Distribute SRv6 Locator by DHCP
China Mobile
Beijing
- The format of the IA_SRV6_LOCATOR option is:
-
-
Option-Code: OPTION_IA_SRV6_LOCATOR, the option code for the
Identity Association for SRv6 Locator. The current
value of 149 was requested as part of an early assignment from IANA.
-
Option-Len: 12 + the length of IA_SRV6_LOCATOR-Options field in
octets.
-
IAID: The unique identifier for this IA_SRV6_LOCATOR. The IAID
MUST be unique among the identifiers for all of this client's
IA_SRV6_LOCATORs. The number space for IA_SRV6_LOCATOR IAIDs is
separate from the number space for other IA option types. A 4-octet field containing an unsigned integer.
-
T1: The time interval after which the client should contact the
server from which the SRv6 Locators in the IA_SRV6_LOCATOR were
obtained to extend the lifetimes of the SRv6 Locators to the
IA_SRV6_LOCATOR. T1 is a time duration relative to the message
reception time expressed in units of seconds. A 4-octet field
containing an unsigned integer.
-
T2: The time interval after which the client should contact any
available server to extend the lifetimes of the SRv6 Locators
assigned to the IA_SRV6_LOCATOR. T2 is a time duration relative to
the message reception time expressed in units of seconds. A 4-
octet field containing an unsigned integer.
-
IA_SRV6_LOCATOR-Options: Options associated with this
IA_SRV6_LOCATOR. A variable-length field (12 octets less than the
value in the Option-Len field).
The IA_SRV6_LOCATOR-Options field encapsulates those options that
are specific to this IA_SRV6_LOCATOR. For example, all of the IA
Locator options (see ) carrying the SRv6 Locators
associated with this IA_SRV6_LOCATOR are in the IA_SRV6_LOCATOR-
Options field.
An IA_SRV6_LOCATOR option may only appear in the options area of a
DHCP message. A DHCP message may contain multiple IA_SRV6_LOCATOR
Options (though each must have a unique IAID).
The status of any operations involving this IA_SRV6_LOCATOR is
indicated in a Status Code option (see Section 21.13 of ) in the IA_SRV6_LOCATOR-Options field.
Note that an IA_SRV6_LOCATOR has no explicit "lifetime" or "lease length" of its own. When the valid lifetimes of all of the SRv6
Locators in an IA_SRV6_LOCATOR have expired, the IA_SRV6_LOCATOR can
be considered as having expired. T1 and T2 fields are included to
give the server explicit control over when a client should contact
the server about a specific IA_SRV6_LOCATOR.
In a message sent by a client to a server, the T1 and T2 fields
SHOULD be set to 0. The server MUST ignore any values in these
fields in messages received from a client.
In a message sent by a server to a client, the client MUST use the
values in the T1 and T2 fields for the T1 and T2 timers, unless
values in those fields are 0. The values in the T1 and T2 fields are
the number of seconds until T1 and T2.
The server selects the T1 and T2 times to allow the client to extend
the lifetimes of any SRv6 Locators in the IA_SRV6_LOCATOR before the
lifetimes expire, even if the server is unavailable for some short
period of time. Recommended values for T1 and T2 are 0.5 and 0.8
times the shortest preferred lifetime of the SRv6 Locators in the
IA_SRV6_LOCATOR that the server is willing to extend, respectively.
If the time at which the SRv6 Locators in an IA_SRV6_LOCATOR are to
be renewed is to be left to the discretion of the client, the server
sets T1 and T2 to 0. The client MUST follow the rules defined in
Section 14.2 of .
If a client receives an IA_SRV6_LOCATOR with T1 greater than T2 and
both T1 and T2 are greater than 0, the client discards the
IA_SRV6_LOCATOR option and processes the remainder of the message as
though the server had not included the IA_SRV6_LOCATOR option.
IA Locator Option
The IA Locator option is used to specify an SRv6 Locator associated
with an IA_SRV6_LOCATOR. The IA Locator option MUST be encapsulated
in the IA_SRV6_LOCATOR-Options field of an IA_SRV6_LOCATOR option
(see ). The terms Locator Block and Locator Node
correspond to the B and N parts, respectively, of the SRv6 Locator
that is defined in Section 3.1 of .
-
-
Option-code: OPTION_IALOCATOR, the option code for IA_SRv6_LOCATOR
option. The current value of 150 was requested as part of an early assignment from IANA.
