idnits 2.17.1 draft-hu-spring-segment-routing-proxy-forwarding-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([I-D.hegde-spring-node-protection-for-sr-te-paths], [I-D.bashandy-rtgwg-segment-routing-ti-lfa]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 4, 2019) is 1852 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'N000-N999' is mentioned on line 554, but not defined == Unused Reference: 'I-D.sivabalan-pce-binding-label-sid' is defined on line 815, but no explicit reference was found in the text == Unused Reference: 'RFC5462' is defined on line 821, but no explicit reference was found in the text == Outdated reference: A later version (-25) exists of draft-ietf-isis-segment-routing-extensions-22 == Outdated reference: A later version (-07) exists of draft-hegde-spring-node-protection-for-sr-te-paths-04 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-02 == Outdated reference: A later version (-07) exists of draft-sivabalan-pce-binding-label-sid-06 Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Z. Hu 3 Internet-Draft H. Chen 4 Intended status: Standards Track J. Yao 5 Expires: September 5, 2019 Huawei Technologies 6 C. Bowers 7 Juniper Networks 8 March 4, 2019 10 Segment Routing Proxy Forwarding 11 draft-hu-spring-segment-routing-proxy-forwarding-01 13 Abstract 15 Segment Routing Traffic Engineering (SR-TE) supports the creation of 16 explicit paths using segment lists containing adjacency-sids, node- 17 sids, anycast-sids, and binding-sids. When the segment list defining 18 an SR-TE path contains a node-sid, and the node fails, the network 19 may no longer be able to properly forward traffic on that SR-TE path. 20 [I-D.bashandy-rtgwg-segment-routing-ti-lfa] and 21 [I-D.hegde-spring-node-protection-for-sr-te-paths] describe a 22 mechanism that allows local repair actions on the direct neighbors of 23 the failed node to temporarily route traffic to the node immediately 24 following the failed node on the SR-TE path segment list. However, 25 once the IGP shortest paths have converged, the local repair 26 mechanism is no longer sufficient to continue forwarding traffic 27 using the original segment list of the SR-TE path, since the non- 28 neighbors of the failed node will no longer have a route to reach the 29 failed node. This document describes a mechanism that allows traffic 30 to continue to be forwarded on an SR-TE path for an extended period 31 of time after the failure of a node used in the path's segment list. 33 Requirements Language 35 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 36 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 37 document are to be interpreted as described in RFC 2119 [RFC2119]. 39 Status of This Memo 41 This Internet-Draft is submitted in full conformance with the 42 provisions of BCP 78 and BCP 79. 44 Internet-Drafts are working documents of the Internet Engineering 45 Task Force (IETF). Note that other groups may also distribute 46 working documents as Internet-Drafts. The list of current Internet- 47 Drafts is at https://datatracker.ietf.org/drafts/current/. 49 Internet-Drafts are draft documents valid for a maximum of six months 50 and may be updated, replaced, or obsoleted by other documents at any 51 time. It is inappropriate to use Internet-Drafts as reference 52 material or to cite them other than as "work in progress." 54 This Internet-Draft will expire on September 5, 2019. 56 Copyright Notice 58 Copyright (c) 2019 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (https://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the Simplified BSD License. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 74 2. Extensions to IGP for Proxy Forwarding . . . . . . . . . . . 4 75 2.1. Extensions to OSPF . . . . . . . . . . . . . . . . . . . 4 76 2.1.1. Advertising Proxy Forwarding . . . . . . . . . . . . 4 77 2.1.2. Advertising Binding Segment . . . . . . . . . . . . . 7 78 2.2. Extensions to IS-IS . . . . . . . . . . . . . . . . . . . 9 79 2.2.1. Advertising Proxy Forwarding . . . . . . . . . . . . 9 80 2.2.2. Advertising Binding Segment . . . . . . . . . . . . . 11 81 3. Building Proxy Forwarding Table . . . . . . . . . . . . . . . 13 82 3.1. Advertising Proxy Forwarding . . . . . . . . . . . . . . 15 83 3.2. Building Proxy Forwarding Table . . . . . . . . . . . . . 15 84 4. Node Protection for Segment List . . . . . . . . . . . . . . 15 85 4.1. Next Segment is an Adjacency Segment . . . . . . . . . . 16 86 4.2. Next Segment is a Node Segment . . . . . . . . . . . . . 16 87 4.3. Next Segment is a Binding Segment . . . . . . . . . . . . 