Segment Routing over IPv6 Overview
Segment Routing (SR) can be applied on both MPLS and IPv6 data planes. Segment Routing over IPv6 (SRv6) extends Segment Routing support with IPv6 data plane.
In an SR-MPLS enabled network, an MPLS label represents an instruction. The source nodes programs the path to a destination in the packet header as a stack of labels.
SRv6 introduces the Network Programming framework that enables a network operator or an application to specify a packet processing program by encoding a sequence of instructions in the IPv6 packet header. Each instruction is implemented on one or several nodes in the network and identified by an SRv6 Segment Identifier (SID) in the packet. The SRv6 Network Programming framework is defined in IETF RFC 8986 SRv6 Network Programming.
In SRv6, an IPv6 address represents an instruction. SRv6 uses a new type of IPv6 Routing Extension Header, called the Segment Routing Header (SRH), in order to encode an ordered list of instructions. The active segment is indicated by the destination address of the packet, and the next segment is indicated by a pointer in the SRH.
The SRv6 SRH is documented in IETF RFC IPv6 Segment Routing Header (SRH).
The SRH is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type | Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Last Entry | Flags | Tag |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Segment List[0] (128-bit IPv6 address) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| |
...
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Segment List[n] (128-bit IPv6 address) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// //
// Optional Type Length Value objects (variable) //
// //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The following list explains the fields in SRH:
-
Next header—Identifies the type of header immediately following the SRH.
-
Hdr Ext Len (header extension length)—The length of the SRH in 8-octet units, not including the first 8 octets.
-
Segments left—Specifies the number of route segments remaining. That means, the number of explicitly listed intermediate nodes still to be visited before reaching the final destination.
-
Last Entry—Contains the index (zero based) of the last element of the segment list.
-
Flags— Contains 8 bits of flags.
-
Tag—Tag a packet as part of a class or group of packets like packets sharing the same set of properties.
-
Segment list—128-bit IPv6 addresses representing the nth segment in the segment list. The segment list encoding starts from the last segment of the SR policy (path). That means the first element of the segment list (Segment list [0]) contains the last segment of the SR policy, the second element contains the penultimate segment of the SR policy and so on.
In SRv6, a SID represents a 128-bit value, consisting of the following three parts:
-
Locator: This is the first part of the SID with most significant bits and represents an address of a specific SRv6 node.
-
Function: This is the portion of the SID that is local to the owner node and designates a specific SRv6 function (network instruction) that is executed locally on a particular node, specified by the locator bits.
-
Args: This field is optional and represents optional arguments to the function.
The locator part can be further divided into two parts:
-
SID Block: This field is the SRv6 network designator and is a fixed or known address space for an SRv6 domain. This is the most significant bit (MSB) portion of a locator subnet.
-
Node Id: This field is the node designator in an SRv6 network and is the least significant bit (LSB) portion of a locator subnet.
SRv6 Node Roles
Each node along the SRv6 packet path has a different functionality:
-
Source node—A node that can generate an IPv6 packet with an SRH (an SRv6 packet), or an ingress node that can impose an SRH on an IPv6 packet.
-
Transit node—A node along the path of the SRv6 packet (IPv6 packet and SRH). The transit node does not inspect the SRH. The destination address of the IPv6 packet does not correspond to the transit node.
-
Endpoint node—A node in the SRv6 domain where the SRv6 segment is terminated. The destination address of the IPv6 packet with an SRH corresponds to the end point node. The segment endpoint node executes the function bound to the SID
SRv6 Head-End Behaviors
The SR Headend with Encapsulation behaviors are documented in the IETF RFC 8986 SRv6 Network Programming.
The SR Headend with Insertion head-end behaviors are documented in the following IETF draft:
https://datatracker.ietf.org/doc/draft-filsfils-spring-srv6-net-pgm-insertion/
SRv6 Endpoint Behaviors
The SRv6 endpoint behaviors are documented in the IETF RFC 8986 SRv6 Network Programming.
The following is a subset of defined SRv6 endpoint behaviors that can be associated with a SID.
-
End—Endpoint function. The SRv6 instantiation of a Prefix SID [RFC8402].
-
End.X—Endpoint with Layer-3 cross-connect. The SRv6 instantiation of an Adj SID [RFC8402].
