Zebra SRv6 CLI on Linux Dataplane (ENOG#49)

Transcript

1. Zebra 2.0 SRv6 CLI on Linux dataplane Zebra 2.0 SRv6

   CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 1 ENOG#49＠嵐渓荘 Twitter: @ebiken

2. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

   <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 2 https://www.linkedin.com/in/ebiken/ https://twitter.com/ebiken

3. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

   <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 3 Motivation: Why SRv6 on Zebra 2.0? make a platform easy to try new protocols available for everyone Open Source on Linux (Free) Runs on anywhere (Physical, Virtual, Cloud) Scrap & Build new ideas for fast iteration Running Code help new ideas to spark

4. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

   <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 4 Mobile “not made by” Nokia, Erricson • Open Source Implementations • NextEPC: http://nextepc.org • Open Source (AGPL-3.0) implementation of the 3GPP Evolved Packet Core (LTE) • HSS/MME/PCRF/PGW/SGW written in C- language. • https://github.com/acetcom/nextepc • OSMOCOM: https://osmocom.org/ • Open Source mobile communication for 2G/3G (GSM, DECT, TETRA etc.) • Source code: https://github.com/osmocom • Service Providers (MVNO) • Soracom: https://soracom.jp/ • PGW written from scratch. • Operating on Amazon Web Service. • Sakura Internet • PGW, HSS written from scratch in Golang. • Sakura Secure Mobile Connect (Japanese) • https://www.slideshare.net/higebu/201801 24-86629247 Mobile Technology is getting more open & easy to access

5. Segment Routing IPv6 (SRv6) basics protocol header format, example packets

   SRv6 functions Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 5

6. Segment Routing IPv6 (SRv6) basics Zebra 2.0 SRv6 CLI on

   Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 6 #1 #4 #2 #3 #5 SRv6 is loose source routing method which source node will specify ordered list of SIDs (Segment IDs) representing the path the packet should take. SR Endpoint node node whose “MyLocalSID Table” contains an entry for the DA of the packet Source SR node node originating an IPv6 packet with its IPv6 and Segment Routing Headers Transit node node not supporting SRv6 or node whose “MyLocalSID Table” does NOT contain DA of the packet

7. Segment Routing IPv6 (SRv6) basics Zebra 2.0 SRv6 CLI on

   Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 7 SRv6 is loose source routing method which source node will specify ordered list of SIDs (Segment IDs) representing the path the packet should take. 1. Source node could be a host originating packet with SRH 2. Or, could be a gateway who encap packet in IPv6 header with SRH 3. Transit node doesn’t need to understand (support) SRH 4. Endpoint could have multiple SIDs #1 #4 #2 #3 #5 SR Endpoint node node whose “MyLocalSID Table” contains an entry for the DA of the packet Source SR node node originating an IPv6 packet with its IPv6 and Segment Routing Headers Transit node node not supporting SRv6 or node whose “MyLocalSID Table” does NOT contain DA of the packet

8. Segment Routing IPv6 (SRv6) basics • SRH is a new

   type of the Routing Header (has properties as mentioned in RFC2460) • SHOULD only appear once in the packet. • Only the router whose address is in the DA field of the packet header MUST inspect the SRH. • SRH is added to the packet by its source • (to avoid end host receiving modified packets by intermediate nodes) • At the node originating the packet (host, server). • At the ingress node of an SR domain where the ingress node receives an IPv6 packet and encapsulates it into an outer IPv6 header followed by a Segment Routing header. • An SRv6-capable node N maintains a "MyLocalSID Table“. • This table contains all the local SRv6 segments explicitly instantiated at node N. • N is the parent node for these SID’s. • Shorter prefix of SID could be learned by network to get routed to the node SID resides within. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 8 Reference: draft-ietf-6man-segment-routing-header

9. Segment Routing IPv6 (SRv6) basics • Features • No or

   less state in network. • SID locations would be advertised via IGP • No need to replace all network nodes (router/switch) • non-SR nodes will simply forward packet based on IPv6 routing • Discussed in IETF WGs (6MAN, SPRING, DMM) • draft-ietf-6man-segment-routing-header • draft-filsfils-spring-srv6-network-programming • draft-ietf-dmm-srv6-mobile-uplane Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 9

10. SRv6 basics Zebra 2.0 SRv6 CLI on Linux dataplane |

    Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 10 Segment Routing Header (SRH) IPv6 Header IPv6 Extension Header Payload • Routing Type • 4 (Segment Routing) • Segments Left • Index to the next segment in the Segment List • Decremented on Endpoint node • Last Entry • Index to the first segment in the Segment List • Segment List • Encoded starting from the last segment of the path (Segment List [0] contains the last segment) Reference: draft-ietf-6man-segment-routing-header

