idnits 2.17.1 draft-hegde-mpls-spring-epe-oam-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 20 instances of too long lines in the document, the longest one being 63 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 424 has weird spacing: '...k-depth if an...' == Line 446 has weird spacing: '...k-depth if an...' == Line 468 has weird spacing: '...k-depth if an...' -- The document date (April 13, 2020) is 1472 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5065' is mentioned on line 358, but not defined == Missing Reference: 'RFC4271' is mentioned on line 369, but not defined == Missing Reference: 'RFC6286' is mentioned on line 369, but not defined == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-06 Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Routing area S. Hegde 3 Internet-Draft K. Arora 4 Intended status: Standards Track M. Srivastava 5 Expires: October 15, 2020 Juniper Networks Inc. 6 S. Ninan 7 Individual Contributor 8 X. Xu 9 Alibaba Inc. 10 April 13, 2020 12 Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) 13 Egress Peer Engineering Segment Identifiers (SIDs) with MPLS Data Planes 14 draft-hegde-mpls-spring-epe-oam-06 16 Abstract 18 Egress Peer Engineering (EPE) is an application of Segment Routing to 19 Solve the problem of egress peer selection. The Segment Routing 20 based BGP-EPE solution allows a centralized controller, e.g. a 21 Software Defined Network (SDN) controller to program any egress peer. 22 The EPE solution requires a node to program the PeerNode SID 23 describing a session between two nodes, the PeerAdj SID describing 24 the link (one or more) that is used by sessions between peer nodes, 25 and the PeerSet SID describing an arbitrary set of sessions or links 26 between a local node and its peers. This document provides new sub- 27 TLVs for EPE Segment Identifiers (SID) that would be used in the MPLS 28 Target stack TLV (Type 1), in MPLS Ping and Traceroute procedures. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on October 15, 2020. 47 Copyright Notice 49 Copyright (c) 2020 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 3 66 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 67 4. FEC Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 68 4.1. PeerAdj SID Sub-TLV . . . . . . . . . . . . . . . . . . . 4 69 4.2. PeerNode SID Sub-TLV . . . . . . . . . . . . . . . . . . 5 70 4.3. PeerSet SID Sub-TLV . . . . . . . . . . . . . . . . . . . 8 71 5. EPE-SID FEC validation . . . . . . . . . . . . . . . . . . . 10 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 73 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 74 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 13 77 9.2. Informative References . . . . . . . . . . . . . . . . . 13 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 80 1. Introduction 82 Egress Peer Engineering (EPE) as defined in 83 [I-D.ietf-spring-segment-routing-central-epe] is an effective 84 mechanism to select the egress peer link based on different criteria. 85 The EPE-SIDs provide means to represent egress peer links. Many 86 network deployments have built their networks consisting of multiple 87 Autonomous Systems either for ease of operations or as a result of 88 network mergers and acquisitons. The inter-AS links connecting the 89 two Autonomous Systems could be traffic engineered using EPE-SIDs in 90 this case as well. It is important to be able to validate the 91 control plane to forwarding plane synchronization for these SIDs so 92 that any anomaly can be detected easily by the operator. 94 This document provides Target Forwarding Equivalence Class (FEC) 95 stack TLV definitions for EPE-SIDs. Other procedures for mpls Ping 96 and Traceroute as defined in [RFC8287] section 7 and clarified by 97 [RFC8690] are applicable for EPE-SIDs as well. 99 2. Theory of Operation 101 [I-D.ietf-idr-bgpls-segment-routing-epe] provides mechanisms to 102 advertise the EPE-SIDs in BGP-LS. These EPE-SIDs may be used to 103 build Segment Routing paths as described in 104 [I-D.ietf-spring-segment-routing-policy] or using Path Computation 105 Element Protocol (PCEP) extensions as defined in [RFC8664]. Data 106 plane monitoring for such paths which consist of EPE-SIDs will use 107 extensions defined in this document to build the Taget FEC stack TLV. 108 The MPLS Ping and Traceroute procedures MAY be initaited by the head- 109 end of the Segment Routing path or a centralized topology-aware data 110 plane monitoring system as described in [RFC8403]. The extensions in 111 [I-D.ietf-spring-segment-routing-policy] and [RFC8664] do not define 112 the details of the SID and such extensions are out of scope for this 113 document. The node initiating the data plane monitoring may acquire 114 the details of EPE-SIDs through BGP-LS advertisements as described in 115 [I-D.ietf-idr-bgpls-segment-routing-epe]. There may be other 116 possible mechanisms to learn the definition of the SID from 117 controller. Details of such mechanisms are out of scope for this 118 document. 