draft-ietf-bess-datacenter-gateway-07.txt   draft-ietf-bess-datacenter-gateway-08.txt 
BESS Working Group A. Farrel BESS Working Group A. Farrel
Internet-Draft Old Dog Consulting Internet-Draft Old Dog Consulting
Intended status: Standards Track J. Drake Intended status: Standards Track J. Drake
Expires: December 6, 2020 E. Rosen Expires: February 13, 2021 E. Rosen
Juniper Networks Juniper Networks
K. Patel K. Patel
Arrcus, Inc. Arrcus, Inc.
L. Jalil L. Jalil
Verizon Verizon
June 4, 2020 August 12, 2020
Gateway Auto-Discovery and Route Advertisement for Segment Routing Gateway Auto-Discovery and Route Advertisement for Segment Routing
Enabled Domain Interconnection Enabled Domain Interconnection
draft-ietf-bess-datacenter-gateway-07 draft-ietf-bess-datacenter-gateway-08
Abstract Abstract
Data centers are critical components of the infrastructure used by Data centers are critical components of the infrastructure used by
network operators to provide services to their customers. Data network operators to provide services to their customers. Data
centers are attached to the Internet or a backbone network by gateway centers are attached to the Internet or a backbone network by gateway
routers. One data center typically has more than one gateway for routers. One data center typically has more than one gateway for
commercial, load balancing, and resiliency reasons. commercial, load balancing, and resiliency reasons.
Segment Routing is a protocol mechanism that can be used within a Segment Routing is a protocol mechanism that can be used within a
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 6, 2020. This Internet-Draft will expire on February 13, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 40 skipping to change at page 2, line 40
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5
3. SR Domain Gateway Auto-Discovery . . . . . . . . . . . . . . 5 3. SR Domain Gateway Auto-Discovery . . . . . . . . . . . . . . 5
4. Relationship to BGP Link State and Egress Peer Engineering . 7 4. Relationship to BGP Link State and Egress Peer Engineering . 7
5. Advertising an SR Domain Route Externally . . . . . . . . . . 7 5. Advertising an SR Domain Route Externally . . . . . . . . . . 7
6. Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
7.1. Tunnel Encapsulation Tunnel Type . . . . . . . . . . . . 7 7.1. Tunnel Encapsulation Tunnel Type . . . . . . . . . . . . 8
7.2. Tunnel Encapsulation Sub-TLVs . . . . . . . . . . . . . . 8 7.2. Tunnel Encapsulation Sub-TLVs . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. Manageability Considerations . . . . . . . . . . . . . . . . 9 9. Manageability Considerations . . . . . . . . . . . . . . . . 9
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 9.1. Relationship to Route Target Constraint . . . . . . . . . 10
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
11.1. Normative References . . . . . . . . . . . . . . . . . . 10 11.1. Normative References . . . . . . . . . . . . . . . . . . 10
11.2. Informative References . . . . . . . . . . . . . . . . . 10 11.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
Data centers (DCs) are critical components of the infrastructure used Data centers (DCs) are critical components of the infrastructure used
by network operators to provide services to their customers. DCs are by network operators to provide services to their customers. DCs are
attached to the Internet or a backbone network by gateway routers attached to the Internet or a backbone network by gateway routers
(GWs). One DC typically has more than one GW for various reasons (GWs). One DC typically has more than one GW for various reasons
including commercial preferences, load balancing, and resiliency including commercial preferences, load balancing, and resiliency
against connection of device failure. against connection of device failure.
skipping to change at page 3, line 28 skipping to change at page 3, line 28
needs to know the complete set of entry nodes (i.e., GWs) for that needs to know the complete set of entry nodes (i.e., GWs) for that
egress DC from the backbone network connecting the two DCs. Note egress DC from the backbone network connecting the two DCs. Note
that it is assumed that the connected set of DCs and the backbone that it is assumed that the connected set of DCs and the backbone
network connecting them are part of the same SR BGP Link State (LS) network connecting them are part of the same SR BGP Link State (LS)
instance ([RFC7752] and [I-D.ietf-idr-bgpls-segment-routing-epe]) so instance ([RFC7752] and [I-D.ietf-idr-bgpls-segment-routing-epe]) so
that traffic engineering using SR may be used for these flows. that traffic engineering using SR may be used for these flows.
SR may also be operated in other domains, such as access networks. SR may also be operated in other domains, such as access networks.
