Internet DRAFT - draft-li-spring-sr-sfc-control-plane-framework
draft-li-spring-sr-sfc-control-plane-framework
SPRING Working Group Y. Yin
Internet-Draft China Telecom
Intended status: Informational C. Li
Expires: 2 September 2024 Huawei Technologies
A. Sawaf
Saudi Telecom Company
H. Huang
Z. Li
Huawei Technologies
1 March 2024
A Framework for Constructing Service Function Chaining Systems Based on
Segment Routing
draft-li-spring-sr-sfc-control-plane-framework-10
Abstract
Segment Routing (SR) introduces a versatile methodology for defining
end-to-end network paths by encoding sequences of topological sub-
paths, known as "segments". This architecture can be deployed over
both MPLS and IPv6 data planes, offering a flexible routing solution.
Service Function Chaining (SFC) supports the establishment of
composite services through an ordered sequence of Service Functions
(SFs) that are applied to packets or frames based on initial
classification. SFC's implementation can utilize various underlying
technologies, including the Network Service Header (NSH) and SR, to
facilitate the creation and management of service chains.
This document presents a comprehensive control framework for
developing SFC architectures using Segment Routing. It explores
control plane solutions for the distribution of service function
instance routes and service function paths, as well as techniques for
directing packets into specific service function chains. The
discussion encompasses both theoretical foundations and practical
considerations for integrating SR into SFC deployments.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Yin, et al. Expires 2 September 2024 [Page 1]
Internet-Draft SR based SFC Control Plane March 2024
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 September 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of SR Based SFC Control Plane . . . . . . . . . . . 4
3. Stateless SR Based SFC . . . . . . . . . . . . . . . . . . . 6
3.1. Service Function Instance Route Distribution . . . . . . 7
3.2. Service Function Path Route Distribution . . . . . . . . 7
3.3. Steer Packets into SFC . . . . . . . . . . . . . . . . . 8
4. Stateful SR Based SFC . . . . . . . . . . . . . . . . . . . . 8
4.1. Service Function Route Distribution . . . . . . . . . . . 8
4.2. Service Function Path Route Distribution . . . . . . . . 8
4.3. Steer Packets into SFC . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Normative References . . . . . . . . . . . . . . . . . . . . . 9
Informative References . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
Yin, et al. Expires 2 September 2024 [Page 2]
Internet-Draft SR based SFC Control Plane March 2024
1. Introduction
Segment Routing (SR), as defined in [RFC8402], introduces a source
routing paradigm that assigns a specific forwarding path for packets
at the ingress node via an ordered list of directives, known as
segments. SR's implementation varies with the underlying data plane:
SR-MPLS [RFC8660] for MPLS and SRv6 [RFC8754] for IPv6.
Service Function Chaining (SFC), outlined in [RFC7665], facilitates
the assembly of composite services through a sequenced application of
Service Functions (SF) on packets or frames, triggered by
classification processes.
Network Service Header (NSH) [RFC8300] provides a basis for SFC,
enabling a "stateful SFC" by necessitating nodes along the Service
Function Path (SFP) to maintain specific SFC states, such as mappings
between the Service Path Identifier (SPI) and Service Index (SI) for
subsequent forwarding actions. [RFC9015] introduces the use of BGP
as a control plane mechanism for SFC architectures utilizing NSH and
MPLS. It proposes a new BGP address family, the SFC AFI/SAFI,
comprising two route types: Service Function Instance Route (SFIR)
and Service Function Path Route (SFPR), facilitating the construction
of NSH or MPLS-based SFCs with SFIR and SFPR data.
Alternatively, SFC can leverage SR for instantiation, where the SR
source node explicitly embeds the forwarding path into packets. In
SR-based SFC, an SFC is denoted by a SID list from the source SR
node, potentially linked with service details (e.g., Deep Packet
Inspection, DPI), obviating the need for maintaining per-SFC state
along the SFP, hence termed "stateless SFC."
To deploy SR-based SFC, this document explores several mechanisms,
including the distribution of SFIR and SFPR, as well as packet
steering into an SFP. The review aims to establish a comprehensive
framework for constructing an SFC system utilizing Segment Routing.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.2. Terminology
MPLS: Multiprotocol Label Switching.
