idnits 2.17.1 draft-ietf-idr-bgp-ls-sr-service-segments-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 24, 2022) is 732 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-14) exists of draft-ietf-idr-bgpls-srv6-ext-09 == Outdated reference: A later version (-09) exists of draft-ietf-spring-sr-service-programming-05 ** Obsolete normative reference: RFC 7752 (Obsoleted by RFC 9552) == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-17 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Inter-Domain Routing G. Dawra, Ed. 3 Internet-Draft LinkedIn 4 Intended status: Standards Track C. Filsfils 5 Expires: October 26, 2022 Cisco Systems 6 K. Talaulikar, Ed. 7 Arrcus Inc 8 F. Clad 9 Cisco Systems 10 D. Bernier 11 Bell Canada 12 J. Uttaro 13 AT&T 14 B. Decraene 15 Orange 16 H. Elmalky 17 Ericsson 18 X. Xu 19 Capitalonline 20 J. Guichard 21 Futurewei Technologies 22 C. Li 23 Huawei Technologies 24 April 24, 2022 26 BGP-LS Advertisement of Segment Routing Service Segments 27 draft-ietf-idr-bgp-ls-sr-service-segments-01 29 Abstract 31 Service functions are deployed as, physical or virtualized elements 32 along with network nodes or on servers in data centers. Segment 33 Routing (SR) brings in the concept of segments which can be 34 topological or service instructions. Service segments are SR 35 segments that are associated with service functions. SR Policies are 36 used for the setup of paths for steering of traffic through service 37 functions using their service segments. 39 BGP Link-State (BGP-LS) enables distribution of topology information 40 from the network to a controller or an application in general so it 41 can learn the network topology. This document specifies the 42 extensions to BGP-LS for the advertisement of service functions along 43 their associated service segments. The BGP-LS advertisement of 44 service function information along with the network nodes that they 45 are attached to, or associated with, enables controllers compute and 46 setup service paths in the network. 48 Status of This Memo 50 This Internet-Draft is submitted in full conformance with the 51 provisions of BCP 78 and BCP 79. 53 Internet-Drafts are working documents of the Internet Engineering 54 Task Force (IETF). Note that other groups may also distribute 55 working documents as Internet-Drafts. The list of current Internet- 56 Drafts is at https://datatracker.ietf.org/drafts/current/. 58 Internet-Drafts are draft documents valid for a maximum of six months 59 and may be updated, replaced, or obsoleted by other documents at any 60 time. It is inappropriate to use Internet-Drafts as reference 61 material or to cite them other than as "work in progress." 63 This Internet-Draft will expire on October 26, 2022. 65 Copyright Notice 67 Copyright (c) 2022 IETF Trust and the persons identified as the 68 document authors. All rights reserved. 70 This document is subject to BCP 78 and the IETF Trust's Legal 71 Provisions Relating to IETF Documents 72 (https://trustee.ietf.org/license-info) in effect on the date of 73 publication of this document. Please review these documents 74 carefully, as they describe your rights and restrictions with respect 75 to this document. Code Components extracted from this document must 76 include Simplified BSD License text as described in Section 4.e of 77 the Trust Legal Provisions and are provided without warranty as 78 described in the Simplified BSD License. 80 Table of Contents 82 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 83 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 84 2. BGP-LS Extensions for Service Chaining . . . . . . . . . . . 4 85 3. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 7 86 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 87 4.1. Service Type Table . . . . . . . . . . . . . . . . . . . 7 88 4.2. Segment routing function Identifier(SFI) . . . . . . . . 8 89 5. Manageability Considerations . . . . . . . . . . . . . . . . 8 90 6. Operational Considerations . . . . . . . . . . . . . . . . . 8 91 6.1. Operations . . . . . . . . . . . . . . . . . . . . . . . 9 92 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 93 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 94 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 95 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 96 9.2. Informative References . . . . . . . . . . . . . . . . . 10 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 99 1. Introduction 101 Segments are introduced in the SR architecture [RFC8402]. Segment 102 Routing based Service chaining is well described in 103 [I-D.ietf-spring-sr-service-programming] with an example of network 104 and services. 