idnits 2.17.1 draft-dawra-idr-srv6-vpn-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (December 26, 2017) is 2311 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 817 == Unused Reference: 'I-D.ietf-6man-segment-routing-header' is defined on line 728, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-isis-segment-routing-extensions' is defined on line 782, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-spring-segment-routing' is defined on line 789, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 795, but no explicit reference was found in the text == Outdated reference: A later version (-06) exists of draft-filsfils-spring-segment-routing-policy-04 == Outdated reference: A later version (-07) exists of draft-filsfils-spring-srv6-network-programming-03 == Outdated reference: A later version (-26) exists of draft-ietf-6man-segment-routing-header-07 ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3107 (Obsoleted by RFC 8277) == Outdated reference: A later version (-11) exists of draft-ietf-bess-evpn-prefix-advertisement-09 == Outdated reference: A later version (-27) exists of draft-ietf-idr-bgp-prefix-sid-07 == Outdated reference: A later version (-25) exists of draft-ietf-isis-segment-routing-extensions-15 == Outdated reference: A later version (-15) exists of draft-ietf-spring-segment-routing-14 -- Obsolete informational reference (is this intentional?): RFC 5549 (Obsoleted by RFC 8950) Summary: 2 errors (**), 0 flaws (~~), 13 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Inter-Domain Routing 3 Internet-Draft 4 Intended status: Standards Track G. Dawra, Ed. 5 Expires: June 29, 2018 C. Filsfils 6 D. Dukes 7 P. Brissette 8 P. Camarilo 9 Cisco Systems 10 J. Leddy 11 Comcast 12 D. Voyer 13 D. Bernier 14 Bell Canada 15 D. Steinberg 16 Steinberg Consulting 17 R. Raszuk 18 Bloomberg LP 19 B. Decraene 20 Orange 21 S. Matsushima 22 SoftBank 23 December 26, 2017 25 BGP Signaling of IPv6-Segment-Routing-based VPN Networks 26 draft-dawra-idr-srv6-vpn-03 28 Abstract 30 This draft defines procedures and messages for BGP SRv6-based L3VPN 31 and EVPN. It builds on RFC4364 "BGP/MPLS IP Virtual Private Networks 32 (VPNs)" and RFC7432 "BGP MPLS-Based Ethernet VPN" and provides a 33 migration path from MPLS-based VPNs to SRv6 based VPNs. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at https://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on June 29, 2018. 51 Copyright Notice 53 Copyright (c) 2017 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (https://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2. SRv6-VPN SID TLV . . . . . . . . . . . . . . . . . . . . . . 3 70 3. BGP based L3 over SRv6 . . . . . . . . . . . . . . . . . . . 5 71 3.1. IPv4 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 6 72 3.2. IPv6 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 6 73 3.3. Global IPv4 over SRv6 Core . . . . . . . . . . . . . . . 7 74 3.4. Global IPv6 over SRv6 Core . . . . . . . . . . . . . . . 7 75 4. BGP based Ethernet VPN(EVPN) over SRv6 . . . . . . . . . . . 8 76 4.1. Ethernet Auto-discovery Route over SRv6 Core . . . . . . 8 77 4.1.1. EVPN Route Type-1(Per ES AD) . . . . . . . . . . . . 9 78 4.1.2. Prefix Type-1(Per EVI/ES AD) . . . . . . . . . . . . 9 79 4.2. MAC/IP Advertisement Route(Type-2) with SRv6 Core . . . . 10 80 4.3. Inclusive Multicast Ethernet Tag Route with SRv6 Core . . 11 81 4.4. Ethernet Segment Route with SRv6 Core . . . . . . . . . . 13 82 4.5. IP prefix router(Type-5) with SRv6 Core . . . . . . . . . 13 83 4.6. Multicast routes (EVPN Route Type-6, Type-7, Type-8) . . 14 84 5. Migration from L3 MPLS based Segment Routing to SRv6 Segment 85 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 86 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 15 87 7. Error Handling of BGP SRv6 SID Updates . . . . . . . . . . . 15 88 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 90 10. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 15 91 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 92 11.1. Normative References . . . . . . . . . . . . . . . . . . 