idnits 2.17.1 draft-filsfils-spring-segment-routing-central-epe-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 32 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 26, 2014) is 3622 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3107 (Obsoleted by RFC 8277) ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) == Outdated reference: A later version (-04) exists of draft-filsfils-spring-segment-routing-01 == Outdated reference: A later version (-03) exists of draft-filsfils-spring-segment-routing-mpls-01 == Outdated reference: A later version (-13) exists of draft-ietf-idr-ls-distribution-05 == Outdated reference: A later version (-25) exists of draft-ietf-isis-segment-routing-extensions-00 == Outdated reference: A later version (-11) exists of draft-ietf-isis-te-metric-extensions-03 == Outdated reference: A later version (-11) exists of draft-ietf-pce-pce-initiated-lsp-00 == Outdated reference: A later version (-08) exists of draft-ietf-spring-problem-statement-00 == Outdated reference: A later version (-05) exists of draft-psenak-ospf-segment-routing-extensions-04 == Outdated reference: A later version (-02) exists of draft-psenak-ospf-segment-routing-ospfv3-extension-01 == Outdated reference: A later version (-03) exists of draft-sivabalan-pce-segment-routing-02 Summary: 2 errors (**), 0 flaws (~~), 12 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Filsfils, Ed. 3 Internet-Draft S. Previdi, Ed. 4 Intended status: Informational K. Patel 5 Expires: November 27, 2014 Cisco Systems, Inc. 6 E. Aries 7 S. Shaw 8 Facebook 9 D. Ginsburg 10 D. Afanasiev 11 Yandex 12 May 26, 2014 14 Segment Routing Centralized Egress Peer Engineering 15 draft-filsfils-spring-segment-routing-central-epe-01 17 Abstract 19 Segment Routing (SR) leverages source routing. A node steers a 20 packet through a controlled set of instructions, called segments, by 21 prepending the packet with an SR header. A segment can represent any 22 instruction topological or service-based. SR allows to enforce a 23 flow through any topological path and service chain while maintaining 24 per-flow state only at the ingress node of the SR domain. 26 The Segment Routing architecture can be directly applied to the MPLS 27 dataplane with no change on the forwarding plane. It requires minor 28 extension to the existing link-state routing protocols. 30 This document illustrates the application of Segment Routing to solve 31 the Egress Peer Engineering (EPE) requirement. The SR-based EPE 32 solution allows a centralized (SDN) controller to program any egress 33 peer policy at ingress border routers or at hosts within the domain. 34 This document is on the informational track. 36 Requirements Language 38 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 39 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 40 document are to be interpreted as described in RFC 2119 [RFC2119]. 42 Status of This Memo 44 This Internet-Draft is submitted in full conformance with the 45 provisions of BCP 78 and BCP 79. 47 Internet-Drafts are working documents of the Internet Engineering 48 Task Force (IETF). Note that other groups may also distribute 49 working documents as Internet-Drafts. The list of current Internet- 50 Drafts is at http://datatracker.ietf.org/drafts/current/. 52 Internet-Drafts are draft documents valid for a maximum of six months 53 and may be updated, replaced, or obsoleted by other documents at any 54 time. It is inappropriate to use Internet-Drafts as reference 55 material or to cite them other than as "work in progress." 57 This Internet-Draft will expire on November 27, 2014. 59 Copyright Notice 61 Copyright (c) 2014 IETF Trust and the persons identified as the 62 document authors. All rights reserved. 64 This document is subject to BCP 78 and the IETF Trust's Legal 65 Provisions Relating to IETF Documents 66 (http://trustee.ietf.org/license-info) in effect on the date of 67 publication of this document. Please review these documents 68 carefully, as they describe your rights and restrictions with respect 69 to this document. Code Components extracted from this document must 70 include Simplified BSD License text as described in Section 4.e of 71 the Trust Legal Provisions and are provided without warranty as 72 described in the Simplified BSD License. 