Nokia Service Router Linux
Release 23
Nokia Service Router Linux (SR Linux) is an open, extensible and resilient
network operating system (NOS) designed to enable superior scalability,
flexibility and efficiency in webscale, service provider, enterprise data center
and cloud environments.
Overview Architecture and
Evolving application needs and the increasing
adoption of distributed data centers is driving
building blocks
the need to rethink how data center networks are SR Linux was developed in close collaboration with
designed, deployed and operated. Nokia SR Linux some of the world’s largest data center operators.
was designed to solve challenges in modern data Its design choices were motivated by the need to
center networks, where the primary challenges provide high levels of openness, programmability
are lack of scalability, inflexibility and the need for and flexibility to meet growing DevOps and agility
operational simplification. requirements. It allows operators to scale their
data center networks while retaining flexibility and
Nokia SR Linux is a truly open and modular NOS. It
simplicity of operations.
implements a ground-up, model-driven architecture
combined with field-proven routing protocol stacks Linux-based NOS
to create a unique foundation that delivers superior
openness, extensibility and resiliency. Openness is best achieved with an underlying open
operating system such as Linux®. Nokia SR Linux is
This innovative design foundation supports superior a Linux-based NOS that builds on the Linux kernel to
telemetry, unrivaled flexibility for implementing provide a set of loosely coupled services that come
and customizing network tools and third-party together to provide the functional blocks of a NOS,
applications, and plug-and-play integration—all along with simple interfaces for their consumption.
critical features for modern data center networking.
SR Linux uses an unmodified Linux kernel as the
SR Linux is a key component of the Nokia Data foundation on which to build a suite of network
Center Fabric solution, which also includes the applications (Nokia applications as well as customer
Nokia Fabric Services System and the Nokia Data applications). This provides many benefits, including
Center platforms. reliability, portability and ease of application
development. Using an unmodified kernel speeds
the delivery of security patches to critical system
components, and leveraging a common Linux
distribution provides access to equally field-proven
management and infrastructure applications.
1 Data sheet
Nokia Service Router Linux
�Ground-up, model-driven design Modular, state-sharing and extensible
Openness cannot be an afterthought and must architecture
be designed from the foundation. Nokia SR Linux applications share state with each
SR Linux implements a truly open architecture built other via a publish/subscribe (pub/sub) architecture
around model-driven management and modern (see Figure 2). The Nokia pub/sub architecture is
interfaces for its consumption (see Figure 1). implemented using protobufs, gRPC and the Nokia
Impart Database (IDB).
Our core design approach opens up the
infrastructure by adopting emerging technologies, gRPC provides an efficient, secure communication
to allow services to expose their functionality in the channel for applications and allows native
form of generalized Remote Procedure Call (gRPC) extensions through third-party applications.
services and protocol buffers (protobufs). This IDB is a lightweight database that is optimized for
gives network applications the ability to simplify handling high volumes of messages while protecting
their internal schemas based on data modeling against any one application slowing down the whole
languages, and then expose these schemas directly system. IDB provides a reliable and scalable delivery
for consumption by northbound interfaces: any mechanism, guaranteeing delivery of updates to
object, any interface. subscribers.
SR Linux supports a variety of data center
networking chipsets through the Nokia eXtensible
Data Path (XDP). The Nokia XDP serves as a
hardware abstraction layer that speeds time-to-
market for multiple data center networking chipsets.
Figure 1. Nokia SR Linux ground-up, model-driven design for true openness
Operators Automation Monitoring Visibility
Nokia SR Linux gRPC CLI RESTCONF gNMI …
SR Linux management
YANG YANG YANG YANG YANG
Application Application Application Application Application
Hardware/network state
2 Data sheet
Nokia Service Router Linux
�Figure 2. SR Linux modular, state-sharing and extensible architecture
Management gNMI/gRPC JSON RPC Transactional/Programmable CLI gRPC CLI
Nokia YANG Customer YANG
Network BGP OSPF EVPN LLDP … FIB agent Telemetry
applications
Nokia applications Customer applications
SUB
P UB
Infrastructure Protobuf Protobuf definitions
IDB PUB NetOps Development Kit (NDK)
SUB Protobuf-based
Protobuf
SUB
PUB
Hardware eXtensible Data Path (XDP)
Field-proven protocol stacks High-availability features
A robust NOS is characterized by operating system Hardware and software high availability is crucial
software stability and its ability to support field- for ensuring maximum system uptime in data
proven, scalable and reliable software feature sets. center and cloud environments. SR Linux-enabled
Data centers are increasingly adopting leaf-spine hardware platforms support redundant fan and
fabric designs using enhanced IP routing with power configurations as well as hot-swappable,
Multiprotocol Border Gateway Protocol (MP-BGP), redundant control and fabric modules in modular
Ethernet VPN (EVPN) and Virtual Extensible LAN chassis-based hardware platforms.
