Zebra SRv6 CLI on Linux Dataplane (ENOG#49)

Zebra 2.0 SRv6 CLI
on Linux dataplane
Zebra 2.0 SRv6 CLI on Linux dataplane | Kentaro Ebisawa <ebiken@pontonetworks.com> | ENOG#49＠嵐渓荘 2018/02/23 1
ENOG#49＠嵐渓荘
Twitter: @ebiken

https://www.linkedin.com/in/ebiken/ https://twitter.com/ebiken

Motivation: Why SRv6 on Zebra 2.0?
make a platform easy to try new protocols
available for everyone
Open Source on Linux (Free)
Runs on anywhere (Physical, Virtual, Cloud)
Scrap & Build new ideas for fast iteration
Running Code help new ideas to spark

Mobile “not made by” Nokia, Erricson
• Open Source Implementations
• NextEPC: http://nextepc.org
• Open Source (AGPL-3.0) implementation of
the 3GPP Evolved Packet Core (LTE)
• HSS/MME/PCRF/PGW/SGW written in C-
language.
• https://github.com/acetcom/nextepc
• OSMOCOM: https://osmocom.org/
• Open Source mobile communication for
2G/3G (GSM, DECT, TETRA etc.)
• Source code: https://github.com/osmocom
• Service Providers (MVNO)
• Soracom: https://soracom.jp/
• PGW written from scratch.
• Operating on Amazon Web Service.
• Sakura Internet
• PGW, HSS written from scratch in Golang.
• Sakura Secure Mobile Connect
(Japanese)
• https://www.slideshare.net/higebu/201801
24-86629247
Mobile Technology is getting more open & easy to access

Segment Routing IPv6 (SRv6) basics
protocol header format, example packets
SRv6 functions

#1
#4
#2 #3
#5
SRv6 is loose source routing method which source node will specify ordered
list of SIDs (Segment IDs) representing the path the packet should take.
SR Endpoint node node whose “MyLocalSID Table” contains an entry for the DA of the packet
Source SR node node originating an IPv6 packet with its IPv6 and Segment Routing Headers
Transit node node not supporting SRv6 or node whose “MyLocalSID Table” does NOT contain DA of the packet

SRv6 is loose source routing method which source node will specify ordered
list of SIDs (Segment IDs) representing the path the packet should take.
1. Source node could
be a host originating
packet with SRH
2. Or, could be a gateway
who encap packet in IPv6
header with SRH
3. Transit node doesn’t
need to understand
(support) SRH
4. Endpoint could have
multiple SIDs
#1
#4
#2 #3
#5
SR Endpoint node node whose “MyLocalSID Table” contains an entry for the DA of the packet
Source SR node node originating an IPv6 packet with its IPv6 and Segment Routing Headers
Transit node node not supporting SRv6 or node whose “MyLocalSID Table” does NOT contain DA of the packet

• SRH is a new type of the Routing Header (has properties as mentioned in RFC2460)
• SHOULD only appear once in the packet.
• Only the router whose address is in the DA field of the packet header MUST inspect the SRH.
• SRH is added to the packet by its source
• (to avoid end host receiving modified packets by intermediate nodes)
• At the node originating the packet (host, server).
• At the ingress node of an SR domain where the ingress node receives an IPv6 packet and
encapsulates it into an outer IPv6 header followed by a Segment Routing header.
• An SRv6-capable node N maintains a "MyLocalSID Table“.
• This table contains all the local SRv6 segments explicitly instantiated at node N.
• N is the parent node for these SID’s.
• Shorter prefix of SID could be learned by network to get routed to the node SID resides
within.
Reference: draft-ietf-6man-segment-routing-header

• Features
• No or less state in network.
• SID locations would be advertised via IGP
• No need to replace all network nodes (router/switch)
• non-SR nodes will simply forward packet based on IPv6 routing
• Discussed in IETF WGs (6MAN, SPRING, DMM)
• draft-ietf-6man-segment-routing-header
• draft-filsfils-spring-srv6-network-programming
• draft-ietf-dmm-srv6-mobile-uplane

SRv6 basics
Segment Routing Header (SRH)
IPv6
Header
IPv6
Extension
Header
Payload
• Routing Type
• 4 (Segment Routing)
• Segments Left
• Index to the next segment in the
Segment List
• Decremented on Endpoint node
• Last Entry
• Index to the first segment in the
Segment List
• Segment List
• Encoded starting from the last
segment of the path (Segment
List [0] contains the last segment)

SRv6 basics
• “SRv6 Network Programming” Internet-Draft document
• draft-filsfils-spring-srv6-network-programming
• Segment List: <S1, S2, S3>
• S1, S2, S3: 1st, 2nd, 3rd segment to visit
• IP Packet: (SA,DA) (S3, S2, S1; SL)
• SA, DA: Source, Destination Address
• SRH with SID list <S1, S2, S3>
• SL: Segments Left
!! Order of segments would be reversed in <...> and (...) !!
SID List description in “SRv6 Network Programming”
S1
S2
S3
SL