106 This document extend the example to add a Segment Routing Controller 107 (SR-C) to the network, for the purpose of service discovery and SR 108 policy [I-D.ietf-spring-segment-routing-policy] instantiation. 110 Consider the network represented in Figure 1 below where: 112 o A and B are two end hosts using IPv4. 114 o S1 is an SR-aware firewall Service. 116 o S2 is an SR-unaware DPI Service. 118 SR-C --3-- 119 / \ 120 / \ 121 A----1----2----4----5----6----B 122 | | 123 | | 124 S1 S2 126 Figure 1: Network with Services 128 SR Controller (SR-C) is connected to the network. 130 SR-C can receive BGP-LS updates to discover topology, and calculate 131 constrained paths between nodes 1 and 6. 133 However, if SR-C is configured to compute a constrained path from 1 134 and 6, including a DPI service (i.e., S2) it is not yet possible due 135 to the lack of service distribution. SR-C does not know where a DPI 136 service is nor the SID for it. It does not know that S2 is a service 137 it needs. 139 This document proposes an extension to BGP-LS for Service Chaining to 140 distribute the service information to SR-C. There may be other 141 alternate mechanisms to distribute service information to SR-C and 142 are outside the scope of this document. There are no extensions 143 required in SR-TE Policy SAFI. 145 1.1. Requirements Language 147 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 148 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 149 "OPTIONAL" in this document are to be interpreted as described in BCP 150 14 [RFC2119] [RFC8174] when, and only when, they appear in all 151 capitals, as shown here. 153 2. BGP-LS Extensions for Service Chaining 155 For an attached service, following data needs to be shared with SR-C: 157 o Service SID value (e.g. MPLS label or IPv6 address). Service SID 158 MAY be encoded as LOC:FUNCT:ARG as specified in [RFC8986]. 160 o Function Identifier (Static Proxy, Dynamic Proxy, Shared Memory 161 Proxy, Masquerading Proxy, SR Aware Service etc.). 163 o Service Type (DPI, Firewall, Classifier, LB etc.). 165 o Traffic Type (IPv4 OR IPv6 OR Ethernet) 167 o Opaque Data (Such as brand and version, other extra information) 169 [I-D.ietf-spring-sr-service-programming] defines SR-aware and SR- 170 unaware services. This document will reuse these definitions. Per 171 [RFC7752] Node Attributes are ONLY associated with the Node NLRI. 172 All non-VPN information SHALL be encoded using AFI 16388 / SAFI 71. 173 VPN information SHALL be encoded using AFI 16388 / SAFI 72 with 174 associated RTs. 176 This document introduces new TLVs for the SRv6 SID NLRI 177 [I-D.ietf-idr-bgpls-srv6-ext] and SR-MPLS SID/Label TLV [RFC9085] to 178 associate the Service SID value with Service-related Information 179 using Service Chaining(SC) Sub-TLV. 181 SRv6 SID Information TLV [I-D.ietf-idr-bgpls-srv6-ext] encodes 182 behavior along with associated SID Flags. 184 A Service Chaining (SC) TLV in Figure 2 is defined as: 186 +---------------------------------------+ 187 | Type (2 octet) | 188 +---------------------------------------+ 189 | Length (2 octet) | 190 +---------------------------------------+ 191 | Service Type (ST) (2 octet) | 192 +---------------------------------------+ 193 | Flags (1 octet) | 194 +---------------------------------------+ 195 | Traffic Type (1 octet) | 196 +---------------------------------------+ 197 | RESERVED (2 octet) | 198 +---------------------------------------+ 200 Figure 2: Service Chaining (SC) TLV 202 Where: 204 Type: 16 bit field. TBD 206 Length: 16 bit field. The total length of the value portion of 207 the TLV. 209 Service Type(ST): 16bit field. Service Type: categorizes the 210 Service: (such as "Firewall", "Classifier" etc.). 212 Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 213 ignored on reception. 215 Traffic Type: 8 Bit field. A bit to identify if Service is IPv4 216 OR IPv6 OR L2 Ethernet Capable. Where: 218 Bit 0(LSB): Set to 1 if Service is IPv4 Capable 220 Bit 1: Set to 1 if Service is IPv6 Capable 222 Bit 2: Set to 1 if Service is Ethernet Capable 224 RESERVED: 16bit field. SHOULD be 0 on transmission and MUST be 225 ignored on reception. 227 Service Type(ST) MUST be encoded as part of SC TLV. 229 There may be multiple instances of similar Services that need to be 230 distinguished. For example, firewalls made by different vendors A 231 and B may need to be identified differently because, while they have 232 similar functionality, their behavior is not identical. 