idnits 2.17.1 draft-ietf-bess-deployment-guide-ipv4nlri-ipv6nh-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 3 instances of too long lines in the document, the longest one being 12 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 12, 2021) is 1017 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4291' is defined on line 861, but no explicit reference was found in the text == Unused Reference: 'RFC4364' is defined on line 865, but no explicit reference was found in the text == Unused Reference: 'RFC5492' is defined on line 874, but no explicit reference was found in the text == Unused Reference: 'RFC8277' is defined on line 882, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-idr-dynamic-cap' is defined on line 888, but no explicit reference was found in the text == Unused Reference: 'RFC4659' is defined on line 893, but no explicit reference was found in the text == Unused Reference: 'RFC4684' is defined on line 898, but no explicit reference was found in the text == Unused Reference: 'RFC4798' is defined on line 905, but no explicit reference was found in the text == Unused Reference: 'RFC4925' is defined on line 911, but no explicit reference was found in the text == Unused Reference: 'RFC6074' is defined on line 925, but no explicit reference was found in the text == Unused Reference: 'RFC6513' is defined on line 931, but no explicit reference was found in the text == Unused Reference: 'RFC6514' is defined on line 935, but no explicit reference was found in the text == Unused Reference: 'RFC8126' is defined on line 940, but no explicit reference was found in the text == Outdated reference: A later version (-16) exists of draft-ietf-idr-dynamic-cap-14 -- Obsolete informational reference (is this intentional?): RFC 5549 (Obsoleted by RFC 8950) Summary: 1 error (**), 0 flaws (~~), 16 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Working Group G. Mishra 3 Internet-Draft Verizon Inc. 4 Intended status: Best Current Practice M. Mishra 5 Expires: January 13, 2022 Cisco Systems 6 J. Tantsura 7 Microsoft, Inc. 8 S. Madhavi 9 Juniper Networks, Inc. 10 Q. Yang 11 Arista Networks 12 A. Simpson 13 Nokia 14 S. Chen 15 Huawei Technologies 16 July 12, 2021 18 Deployment Guidelines for Edge Peering IPv4-NLRI with IPv6-NH 19 draft-ietf-bess-deployment-guide-ipv4nlri-ipv6nh-02 21 Abstract 23 As Enterprises and Service Providers upgrade their brown field or 24 green field MPLS/SR core to an IPv6 transport, Multiprotocol BGP (MP- 25 BGP)now plays an important role in the transition of their Provider 26 (P) core network as well as Provider Edge (PE) Edge network from IPv4 27 to IPv6. Operators must be able to continue to support IPv4 28 customers when both the Core and Edge networks are IPv6-Only. 30 This document details an important External BGP (eBGP) PE-CE Edge 31 IPv6-Only peering design that leverages the MP-BGP capability 32 exchange by using IPv6 peering as pure transport, allowing both IPv4 33 Network Layer Reachability Information (NLRI) and IPv6 Network Layer 34 Reachability Information (NLRI)to be carried over the same (Border 35 Gateway Protocol) BGP TCP session. The design change provides the 36 same Dual Stacking functionality that exists today with separate IPv4 37 and IPv6 BGP sessions as we have today. With this design change from 38 a control plane perspective a single IPv6 is required for both IPv4 39 and IPv6 routing updates and from a data plane forwarindg perspective 40 an IPv6 address need only be configured on the PE and CE interface 41 for both IPv4 and IPv6 packet forwarding. 43 This document provides a much needed solution for Internet Exchange 44 Point (IXP) that are facing IPv4 address depletion at large peering 45 points. With this design, IXP can now deploy PE-CE IPv6-Only eBGP 46 Edge peering design to eliminate IPv4 provisioning at the Edge. This 47 core and edge IPv6-Only peering design paradigm change can apply to 48 any eBGP peering, public internet or private, which can be either 49 Core networks, Data Center networks, Access networks or can be any 50 eBGP peering scenario. This document provides vendor specific test 51 cases for the IPv6-Only peering design as well as test results for 52 the five major vendors stakeholders in the routing and switching 53 indusrty, Cisco, Juniper, Arista, Nokia and Huawei. With the test 54 results provided for the IPv6-Only Edge peering design, the goal is 55 that all other vendors around the world that have not been tested 56 will begin to adopt and implement this new Best Current Practice for 57 eBGP IPv6-Only Edge peering. 59 As this issue with IXP IPv4 address depletion is a critical issue 60 around the world, it is imperative for an immediate solution that can 61 be implemented quickly. This Best Current Practice IPv6-only eBGP 62 peering design specification will help proliferate IPv6-Only 63 deployments at the eBGP Edge network peering points to starting 64 immediately at a minimum with operators around the world using Cisco, 65 Juniper, Arista, Nokia and Huawei. As other vendors start to 66 implement this Best Current Practice, the IXP IPv4 address depletion 67 gap will eventually be eliminated. 69 Status of This Memo 71 This Internet-Draft is submitted in full conformance with the 72 provisions of BCP 78 and BCP 79. 