SRv6 basics
• SID is 128bit and similar to IPv6 address. But semantics is different.
• LOC, FUNC, ARGS has flexible length. (ARGS could be 0 length)
• SID would be used to route packet to the node SID resides.
• With longest prefix match, and FUNC, ARGS could also be part of the prefix.
• Local SID may, but does not have to, be an IPv6 address associated to
a local interface of the node.
SRv6 SID (Segment ID) format
128bits
LOC (locator) FUNC (function) ARGS (arguments)
Reference: draft-filsfils-spring-srv6-network-programming

SRv6 basics
• U: Unused and for future use.
• P-flag:
• Protected flag. Set when the packet has been rerouted through FRR mechanism by an SR
endpoint node.
• O-flag:
• OAM flag. When set, it indicates that this packet is an operations and management (OAM) packet.
• A-flag:
• Alert flag. If present, it means important Type Length Value (TLV) objects are present.
• H-flag:
• HMAC flag. If set, the HMAC TLV is present and is encoded as the last TLV of the SRH.
• In other words, the last 36 octets of the SRH represent the HMAC information.
SRH Flags

SRv6 basics
SRH TLVs
Ingress Node, Egress Node, Opaque TLV
NSH Carrier TLV
Padding TLV
HMAC TLV
• Padding TLV is optional and MAY only appear once in the SRH.
• The Padding TLV is used in order to align the SRH total length on the 8 octet boundary.
• When present, the Padding TLV MUST appear as the last TLV before the HMAC TLV (if
HMAC TLV is present).
• When present, the HMAC TLV MUST be encoded as the last TLV of the SRH.
• If the HMAC TLV is present, the SRH H-Flag (Figure 4) MUST be set.
• The NSH Carrier TLV is a container used in order to carry TLVs that have been defined in
draft-ietf-sfc-nsh

SRv6 basics
HMAC TLV
Fields included in hash calculation
(1) source IPv6 address
(2) Last Entry field
(3) an octet of bit flags
(4) Segment List
(5) HMAC Key-id
• Used only when SRH is added by a device (such as a home set-up
box) which is outside of the segment routing (SR) domain.
• Would be validated only on edge of the SR domain. (a.k.a.
“validating SR router”)
• HMAC value is unique per flow
• could be cached based on <IPv6 header +
• SRH, HMAC field value>
• Lookup table based on “HMAC Key ID” to find correct combination
of “pre-shared secret & hash algorithm”
• “HMAC Key ID = 0” means HMAC field does not exist.
• pre-shared secret distribution can be done:
• in the configuration of the validating routers, either by static
configuration or any SDN oriented approach;
• dynamically using a trusted key distribution such as RFC6407
(2)
(3)
(4)
(5)
TLV used to validate packets coming into SR domain.

SRv6 basics
• Segment is a set of instructions (functions).
• Two basic functions (End, End.X) are defined in draft-ietf-6man-segment-
routing-header
• draft-filsfils-spring-srv6-network-programming defines many functions
associated with SRv6 SID’s.
SRv6 Segments and Functions

• Transit function (node)
• The packets DA is NOT an IP address of the node
• The packets DA is NOT listed in “My Local SID Table” of the node
• End function (node)
• The packets DA is IP address of the node, or
• The packets DA is listed in “My Local SID Table”
End vs Transit function (node)

Transit functions
Function Description
T Forwards the packet without inspecting the SRH
T.Insert Transit behavior with insertion of an SRv6 Policy
T.Encaps Transit behavior with encapsulation in an SRv6 policy
T.Encaps.L2 T.Encaps behavior of the received L2 frame
#1
#4
#2 #3
#5

Transit functions (T.Insert)
a
#1
b #4
#2 #3
#5
d
c
IPv6 Payload
IPv6 PayloadSRH (SA:a, DA: #1)(d, #5, #3, #2, #1; SL=4)
Next SegmentDestination Host
(SA:a, DA: d)

Transit functions (T.Encaps)
IPv6 Payload
IPv6 PayloadSRH IPv6 (SA:b, DA: #4)(#3, #2, #4; SL=2)(SA:b, DA: c)
a
#1
b #4
#2 #3
#5
d
c
Next Segment
(SA:b, DA: c)

Example Wireshark Output
Inline mode Encap mode
final destination is in SID[0]
final destination is in
encapsulated IP header

End functions (End)
End: Update the DA with the next segment and forward the packet accordingly.
IPv6
IPv6 PayloadSRH
(SA:a, DA: #1)(d, #5, #3, #2, #1; SL=4)PayloadSRH
(SA:a, DA: #2)(d, #5, #3, #2, #1; SL=3)
a
#1
b #4
#2 #3
#5
d
c
Next Segment

