idnits 2.17.1 draft-filsfils-spring-segment-routing-central-epe-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 32 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 14, 2015) is 3390 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3107 (Obsoleted by RFC 8277) ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) == Outdated reference: A later version (-13) exists of draft-ietf-idr-ls-distribution-07 == Outdated reference: A later version (-25) exists of draft-ietf-isis-segment-routing-extensions-03 == Outdated reference: A later version (-11) exists of draft-ietf-isis-te-metric-extensions-04 == Outdated reference: A later version (-27) exists of draft-ietf-ospf-segment-routing-extensions-03 == Outdated reference: A later version (-11) exists of draft-ietf-pce-pce-initiated-lsp-02 == Outdated reference: A later version (-08) exists of draft-ietf-spring-problem-statement-03 == Outdated reference: A later version (-03) exists of draft-previdi-idr-bgpls-segment-routing-epe-01 Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Filsfils, Ed. 3 Internet-Draft S. Previdi, Ed. 4 Intended status: Informational K. Patel 5 Expires: July 18, 2015 Cisco Systems, Inc. 6 E. Aries 7 S. Shaw 8 Facebook 9 D. Ginsburg 10 D. Afanasiev 11 Yandex 12 January 14, 2015 14 Segment Routing Centralized Egress Peer Engineering 15 draft-filsfils-spring-segment-routing-central-epe-03 17 Abstract 19 Segment Routing (SR) leverages source routing. A node steers a 20 packet through a controlled set of instructions, called segments, by 21 prepending the packet with an SR header. A segment can represent any 22 instruction topological or service-based. SR allows to enforce a 23 flow through any topological path and service chain while maintaining 24 per-flow state only at the ingress node of the SR domain. 26 The Segment Routing architecture can be directly applied to the MPLS 27 dataplane with no change on the forwarding plane. It requires minor 28 extension to the existing link-state routing protocols. 30 This document illustrates the application of Segment Routing to solve 31 the Egress Peer Engineering (EPE) requirement. The SR-based EPE 32 solution allows a centralized (SDN) controller to program any egress 33 peer policy at ingress border routers or at hosts within the domain. 34 This document is on the informational track. 36 Requirements Language 38 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 39 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 40 document are to be interpreted as described in RFC 2119 [RFC2119]. 42 Status of this Memo 44 This Internet-Draft is submitted in full conformance with the 45 provisions of BCP 78 and BCP 79. 47 Internet-Drafts are working documents of the Internet Engineering 48 Task Force (IETF). Note that other groups may also distribute 49 working documents as Internet-Drafts. The list of current Internet- 50 Drafts is at http://datatracker.ietf.org/drafts/current/. 52 Internet-Drafts are draft documents valid for a maximum of six months 53 and may be updated, replaced, or obsoleted by other documents at any 54 time. It is inappropriate to use Internet-Drafts as reference 55 material or to cite them other than as "work in progress." 57 This Internet-Draft will expire on July 18, 2015. 59 Copyright Notice 61 Copyright (c) 2015 IETF Trust and the persons identified as the 62 document authors. All rights reserved. 64 This document is subject to BCP 78 and the IETF Trust's Legal 65 Provisions Relating to IETF Documents 66 (http://trustee.ietf.org/license-info) in effect on the date of 67 publication of this document. Please review these documents 68 carefully, as they describe your rights and restrictions with respect 69 to this document. Code Components extracted from this document must 70 include Simplified BSD License text as described in Section 4.e of 71 the Trust Legal Provisions and are provided without warranty as 72 described in the Simplified BSD License. 74 Table of Contents 76 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 77 1.1. Segment Routing Documents . . . . . . . . . . . . . . . . 4 78 1.2. Problem Statement . . . . . . . . . . . . . . . . . . . . 5 79 2. BGP Peering Segments . . . . . . . . . . . . . . . . . . . . . 