Segment Routing (SR) is a new source routing paradigm which means that the source can define the path that the packet will take. Although there are some other ways to do this “Source Routing”, Segment Routing is candidate to be easiest way. It is possible to run Segment Routing on MPLS Data and IPv6 Data plane. To understand the whole idea about SRv6 it’s better to visit IPv6 Extension Headers first.
In IPv6, we have an optional internet-layer information which can be carried in separate headers called Extension Headers. Extension Headers may be placed between the IPv6 header and the upper- layer header in a packet. We have the “Next Header” field in the IPv6 header.
43 is the value for Routing Extension header and this header is used by an IPv6 source to list one or more transit nodes to be “visited” on the way to a packet’s destination. One of the routing type for Routing Extension Header is Segment Routing Header (SRH). The value for the SRH is “4”.
SR Header (SRH) is created with Segment list in reversed order of the path. Segment List [ 0 ] is the Last segment and Segment List [ n-1 ] is the First segment. In the Source Node IPv6 DA is set to the first segment and Segments Left is set to n-1.
Assume that we have an SR Policy which is configured to insert an SRH with a SID List { 2981:40:A5::1, 2981:40:A4::1, 2981:40:A3::1, 2981:40:A2::20 }.
SRH will be inserted with a 4 Segment in the Segment List. The last segment in the list (which actually is the first SID) will be palced into the destination address of IPv6 header and Segment Left will be updated to 3. (Total number of Segments-1)
SRH will be updated on the owner of next Segment;
Every owner will update the Segment Left field by decreasing by 1 and will put next segment into the destination address of IPv6 header. Let’s assume there are non-SRv6 enabled router between Node A4 and final destination.
Node A9, A10 and A11 will only be responsible of IPv6 routing. They will not care about the SRH since they are not the destination address of IPv6 header. It is similar that, IPv4 routers don’t care about TCP/UDP header and they just forward the packet according to IPv4 destination address and routing table.
Last Entry field is used for the final destination address which is Segment List [0].
There is also optional TLV fields in the SRH. Currently there are 2 types of TLVs defined; Padding and HMAC TLV. Padding TLV is used pad the TLVs to a multiple of 8 octets. The Padding TLVs are used to align the SRH total length on the 8 octet boundary.
The HMAC TLV is used to verify the source of a packet is permitted to use the current segment in the destination address of the packet, and ensure the segment list is not modified in transit. Local policy determines when to check for an HMAC. This local policy may be based on the active segment at an SR Segment endpoint node, or may be based on and incoming interface etc..
The HMAC Key ID field allows for the simultaneous existence of hash algorithm and pre-shared keys. HMAC is calculated with using following values;
– IPv6 Header Source Address
– Segment Routing Header Last Entry (Last SID of Segment List)
– Segment Routing Header Flags
– HMAC Key ID
– All addresses in the Segment List.
Only if HMAC verification is successful, the packet will be forwarded to the next segment.