74 Internet-Drafts are working documents of the Internet Engineering 75 Task Force (IETF). Note that other groups may also distribute 76 working documents as Internet-Drafts. The list of current Internet- 77 Drafts is at https://datatracker.ietf.org/drafts/current/. 79 Internet-Drafts are draft documents valid for a maximum of six months 80 and may be updated, replaced, or obsoleted by other documents at any 81 time. It is inappropriate to use Internet-Drafts as reference 82 material or to cite them other than as "work in progress." 84 This Internet-Draft will expire on January 13, 2022. 86 Copyright Notice 88 Copyright (c) 2021 IETF Trust and the persons identified as the 89 document authors. All rights reserved. 91 This document is subject to BCP 78 and the IETF Trust's Legal 92 Provisions Relating to IETF Documents 93 (https://trustee.ietf.org/license-info) in effect on the date of 94 publication of this document. Please review these documents 95 carefully, as they describe your rights and restrictions with respect 96 to this document. Code Components extracted from this document must 97 include Simplified BSD License text as described in Section 4.e of 98 the Trust Legal Provisions and are provided without warranty as 99 described in the Simplified BSD License. 101 Table of Contents 103 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 104 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 105 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 106 4. IPv6-Only Edge Peering Architecture . . . . . . . . . . . . . 6 107 4.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 6 108 4.2. IPv6-Only PE-CE Design Solution . . . . . . . . . . . . . 7 109 4.3. IPv6-Only Edge Peering Design . . . . . . . . . . . . . . 8 110 4.3.1. IPv6-Only Edge Peering Packet Walk . . . . . . . . . 8 111 4.3.2. 6to4 Softwire IPv4-Only Core packet walk . . . . . . 9 112 4.3.3. 4to6 Softwire IPv6-Only Core packet walk . . . . . . 10 113 4.4. RFC5549 and RFC8950 Applicability . . . . . . . . . . . . 13 114 4.4.1. IPv6-Only Edge Peering design next-hop encoding . . . 13 115 4.4.2. RFC8950 updates to RFC5549 applicability . . . . . . 13 116 5. IPv6-Only Design Edge E2E Test Cases . . . . . . . . . . . . 14 117 5.1. Test-1 IPv6-Only PE-CE Global Table over IPv4-Only Core . 14 118 5.2. Test-2 E2E IPv6-Only PE-CE VPN over IPv4-Only Core . . . 15 119 5.3. Test-3 IPv6-Only PE-CE Global Table over IPv6-Only Core . 16 120 5.4. Test-4 IPv6-Only PE-CE VPN over IPv6-Only Core . . . . . 17 121 5.5. IPv6-Only PE-CE Operational Considerations Testing . . . 18 122 6. Operational Considerations . . . . . . . . . . . . . . . . . 18 123 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 124 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 125 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 126 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 20 127 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 128 11.1. Normative References . . . . . . . . . . . . . . . . . . 20 129 11.2. Informative References . . . . . . . . . . . . . . . . . 21 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 132 1. Introduction 134 As Enterprises and Service Providers upgrade their brown field or 135 green field MPLS/SR core to an IPv6 transport such as MPLS LDPv6, SR- 136 MPLSv6 or SRv6, Multiprotocol BGP (MP-BGP) now plays an important 137 role in the transition of the Provider (P) core networks and Provider 138 Edge (PE) edge networks from IPv4 to IPv6. Operators have a 139 requirement to support IPv4 customers and must be able to support 140 IPv4 address family and Sub-Address-Family Virtual Private Network 141 (VPN)-IPv4, and Multicast VPN IPv4 customers. 143 IXP are also facing IPv4 address depletion at their peering points, 144 which are large Layer 2 transit backbones that service providers peer 145 and exchange IPv4 and IPv6 Network Layer Reachability Information 146 (NLRI). Today, these transit exchange points are Dual Stacked. With 147 this IPv6-only BGP peering design, only IPv6 is configured on the PE- 148 CE interface, the Provider Edge (PE) - Customer Edge (CE), the IPv6 149 BGP peer is now used to carry IPv4 (Network Layer Reachability 150 Information) NLRI over an IPv6 next hop using IPv6 next hop encoding 151 defined in [RFC8950], while continuing to forward both IPv4 and IPv6 152 packets. In the framework of this design the PE is no longer Dual 153 Stacked. However in the case of the CE, PE-CE link CE side of the 154 link is no longer Dual Stacked, however all other internal links 155 within the CE domain may or maynot be Dual stacked. 157 MP-BGP specifies that the set of usable next-hop address families is 158 determined by the Address Family Identifier (AFI) and the Subsequent 159 Address Family Identifier (SAFI). Historically the AFI/SAFI 160 definitions for the IPv4 address family only have provisions for 161 advertising a Next Hop address that belongs to the IPv4 protocol when 162 advertising IPv4 or VPN-IPv4. [RFC8950] specifies the extensions 163 necessary to allow advertising IPv4 NLRI, Virtual Private Network 164 Unicast (VPN-IPv4) NLRI, Multicast Virtual Private Network (MVPN- 165 IPv4) NLRI with a Next Hop address that belongs to the IPv6 protocol. 