draft-ietf-idr-bgp-prefix-sid-13.txt   draft-ietf-idr-bgp-prefix-sid-14.txt 
IDR S. Previdi, Ed. IDR S. Previdi, Ed.
Internet-Draft C. Filsfils Internet-Draft C. Filsfils
Intended status: Standards Track A. Lindem Intended status: Standards Track A. Lindem
Expires: August 9, 2018 Cisco Systems Expires: August 11, 2018 Cisco Systems
A. Sreekantiah A. Sreekantiah
H. Gredler H. Gredler
RtBrick Inc. RtBrick Inc.
February 5, 2018 February 7, 2018
Segment Routing Prefix SID extensions for BGP Segment Routing Prefix SID extensions for BGP
draft-ietf-idr-bgp-prefix-sid-13 draft-ietf-idr-bgp-prefix-sid-14
Abstract Abstract
Segment Routing (SR) architecture allows a node to steer a packet Segment Routing (SR) architecture allows a node to steer a packet
flow through any topological path and service chain by leveraging flow through any topological path and service chain by leveraging
source routing. The ingress node prepends an SR header to a packet source routing. The ingress node prepends an SR header to a packet
containing a set of segment identifiers (SID). Each SID represents a containing a set of segment identifiers (SID). Each SID represents a
topological or a service-based instruction. Per-flow state is topological or a service-based instruction. Per-flow state is
maintained only on the ingress node of the SR domain. maintained only on the ingress node of the SR domain.
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 9, 2018. This Internet-Draft will expire on August 11, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 20 skipping to change at page 3, line 20
as "go to prefix P following shortest path" or a service instruction as "go to prefix P following shortest path" or a service instruction
(e.g., "pass through deep packet inspection"). Other types of (e.g., "pass through deep packet inspection"). Other types of
segments may be defined in the future. segments may be defined in the future.
A segment is identified through a Segment Identifier (SID). A segment is identified through a Segment Identifier (SID).
Typically, the ingress node of the SR domain prepends an SR header Typically, the ingress node of the SR domain prepends an SR header
containing segments identifiers (SIDs) to an incoming packet. containing segments identifiers (SIDs) to an incoming packet.
As described in [I-D.ietf-spring-segment-routing], when SR is applied As described in [I-D.ietf-spring-segment-routing], when SR is applied
to the MPLS dataplane ([I-D.ietf-spring-segment-routing-mpls]), the to the MPLS dataplane ([I-D.ietf-spring-segment-routing-mpls]), the
SID consists of a label while when SR is applied to the IPv6 SID consists of a label, while when SR is applied to the IPv6
dataplane the SID consists of an IPv6 address. dataplane the SID consists of an IPv6 address.
A BGP-Prefix Segment (and its BGP Prefix-SID) is a BGP segment A BGP-Prefix Segment (and its BGP Prefix-SID) is a BGP segment
attached to a BGP prefix. A BGP Prefix-SID is always a global SID attached to a BGP prefix. A BGP Prefix-SID is always a global SID
([I-D.ietf-spring-segment-routing]) within the SR/BGP domain (i.e., ([I-D.ietf-spring-segment-routing]) within the SR/BGP domain (i.e.,
the set of Autonomous Systems under a common administration and the set of Autonomous Systems under a common administration and
control and where SR is used) and identifies an instruction to control and where SR is used) and identifies an instruction to
forward the packet over the ECMP-aware best-path computed by BGP to forward the packet over the ECMP-aware best-path computed by BGP to
the related prefix. The BGP Prefix-SID is the identifier of the BGP the related prefix. The BGP Prefix-SID is the identifier of the BGP
prefix segment. In this document, we always refer to the BGP segment prefix segment. In this document, we always refer to the BGP segment
skipping to change at page 10, line 15 skipping to change at page 10, line 15
The BGP Prefix-SID attribute MUST contain the Label-Index TLV and MAY The BGP Prefix-SID attribute MUST contain the Label-Index TLV and MAY
contain the Originator SRGB TLV. A BGP Prefix-SID attribute received contain the Originator SRGB TLV. A BGP Prefix-SID attribute received
without a Label-Index TLV MUST be considered as "unacceptable" by the without a Label-Index TLV MUST be considered as "unacceptable" by the
receiving speaker. receiving speaker.
