--- 1/draft-ietf-idr-segment-routing-te-policy-03.txt 2018-07-02 12:14:02.898121161 -0700 +++ 2/draft-ietf-idr-segment-routing-te-policy-04.txt 2018-07-02 12:14:02.970122897 -0700 @@ -1,32 +1,33 @@ Network Working Group S. Previdi, Ed. -Internet-Draft C. Filsfils -Intended status: Standards Track D. Jain, Ed. -Expires: November 19, 2018 Cisco Systems, Inc. +Internet-Draft Individual +Intended status: Standards Track C. Filsfils +Expires: January 3, 2019 D. Jain, Ed. + Cisco Systems, Inc. P. Mattes Microsoft E. Rosen Juniper Networks S. Lin Google - May 18, 2018 + July 2, 2018 Advertising Segment Routing Policies in BGP - draft-ietf-idr-segment-routing-te-policy-03 + draft-ietf-idr-segment-routing-te-policy-04 Abstract This document defines a new BGP SAFI with a new NLRI in order to advertise a candidate path of a Segment Routing Policy (SR Policy). - An SR Policy is a set of candidate paths consisting of one or more - segment lists. The headend of an SR Policy may learn multiple + An SR Policy is a set of candidate paths, each consisting of one or + more segment lists. The headend of an SR Policy may learn multiple candidate paths for an SR Policy. Candidate paths may be learned via a number of different mechanisms, e.g., CLI, NetConf, PCEP, or BGP. This document specifies the way in which BGP may be used to distribute candidate paths. New sub-TLVs for the Tunnel Encapsulation Attribute are defined. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. @@ -34,59 +35,59 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 19, 2018. + This Internet-Draft will expire on January 3, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 5 - 2. SR TE Policy Encoding . . . . . . . . . . . . . . . . . . . . 5 - 2.1. SR TE Policy SAFI and NLRI . . . . . . . . . . . . . . . 5 - 2.2. SR TE Policy and Tunnel Encapsulation Attribute . . . . . 7 + 2. SR Policy Encoding . . . . . . . . . . . . . . . . . . . . . 5 + 2.1. SR Policy SAFI and NLRI . . . . . . . . . . . . . . . . . 5 + 2.2. SR Policy and Tunnel Encapsulation Attribute . . . . . . 7 2.3. Remote Endpoint and Color . . . . . . . . . . . . . . . . 8 - 2.4. SR TE Policy Sub-TLVs . . . . . . . . . . . . . . . . . . 9 + 2.4. SR Policy Sub-TLVs . . . . . . . . . . . . . . . . . . . 9 2.4.1. Preference Sub-TLV . . . . . . . . . . . . . . . . . 9 - 2.4.2. SR TE Binding SID Sub-TLV . . . . . . . . . . . . . . 10 + 2.4.2. Binding SID Sub-TLV . . . . . . . . . . . . . . . . . 10 2.4.3. Segment List Sub-TLV . . . . . . . . . . . . . . . . 11 2.4.4. Explicit NULL Label Policy Sub-TLV . . . . . . . . . 27 2.4.5. Policy Priority Sub-TLV . . . . . . . . . . . . . . . 28 2.4.6. Policy Name Sub-TLV . . . . . . . . . . . . . . . . . 29 3. Extended Color Community . . . . . . . . . . . . . . . . . . 30 4. SR Policy Operations . . . . . . . . . . . . . . . . . . . . 30 - 4.1. Configuration and Advertisement of SR TE Policies . . . . 30 + 4.1. Configuration and Advertisement of SR Policies . . . . . 30 4.2. Reception of an SR Policy NLRI . . . . . . . . . . . . . 31 4.2.1. Acceptance of an SR Policy NLRI . . . . . . . . . . . 31 4.2.2. Usable SR Policy NLRI . . . . . . . . . . . . . . . . 32 - 4.2.3. Passing a usable SR Policy NLRI to the SRTE Process . 32 + 4.2.3. Passing a usable SR Policy NLRI to the SRPM . . . . . 32 4.2.4. Propagation of an SR Policy . . . . . . . . . . . . . 32 4.3. Flowspec and SR Policies . . . . . . . . . . . . . . . . 33 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 33 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 34 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 8.1. Existing Registry: Subsequent Address Family Identifiers (SAFI) Parameters . . . . . . . . . . . . . . . . . . . . 35 8.2. Existing Registry: BGP Tunnel Encapsulation Attribute Tunnel Types . . . . . . . . . . . . . . . . . . . . . . 35 @@ -106,58 +107,63 @@ Segment Routing (SR) allows a headend node to steer a packet flow along any path. Intermediate per-flow states are eliminated thanks to source routing [I-D.ietf-spring-segment-routing]. The headend node is said to steer a flow into a Segment Routing Policy (SR Policy). The header of a packet steered in an SR Policy is augmented with the ordered list of segments associated with that SR Policy. - [I-D.filsfils-spring-segment-routing-policy] details the concepts of - SR Policy and steering into an SR Policy. These apply equally to the + [I-D.ietf-spring-segment-routing-policy] details the concepts of SR + Policy and steering into an SR Policy. These apply equally to the MPLS and SRv6 instantiations of segment routing. - As highlighted in section 2 of - [I-D.filsfils-spring-segment-routing-policy]: + [I-D.filsfils-spring-sr-policy-considerations] describes some of the + implementation aspects of the SR Policy Headend Architecture and + introduces the notion of an SR Policy Module (SRPM) that performs the + functionality as highlighted in section 2 of + [I-D.ietf-spring-segment-routing-policy]: - o an SR policy may have multiple candidate paths learned via various - mechanisms (CLI, NetConf, PCEP or BGP); + o The SRPM may learn multiple candidate paths for an SR Policy via + various mechanisms (CLI, NetConf, PCEP or BGP). - o the SRTE process selects the best candidate path for a Policy; + o The SRPM selects the best candidate path for the SR Policy. - o the SRTE process binds a BSID to the selected path of the Policy; + o The SRPM binds a BSID to the selected candidate path of the SR + Policy. - o the SRTE process installs the selected path and its BSID in the + o The SRPM installs the selected candidate path and its BSID in the forwarding plane. This document specifies the way to use BGP to distribute one or more - of the candidate paths of an SR policy to the headend of that policy. - The SRTE process ([I-D.filsfils-spring-segment-routing-policy]) of - the headend receives candidate paths from BGP, and possibly other - sources as well, and the SRTE process then determines the selected - path of the policy. + of the candidate paths of an SR Policy to the headend of that policy. + The document identifies the functionality that resides in the BGP + process and for the functionality which is outside the scope of BGP + and lies within SRPM on the headend node, it refers to such, as + appropriate. - This document specifies a way of representing SR policies and their + This document specifies a way of representing SR Policies and their candidate paths in BGP UPDATE messages. BGP can then be used to - propagate the SR policies and candidate paths. The usual BGP rules + propagate the SR Policies and candidate paths. The usual BGP rules for BGP propagation and "bestpath selection" are used. At the headend of a specific policy, this will result in one or more candidate paths being installed into the "BGP table". These paths - are then passed to the SRTE process. The SRTE process may compare - them to candidate paths learned via other mechanisms, and will choose - one or more paths to be installed in the data plane. BGP itself does - not install SRTE candidate paths into the data plane. + are then passed to the SRPM. The SRPM may compare them to candidate + paths learned via other mechanisms, and will choose one or more paths + to be installed in the data plane. BGP itself does not install SR + Policy candidate paths into the data plane. This document defines a new BGP address family (SAFI). In UPDATE - messages of that address family, the NLRI identifies an SR policy, - and the attributes specify candidate paths of that policy. + messages of that address family, the NLRI identifies an SR Policy, + and the attributes encode the segment lists and other details of that + SR Policy. While for simplicity we may write that BGP advertises an SR Policy, it has to be understood that BGP advertises a candidate path of an SR policy and that this SR Policy might have several other candidate paths provided via BGP (via an NLRI with a different distinguisher as defined in this document), PCEP, NETCONF or local policy configuration. Typically, a controller defines the set of policies and advertise them to policy head-end routers (typically ingress routers). The @@ -185,45 +191,45 @@ head-end for the advertised policy. This is done by attaching one or more Route Target Extended Communities to the advertisement ([RFC4360]). The BGP extensions for the advertisement of SR Policies include following components: o A new Subsequent Address Family Identifier (SAFI) whose NLRI identifies an SR Policy. - o A set of new TLVs to be inserted into the Tunnel Encapsulation - Attribute (as defined in [I-D.ietf-idr-tunnel-encaps]) specifying - candidate paths of the SR policy, as well as other information - about the SR policy. + o A new Tunnel Type identifier for SR Policy, and a set of sub-TLVs + to be inserted into the Tunnel Encapsulation Attribute (as defined + in [I-D.ietf-idr-tunnel-encaps]) specifying segment lists of the + SR Policy, as well as other information about the SR Policy. o One or more IPv4 address format route-target extended community ([RFC4360]) attached to the SR Policy advertisement and that indicates the intended head-end of such SR Policy advertisement. o The Color Extended Community (as defined in [I-D.ietf-idr-tunnel-encaps]) and used in order to steer traffic into an SR Policy, as described in section 8.4 in - [I-D.filsfils-spring-segment-routing-policy]. This document + [I-D.ietf-spring-segment-routing-policy]. This document (Section 3) modifies the format of the Color Extended Community by using the two leftmost bits of the RESERVED field. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. -2. SR TE Policy Encoding +2. SR Policy Encoding -2.1. SR TE Policy SAFI and NLRI +2.1. SR Policy SAFI and NLRI A new SAFI is defined: the SR Policy SAFI, (codepoint 73 assigned by IANA (see Section 8) from the "Subsequent Address Family Identifiers (SAFI) Parameters" registry). The SR Policy SAFI uses a new NLRI defined as follows: +------------------+ | NLRI Length | 1 octet +------------------+ @@ -241,30 +247,30 @@ o Distinguisher: 4-octet value uniquely identifying the policy in the context of tuple. The distinguisher has no semantic value and is solely used by the SR Policy originator to make unique (from an NLRI perspective) multiple occurrences of the same SR Policy. o Policy Color: 4-octet value identifying (with the endpoint) the policy. The color is used to match the color of the destination prefixes to steer traffic into the SR Policy - [I-D.filsfils-spring-segment-routing-policy]. + [I-D.ietf-spring-segment-routing-policy]. o Endpoint: identifies the endpoint of a policy. The Endpoint may represent a single node or a set of nodes (e.g., an anycast address). The Endpoint is an IPv4 (4-octet) address or an IPv6 (16-octet) address according to the AFI of the NLRI. The color and endpoint are used to automate the steering of BGP - Payload prefixes on SR policy - ([I-D.filsfils-spring-segment-routing-policy]). + Payload prefixes on SR Policy as described in + [I-D.ietf-spring-segment-routing-policy]. The NLRI containing the SR Policy is carried in a BGP UPDATE message [RFC4271] using BGP multiprotocol extensions [RFC4760] with an AFI of 1 or 2 (IPv4 or IPv6) and with a SAFI of 73 (assigned by IANA from the "Subsequent Address Family Identifiers (SAFI) Parameters" registry). An update message that carries the MP_REACH_NLRI or MP_UNREACH_NLRI attribute with the SR Policy SAFI MUST also carry the BGP mandatory attributes. In addition, the BGP update message MAY also contain any @@ -285,27 +291,26 @@ with an SR Policy NLRI, will process it only if the NLRI is among the best paths as per the BGP best path selection algorithm. In other words, this document does not modify the BGP propagation or bestpath selection rules. It has to be noted that if several candidate paths of the same SR Policy (endpoint, color) are signaled via BGP to a head-end, it is recommended that each NLRI use a different distinguisher. If BGP has installed into the BGP table two advertisements whose respective NLRIs have the same color and endpoint, but different distinguishers, - both advertisements are passed to the SRTE process as different - candidate paths. In addition, the originator information - corresponding to the each candidate path, as described in section 2.4 - ([I-D.filsfils-spring-segment-routing-policy]), is passed to the SRTE - process. + both advertisements are passed to the SRPM as different candidate + paths. In addition, the originator information corresponding to the + each candidate path, as described in section 2.4 in + [I-D.ietf-spring-segment-routing-policy], is passed to the SRPM. -2.2. SR TE Policy and Tunnel Encapsulation Attribute +2.2. SR Policy and Tunnel Encapsulation Attribute The content of the SR Policy is encoded in the Tunnel Encapsulation Attribute originally defined in [I-D.ietf-idr-tunnel-encaps] using a new Tunnel-Type TLV (codepoint is 15, assigned by IANA (see Section 8) from the "BGP Tunnel Encapsulation Attribute Tunnel Types" registry). The SR Policy Encoding structure is as follows: SR Policy SAFI NLRI: @@ -353,38 +358,38 @@ The Remote Endpoint and Color sub-TLVs, as defined in [I-D.ietf-idr-tunnel-encaps], MAY also be present in the SR Policy encodings. The Remote Endpoint and Color Sub-TLVs are not used for SR Policy encodings and therefore their value is irrelevant in the context of the SR Policy SAFI NLRI. If present, the Remote Endpoint sub-TLV and the Color sub-TLV MUST be ignored by the BGP speaker. -2.4. SR TE Policy Sub-TLVs +2.4. SR Policy Sub-TLVs This section defines the SR Policy sub-TLVs. Preference, Binding SID, Segment-List, Priority, Policy Name and Explicit NULL Label Policy sub-TLVs are assigned from the "BGP Tunnel Encapsulation Attribute Sub-TLVs" registry. Weight and Segment sub-TLVs are assigned from a new registry defined in this document and called: "SR Policy List Sub-TLVs". See Section 8 for the details of the registry. 2.4.1. Preference Sub-TLV The Preference sub-TLV does not have any effect on the BGP bestpath selection or propagation procedures. The contents of this sub-TLV - are used by the SRTE process as described in section 2.9 in - ([I-D.filsfils-spring-segment-routing-policy]). + are used by the SRPM as described in section 2.7 in + [I-D.ietf-spring-segment-routing-policy]. The Preference sub-TLV is optional and it MUST NOT appear more than once in the SR Policy. If the Preference sub-TLV appears more than once, the update is considered malformed and the "treat-as-withdraw" strategy of [RFC7606] is applied. The Preference sub-TLV has following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -402,25 +407,25 @@ o Flags: 1 octet of flags. None are defined at this stage. Flags SHOULD