Introduction to

Segment Routing
A foundation for autonomous networking
Alberto Donzelli - Principal Solutions Engineer, Cisco
Cees de Gruijter - Network Domain Architect, Rijkswaterstaat NL
Michiel Koolen - Domain Architect, Rijkswaterstaat NL
BRKSP-2551

Cisco Confidential
 • Introduction
• Standardization
• How SR works
• TI-LFA, Flex Algo
• Traffic Engineering
Agenda • SRv6 uSID overview
• SRv6 to the host
• Rijkswaterstaat SRv6
• Deployment and Interop
• Conclusions

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
 Resiliency, Flexibility, Simplification
Market Architecture Enabler

Economic value Service delivery is changing Programmable and

creation resilient Fabric
Metro
Public cloud Internet

One Network for all Internet

services 5G

Public cloud
Residential
Edge
cloud SP DC SP DC
Enterprise Aggregation, Edge, Peering Core

Self healing
• Quality of Experience is key
• Removing domain boundaries
AI/Autonomous
networking • Flexible delivery points placement Connect Everything
• Always available Everywhere

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 Traditional MPLS network Challenges
Inter domain connectivity, protocol complexity and limited SLA
Fragmented service provisioning
Fragmented Management and Assurance

Access Network Domain Metro Network Domain Core Network Domain Data Center Domain

VNF VNF

Centralized Services Delivery

Inter domain Complex TE Best Effort Additional

BGP-LU RSVP-TE No Slicing Hardware

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
 The end goal
A multi-domain programmable fabric for service creation
Automation & Assurance

Access Network Domain Metro Network Domain Core Network Domain Data Center Domain
Segment Routing – transport slicing - services and network programmability

VNF VNF
VNF VNF

Aggregation

Centralized Services Delivery

Inter Domain E2E MP-BGP services Transport Slicing Fully Automated

EVPN

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
 The path towards Autonomous Networks

“An autonomous network consists of a simplified

network architecture, virtualized components,
automating agents, and intelligent decision
engines which present self-dynamic capabilities
with the goal to create intelligent business and
network operations based on the concept of
closed-loop controls.”

https://www.etsi.org/images/files/ETSIWhitePapers/etsi-wp-40-Autonomous-networks.pdf

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
 Segment Routing • Source Routing principle
• Stateless IP fabric !!!
• Path expressed in the packet

Segment1 Segment2 Segment3 Data

Data Plane
Shortest path
MPLS IPv6
(segment labels) (IPv6 header + extension)

Control Plane

Routing protocols with SDN controller

extensions ( BGP-LS, PCEP, Traffic Engineered path
(IS-IS, OSPF, BGP) NETCONF/YANG, gNMI)

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 Massive Protocol Symplification

Before After
L2/L3VPN Services LDP BGP L2/L3VPN EVPN BGP
Inter-Domain Connectivity BGP-LU
Inter-Domain Connectivity with SLA
Protection FRR/TE RSVP IGP+
Traffic Engineering
Segment
LDP Protection FRR – TI-LFA
Intra-Domain CP Routing
Intra -Domain CP
IGP

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
 One Architecture / Two Data-Plane possibilities

SR-MPLS
• Instantiation of SR on the MPLS data plane
• A segment is encoded with an MPLS label

Segment Routing
SRv6
• Instantiation of SR on the IPv6 data plane
• One or more segments are encoded within an IPv6 address

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Standardization

Cisco Confidential
 Segment Routing Standardization IETF
• First RFC - 7855 (May 2016) Reference IETF drafts and RFCs

Architecture
• Segment Routing Architecture RFC 8402
• Segment Routing Policy Architecture RFC 9256
Active working groups IS-IS
OSPF MPLS
• Segment Routing with MPLS data plane RFC 8660
PCEP • Segment Routing interworking with LDP RFC 8661
• SR-MPLS over IP RFC 8663
BGP
IDR SRv6 Data Plane
• SRv6 Network Programming – RFC 8986
6MAN • IPv6 SR Header – RFC 8754
• Compressed SRv6 Segment List – WG Draft

IS-IS
Strong Cisco Commitment and • IS-IS Extensions for Segment Routing RFC 8667
Leadership • IGP Flexible Algorithm RFC 9350
• IS-IS Traffic Engineering (TE) Metric Extensions RFC 7810
• SRv6 ISIS extensions – RFC 9352
Editor of 96% IETF RFCs
Co-author of 100% IETF RFCs OSPF
• OSPF Extensions for Segment Routing RFC 8665
A comprehensive list @ www.segment-routing.net • IGP Flexible Algorithm WG Document
• OSPF Traffic Engineering (TE) Metric Extensions RFC 7471

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
SR basic blocks

Cisco Confidential
 How does it work?
Path expressed in the packet header

Segment1 Data

Shortest path

Source

Destination

• Segment: instruction a node executes on the incoming packet

• SID → a segment identifier
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
 How does it work?
• Segment list: an ordered set of segments
Path expressed in the packet header

Segment1 Segment2 Segment3 Data

Source

Destination
Traffic engineered path

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
 How does it work?
• SR-MPLS: the instantiation of SR on the MPLS data-plane
• SID → an MPLS label associated with the segment
• A SID list is expressed as a stack of MPLS labels

• SRv6: the instantiation of SR on the IPv6 data-plane

• SID → an IPv6 address associated with the segment.
• A SID list is encoded in the same IPv6 address/packet

Segment1 Data
Segment1 Segment2 Segment3 Data

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
 Two type of segment categories

GLOBAL SEGMENT
Global Segments LOCAL
Local SEGMENT
Segments

• Segments learnt and • Segments learnt by all nodes in

programmed by all nodes in the SR domain but only
the SR domain programmed by the advertising
node
• SID is operator-assigned
• SID is dynamically allocated by
• Example: node segment
router and option for operator-
assigned
• Example: adjacency segment,
peering segment

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
IGP Segments
Starting with SR MPLS examples
the same applies to SRv6, covered later

Cisco Confidential
 Why not to use the IGP to program MPLS labels?
IGP segments
• Two basic building blocks distributed by IGP

• Prefix Segments
• Adjacency Segments

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 IGP Prefix Segment (Node Segment)
Loopack0
Shortest-path to the IGP prefix 1.1.1.6/32

