draft-ietf-bess-srv6-services-02.txt   draft-ietf-bess-srv6-services-03.txt 
BESS Working Group G. Dawra, Ed. BESS Working Group G. Dawra, Ed.
Internet-Draft LinkedIn Internet-Draft LinkedIn
Intended status: Standards Track C. Filsfils Intended status: Standards Track C. Filsfils
Expires: August 30, 2020 Cisco Systems Expires: January 12, 2021 Cisco Systems
R. Raszuk R. Raszuk
Bloomberg LP Bloomberg LP
B. Decraene B. Decraene
Orange Orange
S. Zhuang S. Zhuang
Huawei Technologies Huawei Technologies
J. Rabadan J. Rabadan
Nokia Nokia
February 27, 2020 July 11, 2020
SRv6 BGP based Overlay services SRv6 BGP based Overlay services
draft-ietf-bess-srv6-services-02 draft-ietf-bess-srv6-services-03
Abstract Abstract
This draft defines procedures and messages for SRv6-based BGP This draft defines procedures and messages for SRv6-based BGP
services including L3VPN, EVPN and Internet services. It builds on services including L3VPN, EVPN and Internet services. It builds on
RFC4364 "BGP/MPLS IP Virtual Private Networks (VPNs)" and RFC7432 RFC4364 "BGP/MPLS IP Virtual Private Networks (VPNs)" and RFC7432
"BGP MPLS-Based Ethernet VPN". "BGP MPLS-Based Ethernet VPN".
Status of This Memo Status of This Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 30, 2020. This Internet-Draft will expire on January 12, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. SRv6 Services TLVs . . . . . . . . . . . . . . . . . . . . . 4 2. SRv6 Services TLVs . . . . . . . . . . . . . . . . . . . . . 4
3. SRv6 Service Sub-TLVs . . . . . . . . . . . . . . . . . . . . 5 3. SRv6 Service Sub-TLVs . . . . . . . . . . . . . . . . . . . . 5
3.1. SRv6 SID Information Sub-TLV . . . . . . . . . . . . . . 6 3.1. SRv6 SID Information Sub-TLV . . . . . . . . . . . . . . 6
3.2. SRv6 Service Data Sub-Sub-TLVs . . . . . . . . . . . . . 7 3.2. SRv6 Service Data Sub-Sub-TLVs . . . . . . . . . . . . . 7
3.2.1. SRv6 SID Structure Sub-Sub-TLV . . . . . . . . . . . 7 3.2.1. SRv6 SID Structure Sub-Sub-TLV . . . . . . . . . . . 7
4. Encoding SRv6 SID information . . . . . . . . . . . . . . . . 9 4. Encoding SRv6 SID information . . . . . . . . . . . . . . . . 9
5. BGP based L3 service over SRv6 . . . . . . . . . . . . . . . 10 5. BGP based L3 service over SRv6 . . . . . . . . . . . . . . . 10
5.1. IPv4 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 11 5.1. IPv4 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 11
5.2. IPv6 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 11 5.2. IPv6 VPN Over SRv6 Core . . . . . . . . . . . . . . . . . 12
5.3. Global IPv4 over SRv6 Core . . . . . . . . . . . . . . . 12 5.3. Global IPv4 over SRv6 Core . . . . . . . . . . . . . . . 12
5.4. Global IPv6 over SRv6 Core . . . . . . . . . . . . . . . 12 5.4. Global IPv6 over SRv6 Core . . . . . . . . . . . . . . . 12
6. BGP based Ethernet VPN (EVPN) over SRv6 . . . . . . . . . . . 12 6. BGP based Ethernet VPN (EVPN) over SRv6 . . . . . . . . . . . 12
6.1. Ethernet Auto-discovery route over SRv6 Core . . . . . . 13 6.1. Ethernet Auto-discovery route over SRv6 Core . . . . . . 13
6.1.1. Per-ES A-D route . . . . . . . . . . . . . . . . . . 13 6.1.1. Per-ES A-D route . . . . . . . . . . . . . . . . . . 14
6.1.2. Per-EVI A-D route . . . . . . . . . . . . . . . . . . 14 6.1.2. Per-EVI A-D route . . . . . . . . . . . . . . . . . . 14
6.2. MAC/IP Advertisement route over SRv6 Core . . . . . . . . 14 6.2. MAC/IP Advertisement route over SRv6 Core . . . . . . . . 14
6.2.1. MAC/IP Advertisement route with MAC Only . . . . . . 15 6.2.1. MAC/IP Advertisement route with MAC Only . . . . . . 15
6.2.2. MAC/IP Advertisement route with MAC+IP . . . . . . . 16 6.2.2. MAC/IP Advertisement route with MAC+IP . . . . . . . 16
6.3. Inclusive Multicast Ethernet Tag Route over SRv6 Core . . 16 6.3. Inclusive Multicast Ethernet Tag Route over SRv6 Core . . 16
