idnits 2.17.1 draft-ietf-idr-bgp-prefix-sid-25.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 15, 2018) is 2142 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-mpls-14 == Outdated reference: A later version (-26) exists of draft-ietf-6man-segment-routing-header-13 == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-08 == Outdated reference: A later version (-19) exists of draft-ietf-idr-bgpls-segment-routing-epe-15 == Outdated reference: A later version (-11) exists of draft-ietf-spring-segment-routing-msdc-09 -- Obsolete informational reference (is this intentional?): RFC 7752 (Obsoleted by RFC 9552) Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR S. Previdi 3 Internet-Draft C. Filsfils 4 Intended status: Standards Track A. Lindem, Ed. 5 Expires: December 17, 2018 Cisco Systems 6 A. Sreekantiah 8 H. Gredler 9 RtBrick Inc. 10 June 15, 2018 12 Segment Routing Prefix SID extensions for BGP 13 draft-ietf-idr-bgp-prefix-sid-25 15 Abstract 17 The Segment Routing (SR) architecture allows a node to steer a packet 18 flow through any topological path and service chain by leveraging 19 source routing. The ingress node prepends an SR header to a packet 20 containing a set of segment identifiers (SID). Each SID represents a 21 topological or a service-based instruction. Per-flow state is 22 maintained only on the ingress node of the SR domain. An SR domain 23 is defined as a single administrative domain for global SID 24 assignment. 26 This document defines an optional, transitive BGP attribute for 27 announcing BGP Prefix Segment Identifiers (BGP Prefix-SID) 28 information the specification for SR-MPLS SIDs. 30 Requirements Language 32 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 33 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 34 "OPTIONAL" in this document are to be interpreted as described in BCP 35 14 [RFC2119] [RFC8174] when, and only when, they appear in all 36 capitals, as shown here. 38 Status of This Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at http://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on December 17, 2018. 55 Copyright Notice 57 Copyright (c) 2018 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents 62 (http://trustee.ietf.org/license-info) in effect on the date of 63 publication of this document. Please review these documents 64 carefully, as they describe your rights and restrictions with respect 65 to this document. Code Components extracted from this document must 66 include Simplified BSD License text as described in Section 4.e of 67 the Trust Legal Provisions and are provided without warranty as 68 described in the Simplified BSD License. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 2. MPLS BGP Prefix SID . . . . . . . . . . . . . . . . . . . . . 4 74 3. BGP Prefix-SID Attribute . . . . . . . . . . . . . . . . . . 5 75 3.1. Label-Index TLV . . . . . . . . . . . . . . . . . . . . . 6 76 3.2. Originator SRGB TLV . . . . . . . . . . . . . . . . . . . 6 77 4. Receiving BGP Prefix-SID Attribute . . . . . . . . . . . . . 8 78 4.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 8 79 5. Advertising BGP Prefix-SID Attribute . . . . . . . . . . . . 9 80 5.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 10 81 6. Error Handling of BGP Prefix-SID Attribute . . . . . . . . . 10 82 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 83 8. Manageability Considerations . . . . . . . . . . . . . . . . 12 84 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13 85 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13 86 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 87 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 88 12.1. Normative References . . . . . . . . . . . . . . . . . . 14 89 12.2. Informative References . . . . . . . . . . . . . . . . . 15 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 92 1. Introduction 94 The Segment Routing (SR) architecture leverages the source routing 95 paradigm. A group of inter-connected nodes that use SR forms an SR 96 domain. A segment represents either a topological instruction such 97 as "go to prefix P following shortest path" or a service instruction. 