< draft-ietf-spring-conflict-resolution-00.txt   draft-ietf-spring-conflict-resolution-01.txt >
Networking Working Group L. Ginsberg Networking Working Group L. Ginsberg
Internet-Draft P. Psenak Internet-Draft P. Psenak
Intended status: Standards Track S. Previdi Intended status: Standards Track S. Previdi
Expires: November 13, 2016 Cisco Systems Expires: December 24, 2016 Cisco Systems
M. Pilka M. Pilka
Pantheon Technologies June 22, 2016
May 12, 2016
Segment Routing Conflict Resolution Segment Routing Conflict Resolution
draft-ietf-spring-conflict-resolution-00.txt draft-ietf-spring-conflict-resolution-01.txt
Abstract Abstract
In support of Segment Routing (SR) routing protocols advertise a In support of Segment Routing (SR) routing protocols advertise a
variety of identifiers used to define the segments which direct variety of identifiers used to define the segments which direct
forwarding of packets. In cases where the information advertised by forwarding of packets. In cases where the information advertised by
a given protocol instance is either internally inconsistent or a given protocol instance is either internally inconsistent or
conflicts with advertisements from another protocol instance a means conflicts with advertisements from another protocol instance a means
of achieving consistent forwarding behavior in the network is of achieving consistent forwarding behavior in the network is
required. This document defines the policies used to resolve these required. This document defines the policies used to resolve these
skipping to change at page 1, line 46 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 13, 2016. This Internet-Draft will expire on December 24, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. SR Global Block Inconsistency . . . . . . . . . . . . . . . . 3 2. SR Global Block Inconsistency . . . . . . . . . . . . . . . . 3
3. Segment Identifier Conflicts . . . . . . . . . . . . . . . . 5 3. SR-MPLS Segment Identifier Conflicts . . . . . . . . . . . . 5
3.1. Conflict Types . . . . . . . . . . . . . . . . . . . . . 5 3.1. Conflict Types . . . . . . . . . . . . . . . . . . . . . 6
3.1.1. Prefix Conflict . . . . . . . . . . . . . . . . . . . 6 3.1.1. Prefix Conflict . . . . . . . . . . . . . . . . . . . 6
3.1.2. SID Conflict . . . . . . . . . . . . . . . . . . . . 7 3.1.2. SID Conflict . . . . . . . . . . . . . . . . . . . . 8
3.2. Processing conflicting entries . . . . . . . . . . . . . 8 3.2. Processing conflicting entries . . . . . . . . . . . . . 9
3.2.1. Policy: Ignore conflicting entries . . . . . . . . . 8 3.2.1. Policy: Ignore conflicting entries . . . . . . . . . 9
3.2.2. Policy: Preference Algorithm/Quarantine . . . . . . . 9 3.2.2. Policy: Preference Algorithm/Quarantine . . . . . . . 10
3.2.3. Policy: Preference algorithm/ignore overlap only . . 9 3.2.3. Policy: Preference algorithm/ignore overlap only . . 10
3.2.4. Preference Algorithm . . . . . . . . . . . . . . . . 9 3.2.4. Preference Algorithm . . . . . . . . . . . . . . . . 10
3.2.5. Example Behavior . . . . . . . . . . . . . . . . . . 10 3.2.5. Example Behavior - Single Topology/Algorithm . . . . 11
3.2.6. Evaluation of Policy Alternatives . . . . . . . . . . 11 3.2.6. Example Behavior - Multiple Topologies . . . . . . . 12
3.2.7. Guaranteeing Database Consistency . . . . . . . . . . 11 3.2.7. Evaluation of Policy Alternatives . . . . . . . . . . 13
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12 3.2.8. Guaranteeing Database Consistency . . . . . . . . . . 14
5. IANA Consideration . . . . . . . . . . . . . . . . . . . . . 12 4. Scope of SR-MPLS SID Conflicts . . . . . . . . . . . . . . . 14
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 6. IANA Consideration . . . . . . . . . . . . . . . . . . . . . 15
7.1. Normative References . . . . . . . . . . . . . . . . . . 12 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15
7.2. Informational References . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 15
8.2. Informational References . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
Segment Routing (SR) as defined in [SR-ARCH] utilizes forwarding Segment Routing (SR) as defined in [SR-ARCH] utilizes forwarding
instructions called "segments" to direct packets through the network. instructions called "segments" to direct packets through the network.
