idnits 2.17.1 draft-ietf-mpls-sr-epe-oam-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 15 instances of too long lines in the document, the longest one being 5 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 515 has weird spacing: '...k-depth if an...' == Line 548 has weird spacing: '...k-depth if an...' -- The document date (June 16, 2020) is 1382 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5065' is mentioned on line 424, but not defined == Missing Reference: 'RFC4271' is mentioned on line 435, but not defined == Missing Reference: 'RFC6286' is mentioned on line 435, but not defined == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-07 Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Routing area S. Hegde 3 Internet-Draft K. Arora 4 Intended status: Standards Track M. Srivastava 5 Expires: December 18, 2020 Juniper Networks Inc. 6 S. Ninan 7 Individual Contributor 8 X. Xu 9 Alibaba Inc. 10 June 16, 2020 12 Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) 13 Egress Peer Engineering Segment Identifiers (SIDs) with MPLS Data Planes 14 draft-ietf-mpls-sr-epe-oam-00 16 Abstract 18 Egress Peer Engineering (EPE) is an application of Segment Routing to 19 Solve the problem of egress peer selection. The Segment Routing 20 based BGP-EPE solution allows a centralized controller, e.g. a 21 Software Defined Network (SDN) controller to program any egress peer. 22 The EPE solution requires a node to program the PeerNode Segment 23 Identifier(SID) describing a session between two nodes, the PeerAdj 24 SID describing the link (one or more) that is used by sessions 25 between peer nodes, and the PeerSet SID describing an arbitrary set 26 of sessions or links between a local node and its peers. This 27 document provides new sub-TLVs for EPE Segment Identifiers (SID) that 28 would be used in the MPLS Target stack TLV (Type 1), in MPLS Ping and 29 Traceroute procedures. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on December 18, 2020. 48 Copyright Notice 50 Copyright (c) 2020 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (https://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 66 2. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 3 67 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 68 4. FEC Definitions . . . . . . . . . . . . . . . . . . . . . . . 4 69 4.1. PeerAdj SID Sub-TLV . . . . . . . . . . . . . . . . . . . 4 70 4.2. PeerNode SID Sub-TLV . . . . . . . . . . . . . . . . . . 6 71 4.3. PeerSet SID Sub-TLV . . . . . . . . . . . . . . . . . . . 9 72 5. EPE-SID FEC validation . . . . . . . . . . . . . . . . . . . 11 73 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 75 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 77 9.1. Normative References . . . . . . . . . . . . . . . . . . 15 78 9.2. Informative References . . . . . . . . . . . . . . . . . 16 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 81 1. Introduction 83 Egress Peer Engineering (EPE) as defined in 84 [I-D.ietf-spring-segment-routing-central-epe] is an effective 85 mechanism to select the egress peer link based on different criteria. 86 The EPE-SIDs provide means to represent egress peer links. Many 87 network deployments have built their networks consisting of multiple 88 Autonomous Systems either for ease of operations or as a result of 89 network mergers and acquisitons. The inter-AS links connecting the 90 two Autonomous Systems could be traffic engineered using EPE-SIDs in 91 this case as well.It is important to be able to validate the control 92 plane to forwarding plane synchronization for these SIDs so that any 93 anomaly can be detected easily by the operator. 