idnits 2.17.1 draft-dawra-idr-bgp-ls-sr-service-segments-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 7, 2020) is 1572 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-16 == Outdated reference: A later version (-14) exists of draft-ietf-idr-bgpls-srv6-ext-01 == Outdated reference: A later version (-09) exists of draft-ietf-spring-sr-service-programming-01 == Outdated reference: A later version (-28) exists of draft-ietf-spring-srv6-network-programming-07 ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-08 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-06 Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Inter-Domain Routing G. Dawra, Ed. 3 Internet-Draft LinkedIn 4 Intended status: Standards Track C. Filsfils 5 Expires: July 10, 2020 K. Talaulikar, Ed. 6 F. Clad 7 Cisco Systems 8 D. Bernier 9 Bell Canada 10 J. Uttaro 11 AT&T 12 B. Decraene 13 Orange 14 H. Elmalky 15 Ericsson 16 X. Xu 17 Alibaba 18 J. Guichard 19 Futurewei Technologies 20 C. Li 21 Huawei Technologies 22 January 7, 2020 24 BGP-LS Advertisement of Segment Routing Service Segments 25 draft-dawra-idr-bgp-ls-sr-service-segments-03 27 Abstract 29 BGP Link-State (BGP-LS) enables distribution of topology information 30 from the network to a Path Computation Engine (PCE) or any 31 controller/application in general so it can learn the network 32 topology. Service functions are deployed as, physical or virtualized 33 elements along with network elements or on servers in data centers. 34 The advertisement of such attached service capabilities along with 35 the network nodes that they are attached to or associated with 36 enables their discovery and the programming of service paths that use 37 these service functions. Segment Routing (SR) brings in the concept 38 of segments which can be topological or service instructions. SR 39 Policies enable the setup of paths which are a mix of topological and 40 service segments. 42 This document specifies the extensions to BGP-LS for discovery and 43 advertisement of service segments to enable the setup of service 44 programming paths using Segment Routing. 46 Status of This Memo 48 This Internet-Draft is submitted in full conformance with the 49 provisions of BCP 78 and BCP 79. 51 Internet-Drafts are working documents of the Internet Engineering 52 Task Force (IETF). Note that other groups may also distribute 53 working documents as Internet-Drafts. The list of current Internet- 54 Drafts is at https://datatracker.ietf.org/drafts/current/. 56 Internet-Drafts are draft documents valid for a maximum of six months 57 and may be updated, replaced, or obsoleted by other documents at any 58 time. It is inappropriate to use Internet-Drafts as reference 59 material or to cite them other than as "work in progress." 61 This Internet-Draft will expire on July 10, 2020. 63 Copyright Notice 65 Copyright (c) 2020 IETF Trust and the persons identified as the 66 document authors. All rights reserved. 68 This document is subject to BCP 78 and the IETF Trust's Legal 69 Provisions Relating to IETF Documents 70 (https://trustee.ietf.org/license-info) in effect on the date of 71 publication of this document. Please review these documents 72 carefully, as they describe your rights and restrictions with respect 73 to this document. Code Components extracted from this document must 74 include Simplified BSD License text as described in Section 4.e of 75 the Trust Legal Provisions and are provided without warranty as 76 described in the Simplified BSD License. 78 Table of Contents 80 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 81 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 82 2. BGP-LS Extensions for Service Chaining . . . . . . . . . . . 4 83 3. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 7 84 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 85 4.1. Service Type Table . . . . . . . . . . . . . . . . . . . 7 86 4.2. Segment routing function Identifier(SFI) . . . . . . . . 8 87 5. Manageability Considerations . . . . . . . . . . . . . . . . 8 88 6. Operational Considerations . . . . . . . . . . . . . . . . . 8 89 6.1. Operations . . . . . . . . . . . . . . . . . . . . . . . 9 90 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 91 8. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 9 92 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 94 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 95 10.2. Informative References . . . . . . . . . . . . . . . . . 10 96 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 98 1. Introduction 100 Segments are introduced in the SR architecture [RFC8402]. Segment 101 Routing based Service chaining is well described in 102 [I-D.ietf-spring-sr-service-programming] with an example of network 103 and services. 