BRKENT-1520

Segment Routing Innovations
in IOS XE (Enterprise)
Jason Yang, Principle Technical Marketing Engineer
Sumant Mali, Engineering Product Manager
BRKENT-1520
#CiscoLive
Cisco Webex App
https://ciscolive.ciscoevents.com/
ciscolivebot/#BRKENT-1520
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space
4 Enter messages/questions in the Webex space
Webex spaces will be moderated Enter your personal notes here
by the speaker until June 7, 2024.
BRKENT-1520 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Why SRv6 in Enterprise
Agenda SRv6 Use Cases in EN
SRv6 Introduction
The Legacy Service Creation
Limited Cross-domain Automation, Cumbersome Service Assurance
Branch/Campus Complex E2E Quality of Service (QoS)

Last Mile Middle Mile Data Center
VXLAN L2VPN L3VPN VXLAN VNF VNF
IP Ethernet MPLS IP
End-to-end service provisioning is lengthy and complex

• Multiple network domains under different management teams
• Manual operations
• Boundary Gateways requiring DPI / Protocol Conversion
• Heterogeneous underlay and overlay networks
• Consequence: Low Scale, High Cost, Low Reliability
#CiscoLive BRKENT-1520 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Today “Network as a Fabric” for Service Creation
SR-MPLS
Homogenous Cross-domain Automation & Assurance
SDN
Controls
Branch/Campus
VXLAN VPN L2/L3 VXLAN

VNF VNF
IP Segment Routing IP
End-to-end service provisioning across the WAN is simple

• Multiple network domains under same management teams
• Automated operations
• Homogenous underlay and overlay networks across the WAN
Future “Network as an API” for Service Creation
SRv6
Homogenous Cross-domain Automation & Assurance
SDN
Control
Branch/Campus
VXLAN VNF VNF

Segment Routing v6 (transport, services and programmability)
IP
End-to-End service provisioning is integrated with NfV, SDN

• Multiple network domains under same management teams
• Automated operations
• Integrated underlay and overlay networks
• Network as API – programmable end to end user to app solution
• Hyper Scale
SRv6 Use Cases
in Enterprise
SRv6 Use Cases in Enterprise
Segments Needs Solution – SRv6
• National Critical Infra • Reliable and resilient • Simplify network stack –

network second to none no legacy protocol encap
• Energy Services
• Network makes their own • Universality: WAN, xHaul,
• Military Protected Core DC, Metro, IoT, Host, etc.
routing decision, no
• Large Enterprise dependency on controller. • Enables tight application
• Security domain compliance interaction w/ network i.e.
in each country application-driven
They all have their own
network programmability
private WAN, w/ public
networks as add-on • Seamless brownfield
deployment with classic
IPv6
TE FRR VPN NFV Scalability Automation Single

protocol
Case Study 1 – National Critical Infra
Customer Requirements:
• IPv6 over multiple transports
• L3 Segmentation Transport1 Operational
Site
• Voice & Video needs to be routed Head Quarter
to low latency path Public

Backbone Transport
• M365 needs to be routed to high
BW path
Transport3
• Business critical app needs to be
routed over Transport1, if
unreachable find the best
alternative SLA path
• If primary path fail, then traffic
needs to be re-routed to
alternative path within few seconds
Case Study 2 - Manufacturing Network
Customer Requirements: App Servers
VPN
IPv6 native to SRv6 migration

Headend
•
• Multi-sites connected via private Mgmt

Zone
SVC
Zone
Firewall
SVC
VRF
Mgmt
Zone
WAN
Mgmt SVC SVC Mgmt
• App(IPv6), VPN(IPv4) and traffic VRF VRF VRF VRF
segmentation Agg Site1 Agg Site2
• Remote VPN can not be terminated

in regional sites but in DC VPN
headend WAN
Mgmt Mgmt
• Bridge-domain for L2 with BDI for L3 VRF VRF
Regional SiteX Regional SiteY
• Fast Reroute for link/node failure
• WAN MACsec
Remote Users Remote Users

