IDR Working Group Y. Liu Internet-Draft China Mobile Intended status: Standards Track C. Lin Expires: January 1, 2024 New H3C Technologies Ran.Chen ZTE Y. Qiu New H3C Technologies June 30, 2023 SRv6 Segment List optimization draft-liu-idr-srv6-segment-list-optimize-00 Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on January 1 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Liu, et al. Expire January, 2024 [Page 1] Internet-Draft SRv6 Segment List Optimization June 2023 Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Abstract This document introduces an optimization method for segment list arrangement to solve the problem of the penultimate segment node being unable to perform PSP behavior when the egress node has both End SID and service SID, and improve the forwarding efficiency of data packets. Table of Contents 1. Introduction...................................................3 2. Terminology....................................................3 3. Requirement background.........................................3 4. Extend the Segment Flags of Segment Types sub-TLVs.............5 5. Optimizing the arrangement method of segment list..............5 6. Example of SRv6 packet Processing Process......................6 6.1. Data packet Processing to VPN.............................7 6.2. OAM Packet Processing to the Egress Node..................7 7. IANA Considerations............................................8 8. Security Considerations........................................8 9. References.....................................................8 9.1. Normative References......................................8 9.2. Informative References....................................9 10. Acknowledgments...............................................9 Authors' Addresses................................................9 Liu, et al. Expires January, 2024 [Page 2] Internet-Draft SRv6 Segment List Optimization June 2023 1. Introduction Segment Routing (SR) [RFC8402] allows a headend node to steer a packet flow along any path. Intermediate per-path states are eliminated thanks to source routing. The headend node is said to steer a flow into an SR Policy [RFC8402]. The packets steered into an SR Policy carry an ordered list of segments associated with that SR Policy. [I-D.draft-ietf-idr-segment-routing-te-policy] specifies how BGP may be used to distribute SR Policy candidate paths. New sub-TLVs for the Tunnel Encapsulation Attribute are defined for signaling information about these candidate paths. This document introduces an optimization method for segment list arrangement to solve the problem of the penultimate segment node being unable to perform PSP behavior when the egress node has both End SID and service SID, and improve the forwarding efficiency of data packets. 2. Terminology The following terminologies are used in this document. SR: Segment Routing SRv6: SR for IPv6 SRH: Segment Routing Header SID: Segment Identifier CE: Customer Edge PE: Provider Edge VPN: Virtual Private Network PSP: Penultimate Segment Pop 3. Requirement background In SRv6 networks, some functions can only be executed on the penultimate SR Segment Endpoint Node, such as Penultimate Segment Pop (PSP) behavior. However, if both the End SID and service SID of the egress node are encapsulated in SRH.SegmentList, the endpoint Liu, et al. Expires January, 2024 [Page 3] Internet-Draft SRv6 Segment List Optimization June 2023 will not be able to identify itself as the penultimate SR Segment Endpoint Node based on the SRH.SL field after receiving the packet. For example, in the following scenarios, the Segment List of SRv6 Policy must include the End SID of the egress node. The SRH extension header of VPN user's data packets forwarded based on this SRv6 Policy tunnel will simultaneously encapsulate the End SID and VPN SID of the egress node. * Scenario 1 In tunnel splicing scenarios and cross domain path splicing scenarios, usually based on binding SID to steer traffic. The Segment List of SRv6 Policy on the head node must include the End SID of the egress node. * Scenario 2 When the head node enables end-to-end fast fault detection of SRv6 Policy, OAM messages are sent to the egress node. The End SID of the egress node must be specified in the Segment List of this SRv6 Policy. In this way, the