rtgwg Working Group                                            W. Cheng
Internet-Draft                                                  W.Jiang
Intended status: Standards Track                           China Mobile
Expires: May 22, 2025                                            C. Lin
                                                   New H3C Technologies
                                                                  Z. Hu
                                                    Huawei Technologies
                                                                 Y. Qiu
                                                   New H3C Technologies
                                                       November 8, 2024



              SRv6 Egress Protection in Multi-homed scenario
           draft-cheng-rtgwg-srv6-multihome-egress-protection-07


Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on May 22, 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents



Cheng, et al.         Expires May, 2024                     [Page 1]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This document describes a SRv6 egress node protection mechanism in
   multi-homed scenarios.

Table of Contents


   1. Introduction...................................................3
   2. Terminology....................................................3
   3. Multi-homed SRv6 Egress Protection Mechanism...................3
      3.1. Procedure on the Ingress Endpoint.........................4
      3.2. Procedure on the Egress Endpoint..........................5
      3.3. Procedure on the Penultimate Endpoint.....................6
   4. Multi-homed SRv6 Egress Protection Example.....................8
   5. IANA Considerations............................................9
   6. Security Considerations.......................................10
   7. References....................................................10
      7.1. Normative References.....................................10
      7.2. Informative References...................................12
   8. Acknowledgments...............................................12
   Authors' Addresses...............................................12





















Cheng, et al.         Expires May, 2024                      [Page 2]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   1. Introduction

   The fast protection of a transit node of a Segment Routing (SR) path
   or tunnel is described in [I-D.ietf-rtgwg-segment-routing-ti-lfa]
   and [I-D.hu-spring-segment-routing-proxy-forwarding]. [RFC8400]
   specifies the fast protection of egress node(s) of an MPLS TE LSP
   tunnel including P2P TE LSP tunnel and P2MP TE LSP tunnel in
   details. However, these documents do not discuss the fast protection
   of the egress node of a Segment Routing for IPv6 (SRv6) path or
   tunnel.

   [I-D.ietf-rtgwg-srv6-egress-protection] proposes mirror protection
   mechanism and presents protocol extensions for the fast protection
   of the egress node of a SRv6 path or tunnel. However, the mechanism
   provided in this document is relatively complex. It is necessary to
   configure the Mirror SID for the protected egress node on the backup
   egress node. The mirror relationship needs to be distributed through
   IGP and BGP protocols to automatically create mapping entries.

   This document introduces a simplified protection mechanism of the
   egress node of a SRv6 path. Only expanding the data plane can
   perform fast path switching in case of egress node failure.

   2. Terminology

   The following terminologies are used in this document.

   SR: Segment Routing

   SRv6: SR for IPv6

   SRH: Segment Routing Header

   SID: Segment Identifier

   CE: Customer Edge

   PE: Provider Edge

   VPN: Virtual Private Network

   PSD: Penultimate Segment Decapsulation

   3. Multi-homed SRv6 Egress Protection Mechanism

   This section describes the mechanism of SRv6 path egress protection
   in multi-homed scenarios and the extension of SRH extension header.


Cheng, et al.         Expires May, 2024                      [Page 3]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   Figure 1 is used to explain the multi-homed egress node protection
   mechanism.

                                      Locator: A3:1::/64
                                      VPN SID: A3:1::B100
                +---+ *** +---+ *** +---+ *** +---+   +---+
                |PE1|-----| P1|-----| P2|-----|PE3|---|CE2|
                +---+     +---+     +---+     +---+   +---+
                / |         |         |         | \   /
          +---+/  |         |         |         |  \ /
          |CE1|   |         |         |         |   X
          +---+\  |         |         |         |  / \
                \ |         |         |         | /   \
                +---+     +---+     +---+     +---+   +---+
                |PE2|-----| P3|-----| P4|-----|PE4|---|CE3|
                +---+     +---+     +---+     +---+   +---+
                                      Locator: A4:1::/64
                                      VPN SID: A4:1::B100
            PE3 Egress
            PE4 Backup Egress
            CEx Customer Edge
            Px  Non-Provider Edge
            *** SR Path
                                 Figure 1

