idnits 2.17.1 draft-ietf-lsr-isis-srv6-extensions-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 14 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 18, 2021) is 1036 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-13) exists of draft-ietf-6man-spring-srv6-oam-10 == Outdated reference: A later version (-26) exists of draft-ietf-lsr-flex-algo-15 -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO10589' Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Networking Working Group P. Psenak, Ed. 3 Internet-Draft C. Filsfils 4 Updates: 7370 (if approved) Cisco Systems 5 Intended status: Standards Track A. Bashandy 6 Expires: December 20, 2021 Individual 7 B. Decraene 8 Orange 9 Z. Hu 10 Huawei Technologies 11 June 18, 2021 13 IS-IS Extensions to Support Segment Routing over IPv6 Dataplane 14 draft-ietf-lsr-isis-srv6-extensions-16 16 Abstract 18 The Segment Routing (SR) architecture allows flexible definition of 19 the end-to-end path by encoding it as a sequence of topological 20 elements called "segments". It can be implemented over the MPLS or 21 the IPv6 data plane. This document describes the IS-IS extensions 22 required to support Segment Routing over the IPv6 data plane. 24 This document updates RFC 7370 by modifying an existing registry. 26 Requirements Language 28 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 29 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 30 "OPTIONAL" in this document are to be interpreted as described in BCP 31 14 [RFC2119] [RFC8174] when, and only when, they appear in all 32 capitals, as shown here. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on December 20, 2021. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. SRv6 Capabilities sub-TLV . . . . . . . . . . . . . . . . . . 4 69 3. Advertising Supported Algorithms . . . . . . . . . . . . . . 4 70 4. Advertising Maximum SRv6 SID Depths . . . . . . . . . . . . . 5 71 4.1. Maximum Segments Left MSD Type . . . . . . . . . . . . . 5 72 4.2. Maximum End Pop MSD Type . . . . . . . . . . . . . . . . 5 73 4.3. Maximum H.Encaps MSD Type . . . . . . . . . . . . . . . . 5 74 4.4. Maximum End D MSD Type . . . . . . . . . . . . . . . . . 6 75 5. SRv6 SIDs and Reachability . . . . . . . . . . . . . . . . . 6 76 6. Advertising Anycast Property . . . . . . . . . . . . . . . . 7 77 7. Advertising Locators and End SIDs . . . . . . . . . . . . . . 8 78 7.1. SRv6 Locator TLV Format . . . . . . . . . . . . . . . . . 9 79 7.2. SRv6 End SID sub-TLV . . . . . . . . . . . . . . . . . . 10 80 8. Advertising SRv6 Adjacency SIDs . . . . . . . . . . . . . . . 12 81 8.1. SRv6 End.X SID sub-TLV . . . . . . . . . . . . . . . . . 12 82 8.2. SRv6 LAN End.X SID sub-TLV . . . . . . . . . . . . . . . 14 83 9. SRv6 SID Structure Sub-Sub-TLV . . . . . . . . . . . . . . . 16 84 10. Advertising Endpoint Behaviors . . . . . . . . . . . . . . . 17 85 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 86 11.1. SRv6 Locator TLV . . . . . . . . . . . . . . . . . . . . 18 87 11.1.1. SRv6 End SID sub-TLV . . . . . . . . . . . . . . . . 18 88 11.1.2. Revised sub-TLV table . . . . . . . . . . . . . . . 19 89 11.2. SRv6 Capabilities sub-TLV . . . . . . . . . . . . . . . 19 90 11.3. Sub-Sub-TLVs of the SRv6 Capability sub-TLV . . . . . . 20 91 11.4. SRv6 End.X SID and SRv6 LAN End.X SID sub-TLVs . . . . . 20 92 11.5. MSD Types . . . . . . . . . . . . . . . . . . . . . . . 20 93 11.6. Sub-Sub-TLVs for SID Sub-TLVs . . . . . . . . . . . . . 21 94 11.7. Prefix Attribute Flags Sub-TLV . . . . . . . . . . . . . 21 95 11.8. ISIS SRv6 Capabilities sub-TLV Flags Registry . . . . . 22 96 11.9. ISIS SRv6 Locator TLV Flags Registry . . . . . . . . . . 22 97 11.10. ISIS SRv6 End SID sub-TLV Flags Registry . . . . . . . . 22 98 11.11. ISIS SRv6 End.X SID and LAN End.X SID sub-TLVs Flags 99 Registry . . . . . . . . . . . . . . . . . . . . . . . . 23 100 12. Security Considerations . . . . . . . . . . . . . . . . . . . 23 101 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 24 102 14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 25 103 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 104 15.1. Normative References . . . . . . . . . . . . . . . . . . 26 105 15.2. Informative References . . . . . . . . . . . . . . . . . 28 106 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 108 1. Introduction 110 With Segment Routing (SR) [RFC8402], a node steers a packet through 111 an ordered list of instructions, called segments. 113 Segments are identified through Segment Identifiers (SIDs). 115 Segment Routing can be directly instantiated on the IPv6 data plane 116 through the use of the Segment Routing Header defined in [RFC8754]. 117 SRv6 refers to this SR instantiation on the IPv6 dataplane. 119 The network programming paradigm [RFC8986] is central to SRv6. It 120 describes how any behavior can be bound to a SID and how any network 121 program can be expressed as a combination of SIDs. 123 This document specifies IS-IS extensions that allow the IS-IS 124 protocol to encode some of these SIDs and their behaviors. 126 Familiarity with the network programming paradigm [RFC8986] is 127 necessary to understand the extensions specified in this document. 129 The new SRv6 Locator top level TLV announces SRv6 locators - a form 130 of summary address for the set of topology/algorithm-specific SIDs 131 instantiated at the node. 133 The SRv6 Capabilities sub-TLV announces the ability to support SRv6. 135 Several new sub-TLVs are defined to advertise various SRv6 Maximum 136 SID Depths. 138 The SRv6 End SID sub-TLV, the SRv6 End.X SID sub-TLV, and the SRv6 139 LAN End.X SID sub-TLV are used to advertise which SIDs are 140 instantiated at a node and what Endpoint behavior is bound to each 141 instantiated SID. 143 This document updates [RFC7370] by modifying an existing registry 144 (Section 11.1.2). 