Equal Cost MultiPath (ECMP)-aware 16006

Label = 16000 + Index

2 4
16006
Advertised as index 16006
Distributed by ISIS/OSPF 1 16006 6
16006
16006

Global Segment
3 5
RP/0/RP0/CPU0:Node-1#sh mpls forwarding prefix 1.1.1.6/32
Tue Jan 29 10:30:53.133 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ----------------- ------------ --------------- ------------
16006 16006 1.1.1.6/32 Te0/0/0/2 77.1.2.2 0
16006 1.1.1.6/32 Te0/0/0/3 77.1.3.3 0
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
 IGP Prefix Segment
Shortest-path to the IGP prefix Loopack0
1.1.1.6/32
Global Segment
Te0/0/0/4 16006
Equal Cost MultiPath (ECMP)-aware 2 4
Label = 16000 + Index 16006
16006
Advertised as index
1 6
Distributed by ISIS/OSPF

Global Segment
3 5
RP/0/RP0/CPU0:Node-2#sh mpls forwarding prefix 1.1.1.6/32
Tue Jan 29 10:30:53.133 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ----------------- ------------ --------------- ------------
16006 16006 1.1.1.6/32 Te0/0/0/4 77.2.4.4 0

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
 IGP Prefix Segment
Loopack0
Shortest-path to the IGP prefix 1.1.1.6/32

Global Segment 16006

2 4
Equal Cost MultiPath (ECMP)-aware
Label = 16000 + Index
Advertised as index 1 6
Distributed by ISIS/OSPF

Global Segment 3 5
RP/0/RP0/CPU0:Node-3#sh mpls forwarding prefix 1.1.1.6/32
Tue Jan 29 10:30:53.133 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ----------------- ------------ --------------- ------------
16006 Pop 1.1.1.6/32 Te0/0/0/1 77.4.6.4 0
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 IGP Adjacency Segment
Forward on the IGP adjacency
Local Segment
Advertised as label value 2 4
Distributed by ISIS/OSPF

Label automatically
1 Adj to 4
6
24054
allocated from the
dynamic label pool Adj to 6
3 5 24056

24053

Adj to 3

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
 Combining IGP Segments
Steer traffic on any path through the
network 16006
Packet to 6
Path is specified by a stack of labels 2 4
Packet to 6
No path is signaled
Single protocol: 1000
1 24054 6
IS-IS or OSPF 16005
16006
24054
Packet to 6
16006
Packet to 6 3 5 16006

16005 24054

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
 What are the different type of Segments
GLOBAL segment representing an IGP prefix
IGP Prefix SID Forward packet along shortest-path (ECMP-aware) to reach the prefix associated with the segment

IGP Adjacency LOCAL segment representing an IGP adjacency

SID Forward packet over the interface where the adjacency is formed

IGP Anycast SID An IGP-Prefix segment assign to an IGP prefix advertised by multiple routers (anycast prefix)

GLOBAL segment representing a BGP prefix

BGP Prefix SID Forward packet along best-path to reach the prefix associated with the segment

BGP Peering LOCAL segment representing a BGP neighbor

SID Forward packet over the interface where the neighbor is formed

LOCAL segment representing an SR traffic engineering Policy

Binding SID Forward packet along the path(s) of the associated SR Policy

GLOBAL segment representing a Multicast Tree Global Segment

Tree-SID
Replicate / Forward multicast packet to all receivers of the multicast group Local Segment

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
 The IGP can compute and program any path
Topology Independent Loop Free Alternate (TI-LFA)
For every destination the IGP is computing
the active and the backup path

Active primary path

16006
Packet to 6
2 4
Shortest IGP path
1000
1 16006
6
Packet to 6

3 5

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
 The IGP can compute and program any path
Topology Independent Loop Free Alternate (TI-LFA)
For every destination the IGP is computing
the active and the backup path

Active primary path

16006
Packet to 6
2 4
Shortest IGP path
1000
1
16005
6
24054
Backup path 16006
TI-LFA Packet to 6 3 5 16006

Whenever possible the backup path is the 16005 24054

post convergence path
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
 TI-LFA – Timeline

detection
Link cut
IGP path Computation
Per-Prefix reconvergence
TI-LFA
Primary Primary path
protected DROP Protected Path
path (post convergenge)
Path
~1s T0 T1T2 T3

T1 – T0 = time to detect the failure: from few ms (light down) ~15-30ms (BFD)
T2 – T1 = time to invalidate the impacted interface: few ms (Hierarchical FIB)
T2 – T0 < 50ms
T3 – T1 = time for IGP to re-converge, sub-second (~500ms)

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
 TI-LFA protection Coverage
• Every prefix route is protected

RP/0/0/CPU0:XR-1#sh route 50.50.50.50

Routing entry for 50.50.50.50/32
Known via "isis dc", distance 115, metric 20, labeled SR, type level-2
Installed Feb 1 09:19:33.208 for 2d21h
Routing Descriptor Blocks
33.77.86.77, from 50.50.50.50, via TenGigE0/0/0/1, Backup (TI-LFA)
Repair Node(s): 69.69.69.69
Route metric is 40
33.40.86.40, from 50.50.50.50, via TenGigE0/0/0/0, Protected
Route metric is 20
No advertising protos.