   3.1. Procedure on the Ingress Endpoint

   In the CE multi-homed or double-homed scenario, the ingress node
   learns the multi-homed or double-homed route of CE through the
   routing protocol, and then determines the optimal path and
   suboptimal path according to the routing optimization strategy. The
   egress node on the optimal path acts as the primary egress, and the
   SID of the primary egress node is used as the primary SID. The
   egress node on the suboptimal path acts as the backup egress, and
   the SID of the backup egress node is used as the backup SID.

   On the path forwarded based on SRv6 TE policy, when the ingress node
   encapsulates the SRH extension header, judge whether the primary VPN
   SID of the egress node (PE1) has a backup SID. If yes, insert the
   backup SID into the position of Segment List[0]. The format of SRH
   extension header filling is shown in the following Figure 2.








Cheng, et al.         Expires May, 2024                      [Page 4]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


            0                   1                   2                   3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        | Next Header   |  Hdr Ext Len  | Routing Type  |    SL = n     |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        | Last Entry=n  |       Flags   |              Tag              |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                                                               |
        |      Backup SID (Segment List[0],128 bits IPv6 value)         |
        |                                                               |
        |                                                               |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                                                               |
        |      Primary SID (Segment List[1], 128 bits IPv6 address)    |
        |                                                               |
        |                                                               |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        //                            ...                              //
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                                                               |
        |          Segment List[n] (128 bits IPv6 address)              |
        |                                                               |
        |                                                               |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        //         Optional Type Length Value objects (variable)       //
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                 Figure 2

   3.2. Procedure on the Egress Endpoint

   Normally, the traffic is forwarded along the path P1->P2->PE3->CE2.
   When the primary egress node PE3 receives a packet whose IPv6 DA is
   a local SID, PE3 removes the outer packet header with all its
   extension headers and submits the packet to the egress FIB lookup
   for transmission to the new destination. However, because Segment

Cheng, et al.         Expires May, 2024                      [Page 5]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   List[0] carries the backup SID, the SID of the primary egress node
   PE3 is encapsulated in the position of the penultimate SID.
   Therefore, according to [RFC8986], PE3 will not perform SRv6
   decapsulation.

   In order to indicate the primary egress node with SID located in the
   penultimate position of the SRH Segment List array to decapsulate,
   this document define PSD(Penultimate Segment Decapsulation) Flavor.

   SR Segment Endpoint nodes receive the IPv6 packet with the
   Destination Address field of the IPv6 header equal to its SID
   address.

   When a node (PE3 in Figure 1) receives a packet whose IPv6 DA is a
   SID with PSD Flavor located in the penultimate position of the SRH
   Segment List array and that SID is a local SID, it indicates to
   remove the outer encapsulation of the packet, and forward the packet
   according to the exposed packet.

   PSD Flavor can apply to End.DT4, End.DT6, End.DT46, End.DX4,
   End.DX6, End.DX2, End.DX2V and End.DX2M. The SIDs can be advertised
   via routing protocol.

   The SRH processing of the End.DT4, End.DT6, End.DT46, End.DX4,
   End.DX6, End.DX2, End.DX2V and End.DX2M behaviors defined in
   [RFC8986] are modified; the instructions S02 are substituted by the
   following one:

   S02.     If ((Segments Left != 0) && (Segments Left != 1)) {


   Due to the above pseudocode modification, the PSD operation only
   takes place at the egress node and does not happen at any transit
   node. When a SID of PSD flavor is processed at a transit node, the
   PSD behavior is not performed since Segments Left would not be 1 or
   0.

   Normally, the traffic is forwarded along the path P1->P2->PE3->CE2.
   When PE3 receives a packet whose IPv6 DA is S and S is a local PSD-
   flavored SID, PE3 removes the outer packet header with all its
   extension headers and submits the packet to the egress FIB lookup
   for transmission to the new destination.