105 This document extend the example to add a Segment Routing Controller 106 (SR-C) to the network, for the purpose of service discovery and SR 107 policy [I-D.ietf-spring-segment-routing-policy] instantiation. 109 Consider the network represented in Figure 1 below where: 111 o A and B are two end hosts using IPv4. 113 o S1 is an SR-aware firewall Service. 115 o S2 is an SR-unaware DPI Service. 117 SR-C --3-- 118 | / \ 119 | / \ 120 A----1----2----4----5----6----B 121 | | 122 | | 123 S1 S2 125 Figure 1: Network with Services 127 SR Controller (SR-C) is connected to Node 1, but may be attached to 128 any node 1-6 in the network. 130 SR-C can receive BGP-LS updates to discover topology, and calculate 131 constrained paths between nodes 1 and 6. 133 However, if SR-C is configured to compute a constrained path from 1 134 and 6, including a DPI service (i.e., S2) it is not yet possible due 135 to the lack of service distribution. SR-C does not know where a DPI 136 service is nor the SID for it. It does not know that S2 is a service 137 it needs. 139 This document proposes an extension to BGP-LS for Service Chaining to 140 distribute the service information to SR-C. There may be other 141 alternate mechanisms to distribute service information to SR-C and 142 are outside the scope of this document. There are no extensions 143 required in SR-TE Policy SAFI. 145 1.1. Requirements Language 147 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 148 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 149 "OPTIONAL" in this document are to be interpreted as described in BCP 150 14 [RFC2119] [RFC8174] when, and only when, they appear in all 151 capitals, as shown here. 153 2. BGP-LS Extensions for Service Chaining 155 For an attached service, following data needs to be shared with SR-C: 157 o Service SID value (e.g. MPLS label or IPv6 address). Service SID 158 MAY only be encoded as LOC:FUNCT, where LOC is the L most 159 significant bits and FUNCT is the 128-L least significant 160 bits[I-D.ietf-spring-srv6-network-programming]. ARGs bits, if 161 any, MAY be set to 0 in the advertised service SID. 163 o Function Identifier (Static Proxy, Dynamic Proxy, Shared Memory 164 Proxy, Masquerading Proxy, SR Aware Service etc.). 166 o Service Type (DPI, Firewall, Classifier, LB etc.). 168 o Traffic Type (IPv4 OR IPv6 OR Ethernet) 170 o Opaque Data (Such as brand and version, other extra information) 172 [I-D.ietf-spring-sr-service-programming] defines SR-aware and SR- 173 unaware services. This document will reuse these definitions. Per 174 [RFC7752] Node Attributes are ONLY associated with the Node NLRI. 175 All non-VPN information SHALL be encoded using AFI 16388 / SAFI 71. 176 VPN information SHALL be encoded using AFI 16388 / SAFI 72 with 177 associated RTs. 179 This document introduces new TLVs for the SRv6 SID NLRI 180 [I-D.ietf-idr-bgpls-srv6-ext] and SR-MPLS SID/Label TLV 181 [I-D.ietf-idr-bgp-ls-segment-routing-ext] to associate the Service 182 SID value with Service-related Information using Service Chaining(SC) 183 Sub-TLV. 185 SRv6 SID Information TLV [I-D.ietf-idr-bgpls-srv6-ext] encodes 186 behavior along with associated SID Flags. 188 A Service Chaining (SC) TLV in Figure 2 is defined as: 190 +---------------------------------------+ 191 | Type (2 octet) | 192 +---------------------------------------+ 193 | Length (2 octet) | 194 +---------------------------------------+ 195 | Service Type(ST) (2 octet | 196 +---------------------------------------+ 197 | Flags (1 octet) | 198 +---------------------------------------+ 199 | Traffic Type(1 octet) | 200 +---------------------------------------+ 201 | RESERVED (2 octet) | 202 +---------------------------------------+ 204 Figure 2: Service Chaining (SC) TLV 206 Where: 208 Type: 16 bit field. TBD 210 Length: 16 bit field. The total length of the value portion of 211 the TLV. 213 Service Type(ST): 16bit field. Service Type: categorizes the 214 Service: (such as "Firewall", "Classifier" etc.). 216 Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 217 ignored on reception. 219 Traffic Type: 8 Bit field. A bit to identify if Service is IPv4 220 OR IPv6 OR L2 Ethernet Capable. Where: 222 Bit 0(LSB): Set to 1 if Service is IPv4 Capable 224 Bit 1: Set to 1 if Service is IPv6 Capable 226 Bit 2: Set to 1 if Service is Ethernet Capable 228 RESERVED: 16bit field. SHOULD be 0 on transmission and MUST be 229 ignored on reception. 231 Service Type(ST) MUST be encoded as part of SC TLV. 233 There may be multiple instances of similar Services that need to be 234 distinguished. For example, firewalls made by different vendors A 235 and B may need to be identified differently because, while they have 236 similar functionality, their behavior is not identical. 