Service Provider Programmable SDN Solution for the Metro Fabric, powered by Segment Routing and EVPN

Transcription

1

2 Service Provider Programmable SDN Solution for the Metro Fabric, powered by Segment Routing and EVPN Jiri Chaloupka, Technical Marketing Engineer

3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

4 What is Software-Defined Networking (SDN) What is SDN about? -> Automation/Simplification Why? -> Savings SDN is not a protocol SDN is not single industry standard SDN is a solution SDN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

5 Agenda Service Provider (SP) Network Evolution & SDN Metro Fabric - Introduction Transport - Segment Routing MPLS Transport/Services - Programmability Transport - Segment Routing IPv6 (SRv6) Services - EVPN SDN Metro Fabric - Transport and Services Integration Conclusion

6 Service Provider (SP) Network Evolution & SDN Metro Fabric - Introduction

7 Unified MPLS Transport Model Baseline Fixed Access Network IS-IS L1 Aggregation Network IS-IS L2 Core Network IS-IS L2 Aggregation Network IS-IS L2 AS-B AS-A AS-C Mobile Access Network IS-IS L1 PAN Inline RR next-hop-self AGN-ASBR next-hop-self CN-ASBR next-hop-self CN-ASBR next-hop-self AGN-ASBR next-hop-self PAN Inline RR next-hop-self FAN ebgp IPv4+label MTG ebgp IPv4+label CSG FAN ibgp IPv4+label AGN-RR ibgp IPv4+label RR CN-RR RR ibgp IPv4+label AGN-RR RR ibgp IPv4+label ibgp IPv4+label CSG MTG FAN AGN-SE CSG ibgp Hierarchical LSP ebgp LSP ibgp Hierarchical LSP ebgp LSP ibgp Hierarchical LSP LDP LSP LDP LSP LDP LSP LDP LSP LDP LSP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 SP Network - Simplification Journey Unified MPLS EPN 5.0 Metro Fabric Provisioning NETCONF YANG NETCONF YANG Programmability L2/L3VPN Services Inter-Domain CP FRR or TE Intra-Domain CP LDP BGP LDP BGP BGP-LU BGP-LU RSVP LDP IGP with SR IGP BGP IGP with SR 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Framework NSO XTC WAE EPN-M BGP/BGP-LS PCEP Anycast-GW Anycast-GW RR PCEP Segment Routing adoption EVPN - Common Control-Plane SR/LDP Seamless integration Automation PE1 PE3 A1 IGP-SR TI-LFA IGP-SR TI-LFA IGP-SR TI-LFA B1 PE2 PE4 Controller/Orchestration: XTC Provides inter-igp domain path, WAE - WAN optimization NSO Service provisioning EPN-M Service provisioning/service assurance/network Visibility/Fault Management Services: BGP - L3VPN/L2VPN(EVPN), point-to-point services static PW Transport: Segment-Routing with Topology Independent LFA (TI-LFA) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Transport - Segment Routing MPLS