17 88 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 89 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 90 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 91 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 92 8.1. Normative References . . . . . . . . . . . . . . . . . . 18 93 8.2. Informative References . . . . . . . . . . . . . . . . . 18 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 96 1. Introduction 98 Segment Routing Traffic Engineering (SR-TE) is a technology that 99 implements traffic engineering using Segment Routing. SR-TE supports 100 the creation of explicit paths using adjacency-sids, node-sids, 101 anycast-sids, and binding-sids. A node-sid in the segment list 102 defining an SR-TE path indicates a loose hop that the SR-TE path 103 should pass through. When a particular node fails, it would be 104 useful to be able to continue to send traffic on an SR-TE path that 105 uses the node-sid of the failed node for an extended period of time, 106 without having to immediately modify the segment list used at the 107 ingress to the SR-TE path. 109 The first step to achieve this objective is to make the rest of the 110 routers in the network continue to forward traffic using the node-sid 111 of the failed node. If we don't do anything special, once the IGP 112 converges to take into account the failed node, a given router will 113 no longer maintain a route corresponding to the node-sid. Any 114 traffic that arrives at the router with the node-sid of the failed 115 node as the active segment will be dropped. This document addresses 116 this problem by having each neighbor of the failed node advertise its 117 SR proxy forwarding capability. This indicates that the neighbor 118 (the Proxy Forwarder) will forward traffic on behalf of the failed 119 node. A router receiving the SR Proxy Forwarding capability from 120 neighbors of a failed node will send traffic using the node-sid of 121 the failed node to the nearest Proxy Forwarder. 123 Once the affected traffic reaches a Proxy Forwarder, the Proxy 124 Forwarder sends the traffic on the post-failure shortest path to the 125 node immediately following the failed node in the segment list. 126 [I-D.bashandy-rtgwg-segment-routing-ti-lfa] and 127 [I-D.hegde-spring-node-protection-for-sr-te-paths] describe how the 128 immediate neighbors of a failed node can accomplish this by 129 forwarding based on the first two segments in the segment list. The 130 forwarding described in these drafts was originally intended to be 131 used for only a short period of time, to provide fast-reroute 132 protection until the IGP converges. The current document proposes to 133 extend this behavior on the Proxy Forwarder until well after the IGP 134 has converged. 136 If the faulty node is a label adhesion node, the Binding-sids cannot 137 be exchanged to the label stack for its identity, and the traffic 138 will be lost before it reaches the faulty node. 140 In this document, the proxy mechanism is provided in the neighbor 141 node of the faulty node of the forwarding path to implement traffic 142 forwarding after the node with the label adhesion fails on the SR-TE 143 loose path. 145 2. Extensions to IGP for Proxy Forwarding 147 When a node has segment routing proxy forwarding capability, it 148 advertises this capability. The capability indicates that the node 149 has the ability to proxy forward the global sid of each of its 150 neighbors. When an neighbor who advertises its global sid fails, the 151 traffic can be forwarded to the proxy node. 153 2.1. Extensions to OSPF 155 2.1.1. Advertising Proxy Forwarding 157 When a node P has the capability to do a SR proxy forwarding for all 158 its neighboring nodes for protecting the failures of these nodes, 159 node P advertises its SR proxy forwarding capability in its router 160 information opaque LSA, which contains a Router Informational 161 Capabilities TLV of the format as shown in Figure 1. 163 0 1 2 3 164 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | Type | Length | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 | Informational Capabilities | 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 Figure 1: Router Informational Capabilities TLV 173 One bit (called PF bit) in the Informational Capabilities field of 174 the TLV is used to indicate node P's SR proxy forwarding capability. 175 When this bit is set to one by node P, it indicates that node P is 176 capable of doing a SR proxy forwarding for its neighboring nodes. 