120 The EPE-SIDs are advertised for inter-AS links which run e-BGP 121 sessions.The procedures to operate e-BGP sessions in a scenario with 122 unnumbered interfaces is not very well defined and hence out of scope 123 for this document. During AS migration scenario procedures described 124 in [RFC7705] may be in force. In these scenarios, if the local and 125 remote AS fields in the FEC as described in Section 4carries the 126 global AS and not the "local AS" as defined in [RFC7705], the FEC 127 validation procedures may fail. 129 3. Requirements Language 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 133 "OPTIONAL" in this document are to be interpreted as described in BCP 134 14, [RFC2119], [RFC8174] when, and only when, they appear in all 135 capitals, as shown here. 137 4. FEC Definitions 139 As described in [RFC8287] sec 5, 3 new type of sub-TLVs for the 140 Target FEC Stack TLV are defined for the Target FEC stack TLV 141 corresponding to each label in the label stack. If a malformed FEC 142 sub-TLV is received, then a return code of 1, "Malformed echo request 143 received" as defined in [RFC8029] SHOULD be sent. 145 4.1. PeerAdj SID Sub-TLV 147 0 1 2 3 148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 |Type = TBD | Length | 151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 152 | Local AS Number (4 octets) | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 154 | Remote As Number (4 octets) | 155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 156 | Local BGP router ID (4 octets) | 157 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 158 | Remote BGP Router ID (4 octets) | 159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 160 | Local Interface address (4/16 octets) | 161 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 162 | Remote Interface address (4/16 octets) | 163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 Figure 1: PeerAdj SID Sub-TLV 167 Type : TBD 169 Length : variable based on ipv4/ipv6 interface address. Length 170 excludes the length of Type and length field. For IPv4 interface 171 addresses length will be 24. In case of IPv6 address length will be 172 48 174 Local AS Number : 176 4 octet unsigned integer representing the Member ASN inside the 177 Confederation.[RFC5065]. The AS number corresponds to the AS to 178 which PeerAdj SID advertising node belongs to. 180 Remote AS Number : 182 4 octet unsigned integer representing the Member ASN inside the 183 Confederation.[RFC5065]. The AS number corresponds to the AS of the 184 remote node for which the PeerAdj SID is advertised. 186 Local BGP Router ID : 188 4 octet unsigned integer of the advertising node representing the BGP 189 Identifier as defined in [RFC4271] and [RFC6286]. 191 Remote BGP Router ID : 193 4 octet unsigned integer of the receiving node representing the BGP 194 Identifier as defined in [RFC4271] and [RFC6286]. 196 Local Interface Address : 198 In case of PeerAdj SID Local interface address corresponding to the 199 PeerAdj SID should be apecified in this field. For IPv4,this field 200 is 4 octets; for IPv6, this field is 16 octets. Link Local IPv6 201 addresses are FFS. 203 Remote Interface Address : 205 In case of PeerAdj SID Remote interface address corresponding to the 206 PeerAdj SID should be apecified in this field. For IPv4,this field 207 is 4 octets; for IPv6, this field is 16 octets.Link Local IPv6 208 addresses are FFS. 210 4.2. PeerNode SID Sub-TLV 211 0 1 2 3 212 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 |Type = TBD | Length | 215 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 | Local AS Number (4 octets) | 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 | Remote As Number (4 octets) | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | Local BGP router ID (4 octets) | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | Remote BGP Router ID (4 octets) | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | No.of IPv4 interface pairs | No.of IPv6 interface pairs | 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | Local Interface address1 (4/16 octets) | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | Remote Interface address1 (4/16 octets) | 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 | Local Interface address2 (4/16 octets) | 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 | ...... | 233 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 Figure 2: PeerNode SID Sub-TLV 237 Type : TBD 239 Length : variable based on ipv4/ipv6 interface address. There could 240 be multiple pairs of local and remote interface pairs. The length 241 includes all the pairs.Type and Length field are not included in the 242 actual length carried in the packet. 