74 Table of Contents 76 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 77 1.1. Segment Routing Documents . . . . . . . . . . . . . . . . 4 78 1.2. Problem Statement . . . . . . . . . . . . . . . . . . . . 4 79 2. BGP Peering Segments . . . . . . . . . . . . . . . . . . . . 6 80 3. Distribution of External Topology and TE Information using 81 BGP-LS . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 82 3.1. EPE Route advertising the Peer D and its PeerNode SID . . 7 83 3.2. EPE Route advertising the Peer E and its PeerNode SID . . 7 84 3.3. EPE Route advertising the Peer F and its PeerNode SID . . 8 85 3.4. EPE Route advertising a first PeerAdj to Peer F . . . . . 8 86 3.5. EPE Route advertising a second PeerAdj to Peer F . . . . 9 87 3.6. FRR . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 88 4. EPE Controller . . . . . . . . . . . . . . . . . . . . . . . 10 89 4.1. Valid Paths From Peers . . . . . . . . . . . . . . . . . 11 90 4.2. Intra-Domain Topology . . . . . . . . . . . . . . . . . . 11 91 4.3. External Topology . . . . . . . . . . . . . . . . . . . . 11 92 4.4. SLA characteristics of each peer . . . . . . . . . . . . 12 93 4.5. Traffic Matrix . . . . . . . . . . . . . . . . . . . . . 12 94 4.6. Business Policies . . . . . . . . . . . . . . . . . . . . 12 95 4.7. EPE Policy . . . . . . . . . . . . . . . . . . . . . . . 12 96 5. Programming an input policy . . . . . . . . . . . . . . . . . 13 97 5.1. At a Host . . . . . . . . . . . . . . . . . . . . . . . . 13 98 5.2. At a router - SR Traffic Engineering tunnel . . . . . . . 13 99 5.3. At a Router - BGP3107 policy route . . . . . . . . . . . 14 100 5.4. At a Router - VPN policy route . . . . . . . . . . . . . 14 101 5.5. At a Router - Flowspec route . . . . . . . . . . . . . . 14 102 6. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 103 7. Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . 15 104 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 105 9. Manageability Considerations . . . . . . . . . . . . . . . . 16 106 10. Security Considerations . . . . . . . . . . . . . . . . . . . 16 107 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 108 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 109 12.1. Normative References . . . . . . . . . . . . . . . . . . 16 110 12.2. Informative References . . . . . . . . . . . . . . . . . 16 111 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 113 1. Introduction 115 The document is structured as follows: 117 o Section 1 reminds the EPE problem statement and provides the key 118 references. 120 o Section 2 defines the different BGP Peering Segments and the 121 semantic associated to them. 123 o Section 3 describes the automated allocation of BGP Peering SID's 124 by the EPE-enabled egress border router and the automated 125 signaling of the external peering topology and the related BGP 126 Peering SID's to the collector [draft-previdi-idr-bgpls-segment- 127 routing-epe-00]. 129 o Section 4 overviews the components of a centralized EPE 130 controller. The definition of the EPE controller is outside the 131 scope of this document. 133 o Section 5 overviews the methods that could be used by the 134 centralized EPE controller to implement an EPE policy at an 135 ingress border router or at a source host within the domain. The 136 exhaustive definition of all the means to program an EPE input 137 policy is outside the scope of this document. 139 For editorial reason, the solution is described for IPv4. A later 140 section describes how the same solution is applicable to IPv6. 142 1.1. Segment Routing Documents 144 The main references for this document are: 146 o SR Problem Statement: [I-D.ietf-spring-problem-statement]. 148 o SR Architecture: [I-D.filsfils-spring-segment-routing]. 150 o Distribution of External Topology and TE Information using BGP: 151 draft-previdi-idr-bgpls-segment-routing-epe-00.txt 153 The SR instantiation in the MPLS dataplane is described in 154 [I-D.filsfils-spring-segment-routing-mpls]. 156 The SR IGP protocol extensions are defined in 157 [I-D.ietf-isis-segment-routing-extensions], 158 [I-D.psenak-ospf-segment-routing-extensions] and 159 [I-D.psenak-ospf-segment-routing-ospfv3-extension]. 161 The Segment Routing PCE protocol extensions are defined in 162 [I-D.sivabalan-pce-segment-routing]. 