178 For a node X in the network, it learns the prefix/node SID of node N, 179 which is originated and advertised by node N. It creates a proxy 180 prefix/node SID of node N for node P if node P is capable of doing SR 181 proxy forwarding for node N. The proxy prefix/node SID of node N for 182 node P is a copy of the prefix/node SID of node N originated by node 183 N, but stored under (or say, associated with) node P. 185 In normal operations, node X prefers to use the prefix/node SID of 186 node N. When node N fails, node X prefers to use the proxy prefix/ 187 node SID of node N. Thus node X will forward the traffic targeting 188 to node N to node P when node N fails, and node P will do a SR proxy 189 forwarding for node N and forwarding the traffic to its destination 190 without going through node N. After node N fails, node X will keep 191 the proxy prefix/node SID of node N for a given period of time. 193 If node P can not do a SR proxy forwarding for all its neighboring 194 nodes, but for some of them, then it advertises the node SID of each 195 of the nodes as a proxy node SID, indicating that it is able to do 196 proxy forwarding for the node SID. 198 A new TLV, called Proxy Node SIDs TLV, is defined for node P to 199 advertise the node SIDs of some of its neighboring nodes. It has the 200 format as shown in Figure 2. 202 0 1 2 3 203 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 | Type (TBD1) | Length | 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | Node SID Sub-TLVs | 208 : : 209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 Figure 2: OSPF Proxy Node SIDs TLV 213 The Type (TBD1) is to be assigned by IANA. The TLV contains a number 214 of Node SID Sub-TLVs. The Length is the total size of the Node SID 215 Sub-TLVs included in the TLV. A Node SID Sub-TLV is the Prefix SID 216 Sub-TLV defined in [I-D.ietf-ospf-segment-routing-extensions]. 218 A proxy forwarding node P originates an Extended Prefix Opaque LSA 219 containing this new TLV. The TLV includes the Node SID Sub-TLVs for 220 the node SIDs of some of P's neighboring nodes. For each of some of 221 P's neighboring nodes, the Node SID Sub-TLV for its prefix/node SID 222 is included the TLV. This prefix/node SID is called a proxy prefix/ 223 node SID. 225 A proxy forwarding node will originate an Extended Prefix Opaque LSA, 226 which includes a Proxy Node SIDs TLV. The format of the LSA is shown 227 in Figure 3. 229 For a proxy forwarding node P, having a number of neighboring nodes, 230 P originates and maintains an Extended Prefix Opaque LSA, which 231 includes a Proxy Node SIDs TLV. The TLV contains the Prefix/Node SID 232 Sub-TLV for each of some of the neighboring nodes after node P 233 creates the corresponding proxy forwarding entries for protecting the 234 failure of some of the neighboring nodes. 236 0 1 2 3 237 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 | LS age | Options | LS Type | 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 | Opaque Type(7)| Opaque ID | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | Advertising Router | 244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 | LS sequence number | 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 | LS checksum | Length | 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 | | 250 : TLVs : 251 : (including Proxy Node SIDs TLV) : 252 | | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 Figure 3: OSPFv2 Extended Prefix Opaque LSA 257 When an neighboring node fails, P maintains the LSA with the TLV 258 containing the Prefix/Node SID Sub-TLV for the neighboring node for a 259 given period of time. After the given period of time, the Prefix/ 260 Node SID Sub-TLV for the neighboring node is removed from the TLV in 261 the LSA and then after a given time the corresponding proxy 262 forwarding entries for protecting the failure of the neighboring node 263 is removed. 265 For a node X in the network, it learns the prefix/node SID of node N 266 and the proxy prefix/node SID of node N. The former is originated 267 and advertised by node N, and the latter is originated and advertised 268 by the proxy forwarding node P of node N. Note that the proxy 269 Prefix/Node SID Sub-TLV for node N does not contain a prefix of node 270 N, and the prefix is the prefix associated with the prefix/node SID 271 of node N originated by node N. 273 In normal operations, node X prefers to use the prefix/node SID of 274 node N. When node N fails, node X prefers to use the proxy prefix/ 275 node SID of node N. Thus node X will forward the traffic targeting 276 to node N to node P when node N fails, and node P will do a proxy 277 forwarding for node N and forwarding the traffic to its destination 278 without going through node N. 280 2.1.2. Advertising Binding Segment 282 For a binding segment (or binding for short) on a node A, which 283 consists of a binding SID and a list of segments, node A advertises 284 an LSA containing the binding (i.e., the binding SID and the list of 285 the segments). The LSA is advertised only to each of the node A's 286 neighboring nodes. For OSPFv2, the LSA is a opaque LSA of LS type 9 287 (i.e., a link local scope LSA). 