Case Study 3 – Transportation Requirement
Customer Requirements
• MPLS to SRv6 migration
• Turn CE into CPEs to have CE PE P P P PE CE
end to end SRv6 uSID and

only one touchpoint to
provision new services to
the “object” directly on the
cPE.
• “Always-on / never out”
network
Existing network problems:

• MPLS VPN with VRF lite to CE and a lot of
touchpoint to provision services,
• slow convergence and
• complex redundancy
SRv6
Introduction
ver tc flow label
payload length next 43
header hop limit
IPv6 Header
SRv6
RFC 2460
source address
• IPv6 Header
destination address
• Destination IP address
• Next header field: next header hdr ext len 4 type
routing segments left
first segment flags tag
• TCP, UDP, ICMP....
• IPv4, IPv6, L2 SID[0]
• Hop by Hop, Dest. Options,
Fragmentation, Authentication SID[1]
RFC 8754
SRH
Header …
• Routing Header
0 Source Route (deprecated)
1 Nimrod (deprecated) SID[n-1]
2 Type 2 (RFC 6275)
Optional TLVs
3 RPL (RFC 6554)
4 SRH (RFC 8754)
ver tc flow label
payload length next 43
header hop limit
IPv6 Header
SRH source address
• Segment Routing Header

ACTIVEaddress
destination SID
• First Segment
next header hdr ext len 4 type
routing segments left
• Pointer to very first SID first segment flags tag
copy
• Segments left
SID[0]
• Pointer to Active SID
• Active SID always in destination SID[1]
SRH
addr
ACTIVE SID
SID[n-1]
Optional TLVs
SRv6 Full SID
S R R1 R2 R3 R4
BGP:2001:db8:0:4:eeee::
SA:2001::1 SA:2001::1 SA:2001::1
DA:2001:db8:0:1:1:: DA:2001:db8:0:2:1:: DA:2001:db8:0:3:48::
NH:RH NH:RH NH:RH SA:2001::1
DA:2001:db8:0:4:eeee::
Type:4(SRH) Type:4(SRH) Type:4(SRH)
NH:IPv4
NH:IPv4|SL:3 NH:IPv4|SL:2 NH:IPv4|SL:1
Segment List: Segment List: Segment List:
[0]:2001:db8:0:4:eeee:: [0]:2001:db8:0:4:eeee:: [0]:2001:db8:0:4:eeee::
[1]:2001:db8:0:3:48:: [1]:2001:db8:0:3:48:: [1]:2001:db8:0:3:48::
[2]:2001:db8:0:2:1:: [2]:2001:db8:0:2:1:: [2]:2001:db8:0:2:1::
[3]:2001:db8:0:1:1:: [3]:2001:db8:0:1:1:: [3]:2001:db8:0:1:1::
SID Structure
128 Bits Like IPv6 address but different semantics
1111:2222:3333:4444:5555:6666:7777:8888
Locator Function
Padding
Block Node
Function Argument Padding
ID
SRV6 Encapsulation
Why SRv6 uSID SA:2001::1
DA:2001:db8:0:4:1:0:0:0
NH:RH
: 0100 : =SRV6 uSID Type:4(SRH)

NH:IPv4|SL:1
Segment List:
[0]: 2001:db8:0:5:45:0:0:0
16 bits here, but can be anything [1]: 2001:db8:0:4:1:0:0:0

[2]: 2001:db8:0:3:48:0:0:0
[3]: 2001:db8:0:2:1:0:0:0
[4]: 2001:db8:0:1:42:0:0:0
SA:7.5.4.3
DA:11.6.19.71
SRV6 uSID Container Port:UDP
UDP Header/Data
2001 :0db8 : 0100 : 0200 : 0300 : 0400 : 0500 : 0000

SRV6 uSID Encapsulation
SRv6 uSID uSID uSID uSID uSID uSID EoC SA:2001::1
DA:2001:db8:100:200:300:400:500::
Block 1 2 3 4 5 6 NH:IPv4
32 bits here,
SA:7.5.4.3
DA:11.6.19.71
but can be anything

