gotta call out, uh, tomah mongelon Charles echo Ray kinsler and hiding over the chris price The five of us have been involved To the extent that people could um from putting this together for for the last few months. So um, thank you all. Um And thanks for coming