166 This comprises of an extended next hop encoding MP-REACH BGP 167 capability exchange to allow the address of the Next Hop for IPv4 168 NLRI, VPN-IPv4 NLRI and MVPN-IPv4 NLRI to also belong to the IPv6 169 Protocol. [RFC8950] defines the encoding of the Next Hop to 170 determine which of the protocols the address actually belongs to, and 171 a new BGP Capability allowing MP-BGP Peers to discover dynamically 172 whether they can exchange IPv4 NLRI and VPN-IPv4 NLRI with an IPv6 173 Next Hop. 175 The current specification for carrying IPv4 NLRI of a given address 176 family via a Next Hop of a different address family is now defined in 177 [RFC8950], and specifies the extended next hop encoding MP-REACH 178 capability extension necessary to do so. This comprises an extension 179 of the AFI/SAFI definitions to allow the address of the Next Hop for 180 IPv4 NLRI or VPN-IPv4 NLRI to belong to either the IPv4 or the IPv6 181 protocol, the encoding of the Next Hop information to determine which 182 of the protocols the address belongs to, and a new BGP Capability 183 allowing MP-BGP peers to dynamically discover whether they can 184 exchange IPv4 NLRI and VPN- IPv4 NLRI with an IPv6 Next Hop. 186 With the new extensions defined in [RFC8950] supporting NLRI and next 187 hop address family mismatch, the BGP peer session can now be treated 188 as a pure TCP transport and carry both IPv4 and IPv6 NLRI at the 189 Provider Edge (PE) - Customer Edge (CE) over a single IPv6 TCP 190 session. This allows for the elimination of dual stack from the PE- 191 CE peering point, and now enable the peering to be IPv6-ONLY. The 192 elimination of IPv4 on the PE-CE peering points translates into OPEX 193 expenditure savings of point-to-point infrastructure links as well as 194 /31 address space savings and administration and network management 195 of both IPv4 and IPv6 BGP peers. This reduction decreases the number 196 of PE-CE BGP peers by fifty percent, which is a tremendous cost 197 savings for operators. 199 While the savings exists at the Edge eBGP PE-CE peering, on the core 200 side PE to Route Reflector (RR) peering carrying IPv4 201 <1/1>, VPN-IPV4 <1/128>, and Multicasat VPN <1/129>, there is no 202 savings as the Provider (P) Core is IPv6 Only and thus can only have 203 an IPv6 peer and must use [RFC8950] extended next hop encoding to 204 carrying IPv4 NLRI IPV4 <2/1>, VPN-IPV4 <2/128>, and Multicasat VPN 205 <2/129> over an IPv6 next hop. 207 This document provides a much needed solution for Internet Exchange 208 Point (IXP) that are facing IPv4 address depletion at large peering 209 points. With this design, IXP can now use deploy PE-CE IPv6-Only 210 eBGP Edge peering design to eliminate IPv4 provisioning at the Edge. 211 This core and edge IPv6-Only peering design paradigm change can apply 212 to any eBGP peering, public internet or private, which can be either 213 Core networks, Data Center networks, Access networks or can be any 214 eBGP peering scenario. This document provides detailed vendor 215 specific test cases and test results for the IPv6-Only peering design 216 as well as successful test results between five major vendors 217 stakeholders in the routing and switching indusrty, Cisco, Juniper, 218 Arista, Nokia and Huawei. With the test results provided for the 219 IPv6-Only Edge peering design, the goal is that all other vendors 220 around the world that have not been tested will begin to adopt and 221 implement this new best practice for eBGP IPv6-Only Edge peering. 223 As this issue with IXP address depletion is a critical issue around 224 the world, it is imperative for an immediate solution that can be 225 implemented quickly. This best practice IPv6-only eBGP peering 226 design specification will help proliferate IPv6-Only deployments at 227 the eBGP Edge network peering points starting immediately at a 228 minimum with operators around the world using Cisco, Juniper, Arista, 229 Nokia and Huawei. 231 2. Requirements Language 233 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 234 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 235 "OPTIONAL" in this document are to be interpreted as described in BCP 236 14 [RFC2119] [RFC8174] when, and only when, they appear in all 237 capitals, as shown here. 239 3. Terminology 241 Terminolgoy used in defining the IPv6-Only Edge specification. 243 AFBR: Address Family Border Router Provider Edge (PE). 245 Edge: PE-CE Edge Network Provider Edge - Customer Edge 247 Core: P Core Network Provider (P) 249 4to6 Softwire : IPv4 edge over an IPv6-Only core 251 6to4 Softwire: IPv6 edge over an IPv4-Only core 253 E2E: End to End 255 4. IPv6-Only Edge Peering Architecture 257 4.1. Problem Statement 259 This specification addresses a real issue that has been discussed at 260 many operator groups around the world related to IXP major peering 261 points where hundreds of AS's have both IPv4 and IPv6 dual stacked 262 peering. IPv4 address depletion have been a major issue issue for 263 many years now. Operators around the world are clamoring for a 264 solution that can help solve issues related to IPv4 address depletion 265 at these large IXP peering points. With this solution IXPs as well 266 as all infrastructure networks such as Core networks, DC networks, 267 Access networks as well as any PE-CE public or private network can 268 now utilize this IPv6-Only Edge solution and reap the benefits 269 immediately on IPv4 address space saving. 