244 Local AS Number : 246 4 octet unsigned integer representing the Member ASN inside the 247 Confederation.[RFC5065]. The AS number corresponds to the AS to 248 which PeerNode SID advertising node belongs to. 250 Remote AS Number : 252 4 octet unsigned integer representing the Member ASN inside the 253 Confederation.[RFC5065]. The AS number corresponds to the AS of the 254 remote node for which the PeerNode SID is advertised. 256 Local BGP Router ID : 258 4 octet unsigned integer of the advertising node representing the BGP 259 Identifier as defined in [RFC4271] and [RFC6286]. 261 Remote BGP Router ID : 263 4 octet unsigned integer of the receiving node representing the BGP 264 Identifier as defined in [RFC4271] and [RFC6286]. 266 Number of IPv4 interface pairs: 268 Total number of IPV4 local and remote interface address pairs. 270 Number of IPv6 interface pairs: 272 Total number of IPV6 local and remote interface address pairs. 274 There can be multiple Layer 3 interfaces on which a peerNode SID 275 loadbalances the traffic. All such interfaces local/remote address 276 MUST be included in the FEC. 278 When a PeerNode SID load-balances over few interfaces with IPv4 only 279 address and few interfaces with IPv6 address then the FEC definition 280 should list all IPv4 address pairs together followed by IPv6 address 281 pairs. 283 Local Interface Address : 285 In case of PeerNode SID, the interface local address ipv4/ipv6 which 286 corresponds to the PeerNode SID MUST be specified. For IPv4,this 287 field is 4 octets; for IPv6, this field is 16 octets.Link Local IPv6 288 addresses are FFS. 290 Remote Interface Address : 292 In case of PeerNode SID, the interface remote address ipv4/ipv6 which 293 corresponds to the PeerNode SID MUST be specified. For IPv4,this 294 field is 4 octets; for IPv6, this field is 16 octets.Link Local IPv6 295 addresses are FFS. 297 4.3. PeerSet SID Sub-TLV 299 0 1 2 3 300 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 302 |Type = TBD | Length | 303 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 304 | Local AS Number (4 octets) | 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 | Local BGP router ID (4 octets) | 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | No.of elements in set | Reserved | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Remote As Number (4 octets) | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 | Remote BGP Router ID (4 octets) | 313 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 314 | No.of IPv4 interface pairs | No.of IPv6 interface pairs | 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 | Local Interface address1 (4/16 octets) | 317 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 318 | Remote Interface address1 (4/16 octets) | 319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 320 | Local Interface address2 (4/16 octets) | 321 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 322 | ...... | 323 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 325 One element in set consists of below details 326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 327 | Remote As Number (4 octets) | 328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 | Remote BGP Router ID (4 octets) | 330 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 331 | No.of IPv4 interface pairs | No.of IPv6 interface pairs | 332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 333 | Local Interface address1 (4/16 octets) | 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 | Remote Interface address1 (4/16 octets) | 336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 | | 338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 339 | ...... | 340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 341 Figure 3: PeerSet SID Sub-TLV 343 Type : TBD 345 Length : variable based on ipv4/ipv6 interface address and number of 346 elements in the set. The length field does not include the length of 347 Type and Length fields. 349 Local AS Number : 351 4 octet unsigned integer representing the Member ASN inside the 352 Confederation.[RFC5065]. The AS number corresponds to the AS to 353 which PeerSet SID advertising node belongs to. 355 Remote AS Number : 357 4 octet unsigned integer representing the Member ASN inside the 358 Confederation.[RFC5065]. The AS number corresponds to the AS of the 359 remote node for which the PeerSet SID is advertised. 361 Advertising BGP Router ID : 363 4 octet unsigned integer of the advertising node representing the BGP 364 Identifier as defined in [RFC4271] and [RFC6286]. 366 Receiving BGP Router ID : 368 4 octet unsigned integer of the receiving node representing the BGP 369 Identifier as defined in [RFC4271] and [RFC6286]. 