164 1.2. Problem Statement 166 The EPE problem statement is defined in 167 [I-D.ietf-spring-problem-statement]. 169 A centralized controller should be able to instruct an ingress PE or 170 a content source within the domain to use a specific egress PE and a 171 specific external interface to reach a particular destination. 173 We call this solution "EPE" for "Egress Peer Engineering". The 174 centralized controller is called the "EPE Controller". The egress 175 border router where the EPE traffic-steering functionality is 176 implemented is called an EPE-enabled border router. The input policy 177 programmed at an ingress border router or at a source host is called 178 an EPE policy. 180 The requirements that have motivated the solution described in this 181 document are listed here below: 183 o The solution MUST apply to the Internet use-case where the 184 Internet routes are assumed to use IPv4 unlabeled or IPv6 185 unlabeled. It is not required to place the internet routes in a 186 VRF and allocate labels on a per route, or on a per-path basis. 188 o The solution MUST NOT make any assumption on the currently 189 deployed iBGP schemes (RRs, confederations or iBGP full meshes) 190 and MUST be able to support all of them. 192 o The solution SHOULD minimize the need for new BGP capabilities at 193 the ingress PE's. 195 o The solution MUST accommodate an ingress EPE policy at an ingress 196 PE or directly at an source host within the domain. 198 o The solution MUST support automated FRR and fast convergence. 200 The following reference diagram is used throughout this document. 202 +---------+ +------+ 203 | | | | 204 | H B------D G 205 | | +---/| AS 2 |\ +------+ 206 | |/ +------+ \ | |---L/8 207 A AS1 C---+ \| | 208 | |\\ \ +------+ /| AS 4 |---M/8 209 | | \\ +-E |/ +------+ 210 | X | \\ | K 211 | | +===F AS 3 | 212 +---------+ +------+ 214 Figure 1: Reference Diagram 216 IPv4 addressing: 218 o C's interface to D: 1.0.1.1/24, D's interface: 1.0.1.2/24 220 o C's interface to E: 1.0.2.1/24, E's interface: 1.0.2.2/24 222 o C's upper interface to F: 1.0.3.1/24, F's interface: 1.0.3.2/24 224 o C's lower interface to F: 1.0.4.1/24, F's interface: 1.0.4.2/24 226 o Loopback of F used for eBGP multi-hop peering to C: 1.0.5.2/32 228 o C's loopback is 3.3.3.3/32 with SID 64 230 C's BGP peering: 232 o Single-hop eBGP peering with neighbor 1.0.1.2 (D) 234 o Single-hop eBGP peering with neighbor 1.0.2.2 (E) 235 o Multi-hop eBGP peering with F on ip address 1.0.5.2 (F) 237 C's resolution of the multi-hop eBGP session to F: 239 o Static route 1.0.5.2/32 via 1.0.3.2 241 o Static route 1.0.5.2/32 via 1.0.4.2 243 C is configured with local policy that defines a BGP PeerSet as the 244 set of peers (1.0.2.2 and 1.0.5.2) 246 X is the EPE controller within AS1 domain. 248 H is a content source within AS1 domain. 250 2. BGP Peering Segments 252 AS defined in [I-D.filsfils-spring-segment-routing], Segments are 253 defined by a Egress Peer Engineering (EPE) capable node and 254 corresponding to its attached peers. These segments are called BGP 255 peering segments or BGP Peering SIDs. They enable the expression of 256 source-routed inter-domain paths. 258 An ingress border router of an AS may compose a list of segments to 259 steer a flow along a selected path within the AS, towards a selected 260 egress border router C of the AS and through a specific peer. At 261 minimum, a BGP Peering Engineering policy applied at an ingress PE 262 involves two segments: the Node SID of the chosen egress PE and then 263 the BGP Peering Segment for the chosen egress PE peer or peering 264 interface. 266 [I-D.filsfils-spring-segment-routing] defines three types of BGP 267 peering segments/SID's: PeerNodeSID, PeerAdjSID and PeerSetSID. 269 The BGP extensions to signal these BGP peering segments are outlined 270 in the following section. 272 3. Distribution of External Topology and TE Information using BGP-LS 274 In ships-in-the-night mode with respect to the pre-existing iBGP 275 design, a BGPLS session is established between the EPE-enabled border 276 router and the EPE controller. 278 As a result of its local configuration and according to the behavior 279 described in draft-previdi-idr-bgpls-segment-routing-epe-00, node C 280 allocates the following BGP Peering Segments 281 ([I-D.filsfils-spring-segment-routing]): 283 o A PeerNode segment for each of its defined peer (D, E and F). 