Depending on the forwarding plane architecture in use, routing Depending on the forwarding plane architecture in use, routing
protocols advertise various identifiers which define the permissible protocols advertise various identifiers which define the permissible
values which can be used as segments, which values are assigned to values which can be used as segments, which values are assigned to
specific prefixes, etc. Where segments have global scope it is specific prefixes, etc. Where segments have global scope it is
necessary to have non-conflicting assignments - but given that the necessary to have non-conflicting assignments - but given that the
skipping to change at page 4, line 9 skipping to change at page 4, line 9
use by the advertising node in support of SR. The details of how use by the advertising node in support of SR. The details of how
protocols advertise this information can be found in the protocol protocols advertise this information can be found in the protocol
specific drafts e.g., [SR-OSPF], [SR-OSPFv3], and [SR-IS-IS]. specific drafts e.g., [SR-OSPF], [SR-OSPFv3], and [SR-IS-IS].
However the protocol independent semantics are illustrated by the However the protocol independent semantics are illustrated by the
following example: following example:
The originating router advertises the following ranges: The originating router advertises the following ranges:
Range 1: (100, 199) Range 1: (100, 199)
Range 2: (1000, 1099) Range 2: (1000, 1099)
Range 3: (500, 5990 Range 3: (500, 599)
The receiving routers concatenate the ranges and build the Segment The receiving routers concatenate the ranges and build the Segment
Routing Global Block (SRGB) as follows: Routing Global Block (SRGB) as follows:
SRGB = (100, 199) SRGB = (100, 199)
(1000, 1099) (1000, 1099)
(500, 599) (500, 599)
The indeces span multiple ranges: The indeces span multiple ranges:
skipping to change at page 5, line 5 skipping to change at page 5, line 5
other nodes. If the advertised ranges do not conform to the other nodes. If the advertised ranges do not conform to the
restrictions defined in the respective protocol specification restrictions defined in the respective protocol specification
receivers MUST ignore all advertised SRGB ranges from that node. receivers MUST ignore all advertised SRGB ranges from that node.
Operationally the node is treated as though it did not advertise any Operationally the node is treated as though it did not advertise any
SRGB ranges. [SR-MPLS] defines the procedures for mapping global SRGB ranges. [SR-MPLS] defines the procedures for mapping global
SIDs to outgoing labels. SIDs to outgoing labels.
Note that utilization of local SIDs (e.g. adjacency SIDs) advertised Note that utilization of local SIDs (e.g. adjacency SIDs) advertised
by a node is not affected by the state of the advertised SRGB. by a node is not affected by the state of the advertised SRGB.
3. Segment Identifier Conflicts 3. SR-MPLS Segment Identifier Conflicts
In support of an MPLS dataplane Segment identifiers (SIDs) are In support of an MPLS dataplane Segment identifiers (SIDs) are
advertised and associated with a given prefix. SIDs may be advertised and associated with a given prefix. SIDs may be
advertised in the prefix reachability advertisements originated by a advertised in the prefix reachability advertisements originated by a
routing protocol. SIDs may also be advertised by a Segment Routing routing protocol (PFX) . SIDs may also be advertised by a Segment
Mapping Server (SRMS). Routing Mapping Server (SRMS).
Mapping entires have an explicit context which includes the topology Mapping entries have an explicit context which includes the topology
and the SR algorithm. A generalized mapping entry can be represented and the SR algorithm. A generalized mapping entry can be represented
using the following definitions: using the following definitions:
Pi - Initial prefix Src- PFX or SRMS
Pe - End prefix Pi - Initial prefix
L - Prefix length Pe - End prefix
Lx - Maximum prefix length (32 for IPv4, 128 for IPv6) L - Prefix length
Si - Initial SID value Lx - Maximum prefix length (32 for IPv4, 128 for IPv6)
Se - End SID value Si - Initial SID value
R - Range value Se - End SID value
T - Topology R - Range value (See Note 1)
A - Algorithm T - Topology
A - Algorithm
A Mapping Entry is then the tuple: (Pi/L, Si, R, T, A) A Mapping Entry is then the tuple: (Src, Pi/L, Si, R, T, A)
Pe = (Pi + ((R-1) << (Lx-L)) Pe = (Pi + ((R-1) << (Lx-L))
Se = Si + (R-1) Se = Si + (R-1)
Note that the SID advertised in a prefix reachability advertisement NOTE 1: The SID advertised in a prefix reachability advertisement
can be more generally represented as a mapping entry with a range always has an implicit range of 1.
of 1.
