《中国移动弹性SD-WAN技术白皮书.docx》由会员分享,可在线阅读,更多相关《中国移动弹性SD-WAN技术白皮书.docx(24页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Contents1 Overview2Background 31.1 Introduction to Overlay Technology41.2 Introduction to SRv6 Technology 4Technical Architecture of Elastic SD-WAN 61.3 Overall Architecture61.4 Application Scenario8Large Enterprise Scenarios 81.4.1 SME Scenarios 9Mixed Enterprise Scenarios101.5 Control and Forwardi
2、ng Principles11Large Enterprise Scenarios 111.5.1 SME Scenarios 13Adopting G-SRv6 142 Elastic SD-WAN Solution Highlights152.1 Underlay Coordination Capability152.2 Native IPv6 Service Function Chaining152.3 Telemetry162.4 Application Awareness 17Test Verification183 Summary 19List of Abbreviations 1
3、References 2Using branch interconnection as an example, we will provide a detailed description of the specific bearer solution. For the first segment of SRv6 path from CPE1 to PoP GW1, the source address encapsulated by the SRv6 tunnel is CPE1, and the destination address is public-network IPv6 addr
4、ess of PoP GW1, which is stated as SID. As CPE1 receives a users private network address, VPN services are deployed on CPE1. In this solution, the first segment of SRv6 tunnel ends at PoP GW1, where a new second segment of SRv6 tunnel begins. As such, PoP GW1 also requires VPN deployment and learns
5、the routing of the corresponding private network.In SD-WAN scenarios, the link from CPE to PoP GW1 can come in various forms such as Internet, 4G, or 5G. Therefore, for this portion, it is only needed to ensure IPv6 reachability from the CPE to PoP GW1. In most circumstances, PoP GW1 is deployed in
6、cloud data centers like an edge data center. As such, an SRv6 BE tunnel to PoP GW1 must be configured on the CPE using a SD-WAN controller.The second segment of SRv6 tunnel starts at PoP GW1 and ends at the opposite PoP GW2, passing through one or more SRv6 domains. To implement SD-WAN routing selec
7、tion and domain crossing, the PE nodes, namely edge nodes of the SRv6 backbone network, require the backbone network path to provide differentiated services externally in the form of SID list or BSID. As a consequence, PoP GW1 can query the next hop of a data packet, i.e. the VPN SID of the correspo
8、nding PoP GW2, based on private network routing and match to different backbone network TE paths. PoP GW1 encapsulates private network data packets with SRv6 outer encapsulation, carries the SID of the corresponding backbone network path and the VPN SID of PoP GW2, and sends the data packets to the
9、ingress PE of the SRv6 domain. On the PE, if a BSID is found, according to the SRv6 policy, the data packets will be forwarded to the corresponding PoP GW2 via the specified path, and then decapsulation is performed. This is the end of the second segment of SRv6 path.The third segment of SRv6 path s
10、tarts from PoP GW2 and ends at CPE2. After the PoP GW2 node obtains the private network data packets via decapsulation, it will query VPN routing based on the destination address of the private network data packets, obtain the SID whose next hop of the corresponding route is CPE2, encapsulate the pr
11、ivate network data packets with an external SRv6 BE package whose destination address is CPE2 SID, and then send the data packets to CPE2. In the case of the first segment of SRv6 path, this segment of SRv6 BE path can reach the CPE via several different methods as long as IPv6 reachability is guara
12、nteed.In summary, this solution is primarily composed of three segments of SRv6 paths. Each segment path connects with each other through Option A, a VRF-to-VRF approach. Therefore, both PoP GW and CPE are required to learn private network routing.3.2.3 Mixed Enterprise ScenariosWith regard to diffe
13、rent networking requirements, enterprises may flexibly select from the Internet access, cloud migration, and branch interconnection bearer solutions outlined above. A mixture of these solutions can be used to meet enterprises1 changing network requirements.3.3 Control and Forwarding PrinciplesThe SD
14、-WAN controller calculates the end-to-end path, which is divided into several segments including near-end access segment (CPE to POP GW1), near-end aggregation segment (POP GW1 to PE1), backbone segment (PE1 to PE3), remote aggregation segment (PE3 to POP GW2), and remote access segment (POP GW2 to
15、CPE2). The access segment employs an overlay to establish a connection, and the backbone segment must coordinate with the underlay to enhance network quality. In accordance with different application scenarios, the following sections provide an overview of the solutions where traffic does and does n
16、ot pass through a POP GW in large enterprise scenarios, along with the solution where traffic passes through a POP GW in SME scenarios.3.3.1 Large Enterprise ScenariosIn large enterprise scenarios, VPN functions are implemented on CPEs to isolate different departments and organizations. Depending on
17、 whether traffic passes through a POP GW, two solutions are possible. The control plane and forwarding plane mechanisms of both solutions are essentially the same, of which the only difference is whether the SID list includes the SID of the POP GW.33.11 The Solution Where Traffic Passes through a PO