285 o A PeerAdj segment for each recursing interface to a multi-hop peer 286 (e.g.: the upper and lower interfaces from C to F in figure 1). 288 o A PeerSet segment to the set of peers (E and F). 290 C programs its forwarding table accordingly: 292 Incoming Outgoing 293 Label Operation Interface 294 ------------------------------------ 295 1012 POP link to D 296 1022 POP link to E 297 1032 POP upper link to F 298 1042 POP lower link to F 299 1052 POP loadbalance on any link to F 300 1060 POP loadbalance on any link to E or to F 302 C signals the related BGP-LS NLRI's to the EPE controller. Each such 303 BGP-LS route is described in the following sub-sections according to 304 the encoding details defined in draft-previdi-idr-bgpl-segment- 305 routing-epe-00. 307 3.1. EPE Route advertising the Peer D and its PeerNode SID 309 Descriptors: 311 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 313 o Peer Descriptors (peer ASN): AS2 315 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 316 1.0.1.1, 1.0.1.2 318 Attributes: 320 o Adj-SID: 1012 322 3.2. EPE Route advertising the Peer E and its PeerNode SID 324 Descriptors: 326 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 328 o Peer Descriptors (peer ASN): AS3 329 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 330 1.0.2.1, 1.0.2.2 332 Attributes: 334 o Adj-SID: 1022 336 o PeerSetSID: 1060 338 o Link Attributes: see section 3.3.2 of 339 [I-D.ietf-idr-ls-distribution] 341 3.3. EPE Route advertising the Peer F and its PeerNode SID 343 Descriptors: 345 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 347 o Peer Descriptors (peer ASN): AS3 349 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 350 3.3.3.3, 1.0.5.2 352 Attributes: 354 o Adj-SID: 1052 356 o PeerSetSID: 1060 358 3.4. EPE Route advertising a first PeerAdj to Peer F 360 Descriptors: 362 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 364 o Peer Descriptors (peer ASN): AS3 366 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 367 1.0.3.1 , 1.0.3.2 369 Attributes: 371 o Adj-SID: 1032 373 o LinkAttributes: see section 3.3.2 of 374 [I-D.ietf-idr-ls-distribution] 376 3.5. EPE Route advertising a second PeerAdj to Peer F 378 Descriptors: 380 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 382 o Peer Descriptors (peer ASN): AS3 384 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 385 1.0.4.1 , 1.0.4.2 387 Attributes: 389 o Adj-SID: 1042 391 o LinkAttributes: see section 3.3.2 of 392 [I-D.ietf-idr-ls-distribution] 394 3.6. FRR 396 An EPE-enabled border router should allocate a FRR backup entry on a 397 per BGP Peering SID basis: 399 o PeerNode SID 401 1. If multi-hop, backup via the remaining PeerADJ SID's to the 402 same peer. 404 2. Else backup via local PeerNode SID to the same AS. 406 3. Else pop the PeerNode SID and IP lookup (with potential BGP 407 PIC fall-back). 409 o PeerAdj SID 411 1. If to a multi-hop peer, backup via the remaining PeerADJ SID's 412 to the same peer. 414 2. Else backup via PeerNode SID to the same AS. 416 3. Else pop the PeerNode SID and IP lookup (with potential BGP 417 PIC fall-back). 419 o PeerSet SID 421 1. Backup via remaining PeerNode SID in the same PeerSet. 423 2. Else pop the PeerSet SID and IP lookup (with potential BGP PIC 424 fall-back). 426 We illustrate the different types of possible backups using the 427 reference diagram and considering the Peering SID's allocated by C. 429 PeerNode SID 1052, allocated by C for peer F: 431 o Upon the failure of the upper connected link CF, C can reroute all 432 the traffic onto the lower CF link to the same peer (F). 434 PeerNode SID 1022, allocated by C for peer E: 436 o Upon the failure of the connected link CE, C can reroute all the 437 traffic onto the link to PeerNode SID 1052 (F). 439 PeerNode SID 1012, allocated by C for peer D: 441 o Upon the failure of the connected link CD, C can pop the PeerNode 442 SID and lookup the IP destination address in its FIB and route 443 accordingly. 445 PeerSet SID 1060, allocated by C for the set of peers E and F: 447 o Upon the failure of a connected link in the group, the traffic to 448 PeerSet SID 1060 is rerouted on any other member of the group. 