From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc9256.txt | 1923 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1923 insertions(+) create mode 100644 doc/rfc/rfc9256.txt (limited to 'doc/rfc/rfc9256.txt') diff --git a/doc/rfc/rfc9256.txt b/doc/rfc/rfc9256.txt new file mode 100644 index 0000000..c237b68 --- /dev/null +++ b/doc/rfc/rfc9256.txt @@ -0,0 +1,1923 @@ + + + + +Internet Engineering Task Force (IETF) C. Filsfils +Request for Comments: 9256 K. Talaulikar, Ed. +Updates: 8402 Cisco Systems, Inc. +Category: Standards Track D. Voyer +ISSN: 2070-1721 Bell Canada + A. Bogdanov + British Telecom + P. Mattes + Microsoft + July 2022 + + + Segment Routing Policy Architecture + +Abstract + + Segment Routing (SR) allows a node to steer a packet flow along any + path. Intermediate per-path states are eliminated thanks to source + routing. SR Policy is an ordered list of segments (i.e., + instructions) that represent a source-routed policy. Packet flows + are steered into an SR Policy on a node where it is instantiated + called a headend node. The packets steered into an SR Policy carry + an ordered list of segments associated with that SR Policy. + + This document updates RFC 8402 as it details the concepts of SR + Policy and steering into an SR Policy. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc9256. + +Copyright Notice + + Copyright (c) 2022 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Revised BSD License text as described in Section 4.e of the + Trust Legal Provisions and are provided without warranty as described + in the Revised BSD License. + +Table of Contents + + 1. Introduction + 1.1. Requirements Language + 2. SR Policy + 2.1. Identification of an SR Policy + 2.2. Candidate Path and Segment List + 2.3. Protocol-Origin of a Candidate Path + 2.4. Originator of a Candidate Path + 2.5. Discriminator of a Candidate Path + 2.6. Identification of a Candidate Path + 2.7. Preference of a Candidate Path + 2.8. Validity of a Candidate Path + 2.9. Active Candidate Path + 2.10. Validity of an SR Policy + 2.11. Instantiation of an SR Policy in the Forwarding Plane + 2.12. Priority of an SR Policy + 2.13. Summary + 3. Segment Routing Database + 4. Segment Types + 4.1. Explicit Null + 5. Validity of a Candidate Path + 5.1. Explicit Candidate Path + 5.2. Dynamic Candidate Path + 5.3. Composite Candidate Path + 6. Binding SID + 6.1. BSID of a Candidate Path + 6.2. BSID of an SR Policy + 6.3. Forwarding Plane + 6.4. Non-SR Usage of Binding SID + 7. SR Policy State + 8. Steering into an SR Policy + 8.1. Validity of an SR Policy + 8.2. Drop-upon-Invalid SR Policy + 8.3. Incoming Active SID is a BSID + 8.4. Per-Destination Steering + 8.5. Recursion on an On-Demand Dynamic BSID + 8.6. Per-Flow Steering + 8.7. Policy-Based Routing + 8.8. Optional Steering Modes for BGP Destinations + 9. Recovering from Network Failures + 9.1. Leveraging TI-LFA Local Protection of the Constituent IGP + Segments + 9.2. Using an SR Policy to Locally Protect a Link + 9.3. Using a Candidate Path for Path Protection + 10. Security Considerations + 11. Manageability Considerations + 12. IANA Considerations + 12.1. Guidance for Designated Experts + 13. References + 13.1. Normative References + 13.2. Informative References + Acknowledgement + Contributors + Authors' Addresses + +1. Introduction + + Segment Routing (SR) [RFC8402] allows a node to steer a packet flow + along any path. The headend is a node where the instructions for + source routing (i.e., segments) are written into the packet. It + hence becomes the starting node for a specific segment routing path. + Intermediate per-path states are eliminated thanks to source routing. + + A Segment Routing Policy (SR Policy) [RFC8402] is an ordered list of + segments (i.e., instructions) that represent a source-routed policy. + The headend node is said to steer a flow into an SR Policy. The + packets steered into an SR Policy have an ordered list of segments + associated with that SR Policy written into them. [RFC8660] + describes the representation and processing of this ordered list of + segments as an MPLS label stack for SR-MPLS, while [RFC8754] and + [RFC8986] describe the same for Segment Routing over IPv6 (SRv6) with + the use of the Segment Routing Header (SRH). + + [RFC8402] introduces the SR Policy construct and provides an overview + of how it is leveraged for Segment Routing use cases. This document + updates [RFC8402] to specify detailed concepts of SR Policy and + steering packets into an SR Policy. It applies equally to the SR- + MPLS and SRv6 instantiations of segment routing. + +1.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +2. SR Policy + + The general concept of SR Policy provides a framework that enables + the instantiation of an ordered list of segments on a node for + implementing a source routing policy for the steering of traffic for + a specific purpose (e.g., for a specific Service Level Agreement + (SLA)) from that node. + + The Segment Routing architecture [RFC8402] specifies that any + instruction can be bound to a segment. Thus, an SR Policy can be + built using any type of Segment Identifier (SID) including those + associated with topological or service instructions. + + This section defines the key aspects and constituents of an SR + Policy. + +2.1. Identification of an SR Policy + + An SR Policy MUST be identified through the tuple . In the context of a specific headend, an SR Policy MUST + be identified by the tuple. + + The headend is the node where the policy is instantiated/implemented. + The headend is specified as an IPv4 or IPv6 address and MUST resolve + to a unique node in the SR domain [RFC8402]. + + The endpoint indicates the destination of the policy. The endpoint + is specified as an IPv4 or IPv6 address and SHOULD resolve to a + unique node in the domain. In a specific case (refer to + Section 8.8.1), the endpoint can be the unspecified address (0.0.0.0 + for IPv4, :: for IPv6) and in this case, the destination of the + policy is indicated by the last segment in the segment list(s). + + The color is an unsigned non-zero 32-bit integer value that + associates the SR Policy with an intent or objective (e.g., low + latency). + + The endpoint and the color are used to automate the steering of + service or transport routes on SR Policies (refer to Section 8). + + An implementation MAY allow the assignment of a symbolic name + comprising printable ASCII [RFC0020] characters (i.e., 0x20 to 0x7E) + to an SR Policy to serve as a user-friendly attribute for debugging + and troubleshooting purposes. Such symbolic names may identify an SR + Policy when the naming scheme ensures uniqueness. The SR Policy name + MAY also be signaled along with a candidate path of the SR Policy + (refer to Section 2.2). An SR Policy MAY have multiple names + associated with it in the scenario where the headend receives + different SR Policy names along with different candidate paths for + the same SR Policy via the same or different sources. + +2.2. Candidate Path and Segment List + + An SR Policy is associated with one or more candidate paths. A + candidate path is the unit for signaling of an SR Policy to a headend + via protocol extensions like the Path Computation Element + Communication Protocol (PCEP) [RFC8664] [PCEP-SR-POLICY-CP] or BGP SR + Policy [BGP-SR-POLICY]. + + A segment list represents a specific source-routed path to send + traffic from the headend to the endpoint of the corresponding SR + Policy. + + A candidate path is either dynamic, explicit, or composite. + + An explicit candidate path is expressed as a segment list or a set of + segment lists. + + A dynamic candidate path expresses an optimization objective and a + set of constraints for a specific data plane (i.e., SR-MPLS or SRv6). + The headend (potentially with the help of a PCE) computes a solution + segment list (or set of segment lists) that solves the optimization + problem. + + If a candidate path is associated with a set of segment lists, each + segment list is associated with weight for weighted load balancing + (refer to Section 2.11 for details). The default weight is 1. + + A composite candidate path acts as a container for grouping SR + Policies. The composite candidate path construct enables the + combination of SR Policies, each with explicit candidate paths and/or + dynamic candidate paths with potentially different optimization + objectives and constraints, for load-balanced steering of packet + flows over its constituent SR Policies. The following criteria apply + for inclusion of constituent SR Policies using a composite candidate + path under a parent SR Policy: + + * The endpoints of the constituent SR Policies and the parent SR + Policy MUST be identical. + + * The colors of each of the constituent SR Policies and the parent + SR Policy MUST be different. + + * The constituent SR Policies MUST NOT use composite candidate + paths. + + Each constituent SR Policy of a composite candidate path is + associated with weight for load-balancing purposes (refer to + Section 2.11 for details). The default weight is 1. + + Section 2.13 illustrates an information model for hierarchical + relationships between the SR Policy constructs described in this + section. + +2.3. Protocol-Origin of a Candidate Path + + A headend may be informed about a candidate path for an SR Policy + by various means including: via configuration, PCEP + [RFC8664] [PCEP-SR-POLICY-CP], or BGP [BGP-SR-POLICY]. + + Protocol-Origin of a candidate path is an 8-bit value associated with + the mechanism or protocol used for signaling/provisioning the SR + Policy. It