238 In order for the SDN Controller to identify the categories of 239 Services and their associated SIDs, this section defines the BGP-LS 240 extensions required to encode these characteristics and other 241 relevant information about these Services. 243 Another Optional Opaque Metadata(OM) TLV of SRv6 SID NLRI may encode 244 vendor specific information. Multiple of OM TLVs may be encoded. 246 +---------------------------------------+ 247 | Type (2 octet) | 248 +---------------------------------------+ 249 | Length (2 octet) | 250 +---------------------------------------+ 251 | Opaque Type (2 octet) | 252 +---------------------------------------+ 253 | Flags (1 octet) | 254 +---------------------------------------+ 255 | Value (variable) | 256 +---------------------------------------+ 258 Figure 3: Opaque Metadata(OM) TLV 260 o Type: 16 bit field. TBD. 262 o Length: 16 bit field. The total length of the value portion of 263 the TLV. 265 o Opaque Type: 8-bit field. Only publishers and consumers of the 266 opaque data are supposed to understand the data. 268 o Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 269 ignored on reception. 271 o Value: Variable Length. Based on the data being encoded and 272 length is recorded in length field. 274 Opaque Metadata(OM) TLV defined in Figure 3 may encode propriety or 275 Service Opaque information such as: 277 o Vendor specific Service Information. 279 o Traffic Limiting Information to particular Service Type. 281 o Opaque Information unique to the Service. 283 o Propriety Enterprise Service specific Information. 285 3. Illustration 287 In our SRv6 example above Figure 1, Node 5 is configured with an SRv6 288 dynamic proxy segments (End.AD) C5::AD:F2 for S2. 290 The BGP-LS advertisement MUST include SRv6 SID NLRI with SRv6 SID 291 Information TLV in the BGP-LS Attribute: 293 o Service SID: C5::AD:F2 SID 295 o Endpoint Behavior: END.AD 297 The BGP-LS Attribute MUST contain a SC TLV with: 299 o Service Type: Deep Packet Inspection(DPI) 301 o Traffic Type: IPv4 Capable. 303 The BGP-LS Attribute MAY contain a OM TLV with: 305 o Opaque Type: Cisco DPI Version 307 o Value: 3.5 309 In our example in Figure 1, using BGP SR-TE SAFI Update 310 [I-D.ietf-idr-segment-routing-te-policy], SR Controller computes the 311 candidate path and pushes the Policy. 313 SRv6 encapsulation policy < CF1::, C3::, C5::AD:F2, C6::D4:B > is 314 signaled to Node 1 which has mix of service and topological segments. 316 4. IANA Considerations 318 This document requests assigning code-points from the registry "BGP- 319 LS Node Descriptor, Link Descriptor, Prefix Descriptor, and Attribute 320 TLVs". 322 4.1. Service Type Table 324 IANA is request to create a new top-level registry called "Service 325 Type Table (STT)". Valid values are in the range 0 to 65535. Values 326 0 and 65535 are to be marked "Reserved, not to be allocated". 328 +------------+-----------------------+------------+-------------+ 329 | Service | Service | Reference | Date | 330 | Value(TBD) | | | | 331 +------------+-----------------------+------------+-------------+ 332 | 32 | Classifier | ref-to-set | date-to-set | 333 +------------+-----------------------+------------+-------------+ 334 | 33 | Firewall | ref-to-set | date-to-set | 335 +------------+-----------------------+------------+-------------+ 336 | 34 | Load Balancer | ref-to-set | date-to-set | 337 +------------+-----------------------+------------+-------------+ 338 | 35 | DPI | ref-to-set | date-to-set | 339 +------------+-----------------------+------------+-------------+ 341 Figure 4 343 4.2. Segment routing function Identifier(SFI) 345 IANA is request to extend a top-level registry called "Segment 346 Routing Function Identifier(SFI)" with new code points. This 347 document extends the SFI values defined in 348 [I-D.ietf-idr-bgpls-srv6-ext]. Details about the Service functions 349 are defined in[I-D.ietf-spring-sr-service-programming]. 351 +--------------------------+---------------------------+ 352 | Function | Function Identifier | 353 | | | 354 +--------------------------+---------------------------+ 355 | Static Proxy | 8 | 356 +--------------------------+---------------------------+ 357 | Dynamic Proxy | 9 | 358 +--------------------------+---------------------------+ 359 | Shared Memory Proxy | 10 | 360 +--------------------------+---------------------------+ 361 | Masquerading Proxy | 11 | 362 +--------------------------+---------------------------+ 363 | SRv6 Aware Service | 12 | 364 +--------------------------+---------------------------+ 366 5. Manageability Considerations 368 This section is structured as recommended in[RFC5706] 370 6. Operational Considerations 371 6.1. Operations 373 Existing BGP and BGP-LS operational procedures apply. No additional 374 operation procedures are defined in this document. 