Hi Everyone,
Today I'll be talking about Segment routing on IPv6 or SRv6 for short. Segment Routing IPv6 (SRv6) is a protocol designed to forward IPv6 data packets on a network based on source routes.
Introduction:
IPv6 forwarding plane-based SRv6 enables the ingress to add a segment routing header (SRH) into IPv6 packets. An explicit IPv6 address stack is pushed into the SRH. Transit nodes continue to update IPv6 destination addresses and offset the address stack to implement per-hop forwarding. SRv6 offers the following benefits to users:
Streamlines network configurations to more easily implement VPNs.
SRv6 does not use MPLS techniques and is fully compatible with existing IPv6 networks. Nodes only need to support IPv6 forwarding instead of MPLS forwarding. Transit nodes can be incapable of SRv6 and forward IPv6 packets carrying the SRH over routes.
Provides topology independent-loop-free alternate (TI-LFA), which improves FRR protection.
SRv6, in combination with the remote loop-free alternate (RLFA) FRR algorithm, supports any topology in theory and overcomes drawbacks in conventional tunnel protection.
Facilitates traffic optimization on IPv6 forwarding paths.
Segment IDs (SIDs) with various service types are used to flexibly plan explicit paths on the ingress to adjust service traffic.
SRv6 Limitations:
Following are some of the limitations of SRv6:
Segment Routing IPv6 SRH does not support fragmentation within a tunnel. A maximum of 10 labels can be added to a packet header at a time.
The SRH with the Next Header set to an IPv6 header is only supported. The SRH extension header is at the first IPv6 extension header field, not at the other extension headers.
SRv6 allows a packet to carry multiple SRHs but parses only the first SRH.
The SRv6 ingress does not support the sampling of outgoing SRH packets. An SRv6 transit node does not support the sampling of the incoming and outgoing SRH packets. The SRv6 egress does not support the sampling of incoming SRH packets.
When strict URPF is configured, SRv6 packets may be discarded due to a check failure.
The SRv6 egress does not support deep load balancing.After direct next hop is configured on a device, if the explicit path label has only one outbound interface, SRv6 does not support TE FRR.
In the scenario where an EVPN L3VPN over SRv6 and a BGP L3VPN over MPLS are spliced, the DiffServ mode configured in the L3VPN instance on the splicing node and that configured in the L3VPN instance bound to the AC interface are different. In the former case, when traffic leaves the SRv6 tunnel and enters the MPLS tunnel. If the DiffServ mode is set to pipe, the EXP field in the MPLS label is encapsulated based on the priority in the original IPv6 packet. If the DiffServ mode is set to short-pipe, the EXP field in the MPLS label is encapsulated based on the priority in the inner packet.Conversely, when traffic leaves the MPLS tunnel and enters the SRv6 tunnel. If the DiffServ mode is set to pipe, the TC field in the IPv6 packet is encapsulated based on the EXP priority in the MPLS label.If the DiffServ mode is set to short-pipe, the TC field in the IPv6 packet is encapsulated based on the priority in the inner packet.
this is can taken care of by planing the function properly. If the DiffServ mode is set to pipe on the splicing node, ensure that the DiffServ mode is also set to pipe on the PEs at both ends.
When L3VPN traffic is iterated to an SRv6 tunnel functioning as a public network tunnel, packet information is sampled, but the forwarding information, such as next-hop and outbound interface information cannot be sampled.
This can be mitigated when L3VPN traffic is iterated to an SRv6 tunnel functioning as a public network tunnel and BFD for peer IP protection is supported, set the peer IP address to the network segment address of a VPN SID locator.
When L3VPN traffic is iterated to an SRv6 tunnel functioning as a public network tunnel and BFD for peer IP protection is supported, set the peer IP address to the network segment address of a VPN SID locator.
This is can sorted by deploying load-balancing tunnels to prevent services from being affected if a single link fails.
IPv6 packets enter a single SRv6 tunnel. When the physical interface of the tunnel goes Down, services are interrupted.
I hope it was beneficial read for you. SRv6 is a developing technology and as there are some limitations right now, there are mitigation strategies available to take care of each limitation.
Source: SRv6 Guide