List of SRv6 functions
1 End Endpoint
1 Xconnect End.X Endpoint with Layer-3 cross-connect
1 Table Lookup End.T Endpoint with specific IPv6 table lookup
1 Search End.S Endpoint in search of a target in table T
1
Decaps
+ Xconnect
End.DX6 Endpoint with decapsulation and IPv6 crossconnect
1 End.DX4 Endpoint with decapsulation and IPv4 crossconnect
1 End.DX2 Endpoint with decapsulation and Layer-2 crossconnect
1 End.DX2V Endpoint with decapsulation and VLAN L2 table lookup
1
Decaps
+ Table Lookup
End.DT6 Endpoint with decapsulation and specific IPv6 table lookup
1 End.DT4 Endpoint with decapsulation and specific IPv4 table lookup
1 End.DT46 Endpoint with decapsulation and specific IP table lookup
1 End.DT2U Endpoint with decapsulation and unicast MAC L2 table lookup
1 End.DT2M Endpoint with decapsulation and L2 table flooding
1
Binding
End.B6 Endpoint bound to an SRv6 policy
1 End.B6.Encaps Endpoint bound to an SRv6 encapsulation policy
1 End.BM Endpoint bound to an SR-MPLS policy
1 T Transit behavior
1 Insert T.Insert Transit with insertion of an SRv6 Policy
1
Encaps
T.Encaps Transit with encapsulation in an SRv6 Policy
1 T.Encaps.L2 Transit with encapsulation of L2 frames
3) draft-ietf-dmm-srv6-mobile-uplane-00
3
Mobile
End.TM
End point function with encapsulation for
mapped tunnel
3 T.Tmap
Transit behavior with tunnel decapsulation
and mapping an SRv6 Policy
2
Application
End.AM SRv6 masquerading proxy pseudocode
2 End.AD SRv6 dynamic proxy segments
2 End.AS2 Static proxy for inner type Ethernet
2 End.AS4 Static proxy for inner type IPv4
2 End.AS6 Static proxy for inner type IPv6
1) draft-filsfils-spring-srv6-network-programming-03 2) draft-clad-spring-segment-routing-service-chaining-00
=> draft-xuclad-spring-sr-service-chaining-00
(End.A* was removed in updated draft)

Linux SRv6 Implementations

SRv6 Linux Implementations
• Kernel network stack (4.10 and later)
• http://www.segment-routing.org/
• Contributed by “IP Networking Lab” of Université Catholique de Louvain, Louvain-
la-Neuve, Belgium.
• srext: Linux kernel module
• https://netgroup.github.io/SRv6-net-prog/
• Developed by the Networking Group from University of Rome Tor Vergata, Italy
• Could support “Chaining of SRv6-unaware VNFs” use case (End.AD, End.AM)
SRv6 Linux Kernel Implementations
Zebra 2.0 SRv6 CLI
Zebra 2.0 SRv6 CLI on Linux Dataplane is using “Kernel network stack”

SRv6 Linux Implementations
• Not Linux Kernel (module) implementation, but works on Linux.
• https://wiki.fd.io/view/VPP/Segment_Routing_for_IPv6
SRv6 on VPP (by FD.io project)
Supported functions as of 2017/02/17
Reference: http://www.segment-routing.net/open-software/vpp/

SRv6 Functions on Linux dataplane (status as of 2018/02/21)
Function Linux Zebra Description
End 4.10, srext (READY) Endpoint function
End.X 4.10, srext (READY) Endpoint function with Layer-3 cross-connect
End.T 4.14 (READY) Endpoint function with specific IPv6 table lookup
End.DX2 4.14, srext (READY) Endpoint with decapsulation and Layer-2 cross-connect
End.DX2V - - Endpoint with decapsulation and VLAN L2 table lookup
End.DT2U - - Endpoint with decapsulation and unicast MAC L2 table lookup
End.DT2M - - Endpoint with decapsulation and L2 table flooding
End.DX6 4.14, srext (READY) Endpoint with decapsulation and IPv6 cross-connect
End.DX4 4.14, srext (READY) Endpoint with decapsulation and IPv4 cross-connect
End.DT6 4.14 (READY) Endpoint with decapsulation and IPv6 table lookup
End.DT4 - - Endpoint with decapsulation and IPv4 table lookup
End.DT46 - -
End.B6 4.14, srext (READY) Endpoint bound to an SRv6 policy
End.B6.Encaps 4.14, srext (READY) Endpoint bound to an SRv6 encapsulation Policy
End.BM - - Endpoint bound to an SR-MPLS Policy
End.S - - Endpoint in search of a target in table T
T.Insert 4.10, srext READY Transit behavior with insertion of an SRv6 Policy
T.Encaps 4.10, srext READY Transit behavior with encapsulation in an SRv6 policy
T.Encaps.L2 4.14 - T.Encaps behavior of the received L2 frame
T.Tmap - - stateless interworking node (Uplink)
End.TM - - stateless interworking node (Downlink)
SRv6-mobile-uplane
https://datatracker.ietf.org/doc/draft-ietf-dmm-srv6-mobile-uplane/
SRv6 Network Programming
https://datatracker.ietf.org/doc/draft-filsfils-spring-srv6-network-programming/
Segment Routing for Service Chaining
https://github.com/netgroup/SRv6-net-prog
https://datatracker.ietf.org/doc/draft-xuclad-spring-sr-service-chaining/
End.AM srext - Endpoint to SR-unaware APP via masquerading
End.AD4 (AD6) srext - Endpoint to IPv4 (v6) SR-unaware APP via dynamic proxy
End.EAD4 (EAD6) srext - Extended End.AD4 (AD6) behavior that allow Sr-uanware
VNFS to be the last SF in SFC
READY : publicly available NOW
(READY) : publicly available SOON