11 Segment Routing - Overview Data Plane Path expressed in the packet Data Dynamic path MPLS (segment labels) IPv6 (+ SR extension header) Control Plane Routing protocols with extensions (IS-IS,OSPF, BGP) SDN controller (BGP LS, PCEP, NETCONF/YANG) Explicit path Paths options Dynamic (STP computation) Explicit (expressed in the packet) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 IGP Prefix Segment Signaled by ISIS/OSPF Minor extensions to existing link-state routing protocols Shortest-path to IGP prefix Equal Cost MultiPath (ECMP)-aware Global significance in SR domain Label = SRGB + Index SRGB = Segment Routing Global Block Default SRGB: 16,000 23,999 Advertised as index Example 1: Best Path All nodes use default SRGB 16,000 23, / Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 IGP Prefix Segment Example 2: ECMP Signaled by ISIS/OSPF Minor extensions to existing link-state routing protocols Shortest-path to IGP prefix Equal Cost MultiPath (ECMP)-aware Global significance in SR domain Label = SRGB + Index SRGB = Segment Routing Global Block Default SRGB: 16,000 23,999 Advertised as index All nodes use default SRGB 16,000 23, / Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 IGP Adjacency Segment Adj to 5 Signaled by ISIS/OSPF Minor extensions to existing link-state routing protocols Forward on IGP adjacency Local significance Automatically allocated by router 1 2 Adj to Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 Combining IGP Segments Signaled by ISIS/OSPF Steer traffic on any path through the network Path is specified by list of segments in packet header, a stack of labels No path is signaled No per-flow state is created Packet to Packet to Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 MPLS Data Plane Operations Segment IPv4: /32 or IPv6: 2001::0101:0104/128 Prefix-SID Payload Push Payload Swap Payload Pop Payload - Assumptions: SR enabled on all nodes LDP not enabled or SRpreferred on Node1 Node4 advertises its loopback v4 or v6 address with attached prefix-sid IPv4 address: /32 IPv6 prefix: 2001::0101:0104/128 Node4 requests default PHP functionality 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 Simple and Efficient Transport of MPLS services MP-BGP MPLS services ride on prefix segments CE PE 3 4 PE CE Simple, one less protocol to operate (LDP) /32 Prefix-SID / ::a00:0/126 vrf RED SR Domain vrf RED 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 Anycast Prefix Segment ID (SID) Same prefix advertised by multiple nodes Traffic forwarded to one of Anycast prefix- SIDs based on best IGP path If primary node fails, traffic is auto rerouted to other node DC (BGP-SR) WAN (IGP-SR) PEER 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 IGP Adjacency Segment IGP Prefix Segment SR Segments Signaled by ISIS/OSPF Minor extensions to the existing link-state routing protocols (OSPF and IS-IS) Shortest-path to the IGP prefix Global in SR domain SRGB + Index => = SRGB: Segment Routing Global Block: default [ ] DC (BGP-SR) WAN (IGP-SR) 7 PEER Signaled by ISIS/OSPF Minor extensions to the existing link-state routing protocols (OSPF and IS-IS) Forward on the IGP adjacency Local Automatically allocated by the router DC (BGP-SR) WAN (IGP-SR) PEER 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 Metro Fabric Transport Configuration IGP with Segment Routing router isis 1 address-family ipv4 unicast metric-style wide segment-routing mpls! interface Loopback0 address-family ipv4 unicast prefix-sid prefix-sid index 1 IGP-SR router ospf 1 router-id segment-routing mpls segment-routing forwarding mpls area 0 interface Loopback0 passive enable prefix-sid index 1 TI-LFA SR/LDP Co-existence LDP->SR migration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 TI-LFA zero-segment example prefix-sid(z) Packet to Z A Z To steer packets on TI-LFA backup path: forward packet to R5 without any additional segment P-space 1000 prefix-sid(z) Packet to Z Packet to Z 4 3 Default metric: 10 Q-space 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 TI-LFA single-segment example prefix-sid(z) A Z Packet to Z Packet to Z To steer packets on TI-LFA backup path: forward packet on interface to R5 push segment {prefix-sid(r4)} prefix-sid(r4) prefix-sid(z) Packet to Z prefix-sid(z) Packet to Z Ext P-space Q-space Default metric: Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 TI-LFA double-segment example prefix-sid(z) A Z Packet to Z Packet to Z To steer packets on TI-LFA backup path: forward packet on interface to R5 push segments {prefix-sid(r4) and adj-sid(r4-r3)} prefix-sid(r4) adj-sid(r4-r3) prefix-sid(z) Packet to Z R4 4 R prefix-sid(z) Packet to Z P-space adj-sid(r4-r3) prefix-sid(z) Packet to Z Q-space Default metric: Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 Metro Fabric Transport Configuration IGP with Segment Routing + TI-LFA router isis 1 address-family ipv4 unicast metric-style wide segment-routing mpls! interface Loopback0 address-family ipv4 unicast prefix-sid prefix-sid index 1 IGP-SR router ospf 1 router-id segment-routing mpls segment-routing forwarding mpls area 0 interface Loopback0 passive enable prefix-sid index 1 router isis 1 interface GigabitEthernet0/0/0/2 address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa TI-LFA router ospf 1 fast-reroute per-prefix fast-reroute per-prefix ti-lfa SR/LDP Co-existence LDP->SR migration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 SRGB MPLS-to-MPLS and MPLS-to-IP All nodes: SR + LDP SR LDP LDP FEC to /32 Prefix-SID index local/in lbl out lbl local/in lbl out lbl local/in lbl out lbl local/in lbl out lbl pop pop Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 SRGB MPLS-to-MPLS and MPLS-to-IP All nodes: SR + LDP SR LDP LDP FEC to /32 Prefix-SID index segment-routing local/in mpls lbl sr-prefer out lbl local/in lbl out lbl local/in lbl out lbl local/in lbl out lbl pop to Payload pop segment-routing mpls (default) Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Metro Fabric Transport Configuration IGP with Segment Routing + TI-LFA + LDP->SR Migration router isis 1 address-family ipv4 unicast metric-style wide segment-routing mpls! interface Loopback0 address-family ipv4 unicast prefix-sid prefix-sid index 1 IGP-SR router ospf 1 router-id segment-routing mpls segment-routing forwarding mpls area 0 interface Loopback0 passive enable prefix-sid index 1 router isis 1 interface GigabitEthernet0/0/0/2 address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa TI-LFA router ospf 1 fast-reroute per-prefix fast-reroute per-prefix ti-lfa router isis 1 address-family ipv4 unicast segment-routing mpls sr-prefer SR/LDP Co-existence LDP->SR migration router ospf 1 segment-routing mpls segment-routing sr-prefer 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Metro Fabric Transport - Data Plane SRTE Policy Anycast-SID Anycast-SID A1 Access PE2 PE3 Core PE4 PE5 Access A6 Transport: End-To-End Inter-Domain LSP by SRTE TI-LFA TI-LFA PE 2/3 PE 4/5 A6 TI-LFA TI-LFA PE 4/5 A6 TI-LFA TI-LFA A Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 Binding-SID Stitching Illustration BSID: BSID: Node Node Node Node Node Node Node Node 10 All Nodes SRGB [16,000-23,999] Prefix-SID NodeX: 1600X Binding-SID X Y: 300XY Node 10 Assume Node1 can t push 8 labels to go to Node10 compress label stack by stitching SRTE Policies: Node1 pushes: 2 labels to go to Node4 Binding-SID to go to Node10 Node4 pops Binding-SID and pushes: 2 labels to go to Node7 Binding-SID to go to Node10 Node7 pops Binding-SID and pushes 2 labels to go to Node Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 The next wave What is segment routing? An LS IGP protocol extension bringing network simplification/optimization No LDP Lighter protocol suite Less adjacencies, less states to maintain No IGP to LDP synchronization Eliminates delays in activating a path Topology independent fast reroute using post convergence back up path 50 ms protection no microloops 100% coverage of network topologies Easy troubleshooting The 2 faces of segment routing An IP/MPLS architecture designed with SDN in mind Right balance between distributed intelligence and centralized optimization and programming SR-TE Wide applications (SP, OTT/Web, GET) across (WAN, Metro/Agg, DC) MPLS and IPv6 dataplanes SDN controller 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 Transport/Services - Programmability

