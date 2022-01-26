Successfully reported this slideshow.
What to Upload to SlideShare
SRv6 experience for italy iPv6 council

Jan. 26, 2022
Internet

SRv6 experience and future perspectives
1) SRv6 and SRv6 Network Programming model
2) ROSE : Research on Open source SRv6 Ecosystem
3) SRv6 for SD-WAN & our EveryWAN solution
4) User Controlled SD-WAN Services (UCSS) project
5) Conclusions & next steps

SRv6 experience for italy iPv6 council

  1. 1. Stefano Salsano Università di Roma Tor Vergata / CNIT stefano.salsano@uniroma2.it SRv6 experience and future perspectives Italy IPv6 Council (https://www.linkedin.com/groups/9093365/) January Meeting - Jan 26th h 17:00
  2. 2. Agenda ➢ SRv6 and SRv6 Network Programming model ➢ ROSE : Research on Open source SRv6 Ecosystem ➢ SRv6 for SD-WAN & our EveryWAN solution ➢ User Controlled SD-WAN Services (UCSS) project ➢ Conclusions & next steps 2
  3. 3. Segment Routing on IPv6 (SRv6) ➢ Segment Routing on IPv6 (SRv6) The Source Node can add a list of "Segments" in the IPv6 header ➢ SRv6 Network Programming Model The Segments can represent not only "waypoints" but also "instructions" 3
  4. 4. Segment Routing on IPv6 (SRv6) 4 ● Traﬃc engineering ● Fault protection/restoration ● Virtual Network Functions (VNFs) Chaining (SFC) ● Virtual Private Networks (VPNs) IPv6 header Segment Routing header Inner IPv4/6 header Payload (UDP/TCP…) Segments Encapsulated packet
  5. 5. Agenda ➢ SRv6 and SRv6 Network Programming model ➢ ROSE : Research on Open source SRv6 Ecosystem ➢ SRv6 for SD-WAN & our EveryWAN solution ➢ User Controlled SD-WAN Services (UCSS) project ➢ Conclusions & next steps 5
  6. 6. The ROSE project ➢ We have been running a research project called ROSE ("Research on Open SRv6 Ecosystem"), since Nov 2017 ➢ 3 Research grants from CISCO in the context of CISCO University Research Program 6
  7. 7. ROSE on the web - https://netgroup.github.io/rose/
  8. 8. The ROSE ecosystem 8 Data Plane Control Plane web dashboard Controller Apache Kafka NorthBound APIs (gRPC) SouthBound APIs (gRPC) Orchestrator ArangoDB InfluxDB Big-data Plane
  9. 9. ROSE project activities Data plane : SRv6 Implementation in Linux Kernel Support of IETF standardization of SRv6 Control plane: development of an Open Source Controller for SRv6 Data plane : P4 implementation of MicroSIDs Compression of SID list "Micro-SID" (both data plane and control plane) Performance monitoring in SRv6 network (both data plane and control plane) 9
  10. 10. Agenda ➢ SRv6 and SRv6 Network Programming model ➢ ROSE : Research on Open source SRv6 Ecosystem ➢ SRv6 for SD-WAN & our EveryWAN solution ➢ User Controlled SD-WAN Services (UCSS) project ➢ Conclusions & next steps 10
  11. 11. SRv6 and SD-WAN SRv6 Network Programming Model can be used for SD-WAN services We have implemented an Open Source prototype of a SD-WAN service based on SRv6 - EveryWAN SD-WAN over IPv6 transit, we support VPN4 and VPN6 11
  12. 12. EveryWAN Architecture Open source toolset for SD-WAN with SRv6 GUI 12
  13. 13. EveryEdgeOS Controller TV_DC (Tor Vergata) Docker environment SD-WAN Orchestrator (EveryBOSS) SD-WAN Controller (EveryEdgeOS) MongoDB Keystone MariaDB NGINX web server (EveryGUI) Includes all management components as dockerized applications The NGINX webserver serves as GUI for the user 13