95 +---------+ +------+ 96 | | | | 97 | H B------D G 98 | | +---/| AS 2 |\ +------+ 99 | |/ +------+ \ | |---L/8 100 A AS1 C---+ \| | 101 | |\\ \ +------+ /| AS 4 |---M/8 102 | | \\ +-E |/ +------+ 103 | X | \\ | K 104 | | +===F AS 3 | 105 +---------+ +------+ 107 Figure 1: Reference Diagram 109 In this reference diagram, EPE-SIDs are advertised from AS1 to AS2 110 and AS3. In certain cases the EPE-SIDs advertised by the control 111 plane may not be in synchronization with label programmed in data- 112 plane. For example, on C a PeerAdj SID could be advertised to 113 indicate it is for the link C->D. Due to some software anomaly the 114 actual data forwarding on this PeerAdj SID could be happening over 115 C->E link. If E had relevant data paths for further forwarding the 116 packet, this kind of anomalies will go unnoticed by the operator. A 117 FEC definition for the EPE-SIDs will define the details of the 118 control plane association of the SID and the data plane validation of 119 the SID will be done during the MPLS trace route procedure. When 120 there is a multi-hop EBGP session between the ASBRs, PeerNode SID is 121 advertised and traffic would be load-balanced between the interfaces 122 connecting two nodes. In the reference diagram C and F could have a 123 PeerNode-SID advertised. When the OAM packet is received on F, it 124 needs to validate if the packet came on one of the two interfaces 125 connected to C. 127 This document provides Target Forwarding Equivalence Class (FEC) 128 stack TLV definitions for EPE-SIDs. Other procedures for MPLS Ping 129 and Traceroute as defined in [RFC8287] section 7 and clarified by 130 [RFC8690] are applicable for EPE-SIDs as well. 132 2. Theory of Operation 134 [I-D.ietf-idr-bgpls-segment-routing-epe] provides mechanisms to 135 advertise the EPE-SIDs in BGP-LS. These EPE-SIDs may be used to 136 build Segment Routing paths as described in 137 [I-D.ietf-spring-segment-routing-policy] or using Path Computation 138 Element Protocol (PCEP) extensions as defined in [RFC8664]. Data 139 plane monitoring for such paths which consist of EPE-SIDs will use 140 extensions defined in this document to build the Taget FEC stack TLV. 141 The MPLS Ping and Traceroute procedures MAY be initaited by the head- 142 end of the Segment Routing path or a centralized topology-aware data 143 plane monitoring system as described in [RFC8403]. The extensions in 144 [I-D.ietf-spring-segment-routing-policy] and [RFC8664] do not define 145 the details of the SID and such extensions are out of scope for this 146 document. The node initiating the data plane monitoring may acquire 147 the details of EPE-SIDs through BGP-LS advertisements as described in 148 [I-D.ietf-idr-bgpls-segment-routing-epe]. There may be other 149 possible mechanisms to learn the definition of the SID from 150 controller. Details of such mechanisms are out of scope for this 151 document. 153 The EPE-SIDs are advertised for inter-AS links which run EBGP 154 sessions. The procedures to operate EBGP sessions in a scenario with 155 unnumbered interfaces is not very well defined and hence out of scope 156 for this document. During AS migration scenario procedures described 157 in [RFC7705] may be in force. In these scenarios, if the local and 158 remote AS fields in the FEC as described in Section 4carries the 159 global AS and not the "local AS" as defined in [RFC7705], the FEC 160 validation procedures may fail. 162 3. Requirements Language 164 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 165 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 166 "OPTIONAL" in this document are to be interpreted as described in BCP 167 14, [RFC2119], [RFC8174] when, and only when, they appear in all 168 capitals, as shown here. 170 4. FEC Definitions 172 Three new sub-TLVs are defined for the Target FEC Stack TLV (Type 1), 173 the Reverse-Path Target FEC Stack TLV (Type 16), and the Reply Path 174 TLV (Type 21). 176 Sub-Type Sub-TLV Name 177 -------- --------------- 178 TBD1 PeerAdj SID Sub-TLV 179 TBD2 PeerNode SID Sub-TLV 180 TBD3 PeerSet SID Sub-TLV 182 Figure 2: New sub-TLV types 184 4.1. PeerAdj SID Sub-TLV 185 0 1 2 3 186 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 |Type = TBD | Length | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | Local AS Number (4 octets) | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 | Remote As Number (4 octets) | 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 194 | Local BGP router ID (4 octets) | 195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 | Remote BGP Router ID (4 octets) | 197 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 | Local Interface address (4/16 octets) | 199 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 | Remote Interface address (4/16 octets) | 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 Figure 3: PeerAdj SID Sub-TLV 205 Type : TBD 207 Length : variable based on IPV4/IPV6 interface address. Length 208 excludes the length of Type and length field.For IPV4 interface 209 addresses length will be 24. In case of IPV6 address length will be 210 48 212 Local AS Number : 214 4 octet unsigned integer representing the Member ASN inside the 215 Confederation.