146 2. SRv6 Capabilities sub-TLV 148 A node indicates that it supports the SR Segment Endpoint Node 149 functionality as specified in [RFC8754] by advertising a new SRv6 150 Capabilities sub-TLV of the router capabilities TLV [RFC7981]. 152 The SRv6 Capabilities sub-TLV may contain optional sub-sub-TLVs. No 153 sub-sub-TLVs are currently defined. 155 The SRv6 Capabilities sub-TLV has the following format: 157 0 1 2 3 158 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 160 | Type | Length | Flags | 161 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 162 | optional sub-sub-TLVs... 164 Type: 25 166 Length: 2 + length of sub-sub-TLVs 168 Flags: 2 octets The following flags are defined: 170 0 1 171 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 | |O| Reserved | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 where: 178 O-flag: If set, the router supports use of the O-bit 179 in the Segment Routing Header (SRH) as defined in 180 [I-D.ietf-6man-spring-srv6-oam]. 182 The remaining bits, including bit 0, are reserved for future use. They MUST be 183 set to zero on transmission and MUST be ignored on receipt. 185 3. Advertising Supported Algorithms 187 An SRv6 capable router indicates supported algorithm(s) by 188 advertising the Segment Routing Algorithm sub-TLV as defined in 189 [RFC8667]. 191 4. Advertising Maximum SRv6 SID Depths 193 [RFC8491] defines the means to advertise node/link specific values 194 for Maximum SID Depths (MSD) of various types. Node MSDs are 195 advertised in a sub-TLV of the Router Capabilities TLV [RFC7981]. 196 Link MSDs are advertised in a sub-TLV of TLVs 22, 23, 25, 141, 222, 197 and 223. 199 This document defines the relevant SRv6 MSDs and requests MSD type 200 assignments in the MSD Types registry created by [RFC8491]. 202 4.1. Maximum Segments Left MSD Type 204 The Maximum Segments Left MSD Type signals the maximum value of the 205 "Segments Left" field [RFC8754] in the SRH of a received packet 206 before applying the Endpoint behavior associated with a SID. 208 SRH Max Segments Left Type: 41 210 If no value is advertised, the supported value is 0. 212 4.2. Maximum End Pop MSD Type 214 The Maximum End Pop MSD Type signals the maximum number of SIDs in 215 the SRH to which the router can apply "Penultimate Segment Pop of the 216 SRH" or "Ultimate Segment Pop of the SRH" behavior, as defined in 217 [RFC8986] flavors. 219 SRH Max End Pop Type: 42 221 If the advertised value is zero or no value is advertised, 222 then the router cannot apply PSP or USP flavors. 224 4.3. Maximum H.Encaps MSD Type 226 The Maximum H.Encaps MSD Type signals the maximum number of SIDs that 227 can be added to the Segment List of an SRH as part of the "H.Encaps" 228 behavior as defined in [RFC8986]. 230 SRH Max H.encaps Type: 44 232 If the advertised value is zero or no value is advertised, then the 233 headend can apply an SR Policy that only contains one segment, without 234 inserting any SRH header. 236 A non-zero SRH Max H.encaps MSD indicates that the headend can insert 237 an SRH up to the advertised number of SIDs. 239 4.4. Maximum End D MSD Type 241 The Maximum End D MSD Type specifies the maximum number of SIDs 242 present in an SRH when performing decapsulation. As specified in 243 [RFC8986] the permitted SID types include, but are not limited to 244 End.DX6, End.DT4, End.DT46, End with USD, End.X with USD. 246 SRH Max End D Type: 45 248 If the advertised value is zero or no value is advertised 249 then the router cannot apply any behavior that results in 250 decapsulation and forwarding of the inner packet if the 251 outer IPv6 header contains an SRH. 253 5. SRv6 SIDs and Reachability 255 As discussed in [RFC8986], an SRv6 Segment Identifier (SID) is 128 256 bits and consists of Locator, Function and Argument parts. 258 A node is provisioned with topology/algorithm specific locators for 259 each of the topology/algorithm pairs supported by that node. Each 260 locator is a covering prefix for all SIDs provisioned on that node 261 which have the matching topology/algorithm. 263 Locators MUST be advertised in the SRv6 Locator TLV (see 264 Section 7.1). Forwarding entries for the locators advertised in the 265 SRv6 Locator TLV MUST be installed in the forwarding plane of 266 receiving SRv6 capable routers when the associated topology/algorithm 267 is supported by the receiving node. The processing of the prefix 268 advertised in the SRv6 Locator TLV, the calculation of its 269 reachability and the installation in the forwarding plane follows the 270 process defined for the Prefix Reachability TLV 236 [RFC5308], or TLV 271 237 [RFC5120]. 273 Locators associated with algorithm 0 and 1 (for all supported 274 topologies) SHOULD be advertised in a Prefix Reachability TLV (236 or 275 237) so that legacy routers (i.e., routers which do not support SRv6) 276 will install a forwarding entry for algorithm 0 and 1 SRv6 traffic. 278 In cases where the same prefix, with the same prefix-length, Multi 279 Topology ID (MT ID), and algorithm is received in both a Prefix 280 Reachability TLV and an SRv6 Locator TLV, the Prefix Reachability 281 advertisement MUST be preferred when installing entries in the 282 forwarding plane. This is to prevent inconsistent forwarding entries 283 between SRv6 capable and SRv6 incapable routers. Such preference of 284 Prefix Reachability advertisement does not have any impact on the 285 rest of the data advertised in the SRv6 Locator TLV. 287 Locators associated with Flexible Algorithms (see Section 4 of 288 [I-D.ietf-lsr-flex-algo]) SHOULD NOT be advertised in Prefix 289 Reachability TLVs (236 or 237). Advertising the Flexible Algorithm 290 locator in regular Prefix Reachability TLV (236 or 237) would make 291 the forwarding for it to follow algo 0 path. 293 SRv6 SIDs are advertised as sub-TLVs in the SRv6 Locator TLV except 294 for SRv6 SIDs which are associated with a specific Neighbor/Link and 295 are therefore advertised as sub-TLVs in TLVs 22, 23, 25, 141, 222, 296 and 223. 