234 In order for the SDN Controller to identify the categories of 235 Services and their associated SIDs, this section defines the BGP-LS 236 extensions required to encode these characteristics and other 237 relevant information about these Services. 239 Another Optional Opaque Metadata(OM) TLV of SRv6 SID NLRI may encode 240 vendor specific information. Multiple of OM TLVs may be encoded. 242 +---------------------------------------+ 243 | Type (2 octet) | 244 +---------------------------------------+ 245 | Length (2 octet) | 246 +---------------------------------------+ 247 | Opaque Type (2 octet) | 248 +---------------------------------------+ 249 | Flags (1 octet) | 250 +---------------------------------------+ 251 | Value (variable) | 252 +---------------------------------------+ 254 Figure 3: Opaque Metadata(OM) TLV 256 o Type: 16 bit field. TBD. 258 o Length: 16 bit field. The total length of the value portion of 259 the TLV. 261 o Opaque Type: 8-bit field. Only publishers and consumers of the 262 opaque data are supposed to understand the data. 264 o Flags: 8 bit field. Bits SHOULD be 0 on transmission and MUST be 265 ignored on reception. 267 o Value: Variable Length. Based on the data being encoded and 268 length is recorded in length field. 270 Opaque Metadata(OM) TLV defined in Figure 3 may encode propriety or 271 Service Opaque information such as: 273 o Vendor specific Service Information. 275 o Traffic Limiting Information to particular Service Type. 277 o Opaque Information unique to the Service. 279 o Propriety Enterprise Service specific Information. 281 3. Illustration 283 In our SRv6 example above Figure 1, Node 5 is configured with an SRv6 284 dynamic proxy segments (End.AD) C5::AD:F2 for S2. 286 The BGP-LS advertisement MUST include SRv6 SID NLRI with SRv6 SID 287 Information TLV in the BGP-LS Attribute: 289 o Service SID: C5::AD:F2 SID 291 o Endpoint Behavior: END.AD 293 The BGP-LS Attribute MUST contain a SC TLV with: 295 o Service Type: Deep Packet Inspection(DPI) 297 o Traffic Type: IPv4 Capable. 299 The BGP-LS Attribute MAY contain a OM TLV with: 301 o Opaque Type: Cisco DPI Version 303 o Value: 3.5 305 In our example in Figure 1, using BGP SR-TE SAFI Update 306 [I-D.ietf-idr-segment-routing-te-policy], SR Controller computes the 307 candidate path and pushes the Policy. 309 SRv6 encapsulation policy < CF1::, C3::, C5::AD:F2, C6::D4:B > is 310 signaled to Node 1 which has mix of service and topological segments. 312 4. IANA Considerations 314 This document requests assigning code-points from the registry "BGP- 315 LS Node Descriptor, Link Descriptor, Prefix Descriptor, and Attribute 316 TLVs". 318 4.1. Service Type Table 320 IANA is request to create a new top-level registry called "Service 321 Type Table (STT)". Valid values are in the range 0 to 65535. Values 322 0 and 65535 are to be marked "Reserved, not to be allocated". 324 +------------+-----------------------+------------+-------------+ 325 | Service | Service | Reference | Date | 326 | Value(TBD) | | | | 327 +------------+-----------------------+------------+-------------+ 328 | 32 | Classifier | ref-to-set | date-to-set | 329 +------------+-----------------------+------------+-------------+ 330 | 33 | Firewall | ref-to-set | date-to-set | 331 +------------+-----------------------+------------+-------------+ 332 | 34 | Load Balancer | ref-to-set | date-to-set | 333 +------------+-----------------------+------------+-------------+ 334 | 35 | DPI | ref-to-set | date-to-set | 335 +------------+-----------------------+------------+-------------+ 337 Figure 4 339 4.2. Segment routing function Identifier(SFI) 341 IANA is request to extend a top-level registry called "Segment 342 Routing Function Identifier(SFI)" with new code points. This 343 document extends the SFI values defined in 344 [I-D.ietf-idr-bgpls-srv6-ext]. Details about the Service functions 345 are defined in[I-D.ietf-spring-sr-service-programming]. 347 +--------------------------+---------------------------+ 348 | Function | Function Identifier | 349 | | | 350 +--------------------------+---------------------------+ 351 | Static Proxy | 8 | 352 +--------------------------+---------------------------+ 353 | Dynamic Proxy | 9 | 354 +--------------------------+---------------------------+ 355 | Shared Memory Proxy | 10 | 356 +--------------------------+---------------------------+ 357 | Masquerading Proxy | 11 | 358 +--------------------------+---------------------------+ 359 | SRv6 Aware Service | 12 | 360 +--------------------------+---------------------------+ 362 5. Manageability Considerations 364 This section is structured as recommended in[RFC5706] 366 6. Operational Considerations 367 6.1. Operations 369 Existing BGP and BGP-LS operational procedures apply. No additional 370 operation procedures are defined in this document. 