[RFC5065]. The AS number corresponds to the AS to 216 which PeerAdj SID advertising node belongs to. 218 Remote AS Number : 220 4 octet unsigned integer representing the Member ASN inside the 221 Confederation.[RFC5065]. The AS number corresponds to the AS of the 222 remote node for which the PeerAdj SID is advertised. 224 Local BGP Router ID : 226 4 octet unsigned integer of the advertising node representing the BGP 227 Identifier as defined in [RFC4271] and [RFC6286]. 229 Remote BGP Router ID : 231 4 octet unsigned integer of the receiving node representing the BGP 232 Identifier as defined in [RFC4271] and [RFC6286]. 234 Local Interface Address : 236 In case of PeerAdj SID Local interface address corresponding to the 237 PeerAdj SID should be apecified in this field. For IPV4,this field 238 is 4 octets; for IPV6, this field is 16 octets. Link Local IPV6 239 addresses are for further study. 241 Remote Interface Address : 243 In case of PeerAdj SID Remote interface address corresponding to the 244 PeerAdj SID should be apecified in this field. For IPV4,this field 245 is 4 octets; for IPV6, this field is 16 octets.Link Local IPv6 246 addresses are for further study. 248 [I-D.ietf-idr-bgpls-segment-routing-epe] mandates sending local 249 interface ID and remote interface ID in the Link Descriptors and 250 allows a value of 0 in the remote descriptors. It is useful to 251 validate the incoming interface for a OAM packet and if the remote 252 descriptor is 0 this validation is not possible. 253 [I-D.ietf-idr-bgpls-segment-routing-epe] allows optional link 254 descriptors of local and remote interface addresses as described in 255 section 4.2. This document recommends sending these optional 256 descriptors and use them to validate incoming interface. When these 257 local and remote interface addresses are not available, an ingress 258 node can send 0 in the local and/or remote interface address field. 259 The receiver SHOULD skip the validation for the incoming interface if 260 the address field contains 0. 262 4.2. PeerNode SID Sub-TLV 263 0 1 2 3 264 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 265 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 |Type = TBD | Length | 267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 268 | Local AS Number (4 octets) | 269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 270 | Remote As Number (4 octets) | 271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 272 | Local BGP router ID (4 octets) | 273 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 274 | Remote BGP Router ID (4 octets) | 275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 276 | No.of IPV4 interface pairs | No.of IPV6 interface pairs | 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 | Local Interface address1 (4/16 octets) | 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 | Remote Interface address1 (4/16 octets) | 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 | Local Interface address2 (4/16 octets) | 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 | ...... | 285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 Figure 4: PeerNode SID Sub-TLV 289 Type : TBD 291 Length : variable based on IPV4/IPV6 interface address. There could 292 be multiple pairs of local and remote interface pairs. The length 293 includes all the pairs. Type and Length field are not included in 294 the actual length carried in the packet. 296 Local AS Number : 298 4 octet unsigned integer representing the Member ASN inside the 299 Confederation.[RFC5065]. The AS number corresponds to the AS to 300 which PeerNode SID advertising node belongs to. 302 Remote AS Number : 304 4 octet unsigned integer representing the Member ASN inside the 305 Confederation.