32 Framework NSO XTC WAE EPN-M BGP/BGP-LS PCEP Anycast-GW Anycast-GW RR PCEP Segment Routing adoption EVPN - Common Control-Plane SR/LDP Seamless integration Automation PE1 PE3 A1 IGP-SR TI-LFA IGP-SR TI-LFA IGP-SR TI-LFA B1 PE2 PE4 Controller/Orchestration: XTC Provides inter-igp domain path, WAE - WAN optimization NSO Service provisioning EPN-M Service provisioning/service assurance/network Visibility/Fault Management Services: BGP - L3VPN/L2VPN(EVPN), point-to-point services static PW Transport: Segment-Routing with Topology Independent LFA (TI-LFA) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 BGP-LS Overview Optimal Path Computation for Multi-area TE Solution is BGP, not IGP. BGP-LS is an address-family afi=16388, safi=71 Defined to carry IGP link-state database via BGP Supports both IS-IS and OSPF Delivers topology information to outside agents Domain 0 BGP-LS PCE BGP-LS BGP-LS RR Traffic Engineering Databse (TED) Domain 1 Domain Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 PCEP Architectural Introduction Path computation Large, multi-domain and multi-layer networks Path computation element (PCE) Computes network paths (topology, paths, etc.) Stores TE topology database (synchronized with network) May initiate path creation Stateful - stores path database included resources used (synchronized with network) PCEP PCC PCE LSP DB TED Path computation client (PCC) May send path computation requests to PCE May send path state updates to PCE Used between head-end router (PCC) and PCE to: Request/receive path from PCE subject to constraints State synchronization between PCE and router Hybrid CSPF PCC PCC PCC Open/Close/Keepalive Open/Close/Keepalive Request Reply Notification Notification PCE PCE PCE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 Creating an SRTE Policy by BGP Controller programs an SR TE Policy at ingress SR TE Policy defines the set of explicit paths from ingress to policy endpoint Weighted ECMP among multiple paths BGP SR TE Policy NLRI Color green Endpoint Binding SID: 4001 Segment List Weight: , 16002, Segment List Weight: , 16006, Controller / Low Lat, Low BW DC (BGP-SR) WAN (IGP-SR) PEER 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 XR Transport Controller (XTC) An IOS XR-powered Stateful Path Computation Element (PCE) Multi-Domain topology Collection Real-time reactive feed Computation Native SR-TE algorithms backed by extensive scientific research SR PCE Multi-Domain Topology Collection BGP-LS ISIS / OSPF North-Bound API Computation Deployment PCEP/BGP-SRTE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 WAN Automation Engine (WAE) Multi-layer, multi-vendor network model for path visibility and path computation APIs for planning, optimization, forecasting and traffic engineering WAE is NOT a controller but leverages controllers WAE Network Model 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 PCE controller architecture XTC or XR Transport Controller: Runs as IOS-XR features Collect topology: BGP, ISIS, OSPF and BGP Link State Deploy tunnel: PCEP SR/RSVP, BGP SR-TE Compute: Shortest, Disjoint, Low Latency, Avoidance paths North Bound interface with application: YANG WAE or Wan Automation Engine: Runs as a XTC application Collect topology: via XTC Collect BW utilization: FNF, Streaming Telemetry, SNMP Deploy tunnel via XTC (preferred: stateful) or NSO (optional: stateless) Compute: Bandwidth Optimization, On demand BW, Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 NSO Main Features Applications Service Manager Device Manager Engineers REST, NETCONF, Java, Python, Erlang, CLI, Web UI Network Element Drivers (NEDs) NETCONF, REST, SNMP, CLI, etc VNFM Controller Apps EMS and NMS Service Model Device Model Logically centralized network services Data models for data structures Structured representations of: Service instances Network configuration and state Mapping service operations to network configuration changes Transactional integrity Multiprotocol and multivendor support Physical Networks Virtual Networks Network Apps 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 Path Computation Engine Workflow Delegated Computation to XTC REST PCEP BGP-LS A NETCONF/YANG 1. NSO provisions the service Service can also be provisioned via CLI 2. Access Router requests a path 3. XTC computes the path 4. XTC provides the path to Access Router 5. Access Router confirms 6. XTC updates WAE with newer LSP This is an optional step, when WAE is used for LSP visibility 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 Path Computation Engine Workflow Delegated Computation to WAE REST PCEP BGP-LS A NETCONF/YANG 1. NSO provisions the service Service can also be provisioned via CLI 2. Access Router requests a path 3. XTC delegates computation to WAE 4. WAE computes the path 5. WAE sends computed path to XTC 6. XTC provides the path to Access Router 7. Access Router confirms 8. XTC updates WAE with newer LSP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Path Computation Engine Workflow WAE Instantiate LSP A PCEP REST BGP-LS 1. WAE computes the path 2. WAE sends computed path to XTC 3. XTC provides the path to Access Router 4. Access Router confirms 5. XTC updates WAE with newer LSP NETCONF/YANG 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 Metro Fabric Transport - Programmability SRTE Policy NETCONF/YANG REST PCEP Anycast-SID BGP-LS Anycast-SID A1 Access PE2 PE3 Core PE4 PE5 Access A6 Transport: End-To-End Inter-Domain LSP by SRTE TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA PE 2/3 PE 4/5 A6 PE 4/5 A6 Service A6 Service Service 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Dynamic VPN instantiation of SRTE policies CE21 advertises prefixes to PE T:30 22 BGP: /32, via Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 Dynamic VPN instantiation of SRTE policies CE21 advertises prefixes to PE PE22 checks its policy and finds that /32 must receive low latency service MAP: /32 in vrf BLUE must receive low latency service tag with community (100:777) T:30 22 BGP: /32, via Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Dynamic VPN instantiation of SRTE policies CE21 advertises prefixes to PE PE22 checks its policy and finds that /32 must receive low latency service PE22 tags /32 with a BGP community (e.g. 100:777) and sends to RR11 MAP: /32 in vrf BLUE must receive low latency service tag with community (100:777) T:30 22 BGP: /32, via Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Dynamic VPN instantiation of SRTE policies CE21 advertises prefixes to PE PE22 checks its policy and finds that /32 must receive low latency service PE22 tags /32 with a BGP community (e.g. 100:777) and sends to RR11 RR11 sends to PE3 MAP: /32 in vrf BLUE must receive low latency service tag with community (100:777) T:30 22 BGP: /32, via Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 Dynamic VPN instantiation of SRTE policies CE21 advertises prefixes to PE PE22 checks its policy and finds that /32 must receive low latency service PE22 tags /32 with a BGP community (e.g. 100:777) and sends to RR11 RR11 sends to PE3 MAP: /32 in vrf BLUE must receive low latency service tag with community (100:777) T:30 22 BGP: /32, via Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 Dynamic VPN instantiation of SRTE policies PE3 requests a path towards PE22 from PCE (10) COMPUTE: minimize TE Metric to PE22 PCreq T: Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