RP/0/0/CPU0:XR-1#show isis fast-reroute summary

IS-IS SR-AS-1 IPv4 Unicast FRR summary
Critical High Medium Low Total
Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 4 8 12
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 100.00% 100.00%

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
 TI LFA FRR
Link protection Node protection
100 100 100 100
3 4 6 3 4 6
100 100

1 2 if0 5 7 8 1 2 if0 5 7 8

PLR PLR

Local SRLG protection Local SRLG + Node protection

100 100 100 100
3 4 6 3 4 6
100 100
if1 if1
SRLG SRLG

1 2 if0
5 7 8 1 2 if0
5 7 8

PLR PLR
Weighted Remote SRLG protection
100 100
3 4 if0 6
100
PLR
SRLG

1 2 if0 5 7 8 Pre-convergence
TI-LFA/post-convergence

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 2929
More power to
the IGP
Flexible
Algorithm

Cisco Confidential
 IGP Flexible Algorithm
Multiple Prefix SIDs for the same end-point for different intent
Default IGP metric: 10
Default Delay metric: 10

Operator-defined custom IGP algorithm 5 1 2

leveraging dedicated Prefix-SIDs set
8 3
7
Example:
Operator configure pref-SID 16004 associated to
Loopback 0 6 7 4 Loopback0
IGP: 100 IGP: 100 Default Algo 0
Prefix SID: 16004
Operator defines Flex-Algo 128 as “minimize delay Metric = IGP
metric”
5 1 2
Dedicated Prefix SID flex-algo 128 17004
For each destination two different SIDs are 8 3
7
installed in FIB
Loopback0
6 D: 1
7 D: 1
4 Algo 128
Prefix SID: 17004
Metric = Delay

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
 Link Delay Measurement
One Way Delay = (T2 – T1)
Two-Way Delay

TX Timestamp T1 RX Timestamp T2

Local-end Remote-end

PM Query Packet
99.2.1.2

99.1.2.1 PM Response Packet

IOS-XR SR- PCE view

performance-measurement Link[0]: local address 99.1.2.1, remote address 99.2.1.2
interface TenGigE0/0/0/8 Local node:
delay-measurement ISIS system ID: 0000.0000.6666 level-2 ASN: 64002
! Remote node:
interface TenGigE0/0/0/9 TE router ID: 5.5.5.5
delay-measurement Host name: Napoli-5
! ISIS system ID: 0000.0000.5555 level-2 ASN: 64002
delay-profile interfaces Metric: IGP 10, TE 50,Delay 6000
advertisement Bandwidth: Total 125000000, Reservable 0
periodic Adj SID: 24005 (protected) 24004 (unprotected)
minimum-change 200 Excluded from CSPF: no
threshold 5

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
 Multiple Prefix SIDs for the same end-point
for different intent Default IGP metric: 10
Default Delay metric: 10

Flex Algo can be used also to build 5 1 2

virtual topologies
8 3
7
Excluding Nodes
• Node is not participating in a flex Algo
6 7 4 Loopback0
IGP: 100 IGP: 100
• Excluding (including) Links Default Algo 0
Prefix SID: 16004
Metric = IGP
• E.g. Only high bw links
5 1 2
• E.g Only macsec links
• E.g Plane A – Plane B 3
7
• Done via link affinity exclusion/inclusion
Loopback0
6 7 4 Algo 128
IGP: 100 IGP: 100 Prefix SID: 17004
Metric = Delay

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
 Flex Algo «««super powers»»»

Automatically managed by the IGP protocol

with 100% self-healing capabilities.

One single SID even for complex intent

e.g. Low Latency, exclude/include affinity.

Protected path stays in Flex Algo virtual topology

TI-LFA aware

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Traffic
Engineering

Cisco Confidential
 SR Traffic Engineering (SRTE)
• The RSVP-TE tunnel Interface construct has been replaced
• The SR Policy the new construct
• In SR there is no tunnel anymore, the policy is programmed only at the headend.
• The newly created Policy architecture has been designed for simplicity, self
healing and automation required in SDN and Autonomous Networking era.
HOW is policy instantiated?
• Local Configuration
WHAT type of path? • Controller instantiated
• Explicit path • On-demand (hint: by BGP / Service routes)
• Dynamic path
If Controller instantiated
WHO computes a dynamic path? WHAT protocol / mechanism is used to deploy?
• Distributed - Head-end • PCEP
• Centralized - Controller • NETCONF
• gNMI API
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
 SR Policy – configuration example
On Node1:
User-defined
segment-routing
name
traffic-eng
policy POLICY1 Color and End-point
color 20 end-point ipv4 1.1.1.4
binding-sid mpls 1000 Binding-SID
candidate-paths
➊ preference 200 20
dynamic
metric type te ➋ 2 3
Candidate Paths
constraints
affinity 1 4
exclude-any color red
! ➊ 6 5
➋ preference 100
explicit segment-list SIDLIST1 Default link metric: 10
!
segment-list name SIDLIST1 segment-routing
index 10 mpls label 16002 traffic-eng
index 20 mpls label 30203 affinity-map
index 30 mpls label 16004 color red bit-position 0

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
 WECMP example
On Node1:
segment-routing
traffic-eng
policy POLICY1
color 20 end-point ipv4 1.1.1.4
binding-sid mpls 1000
candidate-paths Path preference
preference 200 200
20
explicit segment-list SIDLIST1
weight 1
Explicit SID-list1, 2 3
! Weight 1
explicit segment-list SIDLIST2
Explicit SID-list2, 1 4
weight 4
!
Weight 4
segment-list name SIDLIST1 6 5
index 10 mpls label 16002 Default link metric: 10
index 20 mpls label 30203 SID-list1
index 30 mpls label 16004 FIB @ head-end Node1
! Incoming label: 1000
segment-list name SIDLIST2 Action:pop and push <16002, 30203, 16004> (20%)
index 10 address ipv4 1.1.1.4 SID-list2 push <16004> (80%)

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
 SR Policy Identification
An SR Policy is uniquely identified by end-point and color:
End-point: the destination of the SR Policy
Color: a numerical value to differentiate multiple SRTE Policies between the same
pair of nodes with potentially different SLA.

segment-routing

2 4
traffic-eng
policy POLICY1
color 128 end-point ipv4 1.1.1.6
SR Policy
candidate-paths
Color 128 1 † 6 preference 100
dynamic
End-point: 6 metric
type latency
3 5

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
 Automated Steering
How to inject traffic into a Traffic Engineering Policy

• Traditional ways are complex to be configured and managed

and often have performance impact
(e.g. Policy Based Tunnel Selection PBTS)
• With Segment Routing steering traffic into a Traffic Engeneering
policy is completely automated for BGP signaled services.