298 SRv6 SIDs received from other nodes are not directly routable and 299 MUST NOT be installed in the forwarding plane. Reachability to SRv6 300 SIDs depends upon the existence of a covering locator. 302 Adherence to the rules defined in this section will assure that SRv6 303 SIDs associated with a supported topology/algorithm pair will be 304 forwarded correctly, while SRv6 SIDs associated with an unsupported 305 topology/algorithm pair will be dropped. NOTE: The drop behavior 306 depends on the absence of a default/summary route covering a given 307 locator. 309 In order for forwarding to work correctly, the locator associated 310 with SRv6 SID advertisements must be the longest match prefix 311 installed in the forwarding plane for those SIDs. In order to ensure 312 correct forwarding, network operators should take steps to make sure 313 that this requirement is not compromised. For example, the following 314 situations should be avoided: 316 o Another locator associated with a different topology/algorithm is 317 the longest match 319 o Another prefix advertisement (i.e., from TLV 236 or 237) is the 320 longest match 322 6. Advertising Anycast Property 324 Both prefixes and SRv6 Locators may be configured as anycast and as 325 such the same value can be advertised by multiple routers. It is 326 useful for other routers to know that the advertisement is for an 327 anycast identifier. 329 A new flag in Prefix Attribute Flags Sub-TLV [RFC7794] is defined to 330 advertise the anycast property: 332 Bit #: 4 333 Name: Anycast Flag (A-flag) 335 When the prefix/SRv6 locator is configured as anycast, the A-flag 336 SHOULD be set. Otherwise, this flag MUST be clear. 338 The A-flag MUST be preserved when the advertisement is leaked between 339 levels. 341 The A-flag and the N-flag MUST NOT both be set. If both N-flag and 342 A-flag are set in the prefix/SRv6 Locator advertisement, the 343 receiving routers MUST ignore the N-flag. 345 The same prefix/SRv6 Locator can be advertised by multiple routers. 346 If at least one of them sets the A-Flag in its advertisement, the 347 prefix/SRv6 Locator SHOULD be considered as anycast. 349 A prefix/SRv6 Locator that is advertised by a single node and without 350 an A-Flag is considered node specific. 352 All the nodes advertising the same anycast locator MUST instantiate 353 the exact same set of SIDs under that anycast locator. Failure to do 354 so may result in traffic being black-holed or mis-routed. 356 The Prefix Attribute Flags Sub-TLV can be carried in the SRv6 Locator 357 TLV as well as the Prefix Reachability TLVs. When a router 358 originates both the Prefix Reachability TLV and the SRv6 Locator TLV 359 for a given prefix, and the router is originating the Prefix 360 Attribute Flags Sub-TLV in one of the TLVs, the router SHOULD 361 advertise the same flags in the Prefix Attribute Flags Sub-TLV in 362 both TLVs. However, unlike TLVs 236 [RFC5308] and 237 [RFC5120] the 363 X-flag in the Prefix Attributes Flags sub-TLV is valid when sent in 364 the SRv6 Locator TLV. The state of the X-flag in the Prefix 365 Attributes Flags sub-TLV when included in the Locator TLV MUST match 366 the setting of the embedded "X-bit" in any advertisement for the same 367 prefix in TLVs 236 [RFC5308] and 237 [RFC5120]. In case of any 368 inconsistency between the Prefix Attribute Flags advertised in the 369 Locator TLV and in the Prefix Reachability TLV, the ones advertised 370 in Prefix Reachability TLV MUST be preferred. 372 7. Advertising Locators and End SIDs 374 The SRv6 Locator TLV is introduced to advertise SRv6 Locators and End 375 SIDs associated with each locator. 377 This new TLV shares the sub-TLV space defined for TLVs 135, 235, 236 378 and 237. 380 7.1. SRv6 Locator TLV Format 382 The SRv6 Locator TLV has the following format: 384 0 1 2 3 385 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | Type | Length |R|R|R|R| MT ID | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | Locator Entries . . . | 391 Type: 27 393 Length: variable. 395 R bits: reserved for future use. They MUST be set to zero on 396 transmission and MUST be ignored on receipt. 398 MT ID: Multitopology Identifier as defined in [RFC5120]. Note 399 that the value 0 is legal. 401 Followed by one or more locator entries of the form: 403 0 1 2 3 404 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 | Metric | 407 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 408 | Flags | Algorithm | 409 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 410 | Loc Size | Locator (variable)... 411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 | Sub-TLV-len | Sub-TLVs (variable) . . . | 413 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 415 Metric: 4 octets. As described in Section 4 of [RFC5305]. 417 Flags: 1 octet. The following flags are defined: 419 0 420 0 1 2 3 4 5 6 7 421 +-+-+-+-+-+-+-+-+ 422 |D| Reserved | 423 +-+-+-+-+-+-+-+-+ 425 D-flag: Same as described in section 4.1. of [RFC5305]. 427 The remaining bits are reserved for future use. They MUST be 428 set to zero on transmission and MUST be ignored on receipt. 430 Algorithm: 1 octet. As defined in IGP Algorithm Types registry 431 [RFC8665]. 433 Loc-Size: 1 octet. Number of bits in the SRv6 Locator field. 434 MUST be from the range (1 - 128). The TLV MUST be ignored if the 435 Loc-Size is outside this range. 