IPv6

Summarization

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Overview Route Summarization

As the network size increases, the number of individual networks listed in the IP route table also
increases, as does packet size.

Routers cannot effectively handle many subnetworks, which leads to slowdowns, packet
losses and even crashes. That's why it's important to reduce the number of entries in the route
table, which is what route summarization accomplishes.

With route summarization, many routes are advertised with just one line in an update packet,
which not only reduces the packet size, but also allows more bandwidth for data transfer.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Why is route summarization important?

If a router needs to advertise 50 routes, it will need 50 specific lines in its update packet.
As these routes increase, the number of lines required also increases, expanding packet
size and the amount of bandwidth used. That means there will be less bandwidth
available for actual data transfer.

Route summarization enables multiple routes to be advertised with only one line in an
update packet, reducing the packet size and leaving more bandwidth for data transfer.
Also, each time a new data flow enters a router, it must identify which interface the
traffic must be sent out to. For this, it must perform a lookup in its routing table.

This process takes longer for large routing tables and requires more router central
processing unit (CPU) cycles to route traffic.

Route summarization can eliminate this problem by minimizing both the time required to
perform lookup and reducing the number of CPU cycles.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Route summarization advantages

Route aggregation offers several advantages, including the following:

1. Reduces the number of entries in the route table, which reduces the load on the router
and network overhead for routing protocols;
2. Minimizes latency in a complex network, especially when many routers are involved;
3. Reduces or eliminates unnecessary routing updates after part of the network
undergoes a change in CPU cycles topology;
4. Hides instability in the system behind the summary that remains valid even in the
absence of summarized networks;
5. Saves memory since routing tables will be smaller in size;
6. Helps save bandwidth as there are fewer routes to advertise; and
7. Reduces processor workloads and saves, since there are fewer packets to process and
smaller routing tables to work on.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Route summarization disadvantages

There are two main disadvantages of route aggregation:

1. Suboptimal routing. Misconfigured route summarization may result in suboptimal routing.

Route summarization may also create inconsistent routing if a network has noncontiguous
subnetworks. When using summaries, the router may prefer another path where it has
learned a more specific network form, which may not be the most optimal routing method.

2. Forwarding traffic for unused networks. If the router doesn't find a matching destination in its
routing table, it will start dropping traffic, leading to data loss. Also, the summary route may
cover unused networks. The router that has a summary route will forward traffic to the
router that advertised the summary route.

Note:
To avoid suboptimal or incorrect routing and to prevent routers from inaccurately advertising networks or
duplicating other routers' advertisements, it's important to design networks with summarization in mind.
Advance planning and leaving room for future network growth can help with the design of a scalable
network that supports route summarization.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Sample Implementation

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 MP-BGP IPv6 Summarization ( sample Cisco )
The same process for summarizing or aggregating IPv4 routes occurs with IPv6 routes, and the format is identical except that the configuration is
placed under the IPv6 address family using the

aggregate-address prefix/prefix-length [summary-only] [as-set] command.

Let’s revisit the previous IPv6 deployment in Figure 11-20, but now summarize all the loopback addresses 2001:db8:0:1/128, 2001:db8:0:2/128,
and 2001:db8:0:3/128) along with the peering link between R1 and R2 2001:db8:0:12/64) on R2. The configuration would look as shown in
Example 11- 28.

Source : https://www.ciscolive.com/

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 MP-BGP IPv6 Summarization (Cont.)
Example 11-29 shows the BGP tables on R1 and R3.
All of the smaller routes are aggregated and suppressed into
2001:db8::/59 as expected.
The summarization of the IPv6 loopback addresses (2001:db8:0:1/128,
2001:db8:0:2/128, and 2001:db8:0:3/128) is fairly simple as they all fall
into the base IPv6 summary range 2001:db8:0:0::/64.

The fourth hextet, beginning with a decimal value of 1, 2, or 3, would

consume only 2 bits; the range could be summarized easily into the
2001:db8:0:0::/62 (or 2001:db8::/62) network range.

The peering link between R1 and R2 2001:db8:0:12::/64) requires

thinking in hex first rather than in decimal values. The fourth hextet
carries a decimal value of 18 (not 12), which requires 5 bits minimum.

Table 11-6 lists the bits needed for summarization, the IPv6 summary
address, and the component networks in the summary range.

