idnits 2.17.1 draft-xu-mpls-sr-over-ip-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7510]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 1, 2018) is 2248 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-25) exists of draft-ietf-isis-segment-routing-extensions-15 == Outdated reference: A later version (-27) exists of draft-ietf-ospf-segment-routing-extensions-24 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-mpls-12 == Outdated reference: A later version (-26) exists of draft-ietf-6man-segment-routing-header-08 == Outdated reference: A later version (-12) exists of draft-ietf-mpls-spring-entropy-label-08 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group X. Xu 3 Internet-Draft Alibaba 4 Intended status: Standards Track S. Bryant 5 Expires: September 2, 2018 Huawei 6 A. Farrel 7 Juniper 8 A. Bashandy 9 Cisco 10 W. Henderickx 11 Nokia 12 Z. Li 13 Huawei 14 March 1, 2018 16 SR-MPLS over IP 17 draft-xu-mpls-sr-over-ip-00 19 Abstract 21 MPLS Segment Routing (SR-MPLS in short) is an MPLS data plane-based 22 source routing paradigm in which the sender of a packet is allowed to 23 partially or completely specify the route the packet takes through 24 the network by imposing stacked MPLS labels on the packet. SR-MPLS 25 could be leveraged to realize a source routing mechanism across MPLS, 26 IPv4, and IPv6 data planes by using an MPLS label stack as a source 27 routing instruction set while preserving backward compatibility with 28 SR-MPLS. 30 This document describes how SR-MPLS capable routers and IP-only 31 routers can seamlessly co-exist and interoperate through the use of 32 SR-MPLS label stacks and IP encapsulation/tunnelling such as MPLS-in- 33 UDP [RFC7510]. 35 Requirements Language 37 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 38 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 39 "OPTIONAL" in this document are to be interpreted as described in BCP 40 14 [RFC2119] [RFC8174] when, and only when, they appear in all 41 capitals, as shown here. 43 Status of This Memo 45 This Internet-Draft is submitted in full conformance with the 46 provisions of BCP 78 and BCP 79. 48 Internet-Drafts are working documents of the Internet Engineering 49 Task Force (IETF). Note that other groups may also distribute 50 working documents as Internet-Drafts. The list of current Internet- 51 Drafts is at https://datatracker.ietf.org/drafts/current/. 53 Internet-Drafts are draft documents valid for a maximum of six months 54 and may be updated, replaced, or obsoleted by other documents at any 55 time. It is inappropriate to use Internet-Drafts as reference 56 material or to cite them other than as "work in progress." 58 This Internet-Draft will expire on September 2, 2018. 60 Copyright Notice 62 Copyright (c) 2018 IETF Trust and the persons identified as the 63 document authors. All rights reserved. 65 This document is subject to BCP 78 and the IETF Trust's Legal 66 Provisions Relating to IETF Documents 67 (https://trustee.ietf.org/license-info) in effect on the date of 68 publication of this document. Please review these documents 69 carefully, as they describe your rights and restrictions with respect 70 to this document. Code Components extracted from this document must 71 include Simplified BSD License text as described in Section 4.e of 72 the Trust Legal Provisions and are provided without warranty as 73 described in the Simplified BSD License. 75 Table of Contents 77 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 78 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 79 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4 80 4. Procedures of SR-MPLS over IP . . . . . . . . . . . . . . . . 5 81 4.1. Forwarding Entry Construction . . . . . . . . . . . . . . 5 82 4.2. Packet Forwarding Procedures . . . . . . . . . . . . . . 7 83 4.2.1. Packet Forwarding with Penultimate Hop Popping . . . 7 84 4.2.2. Packet Forwarding without Penultimate Hop Popping . . 8 85 4.2.3. Additional Forwarding Procedures . . . . . . . . . . 9 86 5. Forwarding Details of SR-MPLS over UDP . . . . . . . . . . . 10 87 5.1. Domain Ingress Nodes . . . . . . . . . . . . . . . . . . 11 88 5.2. Legacy Transit Nodes . . . . . . . . . . . . . . . . . . 11 89 5.3. On-Path Pass-Through SR Nodes . . . . . . . . . . . . . . 