IDR S. Previdi, Ed.
Internet-Draft C. Filsfils
Intended status: Standards Track A. Lindem, Ed.
Expires: November 30, 2018 Cisco Systems
A. Sreekantiah
H. Gredler
RtBrick Inc.
May 29, 2018
Segment Routing Prefix SID extensions for BGP
draft-ietf-idr-bgp-prefix-sid-21
Abstract
The Segment Routing (SR) architecture allows a node to steer a packet
flow through any topological path and service chain by leveraging
source routing. The ingress node prepends an SR header to a packet
containing a set of segment identifiers (SID). Each SID represents a
topological or a service-based instruction. Per-flow state is
maintained only on the ingress node of the SR domain. An SR domain
is defined as a single administrative domain for global SID
assignment.
This document defines an optional, transitive BGP attribute for
announcing BGP Prefix Segment Identifiers (BGP Prefix-SID)
information.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Previdi, et al. Expires November 30, 2018 [Page 1]
Internet-Draft May 2018
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 30, 2018.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. BGP-Prefix-SID . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. MPLS BGP Prefix SID . . . . . . . . . . . . . . . . . . . 4
3. BGP Prefix-SID Attribute . . . . . . . . . . . . . . . . . . 5
3.1. Label-Index TLV . . . . . . . . . . . . . . . . . . . . . 6
3.2. Originator SRGB TLV . . . . . . . . . . . . . . . . . . . 7
4. Receiving BGP Prefix-SID Attribute . . . . . . . . . . . . . 8
4.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 8
5. Advertising BGP Prefix-SID Attribute . . . . . . . . . . . . 10
5.1. MPLS Dataplane: Labeled Unicast . . . . . . . . . . . . . 10
6. Error Handling of BGP Prefix-SID Attribute . . . . . . . . . 11
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Manageability Considerations . . . . . . . . . . . . . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 13
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
12.1. Normative References . . . . . . . . . . . . . . . . . . 14
12.2. Informative References . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
Previdi, et al. Expires November 30, 2018 [Page 2]
Internet-Draft May 2018
1. Introduction
The Segment Routing (SR) architecture leverages the source routing
paradigm. A group of inter-connected nodes that use SR forms an SR
domain. A segment represents either a topological instruction such
as "go to prefix P following shortest path" or a service instruction.
Other types of segments may be defined in the future.
A segment is identified through a Segment Identifier (SID). An SR
domain is defined as a single administrative domain for global SID
assignment. It may be comprised of a single AS or multiple ASes
under consolidated global SID administration. Typically, the ingress
node of the SR domain prepends an SR header containing segments
identifiers (SIDs) to an incoming packet.
As described in [I-D.ietf-spring-segment-routing], when SR is applied
to the MPLS dataplane ([I-D.ietf-spring-segment-routing-mpls]), the
SID consists of a label.
[I-D.ietf-spring-segment-routing] also describes how segment routing
can be applied to an IPv6 dataplane (SRv6) using an IPv6 routing
header containing a stack of SR SIDs encoded as IPv6 addresses
[I-D.ietf-6man-segment-routing-header]. The applicability and
support for Segment Routing over IPv6 is beyond the scope of this
document.
A BGP-Prefix Segment (and its BGP Prefix-SID) is a BGP segment
attached to a BGP prefix. A BGP Prefix-SID is always a global SID
([I-D.ietf-spring-segment-routing]) within the SR/BGP domain (i.e.,
the set of Autonomous Systems under a common administration and
control and where SR is used) and identifies an instruction to
forward the packet over the ECMP-aware best-path computed by BGP to
the related prefix. The BGP Prefix-SID is the identifier of the BGP
prefix segment. In this document, we always refer to the BGP segment
by the BGP Prefix-SID.
This document describes the BGP extension to signal the BGP Prefix-
SID. Specifically, this document defines a BGP attribute known as
the BGP Prefix-SID attribute and specifies the rules to originate,
receive, and handle error conditions for the attribute.
