SRv6 Network Programming Self-study Series | SRv6 Network Solution

Book source: "SRv6 Network Programming: Opening a New Era of IP Networks"

This book has been published for many years, but I read it again many years later because of work needs. In addition to reviewing, I found that I have learned more knowledge. Organize the reading notes while studying, and share them with everyone. If the copyright is violated, it will be deleted. Thank you for your support!

Attach a summary post: SRv6 Network Programming Self-study Series | Summary_COCOgsta's Blog-CSDN Blog

---

SRv6 can be applied to a single network domain, such as single autonomous domain networks such as IP backbone networks, metropolitan area networks, mobile bearer networks, and data centers, and can also be applied to end-to-end networks, such as cross-domain VPNs and operator-to-operator.

8.1.1 Typical Deployment Scenarios of an SRv6 Network in a Single Autonomous Domain Network

1. Typical Deployment Scenarios on an IP Backbone Network

Figure 8-1 Typical networking of IP backbone network

The SRv6 network can be used to carry all services in the IP backbone network, including Internet access services, leased line services, and voice services. Different services have different SLA requirements, and you can choose to use SRv6 BE paths or SRv6 TE tunnels to bear according to specific service requirements.

In addition, certain Internet services can also use SRv6 TE tunnels to implement fine-grained scheduling to meet the requirements of high-value service assurance scenarios such as traffic cleaning or online games.

In the IP backbone network, different services are carried by different types of VPNs. These VPNs can choose to use corresponding SRv6 bearer solutions according to the types of services carried.

• Internet services can be carried by SRv6 L3VPN, or by IP over SRv6, or directly by Native IP.
• Enterprise Layer 3 leased lines can be carried by SRv6 L3VPN.
• Enterprise Layer 2 private lines can be carried by SRv6 EVPN E-Line/SRv6 EVPN E-LAN/SRv6 EVPN E-Tree.
• Voice services can be carried through SRv6 L3VPN.

1. Typical Deployment Scenarios in a MAN

The MAN is also an important scenario for SRv6 network deployment. Figure 8-2 shows its typical network. The fixed broadband and enterprise private line services carried by the following MANs can all be carried by the SRv6 network.

• Fixed broadband: Common services can be carried by SRv6 BE; high-value services (such as games) can be carried by SRv6 TE to provide SLA guarantee.
• BTV (Broadcast Television) service in fixed broadband: can be carried by BIERv6. For the introduction of BIERv6, please refer to Chapter 12.
• Enterprise private line services: Ordinary private lines can be carried by SRv6 BE paths; high-value private lines can be carried by SRv6 TE tunnels.

Figure 8-2 Typical MAN networking

The MAN usually uses L3VPN/L2VPN to bear services. The SRv6 bearer scheme that can be used for VPN services is as follows.

• Access side of fixed broadband (access network to BNG): can be carried by SRv6 EVPN E-LAN/SRv6 EVPN E-Tree.
• The network side of fixed broadband (BNG to the Internet): it can be carried by SRv6 L3VPN.
• Enterprise Layer 3 leased line: It can be carried by SRv6 L3VPN.
• Enterprise Layer 2 leased line: can be carried by SRv6 EVPN E-Line/SRv6 EVPN E-LAN/SRv6 EVPN E-Tree.

The SRv6 network can be used to carry all services in the MAN, and has great advantages in guaranteeing high-value service SLAs and simplifying multicast service deployment.

1. Mobile bearer network

The mobile bearer network is an important network scenario for SRv6 network deployment. Figure 8-3 shows a typical mobile bearer network. The mobile bearer network usually includes three roles.

• CSG (Cell Site Gateway, base station side gateway): Located at the access layer, it is responsible for the access of the base station.
• ASG (Aggregation Site Gateway, aggregation side gateway): Located at the aggregation layer, it is responsible for aggregating CSG service flows.
• RSG (Radio Network Controller Site Gateway, gateway on the base station controller side): As the egress of the bearer network, it is connected to the IP backbone network.

Figure 8-3 Typical networking of a mobile bearer network

Note: Biz means Business, business.

EPC stands for Evolved Packet Core, an evolved packet core network.

AS stands for Autonomous System, autonomous system.

IPTV is Internet Protocol Television, Internet TV.

The main services carried by the mobile bearer network are wireless voice and Internet access services. Some mobile bearer networks also carry enterprise private lines. These services can be carried by SRv6.

