Source Packet Routing in Networking (SPRING) Adrian Reuter January - - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Source Packet Routing in Networking (SPRING)

Adrian Reuter

January 30, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Contents

Introduction SPRING Working Group Alternative Source Routing Solutions Comparison Conclusion

Adrian Reuter – SPRING 2

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Internet Topology

Adrian Reuter – SPRING 3

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Routing Information Base

Destination Network mask Gateway Interface Metric 192.168.0.0 255.255.255.0 0.0.0.0 eth0 1000 192.168.1.0 255.255.255.0 0.0.0.0 eth1 1000 169.254.0.0 255.255.255.0 192.168.1.1 eth1 1000 0.0.0.0 0.0.0.0 192.168.0.1 eth0 600 Standard strategy:

• Shortest Path First
• found in RIB by Longest Prefix Match

⇒ Every router decides on its own where to route a packet

Adrian Reuter – SPRING 4

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Source Routing

Source imposes the route to be taken towards the destination A source route can be both types:

• loose: specifying a set of nodes to be traversed
• strict: an explicit and complete path through network topology

A source route can be established either by:

• per-flow states maintained on intermediate nodes
• routing information attached to packets

Adrian Reuter – SPRING 5

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Why Source Routing ?

⇒ Source routing increases network programmability

Adrian Reuter – SPRING 6

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Outline

Introduction SPRING Working Group Alternative Source Routing Solutions Comparison Conclusion

Adrian Reuter – SPRING 7

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

SPRING working group

IETF has formed a working group addressing Source Packet Routing in Networking (SPRING)

• chartered to
• identify source routing use cases
• define requirements for source routing enabled networks
• develop a new source routing mechanism
• developed a new source routing mechanism: Segment Routing
• in final stage: preparing final document revisions

Adrian Reuter – SPRING 8

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Segment Routing (SR)

• source route is encoded as a list of Segments
• a segment represents "an instruction a node executes on the in-

coming packet" [1]

• Three types of segments:
• IGP-Node Segment
• IGP-Prefix Segment
• IGP-Adjacency Segment
• segments are advertised within the segment routing domain by

the Interior Gateway Protocol (IGP) in use

Adrian Reuter – SPRING 9

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Node Segment

• uniquely identified within SR-domain by an Segment Identifier (SID)
• each node is assigned a SID
• all nodes within SR-domain install an entry for the segment in their

Forwarding Information Base (FIB)

• a node is reached by the shortest path determined by the IGP

algorithm

Adrian Reuter – SPRING 10

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Prefix Segment

• nodes advertise the network prefixes they are attached to
• each prefix is identified by a SR-domain-wide unique SID
• handled and forwarded the same way as node segments

But: Prefix segments are only advertised by those nodes that are attached to the respective (sub)network

Adrian Reuter – SPRING 11

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Adjacency Segment

• allows packets to be steered along specific links
• nodes assign a SID to each unidirectional link with

node-locally scope only

• all nodes within SR-domain install an entry for the adjacency

segment in their Routing Information Base (RIB) ⇒ entry in FIB only at advertising node

Adrian Reuter – SPRING 12

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Example: Node and Adjacency Segments

Adrian Reuter – SPRING 13

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Implementation via MPLS

• label-based switching instead of IP-based longest prefix match
• a label assigns a packet to a Forwarding Equivalence Class (FEC)

⇒ packets of a FEC have "the same forwarding treatment" [2]

• border routers of a MPLS domain add label(s) to incoming packets

⇒ list of SIDs are encoded as MPLS label stack

Adrian Reuter – SPRING 14

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Implementation via IPv6

• new routing extension header of type 4:

Segment Routing Header (SRH)

• SIDs are encoded as IPv6 addresses
• original incoming IP datagram is encapsulated with an outer

IPv6 header (and its SRH)

• currently active SID is the dest. address of the outer header

Adrian Reuter – SPRING 15

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Segment Routing Header (SRH)

8 16 24 32 Next Header Hdr Ext Len Routing Type Segments Left First Segment Flags HMAC Key ID Segment List[0] (128 bits ipv6 address) ... Segment List[n] (128 bits ipv6 address) Policy List[0] (optional) ... Policy List[3] (optional) HMAC (256 bits) (optional)

Adrian Reuter – SPRING 16

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Outline

Introduction SPRING Working Group Alternative Source Routing Solutions Comparison Conclusion

Adrian Reuter – SPRING 17

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

IPv6 RH0 Extension Header

• routing extension header of type 0
• allows to specify a list of arbitrary non-multicast IPv6 addresses
• all addresses need to be transitted before reaching final dest.
• deprecated by IETF due to security concerns:

DoS attacks with high efficiency: routing packets back and forth

Adrian Reuter – SPRING 18

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

IPv6 RH0: DoS Exploit

Adrian Reuter – SPRING 19

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

MPLS with RSVP or LDP

• up to now:

method of choice for traffic engineering by source routing

• mostly used in service provider networks
• dedicated protocols to communicate label meanings: LDP

, RSVP

• one label-switched path for each unidirectional flow

Adrian Reuter – SPRING 20

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Routing Protocol for Low-power and Lossy Netwoks (RPL)

• based on distance-vector algorithm
• idea: reduce routing complexity for low-power
• IPv6 routing extension header of type 3,

encapsulation in outer IPv6 header

• only strict hop-by-hop source routing

Adrian Reuter – SPRING 21

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Dynamic Source Routing (DSR) Protocol

• designed for wireless ad hoc networks
• selforganizing and selfadapting to topology changes
• supports high node mobility
• on-demand route discovery
• various versions and extensions: SDSR, ESDSR, RMPSR ...

Adrian Reuter – SPRING 22

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Outline

Introduction SPRING Working Group Alternative Source Routing Solutions Comparison Conclusion

Adrian Reuter – SPRING 23

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Comparison

IPv6 RH0 not included in this comparison due to its official deprecation Adrian Reuter – SPRING 24

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Outline

Introduction SPRING Working Group Alternative Source Routing Solutions Comparison Conclusion

Adrian Reuter – SPRING 25

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Conclusion

Segment Routing ...

• is likely to become a key technology for optimizing traffic flows in

large-scale networks

• shows potential for an universal standard for source routing
• experiences broad support by industry (Cisco, Nokia, Juniper, ...)
• will an appealing target for network hackers

Adrian Reuter – SPRING 26

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

[3]

Adrian Reuter – SPRING 27

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

[1] C. Filsfils, S. Previdi, B. Decraene, S. Litkowski, and R. Shakir, “Segment Routing Architecture,” 2016. https://tools.ietf.org/html/draft-ietf-spring-segment-routing-10; last accessed on 2016/12/19. [2] E. Rosen, A. Viswanathan, and R. Callon, “Multiprotocol Label Switching Architec- ture.” RFC 3031 (Proposed Standard), Jan. 2001. Updated by RFCs 6178, 6790. [3] http://images.slideplayer.com/20/6038367/slides/slide_9.jpg; last ac- cessed on 2017/01/16. [4] S. Bidkar, A. Gumaste, P . Ghodasara, A. Kushwaha, J. Wang, and A. Somani, “Scalable segment routing — a new paradigm for efficient service provider net- working using carrier ethernet advances,” Journal of Optical Communications and Networking, vol. 7, no. 5, pp. 445–460, 2015. [5] http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_ paper09186a00800a85c5.shtml#wp31759; last accessed on 2017/01/25.

Adrian Reuter – SPRING 28