376 7. Security Considerations 378 Procedures and protocol extensions defined in this document do not 379 affect the BGP security model. See the 'Security Considerations' 380 section of [RFC4271] for a discussion of BGP security. Also refer 381 to[RFC4272] and[RFC6952] for analysis of security issues for BGP. 383 8. Conclusions 385 This document proposes extensions to the BGP-LS to allow discovery of 386 Services using Segment Routing. 388 9. Acknowledgements 390 The authors would like to thank Krishnaswamy Ananthamurthy for his 391 review of this document. 393 10. References 395 10.1. Normative References 397 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 398 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 399 and M. Chen, "BGP Link-State extensions for Segment 400 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-16 401 (work in progress), June 2019. 403 [I-D.ietf-idr-bgpls-srv6-ext] 404 Dawra, G., Filsfils, C., Talaulikar, K., Chen, M., 405 daniel.bernier@bell.ca, d., and B. Decraene, "BGP Link 406 State Extensions for SRv6", draft-ietf-idr-bgpls- 407 srv6-ext-01 (work in progress), July 2019. 409 [I-D.ietf-spring-sr-service-programming] 410 Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, 411 d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., 412 Henderickx, W., and S. Salsano, "Service Programming with 413 Segment Routing", draft-ietf-spring-sr-service- 414 programming-01 (work in progress), November 2019. 416 [I-D.ietf-spring-srv6-network-programming] 417 Filsfils, C., Camarillo, P., Leddy, J., Voyer, D., 418 Matsushima, S., and Z. Li, "SRv6 Network Programming", 419 draft-ietf-spring-srv6-network-programming-07 (work in 420 progress), December 2019. 422 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 423 Requirement Levels", BCP 14, RFC 2119, 424 DOI 10.17487/RFC2119, March 1997, 425 . 427 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 428 S. Ray, "North-Bound Distribution of Link-State and 429 Traffic Engineering (TE) Information Using BGP", RFC 7752, 430 DOI 10.17487/RFC7752, March 2016, 431 . 433 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 434 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 435 May 2017, . 437 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 438 Decraene, B., Litkowski, S., and R. Shakir, "Segment 439 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 440 July 2018, . 442 10.2. Informative References 444 [I-D.ietf-idr-segment-routing-te-policy] 445 Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., 446 Rosen, E., Jain, D., and S. Lin, "Advertising Segment 447 Routing Policies in BGP", draft-ietf-idr-segment-routing- 448 te-policy-08 (work in progress), November 2019. 450 [I-D.ietf-spring-segment-routing-policy] 451 Filsfils, C., Sivabalan, S., Voyer, D., Bogdanov, A., and 452 P. Mattes, "Segment Routing Policy Architecture", draft- 453 ietf-spring-segment-routing-policy-06 (work in progress), 454 December 2019. 456 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 457 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 458 DOI 10.17487/RFC4271, January 2006, 459 . 461 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 462 RFC 4272, DOI 10.17487/RFC4272, January 2006, 463 . 465 [RFC5706] Harrington, D., "Guidelines for Considering Operations and 466 Management of New Protocols and Protocol Extensions", 467 RFC 5706, DOI 10.17487/RFC5706, November 2009, 468 . 470 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 471 BGP, LDP, PCEP, and MSDP Issues According to the Keying 472 and Authentication for Routing Protocols (KARP) Design 473 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 474 . 476 Authors' Addresses 478 Gaurav Dawra (editor) 479 LinkedIn 480 USA 482 Email: gdawra.ietf@gmail.com 484 Clarence Filsfils 485 Cisco Systems 486 Belgium 488 Email: cfilsfil@cisco.com 490 Ketan Talaulikar (editor) 491 Cisco Systems 492 India 494 Email: ketant@cisco.com 496 Francois Clad 497 Cisco Systems 498 France 500 Email: fclad@cisco.com 502 Daniel Bernier 503 Bell Canada 504 Canada 506 Email: daniel.bernier@bell.ca 507 Jim Uttaro 508 AT&T 509 USA 511 Email: ju1738@att.com 513 Bruno Decraene 514 Orange 515 France 517 Email: bruno.decraene@orange.com 519 Hani Elmalky 520 Ericsson 521 USA 523 Email: hani.elmalky@gmail.com 525 Xiaohu Xu 526 Alibaba 528 Email: xiaohu.xxh@alibaba-inc.com 530 Jim Guichard 531 Futurewei Technologies 532 USA 534 Email: james.n.guichard@futurewei.com 536 Cheng Li 537 Huawei Technologies 538 China 540 Email: chengli13@huawei.com