6.4. Ethernet Segment route over SRv6 Core . . . . . . . . . . 18 6.4. Ethernet Segment route over SRv6 Core . . . . . . . . . . 18
6.5. IP prefix route over SRv6 Core . . . . . . . . . . . . . 18 6.5. IP prefix route over SRv6 Core . . . . . . . . . . . . . 18
6.6. EVPN multicast routes (Route Types 6, 7, 8) over SRv6 6.6. EVPN multicast routes (Route Types 6, 7, 8) over SRv6
core . . . . . . . . . . . . . . . . . . . . . . . . . . 19 core . . . . . . . . . . . . . . . . . . . . . . . . . . 19
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 19 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 19
8. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 19 8. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 19
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
9.1. BGP Prefix-SID TLV Types registry . . . . . . . . . . . . 20 9.1. BGP Prefix-SID TLV Types registry . . . . . . . . . . . . 20
9.2. SRv6 Service Sub-TLV Types registry . . . . . . . . . . . 21 9.2. SRv6 Service Sub-TLV Types registry . . . . . . . . . . . 21
9.3. SRv6 Service Data Sub-Sub-TLV Types registry . . . . . . 21 9.3. SRv6 Service Data Sub-Sub-TLV Types registry . . . . . . 21
10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 10. Security Considerations . . . . . . . . . . . . . . . . . . . 21
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 24
13.1. Normative References . . . . . . . . . . . . . . . . . . 23 13.1. Normative References . . . . . . . . . . . . . . . . . . 24
13.2. Informative References . . . . . . . . . . . . . . . . . 26 13.2. Informative References . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
SRv6 refers to Segment Routing [RFC8402] instantiated on the IPv6 SRv6 refers to Segment Routing [RFC8402] instantiated on the IPv6
dataplane [I-D.ietf-6man-segment-routing-header]. dataplane [RFC8754].
SRv6 based BGP services refers to the L3 and L2 overlay services with SRv6 based BGP services refers to the L3 and L2 overlay services with
BGP as control plane and SRv6 as dataplane. BGP as control plane and SRv6 as dataplane.
SRv6 SID refers to a SRv6 Segment Identifier as defined in [RFC8402]. SRv6 SID refers to a SRv6 Segment Identifier as defined in [RFC8402].
SRv6 Service SID refers to an SRv6 SID associated with one of the SRv6 Service SID refers to an SRv6 SID associated with one of the
service specific behavior on the advertising Provider Edge (PE) service specific behavior on the advertising Provider Edge (PE)
router, such as (but not limited to), END.DT (Table lookup in a VRF) router, such as (but not limited to), END.DT (Table lookup in a VRF)
or END.DX (cross-connect to a nexthop) behaviors in the case of L3VPN or END.DX (cross-connect to a nexthop) behaviors in the case of L3VPN
skipping to change at page 4, line 47 skipping to change at page 4, line 47
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV Type | TLV Length | RESERVED | | TLV Type | TLV Length | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// SRv6 Service Sub-TLVs // // SRv6 Service Sub-TLVs //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o TLV Type (1 octet): This field is assigned values from the IANA o TLV Type (1 octet): This field is assigned values from the IANA
registry "BGP Prefix-SID TLV Types". It is set to TBD1 (to be registry "BGP Prefix-SID TLV Types". It is set to 5 for SRv6 L3
assigned by IANA) for SRv6 L3 Service TLV. It is set to TBD2 (to Service TLV. It is set to 6 for SRv6 L2 Service TLV.
be assigned by IANA) for SRv6 L2 Service TLV.
o TLV Length (2 octets): Specifies the total length of the TLV o TLV Length (2 octets): Specifies the total length of the TLV
Value. Value.
o RESERVED (1 octet): This field is reserved; it SHOULD be set to 0 o RESERVED (1 octet): This field is reserved; it SHOULD be set to 0
by the sender and MUST be ignored by the receiver. by the sender and MUST be ignored by the receiver.