7 80 3. Distribution of External Topology and TE Information using 81 BGP-LS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 82 3.1. EPE Route advertising the Peer D and its PeerNode SID . . 8 83 3.2. EPE Route advertising the Peer E and its PeerNode SID . . 8 84 3.3. EPE Route advertising the Peer F and its PeerNode SID . . 9 85 3.4. EPE Route advertising a first PeerAdj to Peer F . . . . . 9 86 3.5. EPE Route advertising a second PeerAdj to Peer F . . . . . 9 87 3.6. FRR . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 88 4. EPE Controller . . . . . . . . . . . . . . . . . . . . . . . . 11 89 4.1. Valid Paths From Peers . . . . . . . . . . . . . . . . . . 11 90 4.2. Intra-Domain Topology . . . . . . . . . . . . . . . . . . 12 91 4.3. External Topology . . . . . . . . . . . . . . . . . . . . 12 92 4.4. SLA characteristics of each peer . . . . . . . . . . . . . 12 93 4.5. Traffic Matrix . . . . . . . . . . . . . . . . . . . . . . 13 94 4.6. Business Policies . . . . . . . . . . . . . . . . . . . . 13 95 4.7. EPE Policy . . . . . . . . . . . . . . . . . . . . . . . . 13 96 5. Programming an input policy . . . . . . . . . . . . . . . . . 14 97 5.1. At a Host . . . . . . . . . . . . . . . . . . . . . . . . 14 98 5.2. At a router - SR Traffic Engineering tunnel . . . . . . . 14 99 5.3. At a Router - BGP3107 policy route . . . . . . . . . . . . 14 100 5.4. At a Router - VPN policy route . . . . . . . . . . . . . . 15 101 5.5. At a Router - Flowspec route . . . . . . . . . . . . . . . 15 102 6. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 103 7. Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 104 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 105 9. Manageability Considerations . . . . . . . . . . . . . . . . . 16 106 10. Security Considerations . . . . . . . . . . . . . . . . . . . 16 107 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 108 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 109 12.1. Normative References . . . . . . . . . . . . . . . . . . . 17 110 12.2. Informative References . . . . . . . . . . . . . . . . . . 17 111 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 113 1. Introduction 115 The document is structured as follows: 117 o Section 1 reminds the EPE problem statement and provides the key 118 references. 120 o Section 2 defines the different BGP Peering Segments and the 121 semantic associated to them. 123 o Section 3 describes the automated allocation of BGP Peering SID's 124 by the EPE-enabled egress border router and the automated 125 signaling of the external peering topology and the related BGP 126 Peering SID's to the collector 127 [[I-D.previdi-idr-bgpls-segment-routing-epe]. 129 o Section 4 overviews the components of a centralized EPE 130 controller. The definition of the EPE controller is outside the 131 scope of this document. 133 o Section 5 overviews the methods that could be used by the 134 centralized EPE controller to implement an EPE policy at an 135 ingress border router or at a source host within the domain. The 136 exhaustive definition of all the means to program an EPE input 137 policy is outside the scope of this document. 139 For editorial reason, the solution is described for IPv4. A later 140 section describes how the same solution is applicable to IPv6. 142 1.1. Segment Routing Documents 144 The main references for this document are: 146 o SR Problem Statement: [I-D.ietf-spring-problem-statement]. 148 o SR Architecture: [I-D.filsfils-spring-segment-routing]. 150 o Distribution of External Topology and TE Information using BGP: 151 [I-D.previdi-idr-bgpls-segment-routing-epe]. 153 The SR instantiation in the MPLS dataplane is described in 154 [I-D.filsfils-spring-segment-routing-mpls]. 156 The SR IGP protocol extensions are defined in 157 [I-D.ietf-isis-segment-routing-extensions], 158 [I-D.ietf-ospf-segment-routing-extensions] and 159 [I-D.psenak-ospf-segment-routing-ospfv3-extension]. 161 The Segment Routing PCE protocol extensions are defined in 162 [I-D.sivabalan-pce-segment-routing]. 164 1.2. Problem Statement 166 The EPE problem statement is defined in 167 [I-D.ietf-spring-problem-statement]. 169 A centralized controller should be able to instruct an ingress PE or 170 a content source within the domain to use a specific egress PE and a 171 specific external interface to reach a particular destination. 