idnits 2.17.1 draft-drake-bess-enhanced-vpn-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 4, 2019) is 1629 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-07 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-03 Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group J. Drake 3 Internet-Draft Juniper Networks 4 Intended status: Standards Track A. Farrel 5 Expires: May 7, 2020 Old Dog Consulting 6 L. Jalil 7 Verizon 8 A. Lingala 9 AT&T 10 November 4, 2019 12 BGP-LS Filters : A Framework for Network Slicing and Enhanced VPNs 13 draft-drake-bess-enhanced-vpn-02 15 Abstract 17 Future networks that support advanced services, such as those enabled 18 by 5G mobile networks, envision a set of overlay networks each with 19 different performance and scaling properties. These overlays are 20 known as network slices and are realized over a common underlay 21 network. 23 In order to support network slicing, as well as to offer enhanced VPN 24 services in general, it is necessary to define a mechanism by which 25 specific resources (links and/or nodes) of an underlay network can be 26 used by a specific network slice, VPN, or set of VPNs. This document 27 sets out such a mechanism for use in Segment Routing networks. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on May 7, 2020. 46 Copyright Notice 48 Copyright (c) 2019 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 65 3. Overview of Approach . . . . . . . . . . . . . . . . . . . . 3 66 4. Detailed Protocol Operation . . . . . . . . . . . . . . . . . 5 67 4.1. The BGP-LS Filter Attribute . . . . . . . . . . . . . . . 7 68 4.1.1. The Filter TLV . . . . . . . . . . . . . . . . . . . 8 69 4.1.2. The DSCP List TLV . . . . . . . . . . . . . . . . . . 9 70 4.1.3. The Color List TLV . . . . . . . . . . . . . . . . . 10 71 4.1.4. The Root TLV . . . . . . . . . . . . . . . . . . . . 10 72 4.2. Error Handling . . . . . . . . . . . . . . . . . . . . . 11 73 5. Comparison With ACTN . . . . . . . . . . . . . . . . . . . . 12 74 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 12 75 6.1. MP2MP Connectivity . . . . . . . . . . . . . . . . . . . 13 76 6.2. P2MP Unidirectional Connectivity . . . . . . . . . . . . 14 77 6.3. P2P Unidirectional Connectivity . . . . . . . . . . . . . 15 78 6.4. P2P Bidirectional Connectivity . . . . . . . . . . . . . 16 79 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 80 8. Manageability Considerations . . . . . . . . . . . . . . . . 17 81 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 82 9.1. New BGP Path Attribute . . . . . . . . . . . . . . . . . 17 83 9.2. New BGP-LS Filter attribute TLVs Type Registry . . . . . 18 84 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 85 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 86 11.1. Normative References . . . . . . . . . . . . . . . . . . 18 87 11.2. Informative References . . . . . . . . . . . . . . . . . 20 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 90 1. Introduction 92 Network slicing is an approach to network operations that builds on 93 the concept of network abstraction to provide programmability, 94 flexibility, and modularity. Driven largely by needs surfacing from 95 5G, the concept of network slicing has gained traction, for example 96 in [TS23501] and [TS28530]. Network slicing requires the underlying 97 network to support partitioning the network resources to provide the 98 client with dedicated (private) networking, computing, and storage 99 resources drawn from a shared pool. The slices may be seen as (and 100 operated as) virtual networks. 102 Advanced services drive a need to create virtual networks with 103 enhanced characteristics. The tenant of such a virtual network can 104 require a degree of isolation and performance that previously could 105 only be satisfied by dedicated networks. Additionally, the tenant 106 may ask for some level of control to their virtual networks, e.g., to 107 customize the service forwarding paths in the underlying network. 