o SRv6 Service Sub-TLVs (variable): This field contains SRv6 Service o SRv6 Service Sub-TLVs (variable): This field contains SRv6 Service
related information and is encoded as an unordered list of Sub- related information and is encoded as an unordered list of Sub-
TLVs whose format is described below. TLVs whose format is described below.
skipping to change at page 6, line 38 skipping to change at page 6, line 38
o SRv6 Service Sub-TLV Length (2 octets): This field contains the o SRv6 Service Sub-TLV Length (2 octets): This field contains the
total length of the Value field of the Sub-TLV. total length of the Value field of the Sub-TLV.
o RESERVED1 (1 octet): SHOULD be set to 0 by the sender and MUST be o RESERVED1 (1 octet): SHOULD be set to 0 by the sender and MUST be
ignored by the receiver. ignored by the receiver.
o SRv6 SID Value (16 octets): Encodes an SRv6 SID as defined in o SRv6 SID Value (16 octets): Encodes an SRv6 SID as defined in
[I-D.ietf-spring-srv6-network-programming] [I-D.ietf-spring-srv6-network-programming]
o SRv6 SID Flags (1 octet): Encodes SRv6 SID Flags - none are o SRv6 SID Flags (1 octet): Encodes SRv6 SID Flags - none are
currently defined. currently defined. SHOULD be set to 0 by sender and MUST be
ignored by the receiver.
o SRv6 Endpoint Behavior (2 octets): Encodes SRv6 Endpoint behavior o SRv6 Endpoint Behavior (2 octets): Encodes SRv6 Endpoint behavior
codepoint value from the IANA registry defined in section 9.2 of codepoint value from the IANA registry defined in section 9.2 of
[I-D.ietf-spring-srv6-network-programming] that is associated with [I-D.ietf-spring-srv6-network-programming] that is associated with
SRv6 SID. SRv6 SID. The opaque behavior (i.e. value 0xFFFF) or an
unrecognized behavior MUST NOT be considered as invalid by the
receiver.
o RESERVED2 (1 octet): SHOULD be set to 0 by the sender and MUST be o RESERVED2 (1 octet): SHOULD be set to 0 by the sender and MUST be
ignored by the receiver. ignored by the receiver.
o SRv6 Service Data Sub-Sub-TLV Value (variable): Used to advertise o SRv6 Service Data Sub-Sub-TLV Value (variable): Used to advertise
properties of the SRv6 SID. It is encoded as a set of SRv6 properties of the SRv6 SID. It is encoded as a set of SRv6
Service Data Sub-Sub-TLVs. Service Data Sub-Sub-TLVs.
When multiple SRv6 SID Information Sub-TLVs are present, the ingress When multiple SRv6 SID Information Sub-TLVs are present, the ingress
PE SHOULD use the SRv6 SID from the first instance of the Sub-TLV. PE SHOULD use the SRv6 SID from the first instance of the Sub-TLV.
skipping to change at page 10, line 35 skipping to change at page 10, line 49
Standard BGP update propagation schemes[RFC4271], which may make use Standard BGP update propagation schemes[RFC4271], which may make use
of route reflectors [RFC4456], are used to propagate these prefixes. of route reflectors [RFC4456], are used to propagate these prefixes.
BGP ingress nodes (ingress PEs) receive these advertisements and may BGP ingress nodes (ingress PEs) receive these advertisements and may
add the prefix to the RIB in an appropriate VRF. add the prefix to the RIB in an appropriate VRF.
Egress PEs which supports SRv6 based L3 services advertises overlay Egress PEs which supports SRv6 based L3 services advertises overlay
service prefixes along with a Service SID enclosed in a SRv6 L3 service prefixes along with a Service SID enclosed in a SRv6 L3
Service TLV within the BGP Prefix-SID Attribute. This TLV serves two Service TLV within the BGP Prefix-SID Attribute. This TLV serves two
purposes - first, it indicates that the egress PE supports SRv6 purposes - first, it indicates that the egress PE supports SRv6
overlay and the BGP ingress PE receiving this route MUST choose to overlay and the BGP ingress PE receiving this route MUST choose to
perform IPv6 encapsulation and optionally insert an SRH when perform IPv6 encapsulation and optionally insert an SRH [RFC8754]
required; second ,it indicates the value of the Service SID to be when required; second ,it indicates the value of the Service SID to
used in the encapsulation. be used in the encapsulation.
