idnits 2.17.1 draft-ietf-idr-bgp-prefix-sid-26.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 21, 2018) is 2135 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-mpls-14 == Outdated reference: A later version (-26) exists of draft-ietf-6man-segment-routing-header-13 == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-ext-08 == Outdated reference: A later version (-19) exists of draft-ietf-idr-bgpls-segment-routing-epe-15 == Outdated reference: A later version (-11) exists of draft-ietf-spring-segment-routing-msdc-09 -- Obsolete informational reference (is this intentional?): RFC 7752 (Obsoleted by RFC 9552) Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR S. Previdi 3 Internet-Draft C. Filsfils 4 Intended status: Standards Track A. Lindem, Ed. 5 Expires: December 23, 2018 Cisco Systems 6 A. Sreekantiah 8 H. Gredler 9 RtBrick Inc. 10 June 21, 2018 12 Segment Routing Prefix SID extensions for BGP 13 draft-ietf-idr-bgp-prefix-sid-26 15 Abstract 17 Segment Routing (SR) leverages the source routing paradigm. A node 18 steers a packet through an ordered list of instructions, called 19 segments. A segment can represent any instruction, topological or 20 service-based. The ingress node prepends an SR header to a packet 21 containing a set of segment identifiers (SID). Each SID represents a 22 topological or a service-based instruction. Per-flow state is 23 maintained only on the ingress node of the SR domain. An SR domain 24 is defined as a single administrative domain for global SID 25 assignment. 27 This document defines an optional, transitive BGP attribute for 28 announcing BGP Prefix Segment Identifiers (BGP Prefix-SID) 29 information and the specification for SR-MPLS SIDs. 31 Requirements Language 33 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 34 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 35 "OPTIONAL" in this document are to be interpreted as described in BCP 36 14 [RFC2119] [RFC8174] when, and only when, they appear in all 37 capitals, as shown here. 39 Status of This Memo 41 This Internet-Draft is submitted in full conformance with the 42 provisions of BCP 78 and BCP 79. 44 Internet-Drafts are working documents of the Internet Engineering 45 Task Force (IETF). Note that other groups may also distribute 46 working documents as Internet-Drafts. The list of current Internet- 47 Drafts is at http://datatracker.ietf.org/drafts/current/. 49 Internet-Drafts are draft documents valid for a maximum of six months 50 and may be updated, replaced, or obsoleted by other documents at any 51 time. It is inappropriate to use Internet-Drafts as reference 52 material or to cite them other than as "work in progress." 54 This Internet-Draft will expire on December 23, 2018. 56 Copyright Notice 58 Copyright (c) 2018 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (http://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the Simplified BSD License. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 74 2. MPLS BGP Prefix SID . . . . . . . . . . . . . . . . . . . . . 4 75 3. BGP Prefix-SID Attribute . . . . . . . . . . . . . . . . . . 5 76 3.1. Label-Index TLV . . . . . . . . . . . . . . . . . . . . . 5 77 3.2. Originator SRGB TLV . . . . . . . . . . . . . . . . . . . 6 78 4. Receiving BGP Prefix-SID Attribute . . . . . . . . . . . . . 8 79 4.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 8 80 5. Advertising BGP Prefix-SID Attribute . . . . . . . . . . . . 9 81 5.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 10 82 6. Error Handling of BGP Prefix-SID Attribute . . . . . . . . . 10 83 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 84 8. Manageability Considerations . . . . . . . . . . . . . . . . 12 85 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13 86 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13 87 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 88 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 89 12.1. Normative References . . . . . . . . . . . . . . . . . . 14 90 12.2. Informative References . . . . . . . . . . . . . . . . . 