371 No.of elements in set: 373 Number of remote ASes, the set SID load-balances on. 375 PeerSet SID may be associated with a number of PeerNode SIDs and 376 PeerAdj SIDs. Link address details of all these SIDs should be 377 included in the peerSet SID FEC so that the data-plane can be 378 correctly verified on the remote node. 380 Number of IPv4 interface pairs: 382 Total number of IPV4 local and remote interface address pairs. 384 Number of IPv6 interface pairs: 386 Total number of IPV6 local and remote interface address pairs. 388 There can be multiple Layer 3 interfaces on which a peerNode SID 389 loadbalances the traffic. All such interfaces local/remote address 390 MUST be included in the FEC. 392 When a PeerSet SID load-balances over few interfaces with IPv4 only 393 address and few interfaces with IPv6 address then the Link address 394 TLV should list all IPv4 address pairs together followed by IPv6 395 address pairs. 397 Local Interface Address : 399 In case of PeerNodeSID/PeerAdj SID, the interface local address ipv4/ 400 ipv6 which corresponds to the PeerNode SID/PeerAdj SID MUST be 401 specified. For IPv4,this field is 4 octets; for IPv6, this field is 402 16 octets. Link Local IPv6 addresses are FFS. 404 Remote Interface Address : 406 In case of PeerNodeSID/PeerAdj SID, the interface remote address 407 ipv4/ipv6 which corresponds to the PeerNode SID/PeerAdj SID MUST be 408 specified. For IPv4,this field is 4 octets; for IPv6, this field is 409 16 octets. Link Local IPv6 addresses are FFS. 411 5. EPE-SID FEC validation 413 This section augments the section 7.4 of [RFC8287]. When a remote 414 ASBR of the EPE-SID advertisement receives the MPLS OAM packet with 415 top FEC being the EPE-SID, it SHOuLD perform validity checks on the 416 content of the EPE-SID FEC sub-TLV. 418 4a. Segment Routing EPE-SID Validation: 420 If the Label-stack-depth is 0 and the Target FEC Stack sub-TLV 421 at FEC-stack-depth is TBD1 (PeerAdj SID sub-TLV) 423 Set the Best-return-code to 10, "Mapping for this FEC is not 424 the given label at stack-depth if any below 425 conditions fail: 427 o Validate that the Receiving Node BGP Local AS matches with the remote AS field in the 428 received PeerAdj SID FEC sub-TLV. 430 o Validate that the Receiving Node BGP Router-ID matches with the Remote Router ID field in the 431 received PeerAdj SID FEC. 433 o Validate that there is a e-BGP session with a peer having local As number and BGP Router-ID as 434 specified in the Local AS number and Local Router-ID field in the received PeerAdj SID FEC sub-TLV. 436 Set the Best-return-code to 35 "Mapping for this FEC is not associated with the incoming interface" (RFC8287) if any below 437 conditions fail: 439 o Validate the incoming interface on which the OAM packet was receieved, matches with the remote interface 440 specified in the PeerAdj SID FEC sub-TLV 442 Else, if the Target FEC sub-TLV at FEC-stack-depth is TBD2 443 (PeerNode SID sub-TLV), 445 Set the Best-return-code to 10, "Mapping for this FEC is not 446 the given label at stack-depth if any below 447 conditions fail: 449 o Validate that the Receiving Node BGP Local AS matches with the remote AS field in the 450 received PeerNode SID FEC sub-TLV. 452 o Validate that the Receiving Node BGP Router-ID matches with the Remote Router ID field in the 453 received PeerNode SID FEC. 455 o Validate that there is a e-BGP session with a peer having local As number and BGP Router-ID as 456 specified in the Local AS number and Local Router-ID field in the received PeerNode SID FEC sub-TLV. 458 Set the Best-return-code to 35 "Mapping for this FEC is not associated with the incoming interface" (RFC8287) if any below 459 conditions fail: 461 o Validate the incoming interface on which the OAM packet was receieved, matches with the any of the 462 remote interfaces specified in the PeerNode SID FEC sub-TLV 464 Else, if the Target FEC sub-TLV at FEC-stack-depth is TBD3 465 (PeerSet SID sub-TLV), 467 Set the Best-return-code to 10, "Mapping for this FEC is not 468 the given label at stack-depth if any below 469 conditions fail: 471 o Validate that the Receiving Node BGP Local AS matches with one of the remote AS field in the 472 received PeerSet SID FEC sub-TLV. 474 o Validate that the Receiving Node BGP Router-ID matches with one of the Remote Router ID field in the 475 received PeerSet SID FEC sub-TLV. 477 o Validate that there is a e-BGP session with a peer having local As number and BGP Router-ID as 478 specified in the Local AS number and Local Router-ID field in the received PeerSet SID FEC sub-TLV. 480 Set the Best-return-code to 35 "Mapping for this FEC is not associated with the incoming interface" (RFC8287) if any below 481 conditions fail: 483 o Validate the incoming interface