The Service SID thus signaled only has local significance at the The Service SID thus signaled only has local significance at the
egress PE, where it may be allocated or configured on a per-CE or egress PE, where it may be allocated or configured on a per-CE or
per-VRF basis. In practice, the SID may encode a cross-connect to a per-VRF basis. In practice, the SID may encode a cross-connect to a
specific Address Family table (END.DT) or next-hop/interface (END.DX) specific Address Family table (END.DT) or next-hop/interface (END.DX)
as defined in [I-D.ietf-spring-srv6-network-programming]. as defined in [I-D.ietf-spring-srv6-network-programming].
The SRv6 Service SID SHOULD be routable within the AS of the egress The SRv6 Service SID SHOULD be routable within the AS of the egress
PE and serves the dual purpose of providing reachability between PE and serves the dual purpose of providing reachability between
ingress PE and egress PE while also encoding the endpoint behavior. ingress PE and egress PE while also encoding the endpoint behavior.
skipping to change at page 11, line 29 skipping to change at page 11, line 42
[I-D.ietf-spring-segment-routing-policy], then the effective SR [I-D.ietf-spring-segment-routing-policy], then the effective SR
Policy is <S1, S2, S3-Service-SID>. Policy is <S1, S2, S3-Service-SID>.
Multiple VPN routes MAY resolve recursively via the same SR Policy. Multiple VPN routes MAY resolve recursively via the same SR Policy.
5.1. IPv4 VPN Over SRv6 Core 5.1. IPv4 VPN Over SRv6 Core
The MP_REACH_NLRI for SRv6 core is encoded according to IPv4 VPN Over The MP_REACH_NLRI for SRv6 core is encoded according to IPv4 VPN Over
IPv6 Core defined in [I-D.ietf-bess-rfc5549revision]. IPv6 Core defined in [I-D.ietf-bess-rfc5549revision].
Label field of IPv4-VPN NLRI carries the Function part of the SRv6 Label field of IPv4-VPN NLRI is encoded as specified in [RFC8277]
SID when the Transposition Scheme of encoding (Section 4) is used and with the Label Value set to the Function part of the SRv6 SID when
the Transposition Scheme of encoding (Section 4) is used and
otherwise set to Implicit NULL. otherwise set to Implicit NULL.
SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV. The SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV. The
behavior of the SRv6 SID is entirely up to the originator of the behavior of the SRv6 SID is entirely up to the originator of the
advertisement. In practice, the behavior is End.DX4 or End.DT4. advertisement. In practice, the behavior is End.DX4 or End.DT4.
5.2. IPv6 VPN Over SRv6 Core 5.2. IPv6 VPN Over SRv6 Core
The MP_REACH_NLRI for SRv6 core is encoded according to IPv6 VPN over The MP_REACH_NLRI for SRv6 core is encoded according to IPv6 VPN over
IPv6 Core is defined in [RFC4659]. IPv6 Core is defined in [RFC4659].
Label field of the IPv6-VPN NLRI carries the Function part of the Label field of the IPv6-VPN NLRI is encoded as specified in [RFC8277]
SRv6 SID when the Transposition Scheme of encoding (Section 4) is with the Label Value set to the Function part of the SRv6 SID when
used and otherwise set to Implicit NULL. the Transposition Scheme of encoding (Section 4) is used and
otherwise set to Implicit NULL.
SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV. The SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV. The
behavior of the SRv6 SID is entirely up to the originator of the behavior of the SRv6 SID is entirely up to the originator of the
advertisement. In practice, the behavior is End.DX6 or End.DT6. advertisement. In practice, the behavior is End.DX6 or End.DT6.
5.3. Global IPv4 over SRv6 Core 5.3. Global IPv4 over SRv6 Core
The MP_REACH_NLRI for SRv6 core is encoded according to IPv4 over The MP_REACH_NLRI for SRv6 core is encoded according to IPv4 over
IPv6 Core is defined in [I-D.ietf-bess-rfc5549revision]. IPv6 Core is defined in [I-D.ietf-bess-rfc5549revision].
