idnits 2.17.1 draft-ietf-bess-datacenter-gateway-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 12, 2020) is 1345 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-22) exists of draft-ietf-idr-tunnel-encaps-17 ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-06) exists of draft-farrel-spring-sr-domain-interconnect-05 == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-16 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group A. Farrel 3 Internet-Draft Old Dog Consulting 4 Intended status: Standards Track J. Drake 5 Expires: February 13, 2021 E. Rosen 6 Juniper Networks 7 K. Patel 8 Arrcus, Inc. 9 L. Jalil 10 Verizon 11 August 12, 2020 13 Gateway Auto-Discovery and Route Advertisement for Segment Routing 14 Enabled Domain Interconnection 15 draft-ietf-bess-datacenter-gateway-08 17 Abstract 19 Data centers are critical components of the infrastructure used by 20 network operators to provide services to their customers. Data 21 centers are attached to the Internet or a backbone network by gateway 22 routers. One data center typically has more than one gateway for 23 commercial, load balancing, and resiliency reasons. 25 Segment Routing is a protocol mechanism that can be used within a 26 data center, and also for steering traffic that flows between two 27 data center sites. In order that one data center site may load 28 balance the traffic it sends to another data center site, it needs to 29 know the complete set of gateway routers at the remote data center, 30 the points of connection from those gateways to the backbone network, 31 and the connectivity across the backbone network. 33 Segment Routing may also be operated in other domains, such as access 34 networks. Those domains also need to be connected across backbone 35 networks through gateways. 37 This document defines a mechanism using the BGP Tunnel Encapsulation 38 attribute to allow each gateway router to advertise the routes to the 39 prefixes in the Segment Routing domains to which it provides access, 40 and also to advertise on behalf of each other gateway to the same 41 Segment Routing domain. 43 Status of This Memo 45 This Internet-Draft is submitted in full conformance with the 46 provisions of BCP 78 and BCP 79. 48 Internet-Drafts are working documents of the Internet Engineering 49 Task Force (IETF). Note that other groups may also distribute 50 working documents as Internet-Drafts. The list of current Internet- 51 Drafts is at https://datatracker.ietf.org/drafts/current/. 53 Internet-Drafts are draft documents valid for a maximum of six months 54 and may be updated, replaced, or obsoleted by other documents at any 55 time. It is inappropriate to use Internet-Drafts as reference 56 material or to cite them other than as "work in progress." 58 This Internet-Draft will expire on February 13, 2021. 60 Copyright Notice 62 Copyright (c) 2020 IETF Trust and the persons identified as the 63 document authors. All rights reserved. 65 This document is subject to BCP 78 and the IETF Trust's Legal 66 Provisions Relating to IETF Documents 67 (https://trustee.ietf.org/license-info) in effect on the date of 68 publication of this document. Please review these documents 69 carefully, as they describe your rights and restrictions with respect 70 to this document. Code Components extracted from this document must 71 include Simplified BSD License text as described in Section 4.e of 72 the Trust Legal Provisions and are provided without warranty as 73 described in the Simplified BSD License. 75 Table of Contents 77 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 78 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 79 3. SR Domain Gateway Auto-Discovery . . . . . . . . . . . . . . 5 80 4. Relationship to BGP Link State and Egress Peer Engineering . 7 81 5. Advertising an SR Domain Route Externally . . . . . . . . . . 7 82 6. Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . 7 83 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 84 7.1. Tunnel Encapsulation Tunnel Type . . . . . . . . . . . . 8 85 7.2. Tunnel Encapsulation Sub-TLVs . . . . . . . . . . . . . . 8 86 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 87 9. Manageability Considerations . . . . . . . . . . . . . . . . 9 88 9.1. Relationship to Route Target Constraint . . . . . . . . . 