-
Option-Len: 16 + the length of SRv6-Locator + the length of IALocator-Options field in octets.
-
Preferred-lifetime: The preferred lifetime for the SRv6 Locator in
the option, expressed in units of seconds. A value of 0xffffffff
represents "infinity" (see Section 7.7 of ). A 4-octet field containing an unsigned integer.
-
Valid-lifetime: The valid lifetime for the SRv6 Locator in the
option, expressed in units of seconds. A value of 0xffffffff
represents "infinity". A 4-octet field containing an unsigned
integer.
-
Algorithm: A 1-octet unsigned integer. The algorithm associated with the SRv6
Locator from which the SID is allocated. Algorithm values are
defined in the "IGP Algorithm Types" registry and .
-
Reserved: A 3-octet unsigned integer, MUST be set to zero and ignored when received.
-
LB-Len: SRv6 SID Locator Block (LB) length in bits. A 1-octet
unsigned integer.
-
LN-Len: SRv6 SID Locator Node (LN) length in bits. A 1-octet
unsigned integer.
-
Fun-Len: SRv6 SID function (FUNCT) length in bits. A 1-octet
unsigned integer.
-
Arg-Len: SRv6 SID arguments (ARG) length in bits. A 1-octet
unsigned integer.
-
SRv6-Locator: 0–16 octets. This field encodes the SRv6 Locator.
The SRv6 Locator is encoded in the minimal number of octets for the SRv6 SID
Locator length that is LB-Len plus LN-Len. Trailing bits MUST be set to zero and
ignored when received.
-
IALocator-Options: Options associated with this SRv6 Locator. A
variable-length field (determined by subtracting the length of the
SRv6-Locator from the Option-Len minus 12). The Status code
"NoSRv6LocatorAvail" indicate the server has no locators available
to assign to the IA_SRv6_LOCATOR(s).
The SRv6 SID Locator length (LOC-Len) is LB-Len plus LN-Len.
The sum of LB-Len, LN-Len, Fun-Len, and Arg-Len MUST NOT exceed 128
bits. If the sum exceeds 128 bits, the IA_SRV6_LOCATOR option MUST
be marked as invalid, and the remainder of the message SHOULD be
processed as if the packet did not include this option.
The values in the preferred-lifetime and valid-lifetime fields are
the number of seconds remaining in each lifetime. The value of
0xffffffff for the preferred lifetime or the valid lifetime is taken
to mean "infinity" and should be used carefully. The details about
the use of lifetime values for assigned SRv6 Locators are the same
as the ones specified for prefix delegation in Section 18.2.10.1 of
.
An IA Locator option may appear only in an IA_SRV6_LOCATOR option.
More than one IA Locator option can appear in a single
IA_SRV6_LOCATOR option.
The status of any operations involving this IA_SRv6_LOCATOR option
is indicated in a Status Code option (see Section 21.13 of ) in the IALocator-Options field.
Process of Assigning SRv6 Locator
Procedure of SRv6 Locator
Consistent with Prefix Delegation mechanism ,
the DHCPv6 Client obtains an SRv6 Locator via DHCPv6. The key
message exchanges involved are Solicit, Request, Advertise, and
Reply. Once the DHCPv6 Server assigns an SRv6 Locator to the DHCPv6 Client, it
automatically adds the associated SRv6 Locator routes.
Figure 4 illustrates the process of SRv6 Locator allocation through
DHCPv6.
As specified in Sections 18.2.1 of , DHCP
client sends a Solicit message containing an IA_SRV6_LOCATOR option
to request a locator. The client may include its preferred locator
value within the IA_SRV6_LOCATOR option.
DHCPv6 Server processes the Solicit message, assigns a locator to the
client, and returns the allocated locator in an Advertise message
with the IA_SRV6_LOCATOR option.
As specified in Sections 18.2.2 of , upon
receiving the Advertise message, client accepts the assigned locator
and sends a Request message with the IA_SRV6_LOCATOR option to
confirm the requested locator.
The server processes the Request message, confirms the locator
assignment, and responds with a Reply message containing the
IA_SRV6_LOCATOR option with the allocated locator.