The BGP Prefix-SID attribute defined in this document can be attached
to prefixes from Multiprotocol BGP labeled IPv4/IPv6 Unicast
([RFC4760], [RFC8277]). Address Family Identifier (AFI)/ Subsequent
Address Family Identifier (SAFI) combinations.
Usage of the BGP Prefix-SID attribute for other AFI/SAFI combinations
is not defined herein but may be specified in future specifications.
Previdi, et al. Expires November 30, 2018 [Page 3]
Internet-Draft May 2018
[I-D.ietf-spring-segment-routing-msdc] describes example use cases
where the BGP Prefix-SID is used for the above AFI/SAFI combinations.
It should be noted that:
o A BGP Prefix-SID MAY be global between domains when the
interconnected domains agree on the SID allocation scheme.
Alternatively, when interconnecting domains, the ASBRs of each
domain will have to handle the advertisement of unique SIDs. The
mechanisms for such interconnection are outside the scope of the
protocol extensions defined in this document.
o A BGP Prefix-SID MAY be attached to a prefix. In addition, each
prefix will likely have a different AS_PATH attribute. This
implies that each prefix is advertised individually, reducing the
ability to pack BGP advertisements (when sharing common
attributes).
2. BGP-Prefix-SID
The BGP Prefix-SID advertised for BGP prefix P indicates that the
segment routed path should be used (as described below) if the BGP
best path selects the corresponding Network Layer Reachability
Information (NLRI).
2.1. MPLS BGP Prefix SID
The BGP Prefix-SID is realized on the MPLS dataplane
([I-D.ietf-spring-segment-routing-mpls]) in the following way:
The operator assigns a globally unique label index, L_I, to a
locally sourced prefix of a BGP speaker N which is advertised to
all other BGP speakers in the SR domain.
According to [I-D.ietf-spring-segment-routing], each BGP speaker
is configured with a label block called the Segment Routing Global
Block (SRGB). While [I-D.ietf-spring-segment-routing] recommends
using the same SRGB across all the nodes within the SR domain, the
SRGB of a node is a local property and could be different on
different speakers. The drawbacks of the use case where BGP
speakers have different SRGBs are documented in
[I-D.ietf-spring-segment-routing] and
[I-D.ietf-spring-segment-routing-msdc].
If traffic-engineering within the SR domain is required, each node
may also be required to advertise topological information and
Peering SIDs for each of its links and peers. This information is
required to perform the explicit path computation and to express
Previdi, et al. Expires November 30, 2018 [Page 4]
Internet-Draft May 2018
an explicit path as a list of SIDs. The advertisement of
topological information and peer segments (Peer SIDs) is done
through [I-D.ietf-idr-bgpls-segment-routing-epe].
If the BGP speakers are not all configured with the same SRGB, and
if traffic-engineering within the SR domain is required, each node
may be required to advertise its local SRGB in addition to the
topological information.
This document assumes that BGP-LS is the preferred method for
collecting both peer segments (Peer SIDs) and SRGB information
through [RFC7752], [I-D.ietf-idr-bgpls-segment-routing-epe], and
[I-D.ietf-idr-bgp-ls-segment-routing-ext]. However, as an
optional alternative for the advertisement of the local SRGB
without the topology nor the peer SIDs, hence without
applicability for TE, the Originator SRGB TLV of the prefix-SID
attribute is specified in Section 3.2 of this document.
As defined in [I-D.ietf-spring-segment-routing], the label index
L_I is an offset into the SRGB. Each BGP speaker derives its
local MPLS label, L, by adding L_I to the start value of its own
SRGB, and programs L in its MPLS dataplane as its incoming/local
label for the prefix. It should be noted that while SRGBs and
SIDs are advertised using 32-bit values, the derived label is
advertised in the 20 right-most bits. See Section 4.1 for more
details.
The outgoing label for the prefix is found in the NLRI of the
Multiprotocol BGP labeled IPv4/IPv6 Unicast prefix advertisement
as defined in [RFC8277]. The label index L_I is only used as a
hint to derive the local/incoming label.
Section 3.1 of this document specifies the Label-Index TLV of the
BGP Prefix-SID attribute; this TLV can be used to advertise the
label index for a given prefix.
