idnits 2.17.1 draft-dawra-idr-bgp-ls-sr-service-segments-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 15, 2021) is 1137 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-16 == Outdated reference: A later version (-14) exists of draft-ietf-idr-bgpls-srv6-ext-05 == Outdated reference: A later version (-09) exists of draft-ietf-spring-sr-service-programming-03 ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-11 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-09 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Inter-Domain Routing G. Dawra, Ed. 3 Internet-Draft LinkedIn 4 Intended status: Standards Track C. Filsfils 5 Expires: August 19, 2021 K. Talaulikar, Ed. 6 F. Clad 7 Cisco Systems 8 D. Bernier 9 Bell Canada 10 J. Uttaro 11 AT&T 12 B. Decraene 13 Orange 14 H. Elmalky 15 Ericsson 16 X. Xu 17 Alibaba 18 J. Guichard 19 Futurewei Technologies 20 C. Li 21 Huawei Technologies 22 February 15, 2021 24 BGP-LS Advertisement of Segment Routing Service Segments 25 draft-dawra-idr-bgp-ls-sr-service-segments-05 27 Abstract 29 Service functions are deployed as, physical or virtualized elements 30 along with network nodes or on servers in data centers. Segment 31 Routing (SR) brings in the concept of segments which can be 32 topological or service instructions. Service segments are SR 33 segments that are associated with service functions. SR Policies are 34 used for the setup of paths for steering of traffic through service 35 functions using their service segments. 37 BGP Link-State (BGP-LS) enables distribution of topology information 38 from the network to a controller or an application in general so it 39 can learn the network topology. This document specifies the 40 extensions to BGP-LS for the advertisement of service functions along 41 their associated service segments. The BGP-LS advertisement of 42 service function information along with the network nodes that they 43 are attached to, or associated with, enables controllers compute and 44 setup service paths in the network. 46 Status of This Memo 48 This Internet-Draft is submitted in full conformance with the 49 provisions of BCP 78 and BCP 79. 51 Internet-Drafts are working documents of the Internet Engineering 52 Task Force (IETF). Note that other groups may also distribute 53 working documents as Internet-Drafts. The list of current Internet- 54 Drafts is at https://datatracker.ietf.org/drafts/current/. 56 Internet-Drafts are draft documents valid for a maximum of six months 57 and may be updated, replaced, or obsoleted by other documents at any 58 time. It is inappropriate to use Internet-Drafts as reference 59 material or to cite them other than as "work in progress." 61 This Internet-Draft will expire on August 19, 2021. 63 Copyright Notice 65 Copyright (c) 2021 IETF Trust and the persons identified as the 66 document authors. All rights reserved. 68 This document is subject to BCP 78 and the IETF Trust's Legal 69 Provisions Relating to IETF Documents 70 (https://trustee.ietf.org/license-info) in effect on the date of 71 publication of this document. Please review these documents 72 carefully, as they describe your rights and restrictions with respect 73 to this document. Code Components extracted from this document must 74 include Simplified BSD License text as described in Section 4.e of 75 the Trust Legal Provisions and are provided without warranty as 76 described in the Simplified BSD License. 78 Table of Contents 80 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 81 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 82 2. BGP-LS Extensions for Service Chaining . . . . . . . . . . . 4 83 3. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 7 84 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 85 4.1. Service Type Table . . . . . . . . . . . . . . . . . . . 7 86 4.2. Segment routing function Identifier(SFI) . . . . . . . . 8 87 5. Manageability Considerations . . . . . . . . . . . . . . . . 8 88 6. Operational Considerations . . . . . . . . . . . . . . . . . 8 89 6.1. Operations . . . . . . . . . . . . . . . . . . . . . . . 9 90 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 91 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 92 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 93 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 94 9.2. Informative References . . . . . . . . . . . . . . . . . 10 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 97 1. Introduction 99 Segments are introduced in the SR architecture [RFC8402]. Segment 100 Routing based Service chaining is well described in 101 [I-D.ietf-spring-sr-service-programming] with an example of network 102 and services. 