15 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 93 1. Introduction 95 The Segment Routing (SR) architecture leverages the source routing 96 paradigm. A segment represents either a topological instruction such 97 as "go to prefix P following shortest path" or a service instruction. 98 Other types of segments may be defined in the future. 100 A segment is identified through a Segment Identifier (SID). An SR 101 domain is defined as a single administrative domain for global SID 102 assignment. It may be comprised of a single Autonomous System (AS) 103 or multiple ASes under consolidated global SID administration. 104 Typically, the ingress node of the SR domain prepends an SR header 105 containing segments identifiers (SIDs) to an incoming packet. 107 As described in [I-D.ietf-spring-segment-routing], when SR is applied 108 to the MPLS dataplane ([I-D.ietf-spring-segment-routing-mpls]), the 109 SID consists of a label. 111 [I-D.ietf-spring-segment-routing] also describes how segment routing 112 can be applied to an IPv6 dataplane (SRv6) using an IPv6 routing 113 header containing a stack of SR SIDs encoded as IPv6 addresses 114 [I-D.ietf-6man-segment-routing-header]. The applicability and 115 support for Segment Routing over IPv6 is beyond the scope of this 116 document. 118 A BGP-Prefix Segment is a BGP prefix with a Prefix-SID attached. A 119 BGP Prefix-SID is always a global SID 120 ([I-D.ietf-spring-segment-routing]) within the SR domain and 121 identifies an instruction to forward the packet over the Equal-Cost 122 Multi-Path (ECMP) best-path computed by BGP to the related prefix. 123 The BGP Prefix-SID is the identifier of the BGP prefix segment. In 124 this document, we always refer to the BGP-Prefix segment by the BGP 125 Prefix-SID. 127 This document describes the BGP extension to signal the BGP Prefix- 128 SID. Specifically, this document defines a BGP attribute known as 129 the BGP Prefix-SID attribute and specifies the rules to originate, 130 receive, and handle error conditions for the attribute. 132 The BGP Prefix-SID attribute defined in this document can be attached 133 to prefixes from Multiprotocol BGP IPv4/IPv6 Labeled Unicast 134 ([RFC4760], [RFC8277]). Usage of the BGP Prefix-SID attribute for 135 other Address Family Identifier (AFI)/ Subsequent Address Family 136 Identifier (SAFI) combinations is not defined herein but may be 137 specified in future specifications. 139 [I-D.ietf-spring-segment-routing-msdc] describes example use cases 140 where the BGP Prefix-SID is used for the above AFI/SAFI combinations. 142 It should be noted that: 144 o A BGP Prefix-SID will be global across ASes when the 145 interconnected ASes are part of the same SR domain. 146 Alternatively, when interconnecting ASes, the ASBRs of each domain 147 will have to handle the advertisement of unique SIDs. The 148 mechanisms for such interconnection are outside the scope of the 149 protocol extensions defined in this document. 151 o A BGP Prefix-SID MAY be attached to a BGP prefix. This implies 152 that each prefix is advertised individually, reducing the ability 153 to pack BGP advertisements (when sharing common attributes). 155 2. MPLS BGP Prefix SID 157 The BGP Prefix-SID is realized on the MPLS dataplane 158 ([I-D.ietf-spring-segment-routing-mpls]) in the following way: 160 The operator assigns a globally unique label index, L_I, to a 161 locally originated prefix of a BGP speaker N which is advertised 162 to all other BGP speakers in the SR domain. 164 According to [I-D.ietf-spring-segment-routing], each BGP speaker 165 is configured with a label block called the Segment Routing Global 166 Block (SRGB). While [I-D.ietf-spring-segment-routing] recommends 167 using the same SRGB across all the nodes within the SR domain, the 168 SRGB of a node is a local property and could be different on 169 different speakers. The drawbacks of the use case where BGP 170 speakers have different SRGBs are documented in 171 [I-D.ietf-spring-segment-routing] and 172 [I-D.ietf-spring-segment-routing-msdc]. 