Those domains also need to be connected across backbone networks Those domains also need to be connected across backbone networks
through gateways. For illustrative purposes, consider the Ingress through gateways. For illustrative purposes, consider the Ingress
and Egress SR Domains shown in Figure 1 as spearate ASes. and Egress SR Domains shown in Figure 1 as spearate ASes. The
various ASes that provide connectivity between the Ingress and Egress
Domains could each be constructed differently and use different
technologies such as IP, MPLS with global table routing native BGP to
the edge, MPLS IP VPN, SR-MPLS IP VPN, or SRv6 IP VPN.
Suppose that there are two gateways, GW1 and GW2 as shown in Suppose that there are two gateways, GW1 and GW2 as shown in
Figure 1, for a given egress SR domain and that they each advertise a Figure 1, for a given egress SR domain and that they each advertise a
route to prefix X which is located within the egress SR domain with route to prefix X which is located within the egress SR domain with
each setting itself as next hop. One might think that the GWs for X each setting itself as next hop. One might think that the GWs for X
could be inferred from the routes' next hop fields, but typically it could be inferred from the routes' next hop fields, but typically it
is not the case that both routes get distributed across the backbone: is not the case that both routes get distributed across the backbone:
rather only the best route, as selected by BGP, is distributed. This rather only the best route, as selected by BGP, is distributed. This
precludes load balancing flows across both GWs. precludes load balancing flows across both GWs.
skipping to change at page 6, line 22 skipping to change at page 6, line 22
import each other's routes and will learn (auto-discover) the import each other's routes and will learn (auto-discover) the
current set of active GWs for the SR domain. current set of active GWs for the SR domain.
The auto-discovery route that each GW advertises consists of the The auto-discovery route that each GW advertises consists of the
following: following:
o An IPv4 or IPv6 NLRI containing one of the GW's loopback addresses o An IPv4 or IPv6 NLRI containing one of the GW's loopback addresses
(that is, with an AFI/SAFI pair that is one of 1/1, 2/1, 1/4, or (that is, with an AFI/SAFI pair that is one of 1/1, 2/1, 1/4, or
2/4). 2/4).
o A Tunnel Encapsulation attribute containing the GW's encapsulation o A Tunnel Encapsulation attribute [I-D.ietf-idr-tunnel-encaps]
information, which at a minimum consists of an SR Tunnel TLV (type containing the GW's encapsulation information, which at a minimum
TBD1 to be allocated by IANA) with a Remote Endpoint sub-TLV as consists of an SR Tunnel TLV (type TBD1 to be allocated by IANA)
specified in [I-D.ietf-idr-tunnel-encaps]. with a Remote Endpoint sub-TLV as specified in
[I-D.ietf-idr-tunnel-encaps].
To avoid the side effect of applying the Tunnel Encapsulation To avoid the side effect of applying the Tunnel Encapsulation
attribute to any packet that is addressed to the GW itself, the GW attribute to any packet that is addressed to the GW itself, the GW
SHOULD use a different loopback address for the two cases. SHOULD use a different loopback address for the two cases.
As described in Section 1, each GW will include a Tunnel As described in Section 1, each GW will include a Tunnel
Encapsulation attribute for each GW that is active for the SR domain Encapsulation attribute for each GW that is active for the SR domain
(including itself), and will include these in every route advertised (including itself), and will include these in every route advertised
externally to the SR domain by each GW. As the current set of active externally to the SR domain by each GW. As the current set of active
GWs changes (due to the addition of a new GW or the failure/removal GWs changes (due to the addition of a new GW or the failure/removal
skipping to change at page 7, line 5 skipping to change at page 6, line 50
If a gateway becomes disconnected from the backbone network, or if If a gateway becomes disconnected from the backbone network, or if
the SR domain operator decides to terminate the gateway's activity, the SR domain operator decides to terminate the gateway's activity,
it withdraws the advertisements described above. This means that it withdraws the advertisements described above. This means that
remote gateways at other sites will stop seeing advertisements from remote gateways at other sites will stop seeing advertisements from
this gateway. It also means that other local gateways at this site this gateway. It also means that other local gateways at this site
will "unlearn" the removed gateway and stop including a Tunnel will "unlearn" the removed gateway and stop including a Tunnel
Encapsulation attribute for the removed gateway in their Encapsulation attribute for the removed gateway in their
advertisements. advertisements.