skipping to change at page 13, line 7 skipping to change at page 13, line 20
o IGMP join sync route (Route Type 7) o IGMP join sync route (Route Type 7)
o IGMP leave sync route (Route Type 8) o IGMP leave sync route (Route Type 8)
To support SRv6 based EVPN overlays, one or more SRv6 Service SIDs To support SRv6 based EVPN overlays, one or more SRv6 Service SIDs
are advertised with Route Type 1,2,3 and 5. The SRv6 Service SID(s) are advertised with Route Type 1,2,3 and 5. The SRv6 Service SID(s)
per Route Type are advertised in SRv6 L3/L2 Service TLVs within the per Route Type are advertised in SRv6 L3/L2 Service TLVs within the
BGP Prefix-SID Attribute. Signaling of SRv6 Service SID(s) serves BGP Prefix-SID Attribute. Signaling of SRv6 Service SID(s) serves
two purposes - first, it indicates that the BGP egress device two purposes - first, it indicates that the BGP egress device
supports SRv6 overlay and the BGP ingress device receiving this route supports SRv6 overlay and the BGP ingress device receiving this route
MUST perform IPv6 encapsulation and optionally insert an SRH when MUST perform IPv6 encapsulation and optionally insert an SRH
required; second, it indicates the value of the Service SID(s) to be [RFC8754] when required; second, it indicates the value of the
used in the encapsulation. Service SID(s) to be used in the encapsulation.
The SRv6 Service SID SHOULD be routable within the AS of the egress The SRv6 Service SID SHOULD be routable within the AS of the egress
PE and serves the dual purpose of providing reachability between PE and serves the dual purpose of providing reachability between
ingress PE and egress PE while also encoding the endpoint behavior. ingress PE and egress PE while also encoding the endpoint behavior.
When the egress PE sets the next-hop to a value that is not covered When the egress PE sets the next-hop to a value that is not covered
by the SRv6 Locator from which the SRv6 Service SID is allocated, by the SRv6 Locator from which the SRv6 Service SID is allocated,
then the ingress PE SHOULD perform reachability check for the SRv6 then the ingress PE SHOULD perform reachability check for the SRv6
Service SID in addition to the BGP next-hop reachability procedures. Service SID in addition to the BGP next-hop reachability procedures.
skipping to change at page 19, line 42 skipping to change at page 19, line 45
If multiple instances of SRv6 L2 Service TLV is encountered, all but If multiple instances of SRv6 L2 Service TLV is encountered, all but
the first instance MUST be ignored. the first instance MUST be ignored.
An SRv6 Service TLV is considered malformed in the following cases: An SRv6 Service TLV is considered malformed in the following cases:
o the TLV Length is less than 1 o the TLV Length is less than 1
o the TLV Length is inconsistent with the length of BGP Prefix-SID o the TLV Length is inconsistent with the length of BGP Prefix-SID
attribute attribute
o atleast one of the constituent Sub-TLVs is malformed o at least one of the constituent Sub-TLVs is malformed
An SRv6 Service Sub-TLV is considered malformed in the following An SRv6 Service Sub-TLV is considered malformed in the following
cases: cases:
o the Sub-TLV Length is inconsistent with the length of the o the Sub-TLV Length is inconsistent with the length of the
enclosing SRv6 Service TLV enclosing SRv6 Service TLV
An SRv6 SID Information Sub-TLV is considered malformed in the An SRv6 SID Information Sub-TLV is considered malformed in the
following cases: following cases:
* the Sub-TLV Length is less than 21 * the Sub-TLV Length is less than 21
* the Sub-TLV Length is inconsistent with the length of the * the Sub-TLV Length is inconsistent with the length of the
enclosing SRv6 Service TLV enclosing SRv6 Service TLV
* atleast one of the constituent Sub-Sub-TLVs is malformed * at least one of the constituent Sub-Sub-TLVs is malformed
An SRv6 Service Data Sub-sub-TLV is considered malformed in the An SRv6 Service Data Sub-sub-TLV is considered malformed in the
following cases: following cases:
o the Sub-Sub-TLV Length is inconsistent with the length of the o the Sub-Sub-TLV Length is inconsistent with the length of the
enclosing SRv6 service Sub-TLV enclosing SRv6 service Sub-TLV
Any TLV or Sub-TLV or Sub-Sub-TLV is not considered malformed because Any TLV or Sub-TLV or Sub-Sub-TLV is not considered malformed because
its Type is unrecognized. its Type is unrecognized.
skipping to change at page 20, line 39 skipping to change at page 20, line 42
SRv6 SID value in SRv6 Service Sub-TLV is invalid when SID Structure SRv6 SID value in SRv6 Service Sub-TLV is invalid when SID Structure
Sub-Sub-TLV transposition length is greater than 24 or addition of Sub-Sub-TLV transposition length is greater than 24 or addition of
transposition offset and length is greater than 128. Path having transposition offset and length is greater than 128. Path having
such Prefix-SID Attribute should be ineligible during the selection such Prefix-SID Attribute should be ineligible during the selection
of best path for the corresponding prefix. of best path for the corresponding prefix.