• One of “Light Weight Tunnel” (LWTunnel)
• lwtunnel_encap_types { MPLS, IP, ILA, IP6, SEG6, BPF, SEG6_LOCAL }
• Tunnel attributes attached to routes (not to tunnel interface)
Linux Kernel SRv6 Implementation
$ ip -6 route
c0be:fe::/64 encap seg6 mode inline segs 4 [ c0be::1 c0be::2 c0be::3 :: ]
via 2001:db8::1 dev lxcbr0 metric 1024 linkdown pref medium
fc00::1 encap seg6local action End via 2001:db8::1
dev lxcbr0 metric 1024 linkdown pref medium
fc00::2 encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1
fc00::3 encap seg6local action End.T table 100 via 2001:db8::1
fc00::4 encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1

Configuring SRv6 on Linux
• sysctl and iproute2 (ip) commands are available to configure SRv6 on Linux
• sysctl configuration (per-interface)
• net.ipv6.conf.*.seg6_enabled (integer)
• Matching packets for this sysctl are those whose active segment (i.e., IPv6 DA) is local to the
Linux node.
• 0: Drop ingress SR-enabled packets from this interface.
• 1: Accept ingress SR-enabled packets and apply basic SRH processing.
• net.ipv6.conf.*.seg6_require_hmac (integer)
• -1: Ignore HMAC field.
• 0: Accept SR packets without HMAC, validate SR packets with HMAC.
• 1: Drop SR packets without HMAC, validate SR packets with HMAC.
sysctl (prerequisites)
Reference: http://www.segment-routing.org/index.php/Implementation/Configuration

• Source address for SRv6 encapsulations
• ip sr tunsrc set <addr>
• When a packet is encapsulated within an outer IPv6 header, a source address must
be selected for this outer header.
• By default, an interface address is selected.
• If addr is set to ::, then the default behavior is assumed.
• HMAC configuration
• ip sr hmac set <keyid> <algorithm>
• Configure mapping of HMAC key ID, algorithm and passphrase.
• You will be prompted to enter the passphrase when entering this command.
Global configuration (src addr, HMAC)

Transit node on Linux
ip -6 route add fc00:b::10/128 encap seg6 mode inline
segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a
ip -6 route add fc00:b::10/128 encap seg6 mode encap
segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a
ip -6 route add <prefix> encap seg6 mode <encapmode>
segs <segments> [hmac <keyid>] (dev <device> | via <nexthop>)
examples

End segments (functions) on Linux
Reference: http://www.segment-routing.org/index.php/Implementation/AdvancedConf
ip -6 route add <segment> encap seg6local action <action> <params>
(dev <device> | via <nexthop>) [table localsid]
ip -6 route add fc00::1/128 encap seg6local
action End via 2001:db8::1
action End.X nh6 fc00::1:1 via 2001:db8::1
action End.T table 100 via 2001:db8::1
action End.DX2 oif lxcbr0 via 2001:db8::1
action End.DX6 nh6 fc00::1:1 via 2001:db8::1
action End.DX4 nh4 10.0.3.254 via 2001:db8::1
action End.DT6 table 100 via 2001:db8::1
action End.B6 srh segs beaf::1,beaf::2 via 2001:db8::1
action End.B6.Encaps srh segs beaf::1,beaf::2 via 2001:db8::1
examples