Port:UDP
UDP Header/Data
SRv6 uSID F3216
S R R1 R2 R3 R4
BGP:2001:db8:4:eeee::
SA:2001::1 SA:2001::1 SA:2001::1 SA:2001::1

DA:2001:db8:1:2:3:e000:4:eeee DA:2001:db8:2:3:e000:4:eeee:: DA:2001:db8:3:e000:4:eeee:: DA:2001:db8:4:eeee::
NH:IPV4 NH:IPV4 NH:IPV4 NH:IPV4
SRv6 functions: Network Programming and Services
What is supported in IOS XE
Codename Behavior
End uN END with Next – Default endpoint [Node SID]
End.X uA Endpoint with Layer-3 cross-connect [Adj SID]
End.DT6 uDT6 Endpoint with decapsulation and specific IPv6 table lookup [L3VPN IPv6 Per-VRF]
End.DT4 uDT4 Endpoint with decapsulation and specific IPv4 table lookup [L3VPN IPv4 Per-VRF]
End.DT46 uDT46 Endpoint with decapsulation and lookup IPv4 and IPv6 in same VRF [L3VPN single SID for
both IPv4 and IPv6]
IS-IS for SRv6
LSP (Link State Packet):
TLVs: Lo0
Hostname: r2 fcbb:0:2::1/128
Interfaces: Ten0/0/0 uA:fcbb:0:2:e001::
Structure: BL=32;NL=16;FL=16;AL=0
Te0/0/1 uA:fcbb:0:2:e002::
Locator:
fcbb:0:2::/48 r2 uA:fcbb:0:2:e002:: r3
Te0/0/1
Lo0 uN:fcbb:0:2:: Structure: BL=32;NL=16;FL=16;AL=0
Neighbors: r1
Structure: BL=32;NL=16;FL=0,AL=80
r3 uA:fcbb:0:2:e001::
IP addresses: fcbb:0:2::1/128 :
2001:12::2/64
2001:12::2/64 Te0/0/0
Locator: fcbb:0:2::/48
uN:fcbb:0:2::
Structure: BL=32;NL=16;FL=0,AL=80
Capabilities: Algorithms …… r1
SIDs can insert
SIDs can decap
……….
BGP for SRv6
VPNv4 :10.10.22.0/24
NH:2001::3
RD-1:1
iBGP RT -1:1
uDT4– fcbb:bb00:3:e002::
IPv4 :10.10.22.0/24 IPv4 :10.10.22.0/24

NH:10.1.21.1 NH:10.3.22.22
eBGP eBGP
2001::3
2001::1
IPv6
CE1 PE1 Locator – fcbb:bb00:3::/48 PE3 CE3
10.1.21.21
uDT4 – fcbb:bb00:3:e002::
10.3.22.3
10.1.21.1
10.3.22.22
L3 VPN Forwarding
SA:2001::1
DA:fcbb:bb00:3:e002::
NH:IPv4
SA:10.10.21.10
DA:10.10.22.10
NH:UDP
UDP Header/Data
2001::3
2001::1
SA:10.10.21.10 SA:10.10.21.10
DA:10.10.22.10 DA:10.10.22.10
NH:UDP NH:UDP
UDP Header/Data UDP Header/Data

IPv6
CE1 PE1 PE3 CE3
10.1.21.21
uDT 4– fcbb:bb00:3:e002::
10.3.22.3
10.1.21.1
10.3.22.22
SRv6 Policy
FC0
Per-Destination Policy (PDP) IGP shortest path < fcbb:bb00:3:e002:: >
P(node4, blue)
• The policy determines which candidate path to use based PDP (Node4, green)
on the candidate path’s preference and state FC1
• A candidate path is either dynamic or explicit IGP shortest path
1 3 4
Per-Flow Policy (PFP) Min-delay
• A PFP is identified by <color, endpoint>. It is configured with

a per-flow forwarding class (FC) table with up to 8 entries, 2
with each entry indexed by an FC and pointing to a PDP
Per-Flow Policy w/ ODN/AS BGP update