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
 SR Policy Color
For the same source/end-point different colors for different SLA
• E.g Green = Low Latency and Blue = High Bandwidth
• SRTE Policy Color go hand in hand with BGP Ext. Community Color
• Extended Community Color is specified in RFC 5512

2 4
Color 128, 6
1 6
†
Color 130, 6
3 5

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
 Segment Routing - Automated Steering (AS)
Steer traffic into SR Policy based on Next Hop BGP and Color
vrf 1234

• BGP signaled routes (e.g. IPv4, IPv6, VPNv4, EVPN):

address-family ipv4 unicast
import route-target
3450:3450

End-pont = BGP Next Hop

!
• export route-policy SET_COLOR_128_130
export route-target

• Route color = SR policy color 3450:3450

• Automated steering into the Policy RR

10.10.10.0/24 NH=6 color=128 (GREEN)
20.20.20.0/24 NH=6 color=130 (BLUE)

Route policy to
advertise routes with

Destination
2 4 specific color

10.10.10.0/24 – NH 6 10.10.10.0/24
1 † 6 20.20.20.0/24
20.20.20.0/24 - NH 6

3 5
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
 Segment Routing – ODN (+AS)
• Setup SRTE policy to the BGP NH On Demand

• BGP signaled routes (e.g. IPv4, IPv6, VPNv4, EVPN):

• End-pont = BGP Next Hop color GREEN (128)

• No existing policy but ODN template defined
RR
10.10.10.0/24 NH=6 color=128 (GREEN)
segment-routing
20.20.20.0/24 NH=6 color=130 (BLUE)
traffic-eng
on-demand color 128
preference 100 Route policy to
dynamic advertise routes with
metric type latency 2 4 specific color

10.10.10.0/24
10.10.10.0/24 – color 128 NH 6 1 † 6 20.20.20.0/24

3 5
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
 Per Flow Automated Steering (AS)
Steer traffic into SR Policy based on Destination – Color – DSCP

• BGP signaled routes (e.g. IPv4, IPv6, VPNv4, EVPN):

• End-pont = BGP Next Hop

• Route color = SR policy color
• Different path for the same color/destination RR
10.10.10.0/24 NH=6 color=RED
• Based on QoS (DSCP)
• Source address
Route policy to
• etc advertise routes with
2 4 specific color

Destination Class Green

10.10.10.0/24
10.10.10.0/24 – NH 6 MQC* Class BLU 1 † 6
Class 1 Green
Class 2 BLU
Match To Class
3 5
*MQC Modular QoS CLI
Mapping

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
 Other Steering mechanism

• Preferred path: for L2 services. The pseudowire of the L2 service is mapped over a SRTE
policy (and not following the IGP path)
• Static Route: traffic towards specific route (or Next hop) will be steered over the policy

• Autoroute include: IGP shortcut – the IGP will use the policy as a preferred link between
headend and tail-end of the policy
• Color-Only Automated Steering - is a traffic steering mechanism where a policy is created
with given color, regardless of the endpoint.
• Using Binding Segments - using BSID to stitch SRTE policies

More info at : https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/segment-routing/77x/b-segment-routing-cg-ncs5500-77x/configure-sr-te-policies.html#id_128905

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Controller Based
Advanced Use Cases
Inter domain with SLA

Cisco Confidential
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

Domain1 Domain2 Domain3

L1 L2 L1

best effort
S 2 4

3 5 6

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

Domain1 Domain2 Domain3

L1 L2 L1

best effort
pkt S 2 4

3 5 6

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

16003
Domain1 Domain2 Domain3
16005 L1 L2 L1
16006
best effort
pkt S 2 4

3 5 6

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

Domain1 Domain2 Domain3

L1 L2 L1

best effort
S 2 4

3
16005
5 6
16006
pkt

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

Domain1 Domain2 Domain3

L1 L2 L1

best effort
S 2 4

3 5 6
16006
pkt

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Crossing IGP borders
• With a stack of labels through border routers

• Source Based Routing: only ingress node need to be programmed

• This means all other nodes needs only to support basic SR forwarding

• Not only best effort connectivity!

Domain1 Domain2 Domain3

L1 L2 L1

best effort
S 2 4

3 5 6 pkt

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 SR-PCE Receives & Combines Multiple
Topologies
• Each domain feeds its
topology to the SR-PCE via BGP-LS
• SR-PCE combines the different
topologies to compute paths across entire SR
topology PCE

BGP-LS

1 2 4

3 5 6
Domain1 Domain2 Domain3
L1 L2 L1

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
 SR-PCE Receives & Combines Multiple
Topologies
• SR-PCE is IOS-XR based stateful Path Computation Element (PCE)
• PCEP session between SR-PCE and Headend nodes for centralized computation
• Fundamentally Distributed (RR-like Deployment)
• Multi Domain SR
PCE
• Also supports RSVP-TE
PCEP

1 2 4

3 5 6
Domain1 Domain2 Domain3
L1 L2 L1
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
 Crosswork Network Controller (CNC)
Integrated solution for deploying and operating IP transport networks

Crosswork Network Controller Use Case Description

C
Common UI & API
Service Provision L2VPN & L3VPN
Provisioning services with transport intent
Optimization Engine Active Topology &
Inventory
Cisco NSO +
Service
Intent-Oriented Provision segment routing traffic-
Real Time Network Core Function
Optimization inventory Packs Transport engineering policies for services
Provisioning with SLAs.
Model-based
Service & Device Bandwidth Tactically optimize the network
SR-PCE Crosswork Data
Provisioning
Gateway Optimization during times of congestion

Collect real-time performance

Real time
information and optimize the
network
network as needed to maintain
optimization
Multivendor, Multi-domain Physical and Virtual Infrastructure the SLA

Topology & Collect and expose information

Inventory about network and services

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
 SR innovations and use cases summary

Introduce seamlessly
Network Availability Protect with automatic TI LFA FRR
Stabilize with microloop avoidance
Operate with advanced monitoring and blackhole detection
Monitor with SR Performance Measurement toolkit

Advanced Use Cases Path Disjointness (Multi-plane)

Real-Time Low Latency Services
Egress Peer Engineering (EPE)
Point-to-Multipoint delivery with Tree-SID
Bandwidth Optimization

Intent-Based Traffic On-Demand Next-Hop (ODN) + Automated steering (AS)

Engineering Multi-plane Network Slicing using IGP Flex Algorithms
Multi-Domain intent with SR-PCE
Intent-Based Per-Flow Automated Steering
Circuit-Style SR Policies

