idnits 2.17.1 draft-ietf-spring-ipv6-use-cases-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 3, 2014) is 3557 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-03) exists of draft-filsfils-spring-segment-routing-mpls-02 == Outdated reference: A later version (-04) exists of draft-ietf-mpls-ipv6-only-gap-00 == Outdated reference: A later version (-13) exists of draft-ietf-sfc-problem-statement-07 == Outdated reference: A later version (-08) exists of draft-previdi-6man-segment-routing-header-01 == Outdated reference: A later version (-07) exists of draft-quinn-sfc-nsh-02 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Spring J. Brzozowski 3 Internet-Draft J. Leddy 4 Intended status: Informational Comcast 5 Expires: January 4, 2015 I. Leung 6 Rogers Communications 7 S. Previdi 8 M. Townsley 9 C. Martin 10 C. Filsfils 11 R. Maglione, Ed. 12 Cisco Systems 13 July 3, 2014 15 IPv6 SPRING Use Cases 16 draft-ietf-spring-ipv6-use-cases-01 18 Abstract 20 Source Packet Routing in Networking (SPRING) architecture leverages 21 the source routing paradigm. A node steers a packet through a 22 controlled set of instructions, called segments, by prepending the 23 packet with SPRING header. A segment can represent any instruction, 24 topological or service-based. A segment can have a local semantic to 25 the SPRING node or global within the SPRING domain. SPRING allows to 26 enforce a flow through any topological path and service chain while 27 maintaining per-flow state only at the ingress node to the SPRING 28 domain. 30 The objective of this document is to illustrate some use cases that 31 need to be taken into account by the Source Packet Routing in 32 Networking (SPRING) architecture. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on January 4, 2015. 50 Copyright Notice 52 Copyright (c) 2014 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. IPv6 SPRING use cases . . . . . . . . . . . . . . . . . . . . 3 69 2.1. SPRING in the Home Network . . . . . . . . . . . . . . . 5 70 2.2. SPRING in the Access Network . . . . . . . . . . . . . . 6 71 2.3. SPRING in the Data Center . . . . . . . . . . . . . . . . 6 72 2.4. SPRING in the Content Delivery Networks . . . . . . . . . 7 73 2.5. SPRING in the Core networks . . . . . . . . . . . . . . . 8 74 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 75 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 76 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 77 6. Informative References . . . . . . . . . . . . . . . . . . . 10 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 80 1. Introduction 82 Source Packet Routing in Networking (SPRING) architecture leverages 83 the source routing paradigm. An ingress node steers a packet through 84 a controlled set of instructions, called segments, by prepending the 85 packet with SPRING header. A segment can represent any instruction, 86 topological or service-based. A segment can represent a local 87 semantic on the SPRING node, or a global semantic within the SPRING 88 domain. SPRING allows one to enforce a flow through any topological 89 path and service chain while maintaining per-flow state only at the 90 ingress node to the SPRING domain. 92 The SPRING architecture is described in 93 [I-D.filsfils-rtgwg-segment-routing]. The SPRING control plane is 94 agnostic to the dataplane, thus it can be applied to both MPLS and 95 IPv6. In case of MPLS the (list of) segment identifiers are carried 96 in the MPLS label stack, while for the IPv6 dataplane, a new type of 97 routing extension header is required. 99 The details of the new routing extension header are described in 100 [I-D.previdi-6man-segment-routing-header] which also covers the 101 security considerations and the aspects related to the deprecation of 102 the IPv6 Type 0 Routing Header described in [RFC5095]. 104 2. IPv6 SPRING use cases 106 In today's networks, source routing is typically accomplished by 107 encapsulating IP packets in MPLS LSPs that are signaled via RSVP-TE. 108 Therefore, there are scenarios where it may be possible to run IPv6 109 on top of MPLS, and as such, the MPLS Segment Routing architecture 110 described in [I-D.filsfils-spring-segment-routing-mpls] could be 111 leveraged to provide SPRING capabilities in an IPv6/MPLS environment. 113 However, there are other cases and/or specific network segments (such 114 as for example the Home Network, the Data Center, etc.) where MPLS 115 may not be available or deployable for lack of support on network 116 elements or for an operator's design choice. In such scenarios a 117 non-MPLS based solution would be preferred by the network operators 118 of such infrastructures. 