173 We call this solution "EPE" for "Egress Peer Engineering". The 174 centralized controller is called the "EPE Controller". The egress 175 border router where the EPE traffic-steering functionality is 176 implemented is called an EPE-enabled border router. The input policy 177 programmed at an ingress border router or at a source host is called 178 an EPE policy. 180 The requirements that have motivated the solution described in this 181 document are listed here below: 183 o The solution MUST apply to the Internet use-case where the 184 Internet routes are assumed to use IPv4 unlabeled or IPv6 185 unlabeled. It is not required to place the internet routes in a 186 VRF and allocate labels on a per route, or on a per-path basis. 188 o The solution MUST NOT make any assumption on the currently 189 deployed iBGP schemes (RRs, confederations or iBGP full meshes) 190 and MUST be able to support all of them. 192 o The solution SHOULD minimize the need for new BGP capabilities at 193 the ingress PE's. 195 o The solution MUST accommodate an ingress EPE policy at an ingress 196 PE or directly at an source host within the domain. 198 o The solution MUST support automated FRR and fast convergence. 200 The following reference diagram is used throughout this document. 202 +---------+ +------+ 203 | | | | 204 | H B------D G 205 | | +---/| AS 2 |\ +------+ 206 | |/ +------+ \ | |---L/8 207 A AS1 C---+ \| | 208 | |\\ \ +------+ /| AS 4 |---M/8 209 | | \\ +-E |/ +------+ 210 | X | \\ | K 211 | | +===F AS 3 | 212 +---------+ +------+ 214 Figure 1: Reference Diagram 216 IPv4 addressing: 218 o C's interface to D: 1.0.1.1/24, D's interface: 1.0.1.2/24 220 o C's interface to E: 1.0.2.1/24, E's interface: 1.0.2.2/24 222 o C's upper interface to F: 1.0.3.1/24, F's interface: 1.0.3.2/24 224 o C's lower interface to F: 1.0.4.1/24, F's interface: 1.0.4.2/24 226 o Loopback of F used for eBGP multi-hop peering to C: 1.0.5.2/32 228 o C's loopback is 3.3.3.3/32 with SID 64 230 C's BGP peering: 232 o Single-hop eBGP peering with neighbor 1.0.1.2 (D) 234 o Single-hop eBGP peering with neighbor 1.0.2.2 (E) 236 o Multi-hop eBGP peering with F on ip address 1.0.5.2 (F) 238 C's resolution of the multi-hop eBGP session to F: 240 o Static route 1.0.5.2/32 via 1.0.3.2 242 o Static route 1.0.5.2/32 via 1.0.4.2 244 C is configured with local policy that defines a BGP PeerSet as the 245 set of peers (1.0.2.2 and 1.0.5.2) 247 X is the EPE controller within AS1 domain. 249 H is a content source within AS1 domain. 251 2. BGP Peering Segments 253 AS defined in [I-D.filsfils-spring-segment-routing], Segments are 254 defined by a Egress Peer Engineering (EPE) capable node and 255 corresponding to its attached peers. These segments are called BGP 256 peering segments or BGP Peering SIDs. They enable the expression of 257 source-routed inter-domain paths. 259 An ingress border router of an AS may compose a list of segments to 260 steer a flow along a selected path within the AS, towards a selected 261 egress border router C of the AS and through a specific peer. At 262 minimum, a BGP Peering Engineering policy applied at an ingress PE 263 involves two segments: the Node SID of the chosen egress PE and then 264 the BGP Peering Segment for the chosen egress PE peer or peering 265 interface. 267 [I-D.filsfils-spring-segment-routing] defines three types of BGP 268 peering segments/SID's: PeerNodeSID, PeerAdjSID and PeerSetSID. 270 The BGP extensions to signal these BGP peering segments are outlined 271 in the following section. 273 3. Distribution of External Topology and TE Information using BGP-LS 275 In ships-in-the-night mode with respect to the pre-existing iBGP 276 design, a BGPLS session is established between the EPE-enabled border 277 router and the EPE controller. 279 As a result of its local configuration and according to the behavior 280 described in [I-D.previdi-idr-bgpls-segment-routing-epe], node C 281 allocates the following BGP Peering Segments 282 ([I-D.filsfils-spring-segment-routing]): 284 o A PeerNode segment for each of its defined peer (D, E and F). 286 o A PeerAdj segment for each recursing interface to a multi-hop peer 287 (e.g.: the upper and lower interfaces from C to F in figure 1). 289 o A PeerSet segment to the set of peers (E and F). 