437 Locator: 1-16 octets. This field encodes the advertised SRv6 438 Locator. The Locator is encoded in the minimal number of octets 439 for the given number of bits. Trailing bits MUST be set to zero 440 and ignored when received. 442 Sub-TLV-length: 1 octet. Number of octets used by sub-TLVs. 444 Optional sub-TLVs: Supported sub-TLVs are specified in 445 Section 11.1.2. Any Sub-TLV that is not allowed in the SRv6 446 Locator TLV MUST be ignored. 448 Prefix Attribute Flags Sub-TLV [RFC7794] SHOULD be included in the 449 Locator TLV. 451 Prefix Attribute Flags Sub-TLV MUST be included in the the Locator 452 TLV when it is leaked upwards in the hierarchy or originated as a 453 result of the redistribution from another protocol or another ISIS 454 instance. If the Prefix Attribute Flags Sub-TLV is not included in 455 these cases, receivers will be unable to determine the correct source 456 of the advertisement. The receivers will be unable to detect the 457 violation. 459 7.2. SRv6 End SID sub-TLV 461 The SRv6 End SID sub-TLV is introduced to advertise SRv6 Segment 462 Identifiers (SID) with Endpoint behaviors which do not require a 463 particular neighbor in order to be correctly applied. SRv6 SIDs 464 associated with a neighbor are advertised using the sub-TLVs defined 465 in Section 8. 467 Supported behavior values, together with parent TLVs in which they 468 are advertised, are specified in Section 10 of this document. Please 469 note that not all behaviors defined in [RFC8986] are defined in this 470 document, e.g. END.T is not. 472 This new sub-TLV is advertised in the SRv6 Locator TLV defined in the 473 previous section. SRv6 End SIDs inherit the topology/algorithm from 474 the parent locator. 476 The SRv6 End SID sub-TLV has the following format: 478 0 1 2 3 479 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 480 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 481 | Type | Length | 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 | Flags | Endpoint Behavior | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | SID (128 bits) . . . | 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 487 | SID (cont . . .) | 488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 489 | SID (cont . . .) | 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 | SID (cont . . .) | 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 |Sub-sub-TLV-len| Sub-sub-TLVs (variable) . . . | 494 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 496 Type: 5. 498 Length: variable. 500 Flags: 1 octet. No flags are currently defined. All bits are 501 reserved for future use. They MUST be set to zero on transmission 502 and MUST be ignored on receipt. 504 Endpoint Behavior: 2 octets, as defined in [RFC8986]. Supported 505 behavior values for this sub-TLV are defined in Section 10 of this 506 document. Unsupported or unrecognized behavior values are ignored 507 by the receiver. 509 SID: 16 octets. This field encodes the advertised SRv6 SID. 511 Sub-sub-TLV-length: 1 octet. Number of octets used by sub-sub- 512 TLVs. 514 Optional Sub-sub-TLVs: Supported Sub-sub-TLVs are specified in 515 Section 11.6. Any Sub-sub-TLV that is not allowed in SRv6 End SID 516 sub-TLV MUST be ignored. 518 The SRv6 End SID MUST be allocated from its associated locator. SRv6 519 End SIDs that are not allocated from the associated locator MUST be 520 ignored. 522 Multiple SRv6 End SIDs MAY be associated with the same locator. In 523 cases where the number of SRv6 End SID sub-TLVs exceeds the capacity 524 of a single TLV, multiple Locator TLVs for the same locator MAY be 525 advertised. For a given MTID/Locator the algorithm MUST be the same 526 in all TLVs. If this restriction is not met all TLVs for that MTID/ 527 Locator MUST be ignored. 529 8. Advertising SRv6 Adjacency SIDs 531 Certain SRv6 Endpoint behaviors [RFC8986] are associated with a 532 particular adjacency. 534 This document defines two new sub-TLVs of TLV 22, 23, 25, 141, 222, 535 and 223 - namely "SRv6 End.X SID sub-TLVs" and "SRv6 LAN End.X SID 536 sub-TLVs". 538 IS-IS Neighbor advertisements are topology specific - but not 539 algorithm specific. SIDs advertised in SRv6 End.X SID and SRv6 LAN 540 End.X SID sub-TLVs therefore inherit the topology from the associated 541 neighbor advertisement, but the algorithm is specified in the 542 individual SID. 544 All SIDs advertised in SRv6 End.X SID and SRv6 LAN End.X SID sub-TLVs 545 MUST be a subnet of a Locator with matching topology and algorithm 546 which is advertised by the same node in an SRv6 Locator TLV. SIDs 547 that do not meet this requirement MUST be ignored. This ensures that 548 the node advertising these SIDs is also advertising its corresponding 549 Locator with the algorithm that will be used for computing paths 550 destined to the SID. 552 8.1. SRv6 End.X SID sub-TLV 554 This sub-TLV is used to advertise an SRv6 SID associated with a point 555 to point adjacency. Multiple SRv6 End.X SID sub-TLVs MAY be 556 associated with the same adjacency. 558 The SRv6 End.X SID sub-TLV has the following format: 560 0 1 2 3 561 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 563 | Type | Length | 564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 565 | Flags | Algorithm | Weight | 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 567 | Endpoint Behavior | 568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 569 | SID (128 bits) . . . | 570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 571 | SID (cont . . .) | 572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 573 | SID (cont . . .) | 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 | SID (cont . . .) | 576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 577 |Sub-sub-tlv-len| Sub-sub-TLVs (variable) . . . | 578 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 580 Type: 43 582 Length: variable. 