120 In addition there are cases where the operators could have made the 121 design choice to disable IPv4, for ease of management and scale 122 (return to single-stack) or due to an address constraint, for example 123 because they do not possess enough IPv4 addresses resources to number 124 all the endpoints and other network elements on which they desire to 125 run MPLS. 127 In such scenario the support for MPLS operations on an IPv6-only 128 network would be required. However today's IPv6-only networks are 129 not fully capable of supporting MPLS. There is ongoing work in the 130 MPLS Working Group, described in [I-D.ietf-mpls-ipv6-only-gap] 132 to identify gaps that must be addressed in order to allow MPLS- 133 related protocols and applications to be used with IPv6-only 134 networks. This is an another example of scenario where an IPv6-only 135 solution could represent a valid option to solve the problem and meet 136 operators' requirements. 138 In addition it is worth to note that in today's MPLS dual-stack 139 networks IPv4 traffic is labeled while IPv6 traffic is usually 140 natively routed, not label-switched. Therefore in order to be able 141 to provide Traffic Engineering "like" capabilities for IPv6 traffic 142 additional/alternative encapsulation mechanisms would be required. 144 In summary there is a class of use cases that motivate an IPv6 data 145 plane. The authors identify some fundamental scenarios that, when 146 recognized in conjunction, strongly indicate an IPv6 data plane: 148 1. There is a need or desire to impose source-routing semantics 149 within an application or at the edge of a network (for example, a 150 CPE or home gateway) 152 2. There is a strict lack of an MPLS dataplane 154 3. There is a need or desire to remove routing state from any node 155 other than the source, such that the source is the only node that 156 knows and will know the path a packet will take, a priori 158 4. There is a need to connect millions of addressable segment 159 endpoints, thus high routing scalability is a requirement. IPv6 160 addresses are inherently summarizable: a very large operator 161 could scale by summarizing IPv6 subnets at various internal 162 boundaries. This is very simple and is a basic property of IP 163 routing. MPLS node segments are not summarizable. To reach the 164 same scale, an operator would need to introduce additional 165 complexity, such as mechanisms described in 166 [I-D.ietf-mpls-seamless-mpls] 168 In any environment with requirements such as those listed above, an 169 IPv6 data plane provides a powerful combination of capabilities for a 170 network operator to realize benefits in explicit routing, protection 171 and restoration, high routing scalability, traffic engineering, 172 service chaining, service differentiation and application flexibility 173 via programmability. 175 This section will describe some scenarios where MPLS may not be 176 present and it will highlight how the SPRING architecture could be 177 used to address such use cases, particularly, when an MPLS data plane 178 is neither present nor desired. 180 The use cases described in the section do not constitute an 181 exhaustive list of all the possible scenarios; this section only 182 includes some of the most common envisioned deployment models for 183 IPv6 Segment Routing. 185 In addition to the use cases described in this document the SPRING 186 architecture can be applied to all the use cases described in 187 [I-D.filsfils-rtgwg-segment-routing-use-cases] for the SPRING MPLS 188 data plane, when an IPv6 data plane is present. 190 2.1. SPRING in the Home Network 192 An IPv6-enabled home network provides ample globally routed IP 193 addresses for all devices in the home. An IPv6 home network with 194 multiple egress points and associated provider-assigned prefixes 195 will, in turn, provide multiple IPv6 addresses to hosts. A homenet 196 performing Source and Destination Routing ([I-D.troan-homenet-sadr]) 197 will ensure that packets exit the home at the appropriate egress 198 based on the associated delegated prefix for that link. 200 A SPRING enabled home provides the possibility for imposition of a 201 Segment List by end-hosts in the home, or a customer edge router in 202 the home. If the Segment List is enabled at the customer edge 203 router, that router is responsible for classifying traffic and 204 inserting the appropriate Segment List. If hosts in the home have 205 explicit source selection rules (see 206 [I-D.lepape-6man-prefix-metadata]), classification can be based on 207 source address or associated network egress point, avoiding the need 208 for DPI-based implicit classification techniques. If the Segment 209 List is inserted by the host itself, it is important to know which 210 networks can interpret the SPRING header. This information can be 211 provided as part of host configuration as a property of the 212 configured IP address (see [I-D.bhandari-dhc-class-based-prefix]). 214 The ability to steer traffic to an appropriate egress or utilize a 215 specific type of media (e.g., low-power, WIFI, wired, femto-cell, 216 bluetooth, MOCA, HomePlug, etc.) within the home itself are obvious 217 cases which may be of interest to an application running within a 218 home network. 