16 93 11.2. Informative References . . . . . . . . . . . . . . . . . 17 94 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 18 95 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 18 96 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 98 1. Introduction 100 SRv6 refers to Segment Routing instantiated on the IPv6 dataplane [I- 101 D.filsfils-spring-srv6-network-programming][I-D.ietf-6man-segment-rou 102 ting-header]. 104 SRv6-based VPN (SRv6-VPN) refers to the creation of VPN between PE's 105 leveraging the SRv6 dataplane and more specifically the END.DT* 106 (crossconnect to a VRF) and END.DX* (crossconnect to a nexthop). 107 SRv6-L3VPN refers to the creation of Layer3 VPN service between PE's 108 supporting an SRv6 data plane. SRv6-EVPN refers to the creation of 109 Layer2/Layer3 VPN service between PE's supporting an SRv6 data plane. 111 SRv6 SID refers to a SRv6 Segment Identifier as defined in 112 [I-D.filsfils-spring-srv6-network-programming]. 114 SRv6-VPN SID refers to an SRv6 SID that MAY be associated with one of 115 the END.DT or END.DX functions as defined in 116 [I-D.filsfils-spring-srv6-network-programming]. 118 To provide SRv6-VPN service with best-effort connectivity, the egress 119 PE signals an SRv6-VPN SID with the VPN route. The ingress PE 120 encapsulates the VPN packet in an outer IPv6 header where the 121 destination address is the SRv6-VPN SID provided by the egress PE. 122 The underlay between the PE's only need to support plain IPv6 123 forwarding [RFC2460]. 125 To provide SRv6-VPN service in conjunction with an underlay SLA from 126 the ingress PE to the egress PE, the egress PE colors the overlay VPN 127 route with a color extended community. The ingress PE encapsulates 128 the VPN packet in an outer IPv6 header with an SRH that contains the 129 SR policy associated with the related SLA followed by the SRv6-VPN 130 SID associated with the route. The underlay nodes whose SRv6 SID's 131 are part of the SRH must support SRv6 data plane. 133 BGP is used to advertise the reachability of prefixes in a particular 134 VPN from an egress Provider Edge (egress-PE) to ingress Provider Edge 135 (ingress-PE) nodes. 137 This document describes how existing BGP messages between PEs may 138 carry SRv6 Segment IDs (SIDs) as a means to interconnect PEs and form 139 VPNs. 141 2. SRv6-VPN SID TLV 143 The SRv6-VPN SID TLV is defined as another TLV for BGP-Prefix-SID 144 Attribute [I-D.ietf-idr-bgp-prefix-sid]. The value field of the BGP 145 Prefix SID attribute is defined here to be a set of elements encoded 146 as "Type/Length/Value" (i.e., a set of TLVs). Type for SRv6-VPN SID 147 TLV is defined to be TBD. 149 The IPv6-SID TLV MUST be present in the Prefix-SID attribute attached 150 to MP-BGP VPN NLRI defined in [RFC4659][RFC5549][RFC7432] when 151 egress-PE is capable of SRv6 data-plane. 153 0 1 2 3 154 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 156 | Type | Length | RESERVED | 157 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 158 | SRv6 SID information(Variable) | 159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 SRv6 SID information is encoded as follows: 163 +---------------------------------------+ 164 | SID Type (1 Octet) | 165 +---------------------------------------+ 166 | SRv6 SID (16 octet) | 167 +---------------------------------------+ 169 Where: 171 o Type is TBD 173 o Length: 16bit field. The total length of the value portion of the 174 TLV. 176 o RESERVED: 8 bit field. SHOULD be 0 on transmission and MUST be 177 ignored on reception. 179 Current Type of SID defined as: 181 o Type-1 - corresponds to the equivalent functionality provided by a 182 VPN MPLS Label attribute when received with a route containing a 183 MPLS label[RFC4364]. Some functions which MAY be encoded are 184 End.DX4, End.DT4, End.DX6, End.DT6 etc. 186 o Type-2 - corresponds to the equivalent functionality provided by a 187 MPLS Label1 for EVPN Route-Types as defined in [RFC7432]. Some 188 functions which MAY be encoded are End.DX2, End.DX2V, End.DT2U, 189 End.DT2M / Arg.FE2 etc. 191 3. BGP based L3 over SRv6 193 BGP egress nodes (egress-PEs) advertise a set of reachable prefixes. 