9. IANA Considerations 9. IANA Considerations
9.1. BGP Prefix-SID TLV Types registry 9.1. BGP Prefix-SID TLV Types registry
This document defines two new TLV Types of the BGP Prefix-SID This document introduces three new TLV Types of the BGP Prefix-SID
attribute. IANA is requested to assign Type values in the registry attribute. IANA has assigned Type values in the registry "BGP
"BGP Prefix-SID TLV Types" as follows: Prefix-SID TLV Types" as follows:
Value Type Reference Value Type Reference
-------------------------------------------- --------------------------------------------
4 Deprecated <this document> 4 Deprecated <this document>
TBD1 SRv6 L3 Service TLV <this document> 5 SRv6 L3 Service TLV <this document>
TBD2 SRv6 L2 Service TLV <this document> 6 SRv6 L2 Service TLV <this document>
The value 4 previously corresponded to the SRv6-VPN SID TLV, which The value 4 previously corresponded to the SRv6-VPN SID TLV, which
was specified in previous versions of this document and used by early was specified in previous versions of this document and used by early
implementations of this specification. It was deprecated and implementations of this specification. It was deprecated and
replaced by the SRv6 L3 Service and SRv6 L2 Service TLVs. replaced by the SRv6 L3 Service and SRv6 L2 Service TLVs.
9.2. SRv6 Service Sub-TLV Types registry 9.2. SRv6 Service Sub-TLV Types registry
IANA is requested to create and maintain a new registry called "SRv6 IANA is requested to create and maintain a new registry called "SRv6
Service Sub-TLV Types". The allocation policy for this registry is: Service Sub-TLV Types". The allocation policy for this registry is:
skipping to change at page 21, line 40 skipping to change at page 21, line 45
255 : Reserved 255 : Reserved
The following Sub-Sub-TLV Types are defined in this document: The following Sub-Sub-TLV Types are defined in this document:
Value Type Reference Value Type Reference
---------------------------------------------------- ----------------------------------------------------
1 SRv6 SID Structure Sub-Sub-TLV <this document> 1 SRv6 SID Structure Sub-Sub-TLV <this document>
10. Security Considerations 10. Security Considerations
This document introduces no new security considerations beyond those This document specifies extensions to BGP protocol for signalling of
already specified in [RFC4271]. services for SRv6. As such, techniques related to authentication of
BGP sessions for securing messages between BGP peers as discussed in
the BGP specification [RFC4271] and in the security analysis for BGP
[RFC4272] apply. The discussion of the use of the TCP Authentication
option to protect BGP sessions is found in [RFC5925], while [RFC6952]
includes an analysis of BGP keying and authentication issues.
This document does not introduce new services or BGP NLRI types but
extends the signaling of existing ones for SRv6. Therefore, the
security considerations for the respective BGP services
[I-D.ietf-bess-rfc5549revision] [RFC4659] [RFC2545] [RFC7432]
[I-D.ietf-bess-evpn-prefix-advertisement] also apply.
SRv6 operates within a trusted SR domain with filtering of traffic at
the domain boundaries. These and other security aspects of SRv6 are
discussed in the security considerations of [RFC8402] [RFC8754] and
apply for deployment of BGP services using SRv6. The SRv6 SIDs used
for the BGP Services in this document are defined in
[I-D.ietf-spring-srv6-network-programming] and hence the security
considerations of that document also apply. The service flows
between PE routers using SRv6 SIDs advertised via BGP are expected to
be limited within the trusted SR domain (e.g. within a single AS or
between multiple ASes within a single provider network). Therefore,
precaution is necessary to ensure that the BGP service information
(including associated SRv6 SID) advertised via BGP sessions is
limited to peers within this trusted SR domain. Security
consideration section of [RFC8669] discuss mechanisms to prevent
leaking of BGP Prefix-SID attribute, that carries SRv6 SID, outside
the SR domain. In the event that these filtering mechanisms, both in
the forwarding and control plane, are not implemented properly, it
may be possible for nodes outside the SR domain to learn the VPN
Service SIDs and use them to direct traffic into VPN networks from
outside the SR domain.
11. Acknowledgments 11. Acknowledgments
The authors of this document would like to thank Stephane Litkowski, The authors of this document would like to thank Stephane Litkowski,
Rishabh Parekh and Xiejingrong for their comments and review of this Rishabh Parekh and Xiejingrong for their comments and review of this
document. document.