12 90 5.4. SR Transit Nodes . . . . . . . . . . . . . . . . . . . . 12 91 5.5. Penultimate SR Transit Nodes . . . . . . . . . . . . . . 13 92 5.5.1. A Note on Segment Routing Paths and Penultimate Hop 93 Popping . . . . . . . . . . . . . . . . . . . . . . . 14 94 5.6. Domain Egress Nodes . . . . . . . . . . . . . . . . . . . 14 95 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 15 96 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 97 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 98 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17 99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 100 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 101 10.2. Informative References . . . . . . . . . . . . . . . . . 18 102 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 104 1. Introduction 106 MPLS Segment Routing (SR-MPLS in short) 107 [I-D.ietf-spring-segment-routing-mpls] is an MPLS data plane-based 108 source routing paradigm in which the sender of a packet is allowed to 109 partially or completely specify the route the packet takes through 110 the network by imposing stacked MPLS labels on the packet. SR-MPLS 111 could be leveraged to realize a source routing mechanism across MPLS, 112 IPv4, and IPv6 data planes by using an MPLS label stack as a source 113 routing instruction set while preserving backward compatibility with 114 SR-MPLS. More specifically, the source routing instruction set 115 information contained in a source routed packet could be uniformly 116 encoded as an MPLS label stack no matter whether the underlay is 117 IPv4, IPv6, or MPLS. 119 This document describes how SR-MPLS capable routers and IP-only 120 routers can seamlessly co-exist and interoperate through the use of 121 SR-MPLS label stacks and IP encapsulation/tunnelling such as MPLS-in- 122 UDP [RFC7510]. 124 Although the source routing instructions are encoded as MPLS labels, 125 this is a hardware convenience rather than an indication that the 126 whole MPLS protocol stack needs to be deployed. In particular, the 127 MPLS control protocols are not used in this or any other form of SR- 128 MPLS. 130 Section 3 describes various use cases for the tunneling SR-MPLS over 131 IP. Section 4 describes a typical application scenario and how the 132 packet forwarding happens. Section 5 describes the forwarding 133 procedures of different elements when UDP encapsulation is adopted 134 for source routing. 136 2. Terminology 138 This memo makes use of the terms defined in [RFC3031] and 139 [I-D.ietf-spring-segment-routing-mpls]. 141 3. Use Cases 143 Tunnelling SR-MPLS using IPv4 and/or IPv6 tunnels is useful at least 144 in the following use cases: 146 o Incremental deployment of the SR-MPLS technology may be 147 facilitated by tunnelling SR-MPLS packets across parts of a 148 network that are not SR-MPLS enabled using an IP tunneling 149 mechanism such as MPLS-in-UDP [RFC7510]. The tunnel destination 150 address is the address of the next SR-MPLS-capable node along the 151 path (i.e., the egress of the active node segment). This is shown 152 in Figure 1. 154 ________________________ 155 _______ ( ) _______ 156 ( ) ( IP Network ) ( ) 157 ( SR-MPLS ) ( ) ( SR-MPLS ) 158 ( Network ) ( ) ( Network ) 159 ( -------- -------- ) 160 ( | Border | SR-in-UDP Tunnel | Border | ) 161 ( | Router |========================| Router | ) 162 ( | R1 | | R2 | ) 163 ( -------- -------- ) 164 ( ) ( ) ( ) 165 ( ) ( ) ( ) 166 (_______) ( ) (_______) 167 (________________________) 169 Figure 1: SR-MPLS in UDP to Tunnel Between SR-MPLS Sites 171 o If encoding of entropy is desired, IP tunneling mechanims that 172 allow encoding of entrpopy, such as MPLS-in-UDP encapsulation 173 [RFC7510] where the source port of the UDP header is used as an 174 entropy field, may be used to maximize the untilization of ECMP 175 and/or UCMP, specially when it is difficult to make use of entropy 176 label mechanism. Refer to [I-D.ietf-mpls-spring-entropy-label]) 177 for more discussion about using entropy label in SR-MPLS. 179 o Tunneling MPLS into IP provides a transition technology that 180 enables SR in an IPv4 and/or IPv6 network where many routers have 181 not yet been upgraded to have SRv6 capabilities 182 [I-D.ietf-6man-segment-routing-header]. It could be deployed as 183 an interim until full featured SRv6 is available on more 184 platforms. This is shown in Figure 2. 