Source : https://www.ciscolive.com/

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 MP-BGP IPv6 Summarization (Cont.)
Currently the peering link between R2 and R3 (2001:db8:0:23::/64) is not being summarized and suppressed, as it is still visible in R1’s routing
table in Example 11-35. The hex value of 23, which is typically written as 0x23, converts to decimal value 35; which requires 6 bits.

The summarized network range must be changed to 2001:db8::/58 for summarization of the 2001:db9:0:23::/64 network to occur.

Example 11-30 shows the configuration change being made to R2. Example 11-31 verifies that the 2001:db8:0:23::/64 is now within the
aggregate address space and is no longer being advertised to R1.

Source : https://www.ciscolive.com/

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive

SRv6 uSID Unreachable Prefix Announcement

Among many reasons for the wide adoption of SRv6 uSID technology is ultimate scalability. SRv6 uSID currently
provides full feature parity with SR-MPLS but in a much simpler manner, and with much higher scalability. The key
concept for infinite scalability is the applicability of classless routing (CIDR) to SRv6 uSID networks.

Let’s say we have a midsized network with 30k routers. It is obvious that we cannot handle such a network as a single
IGP domain.
We must split it into multiple IGP domains. Either using the hierarchical structure of IGP protocols (ISIS levels or OSPF
areas) or even using different IGP processes.

For simplicity, we split our network into 30 domains with 1000 nodes each. As we need to maintain any-to-any
connectivity, an obvious option is to redistribute all SRv6 locators everywhere. But IGP protocols have their scalability
limits as well. Attempt to redistribute all locators across would reach IGP limits.

SRv6 offers a very elegant solution to that problem: summarization. Every border router will propagate a few
summary prefixes instead of all locators.
Source : https://www.segment-routing.net/demos/upa/

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive

Figure 1 - Summarization
In Figure 1 we can see an example of summarization. 1000 /48 Locator
prefixes are summarized into the core as four /40 networks. As a result,
in the core there will only be 120 summary routes instead of 30k, while
still providing any-to-any connectivity. 120 networks in a single domain
are simple to handle for any IGP routing protocol and easy to handle for
any HW platform.

For a network of this size, we will probably not do any additional

summarization towards Domain 0, but for very large networks
hierarchical summarization will be necessary.

Now we have a perfectly scalable network thanks to the reduced level

of information propagated among domains via summarization. But
consequently, PE1 does not see any failure happening outside of its
local Domain0. So, when PE11 in Domain2 fails it cannot trigger BGP
Prefix Independent Convergence (BGP PIC) on PE1.

However, with summarization, the ingress PE will never be notified

about an egress PE failure. Because the egress PE failure is hidden by
the summary route which is not changing at all.
Source : https://www.segment-routing.net/demos/upa/ Traffic restoration following an egress PE failure relies on BGP
convergence, which can be very slow.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive (Failure without summarization)

In between domains we have a single Area Border Router

(ABR). The ABR is responsible for routing information
propagation between domains. This router can summarize
routing information for each domain.

In Domain 2 we have two redundant PE routers: PE11 and

PE12. Both PEs are connected to a single CE1 and this CE is
connected to the IXIA traffic generator.

IXIA is advertising 800k IPv4 prefixes to the CE router.

The CE router advertises all these prefixes to PE11 and

PE12. Both PEs are advertising the prefixes to the Route
Reflector in VPNv4 address family.
Convergence without summarization
Without any summarization configured on the ABR, ingress PE1 receives both
The Route Reflector propagates them towards the ingress
PE11 and PE12 locators:
PE1. Note that the solution also works for other address-
RP/0/RP0/CPU0:PE1#sh route ipv6 | incl fccc:cc00:20 families.

i ia fccc:cc00:2011::/48
i ia fccc:cc00:2012::/48

Once we trigger the PE11 failure, IGP deletes the locator prefix of PE11 and PE1 triggers BGP
PIC.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive (Failure without summarization)

Figure 3 - IXIA - Failure without summarization

The IXIA measurement shows that convergence is very fast: 353 milliseconds. This is the sequence of events during that time:
1.The IGP in domain 2 detects PE11’s failure
2.The IGP floods the failure throughout domain 2
3.The ABR propagates that information into domain 1
4.The IGP in domain 1 floods the information
5.PE1 receives the information and triggers BGP PIC – switching to all preprogrammed backup paths