10 89 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 90 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 91 11.1. Normative References . . . . . . . . . . . . . . . . . . 10 92 11.2. Informative References . . . . . . . . . . . . . . . . . 11 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 95 1. Introduction 97 Data centers (DCs) are critical components of the infrastructure used 98 by network operators to provide services to their customers. DCs are 99 attached to the Internet or a backbone network by gateway routers 100 (GWs). One DC typically has more than one GW for various reasons 101 including commercial preferences, load balancing, and resiliency 102 against connection of device failure. 104 Segment Routing (SR) [RFC8402] is a protocol mechanism that can be 105 used within a DC, and also for steering traffic that flows between 106 two DC sites. In order for a source (ingress) DC that uses SR to 107 load balance the flows it sends to a destination (egress) DC, it 108 needs to know the complete set of entry nodes (i.e., GWs) for that 109 egress DC from the backbone network connecting the two DCs. Note 110 that it is assumed that the connected set of DCs and the backbone 111 network connecting them are part of the same SR BGP Link State (LS) 112 instance ([RFC7752] and [I-D.ietf-idr-bgpls-segment-routing-epe]) so 113 that traffic engineering using SR may be used for these flows. 115 SR may also be operated in other domains, such as access networks. 116 Those domains also need to be connected across backbone networks 117 through gateways. For illustrative purposes, consider the Ingress 118 and Egress SR Domains shown in Figure 1 as spearate ASes. The 119 various ASes that provide connectivity between the Ingress and Egress 120 Domains could each be constructed differently and use different 121 technologies such as IP, MPLS with global table routing native BGP to 122 the edge, MPLS IP VPN, SR-MPLS IP VPN, or SRv6 IP VPN. 124 Suppose that there are two gateways, GW1 and GW2 as shown in 125 Figure 1, for a given egress SR domain and that they each advertise a 126 route to prefix X which is located within the egress SR domain with 127 each setting itself as next hop. One might think that the GWs for X 128 could be inferred from the routes' next hop fields, but typically it 129 is not the case that both routes get distributed across the backbone: 130 rather only the best route, as selected by BGP, is distributed. This 131 precludes load balancing flows across both GWs. 133 ----------------- --------------------- 134 | Ingress | | Egress ------ | 135 | SR Domain | | SR Domain |Prefix| | 136 | | | | X | | 137 | | | ------ | 138 | -- | | --- --- | 139 | |GW| | | |GW1| |GW2| | 140 -------++-------- ----+-----------+-+-- 141 | \ | / | 142 | \ | / | 143 | -+------------- --------+--------+-- | 144 | ||ASBR| ----| |---- |ASBR| |ASBR| | | 145 | | ---- |ASBR+------+ASBR| ---- ---- | | 146 | | ----| |---- | | 147 | | | | | | 148 | | ----| |---- | | 149 | | AS1 |ASBR+------+ASBR| AS2 | | 150 | | ----| |---- | | 151 | --------------- -------------------- | 152 --+-----------------------------------------------+-- 153 | |ASBR| |ASBR| | 154 | ---- AS3 ---- | 155 | | 156 ----------------------------------------------------- 158 Figure 1: Example Segment Routing Domain Interconnection 160 The obvious solution to this problem is to use the BGP feature that 161 allows the advertisement of multiple paths in BGP (known as Add- 162 Paths) [RFC7911] to ensure that all routes to X get advertised by 163 BGP. However, even if this is done, the identity of the GWs will be 164 lost as soon as the routes get distributed through an Autonomous 165 System Border Router (ASBR) that will set itself to be the next hop. 166 And if there are multiple Autonomous Systems (ASes) in the backbone, 167 not only will the next hop change several times, but the Add-Paths 168 technique will experience scaling issues. This all means that the 169 Add-Paths approach is limited to SR domains connected over a single 170 AS. 172 This document defines a solution that overcomes this limitation and 173 works equally well with a backbone constructed from one or more ASes. 174 The solution uses the Tunnel Encapsulation attribute 175 [I-D.ietf-idr-tunnel-encaps] as follows: 177 We define a new tunnel type, "SR Tunnel". When the GWs to a given 178 SR domain advertise a route to a prefix X within the SR domain, 179 they will each include a Tunnel Encapsulation attribute with 180 multiple tunnel instances each of type "SR Tunnel" (value 17), one 181 for each GW, and each containing a Remote Endpoint sub-TLV with 182 that GW's address. 