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
 Network Evolution
Service Protocols
L2 VPN services LDP L2 VPN services (EVPN)
MP-BGP
L3 VPN services MP-BGP L3 VPN services

Transport Protocols
SR-PCE (SLA) Inter-Domain SLA Traffic Eng.
Inter-Domain MPLS LSP BGP-LU
BGP-SR (BE) Inter-Domain MPLS LSP

Intra-Domain Traffic Engineering Intra-Domain Traffic Engineering

RSVP-TE
Fast Re-Route Fast Re-Route

IGP with
Intra-Domain MPLS LSP LDP Intra-Domain MPLS LSP
SR extensions

IP Routing IGP IP Routing

Data-Plane

Label-based forwarding MPLS MPLS Label-based forwarding

LDP: Label Distribution Protocol, MP-BGP: Multi-protocol BGP, BGP-LU: BGP Labeled-Unicast, PCE: Path Computation Element, RSVP-TE: Reservation Protocol Traffic Engineering, BE: Best-Effort

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
 Network Evolution IPv6 Header
Service Protocols
L2 VPN services LDP L2 VPN services (EVPN)
MP-BGP
L3 VPN services MP-BGP L3 VPN services

Transport Protocols
Inter-Domain with IP Summarization
Inter-Domain MPLS LSP BGP-LU Inter-Domain best-effort and SLA

Intra-Domain Traffic Engineering Intra-Domain Traffic Engineering

RSVP-TE
Fast Re-Route Fast Re-Route

ISISv6 with
Intra-Domain MPLS LSP LDP Intra-Domain best-effort
SR extensions

IP Routing IGP IP Routing

Data-Plane

Label-based forwarding MPLS IPv6 IP forwarding

LDP: Label Distribution Protocol, MP-BGP: Multi-protocol BGP, BGP-LU: BGP Labeled-Unicast, RSVP-TE: Reservation Protocol Traffic Engineering

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
 Segment Routing architecture simplification

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
 Segment Routing architecture simplification

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
 Segment Routing architecture simplification

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
SRv6 uSID
Explained in few
minutes…

Cisco Confidential
 IPv4 limitations & work-arounds
Network Functions IPv4
Address space 32-bit limitation
Reachability IPv4 Header
No optional header
Engineered Load Balancing MPLS Entropy Label, VxLAN UDP IPv4 header doesn’t support
VPN MPLS VPN’s, VxLAN VPN
Traffic Engineer
Traffic Engineering RSVP-TE, SR-TE MPLS Service Chaining
Engineered Flow optimization
Source Routing SR-TE MPLS
Source-Routing
Service Chaining NSH

Data (L7)
Socket header (L4)
IPv4 header (L3)
NSH
MPLS VPN / eVPN work-arounds
VxLAN MPLS
Ethernet (L2)
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
 SRv6 Solution
Network Functions IPv6
IPv6 Address 128bits
Reachability IPv6 Header
IPv6 Flow Header
Engineered Load Balancing IPv6 Header Engineered Flow optimization
VPN IPv6 Header SRv6 Header
Source-Routing
Traffic Engineering IPv6 Header Traffic Engineering
Source Routing IPv6 Header VPN
Service Chaining
Service Chaining IPv6 Header

Data (L5,L6 & L7)

Socket header (L4) Data (L5,L6 & L7)
IPv4 header (L3) Socket header (L4)
Simplicity
NSH IPv6 header (L3)
(back to OSI model)
MPLS VPN Ethernet (L2)
VxLAN MPLS
Ethernet (L2)

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
 0 1 2 3
01234567890123456789012345678901
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |

IPv6 SR Header
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit | 43
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |

RFC 2460
| Source Address |
| |
• IPv6 header | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
• Next header field: 43 → Routing | Destination Address |
| |

• IPv6 Routing extension header

| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• Generic header format defined in RFC 2460 | Next Header | Hdr Ext Len | Routing Type | Segments
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4 Left |

• Next Header: IPv4, TCP, UDP, … | First Segment | Flags | Tag |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
• Hdr Ext Len: Any IPv6 device can skip this header | Segment List[0] (128 bits IPv6 address) |
| |
• Segments Left: Ignore extension header if equal to 0 | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• Specific data depends on Routing Type field:

SR specific
| |
. .
• 0 Source Route (deprecated since 2007) . ... .
. .
• 1 Nimrod (deprecated since 2009) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• 2 Mobility (RFC 6275) | |
| Segment List[n-1] (128 bits IPv6 address) |
• 3 RPL Source Route (RFC 6554) | |
| |
• 4 Segment Routing (RFC 8754) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// //
// Optional Type Length Value objects (variable) //
// //
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
-

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 IPv6 uSID format SRV6 Encapsulation

header
SA:2001::1

IPv6
DA:FDBB:BBBB:0:4:1:0:0:0
FDBB :BBBB = SRv6 uSID Block NH:RH

32 bits here (but can be anything) Type:4(SRH)

IPv6 extension header

NH:IPv4|SL:1
Segment List:
[0]: FDBB:BBBB:0:500:0:0:0:0
: 0100 : = SRV6 uSID (e.g. node uSID) [1]: FDBB:BBBB:0:400:0:0:0:0
[2]: FDBB:BBBB:0:300:0:0:0:0
[3]: FDBB:BBBB:0:200:0:0:0:0
16 bits here (but can be anything) [4]: FDBB:BBBB:0:100:0:0:0:0

SA:7.5.4.3

IP in IP encap
SRV6 uSID Carrier
DA:11.6.19.71

Service
Port:UDP

UDP Header/Data

FDBB :BBBB : 0100 : 0200 : 0300 : 0400 : 0500 : 0000

SRV6 uSID Encapsulation
SRv6 uSID uSID uSID uSID uSID uSID EoC SA:2001::1

header
IPv6
DA:FDBB:BBBB:100:200:300:400:500::
Block 1 2 3 4 5 6 NH:Ipv4

SA:7.5.4.3

IP in IP encap
DA:11.6.19.71

Service
Locator advertised as /48 = uSID block + uNode Port:UDP

UDP Header/Data

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
 Transit Routers (classic IPv6 routing)
SRv6-capable router

SRv6 uSID – The ultra efficient Innovation

Opaque (LPM)
DA: FDBB:BBBB:0004:0006:0008:FFFF:0000:0000:0000 IPv6 Domain

PE 4 PE
CEA 1 8 CEB

6
Simple IPv6 encapsulation @ 1
• IPv4 in IPv6 (shown)
• IPv6 in IPv6
• Ethernet in IPv6 FDBB:BBBB:0008:FFFF:0000:0000:0000:0000
IPv6 DA: FDBB:BBBB:0006:0008:FFFF:0000:0000:0000
FDBB:BBBB:0004:0006:0008:FFFF:0000:0000

IPv4 DA 1.1.0.1

Payload

A source-routed path encoded in a single IPv6 address!