174 If traffic-engineering within the SR domain is required, each node 175 may also be required to advertise topological information and 176 Peering SIDs for each of its links and peers. This information is 177 required to perform the explicit path computation and to express 178 an explicit path as a list of SIDs. The advertisement of 179 topological information and peer segments (Peer SIDs) is done 180 through [I-D.ietf-idr-bgpls-segment-routing-epe]. 182 If a prefix segment is to be included in an MPLS label stack, 183 e.g., for traffic engineering purposes, the knowledge of the SRGB 184 of the originator of the prefix is required in order to compute 185 the local label used by the originator. 187 This document assumes that BGP-LS is the preferred method for 188 collecting both peer segments (Peer SIDs) and SRGB information 189 through [RFC7752], [I-D.ietf-idr-bgpls-segment-routing-epe], and 191 [I-D.ietf-idr-bgp-ls-segment-routing-ext]. However, as an 192 optional alternative for the advertisement of the local SRGB 193 without the topology nor the peer SIDs, hence without 194 applicability for TE, the Originator SRGB TLV of the BGP Prefix- 195 SID attribute is specified in Section 3.2 of this document. 197 A BGP speaker will derive its local MPLS label L from the label 198 index L_I and its local SRGB as described in 199 [I-D.ietf-spring-segment-routing-mpls]. The BGP speaker then 200 programs the MPLS label L in its MPLS dataplane as its incoming/ 201 local label for the prefix. See Section 4.1 for more details. 203 The outgoing label for the prefix is found in the Network Layer 204 Reachability Information (NLRI) of the Multiprotocol BGP IPv4/IPv6 205 Labeled Unicast prefix advertisement as defined in [RFC8277]. The 206 label index L_I is only used as a hint to derive the local/ 207 incoming label. 209 Section 3.1 of this document specifies the Label-Index TLV of the 210 BGP Prefix-SID attribute; this TLV can be used to advertise the 211 label index for a given prefix. 213 3. BGP Prefix-SID Attribute 215 The BGP Prefix-SID attribute is an optional, transitive BGP path 216 attribute. The attribute type code 40 has been assigned by IANA (see 217 Section 7). 219 The BGP Prefix-SID attribute is defined here to be a set of elements 220 encoded as "Type/Length/Value" tuples (i.e., a set of TLVs). All BGP 221 Prefix-SID attribute TLVs will start with a 1-octet type and a 222 2-octet length. The following TLVs are defined in this document: 224 o Label-Index TLV 226 o Originator SRGB TLV 228 The Label-Index and Originator SRGB TLVs are used only when SR is 229 applied to the MPLS dataplane. 231 For future extensibility, unknown TLVs MUST be ignored and propagated 232 unmodified. 234 3.1. Label-Index TLV 236 The Label-Index TLV MUST be present in the BGP Prefix-SID attribute 237 attached to IPv4/IPv6 Labeled Unicast prefixes ([RFC8277]). It MUST 238 be ignored when received for other BGP AFI/SAFI combinations. The 239 Label-Index TLV has the following format: 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type | Length | RESERVED | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Flags | Label Index | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | Label Index | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 where: 253 o Type is 1. 255 o Length: is 7, the total length in octets of the value portion of 256 the TLV. 258 o RESERVED: 8-bit field. MUST be clear on transmission and MUST be 259 ignored on reception. 261 o Flags: 16 bits of flags. None are defined by this document. The 262 flag field MUST be clear on transmission and MUST be ignored on 263 reception. 265 o Label Index: 32-bit value representing the index value in the SRGB 266 space. 268 3.2. Originator SRGB TLV 270 The Originator SRGB TLV is an optional TLV and has the following 271 format: 273 0 1 2 3 274 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 276 | Type | Length | Flags | 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 | Flags | 279 +-+-+-+-+-+-+-+-+ 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 | SRGB 1 (6 octets) | 283 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 | | 285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | SRGB n (6 octets) | 289 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 290 | | 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 where: 295 o Type is 3. 