50 Dynamic VPN instantiation of SRTE policies PE3 requests a path towards PE22 from PCE (10) PCE computes a dynamic path with the required Optimization Objective and Constraints Result: SID list {S5, S14, S22} PE3 instantiates SRTE Policy with Binding-SID: PCreq/reply BSID: COMPUTE: minimize TE Metric to PE22 RESULT: SID list {S5, S14, S22} T:30 22 SID list: Segment ID list, list of segments Vrf BLUE 7 9 T:30 23 Vrf BLUE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 BGP Dynamic VPN instantiation of SRTE policies /32; NH: PE22 Received VPN label: L_VPN Community 100: Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 TE BGP Dynamic VPN instantiation of SRTE policies /32; NH: PE22 Received VPN label: L_VPN Community 100:777 SRTE Policy to PE22: SID List {S0, S1, S2}, OIF 3 Binding Label: Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 FIB TE BGP Dynamic VPN instantiation of SRTE policies TE installs SRTE Policy in FIB: Binding-SID (e.g ): push {label L1, label L2} /32; NH: PE22 Received VPN label: L_VPN Community 100:777 SRTE Policy to PE22: SID List {S0, S1, S2}, OIF 3 Binding Label: Local label: OIF: SRTE; Label stack {L1, L2} 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 FIB TE BGP Dynamic VPN instantiation of SRTE policies TE installs SRTE Policy in FIB: Binding-SID (e.g ): push {label L1, label L2} TE provides the Binding-SID of the SRTE Policy to BGP /32; NH: PE22 Received VPN label: L_VPN Community 100:777 Binding Label: SRTE Policy to PE22: SID List {S0, S1, S2}, OIF 3 Binding Label: Local label: OIF: SRTE; Label stack {L1, L2} 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 FIB TE BGP Dynamic VPN instantiation of SRTE policies BGP installs best-path in FIB: /32 via Push VPN label and steer in SRTE Policy /32; NH: PE22 Received VPN label: L_VPN Community 100:777 Binding Label: SRTE Policy to PE22: SID List {S0, S1, S2}, OIF 3 Binding Label: /32; recursion-via-segment label L_VPN, NH via Local label: OIF: SRTE; Label stack {L1, L2} 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Inter-Domain LSP - Data Plane Anycast-SID Anycast-SID Anycast-SID Anycast-SID A1 AG2 PE4 PE6 AG8 Access Aggregation Core Aggregation Access AG3 PE5 PE7 AG9 A10 Transport: End-To-End Inter-Domain LSP by SRTE TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA AG2/3 PE4/5 PE6/7 PE4/5 PE6/7 AG8/9 PE6/7 AG8/9 A10 AG8/9 A10 A10 AG8/9 A10 A10 Label Stack must be optimized! Service label(s) need to be considered! 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Inter-Domain LSP - Label Stack Optimization Asymmetric PE Loopback redistribution PE Loopback asymmetric redistribution PE Loopback asymmetric redistribution PE Loopback asymmetric redistribution PE Loopback asymmetric redistribution Anycast-SID Anycast-SID Anycast-SID Anycast-SID A1 AG2 PE4 PE6 AG8 Access Aggregation Core Aggregation Access AG3 PE5 PE7 AG9 A10 Transport: End-To-End Inter-Domain LSP by SRTE TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA TI-LFA PE6/7 PE6/7 PE6/7 AG8/9 A10 AG8/9 AG8/9 AG8/9 A10 A10 A10 A Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Recommended Session Segment Routing: Technology deep-dive and advanced use cases [BRKRST-3122] Clarence Filsfils, Fellow, Cisco 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 SR MPLS - Performance Monitoring Per-Link Delay Delay Measurement Used as metric for SRTE Policy or Flex-Algo RFC 7810 (IS-IS Traffic Engineering (TE) Metric Extensions) Used to advertise extended TE metrics e.g. link delay (in usec) RFC 7471 (OSPF Traffic Engineering (TE) Metric Extensions) Used to advertise extended TE metrics e.g. link delay (in usec) BGP-LS: draft-ietf-idr-te-pm-bgp 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 SR IGP Flex Algo Complements the SRTE solution by adding new Prefix-Segments with specific optimization objective and constraints minimize igp-metric or delay or te-metric avoid SRLG or affinity Leverages the SRTE benefits of simplicity and automation Automated sub-50msec FRR (TILFA) On-Demand Policy (ODN) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 Transport - Segment Routing IPv6 (SRv6)