184 In other words, each route advertised by a GW identifies all of the 185 GWs to the same SR domain (see Section 3 for a discussion of how GWs 186 discover each other). Therefore, even if only one of the routes is 187 distributed to other ASes, it will not matter how many times the next 188 hop changes, as the Tunnel Encapsulation attribute (and its remote 189 endpoint sub-TLVs) will remain unchanged. 191 To put this in the context of Figure 1, GW1 and GW2 discover each 192 other as gateways for the egress SR domain. Both GW1 and GW2 193 advertise themselves as having routes to prefix X. Furthermore, GW1 194 includes a Tunnel Encapsulation attribute with a tunnel instance of 195 type "SR tunnel" for itself and another for GW2. Similarly, GW2 196 includes a Tunnel Encapsulation for itself and another for GW1. The 197 gateway in the ingress SR domain can now see all possible paths to 198 the egress SR domain regardless of which route advertisement is 199 propagated to it, and it can choose one, or balance traffic flows as 200 it sees fit. 202 The protocol extensions defined in this document are put into the 203 broader context of SR domain interconnection by 204 [I-D.farrel-spring-sr-domain-interconnect]. That document shows how 205 other existing protocol elements may be combined with the extensions 206 defined in this document to provide a full system. 208 2. Requirements Language 210 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 211 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 212 "OPTIONAL" in this document are to be interpreted as described in BCP 213 14 [RFC2119] [RFC8174] when, and only when, they appear in all 214 capitals, as shown here. 216 3. SR Domain Gateway Auto-Discovery 218 To allow a given SR domain's GWs to auto-discover each other and to 219 coordinate their operations, the following procedures are 220 implemented: 222 o Each GW is configured with an identifier for the SR domain. That 223 identifier is common across all GWs to the domain (i.e., the same 224 identifier is used by all GWs to the same SR domain), and unique 225 across all SR domains that are connected (i.e., across all GWs to 226 all SR domains that are interconnected). 228 o A route target ([RFC4360]) is attached to each GW's auto-discovery 229 route and has its value set to the SR domain identifier. 231 o Each GW constructs an import filtering rule to import any route 232 that carries a route target with the same SR domain identifier 233 that the GW itself uses. This means that only these GWs will 234 import those routes, and that all GWs to the same SR domain will 235 import each other's routes and will learn (auto-discover) the 236 current set of active GWs for the SR domain. 238 The auto-discovery route that each GW advertises consists of the 239 following: 241 o An IPv4 or IPv6 NLRI containing one of the GW's loopback addresses 242 (that is, with an AFI/SAFI pair that is one of 1/1, 2/1, 1/4, or 243 2/4). 245 o A Tunnel Encapsulation attribute [I-D.ietf-idr-tunnel-encaps] 246 containing the GW's encapsulation information, which at a minimum 247 consists of an SR Tunnel TLV (type TBD1 to be allocated by IANA) 248 with a Remote Endpoint sub-TLV as specified in 249 [I-D.ietf-idr-tunnel-encaps]. 251 To avoid the side effect of applying the Tunnel Encapsulation 252 attribute to any packet that is addressed to the GW itself, the GW 253 SHOULD use a different loopback address for the two cases. 255 As described in Section 1, each GW will include a Tunnel 256 Encapsulation attribute for each GW that is active for the SR domain 257 (including itself), and will include these in every route advertised 258 externally to the SR domain by each GW. As the current set of active 259 GWs changes (due to the addition of a new GW or the failure/removal 260 of an existing GW) each externally advertised route will be re- 261 advertised with the set of SR tunnel instances reflecting the current 262 set of active GWs. 264 If a gateway becomes disconnected from the backbone network, or if 265 the SR domain operator decides to terminate the gateway's activity, 266 it withdraws the advertisements described above. This means that 267 remote gateways at other sites will stop seeing advertisements from 268 this gateway. It also means that other local gateways at this site 269 will "unlearn" the removed gateway and stop including a Tunnel 270 Encapsulation attribute for the removed gateway in their 271 advertisements. 