6man Working Group W. Cheng
Internet Draft L. Gong
Intended status: Informational China Mobile
Expires: March 3, 2025 C. Lin
H. Li
New H3C Technologies
September 3, 2024
Source IPv6 Address Programmability
draft-cheng-6man-source-address-programmability-03
Abstract
IPv6-based tunneling technologies, such as SRv6, have been deployed
by provider on transport networks to provide users with services
such as VPN and SD-WAN.
After the service traffic enters the provider's transport network,
it will be encapsulated by tunnel (SRv6 encapsulation). In order to
better meet the SLA requirements of users, some technologies need to
carry relevant information along with the flow to guide the
processing of packets during forwarding.
This document discusses the programmability of IPv6 source addresses
to carry the necessary flow information
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
Cheng, et al. Expires March 3, 2025 [Page 1]
Internet-Draft Source IPv6 Address Programmability September 2024
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on March 3, 2025.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction ................................................ 2
1.1. Requirements Language .................................. 3
2. Restrictions for IPv6 Source address programmability ........ 3
3. Requirement for IPv6 source address programmability.......... 4
4. Scenarios of IPv6 source address programmability ............ 5
5. IANA Considerations ......................................... 7
6. Security Considerations ..................................... 7
7. References .................................................. 7
7.1. Normative References ................................... 7
Contributors ................................................... 9
Authors' Addresses ............................................ 10
1. Introduction
IPv6-based tunneling technologies, such as SRv6, have been deployed
by provider on transport networks to provide users with services
such as VPN and SD-WAN.
When the ingress node (PE) of the transport network receives user
traffic, it can add IPv6 (SRv6) encapsulation to the user traffic
according to VPN routes and policies, and the encapsulated service
traffic is forwarded to the egress device of the transport network.
Cheng, et al. Expires March 3, 2025 [Page 2]
Internet-Draft Source IPv6 Address Programmability September 2024
SRv6 [RFC8754] is a source routing technology. The ingress node of
the transport network encapsulates the forwarding path (segment
list) of user traffic in SRH. The encapsulated user traffic will be
forwarded to the egress node according to the path specified by the
SRH.
Meanwhile, in order to better meet user SLA requirements and provide
differentiated services, it is necessary to be able to carry flow-
related information with the traffic.
Although IPv6 itself provides a variety of extension headers, which
can carry various flow information through extension headers, due to
various considerations such as bandwidth utilization and device
implementation difficulty, carrying flow information through source
addresses is becoming a possible choice
This document mainly discusses the requirements for source IPv6
address programmability to support subsequent related specifications
or protocol extensions.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Restrictions for IPv6 Source address programmability
The IPv6 source address programmability described in this document
is limited to a limited or trusted domain, such as the SRv6 domain
of a provider's transport network.
In a limited domain or trusted domain, the programmable capability
of the IPv6 source address is allowed to carry flow information.
That is, when the business flow enters the trust domain, it is
encapsulated, and the flow information is encoded in the source
address at the same time. Encapsulation is removed when business
traffic leaves the trust domain. This leakage of source addresses
outside the trusted domain needs to be avoided.
End-to-end IPv6 source address programmability is not recommended.
Cheng, et al. Expires March 3, 2025 [Page 3]
Internet-Draft Source IPv6 Address Programmability September 2024
+----+ +----+ +----+
SRv6 Encapsulated +----+ +----+ +----+
packet | | | | | |
+-----+ +----+ +----+ +----+ +----+
Original | | | |
packet +-----+ +----+
---------------------------------------------------------->
+-------------------------------------+
| SRv6 domain |
+---+ | +---+ +--+ +--+ +---+ | +---+
-----+CE1+--+---+PE1+----+P1+-----+P2+-----+PE2+--+--+CE2+----
+---+ | +---+ +--+ +--+ +---+ | +---+
| |
+-------------------------------------+
Figure 1: example topology
3. Requirement for IPv6 source address programmability
In some scenarios, flow information needs to be carried with the
packet to help routers to perform special processing on the packet
when forwarding. The flow information may be associated with the
local resources of the router, and are used to guarantee the
bandwidth of a specific flow; or identify a certain attribute of the
service flow, through which the forwarding policy can be applied,
and so on.