450 For specific business reasons, the operator might not want the 451 default FRR behavior applied to a PeerNode SID or any of its 452 depending PeerADJ SID. 454 The operator should be able to associate a specific backup PeerNode 455 SID for a PeerNode SID: e.g. 1022 (E) must be backed up by 1012 (D) 456 which over-rules the default behavior which would have preferred F as 457 a backup for E. 459 4. EPE Controller 461 In this section, we provide a non-exhaustive set of inputs that an 462 EPE controller would likely collect such as to perform the EPE policy 463 decision. 465 The exhaustive definition is outside the scope of this document. 467 4.1. Valid Paths From Peers 469 The EPE controller should collect all the paths advertised by all the 470 engineered peers. 472 This could be realized by setting an iBGP session with the EPE- 473 enabled border router, with "add-path all" and original next-hop 474 preserved. 476 In this case, C would advertise the following Internet routes to the 477 EPE controller: 479 o NLRI , nhop 1.0.1.2, AS Path {AS 2, 4} 481 * X (i.e.: the EPE controller) knows that C receives a path to 482 L/8 via neighbor 1.0.1.2 of AS2. 484 o NLRI , nhop 1.0.2.2, AS Path {AS 3, 4} 486 * X knows that C receives a path to L/8 via neighbor 1.0.2.2 of 487 AS2. 489 o NLRI , nhop 1.0.5.2, AS Path {AS 3, 4} 491 * X knows that C has an eBGP path to L/8 via AS3 via neighbor 492 1.0.5.2 494 An alternative option consists in Adj-RIB-In BMP from EPE-enabled 495 border router to the EPE collector. 497 4.2. Intra-Domain Topology 499 The EPE controller should collect the internal topology and the 500 related IGP SID's. 502 This could be realized by collecting the IGP LSDB of each area or 503 running a BGP-LS session with a node in each IGP area. 505 4.3. External Topology 507 Thanks to the collected BGP-LS routes described in the section 2 508 (BGPLS advertisements), the EPE controller is able to maintain an 509 accurate description of the egress topology of node C. Furthermore, 510 the EPE controller is able to associate BGP Peering SID's to the 511 various components of the external topology. 513 4.4. SLA characteristics of each peer 515 The EPE controller might collect SLA characteristics across peers. 516 This requires an EPE solution as the SL A probes need to be steered 517 via non-best-path peers. 519 Uni-directional SLA monitoring of the desired path is likely 520 required. This might be possible when the application is controlled 521 at the source and the receiver side. Uni-directional monitoring 522 dissociates the SLA characteristic of the return path (which cannot 523 usually be controlled) from the forward path (the one of interest for 524 pushing content from a source to a consumer and the one which can be 525 controlled). 527 Alternatively, Extended Metrics, as defined in 528 [I-D.ietf-isis-te-metric-extensions] could also be advertised using 529 new bgpls attributes. 531 4.5. Traffic Matrix 533 The EPE controller might collect the traffic matrix to its peers or 534 the final destinations. IPFIX is a likely option. 536 An alternative option consists in collecting the link utilization 537 statistics of each of the internal and external links, also available 538 in current definition of [I-D.ietf-idr-ls-distribution]. 540 4.6. Business Policies 542 The EPE controller should collect business policies. 544 4.7. EPE Policy 546 On the basis of all these inputs (and likely other), the EPE 547 Controller decides to steer some demands away from their best BGP 548 path. 550 The EPE policy is likely expressed as a two-entry segment list where 551 the first element is the IGP prefix SID of the selected egress border 552 router and the second element is a BGP Peering SID at the selected 553 egress border router. 555 A few examples are provided hereafter: 557 o Prefer egress PE C and peer AS AS2: {64, 1012}. 559 o Prefer egress PE C and peer AS AS3 via ebgp peer 1.0.2.2: {64, 560 1022}. 562 o Prefer egress PE C and peer AS AS3 via ebgp peer 1.0.5.2: {64, 563 1052}. 565 o Prefer egress PE C and peer AS AS3 via interface 1.0.4.2 of multi- 566 hop ebgp peer 1.0.5.2: {64, 1042}. 568 o Prefer egress PE C and any interface to any peer in the group 569 1060: {64, 1060}. 571 Note that the first SID could be replaced by a list of segments. 