289 A binding segment is represented by binding segment TLV of the format 290 as shown in Figure 4. 292 0 1 2 3 293 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 | Type (TBD2) | Length | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | Reserved |BindingSID Type| SIDs Type | 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 ~ Binding SID Sub-TLV/value ~ 300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 301 ~ SID Sub-TLVs/values ~ 302 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 304 Figure 4: OSPF Binding Segment TLV 306 It comprises a binding SID and a list of segments (SIDs). The fields 307 of this TLV are defined as follows: 309 Type: 2 octets, its value (TBD2) is to be assigned by IANA. 311 Length: 2 octets, its value is (4 + length of Sub-TLVs/values). 313 Binding SID Type (BT): 1 octet indicates whether the binding SID is 314 represented by a Sub-TLV or a value included in the TLV. For the 315 binding SID represented by a value, it indicates the type of binding 316 SID. The following BT values are defined: 318 o BT = 0: The binding SID is represented by a Sub-TLV (i.e., Binding 319 SID Sub-TLV) in the TLV. A binding SID Sub-TLV is a SID/Label Sub- 320 TLV defined in [I-D.ietf-ospf-segment-routing-extensions]. BT != 0 321 indicates that the binding SID is represented by a value. 323 o BT = 1: The binding SID value is a label, which is represented by 324 the 20 rightmost bits. The length of the value is 3 octets. 326 o BT = 2: The binding SID value is a 32-bit SID. The length of the 327 value is 4 octets. 329 SIDs Type (ST): 1 octet indicates whether the list of segments (SIDs) 330 are represented by Sub-TLVs or values included in the TLV. For the 331 SIDs represented by values, it indicates the type of SIDs. The 332 following ST values are defined: 334 o ST = 0: The SIDs are represented by Sub-TLVs (i.e., SID Sub-TLVs) 335 in the TLV. A SID Sub-TLV is an Adj-SID Sub-TLV, a Prefix-SID Sub- 336 TLV or a SID/Label Sub-TLV defined in 337 [I-D.ietf-ospf-segment-routing-extensions]. ST != 0 indicates that 338 the SIDs are represented by values. 340 o ST = 1: Each of the SID values is a label, which is represented by 341 the 20 rightmost bits. The length of the value is 3 octets. 343 o ST = 2: Each of the SID values is a 32-bit SID. The length of the 344 value is 4 octets. 346 The opaque LSA of LS Type 9 containing the binding segment (i.e., the 347 binding SID and the list of the segments) has the format as shown in 348 Figure 5. It may have Opaque Type of x (the exact type is to be 349 assigned by IANA) for Binding Segment Opaque LSA. 351 0 1 2 3 352 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | LS age | Options | LS Type (9) | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | Opaque Type(x)| Opaque ID | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 | Advertising Router | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | LS sequence number | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | LS checksum | Length | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | | 365 : Binding Segment TLVs : 366 | | 367 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 Figure 5: OSPFv2 Binding Segment Opaque LSA 371 For every binding on a node A, the LSA originated by A contains a 372 binding segment TLV for it. 374 For node A running OSPFv3, it originates a link-local scoping LSA of 375 a new LSA function code (TBD3) containing binding segment TLVs for 376 the bindings on it. The format of the LSA is illustrated in 377 Figure 6. 379 0 1 2 3 380 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 382 | LS age |0|0|0| BS-LSA (TBD3) | 383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 384 | Link State ID | 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 386 | Advertising Router | 387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 | LS Sequence Number | 389 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 390 | LS checksum | Length | 391 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 392 | | 393 : Binding Segment TLVs : 394 | | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 Figure 6: OSPFv3 Binding Segment Opaque LSA 399 The U-bit is set to 0, and the scope is set to 00 for link-local 400 scoping. 