584 Flags: 1 octet. 586 0 1 2 3 4 5 6 7 587 +-+-+-+-+-+-+-+-+ 588 |B|S|P|Reserved | 589 +-+-+-+-+-+-+-+-+ 591 where: 593 B-Flag: Backup flag. If set, the SID is eligible for 594 protection, e.g., using IP Fast Re-route (IPFRR) [RFC5286], as 595 described in [RFC8355]. 597 S-Flag. Set flag. When set, the S-Flag indicates that the SID 598 refers to a set of adjacencies (and therefore MAY be assigned 599 to other adjacencies as well). 601 P-Flag. Persistent flag. When set, the P-Flag indicates that 602 the SID is persistently allocated, i.e., the SID value remains 603 consistent across router restart and/or interface flap. 605 Reserved bits: MUST be zero when originated and MUST be ignored 606 when received. 608 Algorithm: 1 octet. As defined in IGP Algorithm Types registry 609 [RFC8665]. 611 Weight: 1 octet. The value represents the weight of the SID for 612 the purpose of load balancing. The use of the weight is defined 613 in [RFC8402]. 615 Endpoint Behavior: 2 octets. As defined in [RFC8986]. Supported 616 behavior values for this sub-TLV are defined in Section 10 of this 617 document. Unsupported or unrecognized behavior values are ignored 618 by the receiver. 620 SID: 16 octets. This field encodes the advertised SRv6 SID. 622 Sub-sub-TLV-length: 1 octet. Number of octets used by sub-sub- 623 TLVs. 625 Optional Sub-sub-TLVs: Supported Sub-sub-TLVs are specified in 626 Section 11.6. Any Sub-sub-TLV that is not allowed in SRv6 End.X 627 SID sub-TLV MUST be ignored. 629 Note that multiple TLVs for the same neighbor may be required in 630 order to advertise all the SRv6 SIDs associated with that neighbor. 632 8.2. SRv6 LAN End.X SID sub-TLV 634 This sub-TLV is used to advertise an SRv6 SID associated with a LAN 635 adjacency. Since the parent TLV is advertising an adjacency to the 636 Designated Intermediate System (DIS) for the LAN, it is necessary to 637 include the System ID of the physical neighbor on the LAN with which 638 the SRv6 SID is associated. Given that many neighbors may exist on a 639 given LAN, multiple SRv6 LAN END.X SID sub-TLVs may be associated 640 with the same LAN. Note that multiple TLVs for the same DIS neighbor 641 may be required in order to advertise all the SRv6 SIDs associated 642 with that neighbor. 644 The SRv6 LAN End.X SID sub-TLV has the following format: 646 0 1 2 3 647 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 648 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 649 | Type | Length | | 650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 651 | Neighbor System-ID (ID length octets) | 652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 | Flags | Algorithm | Weight | 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 | Endpoint Behavior | 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 | SID (128 bits) . . . | 658 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 | SID (cont . . .) | 660 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 | SID (cont . . .) | 662 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 663 | SID (cont . . .) | 664 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 665 |Sub-sub-TLV-len| sub-sub-TLVs (variable) . . . | 666 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 668 Type: 44 670 Length: variable. 672 Neighbor System-ID: IS-IS System-ID of length "ID Length" as 673 defined in [ISO10589]. 675 Flags: 1 octet. 677 0 1 2 3 4 5 6 7 678 +-+-+-+-+-+-+-+-+ 679 |B|S|P|Reserved | 680 +-+-+-+-+-+-+-+-+ 682 where B,S, and P flags are as described in Section 8.1. 683 Reserved bits MUST be zero when originated and MUST be ignored 684 when received. 686 Algorithm: 1 octet. As defined in IGP Algorithm Types registry 687 [RFC8665]. 689 Weight: 1 octet. The value represents the weight of the SID for 690 the purpose of load balancing. The use of the weight is defined 691 in [RFC8402]. 693 Endpoint Behavior: 2 octets. As defined in [RFC8986]. Supported 694 behavior values for this sub-TLV are defined in Section 10 of this 695 document. Unsupported or unrecognized behavior values are ignored 696 by the receiver. 698 SID: 16 octets. This field encodes the advertised SRv6 SID. 700 Sub-sub-TLV-length: 1 octet. Number of octets used by sub-sub- 701 TLVs. 703 Optional Sub-sub-TLVs: Supported Sub-sub-TLVs are specified in 704 Section 11.6. Any Sub-sub-TLV that is not allowed in SRv6 LAN 705 End.X SID sub-TLV MUST be ignored. 707 Note that multiple TLVs for the same neighbor, on the same LAN, may 708 be required in order to advertise all the SRv6 SIDs associated with 709 that neighbor. 711 9. SRv6 SID Structure Sub-Sub-TLV 713 SRv6 SID Structure Sub-Sub-TLV is an optional Sub-Sub-TLV of: 715 SRv6 End SID Sub-TLV (Section 7.2) 717 SRv6 End.X SID Sub-TLV (Section 8.1) 719 SRv6 LAN End.X SID Sub-TLV (Section 8.2) 721 SRv6 SID Structure Sub-Sub-TLV is used to advertise the structure of 722 the SRv6 SID as defined in [RFC8986]. It has the following format: 724 0 1 2 3 725 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 727 | Type | Length | 728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 729 | LB Length | LN Length | Fun. Length | Arg. Length | 730 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 where: 734 Type: 1 736 Length: 4 octets. 738 LB Length: 1 octet. SRv6 SID Locator Block length in bits. 740 LN Length: 1 octet. SRv6 SID Locator Node length in bits. 742 Fun. Length: 1 octet. SRv6 SID Function length in bits. 744 Arg. Length: 1 octet. SRv6 SID Arguments length in bits. 746 ISIS SRv6 SID Structure Sub-Sub-TLV MUST NOT appear more than once in 747 its parent Sub-TLV. If it appears more than once in its parent Sub- 748 TLV, the parent Sub-TLV MUST be ignored by the receiver. 