In order to advertise the label index of a given prefix P and,
optionally, the SRGB, an extension to BGP is needed: the BGP Prefix-
SID attribute. This extension is described in subsequent sections.
3. BGP Prefix-SID Attribute
The BGP Prefix-SID attribute is an optional, transitive BGP path
attribute. The attribute type code 40 has been assigned by IANA (see
Section 7).
The BGP Prefix-SID attribute is defined here to be a set of elements
encoded as "Type/Length/Value" tuples (i.e., a set of TLVs). All BGP
Previdi, et al. Expires November 30, 2018 [Page 5]
Internet-Draft May 2018
Prefix-SID attribute TLVs will start with a 1-octet type and a
2-octet length. The following TLVs are defined in this document:
o Label-Index TLV
o Originator SRGB TLV
The Label-Index and Originator SRGB TLVs are used only when SR is
applied to the MPLS dataplane.
For future extensibility, unknown TLVs MUST be ignored and propagated
unmodified.
3.1. Label-Index TLV
The Label-Index TLV MUST be present in the BGP Prefix-SID attribute
attached to Labeled IPv4/IPv6 unicast prefixes ([RFC8277]). It MUST
be ignored when received for other BGP AFI/SAFI combinations. The
Label-Index TLV has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Label Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where:
o Type is 1.
o Length: is 7, the total length in octets of the value portion of
the TLV.
o RESERVED: 8-bit field. MUST be clear on transmission and MUST be
ignored on reception.
o Flags: 16 bits of flags. None are defined by this document. The
flag field MUST be clear on transmission and MUST be ignored on
reception.
o Label Index: 32-bit value representing the index value in the SRGB
space.
Previdi, et al. Expires November 30, 2018 [Page 6]
Internet-Draft May 2018
3.2. Originator SRGB TLV
The Originator SRGB TLV is an optional TLV and has the following
format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags |
+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SRGB 1 (6 octets) |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SRGB n (6 octets) |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where:
o Type is 3.
o Length is the total length in octets of the value portion of the
TLV: 2 + (multiple of 6).
o Flags: 16 bits of flags. None are defined in this document.
Flags MUST be clear on transmission and MUST be ignored on
reception.
o SRGB: 3 octets of base followed by 3 octets of range. Note that
the SRGB field MAY appear multiple times. If the SRGB field
appears multiple times, the SRGB consists of multiple ranges that
are concatenated.
The Originator SRGB TLV contains the SRGB of the node originating the
prefix to which the BGP Prefix-SID is attached. The Originator SRGB
TLV MUST NOT be changed during the propagation of the BGP update.
The originator SRGB describes the SRGB of the node where the BGP
Prefix SID is attached. It is used to build segment routing policies
Previdi, et al. Expires November 30, 2018 [Page 7]
Internet-Draft May 2018
when different SRGBs are used in the fabric, for example
([I-D.ietf-spring-segment-routing-msdc]).
The receiving routers concatenate the ranges and build the Segment
Routing Global Block (SRGB) as follows:
SRGB = [100, 199]
[1000, 1099]
[500, 599]
The indexes span multiple ranges:
index=0 means label 100
...
index 99 means label 199
index 100 means label 1000
index 199 means label 1099
...
index 200 means label 500
...
The originator SRGB may only appear in a BGP Prefix-SID attribute
attached to Labeled IPv4/IPv6 unicast prefixes ([RFC8277]). It MUST
be ignored when received for other BGP AFI/SAFI combinations. Since
the Label-Index TLV is required for IPv4/IPv6 prefix applicability,
the originator SRGB will be ignored if it is not specified consistent
with Section 6.
4. Receiving BGP Prefix-SID Attribute
A BGP speaker receiving a BGP Prefix-SID attribute from an EBGP
neighbor residing outside the boundaries of the SR domain MUST
discard the attribute unless it is configured to accept the attribute
from the EBGP neighbor. A BGP speaker SHOULD log an error for
further analysis when discarding an attribute.