(VXLAN) protocols. SR Linux supports warm reboot features that
SR Linux was designed using field-proven protocol can be used to perform a soft reset or trigger
stacks from the Nokia Service Router Operating an in-service software upgrade (ISSU). Nonstop
System (SR OS). The SR OS has a strong pedigree, forwarding (NSF) capabilities minimize data plane
with over 1.3 million routers deployed in more than outages. NSF capabilities also enable data center
1,600 IP networks, including the internet backbone hardware platforms to continue to forward packets.
and some of the largest service provider, webscale While leveraging control plane graceful restart,
and enterprise networks worldwide. peers can continue to pass traffic.
By using these field-proven protocol stacks, data
center operators can immediately benefit from the
robustness, stability, scalability and interoperability
of a proven operating system.
3 Data sheet
Nokia Service Router Linux
�Mature EVPN implementation Superior CLI programmability
The SR Linux EVPN implementation leverages Every SR Linux application (including third-party
the field-hardened Nokia SR OS and delivers the network applications) supports its own YANG
same benefits of proven EVPN resiliency, stability, model, which can be loaded into the system. With
scalability and interoperability as the extensively this design, the YANG data model is defined first,
deployed SR OS. and from it, operators can derive the command
Our enhanced EVPN feature set supports both Layer line interface (CLI), the application programming
2 and Layer 3 EVPN connectivity with VXLAN data- interfaces (APIs), and the show-output formats
plane encapsulation, EVPN host route mobility, plus related to software capabilities.
all-active and single-active EVPN multi-homing. In addition to the gNMI interface, SR Linux includes
All-active EVPN multi-homing supports up to four an advanced, Python™-based CLI and a JSON-RPC
leaf nodes per multi-homed server, compared to API for management. The CLI provides a flexible
an active-active implementation, which supports framework for accessing the system’s underlying
only two leaf nodes per multi-homed server. data models and is based on quality of life
(features that improve the operator experience)
MPLS and segment routing for data center embraced by DevOps communities.
WAN connectivity Operators can leverage CLI plugins to completely
SR Linux leverages proven MPLS protocol stacks customize the way the CLI operates, plugging in
from the Nokia SR OS. MPLS capabilities include Linux commands or pulling the state/configuration
support for Label Distribution Protocol (LDP) and from various locations and combining these with
segment routing (along with either Intermediate system state/configuration to allow advanced logic.
System-to-Intermediate System (IS-IS) or Open This capability streamlines the adoption of SR Linux
Shortest Path First Interior Gateway Protocols because the interface can be customized.
(OSPF IGPs), allowing BGP to use either LDP- or
Enhanced NDK
segment routing-based MPLS shortcuts between
data center locations. This functionality allows Nokia SR Linux allows third-party network
SR Linux to seamlessly connect IP-routed domains applications to be fully integrated into the system
within data centers across the MPLS domain in with the same functionality as Nokia applications.
the WAN. This includes consistent configuration using YANG,
telemetry support, life cycle management and
Scalable streaming telemetry visibility of system resources.
SR Linux is designed to meet the demands of The Nokia NetOps Development Kit (NDK) enables
a model-driven world where visibility—and the application developers to leverage SR Linux’s
scalability and granularity of that visibility—are underlying model-driven architecture, with a
paramount. SR Linux delivers an open, extensible simple, clean, decoupled integration. This allows
and performant infrastructure that allows the all applications in the system to support data
retrieval of fine-grained system state, setting of modeling, transactional configuration and—most
configuration, and a scalable interface to support important—massively scalable streaming telemetry.
more granular data with push-based streaming.
The NDK uses gRPC and protobufs to provide
SR Linux was built with an open, scalable telemetry maximum flexibility for languages supported and
framework at its core, internally using gRPC, backwards compatibility. This approach differs from
gRPC Network Management Interface (gNMI) and others, which are restricted to certain languages,
protobufs. Because SR Linux is natively model- versions and/or libraries.
driven, it is immediately ready for streaming
telemetry without requiring any translation layers.