273 Note that if a GW is (mis)configured with a different SR domain 274 identifier from the other GWs to the same domain then it will not be 275 auto-discovered by the other GWs (and will not auto-discover the 276 other GWs). This would result in the in a receiver just getting the 277 best route with only the advertising node's tunnel encapsulation 278 information. 280 4. Relationship to BGP Link State and Egress Peer Engineering 282 When a remote GW receives a route to a prefix X it can use the SR 283 tunnel instances within the contained Tunnel Encapsulation attribute 284 to identify the GWs through which X can be reached. It uses this 285 information to compute SR Traffic Engineering (SR TE) paths across 286 the backbone network looking at the information advertised to it in 287 SR BGP Link State (BGP-LS) [I-D.ietf-idr-bgp-ls-segment-routing-ext] 288 and correlated using the SR domain identity. SR Egress Peer 289 Engineering (EPE) [I-D.ietf-idr-bgpls-segment-routing-epe] can be 290 used to supplement the information advertised in BGP-LS. 292 5. Advertising an SR Domain Route Externally 294 When a packet destined for prefix X is sent on an SR TE path to a GW 295 for the SR domain containing X (that is, the packet is sent in the 296 Ingress Domain on an SR TE path that describes the path including 297 within the Egress Domain), it needs to carry the receiving GW's label 298 for X such that this label rises to the top of the stack before the 299 GW completes its processing of the packet. To achieve this we place 300 a Prefix SID sub-TLV [I-D.ietf-idr-tunnel-encaps] for X in each SR 301 tunnel instance in the Tunnel Encapsulation attribute in the 302 externally advertised route for X. 304 Alternatively, if the GWs for a given SR domain are configured to 305 allow remote GWs to perform SR TE through that SR domain for a prefix 306 X, then each GW computes an SR TE path through that SR domain to X 307 from each of the currently active GWs, and places each in an MPLS 308 label stack sub-TLV [I-D.ietf-idr-tunnel-encaps] in the SR tunnel 309 instance for that GW. 311 Please refer to Section 7 of 312 [I-D.farrel-spring-sr-domain-interconnect] for worked examples of how 313 the label stack is consructed in this case, and how the 314 advertisements would work. 316 6. Encapsulation 318 If the GWs for a given SR domain are configured to allow remote GWs 319 to send them a packet in that SR domain's native encapsulation, then 320 each GW will also include multiple instances of a tunnel TLV for that 321 native encapsulation in externally advertised routes: one for each GW 322 and each containing a remote endpoint sub-TLV with that GW's address. 323 A remote GW may then encapsulate a packet according to the rules 324 defined via the sub-TLVs included in each of the tunnel TLV 325 instances. 327 7. IANA Considerations 329 7.1. Tunnel Encapsulation Tunnel Type 331 IANA maintains a registry called "Border Gateway Protocol (BGP) 332 Parameters" with a sub-registry called "BGP Tunnel Encapsulation 333 Attribute Tunnel Types." The registration policy for this registry 334 is First-Come First-Served [RFC8126]. 336 IANA has assigned the value 17 from this sub-registry for "SR 337 Tunnel". 339 7.2. Tunnel Encapsulation Sub-TLVs 341 IANA maintains a registry called "Border Gateway Protocol (BGP) 342 Parameters" with a sub-registry called "BGP Tunnel Encapsulation 343 Attribute Sub-TLVs." The registration policy for this registry is 344 Standards Action.[RFC8126]. 346 IANA is requested to assign a codepoint from this sub-registry for 347 "SR Tunnel TLV" (TBD1). The next available value may be used and 348 reference should be made to this document. 350 8. Security Considerations 352 From a protocol point of view, the mechanisms described in this 353 document can leverage the security mechanisms already defined for 354 BGP. Further discussion of security considerations for BGP may be 355 found in the BGP specification itself [RFC4271] and in the security 356 analysis for BGP [RFC4272]. The original discussion of the use of 357 the TCP MD5 signature option to protect BGP sessions is found in 358 [RFC5925], while [RFC6952] includes an analysis of BGP keying and 359 authentication issues. 