297 o Length is the total length in octets of the value portion of the 298 TLV: 2 + (non-zero multiple of 6). 300 o Flags: 16 bits of flags. None are defined in this document. 301 Flags MUST be clear on transmission and MUST be ignored on 302 reception. 304 o SRGB: 3 octets specifying the first label in the range followed by 305 3 octets specifying the number of labels in the range. Note that 306 the SRGB field MAY appear multiple times. If the SRGB field 307 appears multiple times, the SRGB consists of multiple ranges that 308 are concatenated. 310 The Originator SRGB TLV contains the SRGB of the node originating the 311 prefix to which the BGP Prefix-SID is attached. The Originator SRGB 312 TLV MUST NOT be changed during the propagation of the BGP update. It 313 is used to build segment routing policies when different SRGBs are 314 used in the fabric, for example 315 ([I-D.ietf-spring-segment-routing-msdc]). 317 Examples of how the receiving routers concatenate the ranges and 318 build their neighbor's Segment Routing Global Block (SRGB) are 319 included in [I-D.ietf-spring-segment-routing-mpls]). 321 The Originator SRGB TLV may only appear in a BGP Prefix-SID attribute 322 attached to IPv4/IPv6 Labeled Unicast prefixes ([RFC8277]). It MUST 323 be ignored when received for other BGP AFI/SAFI combinations. Since 324 the Label-Index TLV is required for IPv4/IPv6 prefix applicability, 325 the Originator SRGB TLV will be ignored if it is not specified 326 consistent with Section 6. 328 4. Receiving BGP Prefix-SID Attribute 330 A BGP speaker receiving a BGP Prefix-SID attribute from an External 331 BGP (EBGP) neighbor residing outside the boundaries of the SR domain 332 MUST discard the attribute unless it is configured to accept the 333 attribute from the EBGP neighbor. A BGP speaker SHOULD log an error 334 for further analysis when discarding an attribute. 336 4.1. MPLS Dataplane: Labeled Unicast 338 A BGP session supporting the Multiprotocol BGP labeled IPv4 or IPv6 339 Unicast ([RFC8277]) AFI/SAFI is required. 341 When the BGP Prefix-SID attribute is attached to a BGP labeled IPv4 342 or IPv6 Unicast [RFC8277] AFI/SAFI, it MUST contain the Label-Index 343 TLV and MAY contain the Originator SRGB TLV. A BGP Prefix-SID 344 attribute received without a Label-Index TLV MUST be considered as 345 "invalid" by the receiving speaker. 347 The label index provides guidance to the receiving BGP speaker as to 348 the incoming label that SHOULD be allocated to the prefix. 350 A BGP speaker may be locally configured with an SRGB=[SRGB_Start, 351 SRGB_End]. The preferred method for deriving the SRGB is a matter of 352 local node configuration. 354 The mechanisms through which a given label index value is assigned to 355 a given prefix are outside the scope of this document. 357 Given a label index L_I, we refer to (L = L_I + SRGB_Start) as the 358 derived label. A BGP Prefix-SID attribute is designated 359 "conflicting" for a speaker M if the derived label value L lies 360 outside the SRGB configured on M. Otherwise the Label-Index TLV is 361 designated "acceptable" to speaker M. 363 If multiple different prefixes are received with the same label 364 index, all of the different prefixes MUST have their BGP Prefix-SID 365 attribute considered as "conflicting". 367 If multiple valid paths for the same prefix are received from 368 multiple BGP speakers or, in the case of [RFC7911], from the same BGP 369 speaker, and the BGP Prefix-SID attributes do not contain the same 370 label index, then the label index from the best path BGP Prefix-SID 371 attribute SHOULD be chosen with a notable exception being when 372 [RFC5004] is being used to dampen route changes. 