Prefix A with color blue
• The egress node advertise BGP route for a prefix A to the
ingress node with SLA hint "color-blue" encoded with an
ext. BGP color community. IGP shortest path
• BGP dynamically instantiate SRv6 policies to steer traffic 1 3 4 Prefix A

onto on-demand next-hop (ODN) Min-delay
• An ePBR policy is applied to the ingress interface to
classify traffic and associated with the FC.
2
Performance Measurement for SRv6
• PM Liveness Detection
• PM probes all the segment lists of every candidate paths
• Probes are sent every 3 seconds
• Option to configure the path programmed in HW only after it was validated with PM probes
• Reoptimize to a different candidate path if PM probes failed
• Or bring the policy down if no other paths available
• PM delay measurement
RX Timestamp T3
RX Timestamp T4
PM probe response packet Responder

Querier
1 2 3 4
PM probe query packet
TX Timestamp T1 RX Timestamp T2
• 1-way mode delay measurement E2E =(T2-T1)

• 2-way mode delay measurement E2E =(T4-T1)-(T3-T2)
Case Study 1 Solution – National Critical Infra
• IS-IS w/ SRv6 extension as
transport
Transport1
• SRv6 over GRE with Tunnel Operational
Site
Protection for public transport Head Quarter
Public
• SRv6 over MACsec for private Backbone Transport
transport
• SRv6 BGP L3VPN ODN/AS Transport3
• SRv6 PDP/PFP policy to route

the right app to the right path
• PM for policy liveness detection
and latency measurement
Case Study 2 Solution - Manufacturing Network
App Servers
VPN
IS-IS w/ SRv6 extension as

Headend
•
transport Mgmt
Zone
SVC
Zone
Firewall
SVC
VRF
Mgmt
Zone
• SRv6 over MACsec

Mgmt SVC SVC Mgmt
VRF VRF VRF VRF
• SRv6 BGP as service for Agg Site1 Agg Site2
L3VPN
• SRv6 TI-LFA
WAN
Mgmt Mgmt
VRF VRF
Regional SiteX Regional SiteY
Remote Users Remote Users

Case Study 3 Solution – Transportation Network
• IS-IS w/ SRv6 extension IGP-2 IGP-1 IGP-3
• 3 different IGP domains cPE P P P P P cPE
• PCE for inter-domain

reachability
• SRv6 BGP for L3VPN service
• SRv6 TI-LFA
• SRv6 Policy with Flex Algo
SRv6
Capabilities in
EN Routing
Reference
slide
IOS XE 17.12
• IS-IS SRv6 extension
• BGP L3VPN (v4/v6) for SRv6
• SRv6 policy select egress interface on ingress PE via PFP
• Static route for IPv6 and IPv4
• SRv6 over IPv6 GRE with Tunnel Protection
• SRv6 path failure detection and reroute
Reference
slide
IOS XE 17.12 – cont’d

• SRv6 OAM (ping/traceroute)
1. IPv6 ping/traceroute CE-CE
2. IPv4 ping/traceroute CE-CE
3. IPv6 ping/traceroute PE-CE
4. IPv4 ping/traceroute PE-CE
5. IPv6 SID ping/traceroute PE-PE
6. IPv6 VRF ping/traceroute PE-CE using custom SRv6 SID list
Reference
slide
IOS XE 17.12 – cont’d

• SRv6 Performance Measurement (PM)
1. PM liveness for path-proofing and re-optimization
2. PM over IPv6 links for delay metric
3. End-to-end delay measurement
Reference
slide
IOS XE 17.13
• BGP L3VPN On-Demand Next-hop (ODN) and auto steering (AS)
Reference
slide
IOS XE SRv6 uSID and Behaviors