helps identify the protocol/mechanism that provides or + signals the candidate path and indicates its preference relative to + other protocols/mechanisms. + + The headend assigns different Protocol-Origin values to each source + of SR Policy information. The Protocol-Origin value is used as a + tiebreaker between candidate paths of equal Preference, as described + in Section 2.9. The table below specifies the RECOMMENDED default + values of Protocol-Origin: + + +=================+===================+ + | Protocol-Origin | Description | + +=================+===================+ + | 10 | PCEP | + +-----------------+-------------------+ + | 20 | BGP SR Policy | + +-----------------+-------------------+ + | 30 | Via Configuration | + +-----------------+-------------------+ + + Table 1: Protocol-Origin Default Values + + Note that the above order is to satisfy the need for having a clear + ordering, and implementations MAY allow modifications of these + default values assigned to protocols on the headend along similar + lines as a routing administrative distance. Its application in the + candidate path selection is described in Section 2.9. + +2.4. Originator of a Candidate Path + + The Originator identifies the node that provisioned or signaled the + candidate path on the headend. The Originator is expressed in the + form of a 160-bit numerical value formed by the concatenation of the + fields of the tuple as + below: + + Autonomous System Number (ASN): represented as a 4-byte number. If + 2-byte ASNs are in use, the low-order 16 bits MUST be used, and + the high-order bits MUST be set to 0. + + Node Address: represented as a 128-bit value. IPv4 addresses MUST + be encoded in the lowest 32 bits, and the high-order bits MUST be + set to 0. + + Its application in the candidate path selection is described in + Section 2.9. + + When provisioning is via configuration, the ASN and node address MAY + be set to either the headend or the provisioning controller/node ASN + and address. The default value is 0 for both AS and node address. + + When signaling is via PCEP, it is the IPv4 or IPv6 address of the + PCE, and the AS number is expected to be set to 0 by default when not + available or known. + + When signaling is via BGP SR Policy, the ASN and node address are + provided by BGP (refer to [BGP-SR-POLICY]) on the headend. + +2.5. Discriminator of a Candidate Path + + The Discriminator is a 32-bit value associated with a candidate path + that uniquely identifies it within the context of an SR Policy from a + specific Protocol-Origin as specified below: + + * When provisioning is via configuration, this is a unique + identifier for a candidate path; it is specific to the + implementation's configuration model. The default value is 0. + + * When signaling is via PCEP, the method to uniquely signal an + individual candidate path along with its Discriminator is + described in [PCEP-SR-POLICY-CP]. The default value is 0. + + * When signaling is via BGP SR Policy, the BGP process receiving the + route provides the distinguisher (refer to [BGP-SR-POLICY]) as the + Discriminator. Note that the BGP best path selection is applied + before the route is supplied as a candidate path, so only a single + candidate path for a given SR Policy will be seen for a given + Discriminator. + + Its application in the candidate path selection is described in + Section 2.9. + +2.6. Identification of a Candidate Path + + A candidate path is identified in the context of a single SR Policy. + + A candidate path is not shared across SR Policies. + + A candidate path is not identified by its segment list(s). + + | If CP1 is a candidate path of SR Policy Pol1 and CP2 is a + | candidate path of SR Policy Pol2, then these two candidate + | paths are independent, even if they happen to have the same + | segment list. The segment list does not identify a candidate + | path. The segment list is an attribute of a candidate path. + + The identity of a candidate path MUST be uniquely established in the + context of an SR Policy to handle add, + delete, or modify operations on them in an unambiguous manner + regardless of their source(s). + + The tuple uniquely + identifies a candidate path. + + Candidate paths MAY also be assigned or signaled with a symbolic name + comprising printable ASCII [RFC0020] characters (i.e., 0x20 to 0x7E) + to serve as a user-friendly attribute for debugging and + troubleshooting purposes. Such symbolic names MUST NOT be considered + as identifiers for a candidate path. The signaling of the candidate + path name via BGP and PCEP is described in [BGP-SR-POLICY] and + [PCEP-SR-POLICY-CP], respectively. + +2.7. Preference of a Candidate Path + + The Preference of the candidate path is used to select the best + candidate path for an SR Policy. It is a 32-bit value where a higher + value indicates higher preference and the default Preference value is + 100. + + It is RECOMMENDED that each candidate path of a given SR Policy has a + different Preference. + + The signaling of the candidate path Preference via BGP and PCEP is + described in [BGP-SR-POLICY] and [PCEP-SR-POLICY-CP], respectively. + +2.8. Validity of a Candidate Path + + A candidate path is usable when it is valid. The RECOMMENDED + candidate path validity criterion is the validity of at least one of + its constituent segment lists. The validation rules are specified in + Section 5. + +2.9. Active Candidate Path + + A candidate path is selected when it is valid and it is determined to + be the best path of the SR Policy. The selected path is referred to + as the "active path" of the SR Policy in this document. + + Whenever a new path is learned or an active path is deleted, the + validity of an existing path changes, or an existing path is changed, + the selection process MUST be re-executed. + + The candidate path selection process operates primarily on the + candidate path Preference. A candidate path is selected when it is + valid and it has the highest Preference value among all the valid + candidate paths of the SR Policy. + + In the case of multiple valid candidate paths of the same Preference, + the tie-breaking rules are evaluated on the identification tuple in + the following order until only one valid best path is selected: + + 1. The higher value of Protocol-Origin is selected. + + 2. If specified by configuration, prefer the existing installed + path. + + 3. The lower value of the Originator is selected. + + 4. Finally, the higher value of the Discriminator is selected. + + The rules are framed with multiple protocols and sources in mind and + hence may not follow the logic of a single protocol (e.g., BGP best + path selection). The motivation behind these rules are as follows: + + * The Preference, being the primary criterion, allows an operator to + influence selection across paths thus allowing provisioning of + multiple path options, e.g., CP1 is preferred as its Preference + value is the highest, and if it becomes invalid, then CP2 with the + next highest Preference value is selected, and so on. Since + Preference works across protocol sources, it also enables (where + necessary) selective override of the default Protocol-Origin + preference, e.g., to prefer a path signaled via BGP SR Policy over + what is configured. + + * The Protocol-Origin allows an operator to set up a default + selection mechanism across protocol sources, e.g., to prefer + configured paths over paths signaled via BGP SR Policy or PCEP. + + * The Originator allows an operator to have multiple redundant + controllers and still maintain a deterministic behavior over which + of them are preferred even if they are providing the same + candidate paths for the same SR policies to the headend. + + * The Discriminator performs the final tie-breaking step to ensure a + deterministic outcome of selection regardless of the order in + which candidate paths are signaled across multiple transport + channels or sessions. + + [SR-POLICY-CONSID] provides a set of examples to illustrate the + active candidate path selection rules. + +2.10. Validity of an SR Policy + + An SR Policy is valid when it has at least one valid candidate path. + +2.11. Instantiation of an SR Policy in the Forwarding Plane + + Generally, only valid SR policies are instantiated in the forwarding + plane. + + Only the active candidate path MUST be used for forwarding traffic + that is being steered onto that policy except for certain scenarios + such as fast reroute where a backup candidate path may be used as + described in Section 9.3. + + If a set of segment lists is associated with the active path of the + policy, then the steering is per flow and weighted-ECMP (W-ECMP) + based according to the relative weight of each segment list. + + The fraction of the flows associated with a given segment list is + w/Sw, where w is the weight of the segment list and Sw is the sum of + the weights of the segment lists of the selected path of the SR + Policy. + + When a composite candidate path is active, the fraction of flows + steered into each constituent SR Policy is equal to the relative + weight of each constituent SR Policy. Further load-balancing of + flows steered into a constituent SR Policy is performed based on the + weights of the segment list of the active candidate path of that + constituent SR Policy. + + The accuracy of the weighted load-balancing depends on the platform + implementation. + +2.12. Priority of an SR Policy + + Upon topological change, many policies could be re-computed or + revalidated. An implementation MAY provide a per-policy priority + configuration. The operator may