374 When a BGP speaker receives a path from a neighbor with an 375 "acceptable" BGP Prefix-SID attribute and that path is selected as 376 the best path, it SHOULD program the derived label as the label for 377 the prefix in its local MPLS dataplane. 379 When a BGP speaker receives a path from a neighbor with an "invalid" 380 or "conflicting" BGP Prefix-SID attribute or when a BGP speaker 381 receives a path from a neighbor with a BGP Prefix-SID attribute but 382 is unable to process it (e.g., local policy disables the 383 functionality), it MUST ignore the BGP Prefix-SID attribute. For the 384 purposes of label allocation, a BGP speaker MUST assign a local (also 385 called dynamic) label (non-SRGB) for such a prefix as per classic 386 Multiprotocol BGP IPv4/IPv6 Labeled Unicast ([RFC8277]) operation. 388 In the case of an "invalid" BGP Prefix-SID attribute, a BGP speaker 389 MUST follow the error handling rules specified in Section 6. A BGP 390 speaker SHOULD log an error for further analysis. In the case of a 391 "conflicting" BGP Prefix-SID attribute, a BGP speaker SHOULD NOT 392 treat it as error and SHOULD propagate the attribute unchanged. A 393 BGP Speaker SHOULD log a warning for further analysis, i.e., in the 394 case the conflict is not due to a label index transition. 396 When a BGP Prefix-SID attribute changes and transitions from 397 "conflicting" to "acceptable", the BGP Prefix-SID attributes for 398 other prefixes may also transition to "acceptable" as well. 399 Implementations SHOULD assure all impacted prefixes revert to using 400 the label indices corresponding to these newly "acceptable" BGP 401 Prefix-SID attributes. 403 The outgoing label is always programmed as per classic Multiprotocol 404 BGP IPv4/IPv6 Labeled Unicast ([RFC8277]) operation. Specifically, a 405 BGP speaker receiving a prefix with a BGP Prefix-SID attribute and a 406 label NLRI field of Implicit NULL [RFC3032] from a neighbor MUST 407 adhere to standard behavior and program its MPLS dataplane to pop the 408 top label when forwarding traffic to the prefix. The label NLRI 409 defines the outbound label that MUST be used by the receiving node. 411 5. Advertising BGP Prefix-SID Attribute 413 The BGP Prefix-SID attribute MAY be attached to BGP IPv4/IPv6 Label 414 Unicast prefixes [RFC8277]. In order to prevent distribution of the 415 BGP Prefix-SID attribute beyond its intended scope of applicability, 416 attribute filtering SHOULD be deployed to remove the BGP Prefix-SID 417 attribute at the administrative boundary of the segment routing 418 domain. 420 A BGP speaker that advertises a path received from one of its 421 neighbors SHOULD advertise the BGP Prefix-SID received with the path 422 without modification, as long as the BGP Prefix-SID was acceptable. 423 If the path did not come with a BGP Prefix-SID attribute, the speaker 424 MAY attach a BGP Prefix-SID to the path if configured to do so. The 425 content of the TLVs present in the BGP Prefix-SID is determined by 426 the configuration. 428 5.1. MPLS Dataplane: Labeled Unicast 430 A BGP speaker that originates a prefix attaches the BGP Prefix-SID 431 attribute when it advertises the prefix to its neighbors via 432 Multiprotocol BGP IPv4/IPv6 Labeled Unicast ([RFC8277]). The value 433 of the label index in the Label-Index TLV is determined by 434 configuration. 436 A BGP speaker that originates a BGP Prefix-SID attribute MAY 437 optionally announce the Originator SRGB TLV along with the mandatory 438 Label-Index TLV. The content of the Originator SRGB TLV is 439 determined by configuration. 441 Since the label index value must be unique within an SR domain, by 442 default an implementation SHOULD NOT advertise the BGP Prefix-SID 443 attribute outside an Autonomous System unless it is explicitly 444 configured to do so. 446 In all cases, the label field of the advertised NLRI ([RFC8277], 447 [RFC4364]) MUST be set to the local/incoming label programmed in the 448 MPLS dataplane for the given advertised prefix. If the prefix is 449 associated with one of the BGP speaker's interfaces, this is the 450 usual MPLS label (such as the Implicit or Explicit NULL label 451 [RFC3032]). 