98 Other types of segments may be defined in the future. 100 A segment is identified through a Segment Identifier (SID). An SR 101 domain is defined as a single administrative domain for global SID 102 assignment. It may be comprised of a single Autonomous System (AS) 103 or multiple ASes under consolidated global SID administration. 104 Typically, the ingress node of the SR domain prepends an SR header 105 containing segments identifiers (SIDs) to an incoming packet. 107 As described in [I-D.ietf-spring-segment-routing], when SR is applied 108 to the MPLS dataplane ([I-D.ietf-spring-segment-routing-mpls]), the 109 SID consists of a label. 111 [I-D.ietf-spring-segment-routing] also describes how segment routing 112 can be applied to an IPv6 dataplane (SRv6) using an IPv6 routing 113 header containing a stack of SR SIDs encoded as IPv6 addresses 114 [I-D.ietf-6man-segment-routing-header]. The applicability and 115 support for Segment Routing over IPv6 is beyond the scope of this 116 document. 118 A BGP-Prefix Segment is a BGP prefix with a Prefix-SID attached. A 119 BGP Prefix-SID is always a global SID 120 ([I-D.ietf-spring-segment-routing]) within the SR domain (i.e., the 121 set of Autonomous Systems under a common administration and control 122 and where SR is used) and identifies an instruction to forward the 123 packet over the Equal-Cost Multi-Path (ECMP) best-path computed by 124 BGP to the related prefix. The BGP Prefix-SID is the identifier of 125 the BGP prefix segment. In this document, we always refer to the BGP 126 segment by the BGP Prefix-SID. 128 This document describes the BGP extension to signal the BGP Prefix- 129 SID. Specifically, this document defines a BGP attribute known as 130 the BGP Prefix-SID attribute and specifies the rules to originate, 131 receive, and handle error conditions for the attribute. 133 The BGP Prefix-SID attribute defined in this document can be attached 134 to prefixes from Multiprotocol BGP IPv4/IPv6 Labeled Unicast 135 ([RFC4760], [RFC8277]). Usage of the BGP Prefix-SID attribute for 136 other Address Family Identifier (AFI)/ Subsequent Address Family 137 Identifier (SAFI) combinations is not defined herein but may be 138 specified in future specifications. 140 [I-D.ietf-spring-segment-routing-msdc] describes example use cases 141 where the BGP Prefix-SID is used for the above AFI/SAFI combinations. 143 It should be noted that: 145 o A BGP Prefix-SID MAY be global across ASes when the interconnected 146 ASes agree on the SID allocation scheme. Alternatively, when 147 interconnecting ASes, the ASBRs of each domain will have to handle 148 the advertisement of unique SIDs. The mechanisms for such 149 interconnection are outside the scope of the protocol extensions 150 defined in this document. 152 o A BGP Prefix-SID MAY be attached to a prefix. This implies that 153 each prefix is advertised individually, reducing the ability to 154 pack BGP advertisements (when sharing common attributes). 156 2. MPLS BGP Prefix SID 158 The BGP Prefix-SID is realized on the MPLS dataplane 159 ([I-D.ietf-spring-segment-routing-mpls]) in the following way: 161 The operator assigns a globally unique label index, L_I, to a 162 locally originated prefix of a BGP speaker N which is advertised 163 to all other BGP speakers in the SR domain. 165 According to [I-D.ietf-spring-segment-routing], each BGP speaker 166 is configured with a label block called the Segment Routing Global 167 Block (SRGB). While [I-D.ietf-spring-segment-routing] recommends 168 using the same SRGB across all the nodes within the SR domain, the 169 SRGB of a node is a local property and could be different on 170 different speakers. The drawbacks of the use case where BGP 171 speakers have different SRGBs are documented in 172 [I-D.ietf-spring-segment-routing] and 173 [I-D.ietf-spring-segment-routing-msdc]. 