750 The sum of all four sizes advertised in ISIS SRv6 SID Structure Sub- 751 Sub-TLV MUST be less than or equal to 128 bits. If the sum of all 752 four sizes advertised in the ISIS SRv6 SID Structure Sub-Sub-TLV is 753 larger than 128 bits, the parent Sub-TLV MUST be ignored by the 754 receiver. 756 The SRv6 SID Sub-Sub-TLV is intended for informational use by the 757 control and management planes. It MUST NOT be used at a transit node 758 (as defined in [RFC8754]) for forwarding packets. As an example, 759 this information could be used for: 761 o validation of SRv6 SIDs being instantiated in the network and 762 advertised via ISIS. These can be learnt by controllers via BGP- 763 LS and then be monitored for conformance to the SRv6 SID 764 allocation scheme chosen by the operator as described in 765 Section 3.2 of [RFC8986]. 767 o verification and the automation for securing the SRv6 domain by 768 provisioning filtering rules at SR domain boundaries as described 769 in Section 5 of [RFC8754]. 771 The details of these potential applications are outside the scope of 772 this document. 774 10. Advertising Endpoint Behaviors 776 Endpoint behaviors are defined in [RFC8986]. The codepoints for the 777 Endpoint behaviors are defined in the "SRv6 Endpoint Behaviors" 778 registry defined in [RFC8986]. If a behavior is advertised it MUST 779 only be advertised in the TLV[s] as indicated by "Y" in the table 780 below, and MUST NOT be advertised in the TLV[s] as indicated by "N" 781 in the table below. 783 Endpoint |Endpoint | End | End.X | Lan End.X | 784 Behavior |Behavior Codepoint| SID | SID | SID | 785 ----------------------|------------------|-----|-------|-----------| 786 End (PSP, USP, USD)| 1-4, 28-31 | Y | N | N | 787 ----------------------|------------------|-----|-------|-----------| 788 End.X (PSP, USP, USD)| 5-8, 32-35 | N | Y | Y | 789 ----------------------|------------------|-----|-------|-----------| 790 End.DX6 | 16 | N | Y | Y | 791 ----------------------|------------------|-----|-------|-----------| 792 End.DX4 | 17 | N | Y | Y | 793 ----------------------|------------------|-----|-------|-----------| 794 End.DT6 | 18 | Y | N | N | 795 ----------------------|------------------|-----|-------|-----------| 796 End.DT4 | 19 | Y | N | N | 797 ----------------------|------------------|-----|-------|-----------| 798 End.DT46 | 20 | Y | N | N | 800 11. IANA Considerations 802 This document requests allocation for the following TLVs, sub-TLVs, 803 and sub-sub-TLVs as well as updating the ISIS TLV registry and 804 defining new registries. 806 11.1. SRv6 Locator TLV 808 This document makes the following registrations in the IS-IS TLV 809 Codepoints registry. 811 Type Description IIH LSP SNP Purge 812 ---- --------------------- --- --- --- ----- 813 27 SRv6 Locator TLV n y n n 815 11.1.1. SRv6 End SID sub-TLV 817 The SRv6 Locator TLV shares sub-TLV space with TLVs 135, 235, 236 and 818 237. This document updates the "Sub-TLVs for TLVs 135, 235, 236, and 819 237 (Extended IP reachability, MT IP. Reach, IPv6 IP. Reach, and MT 820 IPv6 IP. Reach TLVs)" registry defined in [RFC7370]. IANA is 821 requested to update the name of the "Sub-TLVs for TLVs 135, 235, 236, 822 and 237 (Extended IP reachability, MT IP. Reach, IPv6 IP. Reach, 823 and MT IPv6 IP. Reach TLVs)" registry to "Sub-TLVs for TLVs 27, 135, 824 235, 236, and 237 (SRv6 Locator, Extended IP reachability, MT IP. 825 Reach, IPv6 IP. Reach, and MT IPv6 IP. Reach TLVs)". 827 IANA is asked to add this document as a reference to (renamed) "Sub- 828 TLVs for TLVs 27, 135, 235, 236, and 237 (SRv6 Locator, Extended IP 829 reachability, MT IP. Reach, IPv6 IP. Reach, and MT IPv6 IP. Reach 830 TLVs)" registry. 832 This document makes the following registrations in the (renamed) 833 "Sub-TLVs for TLVs 27, 135, 235, 236, and 237 (SRv6 Locator, Extended 834 IP reachability, MT IP. Reach, IPv6 IP. Reach, and MT IPv6 IP. 835 Reach TLVs)" registry: 837 Type: 5 839 Description: SRv6 End SID sub-TLV. 841 Reference: This document (Section 7.2). 843 11.1.2. Revised sub-TLV table 845 The revised table of sub-TLVs for the (renamed) "Sub-TLVs for TLVs 846 27, 135, 235, 236, and 237 (SRv6 Locator, Extended IP reachability, 847 MT IP. Reach, IPv6 IP. Reach, and MT IPv6 IP. Reach TLVs)" 848 registry is shown below: 850 Type 27 135 235 236 237 852 1 y y y y y 853 2 y y y y y 854 3 n y y y y 855 4 y y y y y 856 5 y n n n n 857 6 n y y y y 858 11 y y y y y 859 12 y y y y y 860 32 n y y y y 862 11.2. SRv6 Capabilities sub-TLV 864 This document makes the following registrations in the "Sub-TLVs for 865 TLV 242 (IS-IS Router CAPABILITY TLV)": 867 Type: 25 869 Description: SRv6 Capabilities sub-TLV. 871 Reference: This document (Section 2). 873 11.3. Sub-Sub-TLVs of the SRv6 Capability sub-TLV 875 This document requests a new IANA registry be created under the IS-IS 876 TLV Codepoints Registry to control the assignment of sub-TLV types 877 for the SRv6 Capability sub-TLV specified in this document - 878 Section 2. The suggested name of the new registry is "sub-sub-TLVs 879 of the SRv6 Capability sub-TLV". The registration procedure is 880 "Expert Review" as defined in [RFC8126]. Guidance for the Designated 881 Experts is provided in the [RFC7370]. No sub-sub-TLVs are defined by 882 this document except for the reserved value. 884 0: Reserved 886 1-255: Unassigned 888 11.4. SRv6 End.X SID and SRv6 LAN End.X SID sub-TLVs 890 This document makes the following registrations in the "Sub-TLVs for 891 TLVs 22, 23, 25, 141, 222, and 223 (Extended IS reachability, IS 892 Neighbor Attribute, L2 Bundle Member Attributes, inter-AS 893 reachability information, MT-ISN, and MT IS Neighbor Attribute TLVs)" 894 registry: 896 Type: 43 898 Description: SRv6 End.X SID sub-TLV. 900 Reference: This document (Section 8.1). 