   3.3. Procedure on the Penultimate Endpoint

   After receiving the packet, if any of the following cases is met,
   the penultimate endpoint acting as the repair node can provide fast


Cheng, et al.         Expires May, 2024                      [Page 6]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   protection against the failure of the egress node by IGP fast
   convergence or BFD detection.

    * Case 1: When the destination address of the received packet is the
      local END.X SID, the outgoing interface is down. Update the IPv6
      DA with SRH[SL] and the SL is reduced.

    * Case 2: When the destination address of the received packet is the
      local END SID, the FIB is looked up for the updated DA with
      Segment List[SL] and the SL is reduced.

   IF the primary outbound interface used to forward the packet failed
   or there is no FIB entry for forwarding the packet, the detailed
   processing to be performed by the penultimate node is as follows:

         IF SL = 1 THEN
            SL decreases by 1 and becomes 0;
            Update the IPv6 DA with Segment List[0];
            FIB lookup on the updated DA;
            Forward the packet according to the matched entry;

   When primary egress node (PE3) fails, the Penultimate Endpoint (P2)
   finds out that the PE3's SID is unreachable. For example, P2 quickly
   detects that the route to PE3 is unreachable through IGP convergence
   or BFD detection. Then, P2 sequentially looks up the Segment List
   after the current unreachable SID and finds the first reachable
   downstream nodes. The specific operations are as follows:

   P2 decreases SL by 1 and then modifies the destination address of
   the packet to Segment List[SL]. Because Segment List[0] is the
   backup SID, if the backup egress node (PE4) is reachable, P2 sends
   the modified packet to PE4. In this way, P2 provides fast protection
   for the egress failure and greatly shortens the cut-off time.

   When the packet arrives at PE4, PE4 removes the outer IPv6 header,
   and forwards the original packet.

   After the route convergence is completed, the ingress node (PE1)
   will reselect the forwarding path for the traffic to VPN, and switch
   the path (P1->P3->P4->PE4->CE2) to the CE to the egress node (PE4).
   After that, P2 no longer needs to forward the packet with the
   destination address of PE3's PSD-flavored SID.

   About penultimate node, it could be several hops away to egress
   node, according to [RFC8986], the transit node cannot process SRH.
   If there are transit node(s) between the penultimate endpoint node
   and the primary egress node, the multi-homed SRv6 egress protection
   mechanism does not take effect on the transit node. The multi-homed

Cheng, et al.         Expires May, 2024                      [Page 7]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   egress protection is only performed at the penultimate endpoint
   node.

   4. Multi-homed SRv6 Egress Protection Example

   Figure 3 shows an example of protecting egress PE3 of a SRv6 TE
   path, which is from ingress PE1 to egress PE3.

               A0:1::1   A1:1::1   A2:1::A100  A3:1::B100
                +---+ *** +---+ **** +---+ **** +---+   +---+
                |PE1|-----| P1|------| P2|------|PE3|---|CE2|
                +---+     +---+      +---+      +---+   +---+
                / |        |          |&          | \   /
          +---+/  |        |          |&          |  \ /
          |CE1|   |        |          |&          |   X
          +---+\  |        |          |&          |  / \
                \ |        |          |&          | /   \
                +---+     +---+      +---+ &&&& +---+   +---+
                |PE2|-----| P3|------| P4|------|PE4|---|CE3|
                +---+     +---+      +---+      +---+   +---+
                                               A4:1::B100
                PE3 Egress
                PE4 Backup Egress
                CEx Customer Edge
                Px  Non-Provider Edge
                *** SR Path
                &&& backup Path
                                 Figure 3

   In this document, a SID list is represented as <S1, S2, S3> where S1
   is the first SID to visit, S2 is the second SID to visit and S3 is
   the last SID to visit along the SRv6 path.