set this field to indicate the order + in which the policies should be re-computed. Such a priority is + represented by an integer in the range (0, 255) where the lowest + value is the highest priority. The default value of priority is 128. + + An SR Policy may comprise multiple candidate paths received from the + same or different sources. A candidate path MAY be signaled with a + priority value. When an SR Policy has multiple candidate paths with + distinct signaled non-default priority values and the SR Policy + itself does not have a priority value configured, the SR Policy as a + whole takes the lowest value (i.e., the highest priority) amongst + these signaled priority values. + +2.13. Summary + + In summary, the information model is the following: + + SR Policy POL1 + Candidate Path CP1 + Preference 200 + Priority 10 + Segment List 1 , Weight W1 + Segment List 2 , Weight W2 + Candidate Path CP2 + Preference 100 + Priority 10 + Segment List 3 , Weight W3 + Segment List 4 , Weight W4 + + The SR Policy POL1 is identified by the tuple . It has two candidate paths: CP1 and CP2. Each is + identified by a tuple + within the scope of POL1. CP1 is the active candidate path (it is + valid and has the highest Preference). The two segment lists of CP1 + are installed as the forwarding instantiation of SR Policy POL1. + Traffic steered on POL1 is flow-based hashed on segment list + with a ratio W1/(W1+W2). + + The information model of SR Policy POL100 having a composite + candidate path is the following: + + SR Policy POL100 + Candidate Path CP1 + Preference 200 + SR Policy , Weight W1 + SR Policy , Weight W2 + + The constituent SR Policies POL1 and POL2 have an information model + as described at the start of this section. They are referenced only + by color in the composite candidate path since their headend and + endpoint are identical to the POL100. The valid segment lists of the + active candidate path of POL1 and POL2 are installed in the + forwarding. Traffic steered on POL100 is hashed on a per-flow basis + on POL1 with a proportion W1/(W1+W2). Within the POL1, the flow- + based hashing over its segment lists are performed as described + earlier in this section. + +3. Segment Routing Database + + An SR Policy computation node (e.g., headend or controller) maintains + the Segment Routing Database (SR-DB). The SR-DB is a conceptual + database to illustrate the various pieces of information and their + sources that may help in SR Policy computation and validation. There + is no specific requirement for an implementation to create a new + database as such. + + An SR headend leverages the SR-DB to validate explicit candidate + paths and compute dynamic candidate paths. + + The information in the SR-DB may include: + + * IGP information (topology, IGP metrics based on IS-IS [RFC1195] + and OSPF [RFC2328] [RFC5340]) + * Segment Routing information (such as Segment Routing Global Block, + Segment Routing Local Block, Prefix-SIDs, Adj-SIDs, BGP Peering + SID, SRv6 SIDs) [RFC8402] [RFC8986] + * TE Link Attributes (such as TE metric, Shared Risk Link Groups, + attribute-flag, extended admin group) [RFC5305] [RFC3630] + [RFC5329] + * Extended TE Link attributes (such as latency, loss) [RFC8570] + [RFC7471] + * Inter-AS Topology information [RFC9086] + + The attached domain topology may be learned via protocol/mechanisms + such as IGP, Border Gateway Protocol - Link State (BGP-LS), or + NETCONF. + + A non-attached (remote) domain topology may be learned via protocol/ + mechanisms such as BGP-LS or NETCONF. + + In some use cases, the SR-DB may only contain the attached domain + topology while in others, the SR-DB may contain the topology of + multiple domains and in this case, it is multi-domain capable. + + The SR-DB may also contain the SR Policies instantiated in the + network. This can be collected via BGP-LS [BGP-LS-TE-POLICY] or PCEP + [RFC8231] (along with [PCEP-SR-POLICY-CP] and [PCEP-BSID-LABEL]). + This information allows to build an end-to-end policy on the basis of + intermediate SR policies (see Section 6 for further details). + + The SR-DB may also contain the Maximum SID Depth (MSD) capability of + nodes in the topology. This can be collected via IS-IS [RFC8491], + OSPF [RFC8476], BGP-LS [RFC8814], or PCEP [RFC8664]. + + The use of the SR-DB for path computation and for the validation of + optimization objective and constraints of paths is outside the scope + of this document. Some implementation aspects related to path + computation are covered in [SR-POLICY-CONSID]. + +4. Segment Types + + A segment list is an ordered set of segments represented as where S1 is the first segment. + + Based on the desired data plane, either the MPLS label stack or the + SRv6 Segment Routing Header [RFC8754] is built from the segment list. + However, the segment list itself can be specified using different + segment-descriptor types and the following are currently defined: + + Type A: SR-MPLS Label: + An MPLS label corresponding to any of the segment types defined + for SR-MPLS (as defined in [RFC8402] or other SR-MPLS + specifications) can be used. Additionally, special purpose + labels like explicit-null or in general any MPLS label MAY also + be used. For example, this type can be used to specify a label + representation that maps to an optical transport path on a + packet transport node. + Type B: SRv6 SID: + An IPv6 address corresponding to any of the SID behaviors for + SRv6 (as defined in [RFC8986] or other SRv6 specifications) can + be used. Optionally, the SRv6 SID behavior (as defined in + [RFC8986] or other SRv6 specifications) and structure (as + defined in [RFC8986]) MAY also be provided for the headend to + perform validation of the SID when using it for building the + segment list. + Type C: IPv4 Prefix with optional SR Algorithm: + In this case, the headend is required to resolve the specified + IPv4 Prefix Address to the SR-MPLS label corresponding to its + Prefix SID segment (as defined in [RFC8402]). The SR algorithm + (refer to Section 3.1.1 of [RFC8402]) to be used MAY also be + provided. + Type D: IPv6 Global Prefix with optional SR Algorithm for SR-MPLS: + In this case, the headend is required to resolve the specified + IPv6 Global Prefix Address to the SR-MPLS label corresponding + to its Prefix SID segment (as defined in [RFC8402]). The SR + Algorithm (refer to Section 3.1.1 of [RFC8402]) to be used MAY + also be provided. + Type E: IPv4 Prefix with Local Interface ID: + This type allows for identification of an Adjacency SID or BGP + Peer Adjacency SID (as defined in [RFC8402]) SR-MPLS label for + point-to-point links including IP unnumbered links. The + headend is required to resolve the specified IPv4 Prefix + Address to the node originating it and then use the Local + Interface ID to identify the point-to-point link whose + adjacency is being referred to. The Local Interface ID link + descriptor follows semantics as specified in [RFC5307]. This + type can also be used to indicate indirection into a layer 2 + interface (i.e., without IP address) like a representation of + an optical transport path or a layer 2 Ethernet port or circuit + at the specified node. + Type F: IPv4 Addresses for link endpoints as Local, Remote pair: + This type allows for identification of an Adjacency SID or BGP + Peer Adjacency SID (as defined in [RFC8402]) SR-MPLS label for + links. The headend is required to resolve the specified IPv4 + Local Address to the node originating it and then use the IPv4 + Remote Address to identify the link adjacency being referred + to. The Local and Remote Address pair link descriptors follow + semantics as specified in [RFC7752]. + Type G: IPv6 Prefix and Interface ID for link endpoints as Local, + Remote pair for SR-MPLS: + This type allows for identification of an Adjacency SID or BGP + Peer Adjacency SID (as defined in [RFC8402]) label for links + including those with only Link-Local IPv6 addresses. The + headend is required to resolve the specified IPv6 Prefix + Address to the node originating it and then use the Local + Interface ID to identify the point-to-point link whose + adjacency is being referred to. For other than point-to-point + links, additionally the specific adjacency over the link needs + to be resolved using the Remote Prefix and Interface ID. The + Local and Remote pair of Prefix and Interface ID link + descriptor follows semantics as specified in [RFC7752]. This + type can also be used to indicate indirection into a layer 2 + interface (i.e., without IP address) like a representation of + an optical transport path or a layer 2 Ethernet port or circuit + at the specified node. + Type H: IPv6 Addresses for link endpoints as Local, Remote pair + for SR-MPLS: + This type allows for identification of an Adjacency SID or BGP + Peer Adjacency SID (as defined in [RFC8402]) label for links + with Global IPv6 addresses. The headend is required to resolve + the specified Local IPv6 Address to the node originating it and + then use the Remote IPv6 Address to identify the link adjacency + being referred to. The Local and Remote Address pair link + descriptors follow semantics as specified in [RFC7752]. + Type I: IPv6 Global Prefix with optional SR Algorithm for SRv6: + The headend is required to resolve the specified IPv6 Global + Prefix Address to an SRv6 SID corresponding to a Prefix SID + segment (as defined in [RFC8402]), such as a SID associated + with the End behavior (as defined in [RFC8986]) of the node + that is originating the prefix. The SR Algorithm (refer to + Section 3.1.1 of [RFC8402]), the SRv6 SID behavior (as defined + in [RFC8986] or other SRv6 specifications), and structure (as + defined in [RFC8986]) MAY also be provided. + Type J: IPv6 Prefix and Interface ID for link endpoints as Local, + Remote pair for SRv6: + This type allows for identification of an SRv6 SID + corresponding to an Adjacency SID or BGP Peer Adjacency SID (as + defined in [RFC8402]), such as a SID associated with the End.X + behavior (as defined in [RFC8986]) associated with link or + adjacency with only Link-Local IPv6 addresses. The headend is + required to resolve the specified IPv6 Prefix Address to the + node originating it and then use the Local Interface ID to + identify the point-to-point link whose adjacency is being + referred to. For other than point-to-point links, additionally + the specific adjacency needs to be resolved using the Remote + Prefix and Interface ID. The Local and Remote pair of Prefix + and Interface ID link descriptor follows semantics as specified + in [RFC7752]. The SR Algorithm (refer to Section 3.1.1 of + [RFC8402]), the SRv6 SID behavior (as defined in [RFC8986] or + other SRv6 specifications), and structure (as defined in + [RFC8986]) MAY also be provided. + Type K: IPv6 Addresses for link endpoints as Local, Remote pair + for SRv6: + This type allows for identification of an SRv6 SID + corresponding to an Adjacency SID or BGP Peer Adjacency SID (as + defined in [RFC8402]), such as a SID associated with the End.X + behavior (as defined in [RFC8986]) associated with link or + adjacency with Global IPv6 addresses. The headend is required + to resolve the specified Local IPv6 Address to the node + originating it and then use the Remote IPv6 Address to identify + the link adjacency being referred to. The Local and Remote + Address pair link descriptors follow semantics as specified in + [RFC7752]. The SR Algorithm (refer to Section 3.1.1 of + [RFC8402]), the SRv6 SID behavior (as defined in [RFC8986] or + other SRv6 specifications), and structure (as defined in + [RFC8986]) MAY also be provided. + + When the algorithm is not specified for the SID types above which + optionally allow for it, the headend SHOULD use the Strict Shortest + Path algorithm if available and otherwise, it SHOULD use the default + Shortest Path algorithm. The specification of the algorithm enables + the use of SIDs specific to the IGP Flex Algorithm [IGP-FLEX-ALGO] in + SR Policy. + + For SID types C through K, a SID value MAY also be optionally + provided to the headend for verification purposes. Section 5.1 + describes the resolution and verification of the SIDs and segment + lists on the headend. + + When building the MPLS label stack or the SRv6 SID list from the + segment list, the node instantiating the policy MUST interpret the + set of Segments as follows: + + * The first Segment represents the topmost MPLS label or the first + SRv6 SID. It identifies the active segment the traffic will be + directed toward along the explicit SR path. + * The last segment represents the bottommost MPLS label or the last + SRv6 SID the traffic will be directed toward along the explicit SR + path. + +4.1. Explicit Null + + A Type A SID MAY be any MPLS label, including special purpose labels. + + For example, assuming that the desired traffic-engineered path from a + headend 1 to an endpoint 4 can be expressed by the segment list + <16002, 16003, 16004> where 16002, 16003, and 16004, respectively, + refer to the IPv4 Prefix SIDs bound to nodes 2, 3, and 4, then IPv6 + traffic can be traffic-engineered from nodes 1 to 4 via the + previously described path using an SR Policy with segment list + <16002, 16003, 16004, 2> where the MPLS label value of 2 represents + the "IPv6 Explicit NULL Label". + + The penultimate node before node 4 will pop 16004 and will forward + the frame on its directly connected interface to node 4. + + The endpoint receives the traffic with the top label "2", which + indicates that the payload is an IPv6 packet. + + When steering unlabeled IPv6 BGP destination traffic using an SR + Policy composed of segment list(s) based on IPv4 SIDs, the Explicit + Null Label Policy is processed as specified in [BGP-SR-POLICY]. When + an "IPv6 Explicit NULL label" is not present as the bottom label, the + headend SHOULD automatically impose one. Refer to Section 8 for more + details. + +5. Validity of a Candidate Path + +5.1. Explicit Candidate Path + + An explicit candidate path is associated with a segment list or a set + of segment lists. + + An explicit candidate path is provisioned by the operator directly or + via a controller. + + The computation/logic that leads to the choice of the segment list is + external to the SR Policy headend. The SR Policy headend does not + compute the segment list. The SR Policy headend only confirms its + validity. + + An explicit candidate path MAY consist of a single explicit segment + list containing only an implicit-null label to indicate pop-and- + forward behavior. The Binding SID (BSID) is popped and the traffic + is forwarded based on the inner label or an IP lookup in the case of + unlabeled IP packets. Such an explicit path can serve as a fallback + or path of last resort for traffic being steered into an SR Policy + using its BSID (refer to Section 8.3). + + A segment list of an explicit candidate path MUST be declared invalid + when any of the following is true: + + * It is empty. + * Its weight is 0. + * It comprises a mix of SR-MPLS and SRv6 segment types. + * The headend is unable to perform path resolution for the first SID + into one or more outgoing interface(s) and next-hop(s). + * The headend is unable to perform SID resolution for any non-first + SID of type C through K into an MPLS label or an SRv6 SID. + * The headend verification fails for any SID for which verification + has been explicitly requested. + + "Unable to perform path resolution" means that the headend has no + path to the SID in its SR database. + + SID verification is performed when the headend is explicitly + requested to verify SID(s) by the controller via the signaling + protocol used. Implementations MAY provide a local configuration + option to enable verification on a global or per-policy or per- + candidate path basis. + + "Verification fails" for a SID means any of the following: + + * The headend is unable to find the SID in its SR-DB + * The headend detects a mismatch between the SID value provided and + the SID value resolved by context provided for SIDs of type C + through K in its SR-DB. + * The headend is unable to perform SID resolution for any non-first + SID of type C through K into an MPLS label or an SRv6 SID. + + In multi-domain deployments, it is expected that the headend may be + unable to verify the reachability of the SIDs in remote domains. + Types A or B MUST be used for the SIDs for which the reachability + cannot be verified. Note that the first SID MUST always be reachable + regardless of its type. + + Additionally, a segment list MAY be declared invalid when both of the + conditions below are met : + + * Its last segment is not a Prefix SID (including BGP Peer Node-SID) + advertised by the node specified as the endpoint of the + corresponding SR Policy. + * Its last segment is not an Adjacency SID (including BGP Peer + Adjacency SID) of any of the links present on neighbor nodes and + that terminate on the node specified as the endpoint of the + corresponding SR Policy. + + An explicit candidate path is invalid as soon as it has no valid + segment list. + + Additionally, an explicit candidate path MAY be declared invalid when + its constituent segment lists (valid or invalid) are using segment + types of different SR data planes. + +5.2. Dynamic Candidate Path + + A dynamic candidate path is specified as an optimization objective + and a set of constraints. + + The headend of the policy leverages its SR database to compute a + segment list ("solution segment list") that solves this optimization + problem for either the SR-MPLS or the SRv6 data plane as specified. + + The headend re-computes the solution segment list any time the inputs + to the problem change (e.g., topology changes). + + When the local computation is not possible (e.g., a policy's tail end + is outside the topology known to the headend) or not desired, the + headend may rely on an external entity. For example, a path + computation request may be sent to a PCE supporting PCEP extensions + specified in [RFC8664]. + + If no solution is found to the optimization objective and + constraints, then the dynamic candidate path MUST be declared + invalid. + + [SR-POLICY-CONSID] discusses some of the optimization objectives and + constraints that may be considered by a dynamic candidate path. It + illustrates some of the desirable properties of the computation of + the solution segment list. + +5.3. Composite Candidate Path + + A composite candidate path is specified as a group of its constituent + SR Policies. + + A composite candidate path is valid when it has at least one valid + constituent SR Policy. + +6. Binding SID + + The Binding SID (BSID) is fundamental to Segment Routing [RFC8402]. + It provides scaling, network opacity, and service independence. + [SR-POLICY-CONSID] illustrates some of these benefits. This section + describes the association of BSID with an SR Policy. + +6.1. BSID of a Candidate Path + + Each candidate path MAY be defined with a BSID. + + Candidate paths of the same SR Policy SHOULD have the same BSID. + + Candidate paths of different SR Policies MUST NOT have the same BSID. + +6.2. BSID of an SR Policy + + The BSID of an SR Policy is the BSID of its active candidate path. + + When the