4 Data sheet
Nokia Service Router Linux
�The NDK allows data center operators to teach
the network their language and respond directly Nokia Data Center platforms
to business demands—all without worrying about The Nokia portfolio of Data Center platforms
the scalability or functionality of the routing stack addresses the needs of modern data centers. The
or the underlying infrastructure. portfolio offers a broad range of high-performance
With the mindset to build for openness, common platforms for data center leaf-spine deployments.
infrastructure utilized by Nokia applications is Both modular, chassis-based platforms and fixed-
exposed, allowing a uniform operating model form-factor platforms are available.
and visibility deep into the heart of the system. The portfolio includes:
• Nokia 7250 IXR-6e/10e, 7250 IXR-6/10
Nokia Fabric Services System Interconnect Routers for data center fabrics
The Nokia Fabric Services System complements and • Nokia 7220 IXR-H series Interconnect Routers
extends the capabilities provided by our SR Linux for data center fabrics
architecture foundation. The platform provides a • Nokia 7220 IXR-D series Interconnect Routers
modern, flexible toolkit that delivers automation at for data center fabrics
scale for all phases of data center fabric operations,
including Day 0 design, Day 1 deployment and The hardware platforms implement SR Linux
Day 2+ configuration, operation, measurement features based on deployment roles and supported
and analysis of a data center fabric. use cases.
The Fabric Services System enables a full turnkey
data center solution for automation, intent-based Software features
approaches, telemetry collection and analytics. SR Linux supports, but is not limited to, the
The platform also includes a unique capability following software features. For platform-specific
(the Digital Sandbox) for emulating the live network feature details and exceptions, refer to the
in software that assists with planning, testing hardware platform data sheets.
and troubleshooting data center fabric designs.
Open Linux support
The Fabric Services System offers significant
improvements over existing fabric management • Support for unmodified Linux kernel
systems, which are rigid in their monolithic • Access to Linux tools, patching and packaging
application architecture and limited in features,
• Containerized SR Linux
flexibility and scalability.
• Linux control groups (cgroupsv2)
The system leverages Kubernetes as the base for
a highly extendable, containerized, microservices- Platform features
based platform. This includes containerized
platform functions, full access to existing • Dynamic Ternary Content Addressable Memory
Kubernetes utilities and applications, and the (TCAM) table allocation Layer 2 features
option for operators to include customized
or third-party applications within the solution.
5 Data sheet
Nokia Service Router Linux
�Layer 2 features • Interfaces: Loopback interfaces, Integrated
Routing and Bridging (IRB)
• Dot1q and untagged sub-interfaces
• Proxy Address Resolution Protocol (ARP)/neighbor
• Ethernet IEEE 802.1Q (VLAN) with support for
discover (ND)
jumbo frames
• Routing policy:
• Link aggregation: Link Aggregation Group (LAG)
and Link Aggregation Control Protocol (LACP) – Structured rules for accepting, rejecting
and modifying routes that are learned
• Link Layer Discovery Protocol (LLDP) on
and advertised to routing peers
all interfaces
– Policy-based forwarding based on DiffServ
• Media access control (MAC) loop prevention
Code Point (DSCP) and/or IP protocol
• MAC storm control
– Routes can be matched based on prefix
• Virtual routing and forwarding (VRF): MAC-VRF lists, autonomous system (AS) path regular
• MAC access control lists (ACLs) with validation: expressions, BGP communities, Address Family
accept, reject and log actions Indicator/Subsequent Address Family Indicator
(AFI/SAFI) protocol, etc.