   In Figure 3, Both CE2 and CE3 are dual homed to PE3 and PE4. PE1 has
   a locator A0:1::/64. P1 has a locator A1:1::/64. P2 has a locator
   A2:1::/64 and END.X SID A2:1::A100. PE3 has a locator A3:1::/64 and
   a VPN SID A3:1::B100 with PSD-flavored behavior. PE4 has a locator
   A4:1::/64 and VPN SID A4:1::B100. The traffic from CE1 to CE2 is
   forwarded along the path PE1->P1->P2->PE3.

   After the configuration, according to the BGP route selection
   principle, the ingress PE node selects the preferred route as the
   primary node and the second-best route as the backup node. PE1
   determines that PE3 is the primary egress node and PE4 is the backup
   egress node. PE3's backup SID is PE4's VPN SID.

   After multi-homed egress protection is enabled, when PE1 receives
   the packet from CE1 to CE2, PE1 encapsulates the packet with IPv6

Cheng, et al.         Expires May, 2024                      [Page 8]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   header. The segment list in SRH is designed as < A1:1::1,
   A2:1::A100, A3:1::B100, A4:1::B100>. The SL is set to 3.

   In normal operations, When P2 receives a packet destined to END.X
   SID A2:1::A100, it decreases SL by 1 and forwards the packet with
   source A0:1::1 and destination PE3's VPN SID A3:1::B100 from the
   link between P2 and PE3 according to END.X SID. The SL of the packet
   sent to PE3 is 1. When the packet arrives at PE3, the destination
   address A3:1::B100 matches PE3's PSD-flavored SID. PE3 as the
   penultimate endpoint performs decapsulation and forwarding
   processing. The specific operations of PE3 are as follows:

   1) Remove the outer packet header and all its extension headers.

   2) Look up the FIB table according to the destination address of the
      original packet.

   3) Send the packet to CE2 according to the FIB entry.

   After PE3 fails, P2 detects PE3 failure through IGP fast convergence
   or BFD detection. When P2 receives the packet to be sent to PE3's
   VPN SID A3:1::B100, after decreasing SL P2 finds that the outgoing
   interface is down or the route to PE3 is unreachable. P2 continues
   to decrease SL by 1 and obtains the next reachable SID of PE4's SID
   from the segment list. The SL changes to 0. P2 changes the
   destination address of the packet with the backup SID of Segment
   List[0] and sends the modified packet to A4:1::B100.

   When PE4 receives the modified packet, it decapsulates the packet
   and forwards the decapsulated packet by executing END.DT6 behavior
   for an END.DT6 SID instance.

   5. IANA Considerations

   This document requests IANA to allocate the following codepoints for
   PSD flavor behaviors within the "SRv6 Endpoint Behaviors" registry
   in the "Segment Routing registry group.











Cheng, et al.         Expires May, 2024                      [Page 9]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   +-------+--------+----------------------------+-----------+
   | Value |  Hex   |     Endpoint behavior      | Reference |
   +-------+--------+----------------------------+-----------+
   | 140   | 0x008C |      End.DX6 with PSD      | [This.ID] |
   | 141   | 0x008D |      End.DX4 with PSD      | [This.ID] |
   | 142   | 0x008E |      End.DT6 with PSD      | [This.ID] |
   | 143   | 0x008F |      End.DT4 with PSD      | [This.ID] |
   | 144   | 0x0090 |      End.DT46 with PSD     | [This.ID] |
   | 145   | 0x0091 |      End.DX2 with PSD      | [This.ID] |
   | 146   | 0x0092 |      End.DX2V with PSD     | [This.ID] |
   | 147   | 0x0093 |      End.DT2U with PSD     | [This.ID] |
   | 148   | 0x0094 |      End.DT2M with PSD     | [This.ID] |
   +-------+--------+----------------------------+-----------+
                Table 1: IETF - SRv6 Endpoint Behaviors

   6. Security Considerations

   [RFC8754] defines the notion of an SR domain and use of SRH within
   the SR domain. The use of egress protection mechanism described in
   this document is restricted to an SR domain. Procedures for securing
   an SR domain are defined the section 5.1 and section 7 of [RFC8754].