291 C programs its forwarding table accordingly: 293 Incoming Outgoing 294 Label Operation Interface 295 ------------------------------------ 296 1012 POP link to D 297 1022 POP link to E 298 1032 POP upper link to F 299 1042 POP lower link to F 300 1052 POP loadbalance on any link to F 301 1060 POP loadbalance on any link to E or to F 303 C signals the related BGP-LS NLRI's to the EPE controller. Each such 304 BGP-LS route is described in the following sub-sections according to 305 the encoding details defined in 306 [I-D.previdi-idr-bgpls-segment-routing-epe]. 308 3.1. EPE Route advertising the Peer D and its PeerNode SID 310 Descriptors: 312 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 314 o Peer Descriptors (peer ASN): AS2 316 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 317 1.0.1.1, 1.0.1.2 319 Attributes: 321 o Adj-SID: 1012 323 3.2. EPE Route advertising the Peer E and its PeerNode SID 325 Descriptors: 327 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 329 o Peer Descriptors (peer ASN): AS3 331 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 332 1.0.2.1, 1.0.2.2 334 Attributes: 336 o Adj-SID: 1022 338 o PeerSetSID: 1060 339 o Link Attributes: see section 3.3.2 of 340 [I-D.ietf-idr-ls-distribution] 342 3.3. EPE Route advertising the Peer F and its PeerNode SID 344 Descriptors: 346 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 348 o Peer Descriptors (peer ASN): AS3 350 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 351 3.3.3.3, 1.0.5.2 353 Attributes: 355 o Adj-SID: 1052 357 o PeerSetSID: 1060 359 3.4. EPE Route advertising a first PeerAdj to Peer F 361 Descriptors: 363 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 365 o Peer Descriptors (peer ASN): AS3 367 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 368 1.0.3.1 , 1.0.3.2 370 Attributes: 372 o Adj-SID: 1032 374 o LinkAttributes: see section 3.3.2 of 375 [I-D.ietf-idr-ls-distribution] 377 3.5. EPE Route advertising a second PeerAdj to Peer F 379 Descriptors: 381 o Node Descriptors (router-ID, ASN): 3.3.3.3 , AS1 383 o Peer Descriptors (peer ASN): AS3 385 o Link Descriptors (IPv4 interface address, neighbor IPv4 address): 386 1.0.4.1 , 1.0.4.2 388 Attributes: 390 o Adj-SID: 1042 392 o LinkAttributes: see section 3.3.2 of 393 [I-D.ietf-idr-ls-distribution] 395 3.6. FRR 397 An EPE-enabled border router should allocate a FRR backup entry on a 398 per BGP Peering SID basis: 400 o PeerNode SID 402 1. If multi-hop, backup via the remaining PeerADJ SID's to the 403 same peer. 405 2. Else backup via local PeerNode SID to the same AS. 407 3. Else pop the PeerNode SID and IP lookup (with potential BGP 408 PIC fall-back). 410 o PeerAdj SID 412 1. If to a multi-hop peer, backup via the remaining PeerADJ SID's 413 to the same peer. 415 2. Else backup via PeerNode SID to the same AS. 417 3. Else pop the PeerNode SID and IP lookup (with potential BGP 418 PIC fall-back). 420 o PeerSet SID 422 1. Backup via remaining PeerNode SID in the same PeerSet. 424 2. Else pop the PeerSet SID and IP lookup (with potential BGP PIC 425 fall-back). 427 We illustrate the different types of possible backups using the 428 reference diagram and considering the Peering SID's allocated by C. 430 PeerNode SID 1052, allocated by C for peer F: 432 o Upon the failure of the upper connected link CF, C can reroute all 433 the traffic onto the lower CF link to the same peer (F). 435 PeerNode SID 1022, allocated by C for peer E: 437 o Upon the failure of the connected link CE, C can reroute all the 438 traffic onto the link to PeerNode SID 1052 (F). 440 PeerNode SID 1012, allocated by C for peer D: 442 o Upon the failure of the connected link CD, C can pop the PeerNode 443 SID and lookup the IP destination address in its FIB and route 444 accordingly. 446 PeerSet SID 1060, allocated by C for the set of peers E and F: 448 o Upon the failure of a connected link in the group, the traffic to 449 PeerSet SID 1060 is rerouted on any other member of the group. 451 For specific business reasons, the operator might not want the 452 default FRR behavior applied to a PeerNode SID or any of its 453 depending PeerADJ SID. 455 The operator should be able to associate a specific backup PeerNode 456 SID for a PeerNode SID: e.g. 1022 (E) must be backed up by 1012 (D) 457 which over-rules the default behavior which would have preferred F as 458 a backup for E. 460 4. EPE Controller 462 In this section, we provide a non-exhaustive set of inputs that an 463 EPE controller would likely collect such as to perform the EPE policy 464 decision. 