If multiple prefixes are received with the same label index value, If multiple prefixes are received with the same label index value,
all these prefixes MUST have their BGP Prefix-SID attribute all these prefixes MUST have their BGP Prefix-SID attribute
considered as "unacceptable" by the receiving speaker. considered as "unacceptable" by the receiving speaker.
When a BGP speaker receives a path from a neighbor with an acceptable When a BGP speaker receives a path from a neighbor with an acceptable
BGP Prefix-SID attribute, it MUST program the derived label as the BGP Prefix-SID attribute and that path is selected as the best path,
local label for the prefix in its MPLS dataplane. In case of an it SHOULD program the derived label as the local label for the prefix
error, a BGP speaker MUST follow to the error handling rules in its MPLS dataplane. In case of an error, a BGP speaker MUST
specified in Section 6. A BGP speaker SHOULD log an error for follow to the error handling rules specified in Section 6. A BGP
further analysis. speaker SHOULD log an error for further analysis.
When a BGP speaker receives a path from a neighbor with an When a BGP speaker receives a path from a neighbor with an
unacceptable BGP Prefix-SID attribute or when a BGP speaker receives unacceptable BGP Prefix-SID attribute or when a BGP speaker receives
a path from a neighbor with a BGP Prefix-SID attribute but is unable a path from a neighbor with a BGP Prefix-SID attribute but is unable
to process it (it does not have the capability or local policy to process it (it does not have the capability or local policy
disables the capability), it MUST treat the path as if it came disables the capability), it MUST treat the path as if it came
without a BGP Prefix-SID attribute. For the purposes of local label without a BGP Prefix-SID attribute. For the purposes of local label
allocation, a BGP speaker MUST assign a local (also called dynamic) allocation, a BGP speaker MUST assign a local (also called dynamic)
label (non-SRGB) for such a prefix as per classic Multiprotocol BGP label (non-SRGB) for such a prefix as per classic Multiprotocol BGP
labeled IPv4/IPv6 Unicast ([RFC8277]) operation. A BGP speaker labeled IPv4/IPv6 Unicast ([RFC8277]) operation. A BGP speaker
skipping to change at page 11, line 6 skipping to change at page 11, line 6
When an SR IPv6 BGP speaker receives an IPv6 Unicast BGP Update with When an SR IPv6 BGP speaker receives an IPv6 Unicast BGP Update with
a prefix having the BGP Prefix-SID attribute attached, it checks a prefix having the BGP Prefix-SID attribute attached, it checks
whether the IPv6 SID TLV is present. If present and chosen as the whether the IPv6 SID TLV is present. If present and chosen as the
best path, the prefix is installed into the Segment Routing IPv6 best path, the prefix is installed into the Segment Routing IPv6
dataplane as described in [I-D.ietf-spring-segment-routing]. dataplane as described in [I-D.ietf-spring-segment-routing].
The Label-Index and Originator SRGB TLVs MUST be ignored on The Label-Index and Originator SRGB TLVs MUST be ignored on
reception. For future extensibility, no TLVs are required for the reception. For future extensibility, no TLVs are required for the
BGP IPv6 unicast address family. However, a BGP Prefix-SID attribute BGP IPv6 unicast address family. However, a BGP Prefix-SID attribute
corresponding to the BGP IPv6 address family without an IPv6 SID TLV corresponding to the BGP IPv6 address family without an IPv6 SID TLV
MUST be ignored. SHOULD be ignored.