   This document does not impose any additional security challenges to
   be considered beyond security threats described in [RFC8754],
   [RFC8679] and [RFC8986].

   7. References

   7.1. Normative References

   [I-D.ietf-rtgwg-segment-routing-ti-lfa] Litkowski, S., Bashandy, A.,
             Filsfils, C., Francois, P., Decraene, B., and D. Voyer,
             "Topology Independent Fast Reroute using Segment Routing",
             Work in Progress, Internet-Draft, draft-ietf-rtgwg-
             segment-routing-ti-lfa-11, 30 June 2023,
             <https://www.ietf.org/archive/id/draft-ietf-rtgwg-segment-
             routing-ti-lfa-11.txt>.

   [I-D.hu-spring-segment-routing-proxy-forwarding] Hu, Z., Chen, H.,
             Yao, J., Bowers, C., Yongqing, and Yisong, "SR-TE Path
             Midpoint Restoration", Work in Progress, Internet-Draft,
             draft-hu-spring-segment-routing-proxy-forwarding-24, 21
             August 2023, <https://www.ietf.org/archive/id/draft-hu-
             spring-segment-routing-proxy-forwarding-24.txt>.





Cheng, et al.         Expires May, 2024                     [Page 10]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   [I-D.ietf-rtgwg-srv6-egress-protection] Hu, Z., Chen, H., Chen, H.,
             Wu, P., Toy, M., Cao, C., He  T., Liu, L., Liu, X., "SRv6
             Path Egress Protection", Work in Progress, Internet-Draft,
             draft-ietf-rtgwg-srv6-egress-protection-14, 29 August
             2023, https://www.ietf.org/archive/id/draft-ietf-rtgwg-
             srv6-egress-protection-14.txt>

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, DOI
             10.17487/RFC2119, March 1997, <https://www.rfc-
             editor.org/info/rfc2119>.

   [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
             2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
             May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8400] Chen, H., Liu, A., Saad, T., Xu, F., and L. Huang,
             "Extensions to RSVP-TE for Label Switched Path (LSP)
             Egress Protection", RFC 8400, DOI 10.17487/RFC8400, June
             2018, <https://www.rfc-editor.org/info/rfc8400>.

   [RFC8679] Shen, Y., Jeganathan, M., Decraene, B., Gredler, H.,
             Michel, C., and H. Chen, "MPLS Egress Protection
             Framework", RFC 8679, DOI 10.17487/RFC8679, December 2019,
             <https://www.rfc-editor.org/info/rfc8679>.

   [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
             Matsushima, S., and D. Voyer, "IPv6 Segment Routing
             Header(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
             <https://www.rfc-editor.org/info/rfc8754>.

   [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
             D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
             (SRv6) Network Programming", RFC 8986, DOI
             10.17487/RFC8986, February 2021, <https://www.rfc-
             editor.org/info/rfc8986>.












Cheng, et al.         Expires May, 2024                     [Page 11]


Internet-Draft   Multi-homed SRv6 Egress Protection     November 2024


   7.2. Informative References

   TBD

   8. Acknowledgments

   The authors would like to thank the following for their valuable
   contributions of this document:

   Yisong Liu
   China Mobile

Authors' Addresses

   Weiqiang Cheng
   China Mobile

   Email: chengweiqiang@chinamobile.com

   Wenying Jiang
   China Mobile

   Email: jiangwenying@chinamobile.com

   Changwang Lin
   New H3C Technologies

   Email: linchangwang.04414@h3c.com

   Zhibo Hu
   Huawei Technologies

   Email: huzhibo@huawei.com

   Yuanxiang Qiu
   New H3C Technologies

   Email: qiuyuanxiang@h3c.com










Cheng, et al.         Expires May, 2024                     [Page 12]