453 6. Error Handling of BGP Prefix-SID Attribute 455 When a BGP Speaker receives a BGP Update message containing a 456 malformed or invalid BGP Prefix-SID attribute attached to a IPv4/IPv6 457 Labeled Unicast prefix [RFC8277], it MUST ignore the received BGP 458 Prefix-SID attributes and not advertise it to other BGP peers. In 459 this context, a malformed BGP Prefix-SID attribute is one that cannot 460 be parsed due to not meeting the minimum attribute length 461 requirement, contains a TLV length that doesn't conform to the length 462 constraints for the TLV, or a contains TLV length that would extend 463 beyond the end of the attribute (as defined by the attribute length). 464 This is equivalent to the "Attribute discard" action specified in 466 [RFC7606]. When discarding an attribute, a BGP speaker SHOULD log an 467 error for further analysis. 469 As per with [RFC7606], if the BGP Prefix-SID attribute appears more 470 than once in an UPDATE message, then all the occurrences of the 471 attribute other than the first one SHALL be discarded and the UPDATE 472 message will continue to be processed. Similarly, if a recognized 473 TLV appears more than once in an BGP Prefix-SID attribute while the 474 specification only allows for a single occurrence, then all the 475 occurrences of the TLV other than the first one SHALL be discarded 476 and the Prefix-SID attribute will continue to be processed. 478 For future extensibility, unknown TLVs MUST be ignored and propagated 479 unmodified. 481 7. IANA Considerations 483 This document defines a BGP path attribute known as the BGP Prefix- 484 SID attribute. This document requests IANA to assign an attribute 485 code type (suggested value: 40) to the BGP Prefix-SID attribute from 486 the BGP Path Attributes registry. 488 IANA temporarily assigned the following: 490 40 BGP Prefix-SID (TEMPORARY - registered 2015-09-30, expires 491 2018-09-30) [draft-ietf-idr-bgp-prefix-sid] 493 This document defines two TLVs for the BGP Prefix-SID attribute. 494 These TLVs need to be registered with IANA. We request IANA to 495 create a registry for BGP Prefix-SID Attribute TLVs as follows: 497 Under "Border Gateway Protocol (BGP) Parameters" registry, "BGP 498 Prefix-SID TLV Types" Reference: draft-ietf-idr-bgp-prefix-sid 499 Registration Procedure(s): Values 1-254 - Expert Review as defined in 500 [RFC8126], Value 0 and 255 reserved 502 Value Type Reference 503 0 Reserved this document 504 1 Label-Index this document 505 2 Deprecated this document 506 3 Originator SRGB this document 507 4-254 Unassigned 508 255 Reserved this document 510 The value 2 previously corresponded to the IPv6 SID TLV which was 511 specified in previous versions of this document. It was removed and 512 usage of the BGP Prefix-SID for Segment Routing over the IPv6 513 dataplane [I-D.ietf-spring-segment-routing] has been deferred to 514 future specifications. 516 This document also requests creation of the "BGP Prefix-SID Label- 517 Index TLV Flags" registry under the "Border Gateway Protocol (BGP) 518 Parameters" registry, Reference: draft-ietf-idr-bgp-prefix-sid. 519 Initially, this 16-bit flags registry will be empty. The 520 registration policy for flag bits will Expert Review [RFC8126] 521 consistent with the BGP Prefix-SID TLV Types registry. 523 Finally, this document requests creation of the "BGP Prefix-SID 524 Originator SRGB TLV Flags" registry under the "Border Gateway 525 Protocol (BGP) Parameters" registry, Reference: draft-ietf-idr-bgp- 526 prefix-sid. Initially, this 16-bit flags registry will be empty. 527 The registration policy for flag bits will Expert Review [RFC8126] 528 consistent with the BGP Prefix-SID TLV Types registry. 530 The designated experts must be good and faithful stewards of the 531 above registries, assuring that each request is legitimate and 532 corresponds to a viable use case. Given the limited number of bits 533 in the flags registries and the applicability to a single TLV, 534 additional scrutiny should be afforded to flag bit allocation 535 requests. In general, no single use case should require more than 536 one flag bit and, should the use case require more, alternate 537 encodings using new TLVs should be considered. 