62 Segment Routing and the IPv6 Dataplane - SRv6 Segment Routing applies to both IPv6 and MPLS dataplanes Difference is in the bits encoded in the packet not in the architecture Enabling SR-IPv6, means that ONLY the nodes that have to process the packet header must have SR-IPv6 dataplane support All other nodes in the infrastructure are just plain IPv6 nodes IPv6 Hdr Label(C) A B E C F D G H SR Header Segments: C,F,H PAYLOAD Label(F) Label(H) IPv4 or IPv6 hdr PAYLOAD SR-IPv6 SR-MPLS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

63 SRv6 - Segment format SRv6 SIDs are 128-bit addresses 1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 SRv6 - Segment format Locator Function 1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : 8888 SRv6 SIDs are 128-bit addresses Locator: most significant bits are used to route the segment to its parent node Function: least significant bits identify the action to be performed on the parent node 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64

65 SRv6 - Segment format Locator Function 1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : 8888 SRv6 SIDs are 128-bit addresses Locator: most significant bits are used to route the segment to its parent node Function: least significant bits identify the action to be performed on the parent node Argument [optional]: Last bits can be used as a local function argument 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

66 SRv6 - Segment format Locator Function 1111 : 2222 : 3333 : 4444 : 5555 : 6666 : 7777 : 8888 SRv6 SIDs are 128-bit addresses Locator: most significant bits are used to route the segment to its parent node Function: least significant bits identify the action to be performed on the parent node Argument [optional]: Last bits can be used as a local function argument Flexible bit-length allocation Segment format is local knowledge on the parent node 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 Inter-Domain SRv6 without SRH default-route ::/0 or Summary route -> AG default-route ::/0 or Summary route -> PE Summary route -> PE Summary route -> AG Access AG Aggregation PE Core PE Aggregation AG Access 1 4 Transport: End-To-End Inter-Domain by SRv6 (without SRH) SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Locator Function Router D MyLocalSID Table: 2001::4:E100 - END.DT6 2001::4:E100 IPv6 L3VPN (VRF:100) (equivalent of a per-vrf VPN label) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67

68 Inter-Domain SRv6 with SRH Traffic Steering and Service Chaining default-route ::/0 or Summary route -> AG default-route ::/0 or Summary route -> PE Summary route -> PE Summary route -> AG Access AG Aggregation PE Core 5 Aggregation AG Access 1 4 Transport: End-To-End Inter-Domain by SRv6 (with SRH) 3 SA:2001::1:1 DA:2001::3:C35 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::3:C35 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::3:C35 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 SA:2001::1:1 DA:2001::4:E100 NH:IPv6/IPv4 Type:4(SRH) NH:IPv6 SL:1 Segment List: [0]:2001::4:E100 Original Frame/ packet - VRF100 Type:4(SRH) NH:IPv6 SL:1 Segment List: [0]:2001::4:E100 Original Frame/ packet - VRF100 Type:4(SRH) NH:IPv6 SL:1 Segment List: [0]:2001::4:E100 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Locator Function 2001::3:C35 Original Frame/ packet - VRF100 Original Frame/ packet - VRF100 Router F MyLocalSID Table: 2001::3:C35 - END.X Update IPv6 DA from SRH and L3 cross-connect to router 5 with PSP enabled 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Services - EVPN