109 The concepts of "enhanced VPNs" and "network slicing" are introduced 110 in [I-D.ietf-teas-enhanced-vpn]. 112 In order to support network slicing, as well as to offer enhanced VPN 113 services in general, it is necessary to define a mechanism by which 114 specific resources (links and/or nodes) of an underlay network can be 115 used by a specific network slice, VPN, or set of VPNs. This document 116 sets out such a mechanism for use in Segment Routing networks 117 [RFC8402] and builds on the ideas introduced in 118 [I-D.ietf-idr-segment-routing-te-policy]. I.e., it generalizes that 119 work to support multipoint-to-multipoint (MP2MP), point-to-multipoint 120 (P2MP), and bidirectional point-to-point (P2P) topologies; it 121 integrates BGP-based VPN support ([RFC4364], [RFC7432]); it supports 122 DSCP as well a Color-based forwarding, and it uses BGP Link-State 123 (BGP-LS) [RFC7752] to distribute topology information. 125 2. Requirements Language 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 129 "OPTIONAL" in this document are to be interpreted as described in BCP 130 14 [RFC2119] [RFC8174] when, and only when, they appear in all 131 capitals, as shown here. 133 3. Overview of Approach 135 The approach is based on a network controller that uses the {source, 136 destination} traffic matrix and the performance and scaling 137 properties of each network slice, VPN, or set of VPNs in conjunction 138 with the topology of the underlay network to assign each network 139 slice, VPN, or set of VPNs a set of underlay links and nodes that it 140 can use. That is, each network slice, VPN, or set of VPNs gets a 141 subset, either dedicated or shared, of the resources in the underlay 142 network. 144 It should be noted that resources can be assigned at any of the 145 following granularities: 147 o All PEs in a given VPN 149 o A set of PEs in a given VPN 151 o An individual PE in a given VPN. 153 Once the network controller has determined the resource assignments, 154 it distributes this information to the PEs that participate in each 155 VPN using the usual VPN information dissemination tools, e.g., route 156 targets (RT) [RFC4360], route reflectors (RR) [RFC4456], and RT 157 constraints [RFC4684]. 159 This information is distributed to the PEs by giving them a 160 customized and limited view of the underlay network on the basis of a 161 network slice, a VPN, or a set of VPNs. Each PE will have a complete 162 view of the underlay network and this customized and limited view 163 acts as filter on the underlay network telling the PE which underlay 164 network resources it can use to direct the traffic of a given network 165 slice, VPN, or set of VPNs to best deliver end-to-end services. 167 The resource allocation information is encoded using BGP-LS. This 168 approach is chosen for the following reasons: 170 o It is BGP-based so it integrates easily with the existing BGP- 171 based VPN infrastructure ([RFC4364], [RFC4684]) 173 o It supports Segment Routing which is necessary to enforce the PEs' 174 usage of the resources allocated to the VPN or set of VPNs 176 o It supports Segment Routing which is necessary to enforce the PEs' 177 usage of the resources allocated to the network slice, VPN, or set 178 of VPNs. The use of RSVP-TE ([RFC3209]) rather than Segment 179 Routing is at the discretion of the network operator as BGP-LS 180 supports both and either confines a packet flow to a specific 181 path. 183 o It supports inter-AS connectivity which is a perquisite for 184 supporting the existing BGP-based VPN infrastructure 186 o It is canonical, in that it can be used to advertise the resources 187 of underlay networks that use either IS-IS or OSPF 189 It should be noted that this mechanism also follows the scalability 190 model of the existing BGP-based VPN infrastructure, which is that the 191 per-VPN information is restricted to only those PE routers that are 192 supporting that VPN and that the P routers have no per-VPN state. 