186 __________________________________ 187 __( IP Network )__ 188 __( )__ 189 ( -- -- -- ) 190 -------- -- -- |SR| -- |SR| -- |SR| -- -------- 191 | Ingress| |IR| |IR| | | |IR| | | |IR| | | |IR| | Egress | 192 --->| Router |===========| |======| |======| |======| Router |---> 193 | SR | | | | | | | | | | | | | | | | | | SR | 194 -------- -- -- | | -- | | -- | | -- -------- 195 (__ -- -- -- __) 196 (__ __) 197 (__________________________________) 199 Key: 200 IR : IP-only Router 201 SR : SR-MPLS-capable Router 202 == : SR-MPLS in UDP Tunnel 204 Figure 2: SR-MPLS Enabled Within an IP Network 206 4. Procedures of SR-MPLS over IP 208 This section describes the construction of forwarding information 209 base (FIB) entries and the forwarding behavior that allow the 210 deployment of SR-MPLS when some routers in the network are IP only 211 (i.e., do not support SR-MPLS). Note that the examples described in 212 Section 4.1 and Section 4.2 assume that OSPF or ISIS is enabled: in 213 fact, other mechanisms of discovery and advertisement could be used 214 including other routing protocols (such as BGP) or a central 215 controller. 217 4.1. Forwarding Entry Construction 219 This sub-section describes the how to construct the forwarding 220 information base (FIB) entry on an SR-MPLS-capable router when some 221 or all of the next-hops along the shortest path towards a prefix-SID 222 are IP-only routers. 224 Consider router A that receives a labeled packet with top label L(E) 225 that corresponds to the prefix-SID SID(E) of prefix P(E) advertised 226 by router E. Suppose the ith next-hop router (termed NHi) along the 227 shortest path from router A toward SID(E) is not SR-MPLS capable. 228 That is both routers A and E are SR-MPLS capable, but some router NHi 229 along the shortest path from A to E is not SR-MPLS capable. The 230 following processing steps apply: 232 o Router E is SR-MPLS capable so it advertises the SR-Capabilities 233 sub-TLV including the SRGB as described in 234 [I-D.ietf-ospf-segment-routing-extensions] and 235 [I-D.ietf-isis-segment-routing-extensions]. 237 o Router E advertises the prefix-SID SID(E) of prefix P(E) so MUST 238 also advertise the encapsulation endpoint and the tunnel type of 239 any tunnel used to reach E. It does this using the mechanisms 240 described in [I-D.ietf-isis-encapsulation-cap] or 241 [I-D.ietf-ospf-encapsulation-cap]. 243 o If A and E are in different IGP areas/levels, then: 245 * The OSPF Tunnel Encapsulation TLV 246 [I-D.ietf-ospf-encapsulation-cap] or the ISIS Tunnel 247 Encapsulation sub-TLV [I-D.ietf-isis-encapsulation-cap] is 248 flooded domain-wide. 250 * The OSPF SID/label range TLV 251 [I-D.ietf-ospf-segment-routing-extensions] or the ISIS SR- 252 Capabilities Sub-TLV [I-D.ietf-isis-segment-routing-extensions] 253 is advertised domain-wide. This way router A knows the 254 characteristics of the router that originated the advertisement 255 of SID(E) (i.e., router E). 257 * When router E advertises the prefix P(E): 259 + If router E is running ISIS it uses the extended 260 reachability TLV (TLVs 135, 235, 236, 237) and associates 261 the IPv4/IPv6 or IPv4/IPv6 source router ID sub-TLV(s) 262 [RFC7794]. 264 + If router E is running OSPF it uses the OSPFv2 Extended 265 Prefix Opaque LSA [RFC7684] and sets the flooding scope to 266 AS-wide. 268 * If router E is running ISIS and advertises the ISIS 269 capabilities TLV (TLV 242) [RFC7981], it MUST set the "router- 270 ID" field to a valid value or include an IPV6 TE router-ID sub- 271 TLV (TLV 12), or do both. The "S" bit (flooding scope) of the 272 ISIS capabilities TLV (TLV 242) MUST be set to "1" . 