194 Standard BGP update propagation schemes [RFC4271], which MAY make use 195 of route reflectors [RFC4456], are used to propagate these prefixes. 196 BGP ingress nodes (ingress-PE) receive these advertisements and may 197 add the prefix to the RIB in an appropriate VRF. 199 For egress-PEs which supports SRv6-VPN advertises an SRv6-VPN SID 200 with VPN routes. This SRv6-VPN SID only has local significance at 201 the egress-PE where it is allocated or configured on a per-CE or per- 202 VRF basis. In practice, the SID encodes a cross-connect to a 203 specific Address Family table (END.DT) or next-hop/interface (END.DX) 204 as defined in the SRv6 Network Programming Document 205 [I-D.filsfils-spring-srv6-network-programming] 207 The SRv6 VPN SID MAY be routable within the AS of the egress-PE and 208 serves the dual purpose of providing reachability between ingress-PE 209 and egress-PE while also encoding the VPN identifier. 211 To support SRv6 based L3VPN overlay, a SID is advertised with BGP 212 MPLS L3VPN route update[RFC4364]. SID is encoded in a SRv6-VPN SID 213 TLV, which is optional transitive BGP Prefix SID 214 attribute[I-D.ietf-idr-bgp-prefix-sid]. This attribute serves two 215 purposes; first it indicates that the BGP egress device is reachable 216 via an SRv6 underlay and the BGP ingress device receiving this route 217 MAY choose to encapsulate or insert an SRv6 SRH, second it indicates 218 the value of the SID to include in the SRH encapsulation. For L3VPN, 219 only a single SRv6-VPN SID MAY be necessary. A BGP speaker 220 supporting an SRv6 underlay MAY distribute SID per route via the BGP 221 SRv6-VPN Attribute. If the BGP speaker supports MPLS based L3VPN 222 simultaneously, it MAY also populate the Label values in L3VPN route 223 types and allow the BGP ingress device to decide which encapsulation 224 to use. If the BGP speaker does not support MPLS based L3VPN 225 services the MPLS Labels in L3VPN route types MUST be set to 226 IMPLICIT-NULL. Similarly, to support SRv6 based EVPN a SID (or 227 multiple SIDs) are advertised in route-types 1, 2, 3 and 5[RFC7432] 229 At an ingress-PE, BGP installs the advertised prefix in the correct 230 RIB table, recursive via an SR Policy leveraging the received 231 SRv6-VPN SID. 233 Assuming best-effort connectivity to the egress PE, the SR policy has 234 a path with a SID list made up of a single SID: the SRv6-VPN SID 235 received with the related BGP route update. 237 However, when VPN route is colored with an extended color community C 238 and signaled with Next-Hop N and the ingress PE has a valid SRv6 239 Policy (N, C) associated with SID list 240 [I-D.filsfils-spring-segment-routing-policy] then the SR Policy is 241 . 243 Multiple VPN routes MAY resolve recursively on the same SR Policy. 245 3.1. IPv4 VPN Over SRv6 Core 247 IPv4 VPN Over IPv6 Core is defined in [RFC5549], the MP_REACH_NLRI is 248 encoded as follows for an SRv6 Core: 250 o AFI = 1 252 o SAFI = 128 254 o Length of Next Hop Network Address = 16 (or 32) 256 o Network Address of Next Hop = IPv6 address of the egress PE 258 o NLRI = IPv4-VPN routes 260 o Label = Implicit-Null 262 SRv6-VPN SID is encoded as part of the SRv6-VPN SID TLV defined in 263 Section 2. The function of the SRv6 SID is entirely up to the 264 originator of the advertisement. In practice, the function may 265 likely be End.DX4 or End.DT4. 267 3.2. IPv6 VPN Over SRv6 Core 269 IPv6 VPN over IPv6 Core is defined in [RFC4659], the MP_REACH_NLRI is 270 enclosed as follows for an SRv6 Core: 272 o AFI = 2 274 o SAFI = 128 276 o Length of Next Hop Network Address = 16 (or 32) 278 o Network Address of Next Hop = IPv6 address of the egress PE 280 o NLRI = IPv6-VPN routes 282 o Label = Implicit-Null 284 SRv6-VPN SID are encoded as part of the SRv6-VPN SID TLV defined in 285 Section 2. The function of the IPv6 SRv6 SID is entirely up to the 286 originator of the advertisement. In practice the function may likely 287 be End.DX6 or End.DT6. 