Although various extension headers have been defined in [RFC8200],
information can be carried through these different types of
extension headers. However, based on the current actual situation,
there are some defects in carrying information through the extension
header, such as
o Low bandwidth utilization
Taking SRv6 TE as an example, user traffic is encapsulated with SRH
and IPv6 headers on the headend node, and the newly added
encapsulation itself occupies part of the bandwidth. If flow
information is carried through other extension headers such as DOH
or HBH, the bandwidth utilization rate will further decrease,
especially for small packets.
o Highly difficult to implement
According to the definition of [RFC8200], the DOH and HBH option
extension headers are suitable for carrying information. If the DOH
Cheng, et al. Expires March 3, 2025 [Page 4]
Internet-Draft Source IPv6 Address Programmability September 2024
is placed before the SRH, each endpoint node can read the content of
the DOH; if it is placed after the SRH, only the destination node
can read the content of the DOH.
If it is required that the forwarding nodes along the way can read
the flow information, the information can only be carried through
HBH. However, due to historical reasons, current mainstream network
devices generally support HBH only limitedly. Although currently
IETF has some discussions and related documents on HBH, such as [I-
D.ietf-6man-hbh-processing], it is still difficult for routers to
support HBH
In this realistic situation, it is hoped that the information along
with the flow can be carried without increasing the length of the
packet, and the intermediate router can realize the function
relatively easily. IPv6 source address has become an unavoidable
choice.
IPv6 addresses have a relatively large 128-bit space. SRv6 uses this
feature to define segments with various behaviors, most of which can
be used as IPv6 destination addresses. When the IPv6 destination
address of a packet is a segment instantiated locally, the Endpoint
processes the packet according to the definition of the segment. The
transit node only uses the destination address for basic IPv6
forwarding. [I-D.ietf-6man-sids] also explains this situation.
This document discusses the need for IPv6 source address
programmability. It is hoped that as the source address of the IPv6
header, it can be used to identify the source node of the tunnel
encapsulation, and at the same time, it can also carry related
information of the flow.
The intermediate nodes of the forwarding path, not limited to the
endpoint, can obtain the necessary information from the source
address, and guide the forwarding and processing of the flow
together with the destination address
Address structures for programmable source addresses are outside the
scope of this document
4. Scenarios of IPv6 source address programmability
This section lists some scenarios where flow information needs to be
carried with the packet.
o Scenario of network slicing
Cheng, et al. Expires March 3, 2025 [Page 5]
Internet-Draft Source IPv6 Address Programmability September 2024
Network slicing provides the ability to partition a physical network
into multiple isolated logical networks of varying sizes,
structures, and functions so that each slice can be dedicated to
specific services or customers. [I-D.ietf-teas-ietf-network-slices]
defines the term "IETF Network Slice" and establishes the general
principles of network slicing in the IETF context.
Packets belong to a network slice need to be forwarded using the
specific network resources. [I-D.ietf-teas-ietf-network-slices]
defines the network resource mapped to the network slice as NRP,
that is, the Network Resource Partition, and defines the nrp-id to
identify the NRP used in the forwarding process.
In a network that provides slicing services, the NRP-ID can be
carried in the packet. In the process of packet forwarding, the
routers on the forwarding path can extract NRP-ID from the packet,
determine the NRP to which the packet belongs, and then forward the
packet using the resources associated with the NRP.
There are still various discussions on how to carry NRP-ID. For
example, [I-D.ietf-6man-enhanced-vpn-vtn-id] defines options for
carrying NRP-ID through IPv6 extension headers. [I-D.liu-spring-nrp-
id-in-srv6-segment] proposes to carry the NRP-ID through the arg
field of the segment. [I-D.cheng-spring-srv6-encoding-network-
sliceid] proposed to carry NRP-ID through source address.
Therefore, for network slicing, carrying the NRP-ID through the
source address is a direction that can be considered.
o Scenario of APN
[I-D.li-apn-problem-statement-usecases] analyzes the existing
problems caused by lack of application awareness, and outlines
various use cases that could benefit from Application-aware
Networking (APN) architecture.
[I-D.li-apn-ipv6-encap] defines the option to carry the APN
attribute in the IPv6 data plane, which can be applied to DOH, HBH
option extension header, and TLV of SRH.
Of course, APN attributes can be very rich, but if the APN attribute
can be abstracted into a digital APN ID, which can represent the
application to which a flow belongs, the intermediate node of the
forwarding path can apply related policies based on this APN ID.
Then this APN-ID can also be carried by the source IPv6 address.
o Scenario of MVPN
Cheng, et al. Expires March 3, 2025 [Page 6]
Internet-Draft Source IPv6 Address Programmability September 2024
The provider offer VPN service, and after the user traffic reaches
the egress router, it needs to know which VPN the user traffic
belongs to. How to identify which VPN the user traffic belongs to,
unicast and multicast behave differently.
