SPRING Working Group W. Cheng Internet-Draft H. Li Intended status: Standards Track China Mobile Expires: 1 April 2023 M. Chen Huawei R. Gandhi Cisco Systems, Inc. R. Zigler Broadcom 28 September 2022 Path Segment in MPLS Based Segment Routing Network draft-ietf-spring-mpls-path-segment-08 Abstract A Segment Routing (SR) path is identified by an SR segment list. Only the complete segment list can identify the end-to-end SR path, and a sub-set of segments from the segment list cannot distinguish one SR path from another as they may be partially congruent. SR path identification is a pre-requisite for various use-cases such as Performance Measurement (PM), bidirectional paths correlation, and end-to-end 1+1 path protection. In SR for MPLS data plane (SR-MPLS), the segment identifiers are stripped from the packet through label popping as the packet transits the network. This means that when a packet reaches the egress of the SR path, it is not possible to determine on which SR path it traversed the network. This document defines a new type of segment that is referred to as Path Segment, which is used to identify an SR path in an SR-MPLS network. When used, it is inserted by the ingress node of the SR path and immediately follows the last segment identifier in the segment list of the SR path. The Path Segment is preserved until it reaches the egress node for SR path identification and correlation. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Cheng, et al. Expires 1 April 2023 [Page 1] Internet-Draft Path Segment in SR-MPLS September 2022 Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 1 April 2023. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 2. Path Segment . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Path Segment Allocation and Distribution . . . . . . . . . . 6 4. Nesting of Path Segments . . . . . . . . . . . . . . . . . . 7 5. Path Segment for Performance Measurement . . . . . . . . . . 8 6. Path Segment for Bidirectional SR Path . . . . . . . . . . . 9 7. Path Segment for End-to-end Path Protection . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative References . . . . . . . . . . . . . . . . . . 10 10.2. Informative References . . . . . . . . . . . . . . . . . 10 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Cheng, et al. Expires 1 April 2023 [Page 2] Internet-Draft Path Segment in SR-MPLS September 2022 1. Introduction Segment Routing (SR) [RFC8402] leverages the source-routing paradigm to steer packets from a source node through a controlled set of instructions, called segments, by prepending the packet with an SR header in the MPLS data plane SR-MPLS [RFC8660] through a label stack or IPv6 data plane using an SRH header via SRv6 [RFC8986] to construct an SR path. In an SR-MPLS network, when a packet is transmitted along an SR path, the labels in the MPLS label stack will be swapped or popped. So that no label or only the last label (e.g. Explicit-Null label) may be left in the MPLS label stack when the packet reaches the egress node. Thus, the egress node cannot determine along which SR path the packet came. However, to support various use-cases in SR-MPLS networks, like end- to-end 1+1 path protection (Live-Live case) [RFC4426], bidirectional path [RFC5654], or Performance Measurement (PM) [RFC7799], the ability to implement path identification on the egress node is a pre- requisite. Therefore, this document introduces a new segment type that is referred to as the Path Segment. A Path Segment is defined to uniquely identify an SR path in an SR-MPLS network. It MAY be used by the egress nodes for path identification hence to support various use-cases including SR path PM, end-to-end 1+1 SR path protection, and bidirectional SR paths correlation. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Abbreviations DM: Delay Measurement. LM: Loss Measurement. MPLS: Multiprotocol Label Switching. MSD: Maximum SID Depth. PM: Performance Measurement. Cheng, et al. Expires 1 April 2023 [Page 3] Internet-Draft Path Segment in SR-MPLS September 2022 PSID: Path Segment ID. SID: Segment ID. SL: Segment List. SR: Segment Routing. SRLB: SR Local Block SRGB: SR Global Block SR-MPLS: Instantiation of SR on the MPLS data plane. SRv6: Instantiation of SR on the IPv6 data plane. 