289 3.3. Global IPv4 over SRv6 Core 291 IPv4 over IPv6 Core is defined in [RFC5549]. The MP_REACH_NLRI is 292 encoded with: 294 o AFI = 1 296 o SAFI = 1 298 o Length of Next Hop Network Address = 16 (or 32) 300 o Network Address of Next Hop = IPv6 address of Next Hop 302 o NLRI = IPv4 routes 304 SRv6 Global SID are encoded as part of the SRv6 SID TLV defined in 305 Section 2. The function of the IPv6 SRv6 SID is entirely up to the 306 originator of the advertisement. In practice, the function may 307 likely be End.DX6 or End.DT6. 309 3.4. Global IPv6 over SRv6 Core 311 The MP_REACH_NLRI is encoded with: 313 o AFI = 2 315 o SAFI = 1 317 o Length of Next Hop Network Address = 16 (or 32) 319 o Network Address of Next Hop = IPv6 address of Next Hop 321 o NLRI = IPv6 routes 323 SRv6 Global SID are encoded as part of the SRv6 SID TLV defined in 324 Section 2. The function of the IPv6 SRv6 SID is entirely up to the 325 originator of the advertisement. In practice, the function may 326 likely be End.DX6 or End.DT6. 328 Also, by utilizing the SRv6 SID TLV, as defined in Section 2, to 329 encode the Global SID, BGP free core is possible by encapsulating all 330 BGP traffic from edge to edge over SRv6. 332 4. BGP based Ethernet VPN(EVPN) over SRv6 334 Ethernet VPN(EVPN), as defined in [RFC7432] provides an extendable 335 method of building an EVPN overlay. It primarily focuses on MPLS 336 based EVPNs but calls out the extensibility to IP based EVPN 337 overlays. It defines 4 route-types which carry prefixes and MPLS 338 Label attributes, the Labels each have specific use for MPLS 339 encapsulation of EVPN traffic. The fifth route-type carrying MPLS 340 label information (and thus encapsulation information) for EVPN is 341 defined in[I-D.ietf-bess-evpn-prefix-advertisement]. The Route Types 342 discussed below are: 344 o Ethernet Auto-discovery Route 346 o MAC/IP Advertisement Route 348 o Inclusive Multicast Ethernet Tag Route 350 o Ethernet Segment route 352 o IP prefix route 354 o Selective Multicast route 356 o IGMP join sync route 358 o IGMP leave sync route 360 To support SRv6 based EVPN overlays a SID is advertised in route-type 361 1,2,3 and 5 above. The SID (or SIDs) per route-type are advertised 362 in a new SRv6-VPN SID TLV which is optional transitive BGP Prefix SID 363 attribute. This attribute serves two purposes; first it indicates 364 that the BGP egress device is reachable via an SRv6 underlay and the 365 BGP ingress device receiving this route MAY choose to encapsulate or 366 insert an SRv6 SRH, second it indicates the value of the SID or SIDs 367 to include in the SRH encapsulation. A BGP speaker supporting an 368 SRv6 underlay MAY distribute SIDs per route via the BGP SRv6 369 Attribute. If the BGP speaker supports MPLS based EVPN 370 simultaneously it MAY also populate the Label values in EVPN route 371 types and allow the BGP ingress device to decide which encapsulation 372 to use. If the BGP speaker does not support MPLS based EVPN services 373 the MPLS Labels in EVPN route types MUST be set to IMPLICIT-NULL. 375 4.1. Ethernet Auto-discovery Route over SRv6 Core 377 Ethernet Auto-discovery (A-D) routes are Type-1 route type defined in 378 [RFC7432]and may be used to achieve split horizon filtering, fast 379 convergence and aliasing. EVPN route type-1 is also used in EVPN- 380 VPWS as well as in EVPN flexible cross-connect; mainly used to 381 advertise point-to-point services id. 383 Multi-homed PEs MAY advertise an Ethernet auto discovery route per 384 Ethernet segment with the introduced ESI MPLS label extended 385 community defined in [RFC7432]. PEs may identify other PEs connected 386 to the same Ethernet segment after the EVPN type-4 ES route exchange. 387 All the multi-homed and remote PEs that are part of same EVI may 388 import the auto discovery route. 