274 o Router A programs the FIB entry for prefix P(E) corresponding to 275 the SID(E) as follows: 277 * If the NP flag in OSPF or the P flag in ISIS is clear: 279 pop the top label 281 * If the NP flag in OSPF or the P flag in ISIS is set: 283 swap the top label to a value equal to SID(E) plus the lower 284 bound of the SRGB of E 286 * Encapsulate the packet according to the encapsulation 287 advertised in [I-D.ietf-isis-encapsulation-cap] or 288 [I-D.ietf-ospf-encapsulation-cap] 290 * Send the packet towards the next hop NHi. 292 4.2. Packet Forwarding Procedures 294 4.2.1. Packet Forwarding with Penultimate Hop Popping 296 The description in this section assumes that the label associated 297 with each prefix-SID is advertised by the owner of the prefix-SID is 298 a Penultimate Hop Popping (PHP) label. That is, the NP flag in OSPF 299 or the P flag in ISIS associated with the prefix SID is not set. 301 +-----+ +-----+ +-----+ +-----+ +-----+ 302 | A +-------+ B +-------+ C +--------+ D +--------+ H | 303 +-----+ +--+--+ +--+--+ +--+--+ +-----+ 304 | | | 305 | | | 306 +--+--+ +--+--+ +--+--+ 307 | E +-------+ F +--------+ G | 308 +-----+ +-----+ +-----+ 310 +--------+ 311 |IP(A->E)| 312 +--------+ +--------+ +--------+ 313 | UDP | |IP(E->G)| |IP(G->H)| 314 +--------+ +--------+ +--------+ 315 | L(G) | | UDP | | UDP | 316 +--------+ +--------+ +--------+ 317 | L(H) | | L(H) | |Exp Null| 318 +--------+ +--------+ +--------+ 319 | Packet | ---> | Packet | ---> | Packet | 320 +--------+ +--------+ +--------+ 322 Figure 3: Packet Forwarding Example with PHP 324 In the example shown in Figure 3, assume that routers A, E, G, and H 325 are SR-MPLS-capable while the remaining routers (B, C, D, and F) are 326 only capable of forwarding IP packets. Routers A, E, G, and H 327 advertise their Segment Routing related information via IS-IS or 328 OSPF. 330 Now assume that router A wants to send a packet via the explicit path 331 {E->G->H}. Router A will impose an MPLS label stack corresponding to 332 that explicit path on the packet. Since the next hop toward router E 333 is only IP-capable, router A replaces the top label (that indicated 334 router E) with a UDP-based tunnel for MPLS (i.e., MPLS-over-UDP 335 [RFC7510]) to router E and then sends the packet. In other words, 336 router A pops the top label and then encapsulates the MPLS packet in 337 a UDP tunnel to router E. 339 When the IP-encapsulated MPLS packet arrives at router E, router E 340 strips the IP-based tunnel header and then process the decapsulated 341 MPLS packet. The top label indicates that the packet must be 342 forwarded toward router G. Since the next hop toward router G is 343 only IP-capable, router E replaces the current top label with an 344 MPLS-over-UDP tunnel toward router G and sends it out. That is, 345 router E pops the top label and then encapsulates the MPLS packet in 346 a UDP tunnel to router G. 348 When the packet arrives at router G, router G will strip the IP-based 349 tunnel header and then process the decapsulated MPLS packet. The top 350 label indicates that the packet must be forwarded toward router H. 351 Since the next hop toward router H is only IP-capable, router G would 352 replace the current top label with an MPLS-over-UDP tunnel toward 353 router H and send it out. However, this would leave the original 354 packet that router A wanted to send to router H encapsulated in UDP 355 as if it was MPLS even though the original packet could have been any 356 protocol. That is, the final SR-MPLS has been popped exposing the 357 payload packet. 359 To handle this, when a router (here it is router G) pops the final 360 SR-MPLS label, it inserts an explicit null label [RFC3032] before 361 encapsulating the packet with an MPLS-over-UDP tunnel toward router H 362 and sending it out. That is, router G pops the top label, discovers 363 it has reached the bottom of stack, pushes an explicit null label, 364 and then encapsulates the MPLS packet in a UDP tunnel to router H. 366 4.2.2. Packet Forwarding without Penultimate Hop Popping 368 Figure 4 demonstrates the packet walk in the case where the label 369 associated with each prefix-SID advertised by the owner of the 370 prefix-SID is not a Penultimate Hop Popping (PHP) label (i.e., the 371 the NP flag in OSPF or the P flag in ISIS associated with the prefix 372 SID is set). 374 +-----+ +-----+ +-----+ +-----+ +-----+ 375 | A +-------+ B +-------+ C +--------+ D +--------+ H | 376 +-----+ +--+--+ +--+--+ +--+--+ +-----+ 377 | | | 378 | | | 379 +--+--+ +--+--+ +--+--+ 380 | E +-------+ F +--------+ G | 381 +-----+ +-----+ +-----+ 383 +--------+ 384 |IP(A->E)| 385 +--------+ +--------+ 386 | UDP | |IP(E->G)| 387 +--------+ +--------+ +--------+ 388 | L(E) | | UDP | |IP(G->H)| 389 +--------+ +--------+ +--------+ 390 | L(G) | | L(G) | | UDP | 391 +--------+ +--------+ +--------+ 392 | L(H) | | L(H) | | L(H) | 393 +--------+ +--------+ +--------+ 394 | Packet | ---> | Packet | ---> | Packet | 395 +--------+ +--------+ +--------+ 397 Figure 4: Packet Forwarding Example without PHP 399 As can be seen from the figure, the SR-MPLS label for each segment is 400 left in place until the end of the segment where it is popped and the 401 next instruction is processed. Further description can be found in 402 Section 5. 