372 7. Security Considerations 374 Procedures and protocol extensions defined in this document do not 375 affect the BGP security model. See the 'Security Considerations' 376 section of [RFC4271] for a discussion of BGP security. Also refer 377 to[RFC4272] and[RFC6952] for analysis of security issues for BGP. 379 8. Acknowledgements 381 The authors would like to thank Krishnaswamy Ananthamurthy for his 382 review of this document. 384 9. References 386 9.1. Normative References 388 [I-D.ietf-idr-bgpls-srv6-ext] 389 Dawra, G., Filsfils, C., Talaulikar, K., Chen, M., 390 Bernier, D., and B. Decraene, "BGP Link State Extensions 391 for SRv6", draft-ietf-idr-bgpls-srv6-ext-09 (work in 392 progress), November 2021. 394 [I-D.ietf-spring-sr-service-programming] 395 Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C., 396 Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and 397 S. Salsano, "Service Programming with Segment Routing", 398 draft-ietf-spring-sr-service-programming-05 (work in 399 progress), September 2021. 401 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 402 Requirement Levels", BCP 14, RFC 2119, 403 DOI 10.17487/RFC2119, March 1997, 404 . 406 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 407 S. Ray, "North-Bound Distribution of Link-State and 408 Traffic Engineering (TE) Information Using BGP", RFC 7752, 409 DOI 10.17487/RFC7752, March 2016, 410 . 412 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 413 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 414 May 2017, . 416 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 417 Decraene, B., Litkowski, S., and R. Shakir, "Segment 418 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 419 July 2018, . 421 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, 422 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 423 (SRv6) Network Programming", RFC 8986, 424 DOI 10.17487/RFC8986, February 2021, 425 . 427 [RFC9085] Previdi, S., Talaulikar, K., Ed., Filsfils, C., Gredler, 428 H., and M. Chen, "Border Gateway Protocol - Link State 429 (BGP-LS) Extensions for Segment Routing", RFC 9085, 430 DOI 10.17487/RFC9085, August 2021, 431 . 433 9.2. Informative References 435 [I-D.ietf-idr-segment-routing-te-policy] 436 Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., 437 Jain, D., and S. Lin, "Advertising Segment Routing 438 Policies in BGP", draft-ietf-idr-segment-routing-te- 439 policy-17 (work in progress), April 2022. 441 [I-D.ietf-spring-segment-routing-policy] 442 Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and 443 P. Mattes, "Segment Routing Policy Architecture", draft- 444 ietf-spring-segment-routing-policy-22 (work in progress), 445 March 2022. 447 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 448 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 449 DOI 10.17487/RFC4271, January 2006, 450 . 452 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 453 RFC 4272, DOI 10.17487/RFC4272, January 2006, 454 . 456 [RFC5706] Harrington, D., "Guidelines for Considering Operations and 457 Management of New Protocols and Protocol Extensions", 458 RFC 5706, DOI 10.17487/RFC5706, November 2009, 459 . 461 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 462 BGP, LDP, PCEP, and MSDP Issues According to the Keying 463 and Authentication for Routing Protocols (KARP) Design 464 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 465 . 467 Authors' Addresses 469 Gaurav Dawra (editor) 470 LinkedIn 471 USA 473 Email: gdawra.ietf@gmail.com 475 Clarence Filsfils 476 Cisco Systems 477 Belgium 479 Email: cfilsfil@cisco.com 481 Ketan Talaulikar (editor) 482 Arrcus Inc 483 India 485 Email: ketant.ietf@gmail.com 487 Francois Clad 488 Cisco Systems 489 France 491 Email: fclad@cisco.com 493 Daniel Bernier 494 Bell Canada 495 Canada 497 Email: daniel.bernier@bell.ca 499 Jim Uttaro 500 AT&T 501 USA 503 Email: ju1738@att.com 504 Bruno Decraene 505 Orange 506 France 508 Email: bruno.decraene@orange.com 510 Hani Elmalky 511 Ericsson 512 USA 514 Email: hani.elmalky@gmail.com 516 Xiaohu Xu 517 Capitalonline 519 Email: xiaohu.xu@capitalonline.net 521 Jim Guichard 522 Futurewei Technologies 523 USA 525 Email: james.n.guichard@futurewei.com 527 Cheng Li 528 Huawei Technologies 529 China 531 Email: chengli13@huawei.com