active candidate path has a specified BSID, the SR Policy + uses that BSID if this value (label in MPLS, IPv6 address in SRv6) is + available. A BSID is available when its value is not associated with + any other usage, e.g., a label used by some other MPLS forwarding + entry or an SRv6 SID used in some other context (such as to another + segment, to another SR Policy, or that it is outside the range of + SRv6 Locators). + + In the case of SR-MPLS, SRv6 BSIDs (e.g., with the behavior End.BM + [RFC8986]) MAY be associated with the SR Policy in addition to the + MPLS BSID. In the case of SRv6, multiple SRv6 BSIDs (e.g., with + different behaviors like End.B6.Encaps and End.B6.Encaps.Red + [RFC8986]) MAY be associated with the SR Policy. + + Optionally, instead of only checking that the BSID of the active path + is available, a headend MAY check that it is available within the + given SID range i.e., Segment Routing Local Block (SRLB) as specified + in [RFC8402]. + + When the specified BSID is not available (optionally is not in the + SRLB), an alert message MUST be generated via mechanisms like syslog. + + In the cases (as described above) where SR Policy does not have a + BSID available, the SR Policy MAY dynamically bind a BSID to itself. + Dynamically bound BSIDs SHOULD use an available SID outside the SRLB. + + Assuming that at time t the BSID of the SR Policy is B1, if at time + t+dt a different candidate path becomes active and this new active + path does not have a specified BSID or its BSID is specified but is + not available (e.g., it is in use by something else), then the SR + Policy MAY keep the previous BSID B1. + + The association of an SR Policy with a BSID thus MAY change over the + life of the SR Policy (e.g., upon active path change). Hence, the + BSID SHOULD NOT be used as an identification of an SR Policy. + +6.2.1. Frequent Use Case : Unspecified BSID + + All the candidate paths of the same SR Policy can have an unspecified + BSID. + + In such a case, a BSID MAY be dynamically bound to the SR Policy as + soon as the first valid candidate path is received. That BSID is + kept through the life of the SR Policy and across changes of the + active candidate path. + +6.2.2. Frequent Use Case: All Specified to the Same BSID + + All the paths of the SR Policy can have the same specified BSID. + +6.2.3. Specified-BSID-only + + An implementation MAY support the configuration of the Specified- + BSID-only restrictive behavior on the headend for all SR Policies or + individual SR Policies. Further, this restrictive behavior MAY also + be signaled on a per-SR-Policy basis to the headend. + + When this restrictive behavior is enabled, if the candidate path has + an unspecified BSID or if the specified BSID is not available when + the candidate path becomes active, then no BSID is bound to it and + the candidate path is considered invalid. An alert MUST be triggered + for this error via mechanisms like syslog. Other candidate paths + MUST then be evaluated for becoming the active candidate path. + +6.3. Forwarding Plane + + A valid SR Policy results in the installation of a BSID-keyed entry + in the forwarding plane with the action of steering the packets + matching this entry to the selected path of the SR Policy. + + If the Specified-BSID-only restrictive behavior is enabled and the + BSID of the active path is not available (optionally not in the + SRLB), then the SR Policy does not install any entry indexed by a + BSID in the forwarding plane. + +6.4. Non-SR Usage of Binding SID + + An implementation MAY choose to associate a Binding SID with any type + of interface (e.g., a layer 3 termination of an Optical Circuit) or a + tunnel (e.g., IP tunnel, GRE tunnel, IP/UDP tunnel, MPLS RSVP-TE + tunnel, etc). This enables the use of other non-SR-enabled + interfaces and tunnels as segments in an SR Policy segment list + without the need of forming routing protocol adjacencies over them. + + The details of this kind of usage are beyond the scope of this + document. A specific packet-optical integration use case is + described in [POI-SR]. + +7. SR Policy State + + The SR Policy state is maintained on the headend to represent the + state of the policy and its candidate paths. This is to provide an + accurate representation of whether the SR Policy is being + instantiated in the forwarding plane and which of its candidate paths + and segment list(s) are active. The SR Policy state MUST also + reflect the reason when a policy and/or its candidate path is not + active due to validation errors or not being preferred. The + operational state information reported for SR Policies are specified + in [SR-POLICY-YANG]. + + The SR Policy state can be reported by the headend node via BGP-LS + [BGP-LS-TE-POLICY] or PCEP [RFC8231] [PCEP-BSID-LABEL]. + + SR Policy state on the headend also includes traffic accounting + information for the flows being steered via the policies. The + details of the SR Policy accounting are beyond the scope of this + document. The aspects related to the SR traffic counters and their + usage in the broader context of traffic accounting in an SR network + are covered in [SR-TRAFFIC-COUNTERS] and [SR-TRAFFIC-ACCOUNTING], + respectively. + + Implementations MAY support an administrative state to control + locally provisioned policies via mechanisms like command-line + interface (CLI) or NETCONF. + +8. Steering into an SR Policy + + A headend can steer a packet flow into a valid SR Policy in various + ways: + + * Incoming packets have an active SID matching a local BSID at the + headend. + * Per-Destination Steering: incoming packets match a BGP/Service + route, which recurses on an SR Policy. + * Per-Flow Steering: incoming packets match or recurse on a + forwarding array of which some of the entries are SR Policies. + * Policy-Based Steering: incoming packets match a routing policy + that directs them on an SR Policy. + +8.1. Validity of an SR Policy + + An SR Policy is invalid when all its candidate paths are invalid as + described in Sections 2.10 and 5. + + By default, upon transitioning to the invalid state, + + * an SR Policy and its BSID are removed from the forwarding plane. + * any steering of a service (Pseudowire (PW)), destination (BGP- + VPN), flow or packet on the related SR Policy is disabled and the + related service, destination, flow, or packet is routed per the + classic forwarding table (e.g., longest match to the destination + or the recursing next-hop). + +8.2. Drop-upon-Invalid SR Policy + + An SR Policy MAY be enabled for the Drop-Upon-Invalid behavior. This + would entail the following: + + * an invalid SR Policy and its BSID is kept in the forwarding plane + with an action to drop. + * any steering of a service (PW), destination (BGP-VPN), flow, or + packet on the related SR Policy is maintained with the action to + drop all of this traffic. + + The Drop-Upon-Invalid behavior has been deployed in use cases where + the operator wants some PW to only be transported on a path with + specific constraints. When these constraints are no longer met, the + operator wants the PW traffic to be dropped. Specifically, the + operator does not want the PW to be routed according to the IGP + shortest path to the PW endpoint. + +8.3. Incoming Active SID is a BSID + + Let us assume that headend H has a valid SR Policy P of segment list + and BSID B. + + In the case of SR-MPLS, when H receives a packet K with label stack + , H pops B and pushes and forwards the + resulting packet according to SID S1. + + | "Forwards the resulting packet according to SID S1" means: If + | S1 is an Adj-SID or a PHP-enabled prefix SID advertised by a + | neighbor, H sends the resulting packet with label stack on the outgoing interface associated with S1; Else, + | H sends the resulting packet with label stack along the path of S1. + + In the case of SRv6, the processing is similar and follows the SR + Policy headend behaviors as specified in Section 5 of [RFC8986]. + + H has steered the packet into the SR Policy P. + + H did not have to classify the packet. The classification was done + by a node upstream of H (e.g., the source of the packet or an + intermediate ingress edge node of the SR domain) and the result of + this classification was efficiently encoded in the packet header as a + BSID. + + This is another key benefit of the segment routing in general and the + binding SID in particular: the ability to encode a classification and + the resulting steering in the packet header to better scale and + simplify intermediate aggregation nodes. + + When Drop-Upon-Invalid (refer to Section 8.2) is not in use, for an + invalid SR Policy P, its BSID B is not in the forwarding plane and + hence, the packet K is dropped by H. + +8.4. Per-Destination Steering + + This section describes how a headend applies steering of flows + corresponding to BGP routes over SR Policy using the Color Extended + community [RFC9012]. + + In the case of SR-MPLS, let us assume that headend H: + + * learns a BGP route R/r via next-hop N, Color Extended community C, + and VPN label V. + * has a valid SR Policy P to (color = C, endpoint = N) of segment + list and BSID B. + * has a BGP policy that matches on the Color Extended community C + and allows its usage as SLA steering information. + + If all these conditions are met, H installs R/r in RIB/FIB with next- + hop = SR Policy P of BSID B instead of via N. + + Indeed, H's local BGP policy and the received BGP route indicate that + the headend should associate R/r with an SR Policy path to endpoint N + with the SLA associated with color C. The