This solution can only be used for small networks, where the IGP scale allows all locators to be flooded within the domain.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive (Failure with summarization)

Convergence with summarization :

Summarization configuration on the ABR, summarizing the domain 2 locator prefixes into domain 1:

router isis 100

address-family ipv6 unicast
summary-prefix fccc:cc00:2000::/40 level 2

After configuring the summary prefix, PE1 no longer receives individual locators of domain 2:

RP/0/RP0/CPU0:PE1#sh route ipv6 | incl fccc:cc00:20

i ia fccc:cc00:2000::/40

Therefore, the IGP of domain 1 no longer receives PE11 failure notifications and BGP PIC can’t be triggered anymore on PE1.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 SRv6 Summarization Preventive (Failure without summarization)

Figure 4 - IXIA - Failure with summarization

In this measurement, the convergence was very slow (more than 50 seconds) due to the delay of BGP detecting and propagating the failure.
This is the sequence of events:

• The Route Reflector detects the failure of the BGP session to PE11
• The Route Reflector sends BGP withdraw messages to PE1 for all prefixes, one by one
• PE1 reprograms the FIB entry for each prefix
• The overall convergence time depends on the number of prefixes. The more prefixes the longer the convergence time will be. But we
need fast BGP PIC convergence even in very large networks where summarization is used!

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Solution Unreachable Prefix Announcement
Essentially, UPA is a regular IGP update that announces the unreachability of a prefix. UPA informs the ingress PE about an
egress PE failure and enables the ingress PE to trigger BGP PIC.

The unreachability property of the prefix is carried by using an “unreachable” metric, which is already part of the ISIS
protocol definitions (According to RFC5308, any prefix advertised metric larger than MAX_V6_PATH_METRIC 0xfe000000
must not be considered during path computation and can be used for other purposes). Thus, UPA doesn’t require any
protocol extension.

The figure below shows the example network in stable state. The IGP of PE11 advertises its LSP with locator /48 into
domain 2. The ABR receives this LSP and advertises the /40 summary prefix into domain 1. PE1 receives this summary
prefix that provides reachability to PE11.

Figure 5 - UPA Stable state

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Solution Unreachable Prefix Announcement
When the ABR loses reachability to PE11 in domain 2, the ABR recognizes that the locator of PE11 is part of the summary prefix
and generates a UPA for the locator of PE11. The UPA is flooded throughout domain 1. The IGP of PE1 receives the UPA and
triggers BGP PIC for all BGP prefixes learned via PE11.

Figure 5 - UPA Remote PE failure

The goal of UPA is to notify about unreachability of prefixes so routers that are part of a remote domain can act upon this
notification. Thus, UPA prefixes are not intended to be persistent.

After some period, the ABRs automatically withdraw the UPA. This time is to allow full BGP convergence and is configurable.
For UPA to work, only the ABRs and ingress PEs routers need to be upgraded. All intermediate nodes will flood the UPA
prefix seamlessly.

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Solution Unreachable Prefix Announcement
Convergence with summarization and UPA
Unreachable Prefix Announcement configuration is very simple. It needs to be configured on the ABR – to generate the UPA route:
router isis 100
address-family ipv6 unicast
summary-prefix fccc:cc00:2000::/40 level 2 adv-unreachable

And also on the ingress PE router to react on UPA:

router isis 100
address-family ipv6 unicast
prefix-unreachable
rx-process-enable

Now we can simulate a PE11 failure and measure convergence using IXIA.
Figure 7 - Failure with summarization and UPA
We can see that the convergence time is exactly the same
as without summarization, precisely 353 milliseconds. This
is the sequence of events during that time:
1. The IGP in domain 2 detects PE11’s failure
2. The IGP floods the failure throughout domain 2
3. The ABR receives the failure information, generates a
UPA for PE11’s prefixes and sends it into domain 1
4. The IGP in domain 1 floods the UPA
5. PE1 receives the UPA and triggers BGP PIC – switching
to all preprogrammed backup paths

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Timing implement IPv6
Summarization ??
Need Discuss depend on existing network

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id

 Thank you

© Indosat Ooredoo Hutchison 2023 - www.ioh.co.id