Internet DRAFT - draft-liu-idr-srv6-segment-list-optimize
draft-liu-idr-srv6-segment-list-optimize
IDR Working Group Y. Liu
Internet-Draft China Mobile
Intended status: Standards Track C. Lin
Expires: July 5, 2024 New H3C Technologies
Ran.Chen
ZTE
Y. Qiu
New H3C Technologies
January 5, 2024
SRv6 Segment List optimization
draft-liu-idr-srv6-segment-list-optimize-01
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on July 5 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
Liu, et al. Expire July, 2024 [Page 1]
Internet-Draft SRv6 Segment List Optimization January 2024
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Abstract
This document introduces an optimization method for segment list
arrangement to solve the problem of the penultimate segment node
being unable to perform PSP behavior when the egress node has both
End SID and service SID, and improve the forwarding efficiency of
data packets.
Table of Contents
1. Introduction ................................................ 3
2. Terminology ................................................. 3
3. Requirement background ...................................... 3
4. Extend the Reserved field of SRv6 SID Endpoint Behavior and
Structure ...................................................... 5
5. Optimizing the arrangement method of segment list ........... 5
6. Example of SRv6 packet Processing Process ................... 6
6.1. Data packet Processing to VPN .......................... 7
6.2. OAM Packet Processing to the Egress Node ............... 8
7. IANA Considerations ......................................... 8
8. Security Considerations ..................................... 9
9. References .................................................. 9
9.1. Normative References ................................... 9
9.2. Informative References ................................ 10
10. Acknowledgments ........................................... 10
Authors' Addresses ............................................ 10
Liu, et al. Expires July, 2024 [Page 2]
Internet-Draft SRv6 Segment List Optimization January 2024
1. Introduction
Segment Routing (SR) [RFC8402] allows a headend node to steer a
packet flow along any path. Intermediate per-path states are
eliminated thanks to source routing.
The headend node is said to steer a flow into an SR Policy
[RFC8402]. The packets steered into an SR Policy carry an ordered
list of segments associated with that SR Policy.
[I-D.draft-ietf-idr-segment-routing-te-policy] specifies how BGP may
be used to distribute SR Policy candidate paths. New sub-TLVs for
the Tunnel Encapsulation Attribute are defined for signaling
information about these candidate paths.
This document introduces an optimization method for segment list
arrangement to solve the problem of the penultimate segment node
being unable to perform PSP behavior when the egress node has both
End SID and service SID, and improve the forwarding efficiency of
data packets.
2. Terminology
The following terminologies are used in this document.
SR: Segment Routing
SRv6: SR for IPv6
SRH: Segment Routing Header
SID: Segment Identifier
CE: Customer Edge
PE: Provider Edge
VPN: Virtual Private Network
PSP: Penultimate Segment Pop
3. Requirement background
In SRv6 networks, some functions can only be executed on the
penultimate SR Segment Endpoint Node, such as Penultimate Segment
Pop (PSP) behavior. However, if both the End SID and service SID of
the egress node are encapsulated in SRH.SegmentList, the endpoint
Liu, et al. Expires July, 2024 [Page 3]
Internet-Draft SRv6 Segment List Optimization January 2024
will not be able to identify itself as the penultimate SR Segment
Endpoint Node based on the SRH.SL field after receiving the packet.
For example, in the following scenarios, the Segment List of SRv6
Policy must include the End SID of the egress node. The SRH
extension header of VPN user's data packets forwarded based on this
SRv6 Policy tunnel will simultaneously encapsulate the End SID and
VPN SID of the egress node.
* Scenario 1
In tunnel splicing scenarios and cross domain path splicing
scenarios, usually based on binding SID to steer traffic. The
Segment List of SRv6 Policy on the head node must include the End
SID of the egress node.
* Scenario 2
When the head node enables end-to-end fast fault detection of SRv6
Policy, OAM messages are sent to the egress node. The End SID of
the egress node must be specified in the Segment List of this SRv6
Policy.
In this way, the following two problems will arise:
* Problem 1: PSP behavior may not be executable.
If the head node encapsulates both the End SID and VPN SID of the
egress node in the SRH.SegmentList, the penultimate SR Segment
Endpoint Node will find that local SID is not in the position
with SL=1 after receiving the packet.
After executing SL--, SL is still greater than 0. Because the
condition of (SL==0) is not met, the penultimate SR Segment
Endpoint Node will not be able to perform the processing of
removing the SRH from the IPv6 extension header.
* Problem 2: The forwarding efficiency of egress node decreases.
If the egress node receives a packet with both a local End SID
and a VPN SID, it needs to first look up the table based on the
End SID. Then, based on the VPN SID, execute the VPN SID
instruction, and finally remove the outer IPv6 packet header and
forward it to VPN network.