headend, therefore, + installs the BGP route on that policy. + + This can be implemented by using the BSID as a generalized next-hop + and installing the BGP route on that generalized next-hop. + + When H receives a packet K with a destination matching R/r, H pushes + the label stack and sends the resulting packet along + the path to S1. + + Note that any SID associated with the BGP route is inserted after the + segment list of the SR Policy (i.e., ). + + In the case of SRv6, the processing is similar and follows the SR + Policy headend behaviors as specified in Section 5 of [RFC8986]. + + The same behavior applies to any type of service route: any AFI/SAFI + of BGP [RFC4760] or the Locator/ID Separation Protocol (LISP) + [RFC6830] for both IPv4/IPv6. + + In a BGP multi-path scenario, the BGP route MAY be resolved over a + mix of paths that include those that are steered over SR Policies and + others resolved via the normal BGP next-hop resolution. + Implementations MAY provide options to prefer one type over the other + or other forms of local policy to determine the paths that are + selected. + +8.4.1. Multiple Colors + + When a BGP route has multiple Color Extended communities each with a + valid SR Policy, the BGP process installs the route on the SR Policy + giving preference to the Color Extended community with the highest + numerical value. + + Let us assume that headend H: + + * learns a BGP route R/r via next-hop N, Color Extended communities + C1 and C2. + * has a valid SR Policy P1 to (color = C1, endpoint = N) of segment + list and BSID B1. + * has a valid SR Policy P2 to (color = C2, endpoint = N) of segment + list and BSID B2. + * has a BGP policy that matches the Color Extended communities C1 + and C2 and allows their usage as SLA steering information + + If all these conditions are met, H installs R/r in RIB/FIB with next- + hop = SR Policy P2 of BSID=B2 (instead of N) because C2 > C1. + + When the SR Policy with a specific color is not instantiated or in + the down/inactive state, the SR Policy with the next highest + numerical value of color is considered. + +8.5. Recursion on an On-Demand Dynamic BSID + + In the previous section, it was assumed that H had a pre-established + "explicit" SR Policy (color C, endpoint N). + + In this section, independent of the a priori existence of any + explicit candidate path of the SR Policy (C, N), it is to be noted + that the BGP process at headend node H triggers the instantiation of + a dynamic candidate path for the SR Policy (C, N) as soon as: + + * the BGP process learns of a route R/r via N and with Color + Extended community C. + * a local policy at node H authorizes the on-demand SR Policy path + instantiation and maps the color to a dynamic SR Policy path + optimization template. + +8.5.1. Multiple Colors + + When a BGP route R/r via N has multiple Color Extended communities Ci + (with i=1 ... n), an individual on-demand SR Policy dynamic path + request (color Ci, endpoint N) is triggered for each color Ci. The + SR Policy that is used for steering is then determined as described + in Section 8.4.1. + +8.6. Per-Flow Steering + + This section provides an example of how a headend might apply per- + flow steering in practice. + + Let us assume that headend H: + + * has a valid SR Policy P1 to (color = C1, endpoint = N) of segment + list and BSID B1. + * has a valid SR Policy P2 to (color = C2, endpoint = N) of segment + list and BSID B2. + * is configured to instantiate an array of paths to N where the + entry 0 is the IGP path to N, color C1 is the first entry, and + color C2 is the second entry. The index into the array is called + a Forwarding Class (FC). The index can have values 0 to 7, + especially when derived from the MPLS TC bits [RFC5462]. + * is configured to match flows in its ingress interfaces (upon any + field such as Ethernet destination/source/VLAN/TOS or IP + destination/source/Differentiated Services Code Point (DSCP), or + transport ports etc.), and color them with an internal per-packet + forwarding-class variable (0, 1, or 2 in this example). + + If all these conditions are met, H installs in RIB/FIB: + + * N via recursion on an array A (instead of the immediate outgoing + link associated with the IGP shortest path to N). + * Entry A(0) set to the immediate outgoing link of the IGP shortest + path to N. + * Entry A(1) set to SR Policy P1 of BSID=B1. + * Entry A(2) set to SR Policy P2 of BSID=B2. + + H receives three packets K, K1, and K2 on its incoming interface. + These three packets either longest match on N or more likely on a + BGP/service route that recurses on N. H colors these 3 packets + respectively with forwarding-class 0, 1, and 2. + + As a result, for SR-MPLS: + + * H forwards K along the shortest path to N (i.e., pushes the + Prefix-SID of N). + * H pushes on packet K1 and forwards the resulting + frame along the shortest path to S1. + * H pushes on packet K2 and forwards the resulting + frame along the shortest path to S4. + + For SRv6, the processing is similar and the segment lists of the + individual SR Policies P1 and P2 are enforced for packets K1 and K2 + using the SR Policy headend behaviors as specified in Section 5 of + [RFC8986]. + + If the local configuration does not specify any explicit forwarding + information for an entry of the array, then this entry is filled with + the same information as entry 0 (i.e., the IGP shortest path). + + If the SR Policy mapped to an entry of the array becomes invalid, + then this entry is filled with the same information as entry 0. When + all the array entries have the same information as entry 0, the + forwarding entry for N is updated to bypass the array and point + directly to its outgoing interface and next-hop. + + The array index values (e.g., 0, 1, and 2) and the notion of + forwarding class are implementation specific and only meant to + describe the desired behavior. The same can be realized by other + mechanisms. + + This realizes per-flow steering: different flows bound to the same + BGP endpoint are steered on different IGP or SR Policy paths. + + A headend MAY support options to apply per-flow steering only for + traffic matching specific prefixes (e.g., specific IGP or BGP + prefixes). + +8.7. Policy-Based Routing + + Finally, headend H MAY be configured with a local routing policy that + overrides any BGP/IGP path and steers a specified packet on an SR + Policy. This includes the use of mechanisms like IGP Shortcut for + automatic routing of IGP prefixes over SR Policies intended for such + purpose. + +8.8. Optional Steering Modes for BGP Destinations + +8.8.1. Color-Only BGP Destination Steering + + In the previous section, it is seen that the steering on an SR Policy + is governed by the matching of the BGP route's next-hop N and the + authorized Color Extended community C with an SR Policy defined by + the tuple (N, C). + + This is the most likely form of BGP destination steering and the one + recommended for most use cases. + + This section defines an alternative steering mechanism based only on + the Color Extended community. + + Three types of steering modes are defined. + + For the default, Type 0, the BGP destination is steered as follows: + + IF there is a valid SR Policy (N, C) where N is the IPv4 or IPv6 + endpoint address and C is a color; + Steer into SR Policy (N, C); + ELSE; + Steer on the IGP path to the next-hop N. + + This is the classic case described in this document previously and + what is recommended in most scenarios. + + For Type 1, the BGP destination is steered as follows: + + IF there is a valid SR Policy (N, C) where N is the IPv4 or IPv6 + endpoint address and C is a color; + Steer into SR Policy (N, C); + ELSE IF there is a valid SR Policy (null endpoint, C) of the + same address-family of N; + Steer into SR Policy (null endpoint, C); + ELSE IF there is any valid SR Policy + (any address-family null endpoint, C); + Steer into SR Policy (any null endpoint, C); + ELSE; + Steer on the IGP path to the next-hop N. + + For Type 2, the BGP destination is steered as follows: + + IF there is a valid SR Policy (N, C) where N is an IPv4 or IPv6 + endpoint address and C is a color; + Steer into SR Policy (N, C); + ELSE IF there is a valid SR Policy (null endpoint, C) + of the same address-family of N; + Steer into SR Policy (null endpoint, C); + ELSE IF there is any valid SR Policy + (any address-family null endpoint, C); + Steer into SR Policy (any null endpoint, C); + ELSE IF there is any valid SR Policy (any endpoint, C) + of the same address-family of N; + Steer into SR Policy (any endpoint, C); + ELSE IF there is any valid SR Policy + (any address-family endpoint, C); + Steer into SR Policy (any address-family endpoint, C); + ELSE; + Steer on the IGP path to the next-hop N. + + The null endpoint is 0.0.0.0 for IPv4 and :: for IPv6 (all bits set + to the 0 value). + + Please refer to [BGP-SR-POLICY] for the updates to the BGP Color + Extended community for the implementation of these mechanisms. + +8.8.2. Multiple Colors and CO flags + + The steering preference is first based on the highest Color Extended + community value and then Color-Only steering type for the color. + Assuming a Prefix via (NH, C1(CO=01), C2(CO=01)); C1>C2. The + steering preference order is: + + * SR Policy (NH, C1). + * SR Policy (null, C1). + * SR Policy (NH, C2). + * SR Policy (null, C2). + * IGP to NH. + +8.8.3. Drop-upon-Invalid + + This document defined earlier that when all the following conditions + are met, H installs R/r in RIB/FIB with next-hop = SR Policy P of + BSID B instead of via N. + + * H learns a BGP route R/r via