572 This is useful when an explicit path within the domain is required 573 for traffic-engineering purpose. For example, if the Prefix SID of 574 node B is 60 and the EPE controller would like to steer the traffic 575 from A to C via B then through the external link to peer D then the 576 segment list would be {60, 64, 1012}. 578 5. Programming an input policy 580 The detailed/exhaustive description of all the means to implement an 581 EPE policy are outside the scope of this document. A few examples 582 are provided in this section. 584 5.1. At a Host 586 A static IP/MPLS route can be programmed at the host H. The static 587 route would define a destination prefix, a next-hop and a label stack 588 to push. The global property of the IGP Prefix SID is particularly 589 convenient: the same policy could be programmed across hosts 590 connected to different routers. 592 5.2. At a router - SR Traffic Engineering tunnel 594 The EPE controller can configure the ingress border router with an SR 595 traffic engineering tunnel T1 and a steering-policy S1 which causes a 596 certain class of traffic to be mapped on the tunnel T1. 598 The tunnel T1 would be configured to push the require segment list. 600 The tunnel and the steering policy could be configured via PCEP 601 according to [I-D.sivabalan-pce-segment-routing] and 602 [I-D.ietf-pce-pce-initiated-lsp] or via Netconf ([RFC6241]). 604 Example: at A 606 Tunnel T1: push {64, 1042} 607 IP route L/8 set nhop T1 609 5.3. At a Router - BGP3107 policy route 611 The EPE Controller could build a BGP3107 ([RFC3107]) route (from 612 scratch) and send it to the ingress router: 614 o NLRI: the destination prefix to engineer: e.g. L/8. 616 o Next-Hop: the selected egress border router: C. 618 o Label: the selected egress peer: 1042. 620 o AS path: reflecting the valid AS path of the selected. 622 o Some BGP policy to ensure it be selected as best by the ingress 623 router. 625 This BGP3107 policy route "overwrites" an equivalent or less-specific 626 "best path". As the best-path is changed, this EPE input policy 627 option influences the path propagated to the upstream peer/customers. 629 5.4. At a Router - VPN policy route 631 The EPE Controller could build a VPNv4 route (from scratch) and send 632 it to the ingress router: 634 o NLRI: the destination prefix to engineer: e.g. L/8. 636 o Next-Hop: the selected egress border router: C. 638 o Label: the selected egress peer: 1042. 640 o Route-Target: selecting the appropriate VRF at the ingress router. 642 o AS path: reflecting the valid AS path of the selected. 644 o Some BGP policy to ensure it be selected as best by the ingress 645 router in the related VRF. 647 The related VRF must be pre-configured. A VRF fall-back into main 648 FIB might be beneficial to avoid replicating all the "normal" 649 internet paths in each VRF. 651 5.5. At a Router - Flowspec route 653 EPE Controller builds a FlowSpec route and sends it to the ingress 654 router to engineer: 656 o Dissemination of Flow Specification Rules ([RFC5575]. 658 o Destination/Source IP Addresses, IP Protocol, Destination/Source 659 port (+1 component). 661 o ICMP Type/Code, TCP Flags, Packet length, DSCP, Fragment. 663 6. IPv6 665 The described solution is applicable to IPv6, either with MPLS-based 666 or IPv6-Native segments. In both cases, the same three steps of the 667 solution are applicable: 669 o BGP-LS-based signaling of the external topology and BGP Peering 670 Segments to the EPE controller. 672 o Collection of various inputs by the EPE controller to come up with 673 a policy decision. 675 o Programming at an ingress router or source host of the desired EPE 676 policy which consists in a list of segments to push on a defined 677 traffic class. 679 7. Benefits 681 The EPE solutions described in this document has the following 682 benefits: 684 o No assumption on the iBGP design with AS1. 686 o Next-Hop-Self on the internet routes propagated to the ingress 687 border routers is possible. This is a common design rule to 688 minimize the number of IGP routes and to avoid importing external 689 churn into the internal domain. 691 o Consistent support for traffic-engineering within the domain and 692 at the external edge of the domain. 694 o Support host and ingress border router EPE policy programming. 696 o EPE functionality is only required on the EPE-enabled egress 697 border router and the EPE controller: an ingress policy can be 698 programmed at the ingress border router without any new 699 functionality. 