• Wireless voice service: SLA requirements are relatively high, generally carried by SRv6 TE.
• Wireless Internet access services: usually carried by SRv6 BE, and high-value services such as games can also be carried by SRv6TE.
• Enterprise private line service: Ordinary private lines can be carried by SRv6 BE; high-value private lines can be carried by SRv6 TE.

Generally, wireless services on the mobile bearer network are carried by SRv6 L3VPN, and enterprise private line services are carried by SRv6EVPN E-Line/SRv6 EVPN E-LAN/SRv6 EVPN E-Tree.

It can be seen that the SRv6 network can be used to carry all services in the mobile bearer network, and has great advantages in high-value application scenarios such as high-value private line SLA guarantee and voice bearer.

1. Typical Deployment Scenarios in Data Center Networks

SRv6 can also be deployed in data center networks. Figure 8-4 shows a typical data center network. Among them, the Border Leaf is the data center exit and is connected to the WAN, the Server Leaf is the device connected to the server in the data center, and the Spine is used to aggregate the Server Leaf nodes.

Figure 8-4 Typical networking of a data center network

Note: FW is Firewall, firewall.

LB is Load Balancer, load balancer.

A data center is a complete set of facilities that provide information services to the outside world, including computing, storage and networking. At present, the data center network mainly implements the connectivity of tenants and the traffic isolation between multiple tenants by deploying VXLAN. However, VXLAN can only implement best-effort forwarding based on IP, and cannot provide TE functions, such as forwarding based on specified paths.

Using SRv6 EVPN can implement the multi-tenant isolation function provided by VXLAN, and can also implement specified path forwarding of tenant traffic based on SRv6TE. The data center network is also one of the typical scenarios for SRv6 network deployment. For example, Line's data center network in Japan has already deployed the SRv6 network.

8.1.2 Applications on end-to-end networks

The service bearer of the end-to-end network is a very important application of SRv6. In Chapter 2, we briefly introduced the technical advantages of SRv6 over MPLS and SR-MPLS in cross-domain scenarios, which will be further explained here. Typical applications of end-to-end networks include cross-domain VPNs and carrier-to-carrier.

1. Cross domain VPN

If the traditional network service deployment spans multiple network autonomous domains, you can choose to use Option A, Option B, and Option C to carry services. These three cross-domain methods are deployed in actual networks. But it is more complicated to deploy. Option A is currently widely used in cross-domain networks. For an end-to-end leased line service, if Option A is used for deployment, the typical deployment method is shown in Figure 8-5.

Note: Option A VPN cross-domain refers to the form of VRF-to-VRF. The two nodes connected across domains are PE/CE to each other, learn each other's detailed VPN routes, and forward based on IP.

Figure 8-5 Option A cross-domain network

In the above scenario, the access layer and aggregation layer use PW + L3VPN to carry services, and the aggregation layer and backbone layer use Option A to deploy VPN across domains. Therefore, in this cross-domain scenario, 8 service configuration points (8 nodes in Figure 8-5) are required to activate a service, and the resource division (such as VLAN) of the entire network service needs to be uniformly allocated on the IP backbone network And management, which makes the complexity of business deployment very high.

Seamless MPLS is a technology used to solve cross-domain network intercommunication, and it is also a commonly used cross-domain service bearing method on the live network [1]. Seamless MPLS draws on the idea of ​​Option C cross-domain VPN technology, and its core is to provide end-to-end connectivity between any two points on the network. Through Seamless MPLS, VPN services only need to be deployed at two endpoints, instead of deploying VPNs on cross-domain border routers. Compared with the VPN cross-domain technology of Option A, Seamless MPLS reduces the number of service configuration points, but Seamless MPLS still has shortcomings in supporting large-scale networks. The main reason is that Seamless MPLS needs to rely on BGP to establish cross-domain LSPs.

As shown in Figure 8-6, in order to establish an end-to-end BGP LSP, the loopback address (that is, the 32-bit route) of the device at one end needs to be infiltrated to the device at the other end and the corresponding label is distributed. Routes of all loopback interfaces on the entire network must be propagated to each other, which places very high performance requirements on the routing control plane and forwarding plane of network nodes (especially edge nodes). If there are 100,000 nodes in the network, according to the network scalability requirements of Seamless MPLS, it is required that the network nodes can support at least 100,000 routes and LSPs.

Figure 8-6 Seamless MPLS inter-domain network

When deploying Seamless MPLS, in order to reduce the pressure on access nodes, the usual method is to configure routing policies on the border nodes of the network domain when establishing services, and distribute the loopback interface routes penetrating into the domain from outside the domain to the access nodes as needed. Ingress node, but this deployment method greatly increases the complexity of configuration.