“netlink” is used to configure / show SRv6 rules
RTNetlink
// rtattr_type_t
RTA_DST
RTA_OIF
RTA_ENCAP_TYPE (0x15)
RTA_ENCAP (0x16)
RTA_ENCAP_TYPE (0x15)
lwtunnel_encap_types {
LWTUNNEL_ENCAP_MPLS
LWTUNNEL_ENCAP_IP
LWTUNNEL_ENCAP_ILA
LWTUNNEL_ENCAP_IP6
LWTUNNEL_ENCAP_SEG6 (5)
LWTUNNE_ENCAP_BPF
LWTUNNEL_ENCAP_SEG6_LOCAL (7)
}
RTA_ENCAP (0x16)
SEG6_IPTUNNEL_SRH
encap mode {
SEG6_IPTUN_MODE_INLINE
SEG6_IPTUN_MODE_ENCAP
SEG6_IPTUN_MODE_L2ENCAP
}
SRH { ... }
RTA_ENCAP (0x16)
// seg6local types
SEG6_LOCAL_ACTION
SEG6_LOCAL_SRH,
SEG6_LOCAL_TABLE,
SEG6_LOCAL_NH4,
SEG6_LOCAL_NH6,
SEG6_LOCAL_IIF,
SEG6_LOCAL_OIF,
SEG6_LOCAL_ACTION (0x01)
seg6local action types {
SEG6_LOCAL_ACTION_END = 1
SEG6_LOCAL_ACTION_END_X = 2
SEG6_LOCAL_ACTION_END_T = 3
SEG6_LOCAL_ACTION_END_DX2 = 4
SEG6_LOCAL_ACTION_END_DT6 = 7
SEG6_LOCAL_ACTION_END_DT4 = 8
SEG6_LOCAL_ACTION_END_B6 = 9
SEG6_LOCAL_ACTION_END_B6_ENCAP = 10
SEG6_LOCAL_ACTION_END_BM = 11
SEG6_LOCAL_ACTION_END_S = 12
SEG6_LOCAL_ACTION_END_AS = 13
SEG6_LOCAL_ACTION_END_AM = 14
}
TYPE = SEG6_LOCAL
• Example when setting route
• SEG6 = Transit node
• SEG6LOCAL = End node (Local Segment)
• Select one value for items in { }
• Select multiple without { }
TYPE = SEG6

netlink message example (SEG6_LOCAL)
ENCAP_SEG6_LOCAL (7)
0000 08 00 01 00 02 00 00 00 14 00 05 00 fc 00 00 00
0010 00 00 00 00 00 00 00 00 00 01 00 01
08 00 01 00 | len: 8bytes, type: SEG6_LOCAL_ACTION (0x01)
02 00 00 00 | data: SEG6_LOCAL_ACTION_END_X (0x02)
14 00 05 00 | len: 20bytes, type: SEG6_LOCAL_NH6 (0x05)
fc 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 | data: IPv6 addr

Linux Source Code (where to look)
Linux Kernel Source Code
• include/uapi/linux/
• rtnetlink.h
• lwtunnel.h
• seg6_genl.h
• seg6.h
• seg6_hmac.h
• seg6_iptunnel.h
• seg6_local.h
• net/core/
• lwtunnel.c
• net/ipv6/
• seg6.c
• seg6_hmac.c
• seg6_iptunnel.c
• seg6_local.c
iproute2
• ip/
• ipseg6.c
• iproute_lwtunnel.h
• iproute_lwtunnel.c
git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git

Zebra 2.0 SRv6 CLI implementation

Zebra 2.0 SRv6 CLI Implementation
Goal: show Transit (inline/encap)
$ show ipv6 route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
... snip ...
S fc00:b::10/128 [1/0]
encap seg6 mode encap segs 3 [ fc00:3::11 fc00:3::12 fc00:3::13 ]
via fc00:a::a
S fc00:b::11/128 [1/0]
encap seg6 mode inline segs 4 [ fc00:3::11 fc00:3::12 fc00:3::13 :: ]
via fc00:a::a
$ ip -6 route
fc00:b::10 encap seg6 mode encap segs 3 [ fc00:3::11 fc00:3::12 fc00:3::13 ]
via fc00:a::a dev veth1 proto zebra metric 1024 pref medium
fc00:b::11 encap seg6 mode inline segs 4 [ fc00:3::11 fc00:3::12 fc00:3::13 :: ]
via fc00:a::a dev veth1 proto zebra metric 1024 pref medium
Zebra CLI
iproute2

Zebra 2.0 SRv6 CLI Implementation
Goal: show End Segments (Functions)
$ show ipv6 route
... snip ...
S fc00::a2/128 [1/0]
encap seg6local action End.X nh6 fc00::1:1
via 2001:db8::1
S fc00::a3/128 [1/0]
encap seg6local action End.T table 100
via 2001:db8::1
S fc00::a4/128 [1/0]
encap seg6local action End.DX2 oif lxcbr0
via 2001:db8::1
$ ip -6 route
fc00::a2 encap seg6local action End.X nh6 fc00::1:1
via 2001:db8::1 dev lxcbr0 proto zebra metric 1024 linkdown pref medium
fc00::a3 encap seg6local action End.T table 100
fc00::a4 encap seg6local action End.DX2 oif lxcbr0
Zebra CLI
iproute2