Conflicts in SID advertisements may occur as a result of Conflicts in SID advertisements may occur as a result of
misconfiguration. Conflicts may occur either in the set of misconfiguration. Conflicts may occur either in the set of
advertisements originated by a single node or between advertisements advertisements originated by a single node or between advertisements
originated by different nodes. When conflicts occur, it is not originated by different nodes. Conflicts which occur within the set
possible for routers to know which of the conflicting advertisements of advertisements (P-SID and SRMS) originated by a single node SHOULD
is "correct". If a router chooses to use one of the conflicting be prevented by configuration validation on the originating node.
entries forwarding loops and/or blackholes may result unless it can
be guaranteed that all other routers in the network make the same When conflicts occur, it is not possible for routers to know which of
choice. Making the same choice requires that all routers have the conflicting advertisements is "correct". In order to avoid
identical sets of advertisements and that they all use the same forwarding loops and/or blackholes, there is a need for all nodes to
selection algorithm. resolve the conflicts in a consistent manner. This in turn requires
that all routers have identical sets of advertisements and that they
all use the same selection algorithm. This document defines
procedures to achieve these goals.
3.1. Conflict Types 3.1. Conflict Types
Various types of conflicts may occur. Two types of conflicts may occur - Prefix Conflicts and SID
Conflicts. Examples are provided in this section to illustrate these
conflict types.
3.1.1. Prefix Conflict 3.1.1. Prefix Conflict
When different SIDs are assigned to the same prefix we have a "prefix When different SIDs are assigned to the same prefix we have a "prefix
conflict". Prefix conflicts are specific to mapping entries sharing conflict". Prefix conflicts are specific to mapping entries sharing
the same topology and algorithm. Consider the following set of the same topology and algorithm.
advertisements:
(192.0.2.120/32, 200, 1, 0, 0) Example PC1
(192.0.2.120/32, 30, 1, 0, 0)
(PFX, 192.0.2.120/32, 200, 1, 0, 0)
(PFX, 192.0.2.120/32, 30, 1, 0, 0)
The prefix 192.0.2.120/32 has been assigned two different SIDs: The prefix 192.0.2.120/32 has been assigned two different SIDs:
200 by the first advertisement 200 by the first advertisement
30 by the second advertisement 30 by the second advertisement
(2001:DB8::1/128, 400, 1, 2, 0) Example PC2
(2001:DB8::1/128, 50, 1, 2, 0)
(PFX, 2001:DB8::1/128, 400, 1, 2, 0)
(PFX, 2001:DB8::1/128, 50, 1, 2, 0)
The prefix 2001:DB8::1/128 has been assigned two different SIDs: The prefix 2001:DB8::1/128 has been assigned two different SIDs:
400 by the first advertisement 400 by the first advertisement
50 by the second advertisement 50 by the second advertisement
Prefix conflicts may also occur as a result of overlapping prefix Prefix conflicts may also occur as a result of overlapping prefix
ranges. Consider the following set of advertisements: ranges.
(192.0.2.1/32, 200, 200, 0, 0) Example PC3
(192.0.2.121/32, 30, 10, 0, 0)
(SRMS, 192.0.2.1/32, 200, 200, 0, 0)
(SRMS, 192.0.2.121/32, 30, 10, 0, 0)
Prefixes 192.0.2.121/32 - 192.0.2.130/32 are assigned two Prefixes 192.0.2.121/32 - 192.0.2.130/32 are assigned two
different SIDs: different SIDs:
320 through 329 by the first advertisement 320 through 329 by the first advertisement
30 through 39 by the second advertisement 30 through 39 by the second advertisement
(2001:DB8::1/128, 400, 200, 2, 0) Example PC4
(2001:DB8::121/128, 50, 10, 2, 0) (SRMS, 2001:DB8::1/128, 400, 200, 2, 0)
(SRMS, 2001:DB8::121/128, 50, 10, 2, 0)
Prefixes 2001:DB8::121/128 - 2001:DB8::130/128 are assigned Prefixes 2001:DB8::121/128 - 2001:DB8::130/128 are assigned
two different SIDs: two different SIDs:
420 through 429 by the first advertisement 420 through 429 by the first advertisement
50 through 59 by the second advertisement 50 through 59 by the second advertisement
The second example illustrates a complication - only part of the Examples PC3 and PC4 illustrate a complication - only part of the
range advertised in the first advertisement is in conflict. It is range advertised in the first advertisement is in conflict. It is
logically possible to isolate the conflicting portion and try to use logically possible to isolate the conflicting portion and try to use
the non-conflicting portion(s) at the cost of increased the non-conflicting portion(s) at the cost of increased
implementation complexity. implementation complexity.