11. SRv6 basics • “SRv6 Network Programming” Internet-Draft document • draft-filsfils-spring-srv6-network-programming

    • Segment List: <S1, S2, S3> • S1, S2, S3: 1st, 2nd, 3rd segment to visit • IP Packet: (SA,DA) (S3, S2, S1; SL) • SA, DA: Source, Destination Address • SRH with SID list <S1, S2, S3> • SL: Segments Left !! Order of segments would be reversed in <...> and (...) !! Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 11 SID List description in “SRv6 Network Programming” S1 S2 S3 SL

12. SRv6 basics • SID is 128bit and similar to IPv6

    address. But semantics is different. • LOC, FUNC, ARGS has flexible length. (ARGS could be 0 length) • SID would be used to route packet to the node SID resides. • With longest prefix match, and FUNC, ARGS could also be part of the prefix. • Local SID may, but does not have to, be an IPv6 address associated to a local interface of the node. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 12 SRv6 SID (Segment ID) format 128bits LOC (locator) FUNC (function) ARGS (arguments) Reference: draft-filsfils-spring-srv6-network-programming

13. SRv6 basics • U: Unused and for future use. •

    P-flag: • Protected flag. Set when the packet has been rerouted through FRR mechanism by an SR endpoint node. • O-flag: • OAM flag. When set, it indicates that this packet is an operations and management (OAM) packet. • A-flag: • Alert flag. If present, it means important Type Length Value (TLV) objects are present. • H-flag: • HMAC flag. If set, the HMAC TLV is present and is encoded as the last TLV of the SRH. • In other words, the last 36 octets of the SRH represent the HMAC information. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 13 SRH Flags Reference: draft-ietf-6man-segment-routing-header

14. SRv6 basics Zebra 2.0 SRv6 CLI on Linux dataplane |

    Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 14 SRH TLVs Ingress Node, Egress Node, Opaque TLV NSH Carrier TLV Padding TLV HMAC TLV • Padding TLV is optional and MAY only appear once in the SRH. • The Padding TLV is used in order to align the SRH total length on the 8 octet boundary. • When present, the Padding TLV MUST appear as the last TLV before the HMAC TLV (if HMAC TLV is present). • When present, the HMAC TLV MUST be encoded as the last TLV of the SRH. • If the HMAC TLV is present, the SRH H-Flag (Figure 4) MUST be set. • The NSH Carrier TLV is a container used in order to carry TLVs that have been defined in draft-ietf-sfc-nsh Reference: draft-ietf-6man-segment-routing-header

15. SRv6 basics Zebra 2.0 SRv6 CLI on Linux dataplane |

    Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 15 HMAC TLV Reference: draft-ietf-6man-segment-routing-header Fields included in hash calculation (1) source IPv6 address (2) Last Entry field (3) an octet of bit flags (4) Segment List (5) HMAC Key-id • Used only when SRH is added by a device (such as a home set-up box) which is outside of the segment routing (SR) domain. • Would be validated only on edge of the SR domain. (a.k.a. “validating SR router”) • HMAC value is unique per flow • could be cached based on <IPv6 header + • SRH, HMAC field value> • Lookup table based on “HMAC Key ID” to find correct combination of “pre-shared secret & hash algorithm” • “HMAC Key ID = 0” means HMAC field does not exist. • pre-shared secret distribution can be done: • in the configuration of the validating routers, either by static configuration or any SDN oriented approach; • dynamically using a trusted key distribution such as RFC6407 (2) (3) (4) (5) TLV used to validate packets coming into SR domain.

16. SRv6 basics • Segment is a set of instructions (functions).

    • Two basic functions (End, End.X) are defined in draft-ietf-6man-segment- routing-header • draft-filsfils-spring-srv6-network-programming defines many functions associated with SRv6 SID’s. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 16 SRv6 Segments and Functions

17. • Transit function (node) • The packets DA is NOT

    an IP address of the node • The packets DA is NOT listed in “My Local SID Table” of the node • End function (node) • The packets DA is IP address of the node, or • The packets DA is listed in “My Local SID Table” Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 17 End vs Transit function (node)

18. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 18 Transit functions Function Description T Forwards the packet without inspecting the SRH T.Insert Transit behavior with insertion of an SRv6 Policy T.Encaps Transit behavior with encapsulation in an SRv6 policy T.Encaps.L2 T.Encaps behavior of the received L2 frame #1 #4 #2 #3 #5

19. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 19 Transit functions (T.Insert) a #1 b #4 #2 #3 #5 d c IPv6 Payload IPv6 Payload SRH (SA:a, DA: #1)(d, #5, #3, #2, #1; SL=4) Next Segment Destination Host (SA:a, DA: d)

20. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 20 Transit functions (T.Encaps) IPv6 Payload IPv6 Payload SRH IPv6 (SA:b, DA: #4)(#3, #2, #4; SL=2)(SA:b, DA: c) a #1 b #4 #2 #3 #5 d c Next Segment (SA:b, DA: c)

21. Example Wireshark Output Zebra 2.0 SRv6 CLI on Linux dataplane

    | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 21 Inline mode Encap mode final destination is in SID[0] final destination is in encapsulated IP header

22. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 22 End functions (End) End: Update the DA with the next segment and forward the packet accordingly. IPv6 IPv6 Payload SRH (SA:a, DA: #1)(d, #5, #3, #2, #1; SL=4) Payload SRH (SA:a, DA: #2)(d, #5, #3, #2, #1; SL=3) a #1 b #4 #2 #3 #5 d c Next Segment

23. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 23 List of SRv6 functions 1 End Endpoint 1 Xconnect End.X Endpoint with Layer-3 cross-connect 1 Table Lookup End.T Endpoint with specific IPv6 table lookup 1 Search End.S Endpoint in search of a target in table T 1 Decaps + Xconnect End.DX6 Endpoint with decapsulation and IPv6 crossconnect 1 End.DX4 Endpoint with decapsulation and IPv4 crossconnect 1 End.DX2 Endpoint with decapsulation and Layer-2 crossconnect 1 End.DX2V Endpoint with decapsulation and VLAN L2 table lookup 1 Decaps + Table Lookup End.DT6 Endpoint with decapsulation and specific IPv6 table lookup 1 End.DT4 Endpoint with decapsulation and specific IPv4 table lookup 1 End.DT46 Endpoint with decapsulation and specific IP table lookup 1 End.DT2U Endpoint with decapsulation and unicast MAC L2 table lookup 1 End.DT2M Endpoint with decapsulation and L2 table flooding 1 Binding End.B6 Endpoint bound to an SRv6 policy 1 End.B6.Encaps Endpoint bound to an SRv6 encapsulation policy 1 End.BM Endpoint bound to an SR-MPLS policy 1 T Transit behavior 1 Insert T.Insert Transit with insertion of an SRv6 Policy 1 Encaps T.Encaps Transit with encapsulation in an SRv6 Policy 1 T.Encaps.L2 Transit with encapsulation of L2 frames 3) draft-ietf-dmm-srv6-mobile-uplane-00 3 Mobile End.TM End point function with encapsulation for mapped tunnel 3 T.Tmap Transit behavior with tunnel decapsulation and mapping an SRv6 Policy 2 Application End.AM SRv6 masquerading proxy pseudocode 2 End.AD SRv6 dynamic proxy segments 2 End.AS2 Static proxy for inner type Ethernet 2 End.AS4 Static proxy for inner type IPv4 2 End.AS6 Static proxy for inner type IPv6 1) draft-filsfils-spring-srv6-network-programming-03 2) draft-clad-spring-segment-routing-service-chaining-00 => draft-xuclad-spring-sr-service-chaining-00 (End.A* was removed in updated draft)

24. Linux SRv6 Implementations Zebra 2.0 SRv6 CLI on Linux dataplane

    | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 24

25. SRv6 Linux Implementations • Kernel network stack (4.10 and later)

    • http://www.segment-routing.org/ • Contributed by “IP Networking Lab” of Université Catholique de Louvain, Louvain- la-Neuve, Belgium. • srext: Linux kernel module • https://netgroup.github.io/SRv6-net-prog/ • Developed by the Networking Group from University of Rome Tor Vergata, Italy • Could support “Chaining of SRv6-unaware VNFs” use case (End.AD, End.AM) Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 25 SRv6 Linux Kernel Implementations Zebra 2.0 SRv6 CLI Zebra 2.0 SRv6 CLI on Linux Dataplane is using “Kernel network stack”

26. SRv6 Linux Implementations • Not Linux Kernel (module) implementation, but

    works on Linux. • https://wiki.fd.io/view/VPP/Segment_Routing_for_IPv6 Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 26 SRv6 on VPP (by FD.io project) Supported functions as of 2017/02/17 Reference: http://www.segment-routing.net/open-software/vpp/

27. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 27 SRv6 Functions on Linux dataplane (status as of 2018/02/21) Function Linux Zebra Description End 4.10, srext (READY) Endpoint function End.X 4.10, srext (READY) Endpoint function with Layer-3 cross-connect End.T 4.14 (READY) Endpoint function with specific IPv6 table lookup End.DX2 4.14, srext (READY) Endpoint with decapsulation and Layer-2 cross-connect End.DX2V - - Endpoint with decapsulation and VLAN L2 table lookup End.DT2U - - Endpoint with decapsulation and unicast MAC L2 table lookup End.DT2M - - Endpoint with decapsulation and L2 table flooding End.DX6 4.14, srext (READY) Endpoint with decapsulation and IPv6 cross-connect End.DX4 4.14, srext (READY) Endpoint with decapsulation and IPv4 cross-connect End.DT6 4.14 (READY) Endpoint with decapsulation and IPv6 table lookup End.DT4 - - Endpoint with decapsulation and IPv4 table lookup End.DT46 - - End.B6 4.14, srext (READY) Endpoint bound to an SRv6 policy End.B6.Encaps 4.14, srext (READY) Endpoint bound to an SRv6 encapsulation Policy End.BM - - Endpoint bound to an SR-MPLS Policy End.S - - Endpoint in search of a target in table T Function Linux Zebra Description T.Insert 4.10, srext READY Transit behavior with insertion of an SRv6 Policy T.Encaps 4.10, srext READY Transit behavior with encapsulation in an SRv6 policy T.Encaps.L2 4.14 - T.Encaps behavior of the received L2 frame Function Linux Zebra Description T.Tmap - - stateless interworking node (Uplink) End.TM - - stateless interworking node (Downlink) SRv6-mobile-uplane https://datatracker.ietf.org/doc/draft-ietf-dmm-srv6-mobile-uplane/ SRv6 Network Programming https://datatracker.ietf.org/doc/draft-filsfils-spring-srv6-network-programming/ Segment Routing for Service Chaining https://github.com/netgroup/SRv6-net-prog https://datatracker.ietf.org/doc/draft-xuclad-spring-sr-service-chaining/ Function Linux Zebra Description End.AM srext - Endpoint to SR-unaware APP via masquerading End.AD4 (AD6) srext - Endpoint to IPv4 (v6) SR-unaware APP via dynamic proxy End.EAD4 (EAD6) srext - Extended End.AD4 (AD6) behavior that allow Sr-uanware VNFS to be the last SF in SFC READY : publicly available NOW (READY) : publicly available SOON

28. • One of “Light Weight Tunnel” (LWTunnel) • lwtunnel_encap_types {

    MPLS, IP, ILA, IP6, SEG6, BPF, SEG6_LOCAL } • Tunnel attributes attached to routes (not to tunnel interface) Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 28 Linux Kernel SRv6 Implementation $ ip -6 route c0be:fe::/64 encap seg6 mode inline segs 4 [ c0be::1 c0be::2 c0be::3 :: ] via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium fc00::1 encap seg6local action End via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium fc00::2 encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium fc00::3 encap seg6local action End.T table 100 via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium fc00::4 encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium

29. Configuring SRv6 on Linux • sysctl and iproute2 (ip) commands

    are available to configure SRv6 on Linux • sysctl configuration (per-interface) • net.ipv6.conf.*.seg6_enabled (integer) • Matching packets for this sysctl are those whose active segment (i.e., IPv6 DA) is local to the Linux node. • 0: Drop ingress SR-enabled packets from this interface. • 1: Accept ingress SR-enabled packets and apply basic SRH processing. • net.ipv6.conf.*.seg6_require_hmac (integer) • -1: Ignore HMAC field. • 0: Accept SR packets without HMAC, validate SR packets with HMAC. • 1: Drop SR packets without HMAC, validate SR packets with HMAC. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 29 sysctl (prerequisites) Reference: http://www.segment-routing.org/index.php/Implementation/Configuration

30. Configuring SRv6 on Linux • Source address for SRv6 encapsulations

    • ip sr tunsrc set <addr> • When a packet is encapsulated within an outer IPv6 header, a source address must be selected for this outer header. • By default, an interface address is selected. • If addr is set to ::, then the default behavior is assumed. • HMAC configuration • ip sr hmac set <keyid> <algorithm> • Configure mapping of HMAC key ID, algorithm and passphrase. • You will be prompted to enter the passphrase when entering this command. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 30 Global configuration (src addr, HMAC) Reference: http://www.segment-routing.org/index.php/Implementation/Configuration

31. Configuring SRv6 on Linux Zebra 2.0 SRv6 CLI on Linux

    dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 31 Transit node on Linux Reference: http://www.segment-routing.org/index.php/Implementation/Configuration ip -6 route add fc00:b::10/128 encap seg6 mode inline segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a ip -6 route add fc00:b::10/128 encap seg6 mode encap segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a ip -6 route add <prefix> encap seg6 mode <encapmode> segs <segments> [hmac <keyid>] (dev <device> | via <nexthop>) examples

32. Configuring SRv6 on Linux Zebra 2.0 SRv6 CLI on Linux

    dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 32 End segments (functions) on Linux Reference: http://www.segment-routing.org/index.php/Implementation/AdvancedConf ip -6 route add <segment> encap seg6local action <action> <params> (dev <device> | via <nexthop>) [table localsid] ip -6 route add fc00::1/128 encap seg6local action End via 2001:db8::1 action End.X nh6 fc00::1:1 via 2001:db8::1 action End.T table 100 via 2001:db8::1 action End.DX2 oif lxcbr0 via 2001:db8::1 action End.DX6 nh6 fc00::1:1 via 2001:db8::1 action End.DX4 nh4 10.0.3.254 via 2001:db8::1 action End.DT6 table 100 via 2001:db8::1 action End.B6 srh segs beaf::1,beaf::2 via 2001:db8::1 action End.B6.Encaps srh segs beaf::1,beaf::2 via 2001:db8::1 examples

33. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 33 “netlink” is used to configure / show SRv6 rules RTNetlink // rtattr_type_t RTA_DST RTA_OIF RTA_ENCAP_TYPE (0x15) RTA_ENCAP (0x16) RTA_ENCAP_TYPE (0x15) lwtunnel_encap_types { LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_IP LWTUNNEL_ENCAP_ILA LWTUNNEL_ENCAP_IP6 LWTUNNEL_ENCAP_SEG6 (5) LWTUNNE_ENCAP_BPF LWTUNNEL_ENCAP_SEG6_LOCAL (7) } RTA_ENCAP (0x16) SEG6_IPTUNNEL_SRH encap mode { SEG6_IPTUN_MODE_INLINE SEG6_IPTUN_MODE_ENCAP SEG6_IPTUN_MODE_L2ENCAP } SRH { ... } RTA_ENCAP (0x16) // seg6local types SEG6_LOCAL_ACTION SEG6_LOCAL_SRH, SEG6_LOCAL_TABLE, SEG6_LOCAL_NH4, SEG6_LOCAL_NH6, SEG6_LOCAL_IIF, SEG6_LOCAL_OIF, SEG6_LOCAL_ACTION (0x01) seg6local action types { SEG6_LOCAL_ACTION_END = 1 SEG6_LOCAL_ACTION_END_X = 2 SEG6_LOCAL_ACTION_END_T = 3 SEG6_LOCAL_ACTION_END_DX2 = 4 SEG6_LOCAL_ACTION_END_DX6 = 5 SEG6_LOCAL_ACTION_END_DX4 = 6 SEG6_LOCAL_ACTION_END_DT6 = 7 SEG6_LOCAL_ACTION_END_DT4 = 8 SEG6_LOCAL_ACTION_END_B6 = 9 SEG6_LOCAL_ACTION_END_B6_ENCAP = 10 SEG6_LOCAL_ACTION_END_BM = 11 SEG6_LOCAL_ACTION_END_S = 12 SEG6_LOCAL_ACTION_END_AS = 13 SEG6_LOCAL_ACTION_END_AM = 14 } TYPE = SEG6_LOCAL • Example when setting route • SEG6 = Transit node • SEG6LOCAL = End node (Local Segment) • Select one value for items in { } • Select multiple without { } TYPE = SEG6

34. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 34 netlink message example (SEG6_LOCAL) ENCAP_SEG6_LOCAL (7) 0000 08 00 01 00 02 00 00 00 14 00 05 00 fc 00 00 00 0010 00 00 00 00 00 00 00 00 00 01 00 01 08 00 01 00 | len: 8bytes, type: SEG6_LOCAL_ACTION (0x01) 02 00 00 00 | data: SEG6_LOCAL_ACTION_END_X (0x02) 14 00 05 00 | len: 20bytes, type: SEG6_LOCAL_NH6 (0x05) fc 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 | data: IPv6 addr

35. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 35 Linux Source Code (where to look) Linux Kernel Source Code • include/uapi/linux/ • rtnetlink.h • lwtunnel.h • seg6_genl.h • seg6.h • seg6_hmac.h • seg6_iptunnel.h • seg6_local.h • net/core/ • lwtunnel.c • net/ipv6/ • seg6.c • seg6_hmac.c • seg6_iptunnel.c • seg6_local.c iproute2 • ip/ • ipseg6.c • iproute_lwtunnel.h • iproute_lwtunnel.c git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git

36. Zebra 2.0 SRv6 CLI implementation Zebra 2.0 SRv6 CLI on

    Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 36

37. Zebra 2.0 SRv6 CLI Implementation Zebra 2.0 SRv6 CLI on

    Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 37 Goal: show Transit (inline/encap) $ show ipv6 route Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP ... snip ... S fc00:b::10/128 [1/0] encap seg6 mode encap segs 3 [ fc00:3::11 fc00:3::12 fc00:3::13 ] via fc00:a::a S fc00:b::11/128 [1/0] encap seg6 mode inline segs 4 [ fc00:3::11 fc00:3::12 fc00:3::13 :: ] via fc00:a::a $ ip -6 route fc00:b::10 encap seg6 mode encap segs 3 [ fc00:3::11 fc00:3::12 fc00:3::13 ] via fc00:a::a dev veth1 proto zebra metric 1024 pref medium fc00:b::11 encap seg6 mode inline segs 4 [ fc00:3::11 fc00:3::12 fc00:3::13 :: ] via fc00:a::a dev veth1 proto zebra metric 1024 pref medium Zebra CLI iproute2

38. Zebra 2.0 SRv6 CLI Implementation Zebra 2.0 SRv6 CLI on

    Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 38 Goal: show End Segments (Functions) $ show ipv6 route ... snip ... S fc00::a2/128 [1/0] encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1 S fc00::a3/128 [1/0] encap seg6local action End.T table 100 via 2001:db8::1 S fc00::a4/128 [1/0] encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1 $ ip -6 route fc00::a2 encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1 dev lxcbr0 proto zebra metric 1024 linkdown pref medium fc00::a3 encap seg6local action End.T table 100 via 2001:db8::1 dev lxcbr0 proto zebra metric 1024 linkdown pref medium fc00::a4 encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1 dev lxcbr0 proto zebra metric 1024 linkdown pref medium Zebra CLI iproute2

39. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 39 Goal: set command (Transit) set routing-options ipv6 route-srv6 fc00:b::10/128 nexthop fc00:a::a seg6 inline segments fc00:3::11 fc00:3::12 fc00:3::13 set routing-options ipv6 route-srv6 fc00:b::10/128 nexthop fc00:a::a seg6 encap segments fc00:3::11 fc00:3::12 fc00:3::13 ip -6 route add fc00:b::10/128 encap seg6 mode inline segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a ip -6 route add fc00:b::10/128 encap seg6 mode encap segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a set routing-options ipv6 route-srv6 <route> nexthop <nexthop> seg6 <inline|encap> segments <segment-list>

40. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 40 Goal: set commands (End.* functions) set routing-options ipv6 localsid fc00::a1/128 nexthop 2001:db8::1 action End set routing-options ipv6 localsid fc00::a2/128 nexthop 2001:db8::1 action End.X nh6 fc00::1:1 set routing-options ipv6 localsid fc00::a3/128 nexthop 2001:db8::1 action End.T table 100 set routing-options ipv6 localsid fc00::a4/128 nexthop 2001:db8::1 action End.DX2 oif lxcbr0 set routing-options ipv6 localsid fc00::a5/128 nexthop 2001:db8::1 action End.DX6 nh6 fc00::1:1 set routing-options ipv6 localsid fc00::a6/128 nexthop 2001:db8::1 action End.DX4 nh4 10.0.3.254 set routing-options ipv6 localsid fc00::a7/128 nexthop 2001:db8::1 action End.DT6 table 200 set routing-options ipv6 localsid fc00::a8/128 nexthop 2001:db8::1 action End.B6 segments beaf::1 beaf::2 set routing-options ipv6 localsid fc00::a9/128 nexthop 2001:db8::1 action End.B6.Encaps segments beaf::1 beaf::2 ip -6 route add fc00::1/128 encap seg6local action End via 2001:db8::1 ip -6 route add fc00::2/128 encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1 ip -6 route add fc00::3/128 encap seg6local action End.T table 100 via 2001:db8::1 ip -6 route add fc00::4/128 encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1 ip -6 route add fc00::5/128 encap seg6local action End.DX6 nh6 fc00::1:1 via 2001:db8::1 ip -6 route add fc00::6/128 encap seg6local action End.DX4 nh4 10.0.3.254 via 2001:db8::1 ip -6 route add fc00::7/128 encap seg6local action End.DT6 table 100 via 2001:db8::1 ip -6 route add fc00::8/128 encap seg6local action End.B6 srh segs beaf::1,beaf::2 via 2001:db8::1 ip -6 route add fc00::9/128 encap seg6local action End.B6.Encaps srh segs beaf::1,beaf::2 via 2001:db8::1 set routing-options ipv6 localsid <sid> nexthop <nexthop> action <End.*> [action-parameters]

41. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 41 Zebra 2.0 Architecture CLI openconfigd Linux dataplane quaggad bgpd / ospfd ribd fea quagga openconfigd zebra gRPC gRPC (yang model) vtysh Tap interface netlink Hardware dataplane HW API (SAI, XDK etc.) zebra proto gRPC bgpd/ospfd gRPC gRPC etcd JSON Written from scratch in Go • openconfigd • configuration system • yang model • CLI (Junos like) • etcd for scalability • zebra/ribd • dataplane management (ex: FIB) • zebra/fea • multiple dataplane support • link/port, bridge domain etc. • zebra/bgpd, ospfd • New protocol modules with multi- core support • quaggad & zebra protocol • for backward compatibility

42. Main Modules • openconfigd • https://github.com/coreswitch/openconfigd • zebra • https://github.com/coreswitch/zebra

    Helper Modules • component / dependency • Component dependencies library and dependency library. • https://github.com/coreswitch/component • https://github.com/coreswitch/dependency • log: logrus wrapper with source code information and function name and log levels. • https://github.com/coreswitch/log • cmd: Go library for command line parsing. • https://github.com/coreswitch/cmd Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 42 Source Code available on GitHub

43. (5) (2) (4) (1) (3) Zebra 2.0 SRv6 CLI on

    Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 43 CLI operation overview 1. YANG model define syntax of CLI 2. ribd will register available commands for currently existing dataplane 3. User will issue command via CLI 4. openconfigd will pass it to ribd 5. ribd will set config / get info via netlink CLI openconfigd Linux dataplane ribd YANG model netlink gRPC gRPC

44. 1. Add SRv6 support to Golang netlink library (vishvananda/netlink) 2.

