idnits 2.17.1 draft-dawra-idr-bgp-ls-sr-service-segments-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 16, 2018) is 2111 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-spring-segment-routing-policy' is defined on line 443, but no explicit reference was found in the text == Outdated reference: A later version (-06) exists of draft-dawra-idr-bgpls-srv6-ext-03 == Outdated reference: A later version (-02) exists of draft-xuclad-spring-sr-service-programming-00 ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-07) exists of draft-filsfils-spring-srv6-network-programming-05 == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-08 == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-04 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-01 Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Inter-Domain Routing G. Dawra, Ed. 3 Internet-Draft LinkedIn 4 Intended status: Standards Track C. Filsfils 5 Expires: January 17, 2019 Cisco Systems 6 D. Bernier 7 Bell Canada 8 J. Uttaro 9 AT&T 10 B. Decraene 11 Orange 12 H. Elmalky 13 Ericsson 14 X. Xu 15 Alibaba 16 F. Clad 17 K. Talaulikar 18 Cisco Systems 19 July 16, 2018 21 BGP-LS Advertisement of Segment Routing Service Segments 22 draft-dawra-idr-bgp-ls-sr-service-segments-00 24 Abstract 26 BGP Link-State (BGP-LS) enables distribution of topology information 27 from the network to a Path Computation Engine (PCE) or any 28 controller/application in general so it can learn the network 29 topology. Service functions are deployed as virtualized elements 30 along with network elements or on servers in data centers. The 31 advertisement of such attached service capabilities along with the 32 network nodes that they are attached to or associated with enable 33 their discovery and for programming of service paths that use these 34 service functions. Segment Routing (SR) bring in the concept of 35 segments which can be topological or service instructions. SR 36 Policies enable setup of paths which are a mix of topological and 37 service segments. 39 This document specifies the extensions to BGP-LS for discovery and 40 advertisement of service segments so as to enable setup of service 41 programming paths using Segment Routing. 43 Requirements Language 45 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 46 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 47 document are to be interpreted as described in RFC 2119 [RFC2119]. 49 Status of This Memo 51 This Internet-Draft is submitted in full conformance with the 52 provisions of BCP 78 and BCP 79. 54 Internet-Drafts are working documents of the Internet Engineering 55 Task Force (IETF). Note that other groups may also distribute 56 working documents as Internet-Drafts. The list of current Internet- 57 Drafts is at https://datatracker.ietf.org/drafts/current/. 59 Internet-Drafts are draft documents valid for a maximum of six months 60 and may be updated, replaced, or obsoleted by other documents at any 61 time. It is inappropriate to use Internet-Drafts as reference 62 material or to cite them other than as "work in progress." 64 This Internet-Draft will expire on January 17, 2019. 66 Copyright Notice 68 Copyright (c) 2018 IETF Trust and the persons identified as the 69 document authors. All rights reserved. 71 This document is subject to BCP 78 and the IETF Trust's Legal 72 Provisions Relating to IETF Documents 73 (https://trustee.ietf.org/license-info) in effect on the date of 74 publication of this document. Please review these documents 75 carefully, as they describe your rights and restrictions with respect 76 to this document. Code Components extracted from this document must 77 include Simplified BSD License text as described in Section 4.e of 78 the Trust Legal Provisions and are provided without warranty as 79 described in the Simplified BSD License. 81 Table of Contents 83 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 84 2. BGP-LS Extensions for Service Chaining . . . . . . . . . . . 4 85 3. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 7 86 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 87 4.1. Service Type Table . . . . . . . . . . . . . . . . . . . 7 88 4.2. Segment routing function Identifier(SFI) . . . . . . . . 8 89 5. Manageability Considerations . . . . . . . . . . . . . . . . 8 90 6. Operational Considerations . . . . . . . . . . . . . . . . . 8 91 6.1. Operations . . . . . . . . . . . . . . . . . . . . . . . 9 92 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 93 8. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 9 94 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 95 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 96 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 97 10.2. Informative References . . . . . . . . . . . . . . . . . 