361 The mechanisms described in this document involve sharing routing or 362 reachability information between domains: that may mean disclosing 363 information that is normally contained within a domain. So it needs 364 to be understood that normal security paradigms based on the 365 boundaries of domains are weakened. Discussion of these issues with 366 respect to VPNs can be found in [RFC4364], while [RFC7926] describes 367 many of the issues associated with the exchange of topology or TE 368 information between domains. 370 Particular exposures resulting from this work include: 372 o Gateways to a domain will know about all other gateways to the 373 same domain. This feature applies within a domain and so is not a 374 substantial exposure, but it does mean that if the BGP exchanges 375 within a domain can be snooped or if a gateway can be subverted 376 then an attacker may learn the full set of gateways to a domain. 377 This would facilitate more effective attacks on that domain. 379 o The existence of multiple gateways to a domain becomes more 380 visible across the backbone and even into remote domains. This 381 means that an attacker is able to prepare a more comprehensive 382 attack than exists when only the locally attached backbone network 383 (e.g., the AS that hosts the domain) can see all of the gateways 384 to a site. For example, a Denial of Service attack on a single GW 385 is mitigated by the existence of other GWs, but if the attacker 386 knows about all the gateways then the whole set can be attacked at 387 once. 389 o A node in a domain that does not have external BGP peering (i.e., 390 is not really a domain gateway and cannot speak BGP into the 391 backbone network) may be able to get itself advertised as a 392 gateway by letting other genuine gateways discover it (by speaking 393 BGP to them within the domain) and so may get those genuine 394 gateways to advertise it as a gateway into the backbone network. 395 This would allow the malicious node to attract traffic without 396 having to have secure BGP peerings with out-of-domain nodes. 398 o If it is possible to modify a BGP message within the backbone, it 399 may be possible to spoof the existence of a gateway. This could 400 cause traffic to be attracted to a specific node and might result 401 in black-holing of traffic. 403 All of the issues in the list above could cause disruption to domain 404 interconnection, but are not new protocol vulnerabilities so much as 405 new exposures of information that SHOULD be protected against using 406 existing protocol mechanisms. Furthermore, it is a general 407 observation that if these attacks are possible then it is highly 408 likely that far more significant attacks can be made on the routing 409 system. It should be noted that BGP peerings are not discovered, but 410 always arise from explicit configuration. 412 9. Manageability Considerations 414 The principal configuration item added by this solution is the 415 allocation of an SR domain identifier. The same identifier MUST be 416 assigned to every GW to the same domain, and each domain MUST have a 417 different identifier. This requires coordination, probably through a 418 central management agent. 420 It should be noted that BGP peerings are not discovered, but always 421 arise from explicit configuration. This is no different from any 422 other BGP operation. 424 9.1. Relationship to Route Target Constraint 426 In order to limit the VPN routing information that is maintained at a 427 given route reflector, [RFC4364] suggests the use of "Cooperative 428 Route Filtering" [RFC5291] between route reflectors. [RFC4684] 429 defines an exension to that mechanism to include support for multiple 430 autonomous systems and asymmetric VPN topologies such as hub-and- 431 spoke. The mechanism in RFC 4684 is known as Route Target Constraint 432 (RTC). 434 An operator would not normally configure RTC by default for any AFI/ 435 SAFI combination, and would only enable it after careful 436 consideration. When using the mechanisms defined in this document, 437 the operator should consider carefully the effects of filtering 438 routes. In some cases this may be desirable, and in others it could 439 limit the effectiveness of the procedures. 