902 Type: 44 904 Description: SRv6 LAN End.X SID sub-TLV. 906 Reference: This document (Section 8.2). 908 Type 22 23 25 141 222 223 910 43 y y y y y y 911 44 y y y y y y 913 11.5. MSD Types 915 This document makes the following registrations in the IGP MSD-Types 916 registry: 918 Value Name Reference 919 ------------------ 920 41 SRH Max SL [This Document] 921 42 SRH Max End Pop [This Document] 922 44 SRH Max H.encaps [This Document] 923 45 SRH Max End D [This Document] 925 11.6. Sub-Sub-TLVs for SID Sub-TLVs 927 This document requests a new IANA registry be created under the IS-IS 928 TLV Codepoints Registry to control the assignment of sub-TLV types 929 for the SID Sub-TLVs specified in this document - Section 7.2, 930 Section 8.1, Section 8.2. The suggested name of the new registry is 931 "sub-sub-TLVs for SRv6 End SID (5) (sub-TLV of TLVs 27, 135, 235, 236 932 and 237) and SRv6 End.X SID (43)/SRv6 LAN End.X SID (44) (Sub-TLVs 933 for TLVs 22, 23, 25, 141, 222, and 223)". The registration procedure 934 is "Expert Review" as defined in [RFC8126]. Guidance for the 935 Designated Experts is provided in [RFC7370]. The following 936 assignments are made by this document: 938 Type Description Encoding 939 Reference 940 --------------------------------------------------------- 941 0 Reserved 942 1 SRv6 SID Structure Sub-Sub-TLV [This Document] 943 2-255 Unassigned 945 Type 5 43 44 947 1 y y y 949 11.7. Prefix Attribute Flags Sub-TLV 951 This document adds a new bit in the "Bit Values for Prefix Attribute 952 Flags Sub-TLV" registry: 954 Bit #: 4 956 Description: Anycast Flag (A-flag) 958 Reference: This document (Section 6). 960 11.8. ISIS SRv6 Capabilities sub-TLV Flags Registry 962 This document requests a new IANA registry be created under the IS-IS 963 TLV Codepoints Registry to control the assignment of bits 0 to 15 in 964 the Flags field of the ISIS SRv6 Capabilities sub-TLV specified in 965 this document (Section 2). The suggested name of the new registry is 966 "ISIS SRv6 Capabilities sub-TLV Flags". The registration procedure 967 is "Expert Review" as defined in [RFC8126]. Guidance for the 968 Designated Experts is provided in [RFC7370]. The following 969 assignments are made by this document: 971 Bit #: 1 973 Description: O-flag 975 Reference: This document (Section 2). 977 11.9. ISIS SRv6 Locator TLV Flags Registry 979 This document requests a new IANA registry be created under the IS-IS 980 TLV Codepoints Registry to control the assignment of bits 0 to 7 in 981 the Flags field of the ISIS SRv6 Locator TLV specified in this 982 document (Section 7.1). The suggested name of the new registry is 983 "ISIS SRv6 Locator TLV Flags". The registration procedure is "Expert 984 Review" as defined in [RFC8126]. Guidance for the Designated Experts 985 is provided in [RFC7370]. The following assignments are made by this 986 document: 988 Bit #: 0 990 Description: D-flag 992 Reference: This document (Section 7.1). 994 11.10. ISIS SRv6 End SID sub-TLV Flags Registry 996 This document requests a new IANA registry be created under the IS-IS 997 TLV Codepoints Registry to control the assignment of bits 0 to 7 in 998 the Flags field of the ISIS SRv6 End SID sub-TLV specified in this 999 document (Section 7.2). The suggested name of the new registry is 1000 "ISIS SRv6 End SID sub-TLV Flags". The registration procedure is 1001 "Expert Review" as defined in [RFC8126]. Guidance for the Designated 1002 Experts is provided in [RFC7370]. No assignments are made by this 1003 document. 1005 11.11. ISIS SRv6 End.X SID and LAN End.X SID sub-TLVs Flags Registry 1007 This document requests a new IANA registry be created under the IS-IS 1008 TLV Codepoints Registry to control the assignment of bits 0 to 7 in 1009 the Flags field of the ISIS SRv6 End.X SID and LAN End.X SID sub-TLVs 1010 (Section 8.1 and Section 8.2). The suggested name of the new 1011 registry is "ISIS SRv6 End.X SID and LAN End.X SID sub-TLVs Flags". 1012 The registration procedure is "Expert Review" as defined in 1013 [RFC8126]. Guidance for the Designated Experts is provided in 1014 [RFC7370]. The following assignments are made by this document: 1016 Bit #: 0 1018 Description: B-flag 1020 Reference: This document (Section 8.1). 1022 Bit #: 1 1024 Description: S-flag 1026 Reference: This document (Section 8.1). 1028 Bit #: 2 1030 Description: P-flag 1032 Reference: This document (Section 8.1). 1034 12. Security Considerations 1036 Security concerns for IS-IS are addressed in [ISO10589], [RFC5304], 1037 and [RFC5310]. While IS-IS is deployed under a single administrative 1038 domain, there can be deployments where potential attackers have 1039 access to one or more networks in the IS-IS routing domain. In these 1040 deployments, the stronger authentication mechanisms defined in the 1041 aforementioned documents SHOULD be used. 1043 This document describes the IS-IS extensions required to support 1044 Segment Routing over an IPv6 data plane. The security considerations 1045 for Segment Routing are discussed in [RFC8402]. [RFC8986] defines 1046 the SRv6 Network Programming concept and specifies the main Segment 1047 Routing behaviors to enable the creation of interoperable overlays; 1048 the security considerations from that document apply too. 1050 The advertisement for an incorrect MSD value may have negative 1051 consequences, see [RFC8491] for additional considerations. 1053 Security concerns associated with the setting of the O-flag are 1054 described in [I-D.ietf-6man-spring-srv6-oam]. 1056 Security concerns associated with the usage of Flex-Algorithms are 1057 described in [I-D.ietf-lsr-flex-algo]). 