194 The PEs in non-enhanced VPNs do not receive this resource allocation 195 information and would not confine their usage of the underlay network 196 resources. In order to ensure that the underlay network resources 197 allocated to enhanced VPNs are not inadvertently used by the PEs in 198 non-enhanced VPNs, the network controller SHOULD ensure that the IGP 199 and TE metrics for these resources is higher than the metrics for the 200 underlay network resources allocated to non-enhanced VPNs. In 201 certain situations, detailed in Section 4, PEs in enhanced VPNs will 202 use the underlay networks resources allocated to non-enhanced VPNs. 204 Additional to the programming of the PEs and its computation and 205 assignment of resources for use by network slices, VPNs, or sets of 206 VPNs, the network controller also instructs the P routers to make the 207 actual allocation of these resources by assigning link bandwidth to a 208 specific DSCP or adjacency SID. 210 4. Detailed Protocol Operation 212 We define a BGP-LS Filter to be a BGP-LS encoded description of a 213 subset of the links and nodes in the underlay network. A BGP-LS 214 Filter defines the topology for a network slice or a set of one or 215 more VPNs. The topology defined by a BGP-LS Filter needs to provide 216 connectivity between the PEs in a given network slice, VPN or set of 217 VPNs. I.e., it connects the PEs in these VPNs and is used by them to 218 send packets to each other. A given filter is tagged with the route 219 targets of the VPNs whose PEs are to import the filter. A BGP-LS 220 Filter is pushed southbound to those PEs by the network controller 221 and SHOULD provide multiple paths between a given ingress/egress PE 222 pair. 224 Note that there will be multiple BGP-LS Filters in a given network 225 deployment and that a given underlay network link or node may appear 226 in more than one of them. In order to provide disambiguation AFI 227 16388 (BGP-LS) and SAFI 72 (BGP-LS-VPN) are used in BGP-LS UPDATE 228 messages and the network controller SHOULD allocate a different route 229 distinguisher (RD) to each BGP-LS Filter. 231 Within a given VPN, when an ingress PE needs to send a packet to an 232 egress PE it selects a path to that egress PE from the topology 233 defined by the BGP-LS Filters it has imported for that VPN. It then 234 either adds a segment routing label stack specifying that path to the 235 packet or places the packet in an RSVP-TE LSP which uses that path. 236 The ingress PE may use any path computation it wishes if that path 237 computation confines the path to the topology defined by the relevant 238 set of BGP-LS Filters. 240 If Segment Routing is used and a nodal SID is placed in the segment 241 routing label stack, then when that segment is active the P routers 242 will forward the packet using the underlay network resources 243 allocated to non-enhanced VPNs. Similarly, if the RSVP-TE LSP was 244 established using a loose source route to the subject node, the path 245 to that node was selected using the underlay network resources 246 allocated to non-enhanced VPNs. 248 Because the BGP-LS UPDATE messages specifying a BGP-LS Filter may 249 arrive in any order and the BGP-LS UPDATE messages of multiple BGP-LS 250 Filters may be interleaved, there is a need for a new attribute that 251 is attached to a BGP-LS UPDATE. This attribute contains a Filter ID, 252 a Filter version number, a Filter type (MP2MP, P2MP, or P2P), the 253 total number of fragments in the filter, and the specific fragment 254 number of the piece in hand. I.e., it is assumed that a PE may 255 import more than one BGP-LS Filter, that a given BGP-LS Filter may 256 change over time, and that a given BGP-LS Filter may span multiple 257 BGP-LS UPDATE messages. The Filter ID needs to be unique across the 258 set of VPNs into which the BGP-LS Filter is to be imported. 