390 EVPN Route Type-1 is encoded as follows for SRv6 Core: 392 +---------------------------------------+ 393 | RD (8 octets) | 394 +---------------------------------------+ 395 |Ethernet Segment Identifier (10 octets)| 396 +---------------------------------------+ 397 | Ethernet Tag ID (4 octets) | 398 +---------------------------------------+ 399 | MPLS label (3 octets) | 400 +---------------------------------------+ 402 For a SRv6 only BGP speaker for an SRv6 Core: 404 o SRv6-VPN SID TLV MAY be advertised with the route. 406 4.1.1. EVPN Route Type-1(Per ES AD) 408 Where: 410 o BGP next-hop: IPv6 address of an egress PE 412 o Ethernet Tag ID: all FFFF's 414 o MPLS Label: always set to zero value 416 o Extended Community: Per ES AD, ESI label extended community 418 SRv6-VPN TLV MAY be advertised along with the route advertisement and 419 the behavior of the SRv6-VPN SID is entirely up to the originator of 420 the advertisement. In practice, the behavior would likely be 421 Arg.FE2. 423 4.1.2. Prefix Type-1(Per EVI/ES AD) 425 Where: 427 o BGP next-hop: IPv6 address of an egress PE 428 o Ethernet Tag ID: non-zero for VLAN aware bridging, EVPN VPWS and 429 FXC 431 o MPLS Label: Implicit-Null 433 SRv6-VPN TLV MAY be advertised along with the route advertisement and 434 the behavior of the SRv6-VPN SID is entirely up to the originator of 435 the advertisement. In practice, the behavior would likely be 436 END.DX2, END.DX2V or END.DT2U. 438 4.2. MAC/IP Advertisement Route(Type-2) with SRv6 Core 440 EVPN route type-2 is used to advertise unicast traffic MAC+IP address 441 reachability through MP-BGP to all other PEs in a given EVPN 442 instance. 444 A MAC/IP Advertisement route type is encoded as follows for SRv6 445 Core: 447 +---------------------------------------+ 448 | RD (8 octets) | 449 +---------------------------------------+ 450 |Ethernet Segment Identifier (10 octets)| 451 +---------------------------------------+ 452 | Ethernet Tag ID (4 octets) | 453 +---------------------------------------+ 454 | MAC Address Length (1 octet) | 455 +---------------------------------------+ 456 | MAC Address (6 octets) | 457 +---------------------------------------+ 458 | IP Address Length (1 octet) | 459 +---------------------------------------+ 460 | IP Address (0, 4, or 16 octets) | 461 +---------------------------------------+ 462 | MPLS Label1 (3 octets) | 463 +---------------------------------------+ 464 | MPLS Label2 (0 or 3 octets) | 465 +---------------------------------------+ 467 where: 469 o BGP next-hop: IPv6 address of an egress PE 471 o MPLS Label1: Implicit-null 473 o MPLS Label2: Implicit-null 474 SRv6-VPN SID TLV MAY be advertised. The behavior of the SRv6-VPN SID 475 is entirely up to the originator of the advertisement. In practice, 476 the behavior of the SRv6 SID is as follows: 478 o END.DX2, END.DT2U (Layer 2 portion of the route) 480 o END.DT6/4 or END.DX6/4 (Layer 3 portion of the route) 482 Described below are different types of Type-2 advertisements. 484 o MAC/IP Advertisement Route(Type-2) with MAC Only 486 * BGP next-hop: IPv6 address of egress PE 488 * MPLS Label1: Implicit-null 490 * MPLS Label2: Implicit-null 492 * SRv6-VPN SID TLV MAY encode END.DX2 or END.DT2U behavior 494 o MAC/IP Advertisement Route(Type-2) with MAC+IP 496 * BGP next-hop: IPv6 address of egress PE 498 * MPLS Label1: Implicit-Null 500 * MPLS Label2: Implicit-Null 502 * SRv6-VPN SID TLV MAY encode Layer2 END.DX2 or END.DT2U behavior 503 and Layer3 END.DT6/4 or END.DX6/4 behavior 505 4.3. Inclusive Multicast Ethernet Tag Route with SRv6 Core 507 EVPN route Type-3 is used to advertise multicast traffic reachability 508 information through MP-BGP to all other PEs in a given EVPN instance. 510 +---------------------------------------+ 511 | RD (8 octets) | 512 +---------------------------------------+ 513 | Ethernet Tag ID (4 octets) | 514 +---------------------------------------+ 515 | IP Address Length (1 octet) | 516 +---------------------------------------+ 517 | Originating Router's IP Address | 518 | (4 or 16 octets) | 519 +---------------------------------------+ 521 An Inclusive Multicast Ethernet Tag route type specific EVPN NLRI 522 consists of the following [RFC7432] where: 524 o BGP next-hop: IPv6 address of egress PE 526 o SRv6-VPN TLV MAY encode END.DX2/END.DT2M function. 