10 98 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 100 1. Introduction 102 Segments are introduced in the SR architecture 103 [I-D.ietf-spring-segment-routing]. Segment Routing based Service 104 chaining is well described in Section 6 of 105 [I-D.xuclad-spring-sr-service-programming] document with an example 106 network and services. 108 This document extend the example to add a Segment Routing Controller 109 (SR-C) to the network, for the purpose of service discovery and SR 110 policy instantiation. 112 Consider the network represented in Figure 1 below where: 114 o A and B are two end hosts using IPv4. 116 o S1 is an SR-aware firewall Service. 118 o S2 is an SR-unaware DPI Service. 120 SR-C --3-- 121 | / \ 122 | / \ 123 A----1----2----4----5----6----B 124 | | 125 | | 126 S1 S2 128 Figure 1: Network with Services 130 SR Controller (SR-C) is connected to Node 1, but may be attached to 131 any node 1-6 in the network. 133 SR-C is capable of receiving BGP-LS updates to discover topology, and 134 calculating constrained paths between 1 and 6. 136 However, if SR-C is configured to computation a constrained path from 137 1 and 6, including a DPI service (i.e., S2) it is not yet possible 138 due to the lack of service distribution. SR-C does not know where a 139 DPI Service is nor the SID for it. It does not know that S2 is a 140 service it needs. 142 This document proposes an extension to BGP-LS for Service Chaining to 143 distribute the service information to SR-C. There may be other 144 alternate mechanisms to distribute service information to SR-C and 145 are outside of scope of this document. There are no extensions 146 required in SR-TE Policy SAFI. 148 2. BGP-LS Extensions for Service Chaining 150 For an attached service, following data needs to be shared with SR-C: 152 o Service SID value (e.g. MPLS label or IPv6 address). Service SID 153 MAY only be encoded as LOC:FUNCT, where LOC is the L most 154 significant bits and FUNCT is the 128-L least significant 155 bits[I-D.filsfils-spring-srv6-network-programming]. ARGs bits, if 156 any, MAY be set to 0 in the advertised service SID. 158 o Function Identifier (Static Proxy, Dynamic Proxy, Shared Memory 159 Proxy, Masquerading Proxy, SR Aware Service etc). 161 o Service Type (DPI, Firewall, Classifier, LB etc). 163 o Traffic Type (IPv4 OR IPv6 OR Ethernet) 165 o Opaque Data (Such as brand and version, other extra information) 167 [I-D.xuclad-spring-sr-service-programming] defines SR-aware and SR- 168 unaware services. This document will reuse these definitions. Per 169 [RFC7752] Node Attributes are ONLY associated with the Node NLRI. 170 All non-VPN information SHALL be encoded using AFI 16388 / SAFI 71. 171 VPN information SHALL be encoded using AFI 16388 / SAFI 72 with 172 associated RTs. 174 This document extends SRv6 Node SID TLV 175 [I-D.dawra-idr-bgpls-srv6-ext] and SR-MPLS SID/Label TLV 176 [I-D.ietf-idr-bgp-ls-segment-routing-ext] to associate the Service 177 SID Value with Service-related Information using Service Chaining(SC) 178 Sub-TLV. 180 Function Sub-TLV [I-D.dawra-idr-bgpls-srv6-ext] of Node SID TLV 181 encodes Identifier(Function ID) along with associated Function Flags. 183 A Service Chaining (SC) Sub-TLV in Figure 2 is defined as: 185 +---------------------------------------+ 186 | Type (2 octet) | 187 +---------------------------------------+ 188 | Length (2 octet) | 189 +---------------------------------------+ 190 | Service Type(ST) (2 octet | 191 +---------------------------------------+ 192 | Flags (1 octet) | 193 +---------------------------------------+ 194 | Traffic Type(1 octet) | 195 +---------------------------------------+ 196 | RESERVED (2 octet) | 197 +---------------------------------------+ 199 Figure 2: Service Chaining(SC) Sub-TLV 201 Where: 203 Type: 16 bit field. TBD 205 Length: 16 bit field. The total length of the value portion of 206 the TLV. 208 Service Type(ST): 16bit field. Service Type: categorizes the 209 Service: (such as "Firewall", "Classifier" etc). 211 Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 212 ignored on reception. 214 Traffic Type: 8 Bit field. A bit to identify if Service is IPv4 215 OR IPv6 OR L2 Ethernet Capable. Where: 217 Bit 0(LSB): Set to 1 if Service is IPv4 Capable 219 Bit 1: Set to 1 if Service is IPv6 Capable 221 Bit 2: Set to 1 if Service is Ethernet Capable 223 RESERVED: 16bit field. SHOULD be 0 on transmission and MUST be 224 ignored on reception. 