Yin, et al. Expires 2 September 2024 [Page 3]
Internet-Draft SR based SFC Control Plane March 2024
SID: Segment Identifier.
SR: Segment Routing.
SR-MPLS: Segment Routing with MPLS data plane.
SRH: Segment Routing Header.
SFIR: Service Function Instance Route
SFPR: Service Function Path Route
Further, this document makes use of the terms defined in [RFC7665]
and [I-D.ietf-spring-sr-service-programming].
2. Overview of SR Based SFC Control Plane
As per [RFC7665], the architecture of SFC consists of classifiers,
Service Function Forwarders (SFFs), Service Functions (SFs) and SFC
Proxies. This is illustrated in Figure 1.
+-----+ +-----+ +-----+
| | | SFC | | |
| SF1 | |Proxy|---| SF2 |
+-----+ +-----+ +-----+
| |
+--------------+ | |
| Service | SFC +------+ +------+
|Classification| Encapsulation | SFF1 | | SFF2 |
--->| Function |+---------------->| |--------| |------->
| | | | | |
+--------------+ +------+ +------+
SFC-enabled Domain
Figure 1. SFC Architecture
In order to construct an SFC, SFIR and SFPR should be distributed to
classifiers and SFFs. Also, the rules of steering packets into
specific SFPs should be configured at the classifier. [RFC9015].
In SR, a source node can explicitly indicate the forwarding path for
packets by inserting an ordered list of instructions. These packet
steering policies, known as SR policy, can be installed by a central
controller via BGP [I-D.ietf-idr-sr-policy-safi] or other mechanisms.
Yin, et al. Expires 2 September 2024 [Page 4]
Internet-Draft SR based SFC Control Plane March 2024
When SFC is constructed based on SR, SFPR and packet steering rules
can be installed by SR policy at the ingress node, which plays the
role of classifier in the SFC architecture. In other words, SFPR
does not need to be distributed to all the nodes along the SFP. The
architecture of SR based SFC is illustrated in Figure 2.
+-----+ +-----+ +-----+ +-----+
| | | | | SR | | |
|SR-C | | SF1 | |Proxy|---| SF2 |
+-----+ +-----+ +-----+ +-----+
| | |
| | |
+--------------+ +------+ +------+
| | SFC Encap/SR | SFF1/| | SFF2/|
--->|CF/SR ingress |+---------------->| SR |--------| SR |------->
| | | | | |
+--------------+ +------+ +------+
SFC-enabled Domain
Figure 2. SR based SFC architecture.
* CF/SR ingress: an SR ingress node plays the role of Classifier in
the SFC architecture, and it connects to an SR controller, where
the SR policies originate.
* SR-C: SR Controller (SR-C) is connected to the SR ingress node,
and may be attached to any node in the network. SR-C is capable
of discovering topology, and calculating constrained paths for
SFCs.
* SFF/SR nodes: the SFF component in SFC architecture, which enables
SR to steer packets to SFs.
* SFn: Service Functions, can be SR-aware or SR-unaware. If an SF
is SR-unaware then SR proxy is needed.
* SR proxy: A proxy between SFF/SR nodes and SR-unaware SF.
There are two solutions to encode SFC in the SR data plane.
[I-D.ietf-spring-sr-service-programming] defines data plane
functionality required to implement service segments and achieve
service programming in SR-enabled MPLS and IP networks. It can be
termed "Stateless SFC" since no per-SFC state is maintained on the SR
nodes along the SFP.
Yin, et al. Expires 2 September 2024 [Page 5]
Internet-Draft SR based SFC Control Plane March 2024
The second solution can be termed "Stateful SFC" [RFC9491], since it
still maintains per-SFC state on nodes. [RFC9491]describes two modes
of operation:
* NSH-based SFC with SR-based transport tunnel: SR is used as the
transport tunnel to route packets between classifier and SFF or
SFFs. Service plane routing relies on NSH.
* SR-based SFC with Integrated NSH Service Plane: The SFP is encoded
within the SR segment-list, while the NSH only maintains the
service plane context information, which will be used at NSH-aware
SFs, and at SFFs as a pointer to cache SR segment-lists.