[RFC5065]. The AS number corresponds to the AS of the 306 remote node for which the PeerNode SID is advertised. 308 Local BGP Router ID : 310 4 octet unsigned integer of the advertising node representing the BGP 311 Identifier as defined in [RFC4271] and [RFC6286]. 313 Remote BGP Router ID : 315 4 octet unsigned integer of the receiving node representing the BGP 316 Identifier as defined in [RFC4271] and [RFC6286]. 318 Number of IPV4 interface pairs: 320 Total number of IPV4 local and remote interface address pairs. 322 Number of IPV6 interface pairs: 324 Total number of IPV6 local and remote interface address pairs. 326 There can be multiple Layer 3 interfaces on which a peerNode SID 327 loadbalances the traffic. All such interfaces local/remote address 328 MUST be included in the FEC. 330 When a PeerNode SID load-balances over few interfaces with IPV4 only 331 address and few interfaces with IPV6 address then the FEC definition 332 should list all IPV4 address pairs together followed by IPV6 address 333 pairs. 335 Local Interface Address : 337 In case of PeerNode SID, the interface local address IPV4/IPV6 which 338 corresponds to the PeerNode SID MUST be specified. For IPV4,this 339 field is 4 octets; for IPV6, this field is 16 octets.Link Local IPV6 340 addresses are for further study. 342 Remote Interface Address : 344 In case of PeerNode SID, the interface remote address IPV4/IPV6 which 345 corresponds to the PeerNode SID MUST be specified. For IPV4,this 346 field is 4 octets; for IPV6, this field is 16 octets. Link Local 347 IPV6 addresses are for further study. 349 When there is a multi-hop EBGP session between two ASBRs, PeerNode 350 SID is advertised for this session and traffic can be load balanced 351 across these interfaces. An EPE controller that does bandiwdth 352 management for these links should be aware of the links on which the 353 traffic will be load-balanced. [I-D.hegde-idr-bgp-ls-epe-inter-as] 354 provides extensions to advertise attributes that will provide details 355 of links that the traffic will be load-balanced for a Peer Node SID. 356 It is useful to validate the incoming interface for an OAM packet 357 received on a remote ASBR. When the interface information for a 358 PeerNode SID is not available an ingress node can choose to send 0 359 pairs of interface addresses in which case, incoming interface 360 validation SHOULD be skipped by the remote ASBR. 362 4.3. PeerSet SID Sub-TLV 364 0 1 2 3 365 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 |Type = TBD | Length | 368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 | Local AS Number (4 octets) | 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 | Local BGP router ID (4 octets) | 372 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 373 | No.of elements in set | Reserved | 374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 375 | Remote As Number (4 octets) | 376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 | Remote BGP Router ID (4 octets) | 378 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 379 | No.of IPV4 interface pairs | No.of IPV6 interface pairs | 380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 381 | Local Interface address1 (4/16 octets) | 382 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 383 | Remote Interface address1 (4/16 octets) | 384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 385 | Local Interface address2 (4/16 octets) | 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | ...... | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 390 One element in set consists of below details 391 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 392 | Remote As Number (4 octets) | 393 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 | Remote BGP Router ID (4 octets) | 395 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 396 | No.of IPV4 interface pairs | No.of IPV6 interface pairs | 397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 | Local Interface address1 (4/16 octets) | 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | Remote Interface address1 (4/16 octets) | 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 402 | | 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 | ...... | 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 407 Figure 5: PeerSet SID Sub-TLV 409 Type : TBD 411 Length : variable based on IPV4/IPV6 interface address and number of 412 elements in the set. The length field does not include the length of 413 Type and Length fields. 