226 Service Type(ST) MUST be encoded as part of SC Sub-TLV. 228 There may be multiple instances of similar Services that needs to be 229 distinguished. For example, firewalls made by different vendors A 230 and B may need to be identified differently because, while they have 231 similar functionality, their behavior is not identical. 233 In order for SDN Controller to identify the categories of Services 234 and their associated SIDs, this section defines the BGP-LS extensions 235 required to encode these characteristics and other relevant 236 information about these Services. 238 Another Optional Opaque Metadata(OM) Sub-TLV of Node SID TLV may 239 encode vendor specific information. Multiple of OM Sub-TLVs may be 240 encoded. 242 +---------------------------------------+ 243 | Type (2 octet) | 244 +---------------------------------------+ 245 | Length (2 octet) | 246 +---------------------------------------+ 247 | Opaque Type (2 octet) | 248 +---------------------------------------+ 249 | Flags (1 octet) | 250 +---------------------------------------+ 251 | Value (variable) | 252 +---------------------------------------+ 254 Figure 3: Opaque Metadata(OM) Sub-TLV 256 o Type: 16 bit field. TBD. 258 o Length: 16 bit field. The total length of the value portion of 259 the TLV. 261 o Opaque Type: 8-bit field. Only publishers and consumers of the 262 opaque data are supposed to understand the data. 264 o Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 265 ignored on reception. 267 o Value: Variable Length. Based on the data being encoded and 268 length is recorded in length field. 270 Opaque Metadata(OM) Sub-TLV defined in Figure 3 may encode propriety 271 or Service Opaque information such as: 273 o Vendor specific Service Information. 275 o Traffic Limiting Information to particular Service Type. 277 o Opaque Information unique to the Service 279 o Propriety Enterprise Service specific Information. 281 3. Illustration 283 In our SRv6 example above Figure 1 , Node 5 is configured with an 284 SRv6 dynamic proxy segments (End.AD) C5::AD:F2 for S2. 286 The BGP-LS advertisement MUST contain and Node SID TLV: 288 o Service SID: C5::AD:F2 SID 290 o Function ID: END.AD 292 The BGP-LS advertisement MUST contain a SC Sub-TLV with: 294 o Service Type: Deep Packet Inspection(DPI) 296 o Traffic Type: IPv4 Capable. 298 The BGP-LS advertisement MAY contain a OM Sub-TLV with: 300 o Opaque Type: Cisco DPI Version 302 o Value: 3.5 304 In our example in Figure 1, using BGP SR-TE SAFI Update 305 [I-D.ietf-idr-segment-routing-te-policy], SR Controller computes the 306 candidate path and pushes the Policy. 308 SRv6 encapsulation policy < CF1::, C3::, C5::AD:F2, C6::D4:B > is 309 signaled to Node 1 which has mix of service and topological segments. 311 4. IANA Considerations 313 This document requests assigning code-points from the registry "BGP- 314 LS Node Descriptor, Link Descriptor, Prefix Descriptor, and Attribute 315 TLVs". 317 4.1. Service Type Table 319 IANA is request to create a new top-level registry called "Service 320 Type Table (STT)". Valid values are in the range 0 to 65535. Values 321 0 and 65535 are to be marked "Reserved, not to be allocated". 323 +------------+-----------------------+------------+-------------+ 324 | Service | Service | Reference | Date | 325 | Value(TBD) | | | | 326 +------------+-----------------------+------------+-------------+ 327 | 32 | Classifier | ref-to-set | date-to-set | 328 +------------+-----------------------+------------+-------------+ 329 | 33 | Firewall | ref-to-set | date-to-set | 330 +------------+-----------------------+------------+-------------+ 331 | 34 | Load Balancer | ref-to-set | date-to-set | 332 +------------+-----------------------+------------+-------------+ 333 | 35 | DPI | ref-to-set | date-to-set | 334 +------------+-----------------------+------------+-------------+ 336 Figure 4 338 4.2. Segment routing function Identifier(SFI) 340 IANA is request to extend a top-level registry called "Segment 341 Routing Function Identifier(SFI)" with new code points. This 342 document extends the SFI values defined in 343 [I-D.dawra-idr-bgpls-srv6-ext]. Details about the Service functions 344 are defined in[I-D.xuclad-spring-sr-service-programming]. 346 +--------------------------+---------------------------+ 347 | Function | Function Identifier | 348 | | | 349 +--------------------------+---------------------------+ 350 | Static Proxy | 8 | 351 +--------------------------+---------------------------+ 352 | Dynamic Proxy | 9 | 353 +--------------------------+---------------------------+ 354 | Shared Memory Proxy | 10 | 355 +--------------------------+---------------------------+ 356 | Masquerading Proxy | 11 | 357 +--------------------------+---------------------------+ 358 | SRv6 Aware Service | 12 | 359 +--------------------------+---------------------------+ 361 5. Manageability Considerations 363 This section is structured as recommended in[RFC5706] 365 6. Operational Considerations 366 6.1. Operations 368 Existing BGP and BGP-LS operational procedures apply. No additional 369 operation procedures are defined in this document. 