104 This document extend the example to add a Segment Routing Controller 105 (SR-C) to the network, for the purpose of service discovery and SR 106 policy [I-D.ietf-spring-segment-routing-policy] instantiation. 108 Consider the network represented in Figure 1 below where: 110 o A and B are two end hosts using IPv4. 112 o S1 is an SR-aware firewall Service. 114 o S2 is an SR-unaware DPI Service. 116 SR-C --3-- 117 | / \ 118 | / \ 119 A----1----2----4----5----6----B 120 | | 121 | | 122 S1 S2 124 Figure 1: Network with Services 126 SR Controller (SR-C) is connected to Node 1, but may be attached to 127 any node 1-6 in the network. 129 SR-C can receive BGP-LS updates to discover topology, and calculate 130 constrained paths between nodes 1 and 6. 132 However, if SR-C is configured to compute a constrained path from 1 133 and 6, including a DPI service (i.e., S2) it is not yet possible due 134 to the lack of service distribution. SR-C does not know where a DPI 135 service is nor the SID for it. It does not know that S2 is a service 136 it needs. 138 This document proposes an extension to BGP-LS for Service Chaining to 139 distribute the service information to SR-C. There may be other 140 alternate mechanisms to distribute service information to SR-C and 141 are outside the scope of this document. There are no extensions 142 required in SR-TE Policy SAFI. 144 1.1. Requirements Language 146 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 147 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 148 "OPTIONAL" in this document are to be interpreted as described in BCP 149 14 [RFC2119] [RFC8174] when, and only when, they appear in all 150 capitals, as shown here. 152 2. BGP-LS Extensions for Service Chaining 154 For an attached service, following data needs to be shared with SR-C: 156 o Service SID value (e.g. MPLS label or IPv6 address). Service SID 157 MAY only be encoded as LOC:FUNCT, where LOC is the L most 158 significant bits and FUNCT is the 128-L least significant 159 bits[I-D.ietf-spring-srv6-network-programming]. ARGs bits, if 160 any, MAY be set to 0 in the advertised service SID. 162 o Function Identifier (Static Proxy, Dynamic Proxy, Shared Memory 163 Proxy, Masquerading Proxy, SR Aware Service etc.). 165 o Service Type (DPI, Firewall, Classifier, LB etc.). 167 o Traffic Type (IPv4 OR IPv6 OR Ethernet) 169 o Opaque Data (Such as brand and version, other extra information) 171 [I-D.ietf-spring-sr-service-programming] defines SR-aware and SR- 172 unaware services. This document will reuse these definitions. Per 173 [RFC7752] Node Attributes are ONLY associated with the Node NLRI. 174 All non-VPN information SHALL be encoded using AFI 16388 / SAFI 71. 175 VPN information SHALL be encoded using AFI 16388 / SAFI 72 with 176 associated RTs. 178 This document introduces new TLVs for the SRv6 SID NLRI 179 [I-D.ietf-idr-bgpls-srv6-ext] and SR-MPLS SID/Label TLV 180 [I-D.ietf-idr-bgp-ls-segment-routing-ext] to associate the Service 181 SID value with Service-related Information using Service Chaining(SC) 182 Sub-TLV. 184 SRv6 SID Information TLV [I-D.ietf-idr-bgpls-srv6-ext] encodes 185 behavior along with associated SID Flags. 187 A Service Chaining (SC) TLV in Figure 2 is defined as: 189 +---------------------------------------+ 190 | Type (2 octet) | 191 +---------------------------------------+ 192 | Length (2 octet) | 193 +---------------------------------------+ 194 | Service Type(ST) (2 octet | 195 +---------------------------------------+ 196 | Flags (1 octet) | 197 +---------------------------------------+ 198 | Traffic Type(1 octet) | 199 +---------------------------------------+ 200 | RESERVED (2 octet) | 201 +---------------------------------------+ 203 Figure 2: Service Chaining (SC) TLV 205 Where: 207 Type: 16 bit field. TBD 209 Length: 16 bit field. The total length of the value portion of 210 the TLV. 212 Service Type(ST): 16bit field. Service Type: categorizes the 213 Service: (such as "Firewall", "Classifier" etc.). 215 Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 216 ignored on reception. 218 Traffic Type: 8 Bit field. A bit to identify if Service is IPv4 219 OR IPv6 OR L2 Ethernet Capable. Where: 221 Bit 0(LSB): Set to 1 if Service is IPv4 Capable 223 Bit 1: Set to 1 if Service is IPv6 Capable 225 Bit 2: Set to 1 if Service is Ethernet Capable 227 RESERVED: 16bit field. SHOULD be 0 on transmission and MUST be 228 ignored on reception. 230 Service Type(ST) MUST be encoded as part of SC TLV. 232 There may be multiple instances of similar Services that need to be 233 distinguished. For example, firewalls made by different vendors A 234 and B may need to be identified differently because, while they have 235 similar functionality, their behavior is not identical. 