A variant of the overlapping prefix range is a case where we have A variant of the overlapping prefix range is a case where we have
overlapping prefix ranges but no actual SID conflict. overlapping prefix ranges but no actual SID conflict.
(192.0.2.1/32, 200, 200, 0, 0) Example PC5
(192.0.2.121/32, 320, 10, 0, 0)
(2001:DB8::1/128, 400, 200, 2, 0) (SRMS, 192.0.2.1/32, 200, 200, 0, 0)
(2001:DB8::121/128, 520, 10, 2, 0) (SRMS, 192.0.2.121/32, 320, 10, 0, 0)
(SRMS, 2001:DB8::1/128, 400, 200, 2, 0)
(SRMS, 2001:DB8::121/128, 520, 10, 2, 0)
Although there is prefix overlap between the two IPv4 entries (and Although there is prefix overlap between the two IPv4 entries (and
the two IPv6 entries) the same SID is assigned to all of the shared the two IPv6 entries) the same SID is assigned to all of the shared
prefixes by the two entries. prefixes by the two entries.
Given two mapping entries: Given two mapping entries:
(P1/L1, S1, R1, T1, A1) and (P2/L2, S2, R2, T2, A2) where P1 <= P2 (SRC, P1/L1, S1, R1, T1, A1) and
(SRC, P2/L2, S2, R2, T2, A2)
where P1 <= P2
a prefix conflict exists if all of the following are true: a prefix conflict exists if all of the following are true:
1)(T1 == T2) && (A1 == A2) 1)(T1 == T2) && (A1 == A2)
2)P1 <= P2 2)P1 <= P2
3)The prefixes are in the same address family. 3)The prefixes are in the same address family.
2)L1 == L2 2)L1 == L2
3)(P1e >= P2) && ((S1 + (P2 - P1)) != S2) 3)(P1e >= P2) && ((S1 + (P2 - P1)) != S2)
3.1.2. SID Conflict 3.1.2. SID Conflict
When the same SID has been assigned to multiple prefixes we have a When the same SID has been assigned to multiple prefixes we have a
"SID conflict". SID conflicts are independent of address-family, "SID conflict". SID conflicts are independent of address-family,
independent of prefix len, independent of topology, and independent independent of prefix len, independent of topology, and independent
of algorithm. A SID conflict occurs when a mapping entry which has of algorithm. A SID conflict occurs when a mapping entry which has
previously been checked to have no prefix conflict assigns one or previously been checked to have no prefix conflict assigns one or
more SIDs that are assigned by another entry which also has no prefix more SIDs that are assigned by another entry which also has no prefix
conflicts. Consider the following examples: conflicts.
(192.0.2.1/32, 200, 1, 0, 0) Example SC1
(192.0.2.222/32, 200, 1, 0, 0)
(PFX, 192.0.2.1/32, 200, 1, 0, 0)
(PFX, 192.0.2.222/32, 200, 1, 0, 0)
SID 200 has been assigned to 192.0.2.1/32 by the SID 200 has been assigned to 192.0.2.1/32 by the
first advertisement. first advertisement.
The second advertisement assigns SID 200 to 192.0.2.222/32. The second advertisement assigns SID 200 to 192.0.2.222/32.
(2001:DB8::1/128, 400, 1, 2, 0) Example SC2
(2001:DB8::222/128, 400, 1, 2, 0)
(PFX, 2001:DB8::1/128, 400, 1, 2, 0)
(PFX, 2001:DB8::222/128, 400, 1, 2, 0)
SID 400 has been assigned to 2001:DB8::1/128 by the SID 400 has been assigned to 2001:DB8::1/128 by the
first advertisement. first advertisement.
The second advertisement assigns SID 400 to 2001:DB8::222/128 The second advertisement assigns SID 400 to 2001:DB8::222/128
SID conflicts may also occur as a result of overlapping SID ranges. SID conflicts may also occur as a result of overlapping SID ranges.
Consider the following sets of advertisements:
(192.0.2.1/32, 200, 200, 0, 0) Example SC3
(198.51.100.1/32, 300, 10, 0, 0)
(SRMS, 192.0.2.1/32, 200, 200, 0, 0)
(SRMS, 198.51.100.1/32, 300, 10, 0, 0)
SIDs 300 - 309 have been assigned to two different prefixes. SIDs 300 - 309 have been assigned to two different prefixes.