404 4.2.3. Additional Forwarding Procedures 406 Although the description in the previous two sections is based on the 407 use of prefix-SIDs, tunneling SR-MPLS packets are useful when the top 408 label of a received SR-MPLS packet indicates an adjacncy-SID and the 409 corresponding adjacent node to that adjacency-SID is not capable of 410 MPLS forwarding but can still process SR-MPLS packets. In this 411 scenario the top label would be replaced by an IP tunnel toward that 412 adjacent node and then forwarded over the corresponding link 413 indicated by the adjacency-SID. 415 When encapsulating an MPLS packet with an IP tunnel header that is 416 capable of encoding entropy (such as [RFC7510]), the corresponding 417 entropy field (the source port in case UDP tunnel) MAY be filled with 418 an entropy value that is generated by the encapsulator to uniquely 419 identify a flow. However, what constitutes a flow is locally 420 determined by the encapsulator. For instance, if the MPLS label 421 stack contains at least one entropy label and the encapsulator is 422 capable of reading that entropy label, the entropy label value could 423 be directly copied to the source port of the UDP header. Otherwise, 424 the encapsulator may have to perform a hash on the whole label stack 425 or the five-tuple of the SR-MPLS payload if the payload is determined 426 as an IP packet. To avoid re-performing the hash or hunting for the 427 entropy label each time the packet is encapsulated in a UDP tunnel it 428 MAY be desireable that the entropy value contained in the incoming 429 packet (i.e., the UDP source port value) is retained when stripping 430 the UDP header and is re-used as the entropy value of the outgoing 431 packet. 433 5. Forwarding Details of SR-MPLS over UDP 435 This section provides supplementary details to the description found 436 in Section 4. 438 [RFC7510] specifies an IP-based encapsulation for MPLS, i.e., MPLS- 439 in-UDP, which is applicable in some circumstances where IP-based 440 encapsulation for MPLS is required and further fine-grained load 441 balancing of MPLS packets over IP networks over Equal-Cost Multipath 442 (ECMP) and/or Link Aggregation Groups (LAGs) is required as well. 443 This section provides details about the forwarding procedure when 444 when UDP encapsulation is adopted for SR-MPLS over IP. 446 Nodes that are SR capable can process SR-MPLS packets. Not all of 447 the nodes in an SR domain are SR capable. Some nodes may be "legacy 448 routers" that cannot handle SR packets but can forward IP packets. 449 An SR capable node may advertise its capabilities using the IGP as 450 described in Section 4. There are six types of node in an SR domain: 452 o Domain ingress nodes that receive packets and encapsulate them for 453 transmission across the domain. Those packets may be any payload 454 protocol including native IP packets or packets that are already 455 MPLS encapsulated. 457 o Legacy transit nodes that are IP routers but that are not SR 458 capable (i.e., are not able to perform segment routing). 460 o Transit nodes that are SR capable but that are not identified by a 461 SID in the SID stack. 463 o Transit nodes that are SR capable and need to perform SR routing 464 because they are identified by a SID in the SID stack. 466 o The penultimate SR capable node on the path that processes the 467 last SID on the stack on behalf of the domain egress node. 469 o The domain egress node that forwards the payload packet for 470 ultimate delivery. 472 The following sub-sections describe the processing behavior in each 473 case. 475 5.1. Domain Ingress Nodes 477 Domain ingress nodes receive packets from outside the domain and 478 encapsulate them to be forwarded across the domain. Received packets 479 may already be SR-MPLS packets (in the case of connecting two SR-MPLS 480 networks across a native IP network), or may be native IP or MPLS 481 packets. 