260 A BGP-LS Filter that is created for a set of VPNs will contain a set 261 of network resources sufficient to connect the PEs in each VPN in the 262 set and each of the BGP-LS UPDATE messages for the filter MUST be 263 tagged with the RT for each VPN in the set. 265 If a PE imports more than one BGP-LS Filter it may use the union of 266 the links and nodes specified in each filter when selecting a path. 267 A PE should give precedence to BGP-LS Filters of type P2MP and P2P 268 when selecting a path. Routes targets specific to a given VPN/PE 269 pair are needed for BGP-LS Filters of type P2MP and P2P. 271 A given BGP-LS Filter may change in response to updates to the PE 272 membership in a VPN to which the BGP-LS Filter applies or to updates 273 to the underlay network. When this occurs, the network controller 274 should push a new version of the affected BGP-LS Filters. That is, 275 it increments the version number of each BGP-LS Filter. Note that a 276 network controller does not need to compute new BGP-LS Filters in 277 response to an individual link or node failure in the underlay 278 network if connectivity still exists among the PEs in the network 279 slice, VPN or set or VPNs with the existing BGP-LS Filters. 281 A BGP-LS Filter cannot be used by a PE until it is completely 282 assembled. If the BGP-LS Filter that is being assembled is a newer 283 version of a BGP-LS Filter that the PE is currently using, the PE 284 should continue to use its current version of the BGP-LS Filter until 285 the newer version is completely assembled. 287 When selecting a path using one or more BGP-LS Filters, an ingress PE 288 can use a link or node only if it is active in the underlay network. 289 If this precludes connectivity to the egress PE it may use the 290 underlay network resources allocated to non-enhanced VPNs to reach 291 the egress PE. 293 Additionally, when there is a newly activated PE it will not be 294 present in any of the BGP-LS Filters used by the other PEs. Until a 295 new BGP-LS Filter or Filters that contain that PE has been 296 distributed, other PEs will use the underlay network resources 297 allocated to non-enhanced VPNs to reach the newly activated PE and it 298 use these resources to reach other PEs. 300 4.1. The BGP-LS Filter Attribute 302 [RFC4271] defines the BGP Path attribute. This document introduces a 303 new Optional Transitive Path attribute called the BGP-LS Filter 304 attribute with value TBD1 to be assigned by IANA. 306 The first BGP-LS Filter attribute MUST be processed and subsequent 307 instances MUST be ignored. 309 The common fields of the BGP-LS Filter attribute are set as follows: 311 o Optional bit is set to 1 to indicate that this is an optional 312 attribute. 314 o The Transitive bit is set to 1 to indicate that this is a 315 transitive attribute. 317 o The Extended Length bit is set according to the length of the BGP- 318 LS Filter attribute as defined in [RFC4271]. 320 o The Attribute Type Code is set to TBD1. 322 The content of the BGP-LS Filter attribute is a series of Type- 323 Length-Value (TLV) constructs. Each TLV may include sub-TLVs. All 324 TLVs and sub-TLVs have a common format that is: 326 o Type: A single octet indicating the type of the BGP-LS Filter 327 attribute TLV. Values are taken from the registry described in 328 Section 9.2. 330 o Length: A two octet field indicating the length of the data 331 following the Length field counted in octets. 333 o Value: The contents of the TLV. 335 The formats of the TLVs defined in this document are shown in the 336 following sections. The presence rules and meanings are as follows. 338 o The BGP-LS Filter attribute MUST contain a Filter TLV. 340 o The BGP-LS Filter attribute MAY contain a DSCP List TLV. 342 o The BGP-LS Filter attribute MAY contain a Color List TLV. 344 o The BGP-LS Filter attribute MAY contain a Root TLV. 346 4.1.1. The Filter TLV 348 The BGP-LS Filter attribute MUST contain exactly one Filter TLV. Its 349 format is shown in Figure 1. Note that a given BGP-LS Filter may 350 span multiple UPDATE messages and the Topology, Version Number, and 351 the Number of Fragments fields in the BGP-LS Filter attribute 352 contained in each UPDATE message MUST be set to the same value or the 353 BGP-LS Filter is unusable. 