The first advertisement assigns these SIDs The first advertisement assigns these SIDs
to 192.0.2.101/32 - 192.0.2.110/32. to 192.0.2.101/32 - 192.0.2.110/32.
The second advertisement assigns these SIDs to The second advertisement assigns these SIDs to
198.51.100.1/32 - 198.51.100.10/32. 198.51.100.1/32 - 198.51.100.10/32.
(2001:DB8::1/128, 400, 200, 2, 0) Example SC4
(2001:DB8:1::1/128, 500, 10, 2, 0) (SRMS, 2001:DB8::1/128, 400, 200, 2, 0)
(SRMS, 2001:DB8:1::1/128, 500, 10, 2, 0)
SIDs 500 - 509 have been assigned to two different prefixes. SIDs 500 - 509 have been assigned to two different prefixes.
The first advertisement assigns these SIDs to The first advertisement assigns these SIDs to
2001:DB8::101/128 - 2001:DB8::10A/128. 2001:DB8::101/128 - 2001:DB8::10A/128.
The second advertisement assigns these SIDs to The second advertisement assigns these SIDs to
2001:DB8:1::1/128 - 2001:DB8:1::A/128. 2001:DB8:1::1/128 - 2001:DB8:1::A/128.
The second example illustrates a complication - only part of the Examples SC3 and SC4 illustrate a complication - only part of the
range advertised in the first advertisement is in conflict. range advertised in the first advertisement is in conflict.
3.2. Processing conflicting entries 3.2. Processing conflicting entries
Two general approaches can be used to process conflicting entries. Two general approaches can be used to process conflicting entries.
1. Conflicting entries can be ignored 1. Conflicting entries can be ignored
2. A standard preference algorithm can be used to choose which of 2. A standard preference algorithm can be used to choose which of
the conflicting entries will be used the conflicting entries will be used
skipping to change at page 9, line 39 skipping to change at page 10, line 39
not in conflict are used in forwarding. This approach adds not in conflict are used in forwarding. This approach adds
complexity as the relationship between the derived sub-ranges of the complexity as the relationship between the derived sub-ranges of the
original mapping entry have to be associated with the original entry original mapping entry have to be associated with the original entry
- and every time some change to the advertisement database occurs the - and every time some change to the advertisement database occurs the
derived sub-ranges have to be recalculated. derived sub-ranges have to be recalculated.
3.2.4. Preference Algorithm 3.2.4. Preference Algorithm
The following algorithm is used to select the preferred mapping entry The following algorithm is used to select the preferred mapping entry
when a conflict exists. Evaluation is made in the order specified. when a conflict exists. Evaluation is made in the order specified.
Prefix conflicts are evaluated first. SID conflicts are then
evaluated on the Active entries remaining after Prefix Conflicts have
been resolved.
1. Smaller range wins 1. PFX source wins over SRMS source
2. IPv6 entry wins over IPv4 entry 2. Smaller range wins
3. Smaller algorithm wins 3. IPv6 entry wins over IPv4 entry
4. Smaller prefix length wins 4. Longer prefix length wins
5. Smaller starting address (considered as an unsigned integer 5. Smaller algorithm wins
6. Smaller starting address (considered as an unsigned integer
value) wins value) wins
6. Smaller starting SID wins 7. Smaller starting SID wins
Using smaller range as the highest priiority tie breaker makes
advertisements with a range of 1 the most preferred. This associates
a high priority to SID advertisements associated with protocol prefix
advertisements as these always have an implict range of one. SR
mapping server advertisements (SRMS entries) may have any configured
range - but in cases where they have a range greater than 1 they will
be less preferred as compared to any SIDs in prefix advertisements.
This has the nice property that a single misconfiguration of an SRMS
entry with a large range will not be preferred over a large number of
SIDs advertised in prefix reachability advertisements.
3.2.5. Example Behavior 8. If topology IDs are NOT identical both entries MUST be ignored
Using smaller range as the highest priority tie breaker makes
advertisements with a range of 1 the most preferred. This has the
nice property that a single misconfiguration of an SRMS entry with a
large range will not be preferred over a large number of
advertisements with smaller ranges.
Since topology identifiers are locally scoped, it is not possible to
make a consistent choice network wide when all elements of a mapping
entry are identical except for the topology. This is why both
entries MUST be ignored in such cases (Rule #8 above). Note that
Rule #8 only applies when considering SID conflicts since Prefix
conflicts are restricted to a single topology.
