SPRING Y. Ueno, Ed. Internet-Draft NTT Communications Corporation Intended status: Standards Track R. Nakamura Expires: April 29, 2020 The University of Tokyo T. Kamata Cisco Systems, Inc. October 27, 2019 SRv6 Tagging proxy draft-eden-srv6-tagging-proxy-00 Abstract This document describes the tagging method of SRv6 proxy. SRv6 proxy is an SR endpoint behavior for processing SRv6 traffic on behalf of an SR-unaware service. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 29, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Ueno, et al. Expires April 29, 2020 [Page 1] Internet-Draft SRv6 Tagging proxy October 2019 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. SRv6 Tagging proxy . . . . . . . . . . . . . . . . . . . . . 3 3.1. SRv6 pseudocode . . . . . . . . . . . . . . . . . . . . . 4 3.1.1. Tagging proxy for inner type IPv4 . . . . . . . . . . 4 3.1.2. Tagging proxy for inner type IPv6 . . . . . . . . . . 5 4. Implementation status . . . . . . . . . . . . . . . . . . . . 5 5. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 7.1. SRv6 Endpoint Behaviors . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Segment Routing (SR) is a source routing architecture defined in [RFC8402]. SR uses segment identifiers (SIDs) to identify each entity in an SR network. SR can be applied two types of data plane, MPLS and IPv6. IPv6 based SR is called Segment Routing IPv6 (SRv6) and its header format is defined in [I-D.ietf-6man-segment-routing-header]. As for the SRv6 packets, the SIDs are embedded in packets in the form of a list with the current index of the list, called SegmentsLeft (SL). Packets with Segment Routing Headers (SRHs) are steered through the ordered list of SIDs. Note that the proxy behavior defined in this document can only be applied for SRv6 packets. Because SR can steer packets through arbitrary SR nodes, SR can be applied to Service Function Chaining (SFC). SFC, defined in [RFC7665], is an architecture that realizes the on-demand instantiation of an ordered set of service functions. Although there are differences in the specific packet steering method, SR defined in [RFC8402] can realize SFC and [I-D.xuclad-spring-sr-service-programming] describes SR proxy behaviors to integrate SR-unaware services to it. This document describes a new SRv6 proxy, called tagging proxy. The tagging proxy, which is a variant of the dynamic SR proxy, supports Ueno, et al. Expires April 29, 2020 [Page 2] Internet-Draft SRv6 Tagging proxy October 2019 both IPv4 and IPv6 and multiple service chains by one proxy instance without state management. 2. Terminology This document leverages the terminology proposed in [RFC8402], [I-D.ietf-spring-segment-routing-policy], and [I-D.xuclad-spring-sr-service-programming]. 3. SRv6 Tagging proxy The proxy is a variant of the dynamic proxy defined in [I-D.xuclad-spring-sr-service-programming]. The dynamic proxy caches the outer IPv6 header and SRH before removing it from the incoming traffic. After removal of the outer IPv6 and SRH headers, the dynamic proxy sends the traffic to an associating service and the same headers are re-attached to the traffic returning from the service. For caching outer headers, the tagging proxy uses arguments of SRv6 SIDs as indexes for cache entires. The arguments are determined by the operator to correspond one-to-one with the service chains, and the process could be automated by the network controllers. Upon receiving a packet whose active segment matches a tagging SR proxy function, the proxy node caches the IPv6 header and SRH. Corresponding cache entry for a packet is indicated by an argument part of the SRv6 SID. Every time a packet arrives, a corresponding cache entry is updated. The tagging proxy removes the IPv6 header and SRH for sending the inner packet to the SR-unaware service. At that time the tagging proxy treats the index as a "tag", that is embedded into the inner packet. As a field to embed the tag, Type of Service (ToS) is used for IPv4 packets and Traffic Class (TC) is used for IPv6 packets. Note that the argument length of the SID for tagging proxy cannot be greater than 8-bit because of the length of ToS and TC fields. When the proxy node receives the packet returning from the SR-unawre service, the proxy node pushes the IPv6 header and SRH onto the packet. The headers are retrieved from the cache entry that corresponds to the tag extracted from the ToS or TC field of the packet. A tagging SR proxy segment is associated with the following mandatory parameters: o NH-ADDR: Next hop Ethernet address (only for inner type IPv4 and IPv6) Ueno, et al. Expires April 29, 2020 [Page 3] Internet-Draft SRv6 Tagging proxy October 2019 o IFACE-OUT: Local interface for sending traffic towards the service o IFACE-IN: Local interface receiving the traffic coming back from the service A tagging SR proxy segment is thus defined for a specific service. It is also bound to a pair of directed interfaces on the proxy. These may be both directions of a single interface, or opposite directions of two different interfaces. The latter is recommended in case the service is to be used as part of a bi-directional SR SC policy. If the proxy and the service both support 802.1Q, IFACE-OUT and IFACE-IN can also represent sub-interfaces. 