  14. 14. EveryEdge Device LINUX VM EveryEdge (Root Namespace) veth1-2 veth2-2 veth3-2 ens3 Host 1 (Namespace 1) veth1-1 Host 2 (Namespace 2) veth2-1 Host 3 (Namespace 3) veth3-1 WAN IPv6 Edge device registers to the controller's gRPC interface User hosts emulated using Linux namespaces 14
  15. 15. SRv6 Tunnels 15
  16. 16. Agenda ➢ SRv6 and SRv6 Network Programming model ➢ ROSE : Research on Open source SRv6 Ecosystem ➢ SRv6 for SD-WAN & our EveryWAN solution ➢ User Controlled SD-WAN Services (UCSS) project ➢ Conclusions & next steps 16
  17. 17. User Controlled SD-WAN Services (UCSS) ● A project funded by GÉANT Innovation Programme ● Development of an open source SD-WAN service to deploy VPNs over the GÉANT network 17
  18. 18. Testbed sites for UCSS experiments 18
  19. 19. Problem: end-to-end IPv6 transparency 1) Packet types Some sites only allow certain packets through the ﬁrewalls Ethernet IPv6 ICMPv6 Ethernet IPv6 SRH IPv6 ICMPv6 Ethernet IPv6 IPv6 ICMPv6 Ethernet IPv6 SRH IPv6 ICMPv6 IPv6 IPv6 plain SRv6 (encap) IPv6-in-IPv6 SRv6-in-IPv6 19
  20. 20. Problem: end-to-end IPv6 transparency 1) Packet types (Some sites only allow certain packets through the ﬁrewall) 2) Addressing - we'd like to have at least a /64 preﬁx !! often we get a shorter preﬁx… or even a /128 (a single address) Solution Diﬀerent "transparency" scenarios have been classiﬁed and the tunnels have been conﬁgured accordingly by the controller 20
  21. 21. Delay Monitoring in EveryWAN Simple Two-Way Active Measurement Protocol (STAMP) ● Measurement session initiated by controller between two edge nodes ● STAMP UDP packet encapsulated in SRv6 21
  22. 22. EveryWAN GUI Conﬁgure the edge devices Conﬁgure VPN services Visualise delay monitoring results 22
  23. 23. Agenda ➢ SRv6 and SRv6 Network Programming model ➢ ROSE : Research on Open source SRv6 Ecosystem ➢ SRv6 for SD-WAN & our EveryWAN solution ➢ User Controlled SD-WAN Services (UCSS) project ➢ Conclusions & next steps 23
  24. 24. Conclusions and lesson learned from UCSS The backbones of GÉANT and of the commercial ISPs are ready (transparent) for IPv6 and SRv6. The access networks usually do not support IPv6 by default. We asked to enable IPv6, but often the IPv6/SRv6 transparency is not optimal (ﬁrewalls, misconﬁgurations…). Further on, we plan to consider ISPs' home networks. The open source EveryWAN tool oﬀers a usable GUI with the functionality needed to satisfy basic requirements for VPN services, including delay monitoring. 24
  25. 25. Next steps For our UCSS work: continue deployment experiments, come out with a set of recommendations, oﬀer the SD-WAN controller on the web For SRv6 : interesting work on Segment List compression ongoing in IETF For IPv6 evolution in general - discussion on extension headers is ongoing in IETF - Extensible In-band Processing EIP, to be presented in next IRTF COIN RG interim meeting https://tinyurl.com/eip4coinrg 25
  26. 26. Thank you for your attention! Any question? stefano.salsano@uniroma2.it 26