1059 13. Contributors 1061 The following people gave a substantial contribution to the content 1062 of this document and should be considered as co-authors: 1064 Stefano Previdi 1065 Huawei Technologies 1066 Email: stefano@previdi.net 1068 Paul Wells 1069 Cisco Systems 1070 Saint Paul, 1071 Minnesota 1072 United States 1073 Email: pauwells@cisco.com 1075 Daniel Voyer 1076 Email: daniel.voyer@bell.ca 1078 Satoru Matsushima 1079 Email: satoru.matsushima@g.softbank.co.jp 1081 Bart Peirens 1082 Email: bart.peirens@proximus.com 1084 Hani Elmalky 1085 Email: hani.elmalky@ericsson.com 1087 Prem Jonnalagadda 1088 Email: prem@barefootnetworks.com 1090 Milad Sharif 1091 Email: msharif@barefootnetworks.com> 1093 Robert Hanzl 1094 Cisco Systems 1095 Millenium Plaza Building, V Celnici 10, Prague 1, 1096 Prague, Czech Republic 1097 Email rhanzl@cisco.com 1099 Ketan Talaulikar 1100 Cisco Systems, Inc. 1101 Email: ketant@cisco.com 1103 14. Acknowledgments 1105 Thanks to Christian Hopps for his review comments and shepherd work. 1107 Thanks to Alvaro Retana and John Scudder for AD review and comments. 1109 15. References 1111 15.1. Normative References 1113 [I-D.ietf-6man-spring-srv6-oam] 1114 Ali, Z., Filsfils, C., Matsushima, S., Voyer, D., and M. 1115 Chen, "Operations, Administration, and Maintenance (OAM) 1116 in Segment Routing Networks with IPv6 Data plane (SRv6)", 1117 draft-ietf-6man-spring-srv6-oam-10 (work in progress), 1118 April 2021. 1120 [I-D.ietf-lsr-flex-algo] 1121 Psenak, P., Hegde, S., Filsfils, C., Talaulikar, K., and 1122 A. Gulko, "IGP Flexible Algorithm", draft-ietf-lsr-flex- 1123 algo-15 (work in progress), April 2021. 1125 [ISO10589] 1126 International Organization for Standardization, 1127 "Intermediate system to Intermediate system intra-domain 1128 routeing information exchange protocol for use in 1129 conjunction with the protocol for providing the 1130 connectionless-mode Network Service (ISO 8473)", Nov 2002. 1132 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1133 Requirement Levels", BCP 14, RFC 2119, 1134 DOI 10.17487/RFC2119, March 1997, 1135 . 1137 [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi 1138 Topology (MT) Routing in Intermediate System to 1139 Intermediate Systems (IS-ISs)", RFC 5120, 1140 DOI 10.17487/RFC5120, February 2008, 1141 . 1143 [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic 1144 Engineering", RFC 5305, DOI 10.17487/RFC5305, October 1145 2008, . 1147 [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, 1148 DOI 10.17487/RFC5308, October 2008, 1149 . 1151 [RFC7370] Ginsberg, L., "Updates to the IS-IS TLV Codepoints 1152 Registry", RFC 7370, DOI 10.17487/RFC7370, September 2014, 1153 . 1155 [RFC7794] Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and 1156 U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 1157 and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794, 1158 March 2016, . 1160 [RFC7981] Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions 1161 for Advertising Router Information", RFC 7981, 1162 DOI 10.17487/RFC7981, October 2016, 1163 . 1165 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1166 Writing an IANA Considerations Section in RFCs", BCP 26, 1167 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1168 . 1170 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1171 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1172 May 2017, . 1174 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 1175 Decraene, B., Litkowski, S., and R. Shakir, "Segment 1176 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 1177 July 2018, . 1179 [RFC8491] Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg, 1180 "Signaling Maximum SID Depth (MSD) Using IS-IS", RFC 8491, 1181 DOI 10.17487/RFC8491, November 2018, 1182 . 1184 [RFC8665] Psenak, P., Ed., Previdi, S., Ed., Filsfils, C., Gredler, 1185 H., Shakir, R., Henderickx, W., and J. Tantsura, "OSPF 1186 Extensions for Segment Routing", RFC 8665, 1187 DOI 10.17487/RFC8665, December 2019, 1188 . 1190 [RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C., 1191 Bashandy, A., Gredler, H., and B. Decraene, "IS-IS 1192 Extensions for Segment Routing", RFC 8667, 1193 DOI 10.17487/RFC8667, December 2019, 1194 . 1196 [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., 1197 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 1198 (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, 1199 . 1201 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, 1202 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 1203 (SRv6) Network Programming", RFC 8986, 1204 DOI 10.17487/RFC8986, February 2021, 1205 . 1207 15.2. Informative References 1209 [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for 1210 IP Fast Reroute: Loop-Free Alternates", RFC 5286, 1211 DOI 10.17487/RFC5286, September 2008, 1212 . 1214 [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic 1215 Authentication", RFC 5304, DOI 10.17487/RFC5304, October 1216 2008, . 1218 [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., 1219 and M. Fanto, "IS-IS Generic Cryptographic 1220 Authentication", RFC 5310, DOI 10.17487/RFC5310, February 1221 2009, . 1223 [RFC8355] Filsfils, C., Ed., Previdi, S., Ed., Decraene, B., and R. 1224 Shakir, "Resiliency Use Cases in Source Packet Routing in 1225 Networking (SPRING) Networks", RFC 8355, 1226 DOI 10.17487/RFC8355, March 2018, 1227 . 1229 Authors' Addresses 1231 Peter Psenak (editor) 1232 Cisco Systems 1233 Pribinova Street 10 1234 Bratislava 81109 1235 Slovakia 1237 Email: ppsenak@cisco.com 1239 Clarence Filsfils 1240 Cisco Systems 1241 Brussels 1242 Belgium 1244 Email: cfilsfil@cisco.com 1245 Ahmed Bashandy 1246 Individual 1248 Email: abashandy.ietf@gmail.com 1250 Bruno Decraene 1251 Orange 1252 Issy-les-Moulineaux 1253 France 1255 Email: bruno.decraene@orange.com 1257 Zhibo Hu 1258 Huawei Technologies 1260 Email: huzhibo@huawei.com