2. Path Segment A Path Segment is a single label that is assigned from the Segment Routing Local Block (SRLB) [RFC8402] or Segment Routing Global Block (SRGB) [RFC8402] or dynamic MPLS label pool of the egress node of an SR path. Whether a Path Segment is allocated from the SRLB, SRGB, or a dynamic range depends on specific use cases. If the Path Segment is only used by the egress node to identify a SR path, the SRLB, SRGB or dynamic MPLS label pool can be used. If the Path Segment is used by an intermediate node to identify a SR path, the SRGB MUST be used. Three use cases are introduced in Section 5, 6, and 7 of this document. When a Path Segment is used, the Path Segment MUST be inserted at the ingress node and MUST immediately follow the last label of the SR path, in other words, inserted after the routing segment (adjacency/node/prefix segment) pointing to the egress node. The term of SR path used in this document is a general term that can be used to describe a SR Policy, a Candidate-Path (CP), or a Segment- List (SL) [RFC9256]. Therefore, the Path Segment may be used to identify an SR Policy, its CP, or a SL terminating on an egress node depending on the use-case. The value of the TTL field in the MPLS label stack entry containing the Path Segment MUST be set to the same value as the TTL of the last label stack entry for the last segment in the SR path. If the Path Segment is the bottom label, the S bit MUST be set. When Path Segment is not allocated from the SRGB pool, the intermediate nodes MUST not see the Path Segment label at the top of the label stack. A Path Segment presenting to an intermediate node Cheng, et al. Expires 1 April 2023 [Page 4] Internet-Draft Path Segment in SR-MPLS September 2022 in this case is an error condition. When Path Segment is allocated from the SRGB pool, an intermediate node MAY see the Path Segment label at the top of the label stack. A Path Segment can be used in the case of Penultimate Hop Popping (PHP), where some labels are be popped off at the penultimate hop of an SR path, but the Path Segment MUST NOT be popped off until it reaches at the egress node. The egress node MUST pop the Path Segment. The egress node MAY use the Path Segment for further processing. For example, when performance measurement is enabled on the SR path, it can trigger packet counting or timestamping. In some deployments, service labels may be added after the Path Segment label in the MPLS label stack. In this case, the egress node MUST be capable of processing more than one label. The additional processing required, may have an impact on forwarding performance. Generic Associated Label (GAL) is used for Operations, Administration and Maintenance (OAM) in MPLS networks [RFC5586]. When GAL is used, it MUST be added at the bottom of the label stack after the Path Segment label. Entropy label and Entropy Label Indicator (ELI) as described in [RFC8662] for SR-MPLS path, can be placed before or after the Path Segment label in the MPLS label stack. The SR path computation needs to know the Maximum SID Depth (MSD) that can be imposed at each node/link of a given SR path [RFC8664]. This ensures that the SID stack depth of a computed path does not exceed the number of SIDs the node is capable of imposing. The MSD used for path computation MUST include the Path Segment label. The label stack with Path Segment is shown in Figure 1: Cheng, et al. Expires 1 April 2023 [Page 5] Internet-Draft Path Segment in SR-MPLS September 2022 +--------------------+ | ... | +--------------------+ | Label 1 | +--------------------+ | Label 2 | +--------------------+ | ... | +--------------------+ | Label n | +--------------------+ | Path Segment | +--------------------+ | ... | +--------------------+ ~ Payload ~ +--------------------+ Figure 1: Label Stack with Path Segment Where: * The Labels 1 to n are the segment label stack used to direct how to steer the packets along the SR path. * The Path Segment identifies the SR path in the context of the egress node of the SR path. There may be multiple paths (or sub-path(s)) carried in the label stack, for each path (or sub-path), there may be a corresponding Path Segment carried. A use case can be found in Section 4. In addition, adding a Path Segment to a label stack will increase the depth of the label stack, the Path Segment should be accounted when considering Maximum SID Depth (MSD)[RFC8992]. 