The data packet needs to look up the SID table twice within the
egress node. For some chips, the second SID table lookup requires
a loopback interface to be implemented. Due to the bandwidth
Liu, et al. Expires July, 2024 [Page 4]
Internet-Draft SRv6 Segment List Optimization January 2024
limitations and the possibility of other service packets
coexisting on the loopback interface, the forwarding efficiency
of packets to VPN will be greatly affected.
* Problem 3: Increase the overhead of the packet header.
Carrying both the End SID and VPN SID of the egress node in the
SRH.SegmentList will increase the overhead of the packet header.
Especially in environments that require SRv6 header compression,
arranging End SID for egress node will reduce compression
efficiency.
Therefore, this document proposes a method to optimize the
SRH.SegmentList encapsulated by the head node. When there are End
SID and service SID of egress node on the path at the same time,
only the service SID is encapsulated in the SRH.SegmentList.
This can solve the problem of the penultimate segment node being
unable to perform PSP behavior when the egress node has both End SID
and service SID, and improve the forwarding efficiency of data
packets on the egress node.
4. Extend the Reserved field of SRv6 SID Endpoint Behavior and
Structure
Extend the Reservied field of SRv6 SID Endpoint Behavior and
Structure defined in Chapter 2.4.4.2.4 of[I-D.ietf-idr-segment-
routing-te-policy], Define a bit to identify whether this SID belong
to the egress node.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Endpoint Behavior |E| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LB Length | LN Length | Fun. Length | Arg. Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where:
* E-Flag: This flag, when set, indicates that this segment is
the egress node's SID.
5. Optimizing the arrangement method of segment list
After the controller arranges the SRv6 forwarding path, it informs
the ingress node which is the egress node's SID through the E-Flag.
When the controller distributes the SRv6 Policy configuration to the
head node through BGP, the E-Flag bit of SRv6 SID Endpoint Behavior
Liu, et al. Expires July, 2024 [Page 5]
Internet-Draft SRv6 Segment List Optimization January 2024
and Structure in the segment sub-TLV corresponding to the egress
node is set to 1. And the E-Flag bits corresponding to the ingress
node and intermediate node are set to 0.
After receiving the SRv6 Policy configuration with E-Flag, the
ingress node will not simultaneously arrange the End SID and Service
SID of the egress node into the SRH.SegmentList of packet.
For data packets forwarded to VPN through this SRv6 Policy, the
SRH.SegmentList will not encapsulate the End SID corresponding to
the egress node in the SID list of SRv6 Policy.
If the forwarding path does not include the service SID of the
egress node, then the End SID of the egress node should be
encapsulated in SRH.SegmentList.
For OAM detection packets of the SR policy, the SRH.SegmentList is
encapsulated according to the SID list of the SR policy, only
encapsulating node SIDs.
6. Example of SRv6 packet Processing Process
Taking Figure 1 as an example, describe how SRv6 data packets and
OAM packets are forwarded in the SRv6 network based on the optimized
Segment List arrangement mechanism.
+------------+
| Controller |
+------------+
/ \
/ \
/ \
+---+ +---+ +---+ +---+ +---+ +---+
|CE1|----|PE1|-----| P1|-----| P2|-----|PE2|---|CE2|
+---+ +---+ +---+ +---+ +---+ +---+
2::2 3::3 4::4 5::5
End.DT4 SID: 5::100
Figure 1
CE1 and CE2 are VPN access devices that connect to the IPv6 backbone
network through PE. PE1 has a locator 2::/64. P1 has a locator
3::/64. P2 has an End SID 4::4 with PSP Flavor. PE2 has a locator
5::/64 and a VPN SID 5::100. The traffic from CE1 to CE2 is
forwarded along the path PE1->P1->P2->PE2.
P2 needs to perform the PSP behavior to remove the SRH extension
header.
Liu, et al. Expires July, 2024 [Page 6]
Internet-Draft SRv6 Segment List Optimization January 2024
The controller calculates the SRv6 forwarding path from PE1 to PE2
based on the collected topology and configuration information, and
distributes the SRv6 Policy to PE1 through BGP. The Endpoint address
is 5::5 of PE2. There is only one candidate path. The candidate path
contains a Segment list <3::3, 4::4, 5::5>. For PE2's Segment 5::5,
the E-Flag bit of SRv6 SID Endpoint Behavior and Structure in the
segment sub-TLV set to 1.
PE2 advertises a BGP VPN route to PE1, and the next hop of the BGP
route is the endpoint address 5::5. After receiving the BGP route,
PE1 iterates to the SRv6 Policy using the color and the next hop of
the route.
There are two types of packets sent from PE1 to PE2: data packets
and OAM packets.
6.1. Data packet Processing to VPN
After PE1 receives the data packet from CE1 to CE2, it looks up the
VPN instance routing table and iterates to SRv6 Policy.
PE1 adds the SRH extension header to the packet and encapsulates the
Segment List of the SRv6 Policy. The Segment List in the SRH
extension header is encapsulated as <3::3, 4::4, 5::100>, and the SL
is set to 2.