483 In the latter case, the packet is classified by the domain ingress 484 node and an SR-MPLS stack is imposed. In the former case the SR-MPLS 485 stack is already in the packet. The top entry in the stack is popped 486 from the stack and retained for use below. 488 The packet is then encapsulated in UDP with the destination port set 489 to 6635 to indicate "MPLS-UDP" or to 6636 to indicate "MPLS-UDP-DTLS" 490 as described in [RFC7510]. The source UDP port is set randomly or to 491 provide entropy as described in [RFC7510] and Section 4.2.3, above. 493 The packet is then encapsulated in IP for transmission across the 494 network. The IP source address is set to the domain ingress node, 495 and the destination address is set to the address corresponding to 496 the label that was previously popped from the stack. 498 This processing is equivalent to sending the packet out of a virtual 499 interface that corresponds to a virtual link between the ingress node 500 and the next hop SR node realized by a UDP tunnel. The packet is 501 then sent into the IP network and is routed according to the local 502 FIB and applying hashing to resolve any ECMP choices. 504 5.2. Legacy Transit Nodes 506 A legacy transit node is an IP router that has no SR capabilities. 507 When such a router receives an SR-MPLS-in-UDP packet it will carry 508 out normal TTL processing and if the packet is still live it will 509 forward it as it would any other UDP-in-IP packet. The packet will 510 be routed toward the destination indicated in the packet header using 511 the local FIB and applying hashing to resolve any ECMP choices. 513 If the packet is mistakenly addressed to the legacy router, the UDP 514 tunnel will be terminated and the packet will be discarded either 515 because the MPLS-in-UDP port is not supported or because the 516 uncovered top label has not been allocated. This is, however, a 517 misconnection and should not occur unless there is a routing error. 519 5.3. On-Path Pass-Through SR Nodes 521 Just because a node is SR capable and receives an SR-MPLS-in-UDP 522 packet does not mean that it performs SR processing on the packet. 523 Only routers identified by SIDs in the SR stack need to do such 524 processing. 526 Routers that are not addressed by the destination address in the IP 527 header simply treat the packet as a normal UDP-in-IP packet carrying 528 out normal TTL processing and if the packet is still live routing the 529 packet according to the local FIB and applying hashing to resolve any 530 ECMP choices. 532 This is important because it means that the SR stack can be kept 533 relatively small and the packet can be steered through the network 534 using shortest path first routing between selected SR nodes. 536 5.4. SR Transit Nodes 538 An SR capable node that is addressed by the top most SID in the stack 539 when that is not the last SID in the stack (i.e., the S bit is not 540 set) is an SR transit node. When an SR transit node receives an SR- 541 MPLS-in-UDP packet that is addressed to it, it acts as follows. 543 o Perform TTL processing as normal for an IP packet. 545 o Determine that the packet is addressed to the local node. 547 o Find that the payload is UDP and that the destination port 548 indicates MPLS-in-UDP. 550 o Strip the IP and UDP headers. 552 o Examine the label at the top of the stack and process according to 553 the FIB entry (see Section 4.1. 555 * If the top label identifies this node then no PHP was used on 556 the incoming segment and the label is popped. Continue the 557 processing with the new top label. 559 * Retain the value of the top label. 561 * If the top label was advertised requesting PHP, pop the label. 562 (Note that the case where this is the last label in the stack 563 is covered in Section 5.5.) 565 o Encapsulate the packet in UDP with the destination port set to 566 6635 (or 6636 for DTLS) and the source port set for entropy. The 567 entropy value SHOULD be retained from the received UDP header or 568 MAY be freshly generated since this is a new UDP tunnel (see 569 Section 4.2.3). 571 o Encapsulate the packet in IP with the IP source address set to 572 this transit router, and the destination address set to the 573 address corresponding to the SID for the label value retained 574 earlier. 