237 In order for the SDN Controller to identify the categories of 238 Services and their associated SIDs, this section defines the BGP-LS 239 extensions required to encode these characteristics and other 240 relevant information about these Services. 242 Another Optional Opaque Metadata(OM) TLV of SRv6 SID NLRI may encode 243 vendor specific information. Multiple of OM TLVs may be encoded. 245 +---------------------------------------+ 246 | Type (2 octet) | 247 +---------------------------------------+ 248 | Length (2 octet) | 249 +---------------------------------------+ 250 | Opaque Type (2 octet) | 251 +---------------------------------------+ 252 | Flags (1 octet) | 253 +---------------------------------------+ 254 | Value (variable) | 255 +---------------------------------------+ 257 Figure 3: Opaque Metadata(OM) TLV 259 o Type: 16 bit field. TBD. 261 o Length: 16 bit field. The total length of the value portion of 262 the TLV. 264 o Opaque Type: 8-bit field. Only publishers and consumers of the 265 opaque data are supposed to understand the data. 267 o Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 268 ignored on reception. 270 o Value: Variable Length. Based on the data being encoded and 271 length is recorded in length field. 273 Opaque Metadata(OM) TLV defined in Figure 3 may encode propriety or 274 Service Opaque information such as: 276 o Vendor specific Service Information. 278 o Traffic Limiting Information to particular Service Type. 280 o Opaque Information unique to the Service. 282 o Propriety Enterprise Service specific Information. 284 3. Illustration 286 In our SRv6 example above Figure 1, Node 5 is configured with an SRv6 287 dynamic proxy segments (End.AD) C5::AD:F2 for S2. 289 The BGP-LS advertisement MUST include SRv6 SID NLRI with SRv6 SID 290 Information TLV in the BGP-LS Attribute: 292 o Service SID: C5::AD:F2 SID 294 o Endpoint Behavior: END.AD 296 The BGP-LS Attribute MUST contain a SC TLV with: 298 o Service Type: Deep Packet Inspection(DPI) 300 o Traffic Type: IPv4 Capable. 302 The BGP-LS Attribute MAY contain a OM TLV with: 304 o Opaque Type: Cisco DPI Version 306 o Value: 3.5 308 In our example in Figure 1, using BGP SR-TE SAFI Update 309 [I-D.ietf-idr-segment-routing-te-policy], SR Controller computes the 310 candidate path and pushes the Policy. 312 SRv6 encapsulation policy < CF1::, C3::, C5::AD:F2, C6::D4:B > is 313 signaled to Node 1 which has mix of service and topological segments. 315 4. IANA Considerations 317 This document requests assigning code-points from the registry "BGP- 318 LS Node Descriptor, Link Descriptor, Prefix Descriptor, and Attribute 319 TLVs". 321 4.1. Service Type Table 323 IANA is request to create a new top-level registry called "Service 324 Type Table (STT)". Valid values are in the range 0 to 65535. Values 325 0 and 65535 are to be marked "Reserved, not to be allocated". 327 +------------+-----------------------+------------+-------------+ 328 | Service | Service | Reference | Date | 329 | Value(TBD) | | | | 330 +------------+-----------------------+------------+-------------+ 331 | 32 | Classifier | ref-to-set | date-to-set | 332 +------------+-----------------------+------------+-------------+ 333 | 33 | Firewall | ref-to-set | date-to-set | 334 +------------+-----------------------+------------+-------------+ 335 | 34 | Load Balancer | ref-to-set | date-to-set | 336 +------------+-----------------------+------------+-------------+ 337 | 35 | DPI | ref-to-set | date-to-set | 338 +------------+-----------------------+------------+-------------+ 340 Figure 4 342 4.2. Segment routing function Identifier(SFI) 344 IANA is request to extend a top-level registry called "Segment 345 Routing Function Identifier(SFI)" with new code points. This 346 document extends the SFI values defined in 347 [I-D.ietf-idr-bgpls-srv6-ext]. Details about the Service functions 348 are defined in[I-D.ietf-spring-sr-service-programming]. 350 +--------------------------+---------------------------+ 351 | Function | Function Identifier | 352 | | | 353 +--------------------------+---------------------------+ 354 | Static Proxy | 8 | 355 +--------------------------+---------------------------+ 356 | Dynamic Proxy | 9 | 357 +--------------------------+---------------------------+ 358 | Shared Memory Proxy | 10 | 359 +--------------------------+---------------------------+ 360 | Masquerading Proxy | 11 | 361 +--------------------------+---------------------------+ 362 | SRv6 Aware Service | 12 | 363 +--------------------------+---------------------------+ 365 5. Manageability Considerations 367 This section is structured as recommended in[RFC5706] 369 6. Operational Considerations 370 6.1. Operations 372 Existing BGP and BGP-LS operational procedures apply. No additional 373 operation procedures are defined in this document. 