466 The exhaustive definition is outside the scope of this document. 468 4.1. Valid Paths From Peers 470 The EPE controller should collect all the paths advertised by all the 471 engineered peers. 473 This could be realized by setting an iBGP session with the EPE- 474 enabled border router, with "add-path all" and original next-hop 475 preserved. 477 In this case, C would advertise the following Internet routes to the 478 EPE controller: 480 o NLRI , nhop 1.0.1.2, AS Path {AS 2, 4} 482 * X (i.e.: the EPE controller) knows that C receives a path to 483 L/8 via neighbor 1.0.1.2 of AS2. 485 o NLRI , nhop 1.0.2.2, AS Path {AS 3, 4} 487 * X knows that C receives a path to L/8 via neighbor 1.0.2.2 of 488 AS2. 490 o NLRI , nhop 1.0.5.2, AS Path {AS 3, 4} 492 * X knows that C has an eBGP path to L/8 via AS3 via neighbor 493 1.0.5.2 495 An alternative option consists in Adj-RIB-In BMP from EPE-enabled 496 border router to the EPE collector. 498 4.2. Intra-Domain Topology 500 The EPE controller should collect the internal topology and the 501 related IGP SID's. 503 This could be realized by collecting the IGP LSDB of each area or 504 running a BGP-LS session with a node in each IGP area. 506 4.3. External Topology 508 Thanks to the collected BGP-LS routes described in the section 2 509 (BGPLS advertisements), the EPE controller is able to maintain an 510 accurate description of the egress topology of node C. Furthermore, 511 the EPE controller is able to associate BGP Peering SID's to the 512 various components of the external topology. 514 4.4. SLA characteristics of each peer 516 The EPE controller might collect SLA characteristics across peers. 517 This requires an EPE solution as the SL A probes need to be steered 518 via non-best-path peers. 520 Uni-directional SLA monitoring of the desired path is likely 521 required. This might be possible when the application is controlled 522 at the source and the receiver side. Uni-directional monitoring 523 dissociates the SLA characteristic of the return path (which cannot 524 usually be controlled) from the forward path (the one of interest for 525 pushing content from a source to a consumer and the one which can be 526 controlled). 528 Alternatively, Extended Metrics, as defined in 529 [I-D.ietf-isis-te-metric-extensions] could also be advertised using 530 new bgpls attributes. 532 4.5. Traffic Matrix 534 The EPE controller might collect the traffic matrix to its peers or 535 the final destinations. IPFIX is a likely option. 537 An alternative option consists in collecting the link utilization 538 statistics of each of the internal and external links, also available 539 in current definition of [I-D.ietf-idr-ls-distribution]. 541 4.6. Business Policies 543 The EPE controller should collect business policies. 545 4.7. EPE Policy 547 On the basis of all these inputs (and likely other), the EPE 548 Controller decides to steer some demands away from their best BGP 549 path. 551 The EPE policy is likely expressed as a two-entry segment list where 552 the first element is the IGP prefix SID of the selected egress border 553 router and the second element is a BGP Peering SID at the selected 554 egress border router. 556 A few examples are provided hereafter: 558 o Prefer egress PE C and peer AS AS2: {64, 1012}. 560 o Prefer egress PE C and peer AS AS3 via ebgp peer 1.0.2.2: {64, 561 1022}. 563 o Prefer egress PE C and peer AS AS3 via ebgp peer 1.0.5.2: {64, 564 1052}. 566 o Prefer egress PE C and peer AS AS3 via interface 1.0.4.2 of multi- 567 hop ebgp peer 1.0.5.2: {64, 1042}. 569 o Prefer egress PE C and any interface to any peer in the group 570 1060: {64, 1060}. 572 Note that the first SID could be replaced by a list of segments. 573 This is useful when an explicit path within the domain is required 574 for traffic-engineering purpose. For example, if the Prefix SID of 575 node B is 60 and the EPE controller would like to steer the traffic 576 from A to C via B then through the external link to peer D then the 577 segment list would be {60, 64, 1012}. 579 5. Programming an input policy 581 The detailed/exhaustive description of all the means to implement an 582 EPE policy are outside the scope of this document. A few examples 583 are provided in this section. 