355 +--------------------------------------------+ 356 | Type = 1 (1 octet) | 357 +--------------------------------------------+ 358 | Length (2 octets) | 359 +--------------------------------------------+ 360 | Topology (1 Octet) | 361 +--------------------------------------------+ 362 | ID (4 Octets) | 363 +--------------------------------------------+ 364 | Version Number (4 Octets) | 365 +--------------------------------------------+ 366 | Number of Fragments (4 Octets) | 367 +--------------------------------------------+ 368 | Fragment Number (4 Octets) | 369 +--------------------------------------------+ 371 Figure 1: The Filter TLV Format 373 The fields are as follows: 375 o Type is set to 1 to indicate a Filter TLV. 377 o Length is set to 17 octets. 379 o Topology indicates whether this BGP-LS Filter is MP2MP, P2MP, P2P 380 unidirectional, or P2P bidirectional. 382 o The ID of this BGP-LS Filter. This ID needs to be unique within 383 the set of VPNs into which the BGP-LS Filter is to be imported. 385 o The Version Number of this BGP-LS Filter. I.e., the contents of a 386 BGP-LS Filter with a given ID may change over time and this field 387 indicates the latest version of that BGP-LS Filter. 389 o Number of Fragments indicates the number of BGP UPDATE messages 390 defining this BGP-LS Filter. 392 o Fragment Number indicates ordinal position of this UPDATE message 393 within the set of UPDATE messages defining this BGP-LS Filter. A 394 BGP-LS Filter is not complete, i.e., usable, until all UPDATE 395 messages have been received with Fragment Numbers in the range 1 396 <= Fragment Number <= Number of Fragments. An UPDATE message with 397 a Fragment Number outside this range is to be ignored. 399 4.1.2. The DSCP List TLV 401 The DSCP List TLV MAY be included in the BGP-LS Filter attribute. If 402 included, a packet whose DSCP matches a DSCP in the DSCP list is to 403 be forwarded using the BGP-LS Filter defined by the containing BGP-LS 404 Filter attribute. The first DSCP List TLV MUST be processed and 405 subsequent instances MUST be ignored. The format of the DSCP List 406 TLV is shown in Figure 2. 408 +--------------------------------------------+ 409 | Type = 2 (1 octet) | 410 +--------------------------------------------+ 411 | Length (2 octets) | 412 +--------------------------------------------+ 413 | DSCP List (variable) | 414 +--------------------------------------------+ 416 Figure 2: The DSCP List TLV Format 418 The fields are as follows: 420 o Type is set to 2 to indicate a DSCP List TLV. 422 o Length indicates the length in octets of the DSCP List. 424 o DSCP List contains a list of DSCPs, each one octet in length and 425 encoded in the standard format. 427 4.1.3. The Color List TLV 429 The Color List TLV MAY be included in the BGP-LS Filter attribute. 430 If a BGP UPDATE contains a Color extended community with a color (as 431 defined by [RFC5512]) that matches an entry in the Color List, then a 432 packet whose destination is covered by one of the routes in that 433 UPDATE is to be forwarded using the BGP-LS Filter defined by the 434 containing BGP-LS Filter attribute. The first Color List TLV MUST be 435 processed and subsequent instances MUST be ignored. The format of 436 the Color List TLV is shown in Figure 3. 438 Note that if both a DSCP List and a Color List TLV are included in a 439 BGP-LS Filter attribute, packets matching an entry in either list are 440 to be forwarded using the BGP-LS Filter defined by the containing 441 BGP-LS Filter attribute. If neither list is included then all 442 packets for that network slice, VPN, or set of VPNs can be forwarded 443 using the BGP-LS Filter defined by the containing BGP-LS Filter 444 attribute. 