415 Local AS Number : 417 4 octet unsigned integer representing the Member ASN inside the 418 Confederation.[RFC5065]. The AS number corresponds to the AS to 419 which PeerSet SID advertising node belongs to. 421 Remote AS Number : 423 4 octet unsigned integer representing the Member ASN inside the 424 Confederation.[RFC5065]. The AS number corresponds to the AS of the 425 remote node for which the PeerSet SID is advertised. 427 Advertising BGP Router ID : 429 4 octet unsigned integer of the advertising node representing the BGP 430 Identifier as defined in [RFC4271] and [RFC6286]. 432 Receiving BGP Router ID : 434 4 octet unsigned integer of the receiving node representing the BGP 435 Identifier as defined in [RFC4271] and [RFC6286]. 437 No.of elements in set: 439 Number of remote ASes, the set SID load-balances on. 441 PeerSet SID may be associated with a number of PeerNode SIDs and 442 PeerAdj SIDs. Link address details of all these SIDs should be 443 included in the peerSet SID FEC so that the data-plane can be 444 correctly verified on the remote node. 446 Number of IPV4 interface pairs: 448 Total number of IPV4 local and remote interface address pairs. 450 Number of IPV6 interface pairs: 452 Total number of IPV6 local and remote interface address pairs. 454 There can be multiple Layer 3 interfaces on which a peerNode SID 455 loadbalances the traffic. All such interfaces local/remote address 456 MUST be included in the FEC. 458 When a PeerSet SID load-balances over few interfaces with IPV4 only 459 address and few interfaces with IPV6 address then the Link address 460 TLV should list all IPV4 address pairs together followed by IPV6 461 address pairs. 463 Local Interface Address : 465 In case of PeerNodeSID/PeerAdj SID, the interface local address IPV4/ 466 IPV6 which corresponds to the PeerNode SID/PeerAdj SID MUST be 467 specified. For IPV4,this field is 4 octets; for IPV6, this field is 468 16 octets. Link Local IPV6 addresses are for further study. 470 Remote Interface Address : 472 In case of PeerNodeSID/PeerAdj SID, the interface remote address 473 IPV4/IPV6 which corresponds to the PeerNode SID/PeerAdj SID MUST be 474 specified. For IPV4,this field is 4 octets; for IPV6, this field is 475 16 octets. Link Local IPV6 addresses are for further study. 477 The details on how to obtain interface addresses in described for 478 PeerAdj SID and PeerNode SID in previous sections and the same is 479 applicable for PeerSet SID. 481 5. EPE-SID FEC validation 483 When a remote ASBR of the EPE-SID advertisement receives the MPLS OAM 484 packet with top FEC being the EPE-SID, it SHOULD perform validity 485 checks on the content of the EPE-SID FEC sub-TLV. The basic length 486 check should be performed on the received FEC. 488 PeerAdj SID 489 ----------- 490 Length = 24 or 48 492 Peer Node SID 493 ------------- 494 Length = 20 + "No.of IPv4 interface pairs" * 8 + 495 "No.of IPv6 interface pairs " * 32 497 PeerSet SID 498 ----------- 499 Length = 9 + no.of elements in the set * 500 (8 + "No.of IPv4 interface pairs" * 8 + 501 "No.of IPv6 interface pairs " * 32) 503 Figure 6: Length Validation 505 If a malformed FEC sub-TLV is received, then a return code of 1, 506 "Malformed echo request received" as defined in [RFC8029] SHOULD be 507 sent. The below section augments the section 7.4 of [RFC8287] 509 4a. Segment Routing EPE-SID Validation: 511 If the Label-stack-depth is 0 and the Target FEC Stack sub-TLV 512 at FEC-stack-depth is TBD1 (PeerAdj SID sub-TLV) 514 Set the Best-return-code to 10, "Mapping for this FEC is not 515 the given label at stack-depth if any below 516 conditions fail: 518 o Validate that the Receiving Node BGP Local AS matches 519 with the remote AS field in the received PeerAdj SID 520 FEC sub-TLV. 522 o Validate that the Receiving Node BGP Router-ID matches 523 with the Remote Router ID field in the received 524 PeerAdj SID FEC. 526 o Validate that there is a EBGP session with a peer 527 having local As number and BGP Router-ID as 528 specified in the Local AS number and Local Router-ID 529 field in the received PeerAdj SID FEC sub-TLV. 531 If the Remote interface address is not zero, validate the 532 incoming interface. 