Compared with traditional VPN cross-domain and Seamless MPLS, SRv6 is based on IPv6 forwarding, which naturally supports cross-domain connectivity, and IPv6 routes support aggregation, so the number of access node routes is less. Using the end-to-end SRv6VPN technology to implement cross-domain can not only reduce service configuration points, but also can open up services through aggregated routes, significantly reducing performance requirements on network nodes, as shown in Figure 8-7.

Figure 8-7 End-to-end SRv6 network

On an end-to-end SRv6 network, when planning IPv6 addresses, each network domain configures a network segment address that can be aggregated as the locator space, which is used to allocate locators to devices in the network domain, and only the aggregated locator routes can be advertised externally. If no IPv6 loopback interface has been configured on the network before, the address of the loopback interface and the locator can be allocated in the same large network segment, and only the aggregated route with the address of the locator and the address of the loopback interface is advertised externally, further reducing the number of routes. As shown in Figure 8-7, allocate an independent network segment at the access layer and aggregation layer, allocate an independent network segment at the backbone layer, and advertise IPv6 routes (Locator and Loopback interface addresses) between the aggregation layer and the backbone layer. , only aggregated routes are advertised. SRv6 service nodes only need to learn aggregated routes and routes in the local area to carry out end-to-end SRv6 services. At the same time, service configuration points are reduced from multiple endpoints to only service access head and tail nodes. Therefore, detailed routing in a certain domain will not spread to other domains, and routing changes in a certain domain, such as route flapping, will not cause frequent changes in routes in other domains. While enhancing security, the stability of the network has also been improved. This also makes SRv6 have a very obvious advantage over other technologies in cross-domain VPN bearer.

1. carrier's carrier

In a VPN, the user of the VPN service provider may itself be a service provider. In this case, the former is called Provider Carrier (provider operator) or First Carrier (first-level operator), and the latter is called Customer Carrier (customer operator) or Second Carrier (secondary operator), As shown in Figure 8-8. This networking model is called carrier-by-carrier, and the second-tier carrier is the VPN client of the first-tier carrier.

Figure 8-8 Carrier networking of carriers

As shown in Figure 8-9, to maintain good scalability, the CE of the first-level carrier (that is, the PE of the second-level carrier) only advertises the routes inside the network of the second-level carrier to the PEs of the first-level carrier. Publish the routes of the second-tier carrier customers, that is, the routes of the second-tier carrier customers will not be advertised to the first-tier carrier network. Therefore, it is necessary to run MPLS (LDP or Labeled BGP) between the PEs (PE1 and PE2) of the first-level operator and the CEs (CE1 and CE2) of the first-level operator, and between the CEs (CE1 and CE2) of the first-level operator The MPLS network needs to be deployed between the PEs (PE3 and PE4) of the second-tier carrier, and MP-BGP needs to be deployed between the two PEs (PE3 and PE4) of the second-tier carrier. The service deployment is very complicated.

Figure 8-9 Carrier's traditional business model

However, SRv6 VPN can be forwarded based on Native IP. If the second-tier operator uses SRv6 VPN technology, then there is no need to run MPLS between the second-tier operator and the first-tier operator, and only need to connect the Locator route and the Loopback route of the second-tier operator Through the proliferation of first-level operators to establish connectivity, second-level operators can provide end-to-end VPN services based on IPv6 connectivity. For a Tier-1 carrier, CE1/CE2 is the same as CE in a common VPN scenario, which greatly simplifies the complexity and workload of VPN service deployment, as shown in Figure 8-10.

Figure 8-10 Carrier's SRv6 business model

For operators based on the SRv6 business model, only ordinary IGP or BGP needs to be deployed between the PE of the first-level operator and the CE of the first-level operator to diffuse the routes of the second-level operator network, without deploying an MPLS network . The first-level operator publishes the learned network IPv6 route of the second-level operator as a VPN route of the first-level operator between different sites of the first-level operator. After the distribution of IPv6 routes on the secondary carrier's network is completed, IBGP (Internal Border Gateway Protocol, Internal Border Gateway Protocol) neighbors are directly configured between the PEs of the secondary carrier, and SRv6 VPN is established to publish the customer routes of the secondary carrier. , carrying the user services of the secondary operator. Therefore, the use of SRv6 to implement the operator's operator network can reduce the service configuration points to only the head and tail nodes, and there is no need to maintain multi-segment MPLS networks, which significantly reduces the difficulty of deployment.