Goal: set command (Transit)
set routing-options ipv6 route-srv6 fc00:b::10/128 nexthop fc00:a::a seg6 inline segments fc00:3::11 fc00:3::12 fc00:3::13
set routing-options ipv6 route-srv6 fc00:b::10/128 nexthop fc00:a::a seg6 encap segments fc00:3::11 fc00:3::12 fc00:3::13
ip -6 route add fc00:b::10/128 encap seg6 mode inline segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a
ip -6 route add fc00:b::10/128 encap seg6 mode encap segs fc00:3::11,fc00:3::12,fc00:3::13 via fc00:a::a
set routing-options ipv6 route-srv6 <route> nexthop <nexthop>
seg6 <inline|encap> segments <segment-list>

Goal: set commands (End.* functions)
set routing-options ipv6 localsid fc00::a1/128 nexthop 2001:db8::1 action End
set routing-options ipv6 localsid fc00::a2/128 nexthop 2001:db8::1 action End.X nh6 fc00::1:1
set routing-options ipv6 localsid fc00::a3/128 nexthop 2001:db8::1 action End.T table 100
set routing-options ipv6 localsid fc00::a4/128 nexthop 2001:db8::1 action End.DX2 oif lxcbr0
set routing-options ipv6 localsid fc00::a5/128 nexthop 2001:db8::1 action End.DX6 nh6 fc00::1:1
set routing-options ipv6 localsid fc00::a6/128 nexthop 2001:db8::1 action End.DX4 nh4 10.0.3.254
set routing-options ipv6 localsid fc00::a7/128 nexthop 2001:db8::1 action End.DT6 table 200
set routing-options ipv6 localsid fc00::a8/128 nexthop 2001:db8::1 action End.B6 segments beaf::1 beaf::2
set routing-options ipv6 localsid fc00::a9/128 nexthop 2001:db8::1 action End.B6.Encaps segments beaf::1 beaf::2
ip -6 route add fc00::1/128 encap seg6local action End via 2001:db8::1
ip -6 route add fc00::2/128 encap seg6local action End.X nh6 fc00::1:1 via 2001:db8::1
ip -6 route add fc00::3/128 encap seg6local action End.T table 100 via 2001:db8::1
ip -6 route add fc00::4/128 encap seg6local action End.DX2 oif lxcbr0 via 2001:db8::1
ip -6 route add fc00::5/128 encap seg6local action End.DX6 nh6 fc00::1:1 via 2001:db8::1
ip -6 route add fc00::6/128 encap seg6local action End.DX4 nh4 10.0.3.254 via 2001:db8::1
ip -6 route add fc00::7/128 encap seg6local action End.DT6 table 100 via 2001:db8::1
ip -6 route add fc00::8/128 encap seg6local action End.B6 srh segs beaf::1,beaf::2 via 2001:db8::1
ip -6 route add fc00::9/128 encap seg6local action End.B6.Encaps srh segs beaf::1,beaf::2 via 2001:db8::1
set routing-options ipv6 localsid <sid> nexthop <nexthop>
action <End.*> [action-parameters]

Zebra 2.0 Architecture
CLI
openconfigd
Linux dataplane
quaggad
bgpd / ospfd
ribd
fea
quagga
openconfigd
zebra
gRPC
gRPC
(yang model)
vtysh
Tap
interface netlink
Hardware dataplane
HW API (SAI, XDK etc.)
zebra
proto
gRPC
bgpd/ospfd
gRPC
gRPC
etcd
JSON
Written from scratch in Go
• openconfigd
• configuration system
• yang model
• CLI (Junos like)
• etcd for scalability
• zebra/ribd
• dataplane management (ex: FIB)
• zebra/fea
• multiple dataplane support
• link/port, bridge domain etc.
• zebra/bgpd, ospfd
• New protocol modules with multi-
core support
• quaggad & zebra protocol
• for backward compatibility

Main Modules
• openconfigd
• https://github.com/coreswitch/openconfigd
• zebra
• https://github.com/coreswitch/zebra
Helper Modules
• component / dependency
• Component dependencies library and dependency library.
• https://github.com/coreswitch/component
• https://github.com/coreswitch/dependency
• log: logrus wrapper with source code information and function name and log levels.
• https://github.com/coreswitch/log
• cmd: Go library for command line parsing.
• https://github.com/coreswitch/cmd
Source Code available on GitHub

(5)
(2)(4)
(1)
(3)
CLI operation overview
1. YANG model define syntax of CLI
2. ribd will register available commands for
currently existing dataplane
3. User will issue command via CLI
4. openconfigd will pass it to ribd
5. ribd will set config / get info via netlink
CLI
openconfigd
Linux dataplane
ribd
YANG
model
netlink
gRPC
gRPC

1. Add SRv6 support to Golang netlink library (vishvananda/netlink)
2. Modify (existing) “show ipv6 route” command
3. Add SRv6 objects to YANG (openconfigd/yang/coreswitch.yang)
4. Add SRv6 CLI format and functions (zebra/rib/api.go)
• Add CLI definition
• Implement functions to handle request from CLI
Zebra 2.0 ... Steps to support SRv6 CLI