next-hop N, Color Extended community + C. + * H has a valid SR Policy P to (color = C, endpoint = N) of segment + list and BSID B. + * H has a BGP policy that matches the Color Extended community C and + allows its usage as SLA steering information. + + This behavior is extended by noting that the BGP Policy may require + the BGP steering to always stay on the SR Policy whatever its + validity. + + This is the "drop-upon-invalid" option described in Section 8.2 + applied to BGP-based steering. + +9. Recovering from Network Failures + +9.1. Leveraging TI-LFA Local Protection of the Constituent IGP Segments + + In any topology, Topology-Independent Loop-Free Alternate (TI-LFA) + [SR-TI-LFA] provides a 50 msec local protection technique for IGP + SIDs. The backup path is computed on a per-IGP-SID basis along the + post-convergence path. + + In a network that has deployed TI-LFA, an SR Policy built on the + basis of TI-LFA protected IGP segments leverages the local protection + of the constituent segments. Since TI-LFA protection is based on IGP + computation, there are cases where the path used during the fast- + reroute time window may not meet the exact constraints of the SR + Policy. + + In a network that has deployed TI-LFA, an SR Policy instantiated only + with non-protected Adj SIDs does not benefit from any local + protection. + +9.2. Using an SR Policy to Locally Protect a Link + + 1----2-----6----7 + | | | | + 4----3-----9----8 + + Figure 1: Local Protection Using SR Policy + + An SR Policy can be instantiated at node 2 to protect link 2-to-6. A + typical explicit segment list would be <3, 9, 6>. + + A typical use case occurs for links outside an IGP domain: e.g., 1, + 2, 3, and 4 are part of IGP/SR sub-domain 1 while 6, 7, 8, and 9 are + part of IGP/SR sub-domain 2. In such a case, links 2-to-6 and 3to9 + cannot benefit from TI-LFA automated local protection. The SR Policy + with segment list <3, 9, 6> on node 2 can be locally configured to be + a fast-reroute backup path for the link 2-to-6. + +9.3. Using a Candidate Path for Path Protection + + An SR Policy allows for multiple candidate paths, of which at any + point in time there is a single active candidate path that is + provisioned in the forwarding plane and used for traffic steering. + However, another (lower preference) candidate path MAY be designated + as the backup for a specific or all (active) candidate path(s). The + following options are possible: + + * A pair of disjoint candidate paths are provisioned with one of + them as primary and the other identified as its backup. + * A specific candidate path is provisioned as the backup for any + (active) candidate path. + * The headend picks the next (lower) preference valid candidate path + as the backup for the active candidate path. + + The headend MAY compute a priori and validate such backup candidate + paths as well as provision them into the forwarding plane as a backup + for the active path. The backup candidate path may be dynamically + computed or explicitly provisioned in such a way that they provide + the most appropriate alternative for the active candidate path. A + fast-reroute mechanism MAY then be used to trigger sub-50 msec + switchover from the active to the backup candidate path in the + forwarding plane. Mechanisms like Bidirectional Forwarding Detection + (BFD) MAY be used for fast detection of such failures. + +10. Security Considerations + + This document specifies in detail the SR Policy construct introduced + in [RFC8402] and its instantiation on a router supporting SR along + with descriptions of mechanisms for the steering of traffic flows + over it. Therefore, the security considerations of [RFC8402] apply. + The security consideration related to SR-MPLS [RFC8660] and SRv6 + [RFC8754] [RFC8986] also apply. + + The endpoint of the SR Policy, other than in the case of a null + endpoint, uniquely identifies the tail-end node of the segment routed + path. If an address that is used as an endpoint for an SR Policy is + advertised by more than one node due to a misconfiguration or + spoofing and the same is advertised via an IGP, the traffic steered + over the SR Policy may end up getting diverted to an undesired node + resulting in misrouting. Mechanisms for detection of duplicate + prefix advertisement can be used to identify and correct such + scenarios. The details of these mechanisms are outside the scope of + this document. + + Section 8 specifies mechanisms for the steering of traffic flows + corresponding to BGP routes over SR Policies matching the color value + signaled via the BGP Color Extended Community attached with the BGP + routes. Misconfiguration or error in setting of the Color Extended + Community with the BGP routes can result in the forwarding of packets + for those routes along undesired paths. + + In Sections 2.1 and 2.6, the document mentions that a symbolic name + MAY be signaled along with a candidate path for the SR Policy and for + the SR Policy Candidate Path, respectively. While the value of + symbolic names for display clarity is indisputable, as with any + unrestricted free-form text received from external parties, there can + be no absolute assurance that the information the text purports to + show is accurate or even truthful. For this reason, users of + implementations that display such information would be well advised + not to rely on it without question and to use the specific + identifiers of the SR Policy and SR Policy Candidate Path for + validation. Furthermore, implementations that display such + information might wish to display it in such a fashion as to + differentiate it from known-good information. (Such display + conventions are inherently implementation specific; one example might + be use of a distinguished text color or style for information that + should be treated with caution.) + + This document does not define any new protocol extensions and does + not introduce any further security considerations. + +11. Manageability Considerations + + This document specifies in detail the SR Policy construct introduced + in [RFC8402] and its instantiation on a router supporting SR along + with descriptions of mechanisms for the steering of traffic flows + over it. Therefore, the manageability considerations of [RFC8402] + apply. + + A YANG model for the configuration and operation of SR Policy has + been defined in [SR-POLICY-YANG]. + +12. IANA Considerations + + IANA has created a new subregistry called "Segment Types" under the + "Segment Routing" registry that was created by [RFC8986]. This + subregistry maintains the alphabetic identifiers for the segment + types (as specified in Section 4) that may be used within a segment + list of an SR Policy. The alphabetical identifiers run from A to Z + and may be extended on exhaustion with the identifiers AA to AZ, BA + to BZ, and so on, through ZZ. This subregistry follows the + Specification Required allocation policy as specified in [RFC8126]. + + The initial registrations for this subregistry are as follows: + + +=======+=============================================+===========+ + | Value | Description | Reference | + +=======+=============================================+===========+ + | A | SR-MPLS Label | RFC 9256 | + +-------+---------------------------------------------+-----------+ + | B | SRv6 SID | RFC 9256 | + +-------+---------------------------------------------+-----------+ + | C | IPv4 Prefix with optional SR Algorithm | RFC 9256 | + +-------+---------------------------------------------+-----------+ + | D | IPv6 Global Prefix with optional SR | RFC 9256 | + | | Algorithm for SR-MPLS | | + +-------+---------------------------------------------+-----------+ + | E | IPv4 Prefix with Local Interface ID | RFC 9256 | + +-------+---------------------------------------------+-----------+ + | F | IPv4 Addresses for link endpoints as Local, | RFC 9256 | + | | Remote pair | | + +-------+---------------------------------------------+-----------+ + | G | IPv6 Prefix and Interface ID for link | RFC 9256 | + | | endpoints as Local, Remote pair for SR-MPLS | | + +-------+---------------------------------------------+-----------+ + | H | IPv6 Addresses for link endpoints as Local, | RFC 9256 | + | | Remote pair for SR-MPLS | | + +-------+---------------------------------------------+-----------+ + | I | IPv6 Global Prefix with optional SR | RFC 9256 | + | | Algorithm for SRv6 | | + +-------+---------------------------------------------+-----------+ + | J | IPv6 Prefix and Interface ID for link | RFC 9256 | + | | endpoints as Local, Remote pair for SRv6 | | + +-------+---------------------------------------------+-----------+ + | K | IPv6 Addresses for link endpoints as Local, | RFC 9256 | + | | Remote pair for SRv6 | | + +-------+---------------------------------------------+-----------+ + + Table 2: Segment Types + +12.1. Guidance for Designated Experts + + The Designated Expert (DE) is expected to ascertain the existence of + suitable documentation (a specification) as described in [RFC8126] + and to verify that the document is permanently and publicly + available. The DE is also expected to check the clarity of purpose + and use of the requested assignment. Additionally, the DE must + verify that any request for one of these assignments has been made + available for review and comment within the IETF: the DE will post + the request to the SPRING Working Group mailing list (or a successor + mailing list designated by the IESG). If the request comes from + within the IETF, it should be documented in an Internet-Draft. + Lastly, the DE must ensure that any other request for a code point + does not conflict with work that is active or already published + within the IETF. + +13. References + +13.