175 If traffic-engineering within the SR domain is required, each node 176 may also be required to advertise topological information and 177 Peering SIDs for each of its links and peers. This information is 178 required to perform the explicit path computation and to express 179 an explicit path as a list of SIDs. The advertisement of 180 topological information and peer segments (Peer SIDs) is done 181 through [I-D.ietf-idr-bgpls-segment-routing-epe]. 183 If a prefix segment is to be included in an MPLS label stack, 184 e.g., for traffic engineering purposes, the knowledge of the SRGB 185 of the originator of the prefix is required in order to compute 186 the local label used by the originator. 188 This document assumes that BGP-LS is the preferred method for 189 collecting both peer segments (Peer SIDs) and SRGB information 190 through [RFC7752], [I-D.ietf-idr-bgpls-segment-routing-epe], and 191 [I-D.ietf-idr-bgp-ls-segment-routing-ext]. However, as an 192 optional alternative for the advertisement of the local SRGB 193 without the topology nor the peer SIDs, hence without 194 applicability for TE, the Originator SRGB TLV of the BGP Prefix- 195 SID attribute is specified in Section 3.2 of this document. 197 A BGP speaker will derive its local MPLS label L from the label 198 index L_I and its local SRGB as described in 199 [I-D.ietf-spring-segment-routing-mpls]. The BGP speaker then 200 programs the MPLS label L in its MPLS dataplane as its incoming/ 201 local label for the prefix. See Section 4.1 for more details. 203 The outgoing label for the prefix is found in the NLRI of the 204 Multiprotocol BGP IPv4/IPv6 Labeled Unicast prefix advertisement 205 as defined in [RFC8277]. The label index L_I is only used as a 206 hint to derive the local/incoming label. 208 Section 3.1 of this document specifies the Label-Index TLV of the 209 BGP Prefix-SID attribute; this TLV can be used to advertise the 210 label index for a given prefix. 212 3. BGP Prefix-SID Attribute 214 The BGP Prefix-SID attribute is an optional, transitive BGP path 215 attribute. The attribute type code 40 has been assigned by IANA (see 216 Section 7). 218 The BGP Prefix-SID attribute is defined here to be a set of elements 219 encoded as "Type/Length/Value" tuples (i.e., a set of TLVs). All BGP 220 Prefix-SID attribute TLVs will start with a 1-octet type and a 221 2-octet length. The following TLVs are defined in this document: 223 o Label-Index TLV 225 o Originator SRGB TLV 227 The Label-Index and Originator SRGB TLVs are used only when SR is 228 applied to the MPLS dataplane. 230 For future extensibility, unknown TLVs MUST be ignored and propagated 231 unmodified. 233 3.1. Label-Index TLV 235 The Label-Index TLV MUST be present in the BGP Prefix-SID attribute 236 attached to IPv4/IPv6 Labeled Unicast prefixes ([RFC8277]). It MUST 237 be ignored when received for other BGP AFI/SAFI combinations. The 238 Label-Index TLV has the following format: 240 0 1 2 3 241 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | Type | Length | RESERVED | 244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 | Flags | Label Index | 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 | Label Index | 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 where: 252 o Type is 1. 254 o Length: is 7, the total length in octets of the value portion of 255 the TLV. 257 o RESERVED: 8-bit field. MUST be clear on transmission and MUST be 258 ignored on reception. 260 o Flags: 16 bits of flags. None are defined by this document. The 261 flag field MUST be clear on transmission and MUST be ignored on 262 reception. 264 o Label Index: 32-bit value representing the index value in the SRGB 265 space. 