3. Path Segment Allocation and Distribution There are two ways that leverage a centralized controller (e.g., SDN controller) to assign and distribute the Path Segment. One is the Path Computation Element Communication Protocol (PCEP) based Path Segment allocation for SR Policy defined in [I-D.ietf-pce-sr-path-segment], the other is BGP based Path Segment allocation for SR Policy defined in [I-D.ietf-idr-sr-policy-path-segment]. For both ways, the controller MUST make sure (e.g., by some capability discovery mechanisms outside the scope of this document) that the egress node knows the Path Segment and it can process it, as well as the label does not collide Cheng, et al. Expires 1 April 2023 [Page 6] Internet-Draft Path Segment in SR-MPLS September 2022 with any label allocation done by the egress node. 4. Nesting of Path Segments Binding SID (BSID) [RFC8402] can be used for SID list compression. With BSID, an end-to-end SR path can be split into several sub-paths, each sub-path is identified by a BSID. Then an end-to-end SR path can be identified by a list of BSIDs, therefore, it can provide better scalability. BSID and Path SID (PSID) can be combined to achieve both sub-path and end-to-end path monitoring. A reference model for such a combination in (Figure 2) shows an end-to-end path (A->D) that spans three domains (Access, Aggregation and Core domain) and consists of three sub-paths, one in each sub-domain (sub-path (A->B), sub-path (B->C) and sub-path (C->D)). Each sub-path is allocated a BSID. For nesting the sub-paths, each sub-path is allocated a PSID. Then, the SID list of the end-to-end path can be expressed as , where the e-PSID is the PSID of the end-to-end path. The SID list of a sub-path can be expressed as , where the s-PSID is the PSID of the sub-path. Figure 2 shows the details of the label stacks when PSID and BSID are used to support both sub-path and end-to-end path monitoring in a multi-domain scenario. Cheng, et al. Expires 1 April 2023 [Page 7] Internet-Draft Path Segment in SR-MPLS September 2022 /--------\ /--------\ /--------\ / \ / \ / \ A{ Access }B{ Aggregation }C{ Core }D \ / \ / \ / \--------/ \--------/ \--------/ Sub-path(A->B) Sub-path(B->C) Sub-path(C->D) |<--------------->|<-------------->|<-------------->| E2E Path(A->D) |<------------------------------------------------->| +------------+ ~A->B SubPath~ +------------+ +------------+ |s-PSID(A->B)| ~B->C SubPath~ +------------+ +------------+ | BSID(B->C) | |s-PSID(B->C)| +------------+ +------------+ +------------+ | BSID(C->D) | | BSID(C->D) | ~C->D SubPath~ +------------+ +------------+ +------------+ +------------+ |e-PSID(A->D)| |e-PSID(A->D)| |e-PSID(A->D)| |e-PSID(A->D)| +------------+ +------------+ +------------+ +------------+ Figure 2: Nesting of Path Segments 5. Path Segment for Performance Measurement As defined in [RFC7799], performance measurement can be classified into Passive, Active, and Hybrid measurement. Since Path Segment is encoded in the SR-MPLS Label Stack as shown in Figure 1, existing implementation on the egress node can be leveraged for measuring packet counts using the incoming SID (the Path Segment). A different scheme such as carrying such identifier after the bottom of the label stack may require new implementation. For Passive performance measurement, path identification at the measuring points is the pre-requisite. Path Segment can be used by the measuring points (e.g., the ingress and egress nodes of the SR path or a centralized controller) to correlate the packet counts and timestamps from the ingress and egress nodes for a specific SR path, then packet loss and delay can be calculated for the end-to-end path, respectively. Path Segment can also be used for Active performance measurement for an SR path in SR-MPLS networks for collecting packet counters and timestamps from the egress node using probe messages [I-D.ietf-mpls-rfc6374-sr] and [I-D.ietf-spring-stamp-srpm]. Cheng, et al. Expires 1 April 2023 [Page 8] Internet-Draft Path Segment in SR-MPLS September 2022 Path Segment can also be used for In-situ OAM for SR-MPLS to identify the SR Path associated with the in-situ data fields in the data packets on the egress node [I-D.gandhi-mpls-ioam]. Path Segment can also be used for In-band PM for SR-MPLS to identify the SR Path associated with the collected performance metrics [I-D.ietf-mpls-inband-pm-encapsulation]. 