701 o Ability to deploy the same input policy across hosts connected to 702 different routers (global property of the IGP prefix SID). 704 8. IANA Considerations 706 TBD 708 9. Manageability Considerations 710 TBD 712 10. Security Considerations 714 TBD 716 11. Acknowledgements 718 TBD 720 12. References 722 12.1. Normative References 724 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 725 Requirement Levels", BCP 14, RFC 2119, March 1997. 727 [RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in 728 BGP-4", RFC 3107, May 2001. 730 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 731 and D. McPherson, "Dissemination of Flow Specification 732 Rules", RFC 5575, August 2009. 734 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 735 Bierman, "Network Configuration Protocol (NETCONF)", RFC 736 6241, June 2011. 738 12.2. Informative References 740 [I-D.filsfils-spring-segment-routing] 741 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 742 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 743 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 744 "Segment Routing Architecture", draft-filsfils-spring- 745 segment-routing-01 (work in progress), May 2014. 747 [I-D.filsfils-spring-segment-routing-mpls] 748 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 749 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 750 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 751 "Segment Routing with MPLS data plane", draft-filsfils- 752 spring-segment-routing-mpls-01 (work in progress), April 753 2014. 755 [I-D.ietf-idr-ls-distribution] 756 Gredler, H., Medved, J., Previdi, S., Farrel, A., and S. 757 Ray, "North-Bound Distribution of Link-State and TE 758 Information using BGP", draft-ietf-idr-ls-distribution-05 759 (work in progress), May 2014. 761 [I-D.ietf-isis-segment-routing-extensions] 762 Previdi, S., Filsfils, C., Bashandy, A., Gredler, H., 763 Litkowski, S., and J. Tantsura, "IS-IS Extensions for 764 Segment Routing", draft-ietf-isis-segment-routing- 765 extensions-00 (work in progress), April 2014. 767 [I-D.ietf-isis-te-metric-extensions] 768 Previdi, S., Giacalone, S., Ward, D., Drake, J., Atlas, 769 A., Filsfils, C., and W. Wu, "IS-IS Traffic Engineering 770 (TE) Metric Extensions", draft-ietf-isis-te-metric- 771 extensions-03 (work in progress), April 2014. 773 [I-D.ietf-pce-pce-initiated-lsp] 774 Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "PCEP 775 Extensions for PCE-initiated LSP Setup in a Stateful PCE 776 Model", draft-ietf-pce-pce-initiated-lsp-00 (work in 777 progress), December 2013. 779 [I-D.ietf-spring-problem-statement] 780 Previdi, S., Filsfils, C., Decraene, B., Litkowski, S., 781 Horneffer, M., Geib, R., Shakir, R., and R. Raszuk, 782 "SPRING Problem Statement and Requirements", draft-ietf- 783 spring-problem-statement-00 (work in progress), May 2014. 785 [I-D.psenak-ospf-segment-routing-extensions] 786 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 787 Shakir, R., and W. Henderickx, "OSPF Extensions for 788 Segment Routing", draft-psenak-ospf-segment-routing- 789 extensions-04 (work in progress), February 2014. 791 [I-D.psenak-ospf-segment-routing-ospfv3-extension] 792 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 793 Shakir, R., and W. Henderickx, "OSPFv3 Extensions for 794 Segment Routing", draft-psenak-ospf-segment-routing- 795 ospfv3-extension-01 (work in progress), February 2014. 797 [I-D.sivabalan-pce-segment-routing] 798 Sivabalan, S., Medved, J., Filsfils, C., Crabbe, E., and 799 R. Raszuk, "PCEP Extensions for Segment Routing", draft- 800 sivabalan-pce-segment-routing-02 (work in progress), 801 October 2013. 803 Authors' Addresses 805 Clarence Filsfils (editor) 806 Cisco Systems, Inc. 807 Brussels 808 BE 810 Email: cfilsfil@cisco.com 812 Stefano Previdi (editor) 813 Cisco Systems, Inc. 814 Via Del Serafico, 200 815 Rome 00142 816 Italy 818 Email: sprevidi@cisco.com 820 Keyur Patel 821 Cisco Systems, Inc. 822 US 824 Email: keyupate@cisco.com 826 Ebben Aries 827 Facebook 828 US 830 Email: exa@fb.com 831 Steve Shaw 832 Facebook 833 US 835 Email: shaw@fb.com 837 Daniel Ginsburg 838 Yandex 839 RU 841 Email: dbg@yandex-team.ru 843 Dmitry Afanasiev 844 Yandex 845 RU 847 Email: fl0w@yandex-team.ru