446 +--------------------------------------------+ 447 | Type = 3 (1 octet) | 448 +--------------------------------------------+ 449 | Length (2 octets) | 450 +--------------------------------------------+ 451 | Color List (variable) | 452 +--------------------------------------------+ 454 Figure 3: The Color List TLV Format 456 The fields are as follows: 458 o Type is set to 3 to indicate a Color List TLV. 460 o Length indicates the length in octets of the Color List. 462 o Color List contains a list of Colors, each four octets in length. 464 4.1.4. The Root TLV 466 The Root TLV MUST be included in the BGP-LS Filter attribute if its 467 topology is of type P2MP or P2P unidirectional. It defines the root 468 node for that topology and if it is not present the BGP-LS Filter is 469 unusable. The TLV, if present, MUST be ignored if the topology is of 470 type MP2MP or P2P bidirectional. 472 The Root TLV is structured as shown in Figure 4 and MAY contain any 473 of the sub-TLVs defined in section 3.2.1.4 of [RFC7752]. 475 +--------------------------------------------+ 476 | Type = 3 (1 octet) | 477 +--------------------------------------------+ 478 | Length (2 octets) | 479 +--------------------------------------------+ 480 | Sub-TLVs (variable) | 481 +--------------------------------------------+ 483 Figure 4: The Root TLV Format 485 The fields are as follows: 487 o Type is set to 3 to indicate a Color List TLV. 489 o Length indicates the length in octets of the Color List. 491 o There follows a sequence of zero or more sub-TLVs as defined in 492 section 3.2.1.4 of [RFC7752]. The presence of sub-TLVs can be 493 deduced from the Length field of the Root TLV and from the Length 494 fields of each of the sub-TLVs. 496 4.2. Error Handling 498 Section 6 of [RFC4271] describes the handling of malformed BGP 499 attributes, or those that are in error in some way. [RFC7606] 500 revises BGP error handling specifically for the for UPDATE message, 501 provides guidelines for the authors of documents defining new 502 attributes, and revises the error handling procedures for a number of 503 existing attributes. This document introduces the BGP-LS Filter 504 attribute and so defines error handling as follows: 506 o When parsing a message, an unknown Attribute Type code or a length 507 that suggests that the attribute is longer than the remaining 508 message is treated as a malformed message and the "treat-as- 509 withdraw" approach used as per [RFC7606]. 511 o When parsing a message that contains an BGP-LS Filter attribute, 512 the following cases constitute errors: 514 1. Optional bit is set to 0 in BGP-LS Filter attribute. 516 2. Transitive bit is set to 0 in BGP-LS Filter attribute. 518 3. The attribute does not contain a Filter TLV or it contains 519 more than one Filter TLV. 521 4. The TLV length indicates that the TLV extends beyond the end 522 of the BGP-LS Filter attribute. 524 5. There is an unknown TLV type field found in BGP-LS Filter 525 attribute. 527 o The errors listed above are treated as follows: 529 1., 2., 3., 4.: The attribute MUST be treated as malformed and 530 the "treat-as-withdraw" approach used as per [RFC7606]. 532 5.: Unknown TLVs SHOULD be ignored, and message processing SHOULD 533 continue. 535 5. Comparison With ACTN 537 TBD 539 6. Examples 541 Figure 5shows a sample underlay topology. Six PEs (PE1 through PE6) 542 are connected across a network of twelve P nodes (P1 through P12). 543 Each PE is dual-homed, and the P nodes are variously connected so 544 that there are multiple routes between PEs. 546 PE3 PE4 547 |\ /| 548 | \ / | 549 | \ / | 550 | \/ | 551 | /\ | 552 | / \ | 553 | / \ | 554 |/ \| 555 P1--------P2 556 / |\ /| \ 557 / | \ / | \ 558 / | \ / | \ 559 / | \/ | \ 560 P3-------P4--------P5-------P6 561 | / | /\ | \ | 562 | / | / \ | \ | 563 | / | / \ | \ | 564 |/ |/ \| \| 565 P7---P8--P9--------P10-P11-P12 566 |\ /| |\ /| 567 | \/ | | \/ | 568 | /\ | | /\ | 569 |/ \| |/ \| 570 PE1 PE2 PE5 PE6 572 Figure 5: Underlay Network Topology 574 6.1. MP2MP Connectivity 576 Figure 6 shows how a Multi-point-to-multipoint (MP2MP) service that 577 connects PE1, PE3, and PE6 can be installed over the underlay 578 network. Path have been computed so that, for example, PE1 is 579 connected to both PE3 and PE6 via a pair of redundant paths. 