Layer 3 features
– Route leaking between network instances
• IPv4/v6 routing
• Layer 3/Layer 4 ACLs with validation; accept,
• BGP with iBGP/eBGP: Support for IPv4/v6, reject and log actions
including:
MPLS and segment routing (SR)
– Core prefix independent convergence (PIC)
• Interface Link Distribution Protocol (LDP)
– 4-byte autonomous system number
over IPv4
– Route reflector
• SR-ISIS over IPv4/v6
– Dynamic BGP
• BGP shortcuts over LDP
– BGP unnumbered
• BGP shortcuts over SR-ISIS
– eBGP multi-hop
• MPLS QoS via EXP to forwarding class mapping
– Add-paths for IPv4 and IPv6 routes
• MPLS ACL filters
• IS-IS v4/v6
• Internet Control Message Protocol (ICMP)
• Graceful restart client for IS-IS tunneling
• OSPFv2 and OSPFv3 • ICMP extensions for MPLS
• Static routes for IPv4/v6 Network virtualization
• Equal Cost Multi-Path (ECMP) with consistent • EVPN with VXLANv4 encapsulation
and resilient hashing and configurable hash fields
• EVPN Layer 2 and Layer 3 connectivity
• IPv6 flow label hashing
• EVPN all-active multi-homing; single active
• VRF: Multiple VRF support multi-homing for Layer 2 and Layer 3
• Maintenance modes • EVPN host route mobility
• Bi-directional forwarding detection (BFD), • Provider edge customer edge (PE-CE) BGP
micro BFD (mBFD) path attribute propagation in EVPN
• EVPN IP aliasing
6 Data sheet
Nokia Service Router Linux
�QoS • Password complexity policies and lockout
management
• Intelligent packet classification, including
IPv4, IPv6 match-criteria-based classification • Access to common Linux utilities: Bash,
cron and Python
• Ingress per forwarding class sub-interface
policing • Telemetry:
• Queuing/scheduling: – Subscription-based telemetry for modeled
data structures, either on change or sampled
– Strict priority
– sFlow
– Weighted Round Robin (WRR)
– Logging infrastructure
– Weighted Random Early Detection (WRED)
• Telemetry-driven event management
– Explicit Congestion Notification (ECN)
• Python-based Zero Touch Provisioning (ZTP)
• QoS classification and marking based on DSCP
• Address management: Dynamic Host
• Ingress DSCP rewrite
Configuration Protocol (DHCP) v4/v6 relay
• QoS classification and marking based on 802.1p
• DHCP v4/v6 server with static allocations
• Multi-field classification
• Interactive mirroring
System management and automation • Unified Forwarding Tables (UFT) profiles
• Native model-driven architecture, configuration
candidates, exclusive mode, checkpoints,
NDK
rollbacks: • gRPC and protobuf-based interface for
tight integration
– Support for SR Linux and OpenConfig
data models • Leverages SR Linux model-driven architecture
• Management interfaces: gNMI, gRPC Routing • Direct access to other application functionality,
Information Base Interface (gRIBI), JSON-RPC e.g., forwarding information base (FIB), Link LLDP
and CLI (transactional, Python CLI and CLI plugins) and BFD
• gRPC network operations interface (gNOI) • Native support for streaming telemetry
• P4 runtime packet extraction and injection Resiliency
• Per-user configurable options for CLI • Support for redundant fan and power
• Local Authentication, Authorization and configurations in data center hardware platforms
Accounting (AAA) with Role Based Access • Support for hot-swappable, redundant control
Control (RBAC) and fabric modules
• Terminal Access Controller Access Control • Warm reboot to perform soft reset or trigger
System (TACACS+) AAA via privilege levels an ISSU:
• Remote Authentication Dial-In User Service – NSF
(RADIUS) support for AAA
– Graceful restart client for BGPv4/v6
7 Data sheet
Nokia Service Router Linux
�Security
Learn more
• Distributed and aggregated ACLs and
To learn more about the Data Center Fabric
policers for control and management plane
solution, see the web page.
• Layer 2 through Layer 4 Control Plane Policing
(CoPP)
• Mirroring from interface/sub-interface or
ingress ACL
• Mirroring to Switch Port Analyzer (SPAN)
and Encapsulated Remote SPAN (ERSPAN)
• IPv6 Router Advertisements (RA) guard
• MAC security (MACsec)
Timing and synchronization
• ITU-T Synchronous Ethernet (SyncE)
• IEEE 1588v2:
– Boundary clock (BC)
– Profiles: G.8275.1
– Ethernet encapsulation
• RFC 5905 Network Time Protocol (NTP)
About Nokia
At Nokia, we create technology that helps the world act together.
As a B2B technology innovation leader, we are pioneering networks that sense, think and act by leveraging our work across mobile, fixed and cloud networks. In addition,
we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.
Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable and sustainable networks today – and work with us to create the digital
services and applications of the future.
Nokia operates a policy of ongoing development and has made all reasonable efforts to ensure that the content of this document is adequate and free of material errors
and omissions. Nokia assumes no responsibility for any inaccuracies in this document and reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.
© 2023 Nokia
Nokia OYJ
Karakaari 7
02610 Espoo
Finland
Tel. +358 (0) 10 44 88 000
Document code: (April) CID207598