3.2.5. Example Behavior - Single Topology/Algorithm
The following mapping entries exist:in the database. For brevity, The following mapping entries exist:in the database. For brevity,
Topology/Algorithm is omitted and assumed to be (0,0) in all entries. Topology/Algorithm is omitted and assumed to be (0,0) in all entries.
1. (192.0.2.1/32, 100, 1) 1. (PFX, 192.0.2.1/32, 100, 1)
2. (198.51.100.1/32, 200, 1) 2. (PFX, 192.0.2.101/32, 200, 1)
3. (203.0.113.1/32, 400, 300) !Prefix conflict with entries 1 and 2 3. (SRMS, 192.0.2.1/32, 400, 255) !Prefix conflict with entries 1
and 2
4. (198.51.100.40/32, 200,1) !SID conflict with entry 2 4. (SRMS, 198.51.100.40/32, 200,1) !SID conflict with entry 2
The table below shows what mapping entries will be used in the The table below shows what mapping entries will be used in the
forwarding plane (Active) and which ones will not be used (Excluded) forwarding plane (Active) and which ones will not be used (Excluded)
unde rthe three candidate policies: under the three candidate policies:
+-----------------------------------------------------------------+ +--------------------------------------------------------------------+
| Policy | Active Entries | Excluded Entries | |Policy | Active Entries | Excluded Entries |
+-----------------------------------------------------------------+ +--------------------------------------------------------------------+
| Ignore | | (192.0.2.1/32,100,1) | |Ignore | |(PFX,192.0.2.1/32,100,1) |
| | | (198.51.100.1/32,200,1) | | | |(PFX,192.0.2.101/32,200,1) |
| | | (203.0.113.1/32,400,300)| | | |(SRMS,192.0.2.1/32,400,255) |
| | | (199.51.100.40/32,200,1)| | | |(SRMS,198.51.100.40/32,200,1)|
+-----------------------------------------------------------------+ +--------------------------------------------------------------------+
| Quarantine | (192.0.1.1/32,100,1) | (203.0.113.1/32,400,300)| |Quarantine|(PFX,192.0.1.1/32,100,1) |(SRMS,192.0.2.1/32,400,255) |
| | (198.51.100.1/32,200,1) | (198.51.100.40/32,100,1)| | |(PFX,192.0.2.101/32,200,1) |(SRMS,198.51.100.40/32,200,1)|
+-----------------------------------------------------------------+ +--------------------------------------------------------------------+
| Overlap- | (192.0.2.1/32,100,1) | (198.51.100.40/32,200,1)| |Overlap- |(PFX,192.0.2.1/32,100,1) |(SRMS,198.51.100.40/32,200,1)|
| Only | (198.51.100.1/32,200,1) |*(203.0.113.1/32,400,1) | | Only |(PFX,192.0.2.101/32,200,1) |*(SRMS,192.0.2.1/32,400,1) |
| |*(203.0.113.2/32,401,255)|*(203.0.114.2/32,655,1) | | |*(SRMS,192.0.2.2/32,401,99)|*(SRMS,192.0.2.101/32,500,1) |
| |*(203.0.113.3/32,656,43) | | | |*(SRMS,192.0.2.102/32, |
+-----------------------------------------------------------------+ | | 501,153) | |
+--------------------------------------------------------------------+
* Derived from (192.0.1.1/32,400,300) * Derived from (SRMS,192.0.2.1/32,400,300)
3.2.6. Evaluation of Policy Alternatives 3.2.6. Example Behavior - Multiple Topologies
When using a preference rule the order in which conflict resolution
is applied has an impact on what entries are usable when entries for
multiple topologies (or algorithms) are present. The following
mapping entries exist in the database:
1. (PFX, 192.0.2.1/32, 100, 1, 0, 0) !Topology 0
2. (PFX, 192.0.2.1/32, 200, 1, 0, 0) !Topology 0, Prefix Conflict
with entry #1
3. (PFX, 198.51.100.40/32, 200,1,1,0) ! Topology 1, SID conflict
with entry 2
The table below shows what mapping entries will be used in the
forwarding plane (Active) and which ones will not be used (Excluded)
under the Quarantine Policy based on the order in which conflict
resolution is applied.