267 3.2. Originator SRGB TLV 269 The Originator SRGB TLV is an optional TLV and has the following 270 format: 272 0 1 2 3 273 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | Type | Length | Flags | 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 | Flags | 278 +-+-+-+-+-+-+-+-+ 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | SRGB 1 (6 octets) | 282 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | | 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 | SRGB n (6 octets) | 288 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 | | 290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 292 where: 294 o Type is 3. 296 o Length is the total length in octets of the value portion of the 297 TLV: 2 + (non-zero multiple of 6). 299 o Flags: 16 bits of flags. None are defined in this document. 300 Flags MUST be clear on transmission and MUST be ignored on 301 reception. 303 o SRGB: 3 octets specifying the first label in the range followed by 304 3 octets specifying the number of labels in the range. Note that 305 the SRGB field MAY appear multiple times. If the SRGB field 306 appears multiple times, the SRGB consists of multiple ranges that 307 are concatenated. 309 The Originator SRGB TLV contains the SRGB of the node originating the 310 prefix to which the BGP Prefix-SID is attached. The Originator SRGB 311 TLV MUST NOT be changed during the propagation of the BGP update. It 312 is used to build segment routing policies when different SRGBs are 313 used in the fabric, for example 314 ([I-D.ietf-spring-segment-routing-msdc]). 316 Examples of how the receiving routers concatenate the ranges and 317 build their neighbor's Segment Routing Global Block (SRGB) are 318 included in [I-D.ietf-spring-segment-routing-mpls]). 320 The originator SRGB may only appear in a BGP Prefix-SID attribute 321 attached to IPv4/IPv6 Labeled Unicast prefixes ([RFC8277]). It MUST 322 be ignored when received for other BGP AFI/SAFI combinations. Since 323 the Label-Index TLV is required for IPv4/IPv6 prefix applicability, 324 the originator SRGB will be ignored if it is not specified consistent 325 with Section 6. 327 4. Receiving BGP Prefix-SID Attribute 329 A BGP speaker receiving a BGP Prefix-SID attribute from an External 330 BGP (EBGP) neighbor residing outside the boundaries of the SR domain 331 MUST discard the attribute unless it is configured to accept the 332 attribute from the EBGP neighbor. A BGP speaker SHOULD log an error 333 for further analysis when discarding an attribute. 335 4.1. MPLS Dataplane: Labeled Unicast 337 A BGP session supporting the Multiprotocol BGP labeled IPv4 or IPv6 338 Unicast ([RFC8277]) AFI/SAFI is required. 340 When the BGP Prefix-SID attribute is attached to a BGP labeled IPv4 341 or IPv6 Unicast [RFC8277] AFI/SAFI, it MUST contain the Label-Index 342 TLV and MAY contain the Originator SRGB TLV. A BGP Prefix-SID 343 attribute received without a Label-Index TLV MUST be considered as 344 "invalid" by the receiving speaker. 346 The label index provides guidance to the receiving BGP speaker as to 347 the incoming label that SHOULD be allocated to the prefix. 349 A BGP speaker may be locally configured with an SRGB=[SRGB_Start, 350 SRGB_End]. The preferred method for deriving the SRGB is a matter of 351 local node configuration. 353 The mechanisms through which a given label index value is assigned to 354 a given prefix are outside the scope of this document. 356 Given a label index L_I, we refer to (L = L_I + SRGB_Start) as the 357 derived label. A BGP Prefix-SID attribute is designated 358 "conflicting" for a speaker M if the derived label value L lies 359 outside the SRGB configured on M. Otherwise the Label-Index TLV is 360 designated "acceptable" to speaker M. 362 If multiple different prefixes are received with the same label 363 index, all of the different prefixes MUST have their BGP Prefix-SID 364 attribute considered as "conflicting". 366 If multiple valid paths for the same prefix are received from 367 multiple BGP speakers or, in the case of [RFC7911], from the same BGP 368 speaker, and the BGP Prefix-SID attributes do not contain the same 369 label index, then the label index from the best path BGP Prefix-SID 370 attribute SHOULD be chosen with a notable exception being when 371 [RFC5004] is being used to dampen route changes. 