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and + S. Ray, "North-Bound Distribution of Link-State and + Traffic Engineering (TE) Information Using BGP", RFC 7752, + DOI 10.17487/RFC7752, March 2016, + . + + [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for + Writing an IANA Considerations Section in RFCs", BCP 26, + RFC 8126, DOI 10.17487/RFC8126, June 2017, + . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, . + + [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., + Decraene, B., Litkowski, S., and R. Shakir, "Segment + Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, + July 2018, . + + [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., + Decraene, B., Litkowski, S., and R. Shakir, "Segment + Routing with the MPLS Data Plane", RFC 8660, + DOI 10.17487/RFC8660, December 2019, + . + + [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., + Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header + (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, + . + + [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, + D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 + (SRv6) Network Programming", RFC 8986, + DOI 10.17487/RFC8986, February 2021, + . + + [RFC9012] Patel, K., Van de Velde, G., Sangli, S., and J. Scudder, + "The BGP Tunnel Encapsulation Attribute", RFC 9012, + DOI 10.17487/RFC9012, April 2021, + . + +13.2. Informative References + + [BGP-LS-TE-POLICY] + Previdi, S., Talaulikar, K., Ed., Dong, J., Ed., Chen, M., + Gredler, H., and J. Tantsura, "Distribution of Traffic + Engineering (TE) Policies and State using BGP-LS", Work in + Progress, Internet-Draft, draft-ietf-idr-te-lsp- + distribution-17, April 2022, + . + + [BGP-SR-POLICY] + Previdi, S., Filsfils, C., Talaulikar, K., Ed., Mattes, + P., Jain, D., and S. Lin, "Advertising Segment Routing + Policies in BGP", Work in Progress, Internet-Draft, draft- + ietf-idr-segment-routing-te-policy-18, June 2022, + . + + [IGP-FLEX-ALGO] + Psenak, P., Ed., Hegde, S., Filsfils, C., Talaulikar, K., + and A. Gulko, "IGP Flexible Algorithm", Work in Progress, + Internet-Draft, draft-ietf-lsr-flex-algo-20, May 2022, + . + + [PCEP-BSID-LABEL] + Sivabalan, S., Filsfils, C., Tantsura, J., Previdi, S., + and C. Li, Ed., "Carrying Binding Label/Segment Identifier + (SID) in PCE-based Networks.", Work in Progress, Internet- + Draft, draft-ietf-pce-binding-label-sid-15, March 2022, + . + + [PCEP-SR-POLICY-CP] + Koldychev, M., Sivabalan, S., Barth, C., Peng, S., and H. + Bidgoli, "PCEP extension to support Segment Routing Policy + Candidate Paths", Work in Progress, Internet-Draft, draft- + ietf-pce-segment-routing-policy-cp-07, 21 April 2022, + . + + [POI-SR] Anand, M., Bardhan, S., Subrahmaniam, R., Tantsura, J., + Mukhopadhyaya, U., and C. Filsfils, "Packet-Optical + Integration in Segment Routing", Work in Progress, + Internet-Draft, draft-anand-spring-poi-sr-08, 29 July + 2019, . + + [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, + RFC 20, DOI 10.17487/RFC0020, October 1969, + . + + [RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and + dual environments", RFC 1195, DOI 10.17487/RFC1195, + December 1990, . + + [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, + DOI 10.17487/RFC2328, April 1998, + . + + [RFC3630] Katz, D., Kompella, K., and D. Yeung, "Traffic Engineering + (TE) Extensions to OSPF Version 2", RFC 3630, + DOI 10.17487/RFC3630, September 2003, + . + + [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, + "Multiprotocol Extensions for BGP-4", RFC 4760, + DOI 10.17487/RFC4760, January 2007, + . + + [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic + Engineering", RFC 5305, DOI 10.17487/RFC5305, October + 2008, . + + [RFC5307] Kompella, K., Ed. and Y. Rekhter, Ed., "IS-IS Extensions + in Support of Generalized Multi-Protocol Label Switching + (GMPLS)", RFC 5307, DOI 10.17487/RFC5307, October 2008, + . + + [RFC5329] Ishiguro, K., Manral, V., Davey, A., and A. Lindem, Ed., + "Traffic Engineering Extensions to OSPF Version 3", + RFC 5329, DOI 10.17487/RFC5329, September 2008, + . + + [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF + for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, + . + + [RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching + (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic + Class" Field", RFC 5462, DOI 10.17487/RFC5462, February + 2009, . + + [RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The + Locator/ID Separation Protocol (LISP)", RFC 6830, + DOI 10.17487/RFC6830, January 2013, + . + + [RFC7471] Giacalone, S., Ward, D., Drake, J., Atlas, A., and S. + Previdi, "OSPF Traffic Engineering (TE) Metric + Extensions", RFC 7471, DOI 10.17487/RFC7471, March 2015, + . + + [RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path + Computation Element Communication Protocol (PCEP) + Extensions for Stateful PCE", RFC 8231, + DOI 10.17487/RFC8231, September 2017, + . + + [RFC8476] Tantsura, J., Chunduri, U., Aldrin, S., and P. Psenak, + "Signaling Maximum SID Depth (MSD) Using OSPF", RFC 8476, + DOI 10.17487/RFC8476, December 2018, + . + + [RFC8491] Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg, + "Signaling Maximum SID Depth (MSD) Using IS-IS", RFC 8491, + DOI 10.17487/RFC8491, November 2018, + . + + [RFC8570] Ginsberg, L., Ed., Previdi, S., Ed., Giacalone, S., Ward, + D., Drake, J., and Q. Wu, "IS-IS Traffic Engineering (TE) + Metric Extensions", RFC 8570, DOI 10.17487/RFC8570, March + 2019, . + + [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., + and J. Hardwick, "Path Computation Element Communication + Protocol (PCEP) Extensions for Segment Routing", RFC 8664, + DOI 10.17487/RFC8664, December 2019, + . + + [RFC8814] Tantsura, J., Chunduri, U., Talaulikar, K., Mirsky, G., + and N. Triantafillis, "Signaling Maximum SID Depth (MSD) + Using the Border Gateway Protocol - Link State", RFC 8814, + DOI 10.17487/RFC8814, August 2020, + . + + [RFC9086] Previdi, S., Talaulikar, K., Ed., Filsfils, C., Patel, K., + Ray, S., and J. Dong, "Border Gateway Protocol - Link + State (BGP-LS) Extensions for Segment Routing BGP Egress + Peer Engineering", RFC 9086, DOI 10.17487/RFC9086, August + 2021, . + + [SR-POLICY-CONSID] + Filsfils, C., Talaulikar, K., Ed., Krol, P., Horneffer, + M., and P. Mattes, "SR Policy Implementation and + Deployment Considerations", Work in Progress, Internet- + Draft, draft-filsfils-spring-sr-policy-considerations-09, + 24 April 2022, . + + [SR-POLICY-YANG] + Raza, K., Ed., Sawaya, S., Shunwan, Z., Voyer, D., + Durrani, M., Matsushima, S., and V. Beeram, "YANG Data + Model for Segment Routing Policy", Work in Progress, + Internet-Draft, draft-ietf-spring-sr-policy-yang-01, April + 2021, . + + [SR-TI-LFA] + Litkowski, S., Bashandy, A., Filsfils, C., Francois, P., + Decraene, B., and D. Voyer, "Topology Independent Fast + Reroute using Segment Routing", Work in Progress, + Internet-Draft, draft-ietf-rtgwg-segment-routing-ti-lfa- + 08, 21 January 2022, + . + + [SR-TRAFFIC-ACCOUNTING] + Ali, Z., Filsfils, C., Talaulikar, K., Sivabalan, S., + Horneffer, M., Raszuk, R., Litkowski, S., Voyer, D., + Morton, R., and G. Dawra, "Traffic Accounting in Segment + Routing Networks", Work in Progress, Internet-Draft, + draft-ali-spring-sr-traffic-accounting-07, May 2022, + . + + [SR-TRAFFIC-COUNTERS] + Filsfils, C., Ali, Z., Ed., Horneffer, M., Voyer, D., + Durrani, M., and R. Raszuk, "Segment Routing Traffic + Accounting Counters", Work in Progress, Internet-Draft, + draft-filsfils-spring-sr-traffic-counters-02, October + 2021, . + +Acknowledgement + + The authors would like to thank Tarek Saad, Dhanendra Jain, Ruediger + Geib, Rob Shakir, Cheng Li, Dhruv Dhody, Gyan Mishra, Nandan Saha, + Jim Guichard, Martin Vigoureux, Benjamin Schwartz, David Schinazi, + Matthew Bocci, Cullen Jennings, and Carlos J. Bernardos for their + review, comments, and suggestions. + +Contributors + + The following people have contributed to this document: + + Siva Sivabalan + Cisco Systems + Email: msiva@cisco.com + + + Zafar Ali + Cisco Systems + Email: zali@cisco.com + + + Jose Liste + Cisco Systems + Email: jliste@cisco.com + + + Francois Clad + Cisco Systems + Email: fclad@cisco.com + + + Kamran Raza + Cisco Systems + Email: skraza@cisco.com + + + Mike Koldychev + Cisco Systems + Email: mkoldych@cisco.com + + + Shraddha Hegde + Juniper Networks + Email: shraddha@juniper.net + + + Steven Lin + Google, Inc. + Email: stevenlin@google.com + + + Przemyslaw Krol + Google, Inc. + Email: pkrol@google.com + + + Martin Horneffer + Deutsche Telekom + Email: martin.horneffer@telekom.de + + + Dirk Steinberg + Steinberg Consulting + Email: dws@steinbergnet.net + + + Bruno Decraene + Orange Business Services + Email: bruno.decraene@orange.com + + + Stephane Litkowski + Orange Business Services + Email: stephane.litkowski@orange.com + + + Luay Jalil + Verizon + Email: luay.jalil@verizon.com + + +Authors' Addresses + + Clarence Filsfils + Cisco Systems, Inc. + Pegasus Parc + De kleetlaan 6a + 1831 Diegem + Belgium + Email: cfilsfil@cisco.com + + + Ketan Talaulikar (editor) + Cisco Systems, Inc. + India + Email: ketant.ietf@gmail.com + + + Daniel Voyer + Bell Canada + 671 de la gauchetiere W + Montreal Quebec H3B 2M8 + Canada + Email: daniel.voyer@bell.ca + + + Alex Bogdanov + British Telecom + Email: alex.bogdanov@bt.com + + + Paul Mattes + Microsoft + One Microsoft Way + Redmond, WA 98052-6399 + United States of America + Email: pamattes@microsoft.com -- cgit v1.2.3