4.1. MPLS Dataplane: Labeled Unicast
A BGP session supporting the Multiprotocol BGP labeled IPv4 or IPv6
Unicast ([RFC8277]) AFI/SAFI is required.
The BGP Prefix-SID attribute MUST contain the Label-Index TLV and MAY
contain the Originator SRGB TLV. A BGP Prefix-SID attribute received
without a Label-Index TLV MUST be considered as "invalid" by the
receiving speaker.
Previdi, et al. Expires November 30, 2018 [Page 8]
Internet-Draft May 2018
The label index provides the receiving BGP speaker with guidance as
to the incoming label that SHOULD be assigned by that BGP speaker.
A BGP speaker may be locally configured with an SRGB=[SRGB_Start,
SRGB_End]. The preferred method for deriving the SRGB is a matter of
local node configuration.
The mechanisms through which a given label index value is assigned to
a given prefix are outside the scope of this document.
Given a label index L_I, we refer to (L = L_I + SRGB_Start) as the
derived label. A BGP Prefix-SID attribute is designated
"conflicting" for a speaker M if the derived label value L lies
outside the SRGB configured on M. Otherwise the Label-Index TLV is
designated "acceptable" to speaker M.
If multiple different prefixes are received with the same label
index, all of the different prefixes MUST have their BGP Prefix-SID
attribute considered as "conflicting".
If multiple valid paths for the same prefix are received from
multiple BGP speakers or, in the case of [RFC7911], from the same BGP
speaker, and the BGP Prefix-SID attributes do not contain the same
label index, then the label index from the best path BGP Prefix-SID
attribute SHOULD be chosen with a notable exception being when
[RFC5004] is being used to dampen route changes.
When a BGP speaker receives a path from a neighbor with an
"acceptable" BGP Prefix-SID attribute and that path is selected as
the best path, it SHOULD program the derived label as the label for
the prefix in its local MPLS dataplane.
When a BGP speaker receives a path from a neighbor with an "invalid"
or "conflicting" BGP Prefix-SID attribute or when a BGP speaker
receives a path from a neighbor with a BGP Prefix-SID attribute but
is unable to process it (e.g., local policy disables the
functionality), it MUST ignore the BGP Prefix-SID attribute. For the
purposes of label allocation, a BGP speaker MUST assign a local (also
called dynamic) label (non-SRGB) for such a prefix as per classic
Multiprotocol BGP labeled IPv4/IPv6 Unicast ([RFC8277]) operation.
In the case of an "invalid" BGP Prefix-SID attribute, a BGP speaker
MUST follow to the error handling rules specified in Section 6. A
BGP speaker SHOULD log an error for further analysis. In the case of
a "conflicting" BGP Prefix-SID attribute, a BGP speaker SHOULD NOT
treat it as error and SHOULD propagate the attribute unchanged. A
BGP Speaker SHOULD log a warning for further analysis, i.e., in the
case the conflict is not due to a label index transition.
Previdi, et al. Expires November 30, 2018 [Page 9]
Internet-Draft May 2018
When a BGP Prefix-SID attribute changes and transitions from
"conflicting" to "acceptable", the BGP Prefix-SID attributes for
other prefixes may also transition to "acceptable" as well.
Implementations SHOULD assure all impacted prefixes revert to using
the label indices corresponding to these newly "acceptable" BGP
Prefix-SID attributes.
The outgoing label is always programmed as per classic Multiprotocol
BGP labeled IPv4/IPv6 Unicast ([RFC8277]) operation. Specifically, a
BGP speaker receiving a prefix with a BGP Prefix-SID attribute and a
label NLRI field of Implicit NULL [RFC3032] from a neighbor MUST
adhere to standard behavior and program its MPLS dataplane to pop the
top label when forwarding traffic to the prefix. The label NLRI
defines the outbound label that MUST be used by the receiving node.
5. Advertising BGP Prefix-SID Attribute
The BGP Prefix-SID attribute MAY be attached to labeled BGP prefixes
(IPv4/IPv6) [RFC8277]. In order to prevent distribution of the BGP
Prefix-SID attribute beyond its intended scope of applicability,
attribute filtering SHOULD be deployed to remove the BGP Prefix-SID
attribute at the administrative boundary of the segment routing
domain.