Note that if a GW is (mis)configured with a different SR domain
identifier from the other GWs to the same domain then it will not be
auto-discovered by the other GWs (and will not auto-discover the
other GWs). This would result in the in a receiver just getting the
best route with only the advertising node's tunnel encapsulation
information.
4. Relationship to BGP Link State and Egress Peer Engineering 4. Relationship to BGP Link State and Egress Peer Engineering
When a remote GW receives a route to a prefix X it can use the SR When a remote GW receives a route to a prefix X it can use the SR
tunnel instances within the contained Tunnel Encapsulation attribute tunnel instances within the contained Tunnel Encapsulation attribute
to identify the GWs through which X can be reached. It uses this to identify the GWs through which X can be reached. It uses this
information to compute SR Traffic Engineering (SR TE) paths across information to compute SR Traffic Engineering (SR TE) paths across
the backbone network looking at the information advertised to it in the backbone network looking at the information advertised to it in
SR BGP Link State (BGP-LS) [I-D.ietf-idr-bgp-ls-segment-routing-ext] SR BGP Link State (BGP-LS) [I-D.ietf-idr-bgp-ls-segment-routing-ext]
and correlated using the SR domain identity. SR Egress Peer and correlated using the SR domain identity. SR Egress Peer
Engineering (EPE) [I-D.ietf-idr-bgpls-segment-routing-epe] can be Engineering (EPE) [I-D.ietf-idr-bgpls-segment-routing-epe] can be
used to supplement the information advertised in BGP-LS. used to supplement the information advertised in BGP-LS.
5. Advertising an SR Domain Route Externally 5. Advertising an SR Domain Route Externally
When a packet destined for prefix X is sent on an SR TE path to a GW When a packet destined for prefix X is sent on an SR TE path to a GW
for the SR domain containing X, it needs to carry the receiving GW's for the SR domain containing X (that is, the packet is sent in the
label for X such that this label rises to the top of the stack before Ingress Domain on an SR TE path that describes the path including
the GW completes its processing of the packet. To achieve this we within the Egress Domain), it needs to carry the receiving GW's label
place a Prefix SID sub-TLV [I-D.ietf-idr-tunnel-encaps] for X in each for X such that this label rises to the top of the stack before the
SR tunnel instance in the Tunnel Encapsulation attribute in the GW completes its processing of the packet. To achieve this we place
a Prefix SID sub-TLV [I-D.ietf-idr-tunnel-encaps] for X in each SR
tunnel instance in the Tunnel Encapsulation attribute in the
externally advertised route for X. externally advertised route for X.
Alternatively, if the GWs for a given SR domain are configured to Alternatively, if the GWs for a given SR domain are configured to
allow remote GWs to perform SR TE through that SR domain for a prefix allow remote GWs to perform SR TE through that SR domain for a prefix
X, then each GW computes an SR TE path through that SR domain to X X, then each GW computes an SR TE path through that SR domain to X
from each of the currently active GWs, and places each in an MPLS from each of the currently active GWs, and places each in an MPLS
label stack sub-TLV [I-D.ietf-idr-tunnel-encaps] in the SR tunnel label stack sub-TLV [I-D.ietf-idr-tunnel-encaps] in the SR tunnel
instance for that GW. instance for that GW.
Please refer to Section 7 of
[I-D.farrel-spring-sr-domain-interconnect] for worked examples of how
the label stack is consructed in this case, and how the
advertisements would work.
6. Encapsulation 6. Encapsulation
If the GWs for a given SR domain are configured to allow remote GWs If the GWs for a given SR domain are configured to allow remote GWs
to send them a packet in that SR domain's native encapsulation, then to send them a packet in that SR domain's native encapsulation, then
each GW will also include multiple instances of a tunnel TLV for that each GW will also include multiple instances of a tunnel TLV for that
native encapsulation in externally advertised routes: one for each GW native encapsulation in externally advertised routes: one for each GW
and each containing a remote endpoint sub-TLV with that GW's address. and each containing a remote endpoint sub-TLV with that GW's address.
A remote GW may then encapsulate a packet according to the rules A remote GW may then encapsulate a packet according to the rules
defined via the sub-TLVs included in each of the tunnel TLV defined via the sub-TLVs included in each of the tunnel TLV
instances. instances.
skipping to change at page 9, line 44 skipping to change at page 10, line 9
The principal configuration item added by this solution is the The principal configuration item added by this solution is the
allocation of an SR domain identifier. The same identifier MUST be allocation of an SR domain identifier. The same identifier MUST be
assigned to every GW to the same domain, and each domain MUST have a assigned to every GW to the same domain, and each domain MUST have a
different identifier. This requires coordination, probably through a different identifier. This requires coordination, probably through a
central management agent. central management agent.