be set to zero on transmission and MUST be ignored on receipt. o RESERVED: 1 octet of reserved bits. SHOULD be unset on transmission and MUST be ignored on receipt. o Preference: a 4-octet value. -2.4.2. SR TE Binding SID Sub-TLV +2.4.2. Binding SID Sub-TLV The Binding SID sub-TLV is not used by BGP. The contents of this - sub-TLV are used by the SRTE process as described in section 6 in - ([I-D.filsfils-spring-segment-routing-policy]). + sub-TLV are used by the SRPM as described in section 6 in + [I-D.ietf-spring-segment-routing-policy]. The Binding SID sub-TLV is optional and it MUST NOT appear more than once in the SR Policy. If the Binding SID sub-TLV appears more than once, the update is considered malformed and the "treat-as-withdraw" strategy of [RFC7606] is applied. The Binding SID sub-TLV has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -442,26 +447,26 @@ defined in this document Section 8.5): 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |S|I| | +-+-+-+-+-+-+-+-+ where: * S-Flag: This flag encodes the "Specified-BSID-only" behavior. - It is used by SRTE process as described in section 6.2.3 in - ([I-D.filsfils-spring-segment-routing-policy]). + It is used by SRPM as described in section 6.2.3 in + [I-D.ietf-spring-segment-routing-policy]. * I-Flag: This flag encodes the "Drop Upon Invalid" behavior. It - is used by SRTE process as described in section 8.2 in - ([I-D.filsfils-spring-segment-routing-policy]). + is used by SRPM as described in section 8.2 in + [I-D.ietf-spring-segment-routing-policy]. * Unused bits in the Flag octet SHOULD be set to zero upon transmission and MUST be ignored upon receipt. o RESERVED: 1 octet of reserved bits. SHOULD be unset on transmission and MUST be ignored on receipt. o Binding SID: if length is 2, then no Binding SID is present. o If length is 6 then the Binding SID contains a 4-octet SID. Below @@ -473,23 +478,23 @@ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label | TC |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ If length is 18 then the Binding SID contains a 16-octet IPv6 SID. 2.4.3. Segment List Sub-TLV The Segment List sub-TLV encodes a single explicit path towards the endpoint as described in section 5.1 in - ([I-D.filsfils-spring-segment-routing-policy]). The Segment List - sub-TLV includes the elements of the paths (i.e., segments) as well - as an optional Weight sub-TLV. + [I-D.ietf-spring-segment-routing-policy]. The Segment List sub-TLV + includes the elements of the paths (i.e., segments) as well as an + optional Weight sub-TLV. The Segment List sub-TLV may exceed 255 bytes length due to large number of segments. Therefore a 2-octet length is required. According to [I-D.ietf-idr-tunnel-encaps], the first bit of the sub- TLV codepoint defines the size of the length field. Therefore, for the Segment List sub-TLV a code point of 128 (or higher) is used. See Section 8 for details of codepoints allocation. The Segment List sub-TLV is optional and MAY appear multiple times in the SR Policy. The ordering of Segment List sub-TLVs, each sub-TLV @@ -518,29 +523,29 @@ o RESERVED: 1 octet of reserved bits. SHOULD be unset on transmission and MUST be ignored on receipt. o sub-TLVs: * An optional single Weight sub-TLV. * Zero or more Segment sub-TLVs. Validation of an explicit path encoded by the Segment List sub-TLV is - completely within the scope of SRTE process as described in section 5 - in ([I-D.filsfils-spring-segment-routing-policy]). + completely within the scope of SRPM as described in section 5 in + [I-D.ietf-spring-segment-routing-policy]. 2.4.3.1. Weight Sub-TLV - The Weight sub-TLV specifies the weight associated to a given - candidate path (i.e., a given segment list). The contents of this - sub-TLV are used only by the SRTE process as described in section - 2.11 in ([I-D.filsfils-spring-segment-routing-policy]). + The Weight sub-TLV specifies the weight associated to a given segment + list. The contents of this sub-TLV are used only by the SRPM as + described in section 2.11 in + [I-D.ietf-spring-segment-routing-policy]. The Weight sub-TLV is optional and it MUST NOT appear more than once inside the Segment List sub-TLV. If the Weight sub-TLV appears more than once, the update is considered malformed and the "treat-as- withdraw" strategy of [RFC7606] is applied. The Weight sub-TLV has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -567,24 +572,24 @@ The Segment sub-TLV describes a single segment in a segment list (i.e., a single element of the explicit path). Multiple Segment sub- TLVs constitute an explicit path of the SR Policy. The Segment sub-TLV is optional and MAY appear multiple times in the Segment List sub-TLV. The Segment sub-TLV does not have any effect on the BGP bestpath selection or propagation procedures. The contents of this sub-TLV - are used only by the SRTE process as described in section 4 in - ([I-D.filsfils-spring-segment-routing-policy]). + are used only by the SRPM as described in section 4 in + [I-D.ietf-spring-segment-routing-policy]. - [I-D.filsfils-spring-segment-routing-policy] defines several types of + [I-D.ietf-spring-segment-routing-policy] defines several types of Segments: Type 1: SID only, in the form of MPLS Label Type 2: SID only, in the form of IPv6 address Type 3: IPv4 Node Address with optional SID Type 4: IPv6 Node Address with optional SID for SR MPLS Type 5: IPv4 Address + index with optional SID Type 6: IPv4 Local and Remote addresses with optional SID Type 7: IPv6 Address + index for local and remote pair with optional SID for SR MPLS Type 8: IPv6 Local and Remote addresses with optional SID for SR MPLS @@ -695,24 +700,24 @@ o Type: 3 (to be assigned by IANA from the registry "SR Policy List Sub-TLVs" defined in this document). o Length is 6 or 10. o Flags: 1 octet of flags as defined in Section 2.4.3.2.12. o SR Algorithm: 1 octet specifying SR Algorithm as described in section 3.1.1 in [I-D.ietf-spring-segment-routing], when A-Flag as defined in Section 2.4.3.2.12 is present. SR Algorithm is used by - SRTE process as described in section 4 in - ([I-D.filsfils-spring-segment-routing-policy]). When A-Flag is - not encoded, this field SHOULD be unset on transmission and MUST - be ignored on receipt. + SRPM as described in section 4 in + [I-D.ietf-spring-segment-routing-policy]. When A-Flag is not + encoded, this field SHOULD be unset on transmission and MUST be + ignored on receipt. o IPv4 Node Address: a 4 octet IPv4 address representing a node. o SID: 4 octet MPLS label. The following applies to the Type-3 Segment sub-TLV: o The IPv4 Node Address MUST be present. o The SID is optional and specifies a 4 octet MPLS SID containing @@ -744,24 +749,24 @@ o Type: 4 (to be assigned by IANA from the registry "SR Policy List Sub-TLVs" defined in this document). o Length is 18 or 22. o Flags: 1 octet of flags as defined in Section 2.4.3.2.12. o SR Algorithm: 1 octet specifying SR Algorithm as described in section 3.1.1 in [I-D.ietf-spring-segment-routing], when A-Flag as defined in Section 2.4.3.2.12 is present. SR Algorithm is used by - SRTE process as described in section 4 in - ([I-D.filsfils-spring-segment-routing-policy]). When A-Flag is - not encoded, this field SHOULD be unset on transmission and MUST - be ignored on receipt. + SRPM as described in section 4 in + [I-D.ietf-spring-segment-routing-policy]. When A-Flag is not + encoded, this field SHOULD be unset on transmission and MUST be + ignored on receipt. o IPv6 Node Address: a 16 octet IPv6 address representing a node. o SID: 4 octet MPLS label. The following applies to the Type-4 Segment sub-TLV: o The IPv6 Node Address MUST be present. o The SID is optional and specifies a 4 octet MPLS SID containing @@ -1028,34 +1033,34 @@ o Type: 10 (to be assigned by IANA from the registry "SR Policy List Sub-TLVs" defined in this document). o Length is 18 or 34. o Flags: 1 octet of flags as defined in Section 2.4.3.2.12. o SR Algorithm: 1 octet specifying SR Algorithm as described in section 3.1.1 in [I-D.ietf-spring-segment-routing], when A-Flag as defined in Section 2.4.3.2.12 is present. SR Algorithm is used by - SRTE process as described in section 4 in - ([I-D.filsfils-spring-segment-routing-policy]). When A-Flag is - not encoded, this field SHOULD be unset on transmission and MUST - be ignored on receipt. + SRPM as described in section 4 in + [I-D.ietf-spring-segment-routing-policy]. When A-Flag is not + encoded, this field SHOULD be unset on transmission and MUST be + ignored on receipt. o IPv6 Node Address: a 16 octet IPv6 address. o SID: 16 octet IPv6 address. The following applies to the Type-9 Segment sub-TLV: o The IPv6 Node Address MUST be present. - o The SID is optional and specifies a SRv6 SID in the form of 16 + o The SID is optional and specifies an SRv6 SID in the form of 16 octet IPv6 address. o If length is 18, then only the IPv6 Node Address is present. o If length is 34, then the IPv6 Node Address and the SRv6 SID are present. 2.4.3.2.10. Type 10: IPv6 Address + Interface ID for local and remote pair for SRv6 with optional SID @@ -1108,21 +1113,21 @@ The following applies to the Type-10 Segment sub-TLV: o The Local Interface ID and the Local IPv6 Node Addresses MUST be present. o The Remote Interface ID and Remote Node Address pair is optional. If Remote Interface ID is present, the Remote Node Address MUST be present as well. Similarly, if Remote Node Address is present, the Remote Interface ID MUST be present as well. - o The SID is optional and specifies a SRv6 SID in the form of 16 + o The SID is optional and specifies an SRv6 SID in the form of 16 octet IPv6 address. o If length is 22, then the Local Interface ID, Local IPv6 Node Address, are present. o If length is 38, then the Local Interface ID, Local IPv6 Node Address and the SRv6 SID are present. o If