• follow igp shortest-path to node 4
• then shortest-path to node 6
• then shortest-path to node 8
• then decapsulate and lookup in VPN table FFFF
LPM – longest prefix match lookup

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
 IPv6 uSID Block
• Your network may have any pre-existing IPv6 address deployed
• uSID’s are allocated from a new block
• All deployments allocate from FD/8 private block
• Let us assume: FDBB:BBBB/32 block is picked

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
 ISIS Underlay SRv6 Locator
FDBB:BBBB:0002::/48

0002

• ISIS is advertising locators as /48 IPv6 addresses

• All nodes are installing a route based on the IGP metrics
• Any packet to FDBB:BBBB:0002/48 follows the shortest path to 0002
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
 BGP Overlay Services 1.0.0.0/8 in VRF acme via
FDBB:BBBB:0002:F001::/64

SRv6 Function to a service

F001 => VRF acme

0001 0002

• BGP announces that 0002 has a local binding

“F001” == “decaps and forward inner packet as per VRF acme”

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
 Forwarding 1.0.0.0/8 in VRF acme via
SRv6 SID: FDBB:BBBB:0002:F001::

SRv6 Function to a service

F001 => VRF acme

0003
0001 0004 0002
Classic routing
Longest prefix match (LPM) lookup
FDBB:BBBB:0002::/48 leads to 0002

DA: FDBB:BBBB:0002:F001:0000:0000:0000:0000
IPv6
DA: 1.0.0.1
IPv4

Payload

• Simple IPv6 encapsulation at Ingress PE

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
 The shortest path is not always the best

0002

• The shortest path is often optimized for lowest transport cost

• Alternative requirements
• Lowest latency
• Only via secured links
• Avoid some geographies

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
 IGP Flex-Algo SRv6 Locators

DA: FDBB:BBBD:0002:F002:0000:0000:0000:0000 Min-delay

IPv6
Shortest Latency
IPv4 FDBB:BBBD:0002::/48
Payload
0002
FDBB:BBBB:0002::/48
Shortest IGP
Min-IGP
0001 IPv6
DA: FDBB:BBBB:0002:F001:0000:0000:0000:0000

IPv4

• Multiple Locators at a node Payload

• Locators per intent Flex Algo Low Delay Locator

• Min-IGP FDBB:BBBD:0002::/48
• Min-delay

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
 Humans combined paths
DA: FDBB:BBBB::0002:F001:0000:0000:0000:0000
IPv6

IPv4

Payload

0005

DA: FDBB:BBBB:0005:0002:F001:0000:0000:0000
IPv6 0002
IPv4

Payload

• Human analogy: I can sometimes get to my destination faster, if I take a

detour when there is congestion on the highway.
• FDBB:BBBB:0005:0002::
follows the shortest-path to 0005 and then to 0002

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
 Ultra Scale
• Solely FDBB::/16 provides for 4 billions global locators
• Local uSID’s of 32 bits provide for 4 billion local bindings
• We can finally get back to reachability with routing summarization
• MPLS do not support routing summarization
and hence need complex solutions like BGP-LU

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
 Ultimate Simplicity + Ultra Scale
METRO 1 CORE METRO 2

A C
ISIS ISIS
Summary1/40 Low-Cost Summary3/40 Low-Cost
Summary2/40 Low-Delay Summary4/40 Low-Delay
B D

• Simpler routing designs

• No BGP inter-AS Option A/B/C
• Back to basic IP routing and prefix summarization - thousands less IGP
routes than with MPLS!
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
 Ultimate Simplicity + Ultra Scale
METRO 1 CORE METRO 2

A C
ISIS
Summary1/32 Low-Cost
A single entry in FIB Summary2/32 Low-Delay
to reach destinations
in each slice outside
B D
Metro 1

• End-to-End IGP Flex Algo Continuity (e.g. low-cost / low-delay)

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
 SRv6 functions (Refer to : RFC 8986)

Codename Behavior
End uN Endpoint [Node SID]
End.X uA Endpoint with Layer-3 cross-connect [Adj SID]
End.B6.Insert uB6.Insert Endpoint bound to an SRv6 policy [BSID]
End.B6.Encap uB6.Encaps Endpoint bound to an SRv6 encapsulation policy [BSID]
End.DX6 uDX6 Endpoint with decapsulation and IPv6 cross-connect [L3VPN Per-CE]
End.DX4 uDX4 Endpoint with decapsulation and IPv4 cross-connect [L3VPN Per-CE]
End.DT6 uDT6 Endpoint with decapsulation and specific IPv6 table lookup [L3VPN Per-VRF]
End.DT4 uDT4 Endpoint with decapsulation and specific IPv4 table lookup [L3VPN Per-VRF]
End.DX2 uDX2 Endpoint with decapsulation and L2 cross-connect [E-LINE]
End.DT2U/M uDT2U/M Endpoint with decapsulation and L2 unicast lookup / flooding [E-LAN]
End.DTM uDTM Endpoint with decapsulation and MPLS table lookup [Interworking]
H.Insert / H.Encaps Headend with Insertion / Encapsulation of / into an SRv6 policy [TiLFA]
H. Encaps.L2 H.Encaps Applied to Received L2 Frames [L2 Port Mode]
H.Encaps.M H.Encaps Applied to MPLS Label Stack [Interworking]

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
 SRV6 uSID as Service programming platform
Deploy diverse functions where needed
Transport SRv6 Packet

Customer IP packet
A Destination
Address
1 2 3 Customer packet (IP/Ethernet)
B Customer IP packet