402 2.2. Extensions to IS-IS 404 2.2.1. Advertising Proxy Forwarding 406 When a node P has the capability to do a SR proxy forwarding for its 407 neighboring nodes for protecting the failures of them, node P 408 advertises its SR proxy forwarding capability in its LSP, which 409 contains a Router Capability TLV of Type 242 including a SR 410 capabilities sub-TLV of sub-Type 2. 412 One bit (called PF bit as shown in Figure 7) in the Flags field of 413 the SR capabilities sub-TLV is defined to indicate node P's SR proxy 414 forwarding capability. When this bit is set to one by node P, it 415 indicates that node P is capable of doing a SR proxy forwarding for 416 its neighboring nodes. 418 0 1 2 3 419 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 421 | Type (2) | Length | Flags | 422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 423 | Range | 424 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 425 // SID/Label Sub-TLV (variable) // 426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 428 0 1 2 3 4 5 6 7 429 +--+--+--+--+--+--+--+--+ 430 | I| V|PF| | 431 +--+--+--+--+--+--+--+--+ 432 Flags 434 Figure 7: SR Capabilities sub-TLV 436 If node P can not do a SR proxy forwarding for all its neighboring 437 nodes, but for some of them, then it advertises the node SID of each 438 of the nodes as a proxy node SID, indicating that it is able to do 439 proxy forwarding for the node SID. 441 The IS-IS SID/Label Binding TLV (suggested value 149) is defined in 442 [I-D.ietf-isis-segment-routing-extensions]. A Proxy Forwarder uses 443 the SID/Label Binding TLV to advertise the node Sid of its 444 neighboring node. The Flags field of the SID/Label Binding TLV is 445 extended to include a P flag as shown in Figure 8. The prefix/node 446 SID in prefix/node Sid Sub-TLV included in SID/Label Binding TLV is 447 identified as a proxy forwarding prefix/node SID. 449 0 1 2 3 450 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 452 | Type | Length | Flags | RESERVED | 453 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 454 | Range | Prefix Length | Prefix | 455 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 456 // Prefix (continued, variable) // 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 458 | SubTLVs (variable) | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 461 0 1 2 3 4 5 6 7 462 +-+-+-+-+-+-+-+-+ 463 |F|M|S|D|A|P| | 464 +-+-+-+-+-+-+-+-+ 465 Flags 467 Figure 8: SID/Label Binding TLV 469 Where: 471 P-Flag: Proxy forwarding flag. If set, this prefix/node Sid is 472 advertised by the proxy node. This TLV is used to announce that the 473 node has the ability to proxy forward the prefix/node Sid. 475 When the P-flag is set in the SID/Label Binding TLV, the following 476 usage rules apply. 478 The Range, Prefix Length and Prefix field are not used. They should 479 be set to zero on transmission and ignored on receipt. 481 SID/Label Binding TLV contains a number of prefix/node SID Sub-TLVs. 482 The TLV advertised by a proxy forwarding node P contains prefix/node 483 SID Sub-TLVs for the node SIDs of P's neighbor nodes. Each of the 484 Sub-TLVs is a prefix/node SID Sub-TLV defined in 485 [I-D.ietf-isis-segment-routing-extensions]. From the SID in a 486 prefix/node SID Sub-TLV advertised by the Proxy Forwarding node, its 487 prefix can be obtained through matching corresponding prefix/node SID 488 advertised by the neighbor/protected node using TLV-135 (or 235, 236, 489 or 237) together with the prefix/node SID Sub-TLV. 491 2.2.2. Advertising Binding Segment 493 [I-D.ietf-spring-segment-routing-policy] has defined the usage of 494 binding-sid. For supporting binding sid proxy forwarding, a new IS- 495 IS TLV, called Binding Segment TLV, is defined. It contains a 496 binding SID and a list of segments (SIDs). This TLV may be 497 advertised in IS-IS Hello (IIH) PDUs, LSPs, or in Circuit Scoped Link 498 State PDUs (CS-LSP) [RFC7356]. Its format is shown in Figure 9. 500 0 1 2 3 501 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 502 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 503 | Type | Length |BindingSID Type| SIDs Type | 504 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 505 ~ Binding SID value/Sub-TLV ~ 506 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 507 ~ SID values/Sub-TLVs ~ 508 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 510 Figure 9: IS-IS Binding Segment TLV 512 The fields of this TLV are defined as follows: 514 Type: 1 octet Suggested value 152 (to be assigned by IANA) 516 Length: 1 octet (2 + length of Sub-TLVs/values). 