533 Set the Best-return-code to 35 "Mapping for this FEC is not 534 associated with the incoming interface" (RFC8287) if any below 535 conditions fail: 537 o Validate the incoming interface on which the OAM packet 538 was receieved, matches with the remote interface 539 specified in the PeerAdj SID FEC sub-TLV 541 If all above validations have passed, set the return code to 3 542 "Replying router is an egress for the FEC at stack-depth" 544 Else, if the Target FEC sub-TLV at FEC-stack-depth is TBD2 545 (PeerNode SID sub-TLV), 547 Set the Best-return-code to 10, "Mapping for this FEC is not 548 the given label at stack-depth if any below 549 conditions fail: 551 o Validate that the Receiving Node BGP Local AS matches with 552 the remote AS field in the 553 received PeerNode SID FEC sub-TLV. 555 o Validate that the Receiving Node BGP Router-ID matches 556 with the Remote Router ID field in the received 557 PeerNode SID FEC. 559 o Validate that there is a EBGP session with a peer 560 having local As number and BGP Router-ID as 561 specified in the Local AS number and Local Router-ID 562 field in the received PeerNode SID FEC sub-TLV. 564 If the Remote interface address is not zero, validate the 565 incoming interface. 566 Set the Best-return-code to 35 "Mapping for this FEC is not 567 associated with the incoming interface" (RFC8287) if any below 568 conditions fail: 570 o Validate the incoming interface on which the OAM packet 571 was receieved, matches with the any of the 572 remote interfaces specified in the PeerNode SID FEC sub-TLV 574 If all above validations have passed, set the return code to 3 575 "Replying router is an egress for the FEC at stack-depth" 577 Else, if the Target FEC sub-TLV at FEC-stack-depth is TBD3 578 (PeerSet SID sub-TLV), 579 Set the Best-return-code to 10, "Mapping for this FEC is not 580 the given label at stack-depth" if any below 581 conditions fail: 583 o Validate that the Receiving Node BGP Local AS matches 584 with one of the remote AS field in the received PeerSet 585 SID FEC sub-TLV. 587 o Validate that the Receiving Node BGP Router-ID matches 588 with one of the Remote Router ID field in the received 589 PeerSet SID FEC sub-TLV. 591 o Validate that there is a EBGP session with a peer having 592 local As number and BGP Router-ID as 593 specified in the Local AS number and Local Router-ID 594 field in the received PeerSet SID FEC sub-TLV. 596 If the Remote interface address is not zero, validate the 597 incoming interface. 598 Set the Best-return-code to 35 "Mapping for this FEC is not 599 associated with the incoming interface" (RFC8287) if any below 600 conditions fail: 602 o Validate the incoming interface on which the OAM packet 603 was receieved, matches with the any of the 604 remote interfaces specified in the PeerSet SID FEC sub-TLV 606 If all above validations have passed, set the return code to 3 607 "Replying router is an egress for the FEC at stack-depth" 609 Figure 7: EPE-SID FEC validiation 611 6. IANA Considerations 613 New Target FEC stack sub-TLV from the "sub-TLVs for TLV types 1,16 614 and 21" subregistry of the "Multi-Protocol Label switching (MPLS) 615 Label Switched Paths (LSPs) Ping parameters" registry 617 PeerAdj SID Sub-TLV : TBD1 619 PeerNode SID Sub-TLV: TBD2 621 PeerSet SID Sub-TLV : TBD3 623 7. Security Considerations 625 The EPE-SIDs are advertised for egress links for Egress Peer 626 Engineering purposes or for inter-As links between co-operating ASes. 627 When co-operating domains are involved, they can allow the packets 628 arriving on trusted interfaces to reach the control plane and get 629 processed. When EPE-SIDs which are created for egress TE links where 630 the neighbor AS is an independent