580 Similarly, PE3 is connected to PE1 and PE6, and PE6 is connected to 581 PE1 and PE3. 583 PE3 PE4 584 | \ 585 | \ 586 | \ 587 | \ 588 | \ 589 | \ 590 | \ 591 | \ 592 P1 P2 593 / \ /| 594 / \ / | 595 / \ / | 596 / \ / | 597 P3 P4 X P5 P6 598 | / \ \ 599 | / \ \ 600 | / \ \ 601 | / \ \ 602 P7 P8--P9---------P10-P11 P12 603 | / \ | 604 | / \ | 605 | / \ | 606 |/ \| 607 PE1 PE2 PE5 PE6 609 Figure 6: An MP2MP Service Installed at PE1, PE3, and PE6 611 6.2. P2MP Unidirectional Connectivity 613 Figure 7 shows the provision of a Point-to-Multipoint (P2MP) rooted 614 at PE3 and connected to PE1 and PE6. As in the previous example, a 615 redundant pair of paths is established between PE3 and each of PE1 616 and PE6. Thus, the two paths from PE3 to PE1 are PE3-P1-P4-P7-PE1 617 and PE3-P2-P9-P8-PE1. 619 PE3 PE4 620 | \ 621 | \ 622 | \ 623 | \ 624 | \ 625 | \ 626 | \ 627 | \ 628 P1 P2 629 |\ / \ 630 | \ / \ 631 | \ / \ 632 | \ / \ 633 P3 P4 X P5 P6 634 / / \ | 635 / / \ | 636 / / \ | 637 / / \ | 638 P7---P8--P9 P10-P11 P12 639 | / \ | 640 | / \ | 641 | / \ | 642 |/ \| 643 PE1 PE2 PE5 PE6 645 Figure 7: A P2MP Unidirectional Service Installed at PE3 647 6.3. P2P Unidirectional Connectivity 649 Figure 8 shows a Point-to-Point (P2P) service rooted at PE1 and 650 connected to PE3. This is equivalent to a Segment Routing Traffic 651 Engineering (SR TE) Policy [I-D.ietf-idr-segment-routing-te-policy] 652 installed at PE1. 654 As in the previous examples, a pair of redundant paths are computed. 656 PE3 PE4 657 |\ 658 | \ 659 | \ 660 | \ 661 | \ 662 | \ 663 | \ 664 | \ 665 P1 P2 666 | | 667 | | 668 | | 669 | | 670 P3 P4 P5 P6 671 / | 672 / | 673 / | 674 / | 675 P7 P8--P9--------P10 P11 P12 676 | / 677 | / 678 | / 679 |/ 680 PE1 PE2 PE5 PE6 682 Figure 8: A P2P Unidirectional Service (SR TE Policy) Installed at 683 PE1 685 6.4. P2P Bidirectional Connectivity 687 Figure 9 show a bidirectional P2P service connecting PE1 and PE6. 688 This is equivalent to a Segment Routing Traffic Engineering (SR TE) 689 Policy [I-D.ietf-idr-segment-routing-te-policy] installed at PE1 and 690 PE6. 692 PE3 PE4 694 P1 P2 696 P3 P4--------P5 P6 697 / \ 698 / \ 699 / \ 700 / \ 701 P7 P8--P9--------P10-P11 P12 702 | / \ | 703 | / \ | 704 | / \ | 705 |/ \| 706 PE1 PE2 PE5 PE6 708 Figure 9: A P2P Bidirectional Service Installed at PE1 and PE6 710 7. Security Considerations 712 TBD 714 8. Manageability Considerations 716 Per VPN OAM and telemetry will be required in order to monitor and 717 verify the performance of network slices. This is particularly 718 important when the performance of a network slice has been committed 719 to a customer through a Service Level Agreement. 721 TBD 723 9. IANA Considerations 725 9.1. New BGP Path Attribute 727 IANA maintains a registry of "Border Gateway Protocol (BGP) 728 Parameters" with a subregistry of "BGP Path Attributes". IANA is 729 requested to assign a new Path attribute called "BGP-LS Filter 730 attribute" (TBD1 in this document) with this document as a reference. 732 9.2. New BGP-LS Filter attribute TLVs Type Registry 734 IANA maintains a registry of "Border Gateway Protocol (BGP) 735 Parameters". IANA is request to create a new subregistry called the 736 "BGP-LS Filter attribute TLVs" registry. 738 Valid values are in the range 0 to 255. 740 o Values 0 and 255 are to be marked "Reserved, not to be allocated". 742 o Values 1 through 254 are to be assigned according to the "First 743 Come First Served" policy [RFC8126] 745 This document should be given as a reference for this registry. The 746 new registry should track: 748 o Type 750 o Name 752 o Reference Document or Contact 754 o Registration Date 756 The registry should initially be populated as follows: 758 Type | Name | Reference | Date 759 ------+-------------------------+---------------+--------------- 760 1 | Filter TLV | [This.I-D] | Date-to-be-set 761 2 | DSCP List TLV | [This.I-D] | Date-to-be-set 762 3 | Color List TLV | [This.I-D] | Date-to-be-set 763 4 | Root TLV | [This.I-D] | Date-to-be-set 765 10. Acknowledgements 767 The authors are grateful to all those who contributed to the 768 discussions that led to this work: Ron Bonica, Stewart Bryant, Jie 769 Dong, Keyur Patel, and Colby Barth. 