271 IXP Problem Statement 273 Dual Stacked Dual Stacked 274 CE PE 276 +-------+ IPv4 BGP Peer +-------+ 277 | |---------------| | 278 | CE | IPv6 BGP Peer | PE | 279 | |---------------| | 280 +-------+ +-------+ 281 IPv4 forwarding IPv4 forwarding 282 IPv6 forwarding IPv6 forwarding 284 Figure 1: Problem Statement - IXP Dual Stack Peering 285 ________ 286 Dual Stacked _____ / \ Dual Stacked 287 PE / CE / \__/ \___ PE / CE 288 +----+ +----+ / \ +------+ +-----+ 289 | | | | |0====VPN Overlay Tunnel ==0| | | | | 290 | | | | | \ | | | | 291 | CE |--| PE |--\ IPv6-Only Core |----| PE |---| CE | 292 | | | | \0=========Underlay =======0| | | | | 293 +----+ +----+ \ __/ +------+ +-----+ 294 IPv4 IPv6 BGP peer \ IP / MPLS / SR domain / IPv4 and IPv6 BGP peer 295 IPv4 forwarding \__ __ / IPv4 forwarding 296 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 298 Figure 2: Problem Statement - E2E Dual Stack Edge 300 4.2. IPv6-Only PE-CE Design Solution 302 The IPv6-Only Edge design solution provides a means of E2E single 303 protocol design solution extension of [RFC5565] Softwire Mesh 304 framework from the PE-CE Edge to the Core from ingres so egress 305 through the entire operators domain. This solution eliminates all 306 IPv4 addressing from end to end while still providing the same Dual 307 Stack functionality of IPv4 and IPv6 packet forwarding from a data 308 plane perspective by leveraging the [RFC8950] extended next hop 309 encoding so that IPv4 NLRI can be advertised over a single IPv6 pure 310 transport TCP session. This IPv6-Only E2E architecture eliminates 311 all IPv4 peering and IPv4 addressing E2E from the ingress CE to 312 ingress PE to egress PE to egress CE and all hops along the operator 313 E2E path. 315 Solution applicable to 316 any Edge peering scenario - IXP, Core, DC, Access, etc 318 +-------+ +-------+ 319 | | IPv6 Only | | 320 | CE |----------------| PE | 321 | | IPv6 BGP Peer | | 322 +-------+ +-------+ 323 IPv4 forwarding IPv4 forwarding 324 IPv6 forwarding IPv6 forwarding 326 Figure 3: IPv6-Only Solution Applicability 327 ________ 328 IPv6-Only _____ / \ IPv6-Only 329 PE / CE / \__/ \___ PE / CE 330 +----+ +----+ / \ +------+ +-----+ 331 | | | | |0====VPN Overlay Tunnel ==0| | | | | 332 | | | | | \ | | | | 333 | CE |--| PE |--\ IPv6-Only Core |----| PE |---| CE | 334 | | | | \0=========Underlay ===== ==0 | | | | 335 +----+ +----+ \ __/ +------+ +-----+ 336 IPv6 BGP peer \IP / MPLS / SR domain / IPv6 BGP peer 337 IPv4 forwarding \__ __ / IPv4 forwarding 338 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 340 Figure 4: E2E VPN Solution 342 4.3. IPv6-Only Edge Peering Design 344 4.3.1. IPv6-Only Edge Peering Packet Walk 346 The IPv6-Only Edge Peering design utilizes two key E2E Softwire Mesh 347 Framework scenario's, 4to6 softwire and 6to4 softwire. The Softwire 348 mesh framework concept is based on the overlay and underlay MPLS or 349 SR based technology framework, where the underlay is the transport 350 layer and the overlay is a Virtual Private Network (VPN) layer, and 351 is the the tunneled virtualization layer containing the customer 352 payload. The concept of a 6to4 Softwire is based on transmission of 353 IPv6 packets at the edge of the network by tunneling the IPv6 packets 354 over an IPv4-Only Core. The concept of a 4to6 Softwire is also based 355 on transmission of IPv4 packets at the edge of the network by 356 tunneling the IPv4 packets over an IPv6-Only Core. 358 This document describes End to End (E2E) test scenarios that follow a 359 packet flow from IPv6-Only attachment circuit from ingress PE-CE to 360 egress PE-CE tracing the routing protocol control plane and data 361 plane forwarding of IPv4 packets in a 4to6 softwire or 6to4 softwire 362 within the IPv4-Only or IPv6-Only Core network. In both secneario we 363 are focusing on IPv4 packets and the control plane and data plane 364 forwarding aspects of IPv4 packets from the PE-CE Edge network over 365 an IPv6-Only P (Provider) core network or IPv4-Only P (Provider) core 366 network. With this IPv6-Only Edge peering design, the Softwire Mesh 367 Framework is not extended beyond the Provider Edge (PE) and continues 368 to terminate on the PE router. 370 4.3.2. 6to4 Softwire IPv4-Only Core packet walk 372 6to4 softwire where IPv6-Edge eBGP IPv6 peering where IPv4 packets at 373 network Edge traverse a IPv4-Only Core 375 In the scenario where IPv4 packets originating from a PE-CE edge are 376 tunneled over an MPLS or Segment Routing IPv4 underlay core network, 377 the PE and CE only have an IPv6 address configured on the interface. 