518 Binding SID Type (BT): 1 octet indicates whether the binding SID is 519 represented by a Sub-TLV or a value included in the TLV. For the 520 binding SID represented by a value, it indicates the type of binding 521 SID. The following BT values are defined: 523 o BT = 0: The binding SID is represented by a Sub-TLV (i.e., binding 524 SID Sub-TLV) in the TLV. A binding SID Sub-TLV is a SID/Label Sub- 525 TLV defined in [I-D.ietf-isis-segment-routing-extensions]. BT != 0 526 indicates that the binding SID is represented by a value. 528 o BT = 1: The binding SID value is a label, which is represented by 529 the 20 rightmost bits. The length of the value is 3 octets. 531 o BT = 2: The binding SID value is a 32-bit SID. The length of the 532 value is 4 octets. 534 SIDs Type (ST): 1 octet indicates whether the SIDs are represented by 535 Sub-TLVs or values included in the TLV. For the SIDs represented by 536 values, it indicates the type of SIDs. The following ST values are 537 defined: 539 o ST = 0: The SIDs are represented by Sub-TLVs (i.e., SID Sub-TLVs) 540 in the TLV. A SID Sub-TLV is an Adj-SID Sub-TLV, a Prefix-SID Sub- 541 TLV or a SID/Label Sub-TLV defined in 542 [I-D.ietf-isis-segment-routing-extensions]. ST != 0 indicates that 543 the SIDs are represented by values. 545 o ST = 1: Each of the SID values is a label, which is represented by 546 the 20 rightmost bits. The length of the value is 3 octets. 548 o ST = 2: Each of the SID values is a 32-bit SID. The length of the 549 value is 4 octets. 551 3. Building Proxy Forwarding Table 553 Figure 10 is used to illustrate the SR proxy forwarding approach. 554 Each node N has SRGB = [N000-N999]. RT1 is an ingress node of SR 555 domain. RT3 is a failure node. RT2 is a Point of Local Repair (PLR) 556 node, i.e., a proxy forwarding node. Three label stacks are shown in 557 the figure. Label Stack 1 uses only adjacency-SIDs and represents 558 the path RT1->RT2->RT3->RT4->RT5. Label Stack 2 uses only node-SIDs 559 and represents the ECMP-aware path RT1->RT3->RT4->RT5. Label Stack 3 560 uses a node-SID and a binding SID. The Binding-SID with label=100 at 561 RT3 represents the ECMP-aware path RT3->RT4->RT5. So Label Stack 3, 562 which consists of the node-SID for RT3 following by Binding-SID=100, 563 represents the ECMP-aware path RT1->RT3->RT4->RT5. 565 Node Sid:2 Node Sid:3 566 +-----+ +-----+ 567 | |----------+ | 568 / |RT2 | | RT3 |\ 569 / +-----+ +-----+ \ 570 / | \ /| \ 571 / | \ / | \ 572 / | \ / | \ 573 / | \ / | \ 574 / | \ / | \ 575 Node Sid:1 | \ / | \Node Sid:4 Node Sid:5 576 +-----+ | \ / | +-----+ +-----+ 577 | | | X | | |-------| | 578 | RT1 | | / \ | | RT4 | | RT5 | 579 +-----+ | / \ | +-----+ +-----+ 580 \ | / \ | / 581 \ | / \ | / 582 \ | / \ | / 583 \ | / \ | / 584 \ | / \| / 585 \ |/ | / 586 \ +-----+ +-----+ / 587 \ | | | |/ 588 \ | RT6 |-----------| RT7 | 589 +-----+ +-----+ 590 Node Sid:6 Node Sid:7 592 +-----------------+ +--------------+ 593 | Node SRGB | | Adj-Sid | +-------+ +-------+ +-------+ 594 +-----------------+ +--------------+ |Label | |Label | |Label | 595 | RT1:[1000-1999] | |RT1->RT2:10012| |Stack 1| |Stack 2| |Stack 3| 596 +-----------------+ +--------------+ +-------+ +-------+ +-------+ 597 | RT2:[2000-2999] | |RT2->RT3:20023| | 10012 | | 1003 | | 1003 | 598 +-----------------+ +--------------+ +-------+ +-------+ +-------+ 599 | RT3:[3000-3999] | |RT3->RT6:30036| | 20023 | | 3004 | | 100 | 600 +-----------------+ +--------------+ +-------+ +-------+ +-------+ 601 | RT4:[4000=4999] | |RT3->RT7:30037| | 30034 | | 4005 | 100 is 602 +-----------------+ +--------------+ +-------+ +-------+ binding SID 603 | RT5:[5000-5999] | |RT3->RT4:30034| | 40045 | to 604 +-----------------+ +--------------+ +-------+ {30034,40045} 605 | RT6:[6000-6999] | |RT7->RT4:70074| 606 +-----------------+ +--------------+ 607 | RT7:[7000-7999] | |RT4->RT5:40045| 608 +-----------------+ +--------------+ 610 Figure 10: Topology of SR-TE Path 612 3.1. Advertising Proxy Forwarding 614 If the Point of Local Repair (PLR), for example, RT2, has the 615 capability to do a SR proxy forwarding for all its neighboring nodes, 616 it must advertises this capability. If the PLR can not do a SR proxy 617 forwarding for all its neighboring nodes, but for some of them, for 618 example, RT3, then it uses proxy Node SIDs TLV to advertise the 619 prefix-sid learned from RT3. The TLV contains the Sub-TLV/value for 620 the prefix/node sid of RT3 as a proxy SID. When RT3 fails, RT2 needs 621 to maintain the Sub-TLV/value for a period of time. When the proxy 622 forwarding table corresponding to the fault node is deleted (see 623 section 3.2), the Sub-TLV/value is withdrawn. The nodes in the 624 network (for example, RT1) learn the prefix/node Sid TLV advertised 625 by RT3 and the proxy Node SIDs TLV advertised by RT2. When RT3 is 626 normal, the nodes prefer prefix/node Sid TLV. When the RT3 fails, 627 the proxy prefix/node SIDs TLV advertised by RT2 is preferred. 