220 Steering to a specific egress point may be useful for a number of 221 reasons, including: 223 o Regulatory 225 o Performance of a particular service associated with a particular 226 link 228 o Cost imposed due to data-caps or per-byte charges 230 o Home vs. work traffic in homes with one or more teleworkers, etc. 232 o Specific services provided by one ISP vs. another 234 Information included in the Segment List, whether imposed by the end- 235 host itself, a customer edge router, or within the access network of 236 the ISP, may be of use at the far ends of the data communication as 237 well. For example, an application running on an end-host with 238 application-support in a data center can utilize the Segment List as 239 a channel to include information that affects its treatment within 240 the data center itself, allowing for application-level steering and 241 load-balancing without relying upon implicit application 242 classification techniques at the data-center edge. Further, as more 243 and more application traffic is encrypted, the ability to extract 244 (and include in the Segment List) just enough information to enable 245 the network and data center to load-balance and steer traffic 246 appropriately becomes more and more important. 248 2.2. SPRING in the Access Network 250 Access networks deliver a variety of types of traffic from the 251 service provider's network to the home environment and from the home 252 towards the service provider's network. 254 For bandwidth management or related purposes, the service provider 255 may want to associate certain types of traffic to specific physical 256 or logical downstream capacity pipes. 258 This mapping is not the same thing as classification and scheduling. 259 In the Cable access network, each of these pipes are represented at 260 the DOCSIS layer as different service flows, which are better 261 identified as differing data links. As such, creating this 262 separation allows an operator to differentiate between different 263 types of content and perform a variety of differing functions on 264 these pipes, such as egress vectoring, byte capping, regulatory 265 compliance functions, and billing. 267 In a cable operator's environment, these downstream pipes could be a 268 specific QAM, a DOCSIS service flow or a service group. 270 Similarly, the operator may want to map traffic from the home sent 271 towards the service provider's network to specific upstream capacity 272 pipes. Information carried in a packet's SPRING header could provide 273 the target pipe for this specific packet. The access device would 274 not need to know specific details about the packet to perform this 275 mapping; instead the access device would only need to know how to map 276 the SR SID value to the target pipe. 278 2.3. SPRING in the Data Center 280 A key use case for SPRING is to cause a packet to follow a specific 281 path through the network. One can think of the service function 282 performed at each SPRING node to be forwarding. More complex service 283 functions could be applied to the packet by a SPRING node including 284 accounting, IDS, load balancing, and fire walling. 286 The term "Service Function Chain", as defined in 287 [I-D.ietf-sfc-problem-statement], it is used to describe an ordered 288 set of service functions that must be applied to packets. 290 A service provider may choose to have these service functions 291 performed external to the routing infrastructure, specifically on 292 either dedicated physical servers or within VMs running on a 293 virtualization platform. 295 [I-D.kumar-sfc-dc-use-cases] describes use cases that demonstrate the 296 applicability of Service Function Chaining (SFC) within a data center 297 environment and provides SFC requirements for data center centric use 298 cases. 300 2.4. SPRING in the Content Delivery Networks 302 The rise of online video applications and new, video-capable IP 303 devices has led to an explosion of video traffic traversing network 304 operator infrastructures. In the drive to reduce the capital and 305 operational impact of the massive influx of online video traffic, as 306 well as to extend traditional TV services to new devices and screens, 307 network operators are increasingly turning to Content Delivery 308 Networks (CDNs). 310 Several studies showed the benefits of connecting caches in a 311 hierarchical structure following the hierarchical nature of the 312 Internet. In a cache hierarchy one cache establishes peering 313 relationships with its neighbor caches. There are two types of 314 relationship: parent and sibling. A parent cache is essentially one 315 level up in a cache hierarchy. A sibling cache is on the same level. 316 Multiple levels of hierarchy are commonly used in order to build 317 efficient caches architecture. 