539 8. Manageability Considerations 541 This document defines a BGP attribute to address use cases such as 542 the one described in [I-D.ietf-spring-segment-routing-msdc]. It is 543 assumed that advertisement of the BGP Prefix-SID attribute is 544 controlled by the operator in order to: 546 o Prevent undesired origination/advertisement of the BGP Prefix-SID 547 attribute. By default, a BGP Prefix-SID attribute SHOULD NOT be 548 attached to a prefix and advertised. Hence, BGP Prefix-SID 549 advertisement SHOULD require explicit enablement. 551 o Prevent any undesired propagation of the BGP Prefix-SID attribute. 552 By default, the BGP Prefix-SID is not advertised outside the 553 boundary of a single SR/administrative domain which may include 554 one or more ASes. The propagation to other ASes MUST be 555 explicitly configured. 557 The deployment model described in 558 [I-D.ietf-spring-segment-routing-msdc] assumes multiple Autonomous 559 Systems (ASes) under a common administrative domain. For this use 560 case, the BGP Prefix-SID advertisement is applicable to the inter-AS 561 context, i.e., EBGP, while it is confined to a single administrative 562 domain. 564 9. Security Considerations 566 This document introduces a BGP attribute (BGP Prefix-SID) which 567 inherits the security considerations expressed in: [RFC4271], 568 [RFC8277], and [I-D.ietf-spring-segment-routing]. 570 When advertised using BGPsec as described in [RFC8205], the BGP 571 Prefix-SID attribute doesn't impose any unique security 572 considerations. It should be noted that the BGP Prefix-SID attribute 573 is not protected by the BGPsec signatures. 575 It should be noted that, as described in Section 8, this document 576 refers to a deployment model where all nodes are under the single 577 administrative domain. In this context, we assume that the operator 578 doesn't want to leak any information related to internal prefixes and 579 topology outside of the administrative domain. The internal 580 information includes the BGP Prefix-SID. In order to prevent such 581 leaking, the common BGP mechanisms (filters) are applied at the 582 boundary of the SR/administrative domain. Local BGP attribute 583 filtering policies and mechanisms are not standardized and, 584 consequently, beyond the scope of this document. 586 To prevent a Denial-of-Service (DoS) or Distributed-Denial-of-Service 587 (DDoS) attack due to excessive BGP updates with an invalid or 588 conflicting BGP Prefix-SID attribute, error log message rate-limiting 589 as well as suppression of duplicate error log messages SHOULD be 590 deployed. 592 10. Contributors 594 Keyur Patel 595 Arrcus, Inc. 596 US 598 Email: Keyur@arrcus.com 600 Saikat Ray 601 Unaffiliated 602 US 604 Email: raysaikat@gmail.com 606 11. Acknowledgements 608 The authors would like to thank Satya Mohanty for his contribution to 609 this document. 611 The authors would like to thank Alvaro Retana for substantive 612 comments as part of the Routing AD review. 614 The authors would like to thank Bruno Decraene for substantive 615 comments and suggested text as part of the Routing Directorate 616 review. 618 The authors would like to thank Shyam Sethuram for comments and 619 discussion of TLV processing and validation. 621 The authors would like to thank Robert Raszuk for comments and 622 suggestions regarding the MPLS data plane behavior. 624 The authors would like to thank Krishna Deevi, Juan Alcaide, Howard 625 Yang, and Jakob Heitz for discussions on conflicting BGP Prefix-SID 626 label indices and BGP add paths. 628 The authors would like to thank Peter Yee, Tony Przygienda, Mirja 629 Kuehlewind, Alexey Melnikov, Eric Rescorla, Suresh Krishnan, Warren 630 Kumari, Ben Campbell Sue Hares, and Martin Vigoureux for IDR Working 631 Group last call, IETF Last Call, directorate, and IESG reviews. 