378 In this scenario the IPv4 packets that ingress the CE from within the 379 CE AS are over an IPv6-Only interface and are forwarded to an IPv4 380 NLRI destination prefix learned from the Pure Transport Single IPv6 381 BGP Peer. In the IPv6-Only Edge peering architecture the PE is 382 IPv6-Only as all PE-CE interfaces are IPv6-Only. However, on the CE, 383 the PE-CE interface is the only interface that is IPv6-Only and all 384 other interfaces may or may not be IPv6-Only. Following the data 385 plane packet flow, IPv4 packets are forwarded from the ingress CE to 386 the IPv6-Only ingress PE where the VPN label imposition push per 387 prefix, per-vrf, per-CE occurs and the labeled packet is forwarded 388 over a 6to4 softwire IPv4-Only core, to the egress PE where the VPN 389 label disposition pop occurs and the native IPv4 packet is forwarded 390 to the egress CE. In the reverse direction IPv4 packets are 391 forwarded from the egress CE to egress PE where the VPN label 392 imposition per prefix, per-vrf, per-CE push occurs and the labeled 393 packet is forwarded back over the 6to4 softwire IPv4-Only core, to 394 the ingress PE where the VPN label disposition pop occurs and the 395 native IPv4 packet is forwarded to the ingress CE. . The 396 functionality of the IPv4 forwarding plane in this scenario is 397 identical from a data plane forwarding perspective to Dual Stack IPv4 398 forwarding scenario. 400 +--------+ +--------+ 401 | IPv4 | | IPv4 | 402 | Client | | Client | 403 | Network| | Network| 404 +--------+ +--------+ 405 | \ / | 406 | \ / | 407 | \ / | 408 | X | 409 | / \ | 410 | / \ | 411 | / \ | 412 +--------+ +--------+ 413 | AFBR | | AFBR | 414 +--| IPv4/6 |---| IPv4/6 |--+ 415 | +--------+ +--------+ | 416 +--------+ | | +--------+ 417 | IPv4 | | | | IPv4 | 418 | Client | | | | Client | 419 | Network|------| IPv4 |-------| Network| 420 +--------+ | only | +--------+ 421 | | 422 | +--------+ +--------+ | 423 +--| AFBR |---| AFBR |--+ 424 | IPv4/6 | | IPv4/6 | 425 +--------+ +--------+ 426 | \ / | 427 | \ / | 428 | \ / | 429 | X | 430 | / \ | 431 | / \ | 432 | / \ | 433 +--------+ +--------+ 434 | IPv6 | | IPv4 | 435 | Client | | Client | 436 | Network| | Network| 437 +--------+ +--------+ 439 Figure 5: 6to4 Softwire - IPv6 Edge over an IPv4-Only Core 441 4.3.3. 4to6 Softwire IPv6-Only Core packet walk 443 4to6 softwire where IPv6-Edge eBGP IPv6 peering where IPv4 packets at 444 network Edge traverse a IPv6-Only Core 445 In the scenario where IPv4 packets originating from a PE-CE edge are 446 tunneled over an MPLS or Segment Routing IPv4 underlay core network, 447 the PE and CE only have an IPv6 address configured on the interface. 448 In this scenario the IPv4 packets that ingress the CE from within the 449 CE AS are over an IPv6-Only interface and are forwarded to an IPv4 450 NLRI destination prefix learned from the Pure Transport Single IPv6 451 BGP Peer. In the IPv6-Only Edge peering architecture the PE is 452 IPv6-Only as all PE-CE interfaces are IPv6-Only. However, on the CE, 453 the PE-CE interface is the only interface that is IPv6-Only and all 454 other interfaces may or may not be IPv6-Only. Following the data 455 plane packet flow, IPv4 packets are forwarded from the ingress CE to 456 the IPv6-Only ingress PE where the VPN label imposition push per 457 prefix, per-vrf, per-CE occurs and the labeled packet is forwarded 458 over a 4to6 softwire IPv6-Only core, to the egress PE where the VPN 459 label disposition pop occurs and the native IPv4 packet is forwarded 460 to the egress CE. In the reverse direction IPv4 packets are 461 forwarded from the egress CE to egress PE where the VPN label 462 imposition per prefix, per-vrf, per-CE push occurs and the labeled 463 packet is forwarded back over the 4to6 softwire IPv6-Only core, to 464 the ingress PE where the VPN label disposition pop occurs and the 465 native IPv4 packet is forwarded to the ingress CE. . The 466 functionality of the IPv4 forwarding plane in this scenario is 467 identical from a data plane forwarding perspective to Dual Stack IPv4 468 forwarding scenario. 470 +--------+ +--------+ 471 | IPv4 | | IPv4 | 472 | Client | | Client | 473 | Network| | Network| 474 +--------+ +--------+ 475 | \ / | 476 | \ / | 477 | \ / | 478 | X | 479 | / \ | 480 | / \ | 481 | / \ | 482 +--------+ +--------+ 483 | AFBR | | AFBR | 484 +--| IPv4/6 |---| IPv4/6 |--+ 485 | +--------+ +--------+ | 486 +--------+ | | +--------+ 487 | IPv6 | | | | IPv6 | 488 | Client | | | | Client | 489 | Network|------| IPv6 |-------| Network| 490 +--------+ | only | +--------+ 491 | | 492 | +--------+ +--------+ | 493 +--| AFBR |---| AFBR |--+ 494 | IPv4/6 | | IPv4/6 | 495 +--------+ +--------+ 496 | \ / | 497 | \ / | 498 | \ / | 499 | X | 500 | / \ | 501 | / \ | 502 | / \ | 503 +--------+ +--------+ 504 | IPv4 | | IPv4 | 505 | Client | | Client | 506 | Network| | Network| 507 +--------+ +--------+ 509 Figure 6: 4to6 Softwire - IPv4 Edge over an IPv6-Only Core 511 4.4. RFC5549 and RFC8950 Applicability 513 4.4.1. IPv6-Only Edge Peering design next-hop encoding 515 This section describes [RFC8950] next hop encoding updates to 516 [RFC5549] applicability to this specification. IPv6-only eBGP Edge 517 PE-CE peering to carry IPv4 Unicast NLRI IPv4 <1/1> over 518 an IPv6 next hop BGP capability extended hop encoding IANA capability 519 codepoint value 5 defined is applicable to both [RFC5549] and 520 [RFC8950] as IPv4 Unicast NLRI IPv4 <1/1> does not change 521 in the RFC updates. 