319 In an environment, where each single cache system can be uniquely 320 identified by its own IPv6 address, a Segment List containing a 321 sequence of the caches in a hierarchy can be built. At each node 322 (cache) present in the Segment List a TCP session to port 80 is 323 established and if the requested content is found at the cache (cache 324 hits scenario) the sequence ends, even if there are more nodes in the 325 list. 327 To achieve the behavior described above, in addition to the Segment 328 List, which specifies the path to be followed to explore the 329 hierarchic architecture, a way to instruct the node to take a 330 specific action is required. The function to be performed by a 331 service node can be carried into a new header called Network Service 332 Header (NSH) defined in [I-D.quinn-sfc-nsh]. A Network Service 333 Header (NSH) is metadata added to a packet that is used to create a 334 service plane. The service header is added by a service 335 classification function that determines which packets require 336 servicing, and correspondingly which service path to follow to apply 337 the appropriate service. 339 In the above example the service to be performed by the service node 340 was to establish a TCP session to port 80, but in other scenarios 341 different functions may be required. Another example of action to be 342 taken by the service node is the capability to perform 343 transformations on payload data, like real-time video transcode 344 option (for rate and/or resolution). 346 The use of SPRING together with the NSH allows building flexible 347 service chains where the topological information related to the path 348 to be followed is carried into the Segment List while the "service 349 plane related information" (function/action to be performed) is 350 encoded in the metadata, carried into the NSH. The details about 351 using SPRING together with NSH will be described in a separate 352 document. 354 2.5. SPRING in the Core networks 356 MPLS is a well-known technology widely deployed in many IP core 357 networks. However there are some operators that do not run MPLS 358 everywhere in their core network today, thus moving forward they 359 would prefer to have an IPv6 native infrastructure for the core 360 network. 362 While the overall amount of traffic offered to the network continues 363 to grow and considering that multiple types of traffic with different 364 characteristics and requirements are quickly converging over single 365 network architecture, the network operators are starting to face new 366 challenges. 368 Some operators are looking at the possibility to setup an explicit 369 path based on the IPv6 source address for specific types of traffic 370 in order to efficiently use their network infrastructure. In case of 371 IPv6 some operators are currently assigning or plan to assign IPv6 372 prefix(es) to their IPv6 customers based on regions/geography, thus 373 the subscriber's IPv6 prefix could be used to identify the region 374 where the customer is located. In such environment the IPv6 source 375 address could be used by the Edge nodes of the network to steer 376 traffic and forward it through a specific path other than the optimal 377 path. 379 The need to setup a source-based path, going through some specific 380 middle/intermediate points in the network may be related to different 381 requirements: 383 o The operator may want to be able to use some high bandwidth links 384 for specific type of traffic (like video) avoiding the need for 385 over-dimensioning all the links of the network; 387 o The operator may want to be able to setup a specific path for 388 delay sensitive applications; 390 o The operator may have the need to be able to select one (or 391 multiple) specific exit point(s) at peering points when different 392 peering points are available; 394 o The operator may have the need to be able to setup a source based 395 path for specific services in order to be able to reach some 396 servers hosted in some facilities not always reachable through the 397 optimal path; 399 o The operator may have the need to be able to provision guaranteed 400 disjoint paths (so-called dual-plane network) for diversity 401 purposes 403 All these scenarios would require a form of traffic engineering 404 capabilities in IP core networks not running MPLS and not willing to 405 run it. 407 IPv4 protocol does not provide such functionalities today and it is 408 not the intent of this document to address the IPv4 scenario, both 409 because this may create a lot of backward compatibility issues with 410 currently deployed networks and for the security issues that may 411 raise. 413 The described use cases could be addressed with the SPRING 414 architecture by having the Edge nodes of network to impose a Segment 415 List on specific traffic flows, based on certain classification 416 criteria that would include source IPv6 address. 