5. Advertising BGP Prefix-SID Attribute 5. Advertising BGP Prefix-SID Attribute
The BGP Prefix-SID attribute MAY be attached to labeled BGP prefixes The BGP Prefix-SID attribute MAY be attached to labeled BGP prefixes
(IPv4/IPv6) [RFC8277] or to IPv6 unicast prefixes [RFC4760]. In (IPv4/IPv6) [RFC8277] or to IPv6 unicast prefixes [RFC4760]. In
order to prevent distribution of the BGP Prefix-SID attribute beyond order to prevent distribution of the BGP Prefix-SID attribute beyond
its intended scope of applicability, attribute filtering SHOULD be its intended scope of applicability, attribute filtering SHOULD be
deployed. deployed to remove the BGP Prefix-SID attribute at the adminstrative
boundary of the segment routing domain.
A BGP speaker that advertises a path received from one of its A BGP speaker that advertises a path received from one of its
neighbors SHOULD advertise the BGP Prefix-SID received with the path neighbors SHOULD advertise the BGP Prefix-SID received with the path
without modification, as long as the BGP Prefix-SID was acceptable. without modification, as long as the BGP Prefix-SID was acceptable.
If the path did not come with a BGP Prefix-SID attribute, the speaker If the path did not come with a BGP Prefix-SID attribute, the speaker
MAY attach a BGP Prefix-SID to the path if configured to do so. The MAY attach a BGP Prefix-SID to the path if configured to do so. The
content of the TLVs present in the BGP Prefix-SID is determined by content of the TLVs present in the BGP Prefix-SID is determined by
the configuration. the configuration.
5.1. MPLS Dataplane: Labeled Unicast 5.1. MPLS Dataplane: Labeled Unicast
skipping to change at page 12, line 8 skipping to change at page 12, line 8
In all cases, the label field of the advertised NLRI ([RFC8277], In all cases, the label field of the advertised NLRI ([RFC8277],
[RFC4364]) MUST be set to the local/incoming label programmed in the [RFC4364]) MUST be set to the local/incoming label programmed in the
MPLS dataplane for the given advertised prefix. If the prefix is MPLS dataplane for the given advertised prefix. If the prefix is
associated with one of the BGP speaker's interfaces, this is the associated with one of the BGP speaker's interfaces, this is the
usual MPLS label (such as the Implicit or Explicit NULL label). usual MPLS label (such as the Implicit or Explicit NULL label).
5.2. IPv6 Dataplane 5.2. IPv6 Dataplane
A BGP speaker that originates an IPv6 prefix with the BGP Prefix-SID A BGP speaker that originates an IPv6 prefix with the BGP Prefix-SID
attribute MAY include the IPv6 SID TLV. attribute SHOULD include the IPv6 SID TLV.
6. Error Handling of BGP Prefix-SID Attribute 6. Error Handling of BGP Prefix-SID Attribute
When a BGP Speaker receives a BGP Update message containing a When a BGP Speaker receives a BGP Update message containing a
malformed or unacceptable BGP Prefix-SID attribute attached to a malformed or unacceptable BGP Prefix-SID attribute attached to a
Labeled IPv4/IPv6 unicast prefix [RFC8277], it MUST ignore the Labeled IPv4/IPv6 unicast prefix [RFC8277], it MUST ignore the
received BGP Prefix-SID attributes and not advertise it to other BGP received BGP Prefix-SID attributes and not advertise it to other BGP
peers. This is equivalent to the "Attribute discard" action peers. This is equivalent to the "Attribute discard" action
specified in [RFC7606]. When discarding an attribute, a BGP speaker specified in [RFC7606]. When discarding an attribute, a BGP speaker
SHOULD log an error for further analysis. SHOULD log an error for further analysis.
skipping to change at page 14, line 14 skipping to change at page 14, line 14
case, the BGP Prefix-SID advertisement is applicable to the inter-AS case, the BGP Prefix-SID advertisement is applicable to the inter-AS
context, i.e., EBGP, while it is confined to a single administrative context, i.e., EBGP, while it is confined to a single administrative
domain. domain.
9. Security Considerations 9. Security Considerations
This document introduces a BGP attribute (BGP Prefix-SID) which This document introduces a BGP attribute (BGP Prefix-SID) which
inherits the security considerations expressed in: [RFC4271], inherits the security considerations expressed in: [RFC4271],
[RFC8277], and [I-D.ietf-spring-segment-routing]. [RFC8277], and [I-D.ietf-spring-segment-routing].