+------------------------------------------------------------------+
|Order | Active Entries | Excluded Entries |
+------------------------------------------------------------------+
|Prefix- |(PFX,192.0.2.1/32,100,1,0,0)|(PFX,192.0.2.101/32,200,1,0)|
|Conflict|(PFX,198.51.100.40/32,200,1,| |
|First | 1,0) | |
+------------------------------------------------------------------+
|SID- |(PFX,192.0.2.1/32,100,1,0,0)|(PFX,192.0.2.101/32,200,1,0)|
|Conflict| |(PFX,198.51.100.40/32,200,1,|
|First | | 1,0) |
+------------------------------------------------------------------+
This illustrates the advantage of evaluating prefix conflicts within
a given topology (or algorithm) before evaluating topology (or
algorithm) independent SID conflicts. It insures that entries which
will be excluded based on intratopology preference will not prevent a
SID assigned in another topology from being considered Active.
3.2.7. Evaluation of Policy Alternatives
The previous sections have defined three alternatives for resolving The previous sections have defined three alternatives for resolving
conflicts - ignore, quarantine, and ignore overlap-only. conflicts - ignore, quarantine, and ignore overlap-only.
The ignore policy impacts the greatest amount of traffic as The ignore policy impacts the greatest amount of traffic as
forwarding to all destinations which have a conflict is affected. forwarding to all destinations which have a conflict is affected.
Quarantine allows forwarding for some destinations which have a Quarantine allows forwarding for some destinations which have a
conflict to be supported. The bias is for mapping entries with the conflict to be supported.
smallest range (typically - but not exclusively SIDs advertised in
prefix reachability advertisements) to be forwarded while the
destinations included in mapping entries with a larger range but NOT
covered by entries with a smaller range with not be forwarded.
Ignore overlap-only maximizes the destinations which will be Ignore overlap-only maximizes the destinations which will be
forwarded as all destinations covered by some mapping entry forwarded as all destinations covered by some mapping entry
(regardless of range) will be able to use the SID assigned by the (regardless of range) will be able to use the SID assigned by the
winning range. This alternative increases implementation complexity winning range. This alternative increases implementation complexity
as comapred to quarantine. Mapping entries with a range greater than as compared to quarantine. Mapping entries with a range greater than
1 which are in conflict with mapping entries having a smaller range 1 which are in conflict with other mapping entries have to internally
have to internally be split into 2 or more "derived mapping entries". be split into 2 or more "derived mapping entries". The derived
The derived mapping entries then fall into two categories - those mapping entries then fall into two categories - those that are in
that are in conflict with a mapping entry of smaller range - and conflict with other mapping entries and those which are NOT in
those which are NOT in conflict with an entry with smaller range. conflict. The former are ignored and the latter are used. Each time
The former are ignored and the latter are used. Each time the the underived mapping database is updated the derived entries have to
underived mapping database is updated the derived entries have to be be recomputed based on the updated database. Internal data
recomputed based on the updated database. Internal data structures structures have to be maintained which maintain the relationship
have to be maintained which maintain the relationship between the between the advertised mapping entry and the set of derived mapping
advertised mapping entry and the set of derived mapping entries. All entries. All nodes in the network have to achieve the same behavior
nodes in the network have to achieve the same behavior regardless of regardless of implementation internals.
implementation internals.
There is then a tradeoff between a goal of maximizing traffic There is then a tradeoff between a goal of maximizing traffic
delivery and the risks associated with increased implementation delivery and the risks associated with increased implementation
complexity. complexity.
It is the opinion of the authors that "quarantine" is the best It is the opinion of the authors that "quarantine" is the best
alternative. alternative.
3.2.7. Guaranteeing Database Consistency 3.2.8. Guaranteeing Database Consistency
In order to obtain consistent active entries all nodes in a network In order to obtain consistent active entries all nodes in a network
MUST have the same mapping entry database. Mapping entries can be MUST have the same mapping entry database. Mapping entries can be
obtained from a variety of sources. obtained from a variety of sources.
o SIDs can be configured locally for prefixes assigned to interfaces o SIDs can be configured locally for prefixes assigned to interfaces
on the router itself. Only SIDs which are advertised to protocol on the router itself. Only SIDs which are advertised to protocol
peers can be considered as part of the nmapping entry database. peers can be considered as part of the mapping entry database.
o SIDs can be received in prefix reachability advertisements from o SIDs can be received in prefix reachability advertisements from
protocol peers. These advertisements may originate from peers protocol peers. These advertisements may originate from peers
local to the area or be leaked from other areas and/or local to the area or be leaked from other areas and/or
redistributed from other routing protocols. redistributed from other routing protocols.
o SIDs can be received from SRMS advertisements - these o SIDs can be received from SRMS advertisements - these
advertisements can originate from routers local to the area or advertisements can originate from routers local to the area or
leaked from other areas leaked from other areas
o In cases where multiple routing protocols are in use mapping o In cases where multiple routing protocols are in use mapping
entries advertised by all routing protocols MUST be included. entries advertised by all routing protocols MUST be included.