Header
Create value by bundling functions
encoded with micro-SID

Reachability Traffic Performance Identity and

(IP)
Virtualization Resilience Slicing
Engineering
Chaining
Measurement policies …
Functions embedded within the Network Layer

Segment Routing IPv6

On
premise SP Network On-net,
Peering,
SP Cloud Colocation Cloud
Internet
Any Cloud

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
SRv6 to the host

Cisco Confidential
 Telco Cloud distributed DC - Present mode
• A smaller VXLAN fabric is required for relative bigger Edge DC sites

• VXLAN is only used within the DCs

• DC to transport handoff is required for all external communication (VXLAN to VRF mapping)

• FC is centrally hosted in one of the edge fabric or in a central DC can manage all edge DC sites

Service provider transport

IP/MPLS-LDP/SR-MPLS/SRv6
DC-PE

DC-PE DC-PE DC-PE

....
fabric controller

Edge DC # 1 Edge DC # 2 Edge DC # n Central DC

Small VXLAN fabric Small VXLAN fabric Small VXLAN fabric
4-10 leaf fabric 4-10 leaf fabric 4-10 leaf fabric

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 8181
 Potential for Simplification

H1 S H2 H3
VM VM VM
1 2 3 S cp w1 w2 w3

TOR
VXLAN

L3 L3 L3

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
 With SRv6 the compute node is becoming a PE
RR
Cluster Node
PE

PE
eBGP

IPv6/SRv6 underlay Locator

PE
SRv6 uSID fcdd:dd00:c1a0::/48
whatever single/multi-domain
MP-BGP

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
 Potential Benefits

4G 5G

Metro Core DC
IPv6 uSID IPv6uSID IPv6/SRv6

DSL/PON Ethernet
- No need of DCI
- No need of underlay L2 VXLAN
- No need of DC fabric in small sites
- Simplified networking via end 2 end VRF to the host
- Embedded security policies in Cilium
- Minimize service touch points

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
 Bell Canada*

• One of the first SRv6 deployments

• Implementing Cilium SRv6 for
Telco Cloud
• Working to extend it to public cloud
• Public recordings
• Presentation at CNCF
• Presentation at MPLS SD&AI
*Courtesy of Dan Bernier, Dir Technology Strategy, Bell Canada

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Rijkswaterstaat SRv6
Business Case and Use Cases

Cees de Gruijter - Network domain architect, Rijkswaterstaat NL

Michiel Koolen - Domain Architect, Rijkswaterstaat NL
René van der Bilt - Network Architect, Royal KPN N.V

Cisco Confidential
 Rijkswaterstaat – what we do in 3 images
3.462 km canal / river 7.372 km road
90.192 km2 water
92 lock complexes 56 movable bridges
45 km dunes
128 lock chambers 3100 video camera
154 km dikes and dams
325 (movable) bridges systems
10 weirs
44 Dynamic Information 320 GMS2 (road condition)
6 storm surge barriers
Panels 20.000 Speed loop pairs
1416 cameras 17.000 signal sensors

waterways
water system roads

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
 Rijkswaterstaat – Dutch government organization
• Nationwide OT-grade IP-network crucial for visibility,
data collection, remote operation of objects, “smart”
traffic, etc..
• ≈5000 km optical, MPLS backbone, 4 data center
locations, regional traffic management centers.
• Evolution from “Enterprise” (demand/customer driven)
to “Service provider” (standard services) model
started in 2018.
• IT network must be made future proof, “automatable”
• deterministic behavior,
• autonomous functioning,
• self healing.
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
 RWS business case for Segment Routing
• Network convergence for OT: ≥1s interrupt can trigger
Safety Protocols, SR-MPLS/SRv6 promises
predictable fast convergence.
• Stateless property of SR crucial to deterministic
network behavior. Minimal “unforeseen side effects” of
automated changes.
Cf. software industry best practice of stateless REST-
APIs.
• Reduce Cost by replacing dedicated DWDM
Infrastructure with Routed Optical Network (RON).
• SR Flex Algo Traffic Engineering can do the same as
DWDM path protection, BUT with more flexibility!

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
 Benefits of statelessness
• State of the entire network is deterministically defined
at any point in time. The network has no memory or
history.
• Deterministic test conditions result in Changes with no
surprises or packet loss. Very suitable for a Desired
State automation approach.
• SR is stateless, because the SID is part of the data
frame. Any “memory” is gone as soon as a packet
leaves the network.
• SIDs truly behave as REST API calls to network routing
plane!

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
 Status of SR-MPLS/SRv6 implementation at RWS
• SRMPLS stack live when Backbone (P-PE) LCM in 2019.
• SR-MPLS signaling/control plane traffic for autonomous IP
protection. Better network convergence. SR-MPLS at that
time no business case for wider adoption over MPLS.
• SRv6 development finished and production tests in progress:
• Multi-domain SRv6, Customer Edge is a separate uSID
domain from the Backbone Core for security reasons.
• SRv6 + Flex Algo together with DCO and RON for L2
Ethernet Private Line (EPL).
• L2 EPL over SRv6 Transport replaces DWDM.
• Legacy DWDM network is to be discontinued in Q2 2025.

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
 Multi domain SRv6 solves RWS specific
challenges
• Huge part of the physical network is easily accessed (along
public roads) – security implications!
• Multi domain SR: BGP (single control plane in our network)
signals SIDs of connected PE-routers to CPE routers (co-
operation with Alberto’s team).
• Single domain SRv6 with IS-IS (link-state protocol) lacks
security features for ≈900 servicehubs (+ 700 wireless)
Core – IS-IS Edge – BGP
Servicehub Servicehub

User User
CPE PE P PE CPE
-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
 Other fun SRv6 stuff: Migration and Availability
• Dual stack IPv4+MPLS and IPv6+SR-MPLS within 1
“MPLS”-VPN, adds IPv6 to the backbone network
without touching the IPv4 configurations or protocol
stack.
• Switch between MPLS and SRv6 without packet loss
and without changing our MPLS-VPN structure. Perfect
fit with RWS chosen evolutionary development.
• Increasing Availability of LAN Ring topology: close LAN
Rings along highway sections by emulating “Fiber path”
via the IP Backbone using L2VPN services over SRv6
Transport. Huge cost savings on fiber cable installation.