70 L2VPN Technologies Evolution Native L2 Bridging Technologies.1ad/qinq: High VLAN scale.1ah: High VLAN and MAC scale Q 802.1Q 802.1ad qinq 802.1ad qinq 802.1ah PBB Trill L2VPN Technologies L2VPN: P2P or MP L2 over MPLS EoMPLS, VPLS/PBB- VPLS L2 over IP L2TPv3 DC Overlay Overlay VXLAN NV-GRE STT EVPN (Ethernet VPN) From MAC Bridging to MAC Routing 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

71 Spine Leaf Leaf Spine Leaf EVPN - End-to-End Control-Plane Evolution: Common EVPN Control Plane based on BGP: EVPN, PBB-EVPN, EVPN-VPWS IP, MPLS (IGP/SR), MPLS-PBB IP,MPLS,VXLAN IP,MPLS,VXLAN Service Provider Network Data Center Network overlap VM PE1 DCI A1 Acess WAN/Core VM PE2 DCI VM Existing Solution: L2/L3VPN (BGP,T-LDP) - VPLS, EoMPLS VPLS, OTV Trill, Fabric-Path IP, IGP, MPLS (LDP), RSVP-TE, BGP-LU IP, MPLS, L2 L2, STP, VLAN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71

72 EVPN Next generation network services Single service for any application E2E control and automation across domains ELINE ELAN ETREE L3 VPN VPWS VPLS P2MP VPLS DC Fabric RFC 2547 VXLAN DCI VPLS / L3 VPN EVPN SR SR-TE MPLS VXLAN Access Agg Core Agg DC Optimized CapEx: - Open Standards & Multi-vendor - Active-Active multi-homing - Enhanced load balancing Reduced OpEx: - Integrated L2 & L3 service, any application: faster time to market, certification - E2E control and automation Increased Customer Value - Inter-domain SLA, faster convergence - Better stability: no flood - Granular policy control 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72

73 What is EVPN? EVPN family introduces next generation solutions for Ethernet services BGP control-plane for Ethernet Segment and MAC distribution and learning over MPLS core Same principles and operational experience of IP VPNs No use of Pseudowires Uses MP2P tunnels for unicast Multi-destination frame delivery via ingress replication (via MP2P tunnels) or LSM Multi-vendor solutions Cisco leader in industry standardization efforts EVPN P2P EVPN-VPWS RFC 8214 EVPN Multipoint RFC 7432 RFC 7432 RFC 7623 PBB-EVPN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73

74 Ethernet VPN - Overview Next generation solution for Ethernet multipoint (E-LAN) services Data-plane address learning from Access Control-plane address advertisement / learning over Core PEs run Multi-Protocol BGP to advertise & learn Customer MAC addresses (C- MACs) over Core Same operational principles of L3VPN VID 100 SMAC: M1 DMAC: F.F.F CE1 PE1 PE3 CE3 Learning on PE Access Circuits via dataplane transparent learning C- MAC:M1 PE2 PE4 C- MAC:M3 No pseudowire full-mesh required Unicast: use MP2P tunnels Multicast: use ingress replication over MP2P tunnels or use LSM Standardized at IETF RFC 7432 BGP MAC adv. Route EVPN NLRI MAC M1 via PE Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 EVPN - Next-Generation Solutions for L2/L3VPN Solving VPLS challenges for per-flow Redundancy Existing VPLS solutions do not offer an All-Active per-flow redundancy Looping of Traffic Flooded from PE M1 CE1 Echo! PE1 PE2 PE3 PE4 CE2 M2 Duplicate Frames from Floods from the Core M1 CE1 PE1 PE3 CE2 Duplicate! M2 MAC Flip-Flopping over Pseudowire E.g. Port-Channel Load-Balancing does not produce a consistent hashvalue for a frame with the same source MAC (e.g. non MAC based Hash-Schemes) M1 CE1 PE2 PE1 PE2 MAC Flip-Flop PE4 PE3 PE4 CE2 M Cisco and/or its affiliates. All rights reserved. Cisco Public 75

76 EVPN - Components L2 and L3 in the same instance! EVPN Instance (EVI) Ethernet Segment BGP Routes BGP Route Attributes PE EVI spans all PEs participating in an EVPN MAC-VRF: A VRF table for MACs on a PE Encompass one or more bridge-domains, depending on service interface type Port-based VLAN-based (shown above) VLAN-bundling BD BD MAC VRF MAC VRF VLAN aware bundling (NEW) SHD ESI1 MHD ESI2 CE1 CE2 Represents a site connected to one or more PEs Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI) Could be a single device or an entire network Single-Homed Device (SHD) Multi-Homed Device (MHD) PE1 PE2 Single-Homed Network (SHN) Multi-Homed Network (MHN) EVPN and PBB-EVPN define a single new BGP NLRI used to carry all EVPN routes NLRI has a new SAFI (70) Routes serve control plane purposes, including: MAC / IP address reachability MAC mass withdrawal Split-Horizon label adv. Aliasing Route Types [1] Ethernet Auto-Discovery (AD) Route [2] MAC Advertisement Route [3] Inclusive Multicast Route [4] Ethernet Segment Route (5) IP Prefix Advertisement Route Multicast endpoint discovery Redundancy group discovery Designated forwarder election Extended Communities ESI MPLS Label ES-Import MAC Mobility Default Gateway Router s MAC New BGP extended communities defined Expand information carried in BGP routes, including: MAC address moves C-MAC flush notification Redundancy mode MAC / IP bindings of a GW Split-horizon label encoding 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76