-
End.DX6—Endpoint with decapsulation and IPv6 cross-connect (IPv6-L3VPN - equivalent to per-CE VPN label).
-
End.DX4—Endpoint with decapsulation and IPv4 cross-connect (IPv4-L3VPN - equivalent to per-CE VPN label).
-
End.DT6—Endpoint with decapsulation and IPv6 table lookup (IPv6-L3VPN - equivalent to per-VRF VPN label).
-
End.DT4—Endpoint with decapsulation and IPv4 table lookup (IPv4-L3VPN - equivalent to per-VRF VPN label).
-
End.DX2—Endpoint with decapsulation and L2 cross-connect (L2VPN use-case).
-
End.B6.Encaps—Endpoint bound to an SRv6 policy with encapsulation. SRv6 instantiation of a Binding SID.
-
End.B6.Encaps.RED—End.B6.Encaps with reduced SRH. SRv6 instantiation of a Binding SID.
SRv6 Endpoint Behavior Variants
Depending on how the SRH is handled, different behavior variants are defined for the End and End.X behaviors. The End and End.X behaviors can support these variants, either individually or in combinations.
-
Penultimate Segment Pop (PSP) of the SRH variant—An SR Segment Endpoint Nodes receive the IPv6 packet with the Destination Address field of the IPv6 Header equal to its SID address.
A penultimate SR Segment Endpoint Node is one that, as part of the SID processing, copies the last SID from the SRH into the IPv6 Destination Address and decrements the Segments Left value from one to zero.
The PSP operation takes place only at a penultimate SR Segment Endpoint Node and does not happen at non-penultimate endpoint nodes. When a SID of PSP-flavor is processed at a non-penultimate SR Segment Endpoint Node, the PSP behavior is not performed since Segments Left would not be zero.
The SR Segment Endpoint Nodes advertise the SIDs instantiated on them via control plane protocols. A PSP-flavored SID is used by the Source SR Node when it needs to instruct the penultimate SR Segment Endpoint Node listed in the SRH to remove the SRH from the IPv6 header.
-
Ultimate Segment Pop (USP) of the SRH variant—The SRH processing of the End and End.X behaviors are modified as follows:
If Segments Left is 0, then:
-
Update the Next Header field in the preceding header to the Next Header value of the SRH
-
Decrease the IPv6 header Payload Length by 8*(Hdr Ext Len+1)
-
Remove the SRH from the IPv6 extension header chain
-
Proceed to process the next header in the packet
One of the applications of the USP flavor is when a packet with an SRH is destined to an application on hosts with smartNICs implementing SRv6. The USP flavor is used to remove the consumed SRH from the extension header chain before sending the packet to the host.
-
-
Ultimate Segment Decapsulation (USD) variant—The Upper-layer header processing of the End and End.X behaviors are modified as follows:
-
End behavior: If the Upper-layer Header type is 41 (IPv6), then:
-
Remove the outer IPv6 Header with all its extension headers
-
Submit the packet to the egress IPv6 FIB lookup and transmission to the new destination
-
Else, if the Upper-layer Header type is 4 (IPv4)
-
Remove the outer IPv6 Header with all its extension headers
-
Submit the packet to the egress IPv4 FIB lookup and transmission to the new destination
-
Else, process as per Section 4.1.1 (Upper-Layer Header) of IETF RFC 8986 SRv6 Network Programming
-
-
End.X behavior: If the Upper-layer Header type is 41 (IPv6) or 4 (IPv4), then:
-
Remove the outer IPv6 Header with all its extension headers
-
Forward the exposed IP packet to the L3 adjacency J
-
Else, process as per Section 4.1.1 (Upper-Layer Header) of IETF RFC 8986 SRv6 Network Programming
-
One of the applications of the USD flavor is the case of TI-LFA in P routers with encapsulation with H.Encaps. The USD flavor allows the last Segment Endpoint Node in the repair path list to decapsulate the IPv6 header added at the TI-LFA Point of Local Repair and forward the inner packet.
-
Usage Guidelines and Limitations
General Guidelines and Limitations
-
SRv6 Underlay support includes:
-
IGP redistribution/leaking between levels
-
Prefix Summarization on ABR routers
-
IS-IS TI-LFA
-
Microloop Avoidance
-
Flex-algo
-
Platform-Specific Guidelines and Limitations
-
SRv6 is supported on the following Cisco 8000 series Q200-based line cards and fixed-port routers:
-
Cisco 8800 with 88-LC0-36FH-M, 88-LC0-36FH, 88-LC0-34H14FH line cards
-
Cisco 8201-32FH
-
Cisco 8102-64H, 8101-32-FH
-
-
SRv6 is not supported on Q100-based line cards and fixed-port routers.