A BGP speaker that advertises a path received from one of its
neighbors SHOULD advertise the BGP Prefix-SID received with the path
without modification, as long as the BGP Prefix-SID was acceptable.
If the path did not come with a BGP Prefix-SID attribute, the speaker
MAY attach a BGP Prefix-SID to the path if configured to do so. The
content of the TLVs present in the BGP Prefix-SID is determined by
the configuration.
5.1. MPLS Dataplane: Labeled Unicast
A BGP speaker that originates a prefix attaches the BGP Prefix-SID
attribute when it advertises the prefix to its neighbors via
Multiprotocol BGP labeled IPv4/IPv6 Unicast ([RFC8277]). The value
of the label index in the Label-Index TLV is determined by
configuration.
A BGP speaker that originates a BGP Prefix-SID attribute MAY
optionally announce the Originator SRGB TLV along with the mandatory
Label-Index TLV. The content of the Originator SRGB TLV is
determined by configuration.
Since the label index value must be unique within an SR domain, by
default an implementation SHOULD NOT advertise the BGP Prefix-SID
Previdi, et al. Expires November 30, 2018 [Page 10]
Internet-Draft May 2018
attribute outside an Autonomous System unless it is explicitly
configured to do so.
In all cases, the label field of the advertised NLRI ([RFC8277],
[RFC4364]) MUST be set to the local/incoming label programmed in the
MPLS dataplane for the given advertised prefix. If the prefix is
associated with one of the BGP speaker's interfaces, this is the
usual MPLS label (such as the Implicit or Explicit NULL label
[RFC3032]).
6. Error Handling of BGP Prefix-SID Attribute
When a BGP Speaker receives a BGP Update message containing a
malformed or invalid BGP Prefix-SID attribute attached to a Labeled
IPv4/IPv6 unicast prefix [RFC8277], it MUST ignore the received BGP
Prefix-SID attributes and not advertise it to other BGP peers. In
this context, a malformed BGP Prefix-SID attribute is one that cannot
be parsed due to not meeting the minimum attribute length
requirement, contains a TLV length that doesn't conform to the length
constraints for the TLV, or a contains TLV length that would extend
beyond the end of the attribute (as defined by the attribute length).
This is equivalent to the "Attribute discard" action specified in
[RFC7606]. When discarding an attribute, a BGP speaker SHOULD log an
error for further analysis.
Consistent with [RFC7606], only the first occurrence of the BGP
Prefix-SID attribute will be considered and subsequent occurrences
will be discarded. Similarly, only the first occurrence of a BGP
Prefix-SID attribute TLV of a given TLV type will be considered
unless the specification of that TLV type allows for multiple
occurrences.
For future extensibility, unknown TLVs MUST be ignored and propagated
unmodified.
7. IANA Considerations
This document defines a BGP path attribute known as the BGP Prefix-
SID attribute. This document requests IANA to assign an attribute
code type (suggested value: 40) to the BGP Prefix-SID attribute from
the BGP Path Attributes registry.
Currently, IANA temporarily assigned the following:
40 BGP Prefix-SID (TEMPORARY - registered 2015-09-30, expires
2016-09-30) [draft-ietf-idr-bgp-prefix-sid]
Previdi, et al. Expires November 30, 2018 [Page 11]
Internet-Draft May 2018
This document defines 3 TLVs for the BGP Prefix-SID attribute. These
TLVs need to be registered with IANA. We request IANA to create a
registry for BGP Prefix-SID Attribute TLVs as follows:
Under "Border Gateway Protocol (BGP) Parameters" registry, "BGP
Prefix-SID TLV Types" Reference: draft-ietf-idr-bgp-prefix-sid
Registration Procedure(s): Values 1-254 First Come First Served
(FCFS), Value 0 and 255 reserved
Value Type Reference
0 Reserved this document
1 Label-Index this document
2 Deprecated this document
3 Originator SRGB this document
4-254 Unassigned
255 Reserved this document
This document also requests creation of the "BGP Prefix-SID Label-
Index TLV Flags" registry under the "Border Gateway Protocol (BGP)
Parameters" registry, Reference: draft-ietf-idr-bgp-prefix-sid.