length is 42, then the Local Interface ID, Local IPv6 Node Address, Remote Interface ID, and the Remote IPv6 Node Address are @@ -1167,21 +1172,21 @@ o Remote IPv6 Address: a 16 octet IPv6 address. o SID: 16 octet IPv6 address. The following applies to the Type-11 Segment sub-TLV: o The Local IPv6 Node Address MUST be present. o The Remote IPv6 Node Address MUST be present. - o The SID is optional and specifies a SRv6 SID in the form of 16 + o The SID is optional and specifies an SRv6 SID in the form of 16 octet IPv6 address. o If length is 34, then the Local IPv6 Node Address and the Remote IPv6 Node Address are present. o If length is 50, then the Local IPv6 Node Address, the Remote IPv6 Node Address and the SRv6 SID are present. 2.4.3.2.12. Segment Flags @@ -1189,28 +1194,28 @@ "Flags" field (codes to be assigned by IANA from the registry "SR Policy Segment Flags" defined in this document Section 8.6): 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |V|A| | +-+-+-+-+-+-+-+-+ where: - V-Flag: This flag encodes the "Segment Validation" behavior. It - is used by SRTE process as described in section 5 in - ([I-D.filsfils-spring-segment-routing-policy]). + V-Flag: This flag encodes the "Segment Verification" behavior. It + is used by SRPM as described in section 5 in + [I-D.ietf-spring-segment-routing-policy]. A-Flag: This flag indicates the presence of SR Algorithm id in the "SR Algorithm" field applicable to various Segment Types. SR - Algorithm is used by SRTE process as described in section 4 in - ([I-D.filsfils-spring-segment-routing-policy]). + Algorithm is used by SRPM as described in section 4 in + [I-D.ietf-spring-segment-routing-policy]. Unused bits in the Flag octet SHOULD be set to zero upon transmission and MUST be ignored upon receipt. The following applies to the Segment Flags: o V-Flag is applicable to all Segment Types. o A-Flag is applicable to Segment Types 3, 4 and 9. If A-Flag appears with any other Segment Type, it MUST be ignored. @@ -1222,23 +1227,22 @@ more labels onto that stack. The Explicit NULL Label Policy sub-TLV is used to indicate whether an Explicit NULL Label [RFC3032] must be pushed on an unlabeled IP packet before any other labels. If an Explicit NULL Label Policy Sub-TLV is not present, the decision of whether to push an Explicit NULL label on a given packet is a matter of local policy. - The contents of this sub-TLV are used by the SRTE process as - described in section 4.1 in - [I-D.filsfils-spring-segment-routing-policy]. + The contents of this sub-TLV are used by the SRPM as described in + section 4.1 in [I-D.ietf-spring-segment-routing-policy]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Flags | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ENLP | +-+-+-+-+-+-+-+-+ Where: @@ -1278,24 +1282,24 @@ The policy signaled in this Sub-TLV MAY be overridden by local policy. 2.4.5. Policy Priority Sub-TLV An operator MAY set the Policy Priority sub-TLV to indicate the order in which the SR policies are re-computed upon topological change. The Priority sub-TLV does not have any effect on the BGP bestpath selection or propagation procedures. The contents of this sub-TLV - are used by the SRTE process as described in section 2.11 in - ([I-D.filsfils-spring-segment-routing-policy]). + are used by the SRPM as described in section 2.11 in + [I-D.ietf-spring-segment-routing-policy]. - The Priority sub-TLV is optional and it MUST not appear more than + The Priority sub-TLV is optional and it MUST NOT appear more than once in the SR Policy TLV. If the Priority sub-TLV appears more than once, the update is considered malformed and the "treat-as-withdraw" strategy of [RFC7606] is applied. The Priority sub-TLV has following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Priority | RESERVED | @@ -1313,30 +1317,30 @@ RESERVED: 1 octet of reserved bits. SHOULD be unset on transmission and MUST be ignored on receipt. 2.4.6. Policy Name Sub-TLV An operator MAY set the Policy Name sub-TLV to attach a symbolic name to the SR Policy candidate path. Usage of Policy Name sub-TLV is described in section 2 in - ([I-D.filsfils-spring-segment-routing-policy]). + [I-D.ietf-spring-segment-routing-policy]. The Policy Name sub-TLV may exceed 255 bytes length due to long policy name. Therefore a 2-octet length is required. According to [I-D.ietf-idr-tunnel-encaps], the first bit of the sub-TLV codepoint defines the size of the length field. Therefore, for the Policy Name sub-TLV a code point of 128 (or higher) is used. See Section 8 for details of codepoints allocation. - The Policy Name sub-TLV is optional and it MUST not appear more than + The Policy Name sub-TLV is optional and it MUST NOT appear more than once in the SR Policy TLV. If the Policy Name sub-TLV appears more than once, the update is considered malformed and the "treat-as- withdraw" strategy of [RFC7606] is applied. The Policy Name sub-TLV has following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | RESERVED | @@ -1356,43 +1360,43 @@ Policy Name: Symbolic name for the policy. It SHOULD be a string of printable ASCII characters, without a NULL terminator. 