In order to support these data plane encodings, control plane
mechanisms are required. The existing control plane mechanisms are
shown in Table 1.
+===================+========+======+==========+
| SR based SFC | SFIR | SFPR | Steering |
| | | | policy |
+===================+========+======+==========+
| Stateless | BGP | BGP | BGP |
| | BGP-LS | PCEP | PCEP |
| | IGP | | |
+-------------------+--------+------+----------+
| NSH-based SFC | BGP | BGP | BGP |
| with SR-based | | PCEP | |
| transport tunnel | | | |
+-------------------+--------+------+----------+
| SR-based SFC with | BGP | BGP | BGP |
| Integrated NSH | BGP-LS | PCEP | PCEP |
| Service Plane | IGP | | |
+-------------------+--------+------+----------+
Table 1: SR based SFC Control Plane Solutions
3. Stateless SR Based SFC
As describe in [I-D.ietf-spring-sr-service-programming], service
instances are associated with a segment, called a service SID. These
service SIDs are leveraged as part of a SID-list to steer packets
through the corresponding services
Yin, et al. Expires 2 September 2024 [Page 6]
Internet-Draft SR based SFC Control Plane March 2024
3.1. Service Function Instance Route Distribution
To associate a segment with a service, service information, such as
Service Function Type (SFT), should be included in segment
distribution. [I-D.dawra-idr-bgp-ls-sr-service-segments] specifies
the extensions to BGP-LS for discovery and advertisement of service
segments to enable setup of service programming paths using Segment
Routing. [I-D.dawra-idr-bgp-ls-sr-service-segments] extends SRv6
Node SID TLV [RFC9514] and SR-MPLS SID/ Label TLV [RFC9085] to
associate the Service SID Value with Service-related Information
using Service Chaining Sub-TLV. The Service Chaining Sub-TLV
contains information of Service SID value, Function Identifier
(Static Proxy, Dynamic Proxy, Shared Memory Proxy, Masquerading
Proxy, SR Aware Service Etc.), Service Type (DPI, Firewall,
Classifier, LB etc.), Traffic Type (IPv4 OR IPv6 OR Ethernet) and
Opaque Data (such as brand and version, other extra information).
This extension works for both SR- MPLS and SRv6.
[RFC9015] proposes a BGP-based SFC control plane solution, and it
works for SR-MPLS as well. Service function instance route
distribution can use SFIR in SFC AFI/SAFI. SFPR and steering rules
for the classifier can be distributed by SR policy, which is defined
in [I-D.ietf-idr-sr-policy-safi]. BGP control plane of SRv6-based
SFC still needs to be defined.
IGP extensions are proposed by [I-D.xu-lsr-isis-service-function-adv]
and [I-D.xu-lsr-ospf-service-function-adv]. In IS-IS solution, SFFs
within the SFC domain need to advertise each SF they are offering by
using a new sub-TLV of the IS-IS Router CAPABILITY TLV [RFC7981].
This new sub-TLV is called Service Function sub-TLV, and it can
appear multiple times within a given IS-IS Router CAPABILITY TLV or
when more than one SF needs to be advertised. OSPF extensions are
similar, and use the OSPF Router Information (RI) Opaque LSA
[RFC7770] to carry Service Function sub-TLV.
However, due to IGP flooding issues, IGP extensions are not very
appropriate, and the drafts have expired for a long time.
3.2. Service Function Path Route Distribution
With SR, the SFPR does not need to be distributed to nodes along the
SFP but only to the ingress node. SFPR and steering rules for the
classifier can be distributed by SR policy. The BGP extension is
defined in [I-D.ietf-idr-sr-policy-safi]. The PCEP extension is
defined in [I-D.ietf-pce-segment-routing-policy-cp].
Yin, et al. Expires 2 September 2024 [Page 7]
Internet-Draft SR based SFC Control Plane March 2024
3.3. Steer Packets into SFC
In SR, packet steering rules are learned through SR policy. Thus,
there is no need to install other rules in the classifier, which is
the SR source node.
4. Stateful SR Based SFC
"Stateful SFC" [RFC9491] proposes two modes of SR based SFC:
* NSH-based SFC with SR-based transport tunnel
* SR-based SFC with Integrated NSH Service Plane
4.1. Service Function Route Distribution
For NSH-based SFC with SR-based transport tunnel, service information
is maintained by NSH while SR is only used for transport between
SFFs, so [RFC9015] can be used for this mode.