on which the OAM packet was receieved, matches with the any of the 484 remote interfaces specified in the PeerSet SID FEC sub-TLV 486 Figure 4: EPE-SID FEC validiation 488 6. IANA Considerations 490 New Target FEC stack sub-TLV from the "sub-TLVs for TLV types 1,16 491 and 21" subregistry of the "Multi-Protocol Label switching (MPLs) 492 Label Switched Paths (LSPs) Ping parameters" registry 494 PeerAdj SID Sub-TLV : TBD1 496 PeerNode SID Sub-TLV : TBD2 498 PeerSet SID Sub-TLV : TBD3 500 7. Security Considerations 502 The EPE-SIDs are advertised for egress links for Egress Peer 503 Engineering purposes or for inter-As links between co-operating ASes. 504 When co-operating domains are involved, they can allow the packets 505 arriving on trusted interfaces to reach the control plane and get 506 processed. When EPE-SIDs which are created for egress TE links where 507 the neighbor AS is an independent entity, it may not allow packets 508 arriving from external world to reach the control plane. In such 509 deployments mpls OAM packets will be dropped by the neighboring AS 510 that receives the MPLS OAM packet. In MPLS traceroute applications, 511 when the AS boundary is crossed with the EPE-SIDs, the FEC stack is 512 changed. [RFC8287] does not mandate that the initiator upon 513 receiving an MPLS Echo Reply message that includes the FEC Stack 514 Change TLV with one or more of the original segments being popped 515 remove a corresponding FEC(s) from the Target FEC Stack TLV in the 516 next (TTL+1) traceroute request. If an initiator does not remove the 517 FECs belonging to the previous AS that has traversed, it MAY expose 518 the internal AS information to the following AS being traversed in 519 traceroute. 521 8. Acknowledgments 523 Thanks to Loa Andersson and Alexander Vainshtein for careful review 524 and comments. 526 9. References 528 9.1. Normative References 530 [I-D.ietf-idr-bgpls-segment-routing-epe] 531 Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray, 532 S., and J. Dong, "BGP-LS extensions for Segment Routing 533 BGP Egress Peer Engineering", draft-ietf-idr-bgpls- 534 segment-routing-epe-19 (work in progress), May 2019. 536 [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., 537 Aldrin, S., and M. Chen, "Detecting Multiprotocol Label 538 Switched (MPLS) Data-Plane Failures", RFC 8029, 539 DOI 10.17487/RFC8029, March 2017, 540 . 542 [RFC8287] Kumar, N., Ed., Pignataro, C., Ed., Swallow, G., Akiya, 543 N., Kini, S., and M. Chen, "Label Switched Path (LSP) 544 Ping/Traceroute for Segment Routing (SR) IGP-Prefix and 545 IGP-Adjacency Segment Identifiers (SIDs) with MPLS Data 546 Planes", RFC 8287, DOI 10.17487/RFC8287, December 2017, 547 . 549 9.2. Informative References 551 [I-D.ietf-spring-segment-routing-central-epe] 552 Filsfils, C., Previdi, S., Dawra, G., Aries, E., and D. 553 Afanasiev, "Segment Routing Centralized BGP Egress Peer 554 Engineering", draft-ietf-spring-segment-routing-central- 555 epe-10 (work in progress), December 2017. 557 [I-D.ietf-spring-segment-routing-policy] 558 Filsfils, C., Sivabalan, S., Voyer, D., Bogdanov, A., and 559 P. Mattes, "Segment Routing Policy Architecture", draft- 560 ietf-spring-segment-routing-policy-06 (work in progress), 561 December 2019. 563 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 564 Requirement Levels", BCP 14, RFC 2119, 565 DOI 10.17487/RFC2119, March 1997, 566 . 568 [RFC7705] George, W. and S. Amante, "Autonomous System Migration 569 Mechanisms and Their Effects on the BGP AS_PATH 570 Attribute", RFC 7705, DOI 10.17487/RFC7705, November 2015, 571 . 573 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 574 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 575 May 2017, . 577 [RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N. 578 Kumar, "A Scalable and Topology-Aware MPLS Data-Plane 579 Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July 580 2018, . 582 [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 583 and J. Hardwick, "Path Computation Element Communication 584 Protocol (PCEP) Extensions for Segment Routing", RFC 8664, 585 DOI 10.17487/RFC8664, December 2019, 586 . 588 [RFC8690] Nainar, N., Pignataro, C., Iqbal, F., and A. Vainshtein, 589 "Clarification of Segment ID Sub-TLV Length for RFC 8287", 590 RFC 8690, DOI 10.17487/RFC8690, December 2019, 591 . 593 Authors' Addresses 595 Shraddha Hegde 596 Juniper Networks Inc. 597 Exora Business Park 598 Bangalore, KA 560103 599 India 601 Email: shraddha@juniper.net 603 Kapil Arora 604 Juniper Networks Inc. 606 Email: kapilaro@juniper.net 608 Mukul Srivastava 609 Juniper Networks Inc. 611 Email: msri@juniper.net 613 Samson Ninan 614 Individual Contributor 616 Email: samson.cse@gmail.com 617 Xiaohu Xu 618 Alibaba Inc. 619 Beijing 620 China 622 Email: xiaohu.xxh@alibaba-inc.com