As described in Sections 18.2.4 of , client
periodically sends a Renew message with the IA_SRV6_LOCATOR option
to refresh the lease. The server processes the Renew message,
updates the lease, and replies with a Reply message containing the
IA_SRV6_LOCATOR option.
As described in Sections 18.2.5 of , if the
client does not receive a Reply message before the T2 timer expires,
it sends a Rebind message with the IA_SRV6_LOCATOR option to attempt
lease renewal.
If the server responds with a Reply message, the client retains its
allocated locator.
If no response is received, the client considers the lease expired
and restarts the process by sending a new Solicit message.
As described in Sections 18.2.7 of , if the
client is about to go offline, it sends a Release message with the
IA_SRV6_LOCATOR option to relinquish the locator.
Upon receiving a valid Release message, and when the SRv6 Locator in the message is valid,
the server MUST remove the lease and free the locator, making it available for allocation
to other clients. For detailed processing procedures, refer to Section 18.3.7
of .
DHCPv6 Client Behavior
A client uses the Solicit message to discover DHCPv6 servers
configured to assign leases or return other configuration parameters
on the link to which the client is attached.
A client uses Request, Renew, Rebind, Release and Decline messages
during the normal lifecycle of SRv6 Locator assignment.
In a message sent by a client to a server, the preferred-lifetime
and valid-lifetime fields SHOULD be set to 0. The server MUST ignore
any received values in these lifetime fields.
The client MUST NOT send an IA_SRv6_LOCATOR option with 0 in the
"LB-Len" or "LN-Len" fields. The client MAY send non-zero values in
the "LB-Len" and "LN-Len" fields, and the unspecified value (::) in
the "SRv6-Locator" field to indicate a preference for the size of
the SRv6 Locator to be assigned. The LOC-Len (LB-Len + LN-Len) hint
provided by a client is similar to the prefix-length hint in an
IA_PD. Clients and servers are expected to follow the guidance
provided in .
The client MUST discard any SRv6 Locators for which the preferred
lifetime is greater than the valid lifetime.
The process of requesting an SRv6 Locator is the same as that of
requesting prefixes. When requesting an SRv6 Locator, the DHCPv6
client sends a request message carrying the IA_SRV6_LOCATOR option
to the DHCPv6 server.
Upon the receipt of a valid Reply message with IA_SRV6_LOCATOR
option in response to a Solicit with a Rapid Commit option, Request,
Renew, or Rebind message, the client MUST process the Reply message
according to the requirements of Section 18.2.10 of ,
and configure the assigned SRv6 Locator in the client
device automatically.
After obtaining the SRv6 Locator assigned by the DHCPv6 server, how
to assign local SRv6 SIDs based on this SRv6 Locator, how to use
multiple assigned SRv6 Locators, and how to advertise these SRv6
SIDs to the rest of the network are not within the scope of this
document. In certain scenarios where multiple allocations are required—for example,
when supporting the allocation of multiple SRv6 compressed Locators ,
or when SRv6 Locators for SRv6 VPN services need to be assigned separately—the
allocation policy between the DHCPv6 client and DHCPv6 server MUST be consistent.
The client uses the SRv6 locators and associated information from
any IAs that do not contain a Status Code option with the
NoSRv6LocatorAvail status code. The client MAY include the IAs for which it received the
NoSRv6LocatorAvail status code, with no SRv6 Locators, in subsequent Renew
and Rebind messages sent to the server, to retry obtaining the SRv6 Locators for these IAs.
To extend the preferred and valid lifetimes for the assigned SRv6
Locators or obtain new assigned SRv6 Locators, the client sends a
Renew/Rebind message to the server with IA_SRV6_LOCATOR option as
specified in Sections 18.2.4 and 18.2.5 of .
If the client no longer uses the SRv6 Locator, the client can
actively send a Release message to notify the server to reclaim SRv6
Locator and delete the corresponding SRv6 Locator. The client MUST
include options containing the IAs for the SRv6 Locators it is
releasing in the IA_SRV6_LOCATOR-options of IA_SRV6_LOCATOR option.
A client can explicitly request multiple SRv6 Locator prefixes by
sending multiple IA_SRV6_LOCATOR options. A client can send multiple
IA_SRV6_LOCATOR options in its initial transmissions.
Alternatively, it can send an extra Request message with additional
new IA_SRV6_LOCATOR options (or include them in a Renew message).
DHCP allows a client to request new SRv6 Locators to be assigned by