To indicate NSH, an SFF label [RFC8596] should be inserted as the
last label in the label stack in SR-MPLS. The control plane of SFF
is also described in [RFC9015]. For choosing/configuring SR as the
transport tunnel, BGP route of SFF's BGP Tunnel Encapsulation
Attribute Type should be "SR TE Policy Type"
[I-D.ietf-idr-sr-policy-safi]. For SR-based SFC with Integrated NSH
Service Plane, there is no control plane solution as yet defined.
4.2. Service Function Path Route Distribution
Same as SFIR distribution, SFPR BGP distribution in NSH-based SFC
with SR-based transport tunnel is identical to the mechanism defined
in [RFC9015]. PCEP extension for SFPR distribution can reuse the NSH
based SFC extension defined in [I-D.wu-pce-traffic-steering-sfc].
For SR-based SFC with Integrated NSH Service Plane, control plane
solution is to be added in other documents.
4.3. Steer Packets into SFC
For NSH-based SFC with SR-based transport tunnel, it is the same with
the NSH based SFC. The Classifier is responsible for determining to
which packet flow a packet belongs (usually by inspecting the packet
header), imposing an NSH, and initializing the NSH with the SPI of
the selected SFP and the SI of its first hop [RFC9015]. For SR-based
SFC with Integrated NSH Service Plane, control plane solution is to
be added in other document.
Yin, et al. Expires 2 September 2024 [Page 8]
Internet-Draft SR based SFC Control Plane March 2024
5. IANA Considerations
This document does not require any IANA actions.
6. Security Considerations
This document does not introduce additional security requirements and
mechanisms.
Acknowledgements
Many thanks for Ruizhao Hu's valuable comments and help.
References
Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
Informative References
[I-D.dawra-idr-bgp-ls-sr-service-segments]
Dawra, G., Filsfils, C., Talaulikar, K., Clad, F.,
Bernier, D., Uttaro, J., Decraene, B., Elmalky, H., Xu,
X., Guichard, J., and C. Li, "BGP-LS Advertisement of
Segment Routing Service Segments", Work in Progress,
Internet-Draft, draft-dawra-idr-bgp-ls-sr-service-
segments-06, 17 August 2021,
<https://datatracker.ietf.org/doc/html/draft-dawra-idr-
bgp-ls-sr-service-segments-06>.
[I-D.ietf-idr-sr-policy-safi]
Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., and
D. Jain, "Advertising Segment Routing Policies in BGP",
Work in Progress, Internet-Draft, draft-ietf-idr-sr-
policy-safi-00, 4 February 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr-
policy-safi-00>.
Yin, et al. Expires 2 September 2024 [Page 9]
Internet-Draft SR based SFC Control Plane March 2024
[I-D.ietf-pce-segment-routing-policy-cp]
Koldychev, M., Sivabalan, S., Barth, C., Peng, S., and H.
Bidgoli, "PCEP Extensions for SR Policy Candidate Paths",
Work in Progress, Internet-Draft, draft-ietf-pce-segment-
routing-policy-cp-14, 9 February 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-pce-
segment-routing-policy-cp-14>.
[I-D.ietf-spring-sr-service-programming]
Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C.,
Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and
S. Salsano, "Service Programming with Segment Routing",
Work in Progress, Internet-Draft, draft-ietf-spring-sr-
service-programming-09, 20 February 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-
sr-service-programming-09>.
[I-D.wu-pce-traffic-steering-sfc]
Wu, Q., Dhody, D., Boucadair, M., Jacquenet, C., and J.
Tantsura, "PCEP Extensions for Service Function Chaining
(SFC)", Work in Progress, Internet-Draft, draft-wu-pce-
traffic-steering-sfc-12, 30 June 2017,
<https://datatracker.ietf.org/doc/html/draft-wu-pce-
traffic-steering-sfc-12>.