18、P GWThis solution is suitable for scenarios in which the underlay forwarding paths can be changed and the underlay path information is required to hide. When calculating the backbone segment (PE to PE) paths in the end-to-end tunnel, traffic must be carried on paths with varying quality as different
19、 applications have different network quality requirements. When the SD-WAN controller sends a path request to the underlay controller of the backbone segment, the underlay controller will calculate the network connection of the backbone segment, encapsulate the calculated result with SRv6 BSID, and
20、then return it to the SD-WAN controller. The SD-WAN controller then issues the corresponding SRv6 policy to the CPE. This policy contains SIDs of the CPE and PoP GW, path BSID between PEs, SID of remote PoP GW, VPN SID, and other relevant information. When traffic passes through the underlay PE rout
21、er in this mode, the BSID will be opened by using a tunnel and encapsulated in the header. The SID of backbone network node w川 not be disclosed externally.The process by which the control plane establishes the forwarding path in this mode is outlined below: Overlay controller calculates the path: Th
22、e overlay source, destination, and SLA requirements are determined in accordance with the application requirements, and an end-to-end path, whose segments include CPE1 to PoP GW1, PoP GW1 to PoP GW2, and PoP GW2 to CPE2, is obtained through path calculation. After the overlay controller confirms the
23、 underlay ingress and egress PEs in accordance with the POP GW, it issues a path request to the underlay controller with the following arguments: underlay ingress, egress, SLA requirements. 3) The underlay controller calculates the SR policy of a path and returns it directly to the overlay controlle
24、r as a BSID. The overlay controller combines the overlay and underlay paths as the SR policy PoP GW1, BSID, PoP GW2, CPE2, which is then issued to CPE1. The end-to-end path creation on the forwarding plane is completed.The packet forwarding flow on the forwarding plane in this mode is as shown in th
25、e figure below. It should be specified that the PE employs END.B6.ENCAP operation to extend the BSID as the backbone network SR policy, encapsulates it in the new SRH, and adds a new IPv6 header.Overlay Controller Figure 3.4 Schematic of the Solution in which Traffic Passes through POP GW in Large E
26、nterprise ScenariosAs traffic passes through a POP GW in this solution, operators can provide value-added services for SD-WAN traffic at the POP GW. In addition, the POP GW can shorten the distance between the CPE and network access point, which makes this solution a good choice for services-requiri
27、ng high QoS.33.12 Traffic Does Not Pass through a POP GWThe flow of this solution is generally the same as that where traffic passes through POP GW. The primary difference is that the issued SID list does not contain the POP GWs SID. The process by which the control plane establishes the forwarding
28、path in this mode is outlined below: Overlay controller calculates the path: The overlay source, destination, and SLA requirements are determined in accordance with the application requirements.(2) After the overlay controller confirms the ingress and egress PEs from the CPE to the underlay, it issu
29、es a path request to the underlay controller with the following arguments: underlay ingress, egress, SLA requirements. The underlay controller calculates the SR policy of a path and returns it directly to the overlay controller as a BSID.(4) The overlay controller combines the overlay and underlay p
30、aths as the SR policy BSID, CPE2, which is then issued to CPE1. The end-to-end path creation on the forwarding plane is completed.The packet forwarding flow on the forwarding plane in this mode is as shown in figure 3.5 below. It should be specified that the PE employs END.B6.ENCAP operation to exte
31、nd the BSID as the backbone network SR policy, encapsulates it in the new SRH, and adds a new IPv6 header.Overlay ControllerzFigure 3.5 Schematic of the Solution in which Traffic does not Pass through POP GW in Large Enterprise ScenariosThis solution does not require a POP GW and can provide underla
32、y coordination functionality. It offers advantages in simple network architecture and easy deployment.3.3.2 SME ScenariosIn SME scenarios, the POP GW must detect the VPN private network routing, meaning that traffic must pass through the POP GW. As such, there is only one solution option for SME sce
33、narios.As with large enterprise scenarios, the underlay path is specified with a BSID, and therefore supports flexible modifications to underlay forwarding and hiding of underlay path information. The network segment from CPE to POP GW only requires IP reachability (the following takes IPv6 reachabi
34、lity as an example). The CPE only needs to write the VPN SID issued by the POP GW to the IPv6 destination address encapsulated in the outer tunnel before it can support VPN traffic forwarding to the POP GW via the shortest path. The steps of specific end-to-end path calculation are outlined below: O
35、verlay controller calculates the path: The overlay source, destination, and SLA requirements are determined in accordance with the application requirements, and an end-to-end path, whose segments include CPE1 to PoP GW1, PoP GW1 to PoP GW2, and PoP GW2 to CPE2, is obtained through path calculation.