4. Security Considerations 4. Scope of SR-MPLS SID Conflicts
The previous section defines the types of SID conflicts and
procedures to resolve such conflicts when using an MPLS dataplane.
The mapping entry database used MUST be populated with entries for
destinations for which the associated SID will be used to derive the
labels installed in the forwarding plane of routers in the network.
This consists of entries associated with intra-domain routes.
There are cases where destinations which are external to the domain
are advertised by protocol speakers running within that network - and
it is possible that those advertisements have SIDs associated with
those destinations. However, if reachability to a destination is
topologically outside the forwarding domain of the protocol instance
then the SIDs for such destinations will never be installed in the
forwarding plane of any router within the domain - so such
advertisements cannot create a SID conflict within the domain. Such
entries therefore MUST NOT be installed in the database used for
intra-domain conflict resolution.
Consider the case of two sites "A and B" associated with a given
[RFC4364] VPN. Connectivity between the sites is via a provider
backbone. SIDs associated with destinations in Site A will never be
installed in the forwarding plane of routers in Site B. Reachability
between the sites (assuming SR is being used across the backbone)
only requires using a SID associated with a gateway PE. So a
destination in Site A MAY use the same SID as a destination in Site B
without introducing any conflict in the forwarding plane of routers
in Site A.
Such cases are handled by insuring that the mapping entries in the
database used by the procedures defined in the previous section only
include entries associated with advertisements within the site.
5. Security Considerations
TBD TBD
5. IANA Consideration 6. IANA Consideration
This document has no actions for IANA. This document has no actions for IANA.
6. Acknowledgements 7. Acknowledgements
The authors would like to thank Jeff Tantsura, Wim Henderickx, and The authors would like to thank Jeff Tantsura, Wim Henderickx, and
Bruno Decraene for their careful review and content suggestions.. Bruno Decraene for their careful review and content suggestions.
7. References 8. References
7.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <http://www.rfc-editor.org/info/rfc4364>.
[SR-IS-IS] [SR-IS-IS]
"IS-IS Extensions for Segment Routing, draft-ietf-isis- "IS-IS Extensions for Segment Routing, draft-ietf-isis-
segment-routing-extensions-06(work in progress)", December segment-routing-extensions-07(work in progress)", June
2015. 2016.
[SR-MPLS] "Segment Routing with MPLS dataplane, draft-ietf-spring- [SR-MPLS] "Segment Routing with MPLS dataplane, draft-ietf-spring-
segment-routing-mpls-04(work in progress)", March 2016. segment-routing-mpls-04(work in progress)", March 2016.
[SR-OSPF] "OSPF Extensions for Segment Routing, draft-ietf-ospf- [SR-OSPF] "OSPF Extensions for Segment Routing, draft-ietf-ospf-
segment-routing-extensions-08(work in progress)", May segment-routing-extensions-08(work in progress)", May
2016. 2016.
[SR-OSPFv3] [SR-OSPFv3]
"OSPFv3 Extensions for Segment Routing, draft-ietf-ospf- "OSPFv3 Extensions for Segment Routing, draft-ietf-ospf-
ospfv3-segment-routing-extensions-05(work in progress)", ospfv3-segment-routing-extensions-05(work in progress)",
March 2016. March 2016.
7.2. Informational References 8.2. Informational References
[SR-ARCH] "Segment Routing Architecture, draft-ietf-spring-segment- [SR-ARCH] "Segment Routing Architecture, draft-ietf-spring-segment-
routing-08(work in progress)", May 2016. routing-08(work in progress)", May 2016.
Authors' Addresses Authors' Addresses
Les Ginsberg Les Ginsberg
Cisco Systems Cisco Systems
510 McCarthy Blvd. 510 McCarthy Blvd.
Milpitas, CA 95035 Milpitas, CA 95035
skipping to change at page 13, line 46 skipping to change at page 16, line 46
Stefano Previdi Stefano Previdi
Cisco Systems Cisco Systems
Via Del Serafico 200 Via Del Serafico 200
Rome 0144 Rome 0144
Italy Italy
Email: sprevidi@cisco.com Email: sprevidi@cisco.com
Martin Pilka Martin Pilka
Pantheon Technologies
Email: martin@pantheon.tech Email: martin@infobox.sk
 End of changes. 64 change blocks. 
150 lines changed or deleted 255 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/