528 o BGP Attribute: PMSI Tunnel Attribute[RFC6514] MAY contain MPLS 529 implicit-null label and Tunnel Type would be similar to defined in 530 EVPN Type-6 i.e. Ingress replication route. 532 The format of PMSI Tunnel Attribute attribute is encoded as follows 533 for an SRv6 Core: 535 +---------------------------------------+ 536 | Flag (1 octet) | 537 +---------------------------------------+ 538 | Tunnel Type (1 octet) | 539 +---------------------------------------+ 540 | MPLS label (3 octet) | 541 +---------------------------------------+ 542 | Tunnel Identifier (variable) | 543 +---------------------------------------+ 545 o Flag: zero value defined per [RFC7432] 547 o Tunnel Type: defined per [RFC6514] 549 o MPLS label: Implicit-Null 551 o Tunnel Identifier: IP address of egress PE 553 SRv6 SID MAY be encoded as part of the SRv6-VPN SID TLV. The 554 behavior of the SRv6-VPN SID is entirely up to the originator of the 555 advertisement. In practice, the behavior of the SRv6 SID is as 556 follows: 558 o END.DX2 or END.DT2M function 560 o The lower 32 bits of the SRv6-VPN SID TLV MAY be all zero's. The 561 ESI Filtering argument(Arg.FE2) carried along with EVPN Route 562 Type-1 MAY be merged together by doing a bitwise logical OR to 563 create a single SID on the ingress PE for Split-horizon and other 564 filtering mechanisms. Details of filtering mechanisms are 565 described in[RFC7432] 567 4.4. Ethernet Segment Route with SRv6 Core 569 An Ethernet Segment route type specific EVPN NLRI consists of the 570 following defined in [RFC7432] 572 +---------------------------------------+ 573 | RD (8 octets) | 574 +---------------------------------------+ 575 | Ethernet Tag ID (4 octets) | 576 +---------------------------------------+ 577 | IP Address Length (1 octet) | 578 +---------------------------------------+ 579 | Originating Router's IP Address | 580 | (4 or 16 octets) | 581 +---------------------------------------+ 583 where: 585 o BGP next-hop: IPv6 address of egress PE 587 As oppose as previous route types, SRv6-VPN TLV is NOT advertised 588 along with the route. The processing of that route has not changed; 589 it remains as described in [RFC7432]. 591 4.5. IP prefix router(Type-5) with SRv6 Core 593 EVPN route Type-5 is used to advertise IP address reachability 594 through MP-BGP to all other PEs in a given EVPN instance. IP address 595 may include host IP prefix or any specific subnet. EVPN route Type-5 596 is defined in[I-D.ietf-bess-evpn-prefix-advertisement] 598 An IP Prefix advertisement is encoded as follows for an SRv6 Core: 600 +---------------------------------------+ 601 | RD (8 octets) | 602 +---------------------------------------+ 603 |Ethernet Segment Identifier (10 octets)| 604 +---------------------------------------+ 605 | Ethernet Tag ID (4 octets) | 606 +---------------------------------------+ 607 | IP Prefix Length (1 octet) | 608 +---------------------------------------+ 609 | IP Prefix (4 or 16 octets) | 610 +---------------------------------------+ 611 | GW IP Address (4 or 16 octets) | 612 +---------------------------------------+ 613 | MPLS Label (3 octets) | 614 +---------------------------------------+ 616 o BGP next-hop: IPv6 address of egress PE 618 o MPLS Label: Implicit-Null 620 SRv6-VPN SID TLV MAY be advertised. The behavior of the SRv6-VPN SID 621 is entirely up to the originator of the advertisement. In practice, 622 the behavior of the SRv6 SID is an End.DT6/4 or End.DX6/4. 624 4.6. Multicast routes (EVPN Route Type-6, Type-7, Type-8) 626 These routes do not require any additional SRv6-VPN TLV. As per EVPN 627 route-type 4, the BGP nexthop is equal to the IPv6 address of egress 628 PE. More details may be added in future revisions of this document. 630 5. Migration from L3 MPLS based Segment Routing to SRv6 Segment Routing 632 Migration from MPLS to an SRv6 with BGP speakers is achieved with BGP 633 sessions per BGP instance, one for IPv4 and a one for IPv6. 