371 7. Security Considerations 373 Procedures and protocol extensions defined in this document do not 374 affect the BGP security model. See the 'Security Considerations' 375 section of [RFC4271] for a discussion of BGP security. Also refer 376 to[RFC4272] and[RFC6952] for analysis of security issues for BGP. 378 8. Conclusions 380 This document proposes extensions to the BGP-LS to allow discovery of 381 Services using Segment Routing. 383 9. Acknowledgements 385 The authors would like to thank Krishnaswamy Ananthamurthy for his 386 review of this document. 388 10. References 390 10.1. Normative References 392 [I-D.dawra-idr-bgpls-srv6-ext] 393 Dawra, G., Filsfils, C., Talaulikar, K., Chen, M., 394 daniel.bernier@bell.ca, d., Uttaro, J., Decraene, B., and 395 H. Elmalky, "BGP Link State extensions for IPv6 Segment 396 Routing(SRv6)", draft-dawra-idr-bgpls-srv6-ext-03 (work in 397 progress), March 2018. 399 [I-D.ietf-spring-segment-routing] 400 Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., 401 Litkowski, S., and R. Shakir, "Segment Routing 402 Architecture", draft-ietf-spring-segment-routing-15 (work 403 in progress), January 2018. 405 [I-D.xuclad-spring-sr-service-programming] 406 Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, 407 d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., 408 Henderickx, W., and S. Salsano, "Service Programming with 409 Segment Routing", draft-xuclad-spring-sr-service- 410 programming-00 (work in progress), July 2018. 412 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 413 Requirement Levels", BCP 14, RFC 2119, 414 DOI 10.17487/RFC2119, March 1997, 415 . 417 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 418 S. Ray, "North-Bound Distribution of Link-State and 419 Traffic Engineering (TE) Information Using BGP", RFC 7752, 420 DOI 10.17487/RFC7752, March 2016, 421 . 423 10.2. Informative References 425 [I-D.filsfils-spring-srv6-network-programming] 426 Filsfils, C., Camarillo, P., Leddy, J., 427 daniel.voyer@bell.ca, d., Matsushima, S., and Z. Li, "SRv6 428 Network Programming", draft-filsfils-spring-srv6-network- 429 programming-05 (work in progress), July 2018. 431 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 432 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 433 and M. Chen, "BGP Link-State extensions for Segment 434 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-08 435 (work in progress), May 2018. 437 [I-D.ietf-idr-segment-routing-te-policy] 438 Previdi, S., Filsfils, C., Jain, D., Mattes, P., Rosen, 439 E., and S. Lin, "Advertising Segment Routing Policies in 440 BGP", draft-ietf-idr-segment-routing-te-policy-04 (work in 441 progress), July 2018. 443 [I-D.ietf-spring-segment-routing-policy] 444 Filsfils, C., Sivabalan, S., daniel.voyer@bell.ca, d., 445 bogdanov@google.com, b., and P. Mattes, "Segment Routing 446 Policy Architecture", draft-ietf-spring-segment-routing- 447 policy-01 (work in progress), June 2018. 449 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 450 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 451 DOI 10.17487/RFC4271, January 2006, 452 . 454 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 455 RFC 4272, DOI 10.17487/RFC4272, January 2006, 456 . 458 [RFC5706] Harrington, D., "Guidelines for Considering Operations and 459 Management of New Protocols and Protocol Extensions", 460 RFC 5706, DOI 10.17487/RFC5706, November 2009, 461 . 463 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 464 BGP, LDP, PCEP, and MSDP Issues According to the Keying 465 and Authentication for Routing Protocols (KARP) Design 466 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 467 . 469 Authors' Addresses 471 Gaurav Dawra (editor) 472 LinkedIn 473 USA 475 Email: gdawra.ietf@gmail.com 477 Clarence Filsfils 478 Cisco Systems 479 Belgium 481 Email: cfilsfil@cisco.com 483 Daniel Bernier 484 Bell Canada 485 Canada 487 Email: daniel.bernier@bell.ca 489 Jim Uttaro 490 AT&T 491 USA 493 Email: ju1738@att.com 495 Bruno Decraene 496 Orange 497 France 499 Email: bruno.decraene@orange.com 500 Hani Elmalky 501 Ericsson 502 USA 504 Email: hani.elmalky@gmail.com 506 Xiaohu Xu 507 Alibaba 509 Email: xiaohu.xxh@alibaba-inc.com 511 Francois Clad 512 Cisco Systems 513 France 515 Email: fclad@cisco.com 517 Ketan Talaulikar 518 Cisco Systems 519 India 521 Email: ketant@cisco.com