-
Egress marking on the outer header during SRv6 encapsulation operations (TI-LFA) is not supported.
-
OAM: Ping and traceroute are supported.
-
This release supports the following SRv6 behaviors and variants:
-
Endpoint behaviors:
-
END with PSP/USD
-
END.X with PSP/USD
-
END.DT4
-
END.DT6
-
-
Head-end behaviors:
-
H.Encap.Red
-
-
Encapsulation Capabilities and Parameters
-
Cisco 8000 series routers are able to add an SRH with one segment. Therefore, a total of two segments are supported (1 SID in the outer DA, and 1 SID in the SRH).
-
Encapsulation Capabilities and Parameters
The following describes the Cisco 8000 series router capabilities for setting or propagating certain fields in the outer IPv6 header for SRv6 encapsulated packets:
-
Source address: Cisco 8000 series routers support a single source address (SA) for SRv6 encapsulated packets. The SA is derived from the SRv6 global configuration; if not configured, it is derived from the IPv6 Loopback address.
-
Hop limit: Cisco 8000 series routers propagate the hop-limit of the inner packet into the outer IPv6 header during encapsulation and decapsulation operations. Propagation of the hop-limit value of locally generated OAM packets into the outer IPv6 header can be enabled via configuration.
-
Overlay encapsulation
Default: propagate=No
The hop-limit propagate command enables propagation from inner header to outer header.
-
Underlay encapsulation (TI-LFA) behavior is always in propagate mode, regardless of the CLI.
Manual configuration of the hop-limit value in the outer IPv6 header is not supported.
-
-
Traffic-class: Cisco 8000 series routers propagate the traffic-class of the inner packet into the outer IPv6 header during encapsulation and decapsulation operations. Propagation of the traffic-class value of locally generated OAM packets into the outer IPv6 header can be enabled via configuration.
-
Overlay encapsulation
Default: propagate=No
The traffic-class propagate command enables propagation from inner header to outer header.
-
Underlay encapsulation (TI-LFA) behavior is always in propagate mode, regardless of the CLI.
Manual configuration of the traffic-class value in the outer IPv6 header is not supported.
-
-
Flow Label:
-
Cisco 8000 series routers use the flow-label from the incoming IPv6 header. In case of USD operations, flow-label is used from the inner IPv6 header.
-
During H.Encap.Red operations, if the inner packet has a flow label (non-zero value), the Cisco 8000 series routers propagate it to the outer IPv6 header. If the flow label is not present (zero), it is computed.
-
-
-
PE role:
-
Overlay H-Encaps: 3 sids (1 carrier with 3 sids per carrier)
-
Configuring SRv6
To enable SRv6 globally, you should first configure a locator with its prefix. The IS-IS protocol announces the locator prefix in IPv6 network and SRv6 applications (like ISIS, BGP) use it to allocate SIDs.
The following usage guidelines and restrictions apply while configuring SRv6.
-
All routers in the SRv6 domain should have the same SID block (network designator) in their locator.
-
The locator length should be 64-bits long.
-
The SID block portion (MSBs) cannot exceed 40 bits. If this value is less than 40 bits, user should use a pattern of zeros as a filler.
-
The Node Id portion (LSBs) cannot exceed 24 bits.
-
-
You can configure up to 8 locators to support SRv6 Flexible Algorithm. All locators prefix must share the same SID block (first 40-bits).
This example shows how to globally enable SRv6 and configure locator.
Router(config)# segment-routing srv6
Router(config-srv6)# locators
Router(config-srv6-locators)# locator myLoc1
Router(config-srv6-locator)# prefix 2001:db8:0:a2::/64
This example shows how to enable the logging of locator status.
Router(config)# segment-routing srv6
Router(config-srv6)# logging locator status
Verifying SRv6 Manager
This example shows how to verify the overall SRv6 state from SRv6 Manager point of view. The output displays parameters in use, summary information, and platform specific capabilities.