629 3.2. Building Proxy Forwarding Table 631 A SR proxy node P needs to build an independent proxy forwarding 632 table for each neighbor N. The proxy forwarding table for node N 633 contains the following information: 635 1: Node N's SRGB range and the difference between the SRGB start 636 value of node P and that of node N; 638 2: All adjacency-SID of N and Node-SID of the node pointed to by node 639 N's adjacency-SID. 641 3: The binding-SID of N and the label stack associated with the 642 binding-SID. 644 Node P (PLR) uses a proxy forwarding table based on the next segment 645 to find a node N as a backup forwarding entry to the adj-SID and 646 Node-SID of node N. When node N fails, the proxy forwarding table 647 needs to be maintained for a period of time, which is recommended for 648 30 minutes. 650 Node RT3 in the topology of Figure 1 is node N, and node RT2 is node 651 P (PLR). RT2 builds the proxy forwarding table for RT3. The 652 structure of the table and how to build the table is a local 653 implementation issue. 655 4. Node Protection for Segment List 657 Segment Routing Traffic Engineering supports the creation of explicit 658 paths using adjacency-sids, node-sids, and binding-sids. The label 659 stack is a combination of one or more of adjacency-sids, node-sids, 660 and binding-sids. This Section shows how a proxy node uses the SR 661 proxy forwarding mechanism to protect traffic to the destination node 662 when the next segment of label stack is adjacency-sids, node-sids, or 663 binding-sids, respectively. 665 4.1. Next Segment is an Adjacency Segment 667 As shown in Figure 1, Label Stack 1 {10012, 20023, 30034, 40045} 668 represents SR-TE strict explicit path RT1->RT2->RT3->RT4->RT5. When 669 RT3 fails, node RT2 acts as a PLR, and uses next adj-SID (30034) of 670 the label stack to lookup the proxy forwarding table built by RT2 671 locally for RT3. The path returned is the label forwarding path to 672 RT3's next hop node RT4, which bypasses RT3. The specific steps are 673 as follows: 675 a. RT1 pops top adj-SID 10012, and forwards the packet to RT2; 677 b. RT2 uses the label 20023 to identify the next hop node RT3, which 678 has failed. RT2 pops label 20023 and queries the Proxy Forwarding 679 Table corresponding to RT3 with label 30034. The Proxy Forwarding 680 Table corresponding to RT3 returns an outgoing interface and label 681 stack representing a path to RT4 that does not pass through RT3. In 682 this case, outgoing interface to RT7 with label stack 7004, satisfies 683 this requirement. 685 c. So the packet leaves RT2 out the interface to RT7 with label 686 stack {7004, 40045}. RT4 forwards it to RT4, where the original path 687 is rejoined. 689 d. RT2 forwards packets to RT7. RT7 queries the local routing table 690 to forward the packet to RT4. 692 4.2. Next Segment is a Node Segment 694 As shown in Figure 1, Label Stack 2 {1003, 3004, 4005} represents SR- 695 TE loose path RT1->RT3->RT4->RT5, where 1003 is the node SID of RT3. 697 When the node RT3 fails, the proxy forwarding TLV advertised by the 698 RT2 is preferred to direct the traffic of the RT1 to the PLR node 699 RT2. Node RT2 acts as a PLR node and queries the proxy forwarding 700 table locally built for RT3. The path returned is the label 701 forwarding path to RT3's next hop node RT4, which bypasses RT3. The 702 specific steps are as follows: 704 a. RT1 swaps label 1003 to out-label 2003 to RT3. 706 b. RT2 receives the label forwarding packet whose top label of label 707 stack is 2003, and searches for the local Routing Table, the behavior 708 found is to lookup Proxy Forwarding table due to RT3 failure. 710 c. RT2 uses 2003 as the in-label to lookup Proxy Forwarding table, 711 and the query result is forwarding the packet to RT4. 713 d. Then RT2 querries the Routing Table to RT4, using the primary or 714 backup path to RT4. The next hop is RT7. 716 e. RT2 forwards the packet to RT7. RT7 queries the local routing 717 table to forward the packet to RT4. 