entity, it may not allow packets 631 arriving from external world to reach the control plane. In such 632 deployments MPLS OAM packets will be dropped by the neighboring AS 633 that receives the MPLS OAM packet. In MPLS traceroute applications, 634 when the AS boundary is crossed with the EPE-SIDs, the FEC stack is 635 changed. [RFC8287] does not mandate that the initiator upon 636 receiving an MPLS Echo Reply message that includes the FEC Stack 637 Change TLV with one or more of the original segments being popped 638 remove a corresponding FEC(s) from the Target FEC Stack TLV in the 639 next (TTL+1) traceroute request. If an initiator does not remove the 640 FECs belonging to the previous AS that has traversed, it MAY expose 641 the internal AS information to the following AS being traversed in 642 traceroute. 644 8. Acknowledgments 646 Thanks to Loa Andersson, Dhruv Dhody, Ketan Talaulikar, Italo Busi 647 and Alexander Vainshtein for careful review and comments. 649 9. References 651 9.1. Normative References 653 [I-D.hegde-idr-bgp-ls-epe-inter-as] 654 Hegde, S., Ramachandra, S., Srivastava, M., and X. Xu, 655 "BGP-LS Extensions for Inter-AS TE using EPE based 656 mechanisms", draft-hegde-idr-bgp-ls-epe-inter-as-03 (work 657 in progress), June 2020. 659 [I-D.ietf-idr-bgpls-segment-routing-epe] 660 Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray, 661 S., and J. Dong, "BGP-LS extensions for Segment Routing 662 BGP Egress Peer Engineering", draft-ietf-idr-bgpls- 663 segment-routing-epe-19 (work in progress), May 2019. 665 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 666 Requirement Levels", BCP 14, RFC 2119, 667 DOI 10.17487/RFC2119, March 1997, 668 . 670 [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., 671 Aldrin, S., and M. Chen, "Detecting Multiprotocol Label 672 Switched (MPLS) Data-Plane Failures", RFC 8029, 673 DOI 10.17487/RFC8029, March 2017, 674 . 676 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 677 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 678 May 2017, . 680 [RFC8287] Kumar, N., Ed., Pignataro, C., Ed., Swallow, G., Akiya, 681 N., Kini, S., and M. Chen, "Label Switched Path (LSP) 682 Ping/Traceroute for Segment Routing (SR) IGP-Prefix and 683 IGP-Adjacency Segment Identifiers (SIDs) with MPLS Data 684 Planes", RFC 8287, DOI 10.17487/RFC8287, December 2017, 685 . 687 [RFC8690] Nainar, N., Pignataro, C., Iqbal, F., and A. Vainshtein, 688 "Clarification of Segment ID Sub-TLV Length for RFC 8287", 689 RFC 8690, DOI 10.17487/RFC8690, December 2019, 690 . 692 9.2. Informative References 694 [I-D.ietf-spring-segment-routing-central-epe] 695 Filsfils, C., Previdi, S., Dawra, G., Aries, E., and D. 696 Afanasiev, "Segment Routing Centralized BGP Egress Peer 697 Engineering", draft-ietf-spring-segment-routing-central- 698 epe-10 (work in progress), December 2017. 700 [I-D.ietf-spring-segment-routing-policy] 701 Filsfils, C., Sivabalan, S., Voyer, D., Bogdanov, A., and 702 P. Mattes, "Segment Routing Policy Architecture", draft- 703 ietf-spring-segment-routing-policy-07 (work in progress), 704 May 2020. 706 [RFC7705] George, W. and S. Amante, "Autonomous System Migration 707 Mechanisms and Their Effects on the BGP AS_PATH 708 Attribute", RFC 7705, DOI 10.17487/RFC7705, November 2015, 709 . 711 [RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N. 712 Kumar, "A Scalable and Topology-Aware MPLS Data-Plane 713 Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July 714 2018, . 716 [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 717 and J. Hardwick, "Path Computation Element Communication 718 Protocol (PCEP) Extensions for Segment Routing", RFC 8664, 719 DOI 10.17487/RFC8664, December 2019, 720 . 722 Authors' Addresses 724 Shraddha Hegde 725 Juniper Networks Inc. 726 Exora Business Park 727 Bangalore, KA 560103 728 India 730 Email: shraddha@juniper.net 732 Kapil Arora 733 Juniper Networks Inc. 735 Email: kapilaro@juniper.net 737 Mukul Srivastava 738 Juniper Networks Inc. 740 Email: msri@juniper.net 742 Samson Ninan 743 Individual Contributor 745 Email: samson.cse@gmail.com 747 Xiaohu Xu 748 Alibaba Inc. 749 Beijing 750 China 752 Email: xiaohu.xxh@alibaba-inc.com