576 o Send the packet into the IP network routing the packet according 577 to the local FIB and applying hashing to resolve any ECMP choices. 579 5.5. Penultimate SR Transit Nodes 581 The penultimate SR transit node is an SR transit node as described in 582 Section 5.4 where the top label is the last label on the stack. When 583 a penultimate SR transit node receives an SR-MPLS-in-UDP packet that 584 is addressed to it, it processes as for any other transit node (see 585 Section 5.4) except for a special case if PHP is supported for the 586 final SID. 588 If PHP is allowed for the final SID the penultimate SR transit node 589 acts as follows: 591 o Perform TTL processing as normal for an IP packet. 593 o Determine that the packet is addressed to the local node. 595 o Find that the payload is UDP and that the destination port 596 indicates MPLS-in-UDP. 598 o Strip the IP and UDP headers. 600 o Examine the label at the top of the stack and process according to 601 the FIB entry (see Section 4.1. 603 * If the top label identifies this node then no PHP was used on 604 the incoming segment and the label is popped. Continue the 605 processing with the new top label. 607 * Retain the value of the top label. 609 * If the top label was advertised requesting PHP, pop the label. 610 This will have been the last label in the stack. Push an 611 explicit null label [RFC3032] (0 for IPv4 and 2 for IPv6) with 612 bottom of stack (S bit) set. 614 o Encapsulate the packet in UDP with the destination port set to 615 6635 (or 6636 for DTLS) and the source port set for entropy. The 616 entropy value SHOULD be retained from the received UDP header or 617 MAY be freshly generated since this is a new UDP tunnel. 619 o Encapsulate the packet in IP with the IP source address set to 620 this transit router, and the destination address set to the domain 621 egress node IP address corresponding to the SID for the label 622 value retained earlier. 624 o Send the packet into the IP network routing the packet according 625 to the local FIB and applying hashing to resolve any ECMP choices. 627 5.5.1. A Note on Segment Routing Paths and Penultimate Hop Popping 629 End-to-end SR paths are comprised of multiple segments. The end 630 point of each segment is identified by a SID in the SID stack. In 631 normal SR processing a penultimate hop is the router that performs SR 632 routing immediately prior to the end-of-segment router. PHP applies 633 at the penultimate router in a segment. 635 With SR-MPLS-in-UDP encapsulation, each SR segment is achieved using 636 an MPLS-in-UDP tunnel that runs the full length of the segment. The 637 SR SID stack on a packet is only examined at the head and tail ends 638 of this segment. Thus, each segment is effectively one hop long in 639 the SR overlay network and if there is any PHP processing it takes 640 place at the head-end of the segment. 642 5.6. Domain Egress Nodes 644 The domain egress acts as follows: 646 o Perform TTL processing as normal for an IP packet. 648 o Determine that the packet is addressed to the local node. 650 o Find that the payload is UDP and that the destination port 651 indicates MPLS-in-UDP. 653 o Strip the IP and UDP headers. 655 o Examine the label at the top of the stack and process according to 656 the FIB entry (see Section 4.1. 658 * If the top label identifies this node then no PHP was used on 659 the incoming segment and the label is popped. Continue the 660 processing with the new top label. 662 * If there is another label it should be the explicit null. Pop 663 it but retain its value. 665 o Forward the payload packet according to its type (as potentially 666 indicated by the value of the popped explicit null label) and the 667 local routing/forwarding mechanisms. 669 6. Contributors 670 Clarence Filsfils 671 Cisco 672 Email: cfilsfil@cisco.com 674 John Drake 675 Juniper 676 Email: jdrake@juniper.net 678 Shaowen Ma 679 Juniper 680 Email: mashao@juniper.net 682 Mach Chen 683 Huawei 684 Email: mach.chen@huawei.com 686 Hamid Assarpour 687 Broadcom 688 Email:hamid.assarpour@broadcom.com 690 Robert Raszuk 691 Bloomberg LP 692 Email: robert@raszuk.net 694 Uma Chunduri 695 Huawei 696 Email: uma.chunduri@gmail.com 698 Luis M. Contreras 699 Telefonica I+D 700 Email: luismiguel.contrerasmurillo@telefonica.com 702 Luay Jalil 703 Verizon 704 Email: luay.jalil@verizon.com 706 Gunter Van De Velde 707 Nokia 708 Email: gunter.van_de_velde@nokia.com 710 Tal Mizrahi 711 Marvell 712 Email: talmi@marvell.com 714 Jeff Tantsura 715 Individual 716 Email: jefftant@gmail.com 718 7. Acknowledgements 720 Thanks to Joel Halpern, Bruno Decraene, Loa Andersson, Ron Bonica, 721 Eric Rosen, Jim Guichard, and Gunter Van De Velde for their 722 insightful comments on this draft. 