Still taking the IPv6 data plane as an example, SRv6 is used to
provide unicast L3VPN services. When the user traffic reaches the
egress router, its destination address is usually the segment of the
End.DT4/End.DT6/End.DT46[RFC8986] type of the egress router. These
segments are created on the egress router and associated with the
local VPN. The egress router continues to forward the decapsulated
user traffic within the VPN associated with the segment.
For multicast VPN, encapsulated user traffic is sent to multiple
egress routers at the same time through multicast forwarding, so the
segment of the egress router cannot be used like unicast VPN
service.
Therefore, multicast VPN is also a potential scenario where IPv6
source addresses can be programmed.
5. IANA Considerations
This document has no IANA actions.
6. Security Considerations
TBD
7. References
7.1. Normative References
[I-D.ietf-6man-hbh-processing] Hinden, R. M. and G. Fairhurst, "IPv6
Hop-by-Hop Options Processing Procedures", Work in
Progress, Internet-Draft, draft-ietf-6man-hbh-processing-
05, 23 February 2023.
[I-D.ietf-6man-sids] Krishnan. S, "Segment Identifiers in SRv6",
Work in Progress, Internet-Draft, draft-ietf-6man-sids-02,
11 October 2022.
Cheng, et al. Expires March 3, 2025 [Page 7]
Internet-Draft Source IPv6 Address Programmability September 2024
[I-D.ietf-teas-ietf-network-slices] Farrel, A., Gray, E., Drake, J.,
Rokui, R., Homma, S., Makhijani, K., Contreras, L., and J.
Tantsura, "Framework for IETF Network Slices", draft-ietf-
teas-ietf-network-slices-19 (work in progress), January
2023.
[I-D.li-apn-problem-statement-usecases] Li, Z., Peng, S., Voyer, D.,
Xie, C., Liu, P., Qin, Z., and Mishra, G., " Problem
Statement and Use Cases of Application-aware Networking
(APN) ", draft-li-apn-problem-statement-usecases-07 (work
in progress), April 2023.
[I-D.li-apn-ipv6-encap] Li, Z., Peng, S., and Xie, C., "
Application-aware IPv6 Networking (APN6) Encapsulation ",
draft-li-apn-ipv6-encap-06 (work in progress), December
2022.
[I-D.ietf-6man-enhanced-vpn-vtn-id] Dong, J., Li, Z., Xie, C., Ma,
C., and G. Mishra, "Carrying Virtual Transport Network
(VTN) Identifier in IPv6 Extension Header", Work in
Progress, Internet-Draft, draft-ietf-6man-enhanced-vpn-
vtn-id-02, April 2023.
[I-D.liu-spring-nrp-id-in-srv6-segment] Liu, Y., Lin, C., Li, H.,
and Gong, L., "NRP ID in SRv6 segment", draft-liu-spring-
nrp-id-in-srv6-segment-01 (Work in Progress), April 2023.
[I-D.cheng-spring-srv6-encoding-network-sliceid] Cheng, W., Lin, C.,
Gong, L., Zadok, S., and X. Wang, "Encoding Network
SliceIdentification for SRv6", Work in Progress, Internet-
Draft, draft-cheng-spring-srv6-encoding-network-sliceid-
05, April 2023.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Cheng, et al. Expires March 3, 2025 [Page 8]
Internet-Draft Source IPv6 Address Programmability September 2024
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, DOI
10.17487/RFC8200, July 2017, <https://www.rfc-
editor.org/info/rfc8200>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy,
J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing
Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
(SRv6) Network Programming", RFC 8986, DOI
0.17487/RFC8986, February 2021, <https://www.rfc-
editor.org/info/rfc8986>.
Contributors
Cheng, et al. Expires March 3, 2025 [Page 9]
Internet-Draft Source IPv6 Address Programmability September 2024
Authors' Addresses
Weiqiang Cheng
China Mobile
Beijing
China
Email: chengweiqiang@chinamobile.com
Liyan Gong
China Mobile
Beijing
China
Email: gongliyan@chinamobile.com
Changwang Lin
New H3C Technologies
Beijing
China
Email: linchangwang.04414@h3c.com
Hao Li
New H3C Technologies
Beijing
China
Email: lihao@h3c.com
Cheng, et al. Expires March 3, 2025 [Page 10]