373 When a BGP speaker receives a path from a neighbor with an 374 "acceptable" BGP Prefix-SID attribute and that path is selected as 375 the best path, it SHOULD program the derived label as the label for 376 the prefix in its local MPLS dataplane. 378 When a BGP speaker receives a path from a neighbor with an "invalid" 379 or "conflicting" BGP Prefix-SID attribute or when a BGP speaker 380 receives a path from a neighbor with a BGP Prefix-SID attribute but 381 is unable to process it (e.g., local policy disables the 382 functionality), it MUST ignore the BGP Prefix-SID attribute. For the 383 purposes of label allocation, a BGP speaker MUST assign a local (also 384 called dynamic) label (non-SRGB) for such a prefix as per classic 385 Multiprotocol BGP IPv4/IPv6 Labeled Unicast ([RFC8277]) operation. 387 In the case of an "invalid" BGP Prefix-SID attribute, a BGP speaker 388 MUST follow the error handling rules specified in Section 6. A BGP 389 speaker SHOULD log an error for further analysis. In the case of a 390 "conflicting" BGP Prefix-SID attribute, a BGP speaker SHOULD NOT 391 treat it as error and SHOULD propagate the attribute unchanged. A 392 BGP Speaker SHOULD log a warning for further analysis, i.e., in the 393 case the conflict is not due to a label index transition. 395 When a BGP Prefix-SID attribute changes and transitions from 396 "conflicting" to "acceptable", the BGP Prefix-SID attributes for 397 other prefixes may also transition to "acceptable" as well. 398 Implementations SHOULD assure all impacted prefixes revert to using 399 the label indices corresponding to these newly "acceptable" BGP 400 Prefix-SID attributes. 402 The outgoing label is always programmed as per classic Multiprotocol 403 BGP IPv4/IPv6 Labeled Unicast ([RFC8277]) operation. Specifically, a 404 BGP speaker receiving a prefix with a BGP Prefix-SID attribute and a 405 label NLRI field of Implicit NULL [RFC3032] from a neighbor MUST 406 adhere to standard behavior and program its MPLS dataplane to pop the 407 top label when forwarding traffic to the prefix. The label NLRI 408 defines the outbound label that MUST be used by the receiving node. 410 5. Advertising BGP Prefix-SID Attribute 412 The BGP Prefix-SID attribute MAY be attached to BGP IPv4/IPv6 Label 413 Unicast prefixes [RFC8277]. In order to prevent distribution of the 414 BGP Prefix-SID attribute beyond its intended scope of applicability, 415 attribute filtering SHOULD be deployed to remove the BGP Prefix-SID 416 attribute at the administrative boundary of the segment routing 417 domain. 419 A BGP speaker that advertises a path received from one of its 420 neighbors SHOULD advertise the BGP Prefix-SID received with the path 421 without modification, as long as the BGP Prefix-SID was acceptable. 422 If the path did not come with a BGP Prefix-SID attribute, the speaker 423 MAY attach a BGP Prefix-SID to the path if configured to do so. The 424 content of the TLVs present in the BGP Prefix-SID is determined by 425 the configuration. 427 5.1. MPLS Dataplane: Labeled Unicast 429 A BGP speaker that originates a prefix attaches the BGP Prefix-SID 430 attribute when it advertises the prefix to its neighbors via 431 Multiprotocol BGP IPv4/IPv6 Labeled Unicast ([RFC8277]). The value 432 of the label index in the Label-Index TLV is determined by 433 configuration. 435 A BGP speaker that originates a BGP Prefix-SID attribute MAY 436 optionally announce the Originator SRGB TLV along with the mandatory 437 Label-Index TLV. The content of the Originator SRGB TLV is 438 determined by configuration. 440 Since the label index value must be unique within an SR domain, by 441 default an implementation SHOULD NOT advertise the BGP Prefix-SID 442 attribute outside an Autonomous System unless it is explicitly 443 configured to do so. 445 In all cases, the label field of the advertised NLRI ([RFC8277], 446 [RFC4364]) MUST be set to the local/incoming label programmed in the 447 MPLS dataplane for the given advertised prefix. If the prefix is 448 associated with one of the BGP speaker's interfaces, this is the 449 usual MPLS label (such as the Implicit or Explicit NULL label 450 [RFC3032]). 