It should be noted that BGP peerings are not discovered, but always It should be noted that BGP peerings are not discovered, but always
arise from explicit configuration. This is no different from any arise from explicit configuration. This is no different from any
other BGP operation. other BGP operation.
9.1. Relationship to Route Target Constraint
In order to limit the VPN routing information that is maintained at a
given route reflector, [RFC4364] suggests the use of "Cooperative
Route Filtering" [RFC5291] between route reflectors. [RFC4684]
defines an exension to that mechanism to include support for multiple
autonomous systems and asymmetric VPN topologies such as hub-and-
spoke. The mechanism in RFC 4684 is known as Route Target Constraint
(RTC).
An operator would not normally configure RTC by default for any AFI/
SAFI combination, and would only enable it after careful
consideration. When using the mechanisms defined in this document,
the operator should consider carefully the effects of filtering
routes. In some cases this may be desirable, and in others it could
limit the effectiveness of the procedures.
10. Acknowledgements 10. Acknowledgements
Thanks to Bruno Rijsman, Stephane Litkowsji, and Boris Hassanov for Thanks to Bruno Rijsman, Stephane Litkowsji, Boris Hassanov, Linda
review comments, and to Robert Raszuk for useful discussions. Dunbar, Ravi Singh, and Gyan Mishra for review comments, and to
Robert Raszuk for useful discussions.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-idr-bgpls-segment-routing-epe] [I-D.ietf-idr-bgpls-segment-routing-epe]
Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray, Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray,
S., and J. Dong, "BGP-LS extensions for Segment Routing S., and J. Dong, "BGP-LS extensions for Segment Routing
BGP Egress Peer Engineering", draft-ietf-idr-bgpls- BGP Egress Peer Engineering", draft-ietf-idr-bgpls-
segment-routing-epe-19 (work in progress), May 2019. segment-routing-epe-19 (work in progress), May 2019.
[I-D.ietf-idr-tunnel-encaps] [I-D.ietf-idr-tunnel-encaps]
Patel, K., Velde, G., and S. Ramachandra, "The BGP Tunnel Patel, K., Velde, G., Sangli, S., and J. Scudder, "The BGP
Encapsulation Attribute", draft-ietf-idr-tunnel-encaps-15 Tunnel Encapsulation Attribute", draft-ietf-idr-tunnel-
(work in progress), December 2019. encaps-17 (work in progress), July 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>. <https://www.rfc-editor.org/info/rfc4271>.
skipping to change at page 11, line 25 skipping to change at page 12, line 5
(work in progress), June 2019. (work in progress), June 2019.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis",
RFC 4272, DOI 10.17487/RFC4272, January 2006, RFC 4272, DOI 10.17487/RFC4272, January 2006,
<https://www.rfc-editor.org/info/rfc4272>. <https://www.rfc-editor.org/info/rfc4272>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk,
R., Patel, K., and J. Guichard, "Constrained Route
Distribution for Border Gateway Protocol/MultiProtocol
Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual
Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684,
November 2006, <https://www.rfc-editor.org/info/rfc4684>.
[RFC5291] Chen, E. and Y. Rekhter, "Outbound Route Filtering
Capability for BGP-4", RFC 5291, DOI 10.17487/RFC5291,
August 2008, <https://www.rfc-editor.org/info/rfc5291>.
[RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of
BGP, LDP, PCEP, and MSDP Issues According to the Keying BGP, LDP, PCEP, and MSDP Issues According to the Keying
and Authentication for Routing Protocols (KARP) Design and Authentication for Routing Protocols (KARP) Design
Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013,
<https://www.rfc-editor.org/info/rfc6952>. <https://www.rfc-editor.org/info/rfc6952>.
[RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder, [RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder,
"Advertisement of Multiple Paths in BGP", RFC 7911, "Advertisement of Multiple Paths in BGP", RFC 7911,
DOI 10.17487/RFC7911, July 2016, DOI 10.17487/RFC7911, July 2016,
<https://www.rfc-editor.org/info/rfc7911>. <https://www.rfc-editor.org/info/rfc7911>.
 End of changes. 16 change blocks. 
23 lines changed or deleted 72 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/