12. Contributors 12. Contributors
Satoru Matsushima Satoru Matsushima
skipping to change at page 23, line 33 skipping to change at page 24, line 23
Ketan Talaulikar Ketan Talaulikar
Cisco Cisco
Email: ketant@cisco.com Email: ketant@cisco.com
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.ietf-6man-segment-routing-header]
Filsfils, C., Dukes, D., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", draft-ietf-6man-segment-routing-header-26 (work in
progress), October 2019.
[I-D.ietf-bess-evpn-igmp-mld-proxy] [I-D.ietf-bess-evpn-igmp-mld-proxy]
Sajassi, A., Thoria, S., Patel, K., Drake, J., and W. Lin, Sajassi, A., Thoria, S., Patel, K., Drake, J., and W. Lin,
"IGMP and MLD Proxy for EVPN", draft-ietf-bess-evpn-igmp- "IGMP and MLD Proxy for EVPN", draft-ietf-bess-evpn-igmp-
mld-proxy-04 (work in progress), September 2019. mld-proxy-05 (work in progress), April 2020.
[I-D.ietf-bess-evpn-prefix-advertisement] [I-D.ietf-bess-evpn-prefix-advertisement]
Rabadan, J., Henderickx, W., Drake, J., Lin, W., and A. Rabadan, J., Henderickx, W., Drake, J., Lin, W., and A.
Sajassi, "IP Prefix Advertisement in EVPN", draft-ietf- Sajassi, "IP Prefix Advertisement in EVPN", draft-ietf-
bess-evpn-prefix-advertisement-11 (work in progress), May bess-evpn-prefix-advertisement-11 (work in progress), May
2018. 2018.
[I-D.ietf-bess-evpn-vpws-fxc] [I-D.ietf-bess-evpn-vpws-fxc]
Sajassi, A., Brissette, P., Uttaro, J., Drake, J., Lin, Sajassi, A., Brissette, P., Uttaro, J., Drake, J., Lin,
W., Boutros, S., and J. Rabadan, "EVPN VPWS Flexible W., Boutros, S., and J. Rabadan, "EVPN VPWS Flexible
Cross-Connect Service", draft-ietf-bess-evpn-vpws-fxc-01 Cross-Connect Service", draft-ietf-bess-evpn-vpws-fxc-01
(work in progress), June 2019. (work in progress), June 2019.
[I-D.ietf-bess-rfc5549revision] [I-D.ietf-bess-rfc5549revision]
Litkowski, S., Agrawal, S., ananthamurthy, k., and K. Litkowski, S., Agrawal, S., ananthamurthy, k., and K.
Patel, "Advertising IPv4 Network Layer Reachability Patel, "Advertising IPv4 Network Layer Reachability
Information with an IPv6 Next Hop", draft-ietf-bess- Information with an IPv6 Next Hop", draft-ietf-bess-
rfc5549revision-03 (work in progress), February 2020. rfc5549revision-04 (work in progress), July 2020.
[I-D.ietf-spring-srv6-network-programming] [I-D.ietf-spring-srv6-network-programming]
Filsfils, C., Camarillo, P., Leddy, J., Voyer, D., Filsfils, C., Camarillo, P., Leddy, J., Voyer, D.,
Matsushima, S., and Z. Li, "SRv6 Network Programming", Matsushima, S., and Z. Li, "SRv6 Network Programming",
draft-ietf-spring-srv6-network-programming-10 (work in draft-ietf-spring-srv6-network-programming-16 (work in
progress), February 2020. progress), June 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol [RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol
Extensions for IPv6 Inter-Domain Routing", RFC 2545, Extensions for IPv6 Inter-Domain Routing", RFC 2545,
DOI 10.17487/RFC2545, March 1999, DOI 10.17487/RFC2545, March 1999,
<https://www.rfc-editor.org/info/rfc2545>. <https://www.rfc-editor.org/info/rfc2545>.
skipping to change at page 25, line 39 skipping to change at page 26, line 19
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
[RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J. [RFC8214] Boutros, S., Sajassi, A., Salam, S., Drake, J., and J.
Rabadan, "Virtual Private Wire Service Support in Ethernet Rabadan, "Virtual Private Wire Service Support in Ethernet
VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017, VPN", RFC 8214, DOI 10.17487/RFC8214, August 2017,
<https://www.rfc-editor.org/info/rfc8214>. <https://www.rfc-editor.org/info/rfc8214>.
[RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address
Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017,
<https://www.rfc-editor.org/info/rfc8277>.
[RFC8317] Sajassi, A., Ed., Salam, S., Drake, J., Uttaro, J., [RFC8317] Sajassi, A., Ed., Salam, S., Drake, J., Uttaro, J.,
Boutros, S., and J. Rabadan, "Ethernet-Tree (E-Tree) Boutros, S., and J. Rabadan, "Ethernet-Tree (E-Tree)
Support in Ethernet VPN (EVPN) and Provider Backbone Support in Ethernet VPN (EVPN) and Provider Backbone
Bridging EVPN (PBB-EVPN)", RFC 8317, DOI 10.17487/RFC8317, Bridging EVPN (PBB-EVPN)", RFC 8317, DOI 10.17487/RFC8317,
January 2018, <https://www.rfc-editor.org/info/rfc8317>. January 2018, <https://www.rfc-editor.org/info/rfc8317>.
[RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R., [RFC8365] Sajassi, A., Ed., Drake, J., Ed., Bitar, N., Shekhar, R.,
Uttaro, J., and W. Henderickx, "A Network Virtualization Uttaro, J., and W. Henderickx, "A Network Virtualization
Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365,
DOI 10.17487/RFC8365, March 2018, DOI 10.17487/RFC8365, March 2018,
skipping to change at page 26, line 16 skipping to change at page 26, line 46
Decraene, B., Litkowski, S., and R. Shakir, "Segment Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>. July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8669] Previdi, S., Filsfils, C., Lindem, A., Ed., Sreekantiah, [RFC8669] Previdi, S., Filsfils, C., Lindem, A., Ed., Sreekantiah,
A., and H. Gredler, "Segment Routing Prefix Segment A., and H. Gredler, "Segment Routing Prefix Segment
Identifier Extensions for BGP", RFC 8669, Identifier Extensions for BGP", RFC 8669,
DOI 10.17487/RFC8669, December 2019, DOI 10.17487/RFC8669, December 2019,
<https://www.rfc-editor.org/info/rfc8669>. <https://www.rfc-editor.org/info/rfc8669>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
13.2. Informative References 13.2. Informative References
[I-D.ietf-idr-segment-routing-te-policy] [I-D.ietf-idr-segment-routing-te-policy]
Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P.,
Rosen, E., Jain, D., and S. Lin, "Advertising Segment Rosen, E., Jain, D., and S. Lin, "Advertising Segment
Routing Policies in BGP", draft-ietf-idr-segment-routing- Routing Policies in BGP", draft-ietf-idr-segment-routing-
te-policy-08 (work in progress), November 2019. te-policy-09 (work in progress), May 2020.
[I-D.ietf-spring-segment-routing-policy] [I-D.ietf-spring-segment-routing-policy]
Filsfils, C., Sivabalan, S., Voyer, D., Bogdanov, A., and Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and
P. Mattes, "Segment Routing Policy Architecture", draft- P. Mattes, "Segment Routing Policy Architecture", draft-
ietf-spring-segment-routing-policy-06 (work in progress), ietf-spring-segment-routing-policy-08 (work in progress),
December 2019. July 2020.
[I-D.matsushima-spring-srv6-deployment-status] [I-D.matsushima-spring-srv6-deployment-status]
Matsushima, S., Filsfils, C., Ali, Z., and Z. Li, "SRv6 Matsushima, S., Filsfils, C., Ali, Z., Li, Z., and K.
Implementation and Deployment Status", draft-matsushima- Rajaraman, "SRv6 Implementation and Deployment Status",
spring-srv6-deployment-status-05 (work in progress), draft-matsushima-spring-srv6-deployment-status-07 (work in
January 2020. progress), April 2020.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis",
RFC 4272, DOI 10.17487/RFC4272, January 2006,
<https://www.rfc-editor.org/info/rfc4272>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <https://www.rfc-editor.org/info/rfc5925>.
[RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of
BGP, LDP, PCEP, and MSDP Issues According to the Keying
and Authentication for Routing Protocols (KARP) Design
Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013,
<https://www.rfc-editor.org/info/rfc6952>.
Authors' Addresses Authors' Addresses
Gaurav Dawra (editor) Gaurav Dawra (editor)
LinkedIn LinkedIn
USA USA
Email: gdawra.ietf@gmail.com Email: gdawra.ietf@gmail.com
Clarence Filsfils Clarence Filsfils
 End of changes. 31 change blocks. 
55 lines changed or deleted 108 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/