452 6. Error Handling of BGP Prefix-SID Attribute 454 When a BGP Speaker receives a BGP Update message containing a 455 malformed or invalid BGP Prefix-SID attribute attached to a IPv4/IPv6 456 Labeled Unicast prefix [RFC8277], it MUST ignore the received BGP 457 Prefix-SID attributes and not advertise it to other BGP peers. In 458 this context, a malformed BGP Prefix-SID attribute is one that cannot 459 be parsed due to not meeting the minimum attribute length 460 requirement, contains a TLV length that doesn't conform to the length 461 constraints for the TLV, or a contains TLV length that would extend 462 beyond the end of the attribute (as defined by the attribute length). 463 This is equivalent to the "Attribute discard" action specified in 465 [RFC7606]. When discarding an attribute, a BGP speaker SHOULD log an 466 error for further analysis. 468 As per with [RFC7606], if the BGP Prefix-SID attribute appears more 469 than once in an UPDATE message, then all the occurrences of the 470 attribute other than the first one SHALL be discarded and the UPDATE 471 message will continue to be processed. Similarly, if a recognized 472 TLV appears more than once in an BGP Prefix-SID attribute while the 473 specification only allows for a single occurrence, then all the 474 occurrences of the TLV other than the first one SHALL be discarded 475 and the Prefix-SID attribute will continue to be processed. 477 For future extensibility, unknown TLVs MUST be ignored and propagated 478 unmodified. 480 7. IANA Considerations 482 This document defines a BGP path attribute known as the BGP Prefix- 483 SID attribute. This document requests IANA to assign an attribute 484 code type (suggested value: 40) to the BGP Prefix-SID attribute from 485 the BGP Path Attributes registry. 487 Currently, IANA temporarily assigned the following: 489 40 BGP Prefix-SID (TEMPORARY - registered 2015-09-30, expires 490 2016-09-30) [draft-ietf-idr-bgp-prefix-sid] 492 This document defines 3 TLVs for the BGP Prefix-SID attribute. These 493 TLVs need to be registered with IANA. We request IANA to create a 494 registry for BGP Prefix-SID Attribute TLVs as follows: 496 Under "Border Gateway Protocol (BGP) Parameters" registry, "BGP 497 Prefix-SID TLV Types" Reference: draft-ietf-idr-bgp-prefix-sid 498 Registration Procedure(s): Values 1-254 - Expert Review as defined in 499 [RFC8126], Value 0 and 255 reserved 501 Value Type Reference 502 0 Reserved this document 503 1 Label-Index this document 504 2 Deprecated this document 505 3 Originator SRGB this document 506 4-254 Unassigned 507 255 Reserved this document 509 This document also requests creation of the "BGP Prefix-SID Label- 510 Index TLV Flags" registry under the "Border Gateway Protocol (BGP) 511 Parameters" registry, Reference: draft-ietf-idr-bgp-prefix-sid. 512 Initially, this 16-bit flags registry will be empty. The 513 registration policy for flag bits will Expert Review [RFC8126] 514 consistent with the BGP Prefix-SID TLV Types registry. 516 Finally, this document requests creation of the "BGP Prefix-SID 517 Originator SRGB TLV Flags" registry under the "Border Gateway 518 Protocol (BGP) Parameters" registry, Reference: draft-ietf-idr-bgp- 519 prefix-sid. Initially, this 16-bit flags registry will be empty. 520 The registration policy for flag bits will Expert Review [RFC8126] 521 consistent with the BGP Prefix-SID TLV Types registry. 523 The designated experts must be good and faithful stewards of the 524 above registries, assuring that each request is legitimate and 525 corresponds to a viable use case. Given the limited number of bits 526 in the flags registries and the applicability to a single TLV, 527 additional scrutiny should be afforded to flag bit allocation 528 requests. In general, no single use case should require more than 529 one flag bit and, should the use case require more, alternate 530 encodings using new TLVs should be considered. 