724 8. IANA Considerations 726 No IANA action is required. 728 9. Security Considerations 730 TBD. 732 10. References 734 10.1. Normative References 736 [I-D.ietf-isis-encapsulation-cap] 737 Xu, X., Decraene, B., Raszuk, R., Chunduri, U., Contreras, 738 L., and L. Jalil, "Advertising Tunnelling Capability in 739 IS-IS", draft-ietf-isis-encapsulation-cap-01 (work in 740 progress), April 2017. 742 [I-D.ietf-isis-segment-routing-extensions] 743 Previdi, S., Ginsberg, L., Filsfils, C., Bashandy, A., 744 Gredler, H., Litkowski, S., Decraene, B., and J. Tantsura, 745 "IS-IS Extensions for Segment Routing", draft-ietf-isis- 746 segment-routing-extensions-15 (work in progress), December 747 2017. 749 [I-D.ietf-ospf-encapsulation-cap] 750 Xu, X., Decraene, B., Raszuk, R., Contreras, L., and L. 751 Jalil, "The Tunnel Encapsulations OSPF Router 752 Information", draft-ietf-ospf-encapsulation-cap-09 (work 753 in progress), October 2017. 755 [I-D.ietf-ospf-segment-routing-extensions] 756 Psenak, P., Previdi, S., Filsfils, C., Gredler, H., 757 Shakir, R., Henderickx, W., and J. Tantsura, "OSPF 758 Extensions for Segment Routing", draft-ietf-ospf-segment- 759 routing-extensions-24 (work in progress), December 2017. 761 [I-D.ietf-spring-segment-routing-mpls] 762 Bashandy, A., Filsfils, C., Previdi, S., Decraene, B., 763 Litkowski, S., and R. Shakir, "Segment Routing with MPLS 764 data plane", draft-ietf-spring-segment-routing-mpls-12 765 (work in progress), February 2018. 767 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 768 Requirement Levels", BCP 14, RFC 2119, 769 DOI 10.17487/RFC2119, March 1997, 770 . 772 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 773 Label Switching Architecture", RFC 3031, 774 DOI 10.17487/RFC3031, January 2001, 775 . 777 [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., 778 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 779 Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, 780 . 782 [RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black, 783 "Encapsulating MPLS in UDP", RFC 7510, 784 DOI 10.17487/RFC7510, April 2015, 785 . 787 [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., 788 Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute 789 Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 790 2015, . 792 [RFC7794] Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and 793 U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 794 and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794, 795 March 2016, . 797 [RFC7981] Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions 798 for Advertising Router Information", RFC 7981, 799 DOI 10.17487/RFC7981, October 2016, 800 . 802 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 803 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 804 May 2017, . 806 10.2. Informative References 808 [I-D.ietf-6man-segment-routing-header] 809 Previdi, S., Filsfils, C., Raza, K., Dukes, D., Leddy, J., 810 Field, B., daniel.voyer@bell.ca, d., 811 daniel.bernier@bell.ca, d., Matsushima, S., Leung, I., 812 Linkova, J., Aries, E., Kosugi, T., Vyncke, E., Lebrun, 813 D., Steinberg, D., and R. Raszuk, "IPv6 Segment Routing 814 Header (SRH)", draft-ietf-6man-segment-routing-header-08 815 (work in progress), January 2018. 817 [I-D.ietf-mpls-spring-entropy-label] 818 Kini, S., Kompella, K., Sivabalan, S., Litkowski, S., 819 Shakir, R., and J. Tantsura, "Entropy label for SPRING 820 tunnels", draft-ietf-mpls-spring-entropy-label-08 (work in 821 progress), January 2018. 823 Authors' Addresses 825 Xiaohu Xu 826 Alibaba 828 Email: xiaohu.xxh@alibaba-inc.com 830 Stewart Bryant 831 Huawei 833 Email: stewart.bryant@gmail.com 835 Adrian Farrel 836 Juniper 838 Email: afarrel@juniper.net 840 Ahmed Bashandy 841 Cisco 843 Email: bashandy@cisco.com 845 Wim Henderickx 846 Nokia 848 Email: wim.henderickx@nokia.com 849 Zhenbin Li 850 Huawei 852 Email: lizhenbin@huawei.com