6. Path Segment for Bidirectional SR Path In some scenarios, for example, mobile backhaul transport networks, there are requirements to support bidirectional paths, and the path is normally treated as a single entity. The both directions of the path have the same fate, for example, failure in one direction will result in switching traffic at both directions. MPLS supports this by introducing the concepts of co-routed bidirectional LSP and associated bidirectional LSP [RFC5654]. In the current SR architecture, an SR path is a unidirectional path [RFC8402]. In order to support bidirectional SR paths, a straightforward way is to bind two unidirectional SR paths to a single bidirectional SR path. Path Segments can then be used to identify and correlate the traffic for the two unidirectional SR paths at both ends of the bidirectional path. [I-D.ietf-pce-sr-bidir-path] defines procedures on how to use PCEP for SR Policy to initiate a bidirectional SR path. Also, [I-D.ietf-idr-sr-policy-path-segment] defines procedures on how to use BGP for SR Policy to initiate a bidirectional SR path. 7. Path Segment for End-to-end Path Protection For end-to-end 1+1 path protection (i.e., Live-Live case), the egress node of the path needs to know the set of paths that constitute the primary and the secondaries, in order to select the primary path packets for onward transmission, and to discard the packets from the secondaries [RFC4426]. To do this in Segment Routing, each SR path needs a path identifier that is unique at the egress node. For SR-MPLS, this can be the Path Segment label allocated by the egress node. There then needs to be a method of binding this SR path identifiers into equivalence groups such that the egress node can determine for example, the set of packets that represent a single primary path. It is obvious that this equivalence group can be instantiated in the network by an SDN controller using the Path Segments of the SR paths. Cheng, et al. Expires 1 April 2023 [Page 9] Internet-Draft Path Segment in SR-MPLS September 2022 8. Security Considerations Path Segment in SR-MPLS does not introduce any new behavior or any change in the way the MPLS data plane works. Section 8.1 of [RFC8402] describe the security consideration for SR-MPLS. Path segment is additional metadata that is added to the packet consisting of the SR path. An attacker could exploit path segment to manipulate the accounting of SR traffic at the egress. Path segment could also be used to monitor traffic patterns for the E2E paths. The control protocols used to allocate path segments could also be exploited to disseminate incorrect path segment information. Note that, the path segment is imposed at the ingress and removed at the egress boundary and is not leaked out of the administered domain. 9. IANA Considerations This document does not require any IANA actions. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing with the MPLS Data Plane", RFC 8660, DOI 10.17487/RFC8660, December 2019, . 10.2. Informative References Cheng, et al. Expires 1 April 2023 [Page 10] Internet-Draft Path Segment in SR-MPLS September 2022 [I-D.gandhi-mpls-ioam] Gandhi, R., Ali, Z., Brockners, F., Wen, B., Decraene, B., and V. Kozak, "MPLS Data Plane Encapsulation for In-situ OAM Data", Work in Progress, Internet-Draft, draft-gandhi- mpls-ioam-05, 6 July 2022, . [I-D.ietf-idr-sr-policy-path-segment] Li, C., Li, Z., Yin, Y., Cheng, W., and K. Talaulikar, "SR Policy Extensions for Path Segment and Bidirectional Path", Work in Progress, Internet-Draft, draft-ietf-idr- sr-policy-path-segment-06, 7 August 2022, . [I-D.ietf-mpls-inband-pm-encapsulation] Cheng, W., Min, X., Zhou, T., Dong, X., and Y. Peleg, "Encapsulation For