719 f. After RT1 convergences, node SID 1003 is preferred to the proxy 720 SID implied/advertised by RT2. 722 4.3. Next Segment is a Binding Segment 724 As shown in Figure 1, Label Stack 3 {1003, 100} represents SR-TE 725 loose path RT1->RT3->RT4->RT5, where 100 is a Binding-Sid, which 726 represents segment list {30034, 40045}. 728 When the node RT3 fails, the proxy forwarding SID implied or 729 advertised by the RT2 is preferred to forward the traffic of the RT1 730 to the PLR node RT2. Node RT2 acts as a PLR node and uses Binding- 731 SID to query the proxy forwarding table locally built for RT3. The 732 path returned is the label forwarding path to RT3's next hop node 733 (RT4), which bypasses RT3. The specific steps are as follows: 735 a. RT1 swaps label 1003 to out-label 2003 to RT3. 737 b. RT2 receives the label forwarding packet whose top label of label 738 stack is 2003, and searches for the local Routing Table, the behavior 739 found is to lookup Proxy Forwarding table due to RT3 failure. 741 c. RT2 uses Binding-sid:100 (label 2003 has pop) as the in-label to 742 lookup the Next Label record of the Proxy Forwarding Table, the 743 behavior found is to swap to Segment list {30034, 40045}. 745 d. RT2 swaps Binding-sid:100 to Segment list {30034, 40045}, and 746 uses the 3034 to lookup the Next Label record of the Proxy Forwarding 747 table again. The behavior found is to forward the packet to RT4. 749 e. RT2 queries the Routing Table to RT4, using primary or backup 750 path to RT4. The next hop is RT7. 752 f. RT2 forwards packets to RT7. RT7 queries the local routing table 753 to forward the packet to RT4. 755 5. Security Considerations 757 TBD 759 6. IANA Considerations 761 TBD 763 7. Acknowledgements 765 The authors would like to thank Peter Psenak and Les Ginsberg for 766 their comments to this work. 768 8. References 770 8.1. Normative References 772 [I-D.ietf-isis-segment-routing-extensions] 773 Previdi, S., Ginsberg, L., Filsfils, C., Bashandy, A., 774 Gredler, H., and B. Decraene, "IS-IS Extensions for 775 Segment Routing", draft-ietf-isis-segment-routing- 776 extensions-22 (work in progress), December 2018. 778 [I-D.ietf-ospf-segment-routing-extensions] 779 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 780 Shakir, R., Henderickx, W., and J. Tantsura, "OSPF 781 Extensions for Segment Routing", draft-ietf-ospf-segment- 782 routing-extensions-27 (work in progress), December 2018. 784 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 785 Requirement Levels", BCP 14, RFC 2119, 786 DOI 10.17487/RFC2119, March 1997, 787 . 789 [RFC7356] Ginsberg, L., Previdi, S., and Y. Yang, "IS-IS Flooding 790 Scope Link State PDUs (LSPs)", RFC 7356, 791 DOI 10.17487/RFC7356, September 2014, 792 . 794 8.2. Informative References 796 [I-D.bashandy-rtgwg-segment-routing-ti-lfa] 797 Bashandy, A., Filsfils, C., Decraene, B., Litkowski, S., 798 Francois, P., daniel.voyer@bell.ca, d., Clad, F., and P. 799 Camarillo, "Topology Independent Fast Reroute using 800 Segment Routing", draft-bashandy-rtgwg-segment-routing-ti- 801 lfa-05 (work in progress), October 2018. 803 [I-D.hegde-spring-node-protection-for-sr-te-paths] 804 Hegde, S., Bowers, C., Litkowski, S., Xu, X., and F. Xu, 805 "Node Protection for SR-TE Paths", draft-hegde-spring- 806 node-protection-for-sr-te-paths-04 (work in progress), 807 October 2018. 809 [I-D.ietf-spring-segment-routing-policy] 810 Filsfils, C., Sivabalan, S., daniel.voyer@bell.ca, d., 811 bogdanov@google.com, b., and P. Mattes, "Segment Routing 812 Policy Architecture", draft-ietf-spring-segment-routing- 813 policy-02 (work in progress), October 2018. 815 [I-D.sivabalan-pce-binding-label-sid] 816 Sivabalan, S., Filsfils, C., Tantsura, J., Hardwick, J., 817 Previdi, S., and C. Li, "Carrying Binding Label/Segment-ID 818 in PCE-based Networks.", draft-sivabalan-pce-binding- 819 label-sid-06 (work in progress), February 2019. 821 [RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching 822 (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic 823 Class" Field", RFC 5462, DOI 10.17487/RFC5462, February 824 2009, . 826 Authors' Addresses 828 Zhibo Hu 829 Huawei Technologies 830 Huawei Bld., No.156 Beiqing Rd. 831 Beijing 100095 832 China 834 Email: huzhibo@huawei.com 836 Huaimo Chen 837 Huawei Technologies 838 Boston, MA 839 USA 841 Email: Huaimo.chen@huawei.com 842 Junda Yao 843 Huawei Technologies 844 Huawei Bld., No.156 Beiqing Rd. 845 Beijing 100095 846 China 848 Email: yaojunda@huawei.com 850 Chris Bowers 851 Juniper Networks 852 1194 N. Mathilda Ave. 853 Sunnyvale, CA 94089 854 USA 856 Email: cbowers@juniper.net