When advertised using BGPsec as described in [RFC8205], the BGP
Prefix-SID attribute doesn't impose any unique security
considerations.
It should be noted that, as described in Section 8, this document It should be noted that, as described in Section 8, this document
refers to a deployment model where all nodes are under the single refers to a deployment model where all nodes are under the single
administrative domain. In this context, we assume that the operator administrative domain. In this context, we assume that the operator
doesn't want to leak any information related to internal prefixes and doesn't want to leak any information related to internal prefixes and
topology outside of the administrative domain. The internal topology outside of the administrative domain. The internal
information includes the BGP Prefix-SID. In order to prevent such information includes the BGP Prefix-SID. In order to prevent such
leaking, the standard BGP mechanisms (filters) are applied at the leaking, the standard BGP mechanisms (filters) are applied at the
boundary of the SR/administrative domain. boundary of the SR/administrative domain.
To prevent a Denial-of-Service (DoS) or Distributed-Denial-of-Service
(DDoS) attack due to excessive BGP updates with an unacceptable BGP
Prefix-SID attribute, message rate-limiting as well as suppression of
duplicate messages SHOULD be deployed.
10. Contributors 10. Contributors
Keyur Patel Keyur Patel
Arrcus, Inc. Arrcus, Inc.
US US
Email: Keyur@arrcus.com Email: Keyur@arrcus.com
Saikat Ray Saikat Ray
Unaffiliated Unaffiliated
skipping to change at page 14, line 49 skipping to change at page 15, line 12
The authors would like to thank Satya Mohanty for his contribution to The authors would like to thank Satya Mohanty for his contribution to
this document. this document.
The authors would like to thank Alvaro Retana for substantive The authors would like to thank Alvaro Retana for substantive
comments as part of the Routing AD review. comments as part of the Routing AD review.
The authors would like to thank Shyam Sethuram for comments and The authors would like to thank Shyam Sethuram for comments and
discussion of TLV processing and validation. discussion of TLV processing and validation.
The authors would like to thank Peter Yee, Tony Przygienda, Mirja The authors would like to thank Peter Yee, Tony Przygienda, Mirja
Kuehlewind, and Alexey Melnikov for IETF last call directorate and Kuehlewind, Alexey Melnikov, Eric Rescorla, Suresh Krishnan, and
IESG reviews. Warren Kumari for IETF Last Call directorate and IESG reviews.
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-spring-segment-routing] [I-D.ietf-spring-segment-routing]
Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B.,
Litkowski, S., and R. Shakir, "Segment Routing Litkowski, S., and R. Shakir, "Segment Routing
Architecture", draft-ietf-spring-segment-routing-15 (work Architecture", draft-ietf-spring-segment-routing-15 (work
in progress), January 2018. in progress), January 2018.
skipping to change at page 15, line 49 skipping to change at page 16, line 14
[RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
Patel, "Revised Error Handling for BGP UPDATE Messages", Patel, "Revised Error Handling for BGP UPDATE Messages",
RFC 7606, DOI 10.17487/RFC7606, August 2015, RFC 7606, DOI 10.17487/RFC7606, August 2015,
<https://www.rfc-editor.org/info/rfc7606>. <https://www.rfc-editor.org/info/rfc7606>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol
Specification", RFC 8205, DOI 10.17487/RFC8205, September
2017, <https://www.rfc-editor.org/info/rfc8205>.
[RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address [RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address
Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017, Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017,
<https://www.rfc-editor.org/info/rfc8277>. <https://www.rfc-editor.org/info/rfc8277>.
12.2. Informative References 12.2. Informative References
[I-D.ietf-idr-bgp-ls-segment-routing-ext] [I-D.ietf-idr-bgp-ls-segment-routing-ext]
Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H.,
and M. Chen, "BGP Link-State extensions for Segment and M. Chen, "BGP Link-State extensions for Segment
Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-04 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-04
 End of changes. 13 change blocks. 
15 lines changed or deleted 29 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/