77 EVPN - Life of a Packet Ingress Replication Multi-destination Traffic Forwarding During start-up sequence, PE2 sent Per-ESI Ethernet AD route with ESI MPLS label (split-horizon) During start-up sequence, DF election between PE1- PE2 and PE3-PE4 PE1 PE3 During start-up sequence, PE1, PE2, PE3, PE4 sent Inclusive Multicast route which include Mcast label PE1 receives broadcast traffic from CE1. PE1 forwards it using ingress replication 3 copies created VID 100 SMAC: M1 DMAC: F.F.F PSN MPLS label to reach PE3 PE1 L3 Mcast MPLS Label assigned by PE3 for incoming BUM traffic on a given EVI PE3 PE3 as DF, it forwards BUM traffic towards segment CE1 CE3 CE1 L2 L5 CE3 PE 2 Eth A-D Route (Per-ESI) PE2 PE4 PE 4 Inclusive Multicast Route C- MAC:M1 PE2 L4 PE4 C- MAC:M3 RD = RD20 RD = RD-4a ESI = ESI1 PMSI Tunnel Attribute ESI MPLS Label ext. comm. Redund. Flag = All-Active Label = L5 RT ext. community RT-a, RT-b, RT-c, RT-d ESI MPLS Label used by local PEs for split-horizon - downstream assigned (for ingress replication) Tunnel Type = Ing. Repl. Label = L4 RT ext. community Mcast MPLS Label used to transmit BUM traffic - RT-a downstream assigned (for ingress replication) PE2 drops BUM traffic originated on ES1 ESI (split-horizon) MPLS label allocated by PE2 for segment ES1 PE4 non-df for given EVI drops BUM traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77

78 EVPN Life of a Packet Unicast Traffic Forwarding MP2P VPN Label downstream allocated label used by other PEs to send traffic to advertised MAC PE1 MAC Route RD = RD-1a ESI = ESI1 MAC = M1 Label = L1 MAC advertised by route PSN MPLS label to reach PE1 MP2P VPN Label assigned by PE1 for incoming traffic on a given EVI PE3 forwards traffic destined to M1 based on RIB information (PE1) RT ext. community VID 100 SMAC: M1 DMAC: F.F.F PE1 RT-a PE3 PE1 L1 PE3 VID 100 SMAC: M2 DMAC: M1 CE1 CE3 CE1 CE3 PE2 PE4 C- MAC:M1 PE2 PE4 C- MAC:M3 PE3 RIB VPN MAC ESI RT-a M1 ES1 Path List NH PE Cisco and/or its affiliates. All rights reserved. Cisco Public 78

79 Life of a Packet Unicast Forwarding and Aliasing MP2P VPN Label downstream allocated label used by other PEs to send traffic to advertised MAC During start-up sequence, PE1 sent Per-EVI Ethernet AD route VID 100 SMAC: M1 DMAC: F.F.F PE1 PE1 MAC Route RD = RD-1a ESI = ESI1 MAC = M1 Label = L1 RT ext. community RT-a PE3 MAC advertised by route PSN MPLS label to reach PE1 PE1 MP2P VPN Label assigned by PE1 for incoming traffic on a given EVI L1 PE3 PE3 forwards traffic on a flow (flow 1) based on RIB information (towards PE1) PE3 forwards traffic on a flow (flow 1) based on RIB information (towards PE2) VID 100 SMAC: M3 DMAC: M1 VID 100 SMAC: M4 DMAC: M1 CE1 During start-up sequence, PE2 sent Per-EVI Ethernet AD route PE2 PE4 CE3 CE1 PE2 L2 PE4 CE3 PE 2 Eth A-D Route (Per-EVI) RD = RD-2a ESI = ESI1 Label = L2 RT ext. community RT-a Aliasing MPLS Label used by remote PEs to load-balance among local PEs PE3, PE4 RIB VPN MAC ESI RT-a M1 ES1 Path List NH PE1 PE2 PSN MPLS label to reach PE2 Aliasing MPLS Label assigned by PE2 for (ES1, EVI) pair 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 79