523 IPv4 packets over an IPv6-Only core 4to6 Softwire E2E packet flow is 524 part of the IPv6-Only design vendor interoperaiblity test cases and 525 in that respect is applicable as [RFC8950] updates [RFC5549] for 526 VPN-IPV4 <1/128>, and Multicasat VPN <1/129> 528 4.4.2. RFC8950 updates to RFC5549 applicability 530 This section describes the [RFC8950] next hop encoding updates to 531 [RFC5549] 533 In [RFC5549] when AFI/SAFI 1/128 is used, the next-hop address is 534 encoded as an IPv6 address with a length of 16 or 32 bytes. This 535 document modifies how the next-hop address is encoded to accommodate 536 all existing implementations and bring consistency with VPNv4oIPv4 537 and VPNv6oIPv6. The next-hop address is now encoded as a VPN-IPv6 538 address with a length of 24 or 48 bytes [RFC8950] (see Sections 3 and 539 6.2 of this document). This change addresses Erratum ID 5253 540 (Err5253). As all known and deployed implementations are 541 interoperable today and use the new proposed encoding, the change 542 does not break existing interoperability. Updates to [RFC8950] is 543 applicable to the IPv6-Only PE-CE edge design for the IPv6 next hop 544 encoding E2E test case of IPv4 packets over and IPv6-Only core 4to6 545 Softwire. In this test case IPv4 Unicast NLRI IPv4 <1/1> 546 is advertised over the PE to RR core peering 4to6 softwire in VPN-IPV4 <1/128>. In this test case label allocation mode 548 comes into play which is discussed in section 8.9. 550 [RFC5549] next hop encoding of MP_REACH_NLRI with: 552 o NLRI= NLRI as per current AFI/SAFI definition 554 Advertising with [RFC4760] MP_REACH_NLRI with: 556 o AFI = 1 558 o SAFI = 128 or 129 559 o Length of Next Hop Address = 16 or 32 561 o NLRI= NLRI as per current AFI/SAFI definition 563 [RFC8950] next hop encoding of MP_REACH_NLRI with: 565 o NLRI= NLRI as per current AFI/SAFI definition 567 Advertising with [RFC4760] MP_REACH_NLRI with: 569 o AFI = 1 571 o SAFI = 128 or 129 573 o Length of Next Hop Address = 24 or 48 575 o Next Hop Address = VPN-IPv6 address of next hop with an 8-octet RD 576 set to zero (potentially followed by the link-local VPN-IPv6 577 address of the next hop with an 8-octet RD is set to zero). 579 o NLRI= NLRI as per current AFI/SAFI definition 581 5. IPv6-Only Design Edge E2E Test Cases 583 Proof of conept interoperability testing of the 4 test cases between 584 the 5 vendors Cisco, Juniper, Arista, Nokia and Huawei. 586 5.1. Test-1 IPv6-Only PE-CE Global Table over IPv4-Only Core 588 ________ 589 IPv6-Only _____ / \ IPv6-Only 590 PE / CE / \__/ \___ PE / CE 591 +----+ +----+ / \ +------+ +-----+ 592 | | | | | |_ | | | | 593 | | | | | \ | | | | 594 | CE |--| PE |--\ IPv4-Only Core |----| PE |---| CE | 595 | | | | \0=========Underlay =======0| | | | | 596 +----+ +----+ \ __/ +------+ +-----+ 597 IPv6 BGP peer \ MPLS / SR domain / IPv6 BGP peer 598 IPv4 forwarding \__ __ / IPv4 forwarding 599 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 601 Figure 7: Test-1 E2E IPv6-Only PE-CE Global Table 6to4 Softwire 603 Cisco, Juniper, Arista, Nokia, Huawei code and platform and test 604 results. 606 Cisco: Edge Router- XR ASR 9910 IOS XR 7.4.1, Core Router- NCS 6000 607 7.2.2, CRS-X 6.7.4 609 Juniper: Edge Router- MX platform MX480, MX960, Core Router- PTX 610 Platform PTX5000, PTC10K8 (JUNOS and EVO) Release 20.4R2 612 Tested v4 edge over v6 core in a virtual setup using vMX platforrm 613 and 20.4R2 and LDPv6 as underlay, but there were some data plane 614 forwarding issues. Tested same setup on latest release 21.4 and it 615 worked. Investigating what the minimum version is for this setup to 616 work. 618 Arista: 620 Nokia: Edge and Core-7750 Service Router, Release R21 622 Huawei: Edge and Core-VRPv8, Release VRP-V800R020C10 624 5.2. Test-2 E2E IPv6-Only PE-CE VPN over IPv4-Only Core 626 ________ 627 IPv6-Only _____ / \ IPv6-Only 628 PE / CE / \__/ \___ PE / CE 629 +----+ +----+ / \ +------+ +-----+ 630 | | | | | 0====VPN Overlay Tunnel ==0| | | | | 631 | | | | | \ | | | | 632 | CE |--| PE |--\ IPv4-Only Core |----| PE |---| CE | 633 | | | | \0=========Underlay =======0| | | | | 634 +----+ +----+ \ __/ +------+ +-----+ 635 IPv6 BGP peer \ MPLS / SR domain / IPv6 BGP peer 636 IPv4 forwarding \__ __ / IPv4 forwarding 637 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 639 Figure 8: Test-2 E2E IPv6-Only PE-CE Design VPN 6to4 Softwire 641 Cisco, Juniper, Arista, Nokia, Huawei code and platform and test 642 results. 644 Cisco: Edge Router- XR ASR 9910 IOS XR 7.4.1, Core Router- NCS 6000 645 7.2.2, CRS-X 6.7.4 646 Juniper: Edge Router- MX platform MX480, MX960, Core Router- PTX 647 Platform PTX5000, PTC10K8 (JUNOS and EVO) Release 20.4R2 649 Tested v4 edge over v6 core in a virtual setup using vMX platforrm 650 and 20.4R2 and LDPv6 as underlay, but there were some data plane 651 forwarding issues. Tested same setup on latest release 21.4 and it 652 worked. Investigating what the minimum version is for this setup to 653 work. 655 Arista: 657 Nokia: Edge and Core-7750 Service Router, Release R21 659 Huawei: Edge and Core-VRPv8, Release VRP-V800R020C10 661 5.3. Test-3 IPv6-Only PE-CE Global Table over IPv6-Only Core 663 ________ 664 IPv6-Only _____ / \ IPv6-Only 665 PE / CE / \__/ \___ PE / CE 666 +----+ +----+ / \ +------+ +-----+ 667 | | | | | |_ | | | | 668 | | | | | \ | | | | 669 | CE |--| PE |--\ IPv6-Only Core |----| PE |---| CE | 670 | | | | \0=========Underlay =======0| | | | | 671 +----+ +----+ \ __/ +------+ +-----+ 672 IPv6 BGP peer \ MPLS / SR domain / IPv6 BGP peer 673 IPv4 forwarding \__ __ / IPv4 forwarding 674 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 676 Figure 9: Test-3 E2E IPv6-Only PE-CE Global Table 4to6 Softwire 678 Cisco, Juniper, Arista, Nokia, Huawei code and platform and test 679 results. 