Initially, this 16 bit flags registry will be empty. Flag bits will
be allocated First Come First Served (FCFS) consistent with the BGP-
SID TLV Types registry.
Finally, this document requests creation of the "BGP Prefix-SID
Originator SRGB TLV Flags" registry under the "Border Gateway
Protocol (BGP) Parameters" registry, Reference: draft-ietf-idr-bgp-
prefix-sid. Initially, this 16 bit flags registry will be empty.
Flag bits will be allocated First Come First Served (FCFS) consistent
with the BGP-SID TLV Types registry.
8. Manageability Considerations
This document defines a BGP attribute to address use cases such as
the one described in [I-D.ietf-spring-segment-routing-msdc]. It is
assumed that advertisement of the BGP Prefix-SID attribute is
controlled by the operator in order to:
o Prevent undesired origination/advertisement of the BGP Prefix-SID
attribute. By default, a BGP Prefix-SID attribute SHOULD NOT be
attached to a prefix and advertised. Hence, BGP Prefix-SID
advertisement SHOULD require explicit enablement.
o Prevent any undesired propagation of the BGP Prefix-SID attribute.
By default, the BGP Prefix-SID is not advertised outside the
boundary of a single SR/administrative domain which may include
one or more ASes. The propagation to other ASes MUST be
explicitly configured.
Previdi, et al. Expires November 30, 2018 [Page 12]
Internet-Draft May 2018
The deployment model described in
[I-D.ietf-spring-segment-routing-msdc] assumes multiple Autonomous
Systems (ASes) under a common administrative domain. For this use
case, the BGP Prefix-SID advertisement is applicable to the inter-AS
context, i.e., EBGP, while it is confined to a single administrative
domain.
9. Security Considerations
This document introduces a BGP attribute (BGP Prefix-SID) which
inherits the security considerations expressed in: [RFC4271],
[RFC8277], and [I-D.ietf-spring-segment-routing].
When advertised using BGPsec as described in [RFC8205], the BGP
Prefix-SID attribute doesn't impose any unique security
considerations. It should be noted that the BGP Prefix-SID attribute
is not protected by the BGPsec signatures.
It should be noted that, as described in Section 8, this document
refers to a deployment model where all nodes are under the single
administrative domain. In this context, we assume that the operator
doesn't want to leak any information related to internal prefixes and
topology outside of the administrative domain. The internal
information includes the BGP Prefix-SID. In order to prevent such
leaking, the common BGP mechanisms (filters) are applied at the
boundary of the SR/administrative domain. Local BGP attribute
filtering policies and mechanisms are not standardized and,
consequently, beyond the scope of this document.
To prevent a Denial-of-Service (DoS) or Distributed-Denial-of-Service
(DDoS) attack due to excessive BGP updates with an invalid or
conflicting BGP Prefix-SID attribute, message rate-limiting as well
as suppression of duplicate messages SHOULD be deployed.
10. Contributors
Keyur Patel
Arrcus, Inc.
US
Email: Keyur@arrcus.com
Saikat Ray
Unaffiliated
US
Email: raysaikat@gmail.com
Previdi, et al. Expires November 30, 2018 [Page 13]
Internet-Draft May 2018
11. Acknowledgements
The authors would like to thank Satya Mohanty for his contribution to
this document.
The authors would like to thank Alvaro Retana for substantive
comments as part of the Routing AD review.
The authors would like to thank Shyam Sethuram for comments and
discussion of TLV processing and validation.
The authors would like to thank Robert Raszuk for comments and
suggestions regarding the MPLS data plane behavior.
The authors would like to thank Krishna Deevi, Juan Alcaide, Howard
Yang, and Jakob Heitz for discussions on conflicting BGP Prefix-SID
label indices and BGP add paths.