585 5.1. At a Host 587 A static IP/MPLS route can be programmed at the host H. The static 588 route would define a destination prefix, a next-hop and a label stack 589 to push. The global property of the IGP Prefix SID is particularly 590 convenient: the same policy could be programmed across hosts 591 connected to different routers. 593 5.2. At a router - SR Traffic Engineering tunnel 595 The EPE controller can configure the ingress border router with an SR 596 traffic engineering tunnel T1 and a steering-policy S1 which causes a 597 certain class of traffic to be mapped on the tunnel T1. 599 The tunnel T1 would be configured to push the require segment list. 601 The tunnel and the steering policy could be configured via PCEP 602 according to [I-D.sivabalan-pce-segment-routing] and 603 [I-D.ietf-pce-pce-initiated-lsp] or via Netconf ([RFC6241]). 605 Example: at A 606 Tunnel T1: push {64, 1042} 607 IP route L/8 set nhop T1 609 5.3. At a Router - BGP3107 policy route 611 The EPE Controller could build a BGP3107 ([RFC3107]) route (from 612 scratch) and send it to the ingress router: 614 o NLRI: the destination prefix to engineer: e.g. L/8. 616 o Next-Hop: the selected egress border router: C. 618 o Label: the selected egress peer: 1042. 620 o AS path: reflecting the valid AS path of the selected. 622 o Some BGP policy to ensure it be selected as best by the ingress 623 router. 625 This BGP3107 policy route "overwrites" an equivalent or less-specific 626 "best path". As the best-path is changed, this EPE input policy 627 option influences the path propagated to the upstream peer/customers. 629 5.4. At a Router - VPN policy route 631 The EPE Controller could build a VPNv4 route (from scratch) and send 632 it to the ingress router: 634 o NLRI: the destination prefix to engineer: e.g. L/8. 636 o Next-Hop: the selected egress border router: C. 638 o Label: the selected egress peer: 1042. 640 o Route-Target: selecting the appropriate VRF at the ingress router. 642 o AS path: reflecting the valid AS path of the selected. 644 o Some BGP policy to ensure it be selected as best by the ingress 645 router in the related VRF. 647 The related VRF must be pre-configured. A VRF fall-back into main 648 FIB might be beneficial to avoid replicating all the "normal" 649 internet paths in each VRF. 651 5.5. At a Router - Flowspec route 653 EPE Controller builds a FlowSpec route and sends it to the ingress 654 router to engineer: 656 o Dissemination of Flow Specification Rules ([RFC5575]. 658 o Destination/Source IP Addresses, IP Protocol, Destination/Source 659 port (+1 component). 661 o ICMP Type/Code, TCP Flags, Packet length, DSCP, Fragment. 663 6. IPv6 665 The described solution is applicable to IPv6, either with MPLS-based 666 or IPv6-Native segments. In both cases, the same three steps of the 667 solution are applicable: 669 o BGP-LS-based signaling of the external topology and BGP Peering 670 Segments to the EPE controller. 672 o Collection of various inputs by the EPE controller to come up with 673 a policy decision. 675 o Programming at an ingress router or source host of the desired EPE 676 policy which consists in a list of segments to push on a defined 677 traffic class. 679 7. Benefits 681 The EPE solutions described in this document has the following 682 benefits: 684 o No assumption on the iBGP design with AS1. 686 o Next-Hop-Self on the internet routes propagated to the ingress 687 border routers is possible. This is a common design rule to 688 minimize the number of IGP routes and to avoid importing external 689 churn into the internal domain. 691 o Consistent support for traffic-engineering within the domain and 692 at the external edge of the domain. 694 o Support host and ingress border router EPE policy programming. 696 o EPE functionality is only required on the EPE-enabled egress 697 border router and the EPE controller: an ingress policy can be 698 programmed at the ingress border router without any new 699 functionality. 701 o Ability to deploy the same input policy across hosts connected to 702 different routers (global property of the IGP prefix SID). 