681 Cisco: Edge Router- XR ASR 9910 IOS XR 7.4.1, Core Router- NCS 6000 682 7.2.2, CRS-X 6.7.4 684 Juniper: Edge Router- MX platform MX480, MX960, Core Router- PTX 685 Platform PTX5000, PTC10K8 (JUNOS and EVO) Release 20.4R2 687 Tested v4 edge over v6 core in a virtual setup using vMX platforrm 688 and 20.4R2 and LDPv6 as underlay, but there were some data plane 689 forwarding issues. Tested same setup on latest release 21.4 and it 690 worked. Investigating what the minimum version is for this setup to 691 work. 693 Arista: 695 Nokia: Edge and Core-7750 Service Router, Release R21 697 Huawei: Edge and Core-VRPv8, Release VRP-V800R020C10 699 5.4. Test-4 IPv6-Only PE-CE VPN over IPv6-Only Core 701 ________ 702 IPv6-Only _____ / \ IPv6-Only 703 PE / CE / \__/ \___ PE / CE 704 +----+ +----+ / \ +------+ +-----+ 705 | | | | | 0====VPN Overlay Tunnel ==0| | | | | 706 | | | | | \ | | | | 707 | CE |--| PE |--\ IPv6-Only Core |----| PE |---| CE | 708 | | | | \0=========Underlay =======0| | | | | 709 +----+ +----+ \ __/ +------+ +-----+ 710 IPv6 BGP peer \ MPLS / SR domain / IPv6 BGP peer 711 IPv4 forwarding \__ __ / IPv4 forwarding 712 IPv6 forwarding \_______/ \_____/ IPv6 forwarding 714 Figure 10: Test-4 E2E IPv6-Only PE-CE VPN 4to6 Softwire 716 Cisco, Juniper, Arista, Nokia, Huawei code and platform and test 717 results. 719 Cisco: Edge Router- XR ASR 9910 IOS XR 7.4.1, Core Router- NCS 6000 720 7.2.2, CRS-X 6.7.4 722 Juniper: Edge Router- MX platform MX480, MX960, Core Router- PTX 723 Platform PTX5000, PTC10K8 (JUNOS and EVO) Release 20.4R2 725 Tested v4 edge over v6 core in a virtual setup using vMX platforrm 726 and 20.4R2 and LDPv6 as underlay, but there were some data plane 727 forwarding issues. Tested same setup on latest release 21.4 and it 728 worked. Investigating what the minimum version is for this setup to 729 work. 731 Arista: 733 Nokia: Edge and Core-7750 Service Router, Release R21 734 Huawei: Edge and Core-VRPv8, Release VRP-V800R020C10 736 5.5. IPv6-Only PE-CE Operational Considerations Testing 738 Ping CE to PE when destination prefix is withdrawn 739 Traceroute CE to PE and test all ICMPv4 and ICMPv6 type codes 741 +-------+ +-------+ 742 | | IPv6 Only | | 743 | CE |----------------| PE | 744 | | IPv6 BGP Peer | | 745 +-------+ +-------+ 746 IPv4 forwarding IPv4 forwarding 747 IPv6 forwarding IPv6 forwarding 749 Figure 11: Ping and Trace Test Case 751 Cisco, Juniper, Arista, Nokia, Huawei code and platform and test 752 results. 754 Cisco: Edge Router- XR ASR 9910 IOS XR 7.4.1, Core Router- NCS 6000 755 7.2.2, CRS-X 6.7.4 757 Juniper: Edge Router- MX platform MX480, MX960, Core Router- PTX 758 Platform PTX5000, PTC10K8 (JUNOS and EVO) Release 20.4R2 760 Tested v4 edge over v6 core in a virtual setup using vMX platforrm 761 and 20.4R2 and LDPv6 as underlay, but there were some data plane 762 forwarding issues. Tested same setup on latest release 21.4 and it 763 worked. Investigating what the minimum version is for this setup to 764 work. 766 Arista: 768 Nokia: Edge and Core-7750 Service Router, Release R21 770 Huawei: Edge and Core-VRPv8, Release VRP-V800R020C10 772 6. Operational Considerations 774 With a single IPv6 Peer carrying both IPv4 and IPv6 NLRI there are 775 some operational considerations in terms of what changes and what 776 does not change. 778 What does not change with a single IPv6 transport peer carrying IPv4 779 NLRI and IPv6 NLRI below: 781 Routing Policy configuration is still separate for IPv4 and IPv6 782 configured by capability as previously. 784 Layer 1, Layer 2 issues such as one-way fiber or fiber cut will 785 impact both IPv4 and IPv6 as previously. 787 If the interface is in the Admin Down state, the IPv6 peer would go 788 down, and IPv4 NLRI and IPv6 NLRI would be withdrawn as previously. 790 Changes resulting from a single IPv6 transport peer carrying IPv4 791 NLRI and IPv6 NLRI below: 793 Physical interface is no longer dual stacked. 795 Any change in IPv6 address or DAD state will impact both IPv4 and 796 IPv6 NLRI exchange. 798 Single BFD session for both IPv4 and IPv6 NLRI fate sharing as the 799 session is now tied to the transport, which now is only IPv6 address 800 family. 802 Both IPv4 and IPv6 peer now exists under the IPv6 address family 803 configuration. 805 Fate sharing of IPv4 and IPv6 address family from a logical 806 perspective now carried over a single physical IPv6 peer. 808 From an operations perspective, prior to elimination of IPv4 peers, 809 an audit is recommended to identify and IPv4 and IPv6 peering 810 incongruencies that may exist and to rectify them. No operational 811 impacts or issues are expected with this change. 813 With MPLS VPN overlay, per-CE next-hop label allcoation mode where 814 both IPv4 and IPv6 prefixes have the same label in no table lookup 815 pop-n-forward mode should be taken into consideration. 