3.1. SRv6 pseudocode 3.1.1. Tagging proxy for inner type IPv4 Upon receiving an IPv6 packet destined for S, where S is an IPv6 tagging proxy segment for IPv4 traffic, a node N does: 1. IF NH=SRH & SL > 0 & ENH == 4 THEN 2. Cache IPv6 Header and SRH into CACHE[ARG] 3. Remove the (outer) IPv6 header and its extension headers 4. Embed ARG into the ToS field of the (inner) IPv4 header 5. Forward the exposed packet on IFACE-OUT towards NH-ADDR 6. ELSE 7. Drop the packet Upon receiving a non-link-local IPv4 packet on IFACE-IN, a node N does: 1. IF CACHE[ToS] THEN 2. Set ToS value to 0 3. Decrement TTL and update checksum of the inner IPv4 header 4. Push the IPv6 header and SRH in CACHE[ToS] 5. Set ENH value to 4 6. Update the payload length of the outer IPv6 header 7. Lookup outer DA in appropriate table and proceed accordingly 8. ELSE 9. Drop the packet Note that the proxy may cache and restore the ToS value of inner IPv4 packet in addition to outer IPv6 header and SRH if the service chain uses single ToS value. Ueno, et al. Expires April 29, 2020 [Page 4] Internet-Draft SRv6 Tagging proxy October 2019 3.1.2. Tagging proxy for inner type IPv6 Upon receiving an IPv6 packet destined for S, where S is an IPv6 tagging proxy segment for IPv6 traffic, a node N does: 1. IF NH=SRH & SL > 0 & ENH == 41 THEN 2. Cache IPv6 Header and SRH into CACHE[ARG] 3. Remove the (outer) IPv6 header and its extension headers 4. Embed ARG into the TC field of the (inner) IPv6 header 5. Forward the exposed packet on IFACE-OUT towards NH-ADDR 6. ELSE 7. Drop the packet Upon receiving a non-link-local IPv6 packet on IFACE-IN, a node N does: 1. IF CACHE[TC] THEN 2. Set TC value to 0 3. Decrement Hop Limit of the inner IPv6 header 4. Push the IPv6 header and SRH in CACHE[TC] 5. Set ENH value to 41 6. Update the payload length of the outer IPv6 header 7. Lookup outer DA in appropriate table and proceed accordingly 8. ELSE 9. Drop the packet Note that the proxy may cache and restore the TC value of inner IPv6 packet in addition to outer IPv6 header and SRH if the service chain uses single ToS value. 4. Implementation status This section is to be removed before publishing as an RFC. The tagging SR proxy is available on the below open-source implementations. o Linux XDP based implementation by Yukito Ueno o Linux kernel based implementation (out-of-tree) by Ryo Nakamura Also, both implementations were operated for the traffic of exhibitors and visitors at Interop Tokyo 2019 ShowNet. Ueno, et al. Expires April 29, 2020 [Page 5] Internet-Draft SRv6 Tagging proxy October 2019 5. Discussion This tagging proxy uses ToS or Traffic Class field as a container of an index of a cache entry. Upon receiving a packet returning from an SR-unaware service, the index is needed for the proxy node to decide which cache entry should be pushed to the packet. On the other hand, the usage is different from the original purpose of ToS and TC fields. 6. Acknowledgements The authors would like to thank all the members and contributors of Interop Tokyo 2019 ShowNet. The authors are also thankful to Francois Clad for his comments. 7. IANA Considerations 7.1. SRv6 Endpoint Behaviors This I-D requests the IANA to allocate, within the "SRv6 Endpoint Behaviors" sub-registry belonging to the top-level "Segment-routing with IPv6 dataplane (SRv6) Parameters" registry, the following allocations: Value Description Reference -------------------------------------------------------------- TBA End.AT - Tagging proxy [This.ID] 8. Security Considerations The security requirements and mechanisms described in [RFC8402], [I-D.ietf-6man-segment-routing-header] and [I-D.filsfils-spring-srv6-network-programming] also apply to this document. This document does not introduce any new security vulnerabilities. 9. References 9.1. Normative References [I-D.filsfils-spring-srv6-network-programming] Filsfils, C., Camarillo, P., Leddy, J., daniel.voyer@bell.ca, d., Matsushima, S., and Z. Li, "SRv6 Network Programming", draft-filsfils-spring-srv6-network- programming-07 (work in progress), February 2019. Ueno, et al. Expires April 29, 2020 [Page 6] Internet-Draft SRv6 Tagging proxy October 2019 [I-D.ietf-6man-segment-routing-header] Filsfils, C., Dukes, D., Previdi, S., Leddy, J., Matsushima, S., and d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header (SRH)", draft-ietf-6man-segment-routing- header-26 (work in progress), October 2019. [I-D.ietf-spring-segment-routing-policy] Filsfils, C., Sivabalan, S., daniel.voyer@bell.ca, d., bogdanov@google.com, b., and P. Mattes, "Segment Routing Policy Architecture", draft-ietf-spring-segment-routing- policy-03 (work in progress), May 2019. [I-D.xuclad-spring-sr-service-programming] Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and S. Salsano, "Service Programming with Segment Routing", draft-xuclad-spring-sr-service- programming-02 (work in progress), April 2019. [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . 9.2. Informative References [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015, . Authors' Addresses Yukito Ueno (editor) NTT Communications Corporation Tokyo JP Phone: +80 90 3085 5274 Email: yukito.ueno@ntt.com Ueno, et al. Expires April 29, 2020 [Page 7] Internet-Draft SRv6 Tagging proxy October 2019 Ryo Nakamura The University of Tokyo Tokyo JP Phone: +81 3 5841 2710 Email: upa@haeena.net Teppei Kamata Cisco Systems, Inc. Tokyo JP Email: tkamata@cisco.comt Ueno, et al. Expires April 29, 2020 [Page 8]