3. Extended Color Community The Color Extended Community as defined in [I-D.ietf-idr-tunnel-encaps] is used to steer traffic into a policy. When the Color Extended Community is used for the purpose of steering - the traffic into an SRTE policy, the RESERVED field (as defined in + the traffic into an SR Policy, the RESERVED field (as defined in [I-D.ietf-idr-tunnel-encaps] is changed as follows: 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |C O| RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ where CO bits are defined as the "Color-Only" bits. - [I-D.filsfils-spring-segment-routing-policy]defines the influence of - these bits on the automated steering of BGP Payload traffic onto SRTE - policies. + [I-D.ietf-spring-segment-routing-policy] defines the influence of + these bits on the automated steering of BGP Payload traffic onto SR + Policies. 4. SR Policy Operations - As described in this document, the consumer of a SR Policy NLRI is + As described in this document, the consumer of an SR Policy NLRI is not the BGP process. The BGP process is in charge of the origination and propagation of the SR Policy NLRI but its installation and use is - outside the scope of BGP - ([I-D.filsfils-spring-segment-routing-policy]). + outside the scope of BGP. The details of SR Policy installation and + use can be referred from [I-D.ietf-spring-segment-routing-policy]. -4.1. Configuration and Advertisement of SR TE Policies +4.1. Configuration and Advertisement of SR Policies Typically, but not limited to, an SR Policy is configured into a controller. Multiple SR Policy NLRIs may be present with the same tuple but with different content when these SR policies are intended to different head-ends. The distinguisher of each SR Policy NLRI prevents undesired BGP route selection among these SR Policy NLRIs and allow their propagation @@ -1420,69 +1424,68 @@ o The SR Policy NLRI MUST include a distinguisher, color and endpoint field which implies that the length of the NLRI MUST be either 12 or 24 octets (depending on the address family of the endpoint). o The SR Policy update MUST have either the NO_ADVERTISE community or at least one route-target extended community in IPv4-address format. If a router supporting this document receives an SR policy update with no route-target extended communities and no - NO_ADVERTISE community, the update MUST NOT be sent to the SRTE - process. Furthermore, it SHOULD be considered to be malformed, - and the "treat-as-withdraw" strategy of [RFC7606] is applied. + NO_ADVERTISE community, the update MUST NOT be sent to the SRPM. + Furthermore, it SHOULD be considered to be malformed, and the + "treat-as-withdraw" strategy of [RFC7606] is applied. o The Tunnel Encapsulation Attribute MUST be attached to the BGP Update and MUST have a Tunnel Type TLV set to SR Policy ( codepoint is 15, assigned by IANA (see Section 8) from the "BGP Tunnel Encapsulation Attribute Tunnel Types" registry). A router that receives an SR Policy update that is not valid according to these criteria MUST treat the update as malformed. The - route MUST NOT be passed to the SRTE process, and the "treat-as- - withdraw" strategy of [RFC7606] is applied. + route MUST NOT be passed to the SRPM, and the "treat-as-withdraw" + strategy of [RFC7606] is applied. A unacceptable SR Policy update that has a valid NLRI portion with invalid attribute portion MUST be considered as a withdraw of the SR Policy. 4.2.2. Usable SR Policy NLRI If one or more route-targets are present, then at least one route- target MUST match one of the BGP Identifiers of the receiver in order for the update to be considered usable. The BGP Identifier is defined in [RFC4271] as a 4 octet IPv4 address. Therefore the route- target extended community MUST be of the same format. If one or more route-targets are present and no one matches any of the local BGP Identifiers, then, while the SR Policy NLRI is - acceptable, it is not usable. It has to be noted that if the - receiver has been explicitly configured to do so, it MAY propagate - the SR Policy NLRI to its neighbors as defined in Section 4.2.4. + acceptable, it is not usable on the receiver node. It has to be + noted that if the receiver has been explicitly configured to do so, + it MAY propagate the SR Policy NLRI to its neighbors as defined in + Section 4.2.4. - Usable SR Policy NLRIs are sent to the Segment Routing Traffic - Engineering (SRTE) process. The description of the SRTE process is - outside the scope of this document and it's described in - [I-D.filsfils-spring-segment-routing-policy]. + The SR Policy candidate paths encoded by the usable SR Policy NLRIs + are sent to the SRPM. -4.2.3. Passing a usable SR