following two problems will arise: * Problem 1: PSP behavior may not be executable. If the head node encapsulates both the End SID and VPN SID of the egress node in the SRH.SegmentList, the penultimate SR Segment Endpoint Node will find that local SID is not in the position with SL=1 after receiving the packet. After executing SL--, SL is still greater than 0. Because the condition of (SL==0) is not met, the penultimate SR Segment Endpoint Node will not be able to perform the processing of removing the SRH from the IPv6 extension header. * Problem 2: The forwarding efficiency of egress node decreases. If the egress node receives a packet with both a local End SID and a VPN SID, it needs to first look up the table based on the End SID. Then, based on the VPN SID, execute the VPN SID instruction, and finally remove the outer IPv6 packet header and forward it to VPN network. The data packet needs to look up the SID table twice within the egress node. For some chips, the second SID table lookup requires a loopback interface to be implemented. Due to the bandwidth Liu, et al. Expires January, 2024 [Page 4] Internet-Draft SRv6 Segment List Optimization June 2023 limitations and the possibility of other service packets coexisting on the loopback interface, the forwarding efficiency of packets to VPN will be greatly affected. Therefore, this document proposes a method to optimize the SRH.SegmentList encapsulated by the head node. When there are End SID and service SID of egress node on the path at the same time, only the service SID is encapsulated in the SRH.SegmentList. This can solve the problem of the penultimate segment node being unable to perform PSP behavior when the egress node has both End SID and service SID, and improve the forwarding efficiency of data packets on the egress node. 4. Extend the Segment Flags of Segment Types sub-TLVs Extend the Segment Flags described in Chapter 2.4.4.2.12 of[I- D.ietf-idr-segment-routing-te-policy]. Define a bit to identify whether this SID belong to the egress node. 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |V|A|S|B|E| | +-+-+-+-+-+-+-+-+ where: E-Flag: This flag, when set, indicates that this segment is the egress node's SID. 5. Optimizing the arrangement method of segment list After the controller arranges the SRv6 forwarding path, it informs the ingress node which is the egress node's SID through the E-Flag. When the controller distributes the SRv6 Policy configuration to the head node through BGP, the E-Flag bit of Flags field of the segment sub-TLV corresponding to the egress node is set to 1. And the E-Flag bits corresponding to the ingress node and intermediate node are set to 0. After receiving the SRv6 Policy configuration with E-Flag, the ingress node will not simultaneously arrange the End SID and Service SID of the egress node into the SRH.SegmentList of packet. For data packets forwarded to VPN through this SRv6 Policy, the SRH.SegmentList will not encapsulate the End SID corresponding to the egress node in the SID list of SRv6 Policy. Liu, et al. Expires January, 2024 [Page 5] Internet-Draft SRv6 Segment List Optimization June 2023 If the forwarding path does not include the service SID of the egress node, then the End SID of the egress node should be encapsulated in SRH.SegmentList. For OAM detection packets to the egress node, the SRH.SegmentList is encapsulated according to the SID list of the SR policy, only encapsulating node SIDs. 6. Example of SRv6 packet Processing Process Taking Figure 1 as an example, describe how SRv6 data packets and OAM packets are forwarded in the SRv6 network based on the optimized Segment List arrangement mechanism. +------------+ | Controller | +------------+ / \ / \ / \ +---+ +---+ +---+ +---+ +---+ +---+ |CE1|----|PE1|-----| P1|-----| P2|-----|PE2|---|CE2| +---+ +---+ +---+ +---+ +---+ +---+ 2::2 3::3 4::4 5::5 End.DT4 SID: 5::100 Figure 1 CE1 and CE2 are VPN access devices that connect to the IPv6 backbone network through PE. PE1 has a locator 2::/64. P1 has a locator 3::/64. P2 has an End SID 4::4 with PSP Flavor. PE2 has a locator 5::/64 and a VPN SID 5::100. The traffic from CE1 to CE2 is forwarded along the path PE1->P1->P2->PE2. P2 needs to perform the PSP behavior to remove the SRH extension header. The controller calculates the SRv6 forwarding path