704 8. IANA Considerations 706 TBD 708 9. Manageability Considerations 710 TBD 712 10. Security Considerations 714 TBD 716 11. Acknowledgements 718 TBD 720 12. References 722 12.1. Normative References 724 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 725 Requirement Levels", BCP 14, RFC 2119, March 1997. 727 [RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in 728 BGP-4", RFC 3107, May 2001. 730 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 731 and D. McPherson, "Dissemination of Flow Specification 732 Rules", RFC 5575, August 2009. 734 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 735 Bierman, "Network Configuration Protocol (NETCONF)", 736 RFC 6241, June 2011. 738 12.2. Informative References 740 [I-D.filsfils-spring-segment-routing] 741 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 742 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 743 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 744 "Segment Routing Architecture", 745 draft-filsfils-spring-segment-routing-04 (work in 746 progress), July 2014. 748 [I-D.filsfils-spring-segment-routing-mpls] 749 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 750 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 751 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 752 "Segment Routing with MPLS data plane", 753 draft-filsfils-spring-segment-routing-mpls-03 (work in 754 progress), August 2014. 756 [I-D.ietf-idr-ls-distribution] 757 Gredler, H., Medved, J., Previdi, S., Farrel, A., and S. 758 Ray, "North-Bound Distribution of Link-State and TE 759 Information using BGP", draft-ietf-idr-ls-distribution-07 760 (work in progress), November 2014. 762 [I-D.ietf-isis-segment-routing-extensions] 763 Previdi, S., Filsfils, C., Bashandy, A., Gredler, H., 764 Litkowski, S., Decraene, B., and J. Tantsura, "IS-IS 765 Extensions for Segment Routing", 766 draft-ietf-isis-segment-routing-extensions-03 (work in 767 progress), October 2014. 769 [I-D.ietf-isis-te-metric-extensions] 770 Previdi, S., Giacalone, S., Ward, D., Drake, J., Atlas, 771 A., Filsfils, C., and W. Wu, "IS-IS Traffic Engineering 772 (TE) Metric Extensions", 773 draft-ietf-isis-te-metric-extensions-04 (work in 774 progress), October 2014. 776 [I-D.ietf-ospf-segment-routing-extensions] 777 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 778 Shakir, R., Henderickx, W., and J. Tantsura, "OSPF 779 Extensions for Segment Routing", 780 draft-ietf-ospf-segment-routing-extensions-03 (work in 781 progress), December 2014. 783 [I-D.ietf-pce-pce-initiated-lsp] 784 Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "PCEP 785 Extensions for PCE-initiated LSP Setup in a Stateful PCE 786 Model", draft-ietf-pce-pce-initiated-lsp-02 (work in 787 progress), October 2014. 789 [I-D.ietf-spring-problem-statement] 790 Previdi, S., Filsfils, C., Decraene, B., Litkowski, S., 791 Horneffer, M., and R. Shakir, "SPRING Problem Statement 792 and Requirements", draft-ietf-spring-problem-statement-03 793 (work in progress), October 2014. 795 [I-D.previdi-idr-bgpls-segment-routing-epe] 796 Previdi, S., Filsfils, C., Ray, S., Patel, K., Dong, J., 797 and M. Chen, "Segment Routing Egress Peer Engineering 798 BGPLS Extensions", 799 draft-previdi-idr-bgpls-segment-routing-epe-01 (work in 800 progress), October 2014. 802 [I-D.psenak-ospf-segment-routing-ospfv3-extension] 803 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 804 Shakir, R., Henderickx, W., and J. Tantsura, "OSPFv3 805 Extensions for Segment Routing", 806 draft-psenak-ospf-segment-routing-ospfv3-extension-02 807 (work in progress), July 2014. 809 [I-D.sivabalan-pce-segment-routing] 810 Sivabalan, S., Medved, J., Filsfils, C., Crabbe, E., 811 Raszuk, R., Lopez, V., and J. Tantsura, "PCEP Extensions 812 for Segment Routing", 813 draft-sivabalan-pce-segment-routing-03 (work in progress), 814 July 2014. 816 Authors' Addresses 818 Clarence Filsfils (editor) 819 Cisco Systems, Inc. 820 Brussels, 821 BE 823 Email: cfilsfil@cisco.com 825 Stefano Previdi (editor) 826 Cisco Systems, Inc. 827 Via Del Serafico, 200 828 Rome 00142 829 Italy 831 Email: sprevidi@cisco.com 833 Keyur Patel 834 Cisco Systems, Inc. 835 US 837 Email: keyupate@cisco.com 839 Ebben Aries 840 Facebook 841 US 843 Email: exa@fb.com 845 Steve Shaw 846 Facebook 847 US 849 Email: shaw@fb.com 850 Daniel Ginsburg 851 Yandex 852 RU 854 Email: dbg@yandex-team.ru 856 Dmitry Afanasiev 857 Yandex 858 RU 860 Email: fl0w@yandex-team.ru