Router# SF-D#sh segment-routing srv6 manager
Parameters:
SRv6 Enabled: No
SRv6 Operational Mode: None
Encapsulation:
Source Address:
Configured: ::
Default: 77::77
Hop-Limit: Default
Traffic-class: Default
SID Formats:
f3216 <32B/16NFA> (2)
uSID LIB Range:
LIB Start : 0xe000
ELIB Start : 0xfe00
uSID WLIB Range:
EWLIB Start : 0xfff7
Summary:
Number of Locators: 0 (0 operational)
Number of SIDs: 0 (0 stale)
Max SID resources: 24000
Number of free SID resources: 24000
OOR:
Thresholds (resources): Green 1200, Warning 720
Status: Resource Available
History: (0 cleared, 0 warnings, 0 full)
Platform Capabilities:
SRv6: Yes
TILFA: Yes
Microloop-Avoidance: Yes
Endpoint behaviors:
End.DT6
End.DT4
End.DT46
End (PSP/USD)
End.X (PSP/USD)
uN (PSP/USD)
uA (PSP/USD)
uDT6
uDT4
uDT46
Headend behaviors:
T
H.Encaps.Red
Security rules:
SEC-1
SEC-2
SEC-3
Counters:
None
Signaled parameters:
Max-SL : 3
Max-End-Pop-SRH : 3
Max-H-Insert : 0 sids
Max-H-Encap : 2 sids
Max-End-D : 5
Configurable parameters (under srv6):
Ranges:
LIB : Yes
WLIB : Yes
Encapsulation:
Source Address: Yes
Hop-Limit : value=No, propagate=Yes
Traffic-class : value=No, propagate=Yes
Default parameters (under srv6):
Encapsulation:
Hop-Limit : value=128, propagate=No
Traffic-class : value=0, propagate=No
Max Locators: 16
Max SIDs: 24000
SID Holdtime: 3 mins
Router# :SF-D#
Verifying SRv6 Locator
This example shows how to verify the locator configuration and its operational status.
Router# show segment-routing srv6 locator myLoc1 detail
Name ID Prefix Status
-------------------- ------- ------------------------ -------
myLoc1* 5 2001:db8:0:a2::/64 Up
(*): is-default
Interface:
Name: srv6-myLoc1
IFH : 0x00000170
IPv6 address: 2001:db8:0:a2::/64
Chkpt Obj ID: 0x2fc8
Created: Apr 25 06:21:57.077 (00:03:37 ago)
Verifying SRv6 local SIDs
This example shows how to verify the allocation of SRv6 local SIDs off locator(s).
Router# show segment-routing srv6 locator myLoc1 sid
SID Function Context Owner State RW
-------------------------- ----------- ------------------------------ ------------------ ----- --
2001:db8:0:a2:1:: End (PSP) 'default':1 sidmgr InUse Y
2001:db8:0:a2:40:: End.DT4 'VRF1' bgp-100 InUse Y
2001:db8:0:a2:41:: End.X (PSP) [Hu0/1/0/1, Link-Local] isis-srv6 InUse Y
The following example shows how to display detail information about an allocated SRv6 local SID:
Router# show segment-routing srv6 locator myLoc1 sid 2001:db8:0:a2:40:: detail
SID Function Context Owner State RW
-------------------------- ----------- ------------------------------ ------------------ ----- --
2001:db8:0:a2:40:: End.DT4 'VRF1' bgp-100 InUse Y
SID context: { table-id=0xe0000011 ('VRF1':IPv4/Unicast) }
Locator: myLoc1'
Allocation type: Dynamic
Created: Feb 1 14:04:02.901 (3d00h ago)
show Commands
You can use the following show commands to verify the SRv6 global and locator configuration:
Command |
Description |
---|---|
show segment-routing srv6 manager |
Displays the summary information from SRv6 manager, including platform capabilities. |
show segment-routing srv6 locator locator-name [detail] |
Displays the SRv6 locator information on the router. |
show segment-routing srv6 locator locator-name sid [[sid-ipv6-address [detail] |
Displays the information regarding SRv6 local SID(s) allocated from a given locator. |
show segment-routing srv6 sid [sid-ipv6-address | all | stale] [detail] |
Displays SID information across locators. By default, only “active” (i.e. non-stale) SIDs are displayed. |
show route ipv6 local-srv6 |
Displays all SRv6 local-SID prefixes in IPv6 RIB. |