Zebra 2.0 SRv6 CLI implementation
• Zebra 2.0 is written in Golang (Go), thus need netlink library in Go.
• netlink/
• route_linux.go ... main code providing netlink for Linux
• route_test.go ... go testing code
• netlink_test.go .. go testing code
• netlink/nl/
• syscall.go ... add SRv6 related constants
• seg6_linux.go ... seg6 (T.*) code (add file)
• seg6local_linux.go ... seg6local (End.*) code (add file)
1. Add SRv6 support to netlink library (vishvananda/netlink)
Note:
• In Linux, Transit functions are called “seg6” and
End segments (functions) are called “seg6local”
• seg6 changes are already up-streamed.
• seg6local will be up-streamed soon.
https://github.com/vishvananda/netlink

SEG6 related change in netlink library
https://github.com/vishvananda/netlink/pull/282

> zebra/ribd/ribd_show.go
func ShowIpv6Route(t *ShowTask, Args
[]interface{}) {
if t.First {
param := &RibShowParam{
afi: AFI_IP6,
}
t.Index = param
}
RibShow("", t)
}
func RibShow(vrfName string, t *ShowTask) {
vrf := VrfLookupByName(vrfName)
if vrf == nil {
return
}
vrf.RibShow(t)
}
var cmdNameMap = map[string]func(*ShowTask, []interface{}){
"show_interface": ShowInterface,
"show_interface_vrf": ShowInterfaceVrf,
…
"show_ipv6_route": ShowIpv6Route,
}
> zebra/ribd/grpc.go
var cmdSpec = `
[
... snip ...
{
"name": "show_ipv6_route",
"line": "show ipv6 route",
"mode": "exec",
"helps": [
"Show running system information",
"Internet Protocol version 6 (IPv6)",
"IP routing table"
]
},

> zebra/rib/nexthop.go
type Nexthop struct {
net.IP
Index IfIndex
EncapType int
EncapSeg6 EncapSEG6
EncapSeg6Local EncapSEG6Local
}
> /zebra/rib/netlink.go
func (route RouteInfo) String() string {
strs := []string{}
strs = append(strs, fmt.Sprintf("%s", route.Rib.Prefix))
if route.Nexthop != nil {
switch route.Nexthop.EncapType {
case nl.LWTUNNEL_ENCAP_SEG6:
strs = append(strs, fmt.Sprintf("encap seg6 %s",
route.Nexthop.EncapSeg6.String()))
case nl.LWTUNNEL_ENCAP_SEG6_LOCAL:
strs = append(strs, fmt.Sprintf("encap
seg6local %s", route.Nexthop.EncapSeg6Local.String()))
}
}
return fmt.Sprintf("%s", strings.Join(strs, " "))
//return route.Prefix.String() + " " + route.Rib.String()
}
> /zebra/rib/netlink.go
// Route represents a netlink route.
type RouteInfo struct {
MsgType uint16
Rib
Table int
MultiPath []*NexthopInfo
}

• Internet-Draft for SRv6 was recently released.
• draft-raza-spring-srv6-yang-00 (Nov, 2017)
• Did not use above Internet-Draft (yet)
• Prioritized having simple but running code faster rather than adopting to
early draft which could change.
• Some missing features in openconfigd (ex: not supporting “when” clause)
• Simplified version defined for Zebra 2.0
• Expect updates to YANG model as ID get mature.
3. Add SRv6 objects to YANG (openconfigd/yang/coreswitch.yang)

draft-raza-spring-srv6-yang-00

openconfigd/yang/coreswitch.yang

set routing-options ipv6 route-srv6 <route> nexthop <nexthop>
seg6 <inline|encap> segments <segment-list>
openconfigd/yang/coreswitch.yang

4. Add SRv6 CLI format and functions
> zebra/rib/api.go
func InitAPI() {
Parser = cmd.NewParser()
Parser.InstallCmd([]string{"routing-options", "ipv6", "route-srv6", "X:X::X:X/M",
"nexthop", "X:X::X:X", "seg6", "WORD", "segments", "X:X::X:X", "&"}, IPv6RouteSeg6SegmentsApi)
Parser.InstallCmd([]string{"routing-options", "ipv6", "localsid", "X:X::X:X/M",
"nexthop", "X:X::X:X", "action", "End"}, Seg6LocalEndApi)
Parser.InstallCmd([]string{"routing-options", "ipv6", "localsid", "X:X::X:X/M",
"nexthop", "X:X::X:X", "action", "End.X", "nh6", "X:X::X:X"}, Seg6LocalEndXApi)
...
1. Add “Parser.InstallCmd([]string{...}, <function>)”
per command
2. Add “<function>” which will be called when
command was entered via CLI
func Seg6LocalEndXApi(Cmd int, Args cmd.Args) int {
prefix := Args[0].(*netutil.Prefix)
nexthop := Args[1].(net.IP)
nh6 := Args[2].(net.IP)
...
if Cmd == cmd.Set {
server.StaticSeg6LocalAdd(prefix, nexthop, seg6local)
} else {
server.StaticSeg6LocalDelete(prefix, nexthop)
}
1
2