634 Migration from IPv4 to IPv6 is independent of SRv6 BGP endpoints, and 635 the selection of which route to use (received via the IPv4 or IPv6 636 session) is a local configurable decision of the ingress-PE, and is 637 outside the scope of this document. 639 Migration from IPv6 MPLS based underlay to an SRv6 underlay with BGP 640 speakers is achieved with a few simple rules at each BGP speaker. 642 At Egress-PE 643 If BGP offers an SRv6-VPN service 644 Then BGP allocates an SRv6-VPN SID for the VPN service 645 and adds the BGP SRv6-VPN SID TLV while advertising VPN prefixes. 646 If BGP offers an MPLS VPN service 647 Then BGP allocates an MPLS Label for the VPN service and 648 use it in NLRI as normal for MPLS L3 VPNs. 649 else MPLS label for VPN service is set to IMPLICIT-NULL. 651 At Ingress-PE 652 *Selection of which encapsulation below (SRv6-VPN or MPLS-VPN) is 653 defined by local BGP policy 654 If BGP supports SRv6-VPN service, and 655 receives a BGP SRv6-VPN SID Attribute with an SRv6 SID 656 Then BGP programs the destination prefix in RIB recursive via 657 the related SR Policy. 658 If BGP supports MPLS VPN service, and 659 the MPLS Label is not Implicit-Null 660 Then the MPLS label is used as a VPN label and inserted with the 661 prefix into RIB via the BGP Nexthop. 663 6. Implementation Status 665 The SRv6-VPN is available for SRv6 on various Cisco hardware and 666 other software platforms. An end-to-end integration of SRv6 L3VPN, 667 SRv6 Traffic-Engineering and Service Chaining. All of that with 668 data-plane interoperability across different implementations [1]: 670 o Three Cisco Hardware-forwarding platforms: ASR 1K, ASR 9k and NCS 671 5500 673 o Two Cisco network operating systems: IOS XE and IOS XR 675 o Barefoot Networks Tofino on OCP Wedge-100BF 677 o Linux Kernel officially upstreamed in 4.10 679 o Fd.io 681 7. Error Handling of BGP SRv6 SID Updates 683 When a BGP Speaker receives a BGP Update message containing a 684 malformed SRv6-VPN SID TLV, it MUST ignore the received BGP 685 attributes and not pass it to other BGP peers. This is equivalent to 686 the -attribute discard- action specified in [RFC7606]. When 687 discarding an attribute, a BGP speaker MAY log an error for further 688 analysis. 690 8. IANA Considerations 692 This document defines a new TLV types as part of the BGP Prefix SID 693 attribute. 695 9. Security Considerations 697 This document introduces no new security considerations beyond those 698 already specified in [RFC4271] and [RFC3107]. 700 10. Conclusions 702 This document proposes extensions to the BGP to allow advertising 703 certain attributes and functionalities related to SRv6. 705 11. References 706 11.1. Normative References 708 [I-D.filsfils-spring-segment-routing-policy] 709 Filsfils, C., Sivabalan, S., Raza, K., Liste, J., Clad, 710 F., Talaulikar, K., Hegde, S., daniel.voyer@bell.ca, d., 711 Lin, S., bogdanov@google.com, b., Horneffer, M., 712 Steinberg, D., Decraene, B., Litkowski, S., and P. Mattes, 713 "Segment Routing Policy for Traffic Engineering", draft- 714 filsfils-spring-segment-routing-policy-04 (work in 715 progress), December 2017. 717 [I-D.filsfils-spring-srv6-network-programming] 718 Filsfils, C., Leddy, J., daniel.voyer@bell.ca, d., 719 daniel.bernier@bell.ca, d., Steinberg, D., Raszuk, R., 720 Matsushima, S., Lebrun, D., Decraene, B., Peirens, B., 721 Salsano, S., Naik, G., Elmalky, H., Jonnalagadda, P., 722 Sharif, M., Ayyangar, A., Mynam, S., Henderickx, W., 723 Bashandy, A., Raza, K., Dukes, D., Clad, F., and P. 724 Camarillo, "SRv6 Network Programming", draft-filsfils- 725 spring-srv6-network-programming-03 (work in progress), 726 December 2017. 728 [I-D.ietf-6man-segment-routing-header] 729 Previdi, S., Filsfils, C., Raza, K., Leddy, J., Field, B., 730 daniel.voyer@bell.ca, d., daniel.bernier@bell.ca, d., 731 Matsushima, S., Leung, I., Linkova, J., Aries, E., Kosugi, 732 T., Vyncke, E., Lebrun, D., Steinberg, D., and R. Raszuk, 733 "IPv6 Segment Routing Header (SRH)", draft-ietf-6man- 734 segment-routing-header-07 (work in progress), July 2017. 