The Segment List in SRH is shown in Figure 2.
+--------+
Segment List[0] | 5::100 | ==> PE2's End.DT4 SID
+--------+
Segment List[1] | 4::4 |
+--------+
Segment List[2] | 3::3 |
+--------+
Figure 2
The segment list optimization method proposed in this document is
suitable for both SRv6 SID compressed and non-compressed scenarios.
If the END SID and VPN SID of the egress node share a common
Locator-Block with a sequence of consecutive nodes, the SIDs of the
egress node can also be arranged in a compressed Segment List.
In order to improve compression efficiency and reduce the overhead
of SRv6 packet header, the compressed Segment List can only contain
the compressed VPN SID.
Liu, et al. Expires July, 2024 [Page 7]
Internet-Draft SRv6 Segment List Optimization January 2024
As shown in Figure 3, PE1, P1, P2, and PE3 share the common Locator-
block A:0:0:0/64 (represented by LB in Figure 3).
+---+ +---+ +---+ +---+ +---+ +---+
|CE1|----|PE1|-----| P1|-----| P2|-----|PE2|---|CE2|
+---+ +---+ +---+ +---+ +---+ +---+
LB:2:1:: LB:2:2:: LB:2:3:: LB:2:4::
End.DT4 SID: LB:2:100::
Figure 3
The compressed Segment List optimized in SRH is shown in Figure 4.
+-----------+-------+-------+-------+------+
| A:0:0:0 | 2:2 | 2:3 | 2:100| 0 |
+-----------+-------+-------+-------+------+
64bits 16bits 16bits 16bits
Figure 4
6.2. OAM Packet Processing to the Egress Node
If the head node enables OAM function and detects a fault in the
SRv6 Policy forwarding path, PE1 will send OAM detection messages to
PE2, such as BFD packets.
The OAM detection message sends by PE1 encapsulate the segment list
corresponding to the SRv6 Policy. Since the message does not need to
be sent to VPN, the Segment List of the SRH extension header is
encapsulated as <3::3, 4::4, 5::5>.
The Segment List in SRH is shown in Figure 5.
+--------+
Segment List[0] | 5::5 | ==> PE2's End SID
+--------+
Segment List[1] | 4::4 |
+--------+
Segment List[2] | 3::3 |
+--------+
Figure 5
7. IANA Considerations
No requirements for IANA.
Liu, et al. Expires July, 2024 [Page 8]
Internet-Draft SRv6 Segment List Optimization January 2024
8. Security Considerations
[RFC8754] defines the notion of an SR domain and use of SRH within
the SR domain. The use of egress protection mechanism described in
this document is restricted to an SR domain. Procedures for securing
an SR domain are defined the section 5.1 and section 7 of [RFC8754].
This document does not impose any additional security challenges to
be considered beyond security threats described in [RFC8754],
[RFC8679] and [RFC8986].
9. References
9.1. Normative References
[I-D.draft-ietf-idr-segment-routing-te-policy] Previdi, S.,
Filsfils, C., Talaulikar, K., Mattes, P., Jain, D., Lin,
S., "Advertising Segment Routing Policies in BGP", Work in
Progress, Internet-Draft, draft-draft-ietf-idr-segment-
routing-te-policy-26, 23 October 2023, <
https://www.ietf.org/archive/id/draft-ietf-idr-segment-
routing-te-policy-26.txt>
[RFC8400] Chen, H., Liu, A., Saad, T., Xu, F., and L. Huang,
"Extensions to RSVP-TE for Label Switched Path (LSP)
Egress Protection", RFC 8400, DOI 10.17487/RFC8400, June
2018, <https://www.rfc-editor.org/info/rfc8400>.
[RFC8679] Shen, Y., Jeganathan, M., Decraene, B., Gredler, H.,
Michel, C., and H. Chen, "MPLS Egress Protection
Framework", RFC 8679, DOI 10.17487/RFC8679, December 2019,
<https://www.rfc-editor.org/info/rfc8679>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing
Header(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
(SRv6) Network Programming", RFC 8986, DOI
10.17487/RFC8986, February 2021, <https://www.rfc-
editor.org/info/rfc8986>.
Liu, et al. Expires July, 2024 [Page 9]
Internet-Draft SRv6 Segment List Optimization January 2024
9.2. Informative References
TBD
10. Acknowledgments
TBD
Authors' Addresses
Yisong Liu
China Mobile
Email: liuyisong@chinamobile.com
Changwang Lin
New H3C Technologies
Email: linchangwang.04414@h3c.com
Ran Chen
ZTE Corporation
Email: chen.ran@zte.com.cn
Yuanxiang Qiu
New H3C Technologies
Email: qiuyuanxiang@h3c.com
Liu, et al. Expires July, 2024 [Page 10]