418 3. Acknowledgements 420 The authors would like to thank Brian Field, Robert Raszuk, Wes 421 George, John G. Scudder and Yakov Rekhter for their valuable 422 comments and inputs to this document. 424 4. IANA Considerations 426 This document does not require any action from IANA. 428 5. Security Considerations 430 There are a number of security concerns with source routing at the IP 431 layer [RFC5095]. The new IPv6-based routing header will be defined 432 in way that blind attacks are never possible, i.e., attackers will be 433 unable to send source routed packets that get successfully processed, 434 without being part of the negations for setting up the source routes 435 or being able to eavesdrop legitimate source routed packets. In some 436 networks this base level security may be complemented with other 437 mechanisms, such as packet filtering, cryptographic security, etc. 439 6. Informative References 441 [I-D.bhandari-dhc-class-based-prefix] 442 Systems, C., Halwasia, G., Gundavelli, S., Deng, H., 443 Thiebaut, L., Korhonen, J., and I. Farrer, "DHCPv6 class 444 based prefix", draft-bhandari-dhc-class-based-prefix-05 445 (work in progress), July 2013. 447 [I-D.filsfils-rtgwg-segment-routing] 448 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 449 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 450 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 451 "Segment Routing Architecture", draft-filsfils-rtgwg- 452 segment-routing-01 (work in progress), October 2013. 454 [I-D.filsfils-rtgwg-segment-routing-use-cases] 455 Filsfils, C., Francois, P., Previdi, S., Decraene, B., 456 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 457 Ytti, S., Henderickx, W., Tantsura, J., Kini, S., and E. 458 Crabbe, "Segment Routing Use Cases", draft-filsfils-rtgwg- 459 segment-routing-use-cases-02 (work in progress), October 460 2013. 462 [I-D.filsfils-spring-segment-routing-mpls] 463 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 464 Litkowski, S., Horneffer, M., Milojevic, I., Shakir, R., 465 Ytti, S., Henderickx, W., Tantsura, J., and E. Crabbe, 466 "Segment Routing with MPLS data plane", draft-filsfils- 467 spring-segment-routing-mpls-02 (work in progress), June 468 2014. 470 [I-D.ietf-mpls-ipv6-only-gap] 471 George, W. and C. Pignataro, "Gap Analysis for Operating 472 IPv6-only MPLS Networks", draft-ietf-mpls-ipv6-only-gap-00 473 (work in progress), April 2014. 475 [I-D.ietf-mpls-seamless-mpls] 476 Leymann, N., Decraene, B., Filsfils, C., Konstantynowicz, 477 M., and D. Steinberg, "Seamless MPLS Architecture", draft- 478 ietf-mpls-seamless-mpls-07 (work in progress), June 2014. 480 [I-D.ietf-sfc-problem-statement] 481 Quinn, P. and T. Nadeau, "Service Function Chaining 482 Problem Statement", draft-ietf-sfc-problem-statement-07 483 (work in progress), June 2014. 485 [I-D.kumar-sfc-dc-use-cases] 486 Surendra, S., Obediente, C., Tufail, M., Majee, S., and C. 487 Captari, "Service Function Chaining Use Cases In Data 488 Centers", draft-kumar-sfc-dc-use-cases-02 (work in 489 progress), May 2014. 491 [I-D.lepape-6man-prefix-metadata] 492 Pape, M., Systems, C., and I. Farrer, "IPv6 Prefix Meta- 493 data and Usage", draft-lepape-6man-prefix-metadata-00 494 (work in progress), July 2013. 496 [I-D.previdi-6man-segment-routing-header] 497 Previdi, S., Filsfils, C., Field, B., and I. Leung, "IPv6 498 Segment Routing Header (SRH)", draft-previdi-6man-segment- 499 routing-header-01 (work in progress), June 2014. 501 [I-D.quinn-sfc-nsh] 502 Quinn, P., Guichard, J., Fernando, R., Surendra, S., 503 Smith, M., Yadav, N., Agarwal, P., Manur, R., Chauhan, A., 504 Elzur, U., McConnell, B., and C. Wright, "Network Service 505 Header", draft-quinn-sfc-nsh-02 (work in progress), 506 February 2014. 508 [I-D.troan-homenet-sadr] 509 Troan, O. and L. Colitti, "IPv6 Multihoming with Source 510 Address Dependent Routing (SADR)", draft-troan-homenet- 511 sadr-01 (work in progress), September 2013. 513 [RFC5095] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation 514 of Type 0 Routing Headers in IPv6", RFC 5095, December 515 2007. 517 Authors' Addresses 519 John Brzozowski 520 Comcast 522 Email: john_brzozowski@cable.comcast.com 523 John Leddy 524 Comcast 526 Email: John_Leddy@cable.comcast.com 528 Ida Leung 529 Rogers Communications 530 8200 Dixie Road 531 Brampton, ON L6T 0C1 532 CANADA 534 Email: Ida.Leung@rci.rogers.com 536 Stefano Previdi 537 Cisco Systems 538 Via Del Serafico, 200 539 Rome 00142 540 Italy 542 Email: sprevidi@cisco.com 544 Mark Townsley 545 Cisco Systems 547 Email: townsley@cisco.com 549 Christian Martin 550 Cisco Systems 552 Email: martincj@cisco.com 554 Clarence Filsfils 555 Cisco Systems 556 Brussels 557 BE 559 Email: cfilsfil@cisco.com 560 Roberta Maglione (editor) 561 Cisco Systems 562 181 Bay Street 563 Toronto M5J 2T3 564 Canada 566 Email: robmgl@cisco.com