• Supports uSID (F3216), consistent with customer deployment blueprint
• Support End-behaviors*:
• uN (PSP/USD)
• uA (PSP/USD)
• uDT6
• uDT4
• uDT46
• Support Policy Headend behaviors*:

• H.Encaps.Red
*Behaviors reference: rfc8986

Reference
slide
Scale
• Support up to 16 segments in the forwarding list
• 200 PFP
• 1000 PDP
• 2000 Candidate Paths (2 per PDP)
• Max 2 ECMP paths per Candidate Path
• 1000 PDPs * 2 Candidate Paths/PDP * 2 ECMP Paths/Candidate
path = 4000 PM Sessions
Reference
slide
Platforms
• Catalyst 8500/8500L
• Catalyst 8300
• Catalyst 8200
• Catalyst 8000V
• ASR1002-HX
• ASR1001-HX
• ASR1000-RP3/ESP100-X
SRv6 Journey
Reference
slide
SRv6 - the journey
17.15 Radar
• SRv6 TI-LFA • Flex Algo
• SRv6 OAM TE • Flex Algo with TI-LFA
• SRv6 Micro Loop • Oper models

(uLoop) Avoidance • DX2
• SRv6 Path MTU • DT2U
• DT2M
Reference
slide
SR Learning Path
Session ID Title Session Type Speakers Schedule and location
Technical Jose Liste | Jakub Jun 2 | 9:00 am - 1:00 pm

TECSPG-1000 Segment Routing Masterclass
Seminar Horn L2, Breakers BH
Jun 3 | 10:30 am - 12:00
BRKMPL-2203 Introduction to SRv6 uSID Technology Breakout Jakub Horn pm
L3, South Seas B
Jun 3 |10:30 am - 12:00
Preparing for a Successful Segment Routing
BRKMPL-2135 Breakout Jose Liste pm
Deployment -
L2, Surf EF
Jun 3 | 9:30 am - 10:30
Jason Yang |
BRKENT-1520 Segment Routing Innovations in IOS XE Breakout am
Sumant Mali
L3, Palm D
Deploying VPNs over Segment Routed Networks Krishnan Jun 3 | 01:00 PM / LL,
BRKMPL-2131 Breakout
Made Easy Thirukonda Tradewinds DEF
Jun 3 | 9:30 am - 10:30
Empower Your Network with Segment Routing and
BRKMPL-2177 Breakout Thomas Wang am
MPLS Network Migration
LL, Tradewinds DEF
Simplify Your Journey to SR and SRv6 with Cisco Sujay Murthy | Eric Jun 4 | 04:00 PM / LL,
BRKMPL-2043 Breakout
Crosswork Automation Ortheau Tradewinds ABC
Reference
slide
SR Learning Path
Session ID Title Session Type Speakers Schedule and location
Reduced Resolution Time with Svc-centric Approach

BRKSPG-2474 Breakout Paola Arosia
to Troubleshooting
Jakub Horn | Jun 5 | 8:00 am - 12:00
Explore the Power of SRv6: Unleashing the Potential Instructor-led
LTRSPG-2006 Marius Stoica | Alex pm
of Next-Generation Networking - Lab
Kiritchenko Luxor - L1, Lotus 3
Circuit-Style Segment Routing and Service Emulation Jun 5 | 4:00 pm - 5:00 pm
BRKMPL-2133 Breakout Thomas Wang
- L2, Surf CD
Design, Deploy and Manage Transport Slices using Jun 6 | 09:30 AM / LL,
BRKSPG-2263 Breakout Sujay Murthy
SDN Controller and Assurance Tradewinds ABC
Automate Transport Service Provisioning, Jun 6 | 01:00 PM / L3,
BRKSPG-2870 Breakout Deepak Bhargava
Optimization, and Assurance with SDN Controller South Seas J
LABMPL-1201 SRv6 Basics Walk-in Lab Luc De Ghein
Paban Sarma |
Implementing Segment Routing v6 (SRv6) Transport
LABSP-3393 Walk-in Lab Gautam Renjen |
on NCS 55xx/5xx and Cisco 8000: Advanced -
Alexey Babaytsev
Configure and Implement BGP-EVPN with Segment
Walk-in Lab Tejas Lad | Paban
LABSPG-3000 Routing using NCS 55xx/5xx Platforms
Sarma
Call to Action
Explore how SRv6 can help to solve problems in your network and develop
your own use case
Complete Your Session Evaluations
Complete a minimum of 4 session surveys and the Overall Event Survey to be