36、After the overlay controller confirms the underlay ingress and egress PEs in accordance with the POP GW, it issues a path request to the underlay controller with the following arguments: underlay ingress, egress, SLA requirements. The underlay controller calculates the SR policy of a path and return
37、s it directly to the overlay controller as a BSID.(4) The overlay controller combines the overlay and underlay paths as the SR policy BSID, PoP GW2, which is then issued to POP GW1. Tunnels from CPE1 to POP GW1 and POP GW2 to CPE2 are created based on VPN relationships. The end-to-end path creation
38、on the forwarding plane is completed.The packet forwarding flow on the forwarding plane in this mode is as shown in the figure 3.6 below. It should be specified that the PE employs END.B6.ENCAP operation to extend the BSID as the backbone network SR policy, encapsulates it in the new SRH, and adds a
39、 new IPv6 header.Figure 3.6 Schematic of the Solution in which Traffic Passes through POP GW in SME ScenariosAs traffic passes through a POP GW in this solution, operators can provide value-added services for SD-WAN traffic at the POP GW.3.3.3 Adopting G-SRv6Of particular note is that as the overlay
40、 and underlay paths that SD-WAN services pass through are usually relatively long, the SID list of the SR policy may be of a large size. The existing SRv6 may lead to extremely long headers when there is an excessive number of SIDs. This affects the efficiency of packet forwarding and limits the lar
41、ge-scale commercial usage of SRv6. Therefore, while deploying SD-WAN, enterprises may consider utilizing G-SRv6, which has less overhead and supports mixed programming of various SIDs, to compress the SRH header. G-SRv6 is fully compatible with SRv6 and can define a new type of compressed SID to sup
42、port more efficient transmission without modifying the SRH, thus reducing network hardware required by SRv6. China Mobile is currently implementing G-SRv6 multi-vendor interoperability and SRv6 pilot deployment projects, with G-SRv6-based SD-WAN deployments planned for the future.Taking advantage of
43、 the common prefix of many of the SIDs in a SRv6 network, G-SRv6 removes the common prefix and other redundant portions of SRv6 SID from the SID list while retaining the node ID and function ID as a compressed SID, effectively reducing header overhead. The following figure 3.7 shows the data encapsu
44、lation method employed in the SRv6 data plane, which maintains the formats of G-SRH and SRH RFC8754 consistent, does not change theirformats or field semantics, and is compatible with and supports the mixed programming of 128bit SRv6 SID and 32bit G-SID in G-SRH. The G-SID container is introduced to
45、 facilitate the mixed programming of G-SID and complete SIDs, as well as ensure 128-bit alignment. The SI (SID Index) is defined to identify the location of the current G-SID in the container. Finally, CoC flavor is defined to identify G-SID. When a SID containing CoC flavor is received, SID must be
46、 updated to the G-SID part of IPv6 DA address.VersionT raffic ClassFlow LabelPayload LengthNext=43Hop LimitSource AddressPrefixPrefixNext HeaderLast EntryHeadr LenFlagsRouting Type128 bit SIDPaddingG-SID2G-SID1(COC Flavor)GSIDO(COC Flavor)G-SID3(COC Flavor)G-SID2(COC Flavor)G-SIDKCOC Flavor)G-SIDO(C
47、OC Flavor)32 bits copyG-SID0SI SLFigure 3.7 Schematic of G-SRv6 PrinciplesHighlights4.1 Underlay Coordination CapabilityThe access segment is a network linking CPE and PoP GW, and the CPE serves as the endpoint of underlay resource scheduling. The CPE perceives services, so precise traffic schedulin
48、g can be realized. In large enterprise scenarios, CPEs with SRv6 functionality can perform forwarding with end-to-end SRv6 policy per requirement.A backbone segment comprises the network between the PoP GWs, where the coordination of underlay networks plays a key role. The paths between PoP GWs toge
49、ther with service function chaining and the underlay networks1 SR policy can form a service containing both value-added services and a specified network path, enabling overlay and underlay coordination.4.2 Native IPv6 Service Function ChainingValue-added services may involve the scrubbing, acceleration, and encryption of traffic. The service function chaining of elastic SD-WAN