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Deployments
and
Interoperability

Cisco Confidential
 From concept to standardization to
deployment leadership

Americas EMEA APJC

730 636 365 2%

Web / OTT
50%
Service Providers
48%
Enterprise

Deployed
Active Testing
Deployment Planned

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
 SRv6 … at Record-Speed

Americas EMEA APJC

205 186 111

Deployed
Active Testing
Deployment Planned

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
 Rich SRv6 uSID Ecosystem Open-Source Networking Stacks

Network Equipment Manufacturers

Smart NIC / DPU Merchant Silicon

Open-Source Applications

BGP
Partners
Pyroute2 SERA
FRRouting

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
 EANTC 2024 – Multi-Vendor Interop
• Sixth year of public SRv6 interop tests
• uSID established as de-facto industry standard at EANTC 2024
• *ALL* SRv6-related testing conducted exclusively with uSID Link
• 10 vendors with 21 routers/switches – merchant (BRCM J/J+/J2) & custom-silicon

2024

BRKSP-2551
2023
© 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
-
Conclusions

Cisco Confidential
 IP is back and better than ever.
Build Measure
Self-sufficiency is standard Essential embedded assurance
anything everything
End-to-end connectivity with SLA
• From Host to Cloud through DC, Active probing between Fabric
Access, Metro, Core. Edges along all ECMP paths
• No protocol conversion or
gateways at domain boundaries SLA monitoring
Simplified, scalable, High-capacity probe generation
Any service, without any shim and ingestion powered by Integrated
and versatile Silicon One (14MPPS)
• VPN, Slicing, Traffic Performance
networks that are Engineering, Green Routing,
FRR, Host networking Measurement
self-sufficient Continuous routing monitoring
Routing Analytics
Better scale, reliability, cost,
Advanced analytics and
and seamless deployment in
intelligent service optimization
Brownfield
driven by AI

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
 Continue your education Visit the
World of
Solutions
for Demos
• Introduction to SRv6 uSID technology BRKSPG-2203

• Advanced Innovations in SRv6 uSID and IP measurements – BRKSPG-319

• Troubleshooting Segment Routing - BRKSPG–3624

• Segment Routing innovations in XE – BRKENT-2520

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
 • Visit the Cisco Showcase
for related demos

• Book your one-on-one

Meet the Engineer meeting

Continue • Attend the interactive education

your education with DevNet, Capture the Flag,

and Walk-in Labs

• Visit the On-Demand Library

for more sessions at
ciscolive.com/on-demand.
Sessions from this event will be
available from March 3.

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Webex App
Questions?
Use the Webex app to chat with the speaker
after the session

How
1 Find this session in the Cisco Events mobile app

2 Click “Join the Discussion”

3 Install the Webex app or go directly to the Webex space

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

by the speaker until February 28, 2025.

BRKSP-2551 103
© 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Confidential
 Fill Out Your Session Surveys

Participants who fill out a minimum of 4 session

surveys and the overall event survey will get a
unique Cisco Live t-shirt.
(from 11:30 on Thursday, while supplies last)

All surveys can be taken in the Cisco Events

mobile app or by logging in to the Session Catalog
and clicking the ‘Participant Dashboard’

Content Catalog

-
BRKSP-2551 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
 Cisco Live Amsterdam 2025 IPv6 Learning Map

Sunday—9th Monday—10th Tuesday—11th Wednesday—12th Thursday—13th Friday —14th

TECENT-2150 8:30 BRKIPV-1007 8:00 BRKEWN-2834 8:00 IBOENT-2811 11:30 BRKIPV-2418 9:00

6+3=100! Use IPv6 and Deploying Catalyst IPv6-Enabled Wireless (Wi- Everything You Wanted Deploying IPv6 Routing
Python 3 to Transform Center for IPv6 Networks Fi) Access: Design and to Know about IPv6 but Protocols: Specifics and
Deployment Strategies
how you do Networking Were Afraid to Ask Considerations
TECIPV-2001 8:45 BRKSEC-2044 10:30 CTF-1001 10:15 IBOIPV-2000 13:30 BRKENT-3340 11:00

IPv6 Beyond the Local Secure Operations for an IPv6: The Internet’s best Sharing Experience on The Hitchhiker's Guide to
Network IPv6 Network kept secret! IPv6 Deployments Troubleshooting IPv6

TECIPV-2000 13:45 IBOIPV-2000 13:30 BRKIPV-2186 13:15

BRKSPG-3198 14:15 BRKENT-3002 11:15

Sharing Experience on IPv6 Networking in a IPv6 Security in the Local

IPv6 in the Host and in Advanced Innovations in
IPv6 Deployments Cloud Native World Area with First Hop
the Local Network SRv6 uSID and IP
Security
CISCOU-1038 14:45 Measurements
BRKSPG-2203 14:30

Introduction to SRv6 IPv6 Groove: Get By with BRKOPS-2223 15:00

uSID Technology a Little Help from My The Network of the
Friends! Future is Here - Let’s
BRKIPV-2191 16:30 BRKENT-2008 13:00 Automate your IPv6
IPv6:: It’s Happening! Goodbye Legacy, the deployment with Python!
Move to an IPv6-Only BRKIPV-2228 17:00
Enterprise
The Automation Travel
Walk in Labs BRKIPV-1616 16:00 Guide for Your IPv6
IPv6 – What Do You Mean Journey!
LABIPV-1639 IPv6 Foundations: A Dive into Basic Networking Concepts There Isn’t a Broadcast?
LABIPV-2640 IPv6 Deep Dive: Beyond Basics to Brilliance
LABMPL-1201 SRv6 Basics Instructor-led Labs
LABSP-2129 SRv6 Micro-Segment Basics
LABSP-3393 Implementing Segment Routing v6 (SRv6) Transport on NCS LTRIPV-2222 Implementing Future-Ready Networks - Deploy IOS XE IPv6 Configuration
55xx/5xx and Cisco 8000: Advanced with Python!
LTRSPG-2212 SRv6 and Cloud-Native: A Platform for Network Service Innovation

BRKSP-2551 105
© 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Confidential
Thank you

Cisco Confidential
Cisco Confidential