532 8. Manageability Considerations 534 This document defines a BGP attribute to address use cases such as 535 the one described in [I-D.ietf-spring-segment-routing-msdc]. It is 536 assumed that advertisement of the BGP Prefix-SID attribute is 537 controlled by the operator in order to: 539 o Prevent undesired origination/advertisement of the BGP Prefix-SID 540 attribute. By default, a BGP Prefix-SID attribute SHOULD NOT be 541 attached to a prefix and advertised. Hence, BGP Prefix-SID 542 advertisement SHOULD require explicit enablement. 544 o Prevent any undesired propagation of the BGP Prefix-SID attribute. 545 By default, the BGP Prefix-SID is not advertised outside the 546 boundary of a single SR/administrative domain which may include 547 one or more ASes. The propagation to other ASes MUST be 548 explicitly configured. 550 The deployment model described in 551 [I-D.ietf-spring-segment-routing-msdc] assumes multiple Autonomous 552 Systems (ASes) under a common administrative domain. For this use 553 case, the BGP Prefix-SID advertisement is applicable to the inter-AS 554 context, i.e., EBGP, while it is confined to a single administrative 555 domain. 557 9. Security Considerations 559 This document introduces a BGP attribute (BGP Prefix-SID) which 560 inherits the security considerations expressed in: [RFC4271], 561 [RFC8277], and [I-D.ietf-spring-segment-routing]. 563 When advertised using BGPsec as described in [RFC8205], the BGP 564 Prefix-SID attribute doesn't impose any unique security 565 considerations. It should be noted that the BGP Prefix-SID attribute 566 is not protected by the BGPsec signatures. 568 It should be noted that, as described in Section 8, this document 569 refers to a deployment model where all nodes are under the single 570 administrative domain. In this context, we assume that the operator 571 doesn't want to leak any information related to internal prefixes and 572 topology outside of the administrative domain. The internal 573 information includes the BGP Prefix-SID. In order to prevent such 574 leaking, the common BGP mechanisms (filters) are applied at the 575 boundary of the SR/administrative domain. Local BGP attribute 576 filtering policies and mechanisms are not standardized and, 577 consequently, beyond the scope of this document. 579 To prevent a Denial-of-Service (DoS) or Distributed-Denial-of-Service 580 (DDoS) attack due to excessive BGP updates with an invalid or 581 conflicting BGP Prefix-SID attribute, error log message rate-limiting 582 as well as suppression of duplicate error log messages SHOULD be 583 deployed. 585 10. Contributors 587 Keyur Patel 588 Arrcus, Inc. 589 US 591 Email: Keyur@arrcus.com 593 Saikat Ray 594 Unaffiliated 595 US 597 Email: raysaikat@gmail.com 599 11. Acknowledgements 601 The authors would like to thank Satya Mohanty for his contribution to 602 this document. 604 The authors would like to thank Alvaro Retana for substantive 605 comments as part of the Routing AD review. 607 The authors would like to thank Bruno Decraene for substantive 608 comments and suggested text as part of the Routing Directorate 609 review. 611 The authors would like to thank Shyam Sethuram for comments and 612 discussion of TLV processing and validation. 614 The authors would like to thank Robert Raszuk for comments and 615 suggestions regarding the MPLS data plane behavior. 617 The authors would like to thank Krishna Deevi, Juan Alcaide, Howard 618 Yang, and Jakob Heitz for discussions on conflicting BGP Prefix-SID 619 label indices and BGP add paths. 621 The authors would like to thank Peter Yee, Tony Przygienda, Mirja 622 Kuehlewind, Alexey Melnikov, Eric Rescorla, Suresh Krishnan, Warren 623 Kumari, Ben Campbell and Sue Hares for IDR Working Group last call, 624 IETF Last Call, directorate, and IESG reviews. 