Policy NLRI to the SRTE Process +4.2.3. Passing a usable SR Policy NLRI to the SRPM Once BGP has determined that the SR Policy NLRI is usable, BGP passes - the path to the SRTE process described in - ([I-D.filsfils-spring-segment-routing-policy]). Note that, along - with the path details, BGP also passes the originator information for - breaking ties in the path-selection process as described in section - 2.4 in [I-D.filsfils-spring-segment-routing-policy]. + the SR Policy candidate path to the SRPM. Note that, along with the + candidate path details, BGP also passes the originator information + for breaking ties in the path-selection process as described in + section 2.4 in [I-D.ietf-spring-segment-routing-policy]. - The SRTE process applies the rules defined in section 2 - [I-D.filsfils-spring-segment-routing-policy] to determine whether a - path is valid and to select the best path among the valid paths. + The SRPM applies the rules defined in section 2 in + [I-D.ietf-spring-segment-routing-policy] to determine whether the SR + Policy candidate path is valid and to select the best candidate path + among the valid SR Policy candidate paths. 4.2.4. Propagation of an SR Policy By default, a BGP node receiving an SR Policy NLRI MUST NOT propagate it to any EBGP neighbor. However, a node MAY be explicitly configured to advertise a received SR Policy NLRI to neighbors according to normal BGP rules (i.e., EBGP propagation by an ASBR or iBGP propagation by a Route-Reflector). @@ -1674,58 +1677,55 @@ 8.6. New Registry: SR Policy Segment Flags This document defines a new registry called "SR Policy Segment Flags". The allocation policy of this registry is "First Come First Served (FCFS)" according to [RFC8126]. Following Flags are defined: Bit Description Reference --------------------------------------------------------------------------------- - 0 Segment Validation Flag (V-Flag) This document + 0 Segment Verification Flag (V-Flag) This document 1 SR Algorithm Flag (A-Flag) This document 2-7 Unassigned 9. Security Considerations TBD. 10. References 10.1. Normative References - [I-D.filsfils-spring-segment-routing-policy] - Filsfils, C., Sivabalan, S., Raza, K., Liste, J., Clad, - F., Talaulikar, K., Ali, Z., Hegde, S., - daniel.voyer@bell.ca, d., Lin, S., bogdanov@google.com, - b., Krol, P., Horneffer, M., Steinberg, D., Decraene, B., - Litkowski, S., and P. Mattes, "Segment Routing Policy for - Traffic Engineering", draft-filsfils-spring-segment- - routing-policy-05 (work in progress), February 2018. - [I-D.ietf-idr-tunnel-encaps] Rosen, E., Patel, K., and G. Velde, "The BGP Tunnel Encapsulation Attribute", draft-ietf-idr-tunnel-encaps-09 (work in progress), February 2018. [I-D.ietf-pce-segment-routing] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., and J. Hardwick, "PCEP Extensions for Segment Routing", - draft-ietf-pce-segment-routing-11 (work in progress), - November 2017. + draft-ietf-pce-segment-routing-12 (work in progress), June + 2018. [I-D.ietf-spring-segment-routing] Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", draft-ietf-spring-segment-routing-15 (work in progress), January 2018. + [I-D.ietf-spring-segment-routing-policy] + Filsfils, C., Sivabalan, S., daniel.voyer@bell.ca, d., + bogdanov@google.com, b., and P. Mattes, "Segment Routing + Policy Architecture", draft-ietf-spring-segment-routing- + policy-01 (work in progress), June 2018. + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, . @@ -1753,46 +1753,52 @@ RFC 7606, DOI 10.17487/RFC7606, August 2015, . [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . 10.2. Informational References + [I-D.filsfils-spring-sr-policy-considerations] + Filsfils, C., Talaulikar, K., Krol, P., Horneffer, M., and + P. Mattes, "SR Policy Implementation and Deployment + Considerations", draft-filsfils-spring-sr-policy- + considerations-01 (work in progress), June 2018. + [I-D.ietf-6man-segment-routing-header] - Previdi, S., Filsfils, C., Leddy, J., Matsushima, S., and + Filsfils, C., Previdi, S., Leddy, J., Matsushima, S., and d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header - (SRH)", draft-ietf-6man-segment-routing-header-12 (work in - progress), April 2018. + (SRH)", draft-ietf-6man-segment-routing-header-14 (work in + progress), June 2018. [I-D.ietf-idr-flowspec-redirect-ip] Uttaro, J., Haas, J., Texier, M., Andy, A., Ray, S., Simpson, A., and W. Henderickx, "BGP Flow-Spec Redirect to IP Action", draft-ietf-idr-flowspec-redirect-ip-02 (work in progress), February 2015. [RFC4456] Bates, T., Chen, E., and R. Chandra, "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)", RFC 4456, DOI 10.17487/RFC4456, April 2006, . [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016, . Authors' Addresses Stefano Previdi (editor) - Cisco Systems, Inc. + Individual IT Email: stefano@previdi.net Clarence Filsfils Cisco Systems, Inc. Brussels BE Email: cfilsfil@cisco.com