[I-D.xu-lsr-isis-service-function-adv]
Xu, X., Huang, H., Shah, H. C., and L. M. Contreras,
"Advertising Service Functions Using IS-IS", Work in
Progress, Internet-Draft, draft-xu-lsr-isis-service-
function-adv-00, 9 March 2023,
<https://datatracker.ietf.org/doc/html/draft-xu-lsr-isis-
service-function-adv-00>.
[I-D.xu-lsr-ospf-service-function-adv]
Xu, X., Huang, H., Shah, H. C., and L. M. Contreras,
"Advertising Service Functions Using OSPF", Work in
Progress, Internet-Draft, draft-xu-lsr-ospf-service-
function-adv-00, 9 March 2023,
<https://datatracker.ietf.org/doc/html/draft-xu-lsr-ospf-
service-function-adv-00>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015,
<https://www.rfc-editor.org/rfc/rfc7665>.
Yin, et al. Expires 2 September 2024 [Page 10]
Internet-Draft SR based SFC Control Plane March 2024
[RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and
S. Shaffer, "Extensions to OSPF for Advertising Optional
Router Capabilities", RFC 7770, DOI 10.17487/RFC7770,
February 2016, <https://www.rfc-editor.org/rfc/rfc7770>.
[RFC7981] Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions
for Advertising Router Information", RFC 7981,
DOI 10.17487/RFC7981, October 2016,
<https://www.rfc-editor.org/rfc/rfc7981>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/rfc/rfc8300>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/rfc/rfc8402>.
[RFC8596] Malis, A., Bryant, S., Halpern, J., and W. Henderickx,
"MPLS Transport Encapsulation for the Service Function
Chaining (SFC) Network Service Header (NSH)", RFC 8596,
DOI 10.17487/RFC8596, June 2019,
<https://www.rfc-editor.org/rfc/rfc8596>.
[RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing with the MPLS Data Plane", RFC 8660,
DOI 10.17487/RFC8660, December 2019,
<https://www.rfc-editor.org/rfc/rfc8660>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/rfc/rfc8754>.
[RFC9015] Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L.
Jalil, "BGP Control Plane for the Network Service Header
in Service Function Chaining", RFC 9015,
DOI 10.17487/RFC9015, June 2021,
<https://www.rfc-editor.org/rfc/rfc9015>.
[RFC9085] Previdi, S., Talaulikar, K., Ed., Filsfils, C., Gredler,
H., and M. Chen, "Border Gateway Protocol - Link State
(BGP-LS) Extensions for Segment Routing", RFC 9085,
DOI 10.17487/RFC9085, August 2021,
<https://www.rfc-editor.org/rfc/rfc9085>.
Yin, et al. Expires 2 September 2024 [Page 11]
Internet-Draft SR based SFC Control Plane March 2024
[RFC9491] Guichard, J., Ed. and J. Tantsura, Ed., "Integration of
the Network Service Header (NSH) and Segment Routing for
Service Function Chaining (SFC)", RFC 9491,
DOI 10.17487/RFC9491, November 2023,
<https://www.rfc-editor.org/rfc/rfc9491>.
[RFC9514] Dawra, G., Filsfils, C., Talaulikar, K., Ed., Chen, M.,
Bernier, D., and B. Decraene, "Border Gateway Protocol -
Link State (BGP-LS) Extensions for Segment Routing over
IPv6 (SRv6)", RFC 9514, DOI 10.17487/RFC9514, December
2023, <https://www.rfc-editor.org/rfc/rfc9514>.
Authors' Addresses
Yuanyang Yin
China Telecom
Guangzhou
China
Email: yinyuany@chinatelecom.cn
Cheng Li
Huawei Technologies
Email: c.l@huawei.com
Ahmed El Sawaf
Saudi Telecom Company
Riyadh
Saudi Arabia
Email: aelsawaf.c@stc.com.sa
Hongyi Huang
Huawei Technologies
Huawei Campus, No. 156 Beiqing Rd.
Beijing
100095
China
Email: hongyi.huang@huawei.com
Zhenbin Li
Huawei Technologies
Huawei Campus, No. 156 Beiqing Rd.
Beijing
100095
China
Yin, et al. Expires 2 September 2024 [Page 12]
Internet-Draft SR based SFC Control Plane March 2024
Email: lizhenbin@huawei.com
Yin, et al. Expires 2 September 2024 [Page 13]