80 EVPN VPWS Benefits of EVPN applied to point-to-point services No signaling of PWs. Instead signals MP2P LSPs instead (ala L3VPN) All-active CE multi-homing (per-flow LB) Single-active CE multi-homing (per-service LB) Relies on a sub-set of EVPN routes to advertise Ethernet Segment and AC reachability PE discovery & signaling via a single protocol BGP Per-EVI Ethernet Auto-Discovery route Handles double-sided provisioning with remote PE autodiscovery CE1 VPWS Service Config: EVI = 100 Local AC ID = AC1 Remote AC ID = AC2 ES1 ES1 Control-plane attachment circuit advertisement over the Core MPLS PE2 VPWS Service Config: EVI = 100 Local AC ID = AC2 Remote AC ID = AC1 CE2 ES2 I have a P2P service that needs to communicate with the PE(s) that own of AC = AC2 BGP Eth. Auto- Discovery Route EVPN NLRI AC AC1 via PE Cisco and/or its affiliates. All rights reserved. Cisco Public 80

81 EVPN Ethernet access Single/Dual Homed Solution, Legacy L2 access LACP PE1 A1 PE1 A2 PE1 A1 MPLS Core MPLS Core A1 STP/REP/ G MPLS Core Ethernet PE2 EVPN-MPLS A1 Ethernet PE2 EVPN-MPLS A2 PE2 EVPN-MPLS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81

82 EVPN Seamless integration VPLS, VPWS, Ethernet LACP CE VPWS B1 VM VM VM Leaf Leaf Leaf Spine Spine DCI DCI MPLS Core DCI DCI EVPN - VXLAN EVPN - MPLS A1 A2 VPLS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82

83 Symmetric Anycast IRB Routing and Bridging in the same instance All-Active Multi-homed Access WITHOUT: mlag (mlacp) VSS/vPCE DCI DCI DC Fabric - MPLS/VXLAN L3 : RT2 [MAC/IP] - host-route RT5: [prefix] L2: RT2 [MAC/IP] L2: RT2 [MAC/IP] Leaf Leaf Leaf Anycast IRB Anycast IRB VM VM VM 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83

84 SDN Metro Fabric - Transport and Services Integration

85 Metro Fabric - Services End-To-End A A AG Access Aggregation Core Aggregation Access AG Distributed CO - service termination Centralized CO - service termination Access-To-Access - service termination MP-BGP L3VPN EVPN EVPN-VPWS Legacy EoMPLS PW - Static PE PE AG PE PE AG CO CO CO A A 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85

86 Metro Fabric - Services Hierarchical A A Access Aggregation Core Aggregation Access EVPN-VPWS Anycast-PW AG AG PE PE AG PE PE AG DCI DCI DCI DCI DCI DCI CO CO CO PWHE IRB EVPN PWHE IRB EVPN-VPWS Anycast-PW A A EVPN-VPWS Anycast-PW PWHE IRB BGP L3VPN (VPNv4/VPNv6) PWHE IRB EVPN-VPWS Anycast-PW 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86

87 H-EVPN A1 PE1 PE3 A3 CE A2 Multi/Single-Homed All/Single-Active EVPN-VPWS PE2 Multi/Single-Homed All/Single-Active EVPN PE4 Multi/Single-Homed All/Single-Active EVPN-VPWS A4 CE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87

88 H-EVPN + PWHE PWHE PWHE A1 PE1 PE3 A3 CE A2 Multi/Single-Homed All/Single-Active EVPN-VPWS PE2 Multi/Single-Homed Single-Active EVPN PE4 Multi/Single-Homed All/Single-Active EVPN-VPWS A4 CE PWHE PWHE 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88

89 Anycast-PW access to EVPN Anycast-SID PE1 Anycast-SID PE3 CE A1 Anycast-PW EVPN All-Active Anycast-PW A3 CE PE2 PE Cisco and/or its affiliates. All rights reserved. Cisco Public 89

90 Metro Fabric Phase 1 Transport and Services Integration - Control-Plane PCEP BGP-LS Transport: End-To-End Segment Routinng: TI-LFA FRR, SRTE Inter-Domain LSP RR Access Core Access S-RR S-RR S-RR BGP-based services Services: End-To-End/Hierarchical: BGP-based (L3VPN, EVPN(L2/L3)), Legacy EoMPLS PW for P2P, AnycastPW to EVPN for Multipoint 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90

91 Metro Fabric - Transport and Services Integration Transport: End-To-End Segment Routinng: TI-LFA FRR, Anycast-SID for ABR HA/FRR, SRTE Inter-Domain LSP REST PCEP BGP-LS RR RR RR Access Aggregation Core Aggregation Access CO CO CO S-RR S-RR S-RR BGP-based services Services: End-To-End/Hierarchical: BGP-based (L3VPN, EVPN(L2/L3)), Legacy EoMPLS PW for P2P, AnycastPW to EVPN for Multipoint 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 91

92 Conclusion Transport/Services Simplification Easy to Manage/Provision and Automate Segment Routing Transport Programmability XTC - PCE integrated in IOS-XR EVPN - Common Control Plane BGP-Based Services Network Design Simplification NETCONF YANG L2/L3VPN Services Inter-Domain CP FRR or TE Intra-Domain CP LDP BGP LDP BGP BGP-LU BGP-LU RSVP LDP IGP with SR IGP BGP IGP with SR 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92

93 Stay Up-To-Date Cisco and/or its affiliates. All rights reserved. Cisco Public 93

94 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

95 Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public

96 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 96

97 Thank you

98