771 11. References 773 11.1. Normative References 775 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 776 Requirement Levels", BCP 14, RFC 2119, 777 DOI 10.17487/RFC2119, March 1997, 778 . 780 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 781 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 782 DOI 10.17487/RFC4271, January 2006, 783 . 785 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 786 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 787 2006, . 789 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 790 Subsequent Address Family Identifier (SAFI) and the BGP 791 Tunnel Encapsulation Attribute", RFC 5512, 792 DOI 10.17487/RFC5512, April 2009, 793 . 795 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 796 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 797 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 798 2015, . 800 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 801 Patel, "Revised Error Handling for BGP UPDATE Messages", 802 RFC 7606, DOI 10.17487/RFC7606, August 2015, 803 . 805 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 806 S. Ray, "North-Bound Distribution of Link-State and 807 Traffic Engineering (TE) Information Using BGP", RFC 7752, 808 DOI 10.17487/RFC7752, March 2016, 809 . 811 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 812 Writing an IANA Considerations Section in RFCs", BCP 26, 813 RFC 8126, DOI 10.17487/RFC8126, June 2017, 814 . 816 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 817 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 818 May 2017, . 820 11.2. Informative References 822 [I-D.ietf-idr-segment-routing-te-policy] 823 Previdi, S., Filsfils, C., Mattes, P., Rosen, E., Jain, 824 D., and S. Lin, "Advertising Segment Routing Policies in 825 BGP", draft-ietf-idr-segment-routing-te-policy-07 (work in 826 progress), July 2019. 828 [I-D.ietf-teas-enhanced-vpn] 829 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 830 Framework for Enhanced Virtual Private Networks (VPN+) 831 Service", draft-ietf-teas-enhanced-vpn-03 (work in 832 progress), September 2019. 834 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 835 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 836 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 837 . 839 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 840 Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, 841 February 2006, . 843 [RFC4456] Bates, T., Chen, E., and R. Chandra, "BGP Route 844 Reflection: An Alternative to Full Mesh Internal BGP 845 (IBGP)", RFC 4456, DOI 10.17487/RFC4456, April 2006, 846 . 848 [RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, 849 R., Patel, K., and J. Guichard, "Constrained Route 850 Distribution for Border Gateway Protocol/MultiProtocol 851 Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual 852 Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684, 853 November 2006, . 855 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 856 Decraene, B., Litkowski, S., and R. Shakir, "Segment 857 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 858 July 2018, . 860 [TS23501] 3GPP, "System architecture for the 5G System (5GS) - 3GPP 861 TS23.501", 2016, 862 . 865 [TS28530] 3GPP, "Management and orchestration; Concepts, use cases 866 and requirements - 3GPP TS28.530", 2016, 867 . 870 Authors' Addresses 872 John Drake 873 Juniper Networks 875 Email: jdrake@juniper.net 877 Adrian Farrel 878 Old Dog Consulting 880 Email: adrian@olddog.co.uk 882 Luay Jalil 883 Verizon 885 Email: luay.jalil@verizon.com 887 Avinash Lingala 888 AT&T 890 Email: ar977m@att.com