    Modify (existing) “show ipv6 route” command 3. Add SRv6 objects to YANG (openconfigd/yang/coreswitch.yang) 4. Add SRv6 CLI format and functions (zebra/rib/api.go) • Add CLI definition • Implement functions to handle request from CLI Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 44 Zebra 2.0 ... Steps to support SRv6 CLI

45. Zebra 2.0 SRv6 CLI implementation • Zebra 2.0 is written

    in Golang (Go), thus need netlink library in Go. • netlink/ • route_linux.go ... main code providing netlink for Linux • route_test.go ... go testing code • netlink_test.go .. go testing code • netlink/nl/ • syscall.go ... add SRv6 related constants • seg6_linux.go ... seg6 (T.*) code (add file) • seg6local_linux.go ... seg6local (End.*) code (add file) Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 45 1. Add SRv6 support to netlink library (vishvananda/netlink) Note: • In Linux, Transit functions are called “seg6” and End segments (functions) are called “seg6local” • seg6 changes are already up-streamed. • seg6local will be up-streamed soon. https://github.com/vishvananda/netlink

46. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 46 SEG6 related change in netlink library https://github.com/vishvananda/netlink/pull/282

47. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 47 2. Modify (existing) “show ipv6 route” command > zebra/ribd/ribd_show.go func ShowIpv6Route(t *ShowTask, Args []interface{}) { if t.First { param := &RibShowParam{ afi: AFI_IP6, } t.Index = param } RibShow("", t) } func RibShow(vrfName string, t *ShowTask) { vrf := VrfLookupByName(vrfName) if vrf == nil { return } vrf.RibShow(t) } var cmdNameMap = map[string]func(*ShowTask, []interface{}){ "show_interface": ShowInterface, "show_interface_vrf": ShowInterfaceVrf, … "show_ipv6_route": ShowIpv6Route, } > zebra/ribd/grpc.go var cmdSpec = ` [ ... snip ... { "name": "show_ipv6_route", "line": "show ipv6 route", "mode": "exec", "helps": [ "Show running system information", "Internet Protocol version 6 (IPv6)", "IP routing table" ] },

48. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 48 2. Modify (existing) “show ipv6 route” command > zebra/rib/nexthop.go type Nexthop struct { net.IP Index IfIndex EncapType int EncapSeg6 EncapSEG6 EncapSeg6Local EncapSEG6Local } > /zebra/rib/netlink.go func (route RouteInfo) String() string { strs := []string{} strs = append(strs, fmt.Sprintf("%s", route.Rib.Prefix)) if route.Nexthop != nil { switch route.Nexthop.EncapType { case nl.LWTUNNEL_ENCAP_SEG6: strs = append(strs, fmt.Sprintf("encap seg6 %s", route.Nexthop.EncapSeg6.String())) case nl.LWTUNNEL_ENCAP_SEG6_LOCAL: strs = append(strs, fmt.Sprintf("encap seg6local %s", route.Nexthop.EncapSeg6Local.String())) } } return fmt.Sprintf("%s", strings.Join(strs, " ")) //return route.Prefix.String() + " " + route.Rib.String() } > /zebra/rib/netlink.go // Route represents a netlink route. type RouteInfo struct { MsgType uint16 Rib Table int MultiPath []*NexthopInfo }

49. • Internet-Draft for SRv6 was recently released. • draft-raza-spring-srv6-yang-00 (Nov,

    2017) • Did not use above Internet-Draft (yet) • Prioritized having simple but running code faster rather than adopting to early draft which could change. • Some missing features in openconfigd (ex: not supporting “when” clause) • Simplified version defined for Zebra 2.0 • Expect updates to YANG model as ID get mature. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 50 3. Add SRv6 objects to YANG (openconfigd/yang/coreswitch.yang)

50. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 51 draft-raza-spring-srv6-yang-00

51. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 52 openconfigd/yang/coreswitch.yang

52. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 53 set routing-options ipv6 route-srv6 <route> nexthop <nexthop> seg6 <inline|encap> segments <segment-list> openconfigd/yang/coreswitch.yang

53. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 54 4. Add SRv6 CLI format and functions > zebra/rib/api.go func InitAPI() { Parser = cmd.NewParser() Parser.InstallCmd([]string{"routing-options", "ipv6", "route-srv6", "X:X::X:X/M", "nexthop", "X:X::X:X", "seg6", "WORD", "segments", "X:X::X:X", "&"}, IPv6RouteSeg6SegmentsApi) Parser.InstallCmd([]string{"routing-options", "ipv6", "localsid", "X:X::X:X/M", "nexthop", "X:X::X:X", "action", "End"}, Seg6LocalEndApi) Parser.InstallCmd([]string{"routing-options", "ipv6", "localsid", "X:X::X:X/M", "nexthop", "X:X::X:X", "action", "End.X", "nh6", "X:X::X:X"}, Seg6LocalEndXApi) ... 1. Add “Parser.InstallCmd([]string{...}, <function>)” per command 2. Add “<function>” which will be called when command was entered via CLI func Seg6LocalEndXApi(Cmd int, Args cmd.Args) int { prefix := Args[0].(*netutil.Prefix) nexthop := Args[1].(net.IP) nh6 := Args[2].(net.IP) ... if Cmd == cmd.Set { server.StaticSeg6LocalAdd(prefix, nexthop, seg6local) } else { server.StaticSeg6LocalDelete(prefix, nexthop) } 1 2