633 12. References 635 12.1. Normative References 637 [I-D.ietf-spring-segment-routing] 638 Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., 639 Litkowski, S., and R. Shakir, "Segment Routing 640 Architecture", draft-ietf-spring-segment-routing-15 (work 641 in progress), January 2018. 643 [I-D.ietf-spring-segment-routing-mpls] 644 Bashandy, A., Filsfils, C., Previdi, S., Decraene, B., 645 Litkowski, S., and R. Shakir, "Segment Routing with MPLS 646 data plane", draft-ietf-spring-segment-routing-mpls-14 647 (work in progress), June 2018. 649 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 650 Requirement Levels", BCP 14, RFC 2119, 651 DOI 10.17487/RFC2119, March 1997, . 654 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 655 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 656 DOI 10.17487/RFC4271, January 2006, . 659 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 660 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 661 2006, . 663 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 664 "Multiprotocol Extensions for BGP-4", RFC 4760, 665 DOI 10.17487/RFC4760, January 2007, . 668 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 669 Patel, "Revised Error Handling for BGP UPDATE Messages", 670 RFC 7606, DOI 10.17487/RFC7606, August 2015, 671 . 673 [RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder, 674 "Advertisement of Multiple Paths in BGP", RFC 7911, 675 DOI 10.17487/RFC7911, July 2016, . 678 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 679 Writing an IANA Considerations Section in RFCs", BCP 26, 680 RFC 8126, DOI 10.17487/RFC8126, June 2017, 681 . 683 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 684 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 685 May 2017, . 687 [RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol 688 Specification", RFC 8205, DOI 10.17487/RFC8205, September 689 2017, . 691 [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address 692 Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, 693 . 695 12.2. Informative References 697 [I-D.ietf-6man-segment-routing-header] 698 Previdi, S., Filsfils, C., Leddy, J., Matsushima, S., and 699 d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header 700 (SRH)", draft-ietf-6man-segment-routing-header-13 (work in 701 progress), May 2018. 703 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 704 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 705 and M. Chen, "BGP Link-State extensions for Segment 706 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-08 707 (work in progress), May 2018. 709 [I-D.ietf-idr-bgpls-segment-routing-epe] 710 Previdi, S., Filsfils, C., Patel, K., Ray, S., and J. 711 Dong, "BGP-LS extensions for Segment Routing BGP Egress 712 Peer Engineering", draft-ietf-idr-bgpls-segment-routing- 713 epe-15 (work in progress), March 2018. 715 [I-D.ietf-spring-segment-routing-msdc] 716 Filsfils, C., Previdi, S., Dawra, G., Aries, E., and P. 717 Lapukhov, "BGP-Prefix Segment in large-scale data 718 centers", draft-ietf-spring-segment-routing-msdc-09 (work 719 in progress), May 2018. 721 [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., 722 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 723 Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, 724 . 726 [RFC5004] Chen, E. and S. Sangli, "Avoid BGP Best Path Transitions 727 from One External to Another", RFC 5004, 728 DOI 10.17487/RFC5004, September 2007, . 731 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 732 S. Ray, "North-Bound Distribution of Link-State and 733 Traffic Engineering (TE) Information Using BGP", RFC 7752, 734 DOI 10.17487/RFC7752, March 2016, . 737 Authors' Addresses 739 Stefano Previdi 740 Cisco Systems 741 IT 743 Email: stefano@previdi.net 744 Clarence Filsfils 745 Cisco Systems 746 Brussels 747 Belgium 749 Email: cfilsfils@cisco.com 751 Acee Lindem (editor) 752 Cisco Systems 753 301 Midenhall Way 754 Cary, NC 27513 755 USA 757 Email: acee@cisco.com 759 Arjun Sreekantiah 761 Email: arjunhrs@gmail.com 763 Hannes Gredler 764 RtBrick Inc. 766 Email: hannes@rtbrick.com