817 7. IANA Considerations 819 There are not any IANA considerations. 821 8. Security Considerations 823 The extensions defined in this document allow BGP to propagate 824 reachability information about IPv4 prefixes over an MPLS or SR 825 IPv6-Only core network. As such, no new security issues are raised 826 beyond those that already exist in BGP-4 and the use of MP-BGP for 827 IPv6. Both IPv4 and IPv6 peers exist under the IPv6 address family 828 configuration. The security features of BGP and corresponding 829 security policy defined in the ISP domain are applicable. For the 830 inter-AS distribution of IPv6 routes according to case (a) of 831 Section 4 of this document, no new security issues are raised beyond 832 those that already exist in the use of eBGP for IPv6 [RFC2545]. 834 9. Acknowledgments 836 Thanks to Kaliraj Vairavakkalai, Linda Dunbar, Aijun Wang, Eduardfor 837 Vasilenko, Joel Harlpern, Michael McBride, Ketan Talaulikar for 838 review comments. 840 10. Contributors 842 The following people contributed substantive text to this document: 844 Mohana Sundari 845 EMail: mohanas@juniper.net 847 11. References 849 11.1. Normative References 851 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 852 Requirement Levels", BCP 14, RFC 2119, 853 DOI 10.17487/RFC2119, March 1997, 854 . 856 [RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol 857 Extensions for IPv6 Inter-Domain Routing", RFC 2545, 858 DOI 10.17487/RFC2545, March 1999, 859 . 861 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 862 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 863 2006, . 865 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 866 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 867 2006, . 869 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 870 "Multiprotocol Extensions for BGP-4", RFC 4760, 871 DOI 10.17487/RFC4760, January 2007, 872 . 874 [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement 875 with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February 876 2009, . 878 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 879 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 880 May 2017, . 882 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 883 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 884 . 886 11.2. Informative References 888 [I-D.ietf-idr-dynamic-cap] 889 Chen, E. and S. R. Sangli, "Dynamic Capability for BGP-4", 890 draft-ietf-idr-dynamic-cap-14 (work in progress), December 891 2011. 893 [RFC4659] De Clercq, J., Ooms, D., Carugi, M., and F. Le Faucheur, 894 "BGP-MPLS IP Virtual Private Network (VPN) Extension for 895 IPv6 VPN", RFC 4659, DOI 10.17487/RFC4659, September 2006, 896 . 898 [RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, 899 R., Patel, K., and J. Guichard, "Constrained Route 900 Distribution for Border Gateway Protocol/MultiProtocol 901 Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual 902 Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684, 903 November 2006, . 905 [RFC4798] De Clercq, J., Ooms, D., Prevost, S., and F. Le Faucheur, 906 "Connecting IPv6 Islands over IPv4 MPLS Using IPv6 907 Provider Edge Routers (6PE)", RFC 4798, 908 DOI 10.17487/RFC4798, February 2007, 909 . 911 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 912 Durand, Ed., "Softwire Problem Statement", RFC 4925, 913 DOI 10.17487/RFC4925, July 2007, 914 . 916 [RFC5549] Le Faucheur, F. and E. Rosen, "Advertising IPv4 Network 917 Layer Reachability Information with an IPv6 Next Hop", 918 RFC 5549, DOI 10.17487/RFC5549, May 2009, 919 . 921 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 922 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 923 . 925 [RFC6074] Rosen, E., Davie, B., Radoaca, V., and W. Luo, 926 "Provisioning, Auto-Discovery, and Signaling in Layer 2 927 Virtual Private Networks (L2VPNs)", RFC 6074, 928 DOI 10.17487/RFC6074, January 2011, 929 . 931 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 932 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 933 2012, . 935 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 936 Encodings and Procedures for Multicast in MPLS/BGP IP 937 VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, 938 . 940 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 941 Writing an IANA Considerations Section in RFCs", BCP 26, 942 RFC 8126, DOI 10.17487/RFC8126, June 2017, 943 . 945 [RFC8950] Litkowski, S., Agrawal, S., Ananthamurthy, K., and K. 946 Patel, "Advertising IPv4 Network Layer Reachability 947 Information (NLRI) with an IPv6 Next Hop", RFC 8950, 948 DOI 10.17487/RFC8950, November 2020, 949 . 951 Authors' Addresses 953 Gyan Mishra 954 Verizon Inc. 956 Email: gyan.s.mishra@verizon.com 958 Mankamana Mishra 959 Cisco Systems 960 821 Alder Drive, 961 MILPITAS CALIFORNIA 95035 963 Email: mankamis@cisco.com 964 Jeff Tantsura 965 Microsoft, Inc. 967 Email: jefftant.ietf@gmail.com 969 Sudha Madhavi 970 Juniper Networks, Inc. 972 Email: smadhavi@juniper.net 974 Qing Yang 975 Arista Networks 977 Email: qyang@arista.com 979 Adam Simpson 980 Nokia 982 Email: adam.1.simpson@nokia.com 984 Shuanglong Chen 985 Huawei Technologies 987 Email: chenshuanglong@huawei.com