441 10. Acknowledgements 443 Thanks to Bruno Rijsman, Stephane Litkowsji, Boris Hassanov, Linda 444 Dunbar, Ravi Singh, and Gyan Mishra for review comments, and to 445 Robert Raszuk for useful discussions. 447 11. References 449 11.1. Normative References 451 [I-D.ietf-idr-bgpls-segment-routing-epe] 452 Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray, 453 S., and J. Dong, "BGP-LS extensions for Segment Routing 454 BGP Egress Peer Engineering", draft-ietf-idr-bgpls- 455 segment-routing-epe-19 (work in progress), May 2019. 457 [I-D.ietf-idr-tunnel-encaps] 458 Patel, K., Velde, G., Sangli, S., and J. Scudder, "The BGP 459 Tunnel Encapsulation Attribute", draft-ietf-idr-tunnel- 460 encaps-17 (work in progress), July 2020. 462 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 463 Requirement Levels", BCP 14, RFC 2119, 464 DOI 10.17487/RFC2119, March 1997, 465 . 467 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 468 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 469 DOI 10.17487/RFC4271, January 2006, 470 . 472 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 473 Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, 474 February 2006, . 476 [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP 477 Authentication Option", RFC 5925, DOI 10.17487/RFC5925, 478 June 2010, . 480 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 481 S. Ray, "North-Bound Distribution of Link-State and 482 Traffic Engineering (TE) Information Using BGP", RFC 7752, 483 DOI 10.17487/RFC7752, March 2016, 484 . 486 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 487 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 488 May 2017, . 490 11.2. Informative References 492 [I-D.farrel-spring-sr-domain-interconnect] 493 Farrel, A. and J. Drake, "Interconnection of Segment 494 Routing Domains - Problem Statement and Solution 495 Landscape", draft-farrel-spring-sr-domain-interconnect-05 496 (work in progress), October 2018. 498 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 499 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 500 and M. Chen, "BGP Link-State extensions for Segment 501 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-16 502 (work in progress), June 2019. 504 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 505 RFC 4272, DOI 10.17487/RFC4272, January 2006, 506 . 508 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 509 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 510 2006, . 512 [RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, 513 R., Patel, K., and J. Guichard, "Constrained Route 514 Distribution for Border Gateway Protocol/MultiProtocol 515 Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual 516 Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684, 517 November 2006, . 519 [RFC5291] Chen, E. and Y. Rekhter, "Outbound Route Filtering 520 Capability for BGP-4", RFC 5291, DOI 10.17487/RFC5291, 521 August 2008, . 523 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 524 BGP, LDP, PCEP, and MSDP Issues According to the Keying 525 and Authentication for Routing Protocols (KARP) Design 526 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 527 . 529 [RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder, 530 "Advertisement of Multiple Paths in BGP", RFC 7911, 531 DOI 10.17487/RFC7911, July 2016, 532 . 534 [RFC7926] Farrel, A., Ed., Drake, J., Bitar, N., Swallow, G., 535 Ceccarelli, D., and X. Zhang, "Problem Statement and 536 Architecture for Information Exchange between 537 Interconnected Traffic-Engineered Networks", BCP 206, 538 RFC 7926, DOI 10.17487/RFC7926, July 2016, 539 . 541 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 542 Writing an IANA Considerations Section in RFCs", BCP 26, 543 RFC 8126, DOI 10.17487/RFC8126, June 2017, 544 . 546 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 547 Decraene, B., Litkowski, S., and R. Shakir, "Segment 548 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 549 July 2018, . 551 Authors' Addresses 553 Adrian Farrel 554 Old Dog Consulting 556 Email: adrian@olddog.co.uk 557 John Drake 558 Juniper Networks 560 Email: jdrake@juniper.net 562 Eric Rosen 563 Juniper Networks 565 Email: erosen52@gmail.com 567 Keyur Patel 568 Arrcus, Inc. 570 Email: keyur@arrcus.com 572 Luay Jalil 573 Verizon 575 Email: luay.jalil@verizon.com