54. Demo: Zebra 2.0 SRv6 CLI on Linux dataplane Zebra 2.0

    SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 55

55. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 56 demo topology Device ( Host 1 ) Zebra CLI Router A Router B Server ( Host 2 ) Zebra CLI Router C Router D Service Function ( Host 3X ) Service Function ( Host 3Y ) veth1: fc00:000a::10/64 veth2: fc00:000b::10/64 veth2 veth1 vethA1 vethAD vethDA vethAC vethCA vethDB vethCB vethBD vethBC vethB2 Router A vethA1: fc00:000a::a/64 vethAC: fc00:00ac::a/64 vethAD: fc00:00ad::a/64 Router D vethDA: fc00:00ad::d/64 vethDB: fc00:00bd::d/64 vethD3: fc00:00d3::d/64 Router C vethCA: fc00:00ac::c/64 vethCB: fc00:00bc::c/64 vethC3: fc00:00c3::c/64 Router B vethBC: fc00:00bc::b/64 vethBD: fc00:00bd::b/64 vethB2: fc00:000b::b/64 • Host 1 & 2 : runs SRv6 (Zebra CLI + Linux dp) • Router A,B,C,D : IPv6 router with NO SRv6 • Host 3X : active service function • Host 3Y : standby service function veth3 vethC3 vethD3 veth3D veth3C veth3

56. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 57 Normal Route Device ( Host 1 ) Zebra CLI Router A Router B Server ( Host 2 ) Zebra CLI Router C Router D Service Function ( Host 3X ) Service Function ( Host 3Y ) veth1: fc00:000a::10/64 veth2: fc00:000b::10/64 veth2 veth1 vethA1 vethAD vethDA vethAC vethCA vethDB vethCB vethBD vethBC vethB2 • Host 1 & 2 : runs SRv6 (Zebra CLI + Linux dp) • Router A,B,C,D : IPv6 router with NO SRv6 • Host 3X : active service function • Host 3Y : standby service function veth3 vethC3 vethD3 veth3D veth3C veth3

57. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 58 Add SRv6 Route on Device (Host 1) Device ( Host 1 ) Zebra CLI Router A Router B Server ( Host 2 ) Zebra CLI Router C Router D Service Function ( Host 3X ) Service Function ( Host 3Y ) veth1: fc00:000a::10/64 veth2: fc00:000b::10/64 veth2 veth1 vethA1 vethAD vethDA vethAC vethCA vethDB vethCB vethBD vethBC vethB2 set routing-options ipv6 route-srv6 fc00:b::10/128 nexthop fc00:a::a seg6 inline segments fc00:3::10 veth3 vethC3 vethD3 veth3D veth3C veth3

58. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 59 Add SRv6 Route on Host 1 and Host 2 Device ( Host 1 ) Zebra CLI Router A Router B Server ( Host 2 ) Zebra CLI Router C Router D Service Function ( Host 3X ) Service Function ( Host 3Y ) veth1: fc00:000a::10/64 veth2: fc00:000b::10/64 veth2 veth1 vethA1 vethAD vethDA vethAC vethCA vethDB vethCB vethBD vethBC vethB2 set routing-options ipv6 route-srv6 fc00:a::10/128 nexthop fc00:b::b seg6 inline segments fc00:3::10 veth3 vethC3 vethD3 veth3D veth3C veth3

59. Future work Zebra 2.0 SRv6 CLI on Linux dataplane Zebra

    2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 60

60. • Cleanup code and upstream • Code for End function

    support is still in my personal repo/branch. • vishvananda/netlink • zebra and openconfigd • Mobile function implementation (End.TM, T.Tmap) • P4 code to run on BMv2 (software) or Netronome/Barefoot (NPU/ASIC) • ?? Linux dataplane ... Upstreaming to Linux Kernel is a challenge but may worth trying • Running SRv6 on commodity switch • ASIC dataplane support • Once SRv6 become available on ASICs (Cavium XPliant, Barefoot and more??) Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 61 What’s planned next?

61. Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa

    <[email protected]> | ENOG#49＠嵐渓荘 2018/02/23 62 Next Step : SRv6 Mobile Network Programmability +-----------------------------+--------+----------+ | User-plane Function | Uplink | Downlink | +-----------------------------+--------+----------+ | stateless interworking node | T.Tmap | End.TM | | L2-anchor | End.B6 | End.B6 | | L3-anchor | End.T | T.Insert | +-----------------------------+--------+----------+