736 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 737 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 738 December 1998, . 740 [RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in 741 BGP-4", RFC 3107, DOI 10.17487/RFC3107, May 2001, 742 . 744 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 745 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 746 2006, . 748 [RFC4456] Bates, T., Chen, E., and R. Chandra, "BGP Route 749 Reflection: An Alternative to Full Mesh Internal BGP 750 (IBGP)", RFC 4456, DOI 10.17487/RFC4456, April 2006, 751 . 753 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 754 Encodings and Procedures for Multicast in MPLS/BGP IP 755 VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, 756 . 758 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 759 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 760 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 761 2015, . 763 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 764 Patel, "Revised Error Handling for BGP UPDATE Messages", 765 RFC 7606, DOI 10.17487/RFC7606, August 2015, 766 . 768 11.2. Informative References 770 [I-D.ietf-bess-evpn-prefix-advertisement] 771 Rabadan, J., Henderickx, W., Drake, J., Lin, W., and A. 772 Sajassi, "IP Prefix Advertisement in EVPN", draft-ietf- 773 bess-evpn-prefix-advertisement-09 (work in progress), 774 November 2017. 776 [I-D.ietf-idr-bgp-prefix-sid] 777 Previdi, S., Filsfils, C., Lindem, A., Sreekantiah, A., 778 and H. Gredler, "Segment Routing Prefix SID extensions for 779 BGP", draft-ietf-idr-bgp-prefix-sid-07 (work in progress), 780 October 2017. 782 [I-D.ietf-isis-segment-routing-extensions] 783 Previdi, S., Ginsberg, L., Filsfils, C., Bashandy, A., 784 Gredler, H., Litkowski, S., Decraene, B., and J. Tantsura, 785 "IS-IS Extensions for Segment Routing", draft-ietf-isis- 786 segment-routing-extensions-15 (work in progress), December 787 2017. 789 [I-D.ietf-spring-segment-routing] 790 Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., 791 Litkowski, S., and R. Shakir, "Segment Routing 792 Architecture", draft-ietf-spring-segment-routing-14 (work 793 in progress), December 2017. 795 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 796 Requirement Levels", BCP 14, RFC 2119, 797 DOI 10.17487/RFC2119, March 1997, 798 . 800 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 801 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 802 DOI 10.17487/RFC4271, January 2006, 803 . 805 [RFC4659] De Clercq, J., Ooms, D., Carugi, M., and F. Le Faucheur, 806 "BGP-MPLS IP Virtual Private Network (VPN) Extension for 807 IPv6 VPN", RFC 4659, DOI 10.17487/RFC4659, September 2006, 808 . 810 [RFC5549] Le Faucheur, F. and E. Rosen, "Advertising IPv4 Network 811 Layer Reachability Information with an IPv6 Next Hop", 812 RFC 5549, DOI 10.17487/RFC5549, May 2009, 813 . 815 11.3. URIs 817 [1] http://www.segment-routing.net 819 Appendix A. Contributors 821 Bart Peirens 822 Proximus 823 Belgium 825 Email: bart.peirens@proximus.com 827 Authors' Addresses 829 Gaurav Dawra (editor) 830 Cisco Systems 831 USA 833 Email: gdawra.ietf@gmail.com 835 Clarence Filsfils 836 Cisco Systems 837 Belgium 839 Email: cfilsfil@cisco.com 840 Darren Dukes 841 Cisco Systems 842 Canada 844 Email: ddukes@cisco.com 846 Patrice Brissette 847 Cisco Systems 848 Canada 850 Email: pbrisset@cisco.com 852 Pablo Camarilo 853 Cisco Systems 854 Spain 856 Email: pcamaril@cisco.com 858 Jonn Leddy 859 Comcast 860 USA 862 Email: john_leddy@cable.comcast.com 864 Daniel Voyer 865 Bell Canada 866 Canada 868 Email: daniel.voyer@bell.ca 870 Daniel Bernier 871 Bell Canada 872 Canada 874 Email: daniel.bernier@bell.ca 876 Dirk Steinberg 877 Steinberg Consulting 878 Germany 880 Email: dws@steinberg.net 881 Robert Raszuk 882 Bloomberg LP 883 USA 885 Email: robert@raszuk.net 887 Bruno Decraene 888 Orange 889 France 891 Email: bruno.decraene@orange.com 893 Satoru Matsushima 894 SoftBank 895 1-9-1,Higashi-Shimbashi,Minato-Ku 896 Japan 105-7322 898 Email: satoru.matsushima@g.softbank.co.jp