MPLS Performance Measurement with Alternate Marking Method", Work in Progress, Internet- Draft, draft-ietf-mpls-inband-pm-encapsulation-03, 1 July 2022, . [I-D.ietf-mpls-rfc6374-sr] Gandhi, R., Filsfils, C., Voyer, D., Salsano, S., and M. Chen, "Performance Measurement Using RFC 6374 for Segment Routing Networks with MPLS Data Plane", Work in Progress, Internet-Draft, draft-ietf-mpls-rfc6374-sr-06, 23 August 2022, . [I-D.ietf-pce-sr-bidir-path] Li, C., Chen, M., Cheng, W., Gandhi, R., and Q. Xiong, "Path Computation Element Communication Protocol (PCEP) Extensions for Associated Bidirectional Segment Routing (SR) Paths", Work in Progress, Internet-Draft, draft-ietf- pce-sr-bidir-path-10, 31 August 2022, . Cheng, et al. Expires 1 April 2023 [Page 11] Internet-Draft Path Segment in SR-MPLS September 2022 [I-D.ietf-pce-sr-path-segment] Li, C., Chen, M., Cheng, W., Gandhi, R., and Q. Xiong, "Path Computation Element Communication Protocol (PCEP) Extension for Path Segment in Segment Routing (SR)", Work in Progress, Internet-Draft, draft-ietf-pce-sr-path- segment-06, 19 August 2022, . [I-D.ietf-spring-stamp-srpm] Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens, B., and R. Foote, "Performance Measurement Using Simple TWAMP (STAMP) for Segment Routing Networks", Work in Progress, Internet-Draft, draft-ietf-spring-stamp-srpm-05, 25 August 2022, . [RFC4426] Lang, J., Ed., Rajagopalan, B., Ed., and D. Papadimitriou, Ed., "Generalized Multi-Protocol Label Switching (GMPLS) Recovery Functional Specification", RFC 4426, DOI 10.17487/RFC4426, March 2006, . [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., "MPLS Generic Associated Channel", RFC 5586, DOI 10.17487/RFC5586, June 2009, . [RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., Sprecher, N., and S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, DOI 10.17487/RFC5654, September 2009, . [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, May 2016, . [RFC8662] Kini, S., Kompella, K., Sivabalan, S., Litkowski, S., Shakir, R., and J. Tantsura, "Entropy Label for Source Packet Routing in Networking (SPRING) Tunnels", RFC 8662, DOI 10.17487/RFC8662, December 2019, . [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., and J. Hardwick, "Path Computation Element Communication Protocol (PCEP) Extensions for Segment Routing", RFC 8664, DOI 10.17487/RFC8664, December 2019, . Cheng, et al. Expires 1 April 2023 [Page 12] Internet-Draft Path Segment in SR-MPLS September 2022 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 (SRv6) Network Programming", RFC 8986, DOI 10.17487/RFC8986, February 2021, . [RFC8992] Jiang, S., Ed., Du, Z., Carpenter, B., and Q. Sun, "Autonomic IPv6 Edge Prefix Management in Large-Scale Networks", RFC 8992, DOI 10.17487/RFC8992, May 2021, . [RFC9256] Filsfils, C., Talaulikar, K., Ed., Voyer, D., Bogdanov, A., and P. Mattes, "Segment Routing Policy Architecture", RFC 9256, DOI 10.17487/RFC9256, July 2022, . Acknowledgements The authors would like to thank Adrian Farrel, Stewart Bryant, Shuangping Zhan, Alexander Vainshtein, Andrew G. Malis, Ketan Talaulikar, Shraddha Hegde, and Loa Andersson for their review, suggestions and comments to this document. The authors would like to acknowledge the contribution from Alexander Vainshtein on "Nesting of Path Segments". Contributors The following people have substantially contributed to this document: Cheng, et al. Expires 1 April 2023 [Page 13] Internet-Draft Path Segment in SR-MPLS September 2022 Cheng Li Huawei Technologies EMail: chengli13@huawei.com Lei Wang China Mobile Email: wangleiyj@chinamobile.com Aihua Liu ZTE Corp Email: liu.aihua@zte.com.cn Greg Mirsky ZTE Corp Email: gregimirsky@gmail.com Gyan S. Mishra Verizon Inc. Email: gyan.s.mishra@verizon.com Authors' Addresses Weiqiang Cheng China Mobile Email: chengweiqiang@chinamobile.com Han Li China Mobile Email: lihan@chinamobile.com Mach(Guoyi) Chen Huawei Email: mach.chen@huawei.com Rakesh Gandhi Cisco Systems, Inc. Canada Cheng, et al. Expires 1 April 2023 [Page 14] Internet-Draft Path Segment in SR-MPLS September 2022 Email: rgandhi@cisco.com Royi Zigler Broadcom Email: royi.zigler@broadcom.com Cheng, et al. Expires 1 April 2023 [Page 15]