Demo:
Zebra 2.0 SRv6 CLI on Linux dataplane

demo topology
Device
( Host 1 )
Zebra CLI
Router A Router B
Server
( Host 2 )
Zebra CLI
Router C
Router D
Service
Function
( Host 3X )
Service
Function
( Host 3Y )
veth1: fc00:000a::10/64 veth2: fc00:000b::10/64
veth2veth1
vethA1
vethAD
vethDA
vethAC
vethCA
vethDB
vethCB
vethBD
vethBC
vethB2
Router A
vethA1: fc00:000a::a/64
vethAC: fc00:00ac::a/64
vethAD: fc00:00ad::a/64
Router D
vethDA: fc00:00ad::d/64
vethDB: fc00:00bd::d/64
vethD3: fc00:00d3::d/64
Router C
vethCA: fc00:00ac::c/64
vethCB: fc00:00bc::c/64
vethC3: fc00:00c3::c/64
Router B
vethBC: fc00:00bc::b/64
vethBD: fc00:00bd::b/64
vethB2: fc00:000b::b/64
• Host 1 & 2 : runs SRv6 (Zebra CLI + Linux dp)
• Router A,B,C,D : IPv6 router with NO SRv6
• Host 3X : active service function
• Host 3Y : standby service function
veth3
vethC3
vethD3
veth3D
veth3C
veth3

Normal Route
Device
( Host 1 )
Zebra CLI
Router A Router B
Server
( Host 2 )
Zebra CLI
Router C
Router D
Service
Function
( Host 3X )
Service
Function
( Host 3Y )
veth1: fc00:000a::10/64 veth2: fc00:000b::10/64
veth2veth1
vethA1
vethAD
vethDA
vethAC
vethCA
vethDB
vethCB
vethBD
vethBC
vethB2
• Host 1 & 2 : runs SRv6 (Zebra CLI + Linux dp)
• Router A,B,C,D : IPv6 router with NO SRv6
• Host 3X : active service function
• Host 3Y : standby service function
veth3
vethC3
vethD3
veth3D
veth3C
veth3

Add SRv6 Route on Device (Host 1)
Device
( Host 1 )
Zebra CLI
Router A Router B
Server
( Host 2 )
Zebra CLI
Router C
Router D
Service
Function
( Host 3X )
Service
Function
( Host 3Y )
veth1: fc00:000a::10/64 veth2: fc00:000b::10/64
veth2veth1
vethA1
vethAD
vethDA
vethAC
vethCA
vethDB
vethCB
vethBD
vethBC
vethB2
set routing-options ipv6 route-srv6 fc00:b::10/128
nexthop fc00:a::a seg6 inline segments fc00:3::10
veth3
vethC3
vethD3
veth3D
veth3C
veth3

Add SRv6 Route on Host 1 and Host 2
Device
( Host 1 )
Zebra CLI
Router A Router B
Server
( Host 2 )
Zebra CLI
Router C
Router D
Service
Function
( Host 3X )
Service
Function
( Host 3Y )
veth1: fc00:000a::10/64 veth2: fc00:000b::10/64
veth2veth1
vethA1
vethAD
vethDA
vethAC
vethCA
vethDB
vethCB
vethBD
vethBC
vethB2
set routing-options ipv6 route-srv6 fc00:a::10/128
nexthop fc00:b::b seg6 inline segments fc00:3::10
veth3
vethC3
vethD3
veth3D
veth3C
veth3

Future work
Zebra 2.0 SRv6 CLI on Linux dataplane

• Cleanup code and upstream
• Code for End function support is still in my personal repo/branch.
• vishvananda/netlink
• zebra and openconfigd
• Mobile function implementation (End.TM, T.Tmap)
• P4 code to run on BMv2 (software) or Netronome/Barefoot (NPU/ASIC)
• ?? Linux dataplane ... Upstreaming to Linux Kernel is a challenge but may worth trying
• Running SRv6 on commodity switch
• ASIC dataplane support
• Once SRv6 become available on ASICs (Cavium XPliant, Barefoot and more??)
What’s planned next?

Zebra SRv6 CLI on Linux Dataplane (ENOG#49)

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Zebra SRv6 CLI on Linux Dataplane (ENOG#49)

Semelhante a Zebra SRv6 CLI on Linux Dataplane (ENOG#49) (20)

Mais de Kentaro Ebisawa

Mais de Kentaro Ebisawa (20)

Último

Último (20)

Zebra SRv6 CLI on Linux Dataplane (ENOG#49)