626 12. References 628 12.1. Normative References 630 [I-D.ietf-spring-segment-routing] 631 Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., 632 Litkowski, S., and R. Shakir, "Segment Routing 633 Architecture", draft-ietf-spring-segment-routing-15 (work 634 in progress), January 2018. 636 [I-D.ietf-spring-segment-routing-mpls] 637 Bashandy, A., Filsfils, C., Previdi, S., Decraene, B., 638 Litkowski, S., and R. Shakir, "Segment Routing with MPLS 639 data plane", draft-ietf-spring-segment-routing-mpls-14 640 (work in progress), June 2018. 642 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 643 Requirement Levels", BCP 14, RFC 2119, 644 DOI 10.17487/RFC2119, March 1997, . 647 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 648 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 649 DOI 10.17487/RFC4271, January 2006, . 652 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 653 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 654 2006, . 656 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 657 "Multiprotocol Extensions for BGP-4", RFC 4760, 658 DOI 10.17487/RFC4760, January 2007, . 661 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 662 Patel, "Revised Error Handling for BGP UPDATE Messages", 663 RFC 7606, DOI 10.17487/RFC7606, August 2015, 664 . 666 [RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder, 667 "Advertisement of Multiple Paths in BGP", RFC 7911, 668 DOI 10.17487/RFC7911, July 2016, . 671 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 672 Writing an IANA Considerations Section in RFCs", BCP 26, 673 RFC 8126, DOI 10.17487/RFC8126, June 2017, 674 . 676 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 677 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 678 May 2017, . 680 [RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol 681 Specification", RFC 8205, DOI 10.17487/RFC8205, September 682 2017, . 684 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 685 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 686 . 688 12.2. Informative References 690 [I-D.ietf-6man-segment-routing-header] 691 Previdi, S., Filsfils, C., Leddy, J., Matsushima, S., and 692 d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header 693 (SRH)", draft-ietf-6man-segment-routing-header-13 (work in 694 progress), May 2018. 696 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 697 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 698 and M. Chen, "BGP Link-State extensions for Segment 699 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-08 700 (work in progress), May 2018. 702 [I-D.ietf-idr-bgpls-segment-routing-epe] 703 Previdi, S., Filsfils, C., Patel, K., Ray, S., and J. 704 Dong, "BGP-LS extensions for Segment Routing BGP Egress 705 Peer Engineering", draft-ietf-idr-bgpls-segment-routing- 706 epe-15 (work in progress), March 2018. 708 [I-D.ietf-spring-segment-routing-msdc] 709 Filsfils, C., Previdi, S., Dawra, G., Aries, E., and P. 710 Lapukhov, "BGP-Prefix Segment in large-scale data 711 centers", draft-ietf-spring-segment-routing-msdc-09 (work 712 in progress), May 2018. 714 [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., 715 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 716 Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, 717 . 719 [RFC5004] Chen, E. and S. Sangli, "Avoid BGP Best Path Transitions 720 from One External to Another", RFC 5004, 721 DOI 10.17487/RFC5004, September 2007, . 724 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 725 S. Ray, "North-Bound Distribution of Link-State and 726 Traffic Engineering (TE) Information Using BGP", RFC 7752, 727 DOI 10.17487/RFC7752, March 2016, . 730 Authors' Addresses 732 Stefano Previdi 733 Cisco Systems 734 IT 736 Email: stefano@previdi.net 737 Clarence Filsfils 738 Cisco Systems 739 Brussels 740 Belgium 742 Email: cfilsfils@cisco.com 744 Acee Lindem (editor) 745 Cisco Systems 746 301 Midenhall Way 747 Cary, NC 27513 748 USA 750 Email: acee@cisco.com 752 Arjun Sreekantiah 754 Email: arjunhrs@gmail.com 756 Hannes Gredler 757 RtBrick Inc. 759 Email: hannes@rtbrick.com