entered in a drawing to win 1 of 5 full conference passes to Cisco Live 2025.
Earn 100 points per survey completed and compete on the Cisco Live
Challenge leaderboard.
Level up and earn exclusive prizes!
Complete your surveys in the Cisco Live mobile app.
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
Continue • Attend the interactive education

with DevNet, Capture the Flag,
your education and Walk-in Labs
• Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
Contact me at: [email protected]
Thank you
#CiscoLive

BRKENT-1520

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

BRKENT-1520

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKENT-1520

Uploaded by

Copyright:

Available Formats

Segment Routing Innovations

2 Click “Join the Discussion”

3 Install the Webex App or go directly to the Webex space

4 Enter messages/questions in the Webex space

Webex spaces will be moderated Enter your personal notes here

by the speaker until June 7, 2024.

Agenda SRv6 Use Cases in EN

Branch/Campus Complex E2E Quality of Service (QoS)

VXLAN L2VPN L3VPN VXLAN VNF VNF

End-to-end service provisioning is lengthy and complex

VXLAN VPN L2/L3 VXLAN

End-to-end service provisioning across the WAN is simple

VXLAN VNF VNF

End-to-End service provisioning is integrated with NfV, SDN

• National Critical Infra • Reliable and resilient • Simplify network stack –

TE FRR VPN NFV Scalability Automation Single

to low latency path Public

IPv6 native to SRv6 migration

• Multi-sites connected via private Mgmt

segmentation Agg Site1 Agg Site2

• Remote VPN can not be terminated

Remote Users Remote Users

end to end SRv6 uSID and

Existing network problems:

• Segment Routing Header

: 0100 : =SRV6 uSID Type:4(SRH)

16 bits here, but can be anything [1]: 2001:db8:0:4:1:0:0:0

2001 :0db8 : 0100 : 0200 : 0300 : 0400 : 0500 : 0000

but can be anything

SA:2001::1 SA:2001::1 SA:2001::1 SA:2001::1

IPv4 :10.10.22.0/24 IPv4 :10.10.22.0/24

UDP Header/Data UDP Header/Data

• A PFP is identified by <color, endpoint>. It is configured with

Per-Flow Policy w/ ODN/AS BGP update

• BGP dynamically instantiate SRv6 policies to steer traffic 1 3 4 Prefix A

PM probe response packet Responder

• 1-way mode delay measurement E2E =(T2-T1)

• SRv6 PDP/PFP policy to route

IS-IS w/ SRv6 extension as

• SRv6 over MACsec

Remote Users Remote Users

• IS-IS w/ SRv6 extension IGP-2 IGP-1 IGP-3

• 3 different IGP domains cPE P P P P P cPE

• PCE for inter-domain

IOS XE 17.12 – cont’d

IOS XE 17.12 – cont’d

IOS XE SRv6 uSID and Behaviors

• Support Policy Headend behaviors*:

*Behaviors reference: rfc8986

SRv6 - the journey

• SRv6 TI-LFA • Flex Algo

• SRv6 OAM TE • Flex Algo with TI-LFA

• SRv6 Micro Loop • Oper models

Technical Jose Liste | Jakub Jun 2 | 9:00 am - 1:00 pm

Reduced Resolution Time with Svc-centric Approach

Complete a minimum of 4 session surveys and the Overall Event Survey to be

Level up and earn exclusive prizes!

Complete your surveys in the Cisco Live mobile app.

• Book your one-on-one