375 7. Security Considerations 377 Procedures and protocol extensions defined in this document do not 378 affect the BGP security model. See the 'Security Considerations' 379 section of [RFC4271] for a discussion of BGP security. Also refer 380 to[RFC4272] and[RFC6952] for analysis of security issues for BGP. 382 8. Acknowledgements 384 The authors would like to thank Krishnaswamy Ananthamurthy for his 385 review of this document. 387 9. References 389 9.1. Normative References 391 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 392 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 393 and M. Chen, "BGP Link-State extensions for Segment 394 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-16 395 (work in progress), June 2019. 397 [I-D.ietf-idr-bgpls-srv6-ext] 398 Dawra, G., Filsfils, C., Talaulikar, K., Chen, M., 399 daniel.bernier@bell.ca, d., and B. Decraene, "BGP Link 400 State Extensions for SRv6", draft-ietf-idr-bgpls- 401 srv6-ext-05 (work in progress), November 2020. 403 [I-D.ietf-spring-sr-service-programming] 404 Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, 405 d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., 406 Henderickx, W., and S. Salsano, "Service Programming with 407 Segment Routing", draft-ietf-spring-sr-service- 408 programming-03 (work in progress), September 2020. 410 [I-D.ietf-spring-srv6-network-programming] 411 Filsfils, C., Camarillo, P., Leddy, J., Voyer, D., 412 Matsushima, S., and Z. Li, "SRv6 Network Programming", 413 draft-ietf-spring-srv6-network-programming-28 (work in 414 progress), December 2020. 416 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 417 Requirement Levels", BCP 14, RFC 2119, 418 DOI 10.17487/RFC2119, March 1997, 419 . 421 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 422 S. Ray, "North-Bound Distribution of Link-State and 423 Traffic Engineering (TE) Information Using BGP", RFC 7752, 424 DOI 10.17487/RFC7752, March 2016, 425 . 427 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 428 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 429 May 2017, . 431 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 432 Decraene, B., Litkowski, S., and R. Shakir, "Segment 433 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 434 July 2018, . 436 9.2. Informative References 438 [I-D.ietf-idr-segment-routing-te-policy] 439 Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., 440 Rosen, E., Jain, D., and S. Lin, "Advertising Segment 441 Routing Policies in BGP", draft-ietf-idr-segment-routing- 442 te-policy-11 (work in progress), November 2020. 444 [I-D.ietf-spring-segment-routing-policy] 445 Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and 446 P. Mattes, "Segment Routing Policy Architecture", draft- 447 ietf-spring-segment-routing-policy-09 (work in progress), 448 November 2020. 450 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 451 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 452 DOI 10.17487/RFC4271, January 2006, 453 . 455 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 456 RFC 4272, DOI 10.17487/RFC4272, January 2006, 457 . 459 [RFC5706] Harrington, D., "Guidelines for Considering Operations and 460 Management of New Protocols and Protocol Extensions", 461 RFC 5706, DOI 10.17487/RFC5706, November 2009, 462 . 464 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 465 BGP, LDP, PCEP, and MSDP Issues According to the Keying 466 and Authentication for Routing Protocols (KARP) Design 467 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 468 . 470 Authors' Addresses 472 Gaurav Dawra (editor) 473 LinkedIn 474 USA 476 Email: gdawra.ietf@gmail.com 478 Clarence Filsfils 479 Cisco Systems 480 Belgium 482 Email: cfilsfil@cisco.com 484 Ketan Talaulikar (editor) 485 Cisco Systems 486 India 488 Email: ketant@cisco.com 490 Francois Clad 491 Cisco Systems 492 France 494 Email: fclad@cisco.com 496 Daniel Bernier 497 Bell Canada 498 Canada 500 Email: daniel.bernier@bell.ca 502 Jim Uttaro 503 AT&T 504 USA 506 Email: ju1738@att.com 507 Bruno Decraene 508 Orange 509 France 511 Email: bruno.decraene@orange.com 513 Hani Elmalky 514 Ericsson 515 USA 517 Email: hani.elmalky@gmail.com 519 Xiaohu Xu 520 Alibaba 522 Email: xiaohu.xxh@alibaba-inc.com 524 Jim Guichard 525 Futurewei Technologies 526 USA 528 Email: james.n.guichard@futurewei.com 530 Cheng Li 531 Huawei Technologies 532 China 534 Email: chengli13@huawei.com