  27. 27. ROSE project results (scientific papers 1/2) ➢ A. Mayer, P. Loreti, L. Bracciale, P. Lungaroni, S. Salsano, C. Filsfils, “Performance Monitoring with H^2: Hybrid Kernel/eBPF data plane for SRv6 based Hybrid SDN”, Elsevier Computer Networks, Vol. 185, 11 February 2021 (pdf-preprint) ➢ P. Loreti, A. Mayer, P. Lungaroni, F. Lombardo, C. Scarpitta, G. Sidoretti, L. Bracciale, M. Ferrari, S. Salsano, A. Abdelsalam, R. Gandhi, C. Filsfils, “SRv6-PM: A Cloud-Native Architecture for Performance Monitoring of SRv6 Networks”, accepted for publication in IEEE Transaction on Network and Service Management, special issue on “Advanced Management of Softwarized Networks” (pdf-preprint) ➢ A. Abdelsalam, P. L. Ventre, C. Scarpitta, A. Mayer, S. Salsano, P. Camarillo, F. Clad, C. Filsfils, “SRPerf: a Performance Evaluation Framework for IPv6 Segment Routing”, IEEE Transaction on Network and Service Management, Early Access, December 2020 (pdf-preprint) ➢ P. L. Ventre, S. Salsano, M. Polverini, A. Cianfrani, A. Abdelsalam, C. Filsfils, P. Camarillo, F. Clad, “Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results”, IEEE Communications Surveys & Tutorials, Early Access, November 2020 (pdf-preprint) ➢ A. Abdelsalam, A. Tulumello, M. Bonola, S. Salsano, C. Filsfils, “Pushing Network Programmability to the Limits with SRv6 uSID and P4”, Demo Paper, 3rd P4 Workshop in Europe, EuroP4’20, 1 December 2020, Virtual Conference. ➢ A. Tulumello, A. Mayer, M. Bonola, P. Lungaroni, C. Scarpitta, S. Salsano, A. Abdelsalam, P. Camarillo, D. Dukes, F. Clad, C. Filsfils, “Micro SIDs: a solution for Efficient Representation of Segment IDs in SRv6 Networks”, 16th International Conference on Network and Service Management, CNSM 2020 (Acceptance ratio ~19%), 2-6 November 2020, Virtual Conference (pdf) 27
  28. 28. ROSE project results (scientific papers 2/2) ➢ P. Loreti, A. Mayer, P. Lungaroni, S. Salsano, R. Gandhi, C. Filsfils, “Implementation of Accurate Per-Flow Packet Loss Monitoring in Segment Routing over IPv6 Networks”, IEEE International Conference on High Performance Switching and Routing, HPSR 2020, 11-14 May 2020, Virtual Conference (pdf-preprint). ➢ P. L. Ventre, M. M. Tajiki, S. Salsano, C. Filsfils, “SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks”, IEEE Transaction on Network and Service Management, Vol. 15, Issue 4, Dec 2018 (pdf-preprint) ➢ A. Mayer, S. Salsano, P. L. Ventre, A. Abdelsalam, L. Chiaraviglio, C. Filsfils, “An Efficient Linux Kernel Implementation of Service Function Chaining for legacy VNFs based on IPv6 Segment Routing”, 5th IEEE International Conference on Network Softwarization (NetSoft 2019), 24-28 June 2019, Paris, France ➢ A. Mayer, E. Altomare, S. Salsano, F. Lo Presti, C. Filsfils, “The Network as a Computer with IPv6 Segment Routing: a Novel Distributed Processing Model for the Internet of Things”, NGOSCPS workshop at the CPS-IoT Week 2019, April 15 2019, Montreal, Canada ➢ A. Abdelsalam, S. Salsano, F. Clad, P. Camarillo, C. Filsfils, “SR-Snort: IPv6 Segment Routing Aware IDS/IPS”, 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks – Demo Track – NFV-SDN’18, Verona, Italy, Nov 27-29, 2018 ➢ A. Abdelsalam, P. L. Ventre, A. Mayer, S. Salsano, P. Camarillo, F. Clad, C. Filsfils, “Performance of IPv6 Segment Routing in Linux Kernel”, 1st Workshop on Segment Routing and Service Function Chaining (SR+SFC 2018) at IEEE CNSM 2018, 5 Nov 2018, Rome, Italy ➢ A. Abdelsalam, S. Salsano, F. Clad, P. Camarillo, C. Filsfils, “SERA: SEgment Routing Aware Firewall for Service Function Chaining scenarios”, IFIP Networking 2018 Conference (NETWORKING 2018), Zurich, Switzerland, May 14-16, 2018 ➢ A. AbdelSalam, F. Clad, C. Filsfils, S. Salsano, G. Siracusano and L. Veltri, “Implementation of Virtual Network Function Chaining through Segment Routing in a Linux-based NFV Infrastructure”, 3rd IEEE Conference on Network Softwarization (NetSoft 2017), Bologna, Italy, July 2017. 28