from PE1 to PE2 based on the collected topology and configuration information, and distributes the SRv6 Policy to PE1 through BGP. The Endpoint address is 5::5 of PE2. There is only one candidate path. The candidate path contains a Segment list <3::3, 4::4, 5::5>. For PE2's Segment 5::5, the E-Flag bit of the Flags field of the Segment sub-TLV set to 1. PE2 advertises a BGP VPN route to PE1, and the next hop of the BGP route is the endpoint address 5::5. After receiving the BGP route, PE1 iterates to the SRv6 Policy using the color and the next hop of the route. Liu, et al. Expires January, 2024 [Page 6] Internet-Draft SRv6 Segment List Optimization June 2023 There are two types of packets sent from PE1 to PE2: data packets and OAM packets. 6.1. Data packet Processing to VPN After PE1 receives the data packet from CE1 to CE2, it looks up the VPN instance routing table and iterates to SRv6 Policy. PE1 adds the SRH extension header to the packet and encapsulates the Segment List of the SRv6 Policy. The Segment List in the SRH extension header is encapsulated as <3::3, 4::4, 5::100>, and the SL is set to 2. The Segment List in SRH is shown in Figure 2. +--------+ Segment List[0] | 5::100 | ==> PE2's End.DT4 SID +--------+ Segment List[1] | 4::4 | +--------+ Segment List[2] | 3::3 | +--------+ Figure 2 6.2. OAM Packet Processing to the Egress Node If the head node enables OAM function and detects a fault in the SRv6 Policy forwarding path, PE1 will send OAM detection messages to PE2, such as BFD packets. The OAM detection message sends by PE1 encapsulate the segment list corresponding to the SRv6 Policy. Since the message does not need to be sent to VPN, the Segment List of the SRH extension header is encapsulated as <3::3, 4::4, 5::5>. The Segment List in SRH is shown in Figure 3. Liu, et al. Expires January, 2024 [Page 7] Internet-Draft SRv6 Segment List Optimization June 2023 +--------+ Segment List[0] | 5::5 | ==> PE2's End SID +--------+ Segment List[1] | 4::4 | +--------+ Segment List[2] | 3::3 | +--------+ Figure 3 7. IANA Considerations This document requests that IANA allocate the following registration in the "SR Policy Segment Flags" sub-registry for the " BGP Tunnel Encapsulation" registry maintained by IANA: +-------+------------------------------+---------------+ | Bit | Description | Reference | +=======+==============================+===============+ | TBA | E-Flag | This document | +-------+------------------------------+---------------+ 8. Security Considerations [RFC8754] defines the notion of an SR domain and use of SRH within the SR domain. The use of egress protection mechanism described in this document is restricted to an SR domain. Procedures for securing an SR domain are defined the section 5.1 and section 7 of [RFC8754]. This document does not impose any additional security challenges to be considered beyond security threats described in [RFC8754], [RFC8679] and [RFC8986]. 9. References 9.1. Normative References [I-D.draft-ietf-idr-segment-routing-te-policy] Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., Jain, D., Lin, S., "Advertising Segment Routing Policies in BGP", Work in Progress, Internet-Draft, draft-draft-ietf-idr-segment- routing-te-policy-20, 27 July 2022, < https://www.ietf.org/archive/id/draft-ietf-idr-segment- routing-te-policy-20.txt> Liu, et al. Expires January, 2024 [Page 8] Internet-Draft SRv6 Segment List Optimization June 2023 [RFC8400] Chen, H., Liu, A., Saad, T., Xu, F., and L. Huang, "Extensions to RSVP-TE for Label Switched Path (LSP) Egress Protection", RFC 8400, DOI 10.17487/RFC8400, June 2018, . [RFC8679] Shen, Y., Jeganathan, M., Decraene, B., Gredler, H., Michel, C., and H. Chen, "MPLS Egress Protection Framework", RFC 8679, DOI 10.17487/RFC8679, December 2019, . [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, . [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 (SRv6) Network Programming", RFC 8986, DOI 10.17487/RFC8986, February 2021, . 9.2. Informative References TBD 10. Acknowledgments TBD Authors' Addresses Yisong Liu China Mobile Email: liuyisong@chinamobile.com Changwang Lin New H3C Technologies Email: linchangwang.04414@h3c.com Ran Chen ZTE Corporation Email: chen.ran@zte.com.cn Yuanxiang Qiu New H3C Technologies Email: qiuyuanxiang@h3c.com Liu, et al. Expires January, 2024 [Page 9]