The authors would like to thank Peter Yee, Tony Przygienda, Mirja
Kuehlewind, Alexey Melnikov, Eric Rescorla, Suresh Krishnan, Warren
Kumari, Ben Campbell and Sue Hares for IDR Working Group last call,
IETF Last Call, directorate, and IESG reviews.
12. References
12.1. Normative References
[I-D.ietf-spring-segment-routing]
Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B.,
Litkowski, S., and R. Shakir, "Segment Routing
Architecture", draft-ietf-spring-segment-routing-15 (work
in progress), January 2018.
[I-D.ietf-spring-segment-routing-mpls]
Bashandy, A., Filsfils, C., Previdi, S., Decraene, B.,
Litkowski, S., and R. Shakir, "Segment Routing with MPLS
data plane", draft-ietf-spring-segment-routing-mpls-13
(work in progress), April 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, <https://www.rfc-
editor.org/info/rfc4271>.
Previdi, et al. Expires November 30, 2018 [Page 14]
Internet-Draft May 2018
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760,
DOI 10.17487/RFC4760, January 2007, <https://www.rfc-
editor.org/info/rfc4760>.
[RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
Patel, "Revised Error Handling for BGP UPDATE Messages",
RFC 7606, DOI 10.17487/RFC7606, August 2015,
<https://www.rfc-editor.org/info/rfc7606>.
[RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder,
"Advertisement of Multiple Paths in BGP", RFC 7911,
DOI 10.17487/RFC7911, July 2016, <https://www.rfc-
editor.org/info/rfc7911>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol
Specification", RFC 8205, DOI 10.17487/RFC8205, September
2017, <https://www.rfc-editor.org/info/rfc8205>.
[RFC8277] Rosen, E., "Using BGP to Bind MPLS Labels to Address
Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017,
<https://www.rfc-editor.org/info/rfc8277>.
12.2. Informative References
[]
Previdi, S., Filsfils, C., Leddy, J., Matsushima, S., and
d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header
(SRH)", draft-ietf-6man-segment-routing-header-13 (work in
progress), May 2018.
[I-D.ietf-idr-bgp-ls-segment-routing-ext]
Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H.,
and M. Chen, "BGP Link-State extensions for Segment
Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-08
(work in progress), May 2018.
Previdi, et al. Expires November 30, 2018 [Page 15]
Internet-Draft May 2018
[I-D.ietf-idr-bgpls-segment-routing-epe]
Previdi, S., Filsfils, C., Patel, K., Ray, S., and J.
Dong, "BGP-LS extensions for Segment Routing BGP Egress
Peer Engineering", draft-ietf-idr-bgpls-segment-routing-
epe-15 (work in progress), March 2018.
[I-D.ietf-spring-segment-routing-msdc]
Filsfils, C., Previdi, S., Mitchell, J., Aries, E., and P.
Lapukhov, "BGP-Prefix Segment in large-scale data
centers", draft-ietf-spring-segment-routing-msdc-08 (work
in progress), December 2017.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
<https://www.rfc-editor.org/info/rfc3032>.
[RFC5004] Chen, E. and S. Sangli, "Avoid BGP Best Path Transitions
from One External to Another", RFC 5004,
DOI 10.17487/RFC5004, September 2007, <https://www.rfc-
editor.org/info/rfc5004>.
[RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and
S. Ray, "North-Bound Distribution of Link-State and
Traffic Engineering (TE) Information Using BGP", RFC 7752,
DOI 10.17487/RFC7752, March 2016, <https://www.rfc-
editor.org/info/rfc7752>.
Authors' Addresses
Stefano Previdi (editor)
Cisco Systems
IT
Email: stefano@previdi.net
Clarence Filsfils
Cisco Systems
Brussels
Belgium
Email: cfilsfils@cisco.com
Previdi, et al. Expires November 30, 2018 [Page 16]
Internet-Draft May 2018
Acee Lindem (editor)
Cisco Systems
301 Midenhall Way
Cary, NC 27513
USA
Email: acee@cisco.com
Arjun Sreekantiah
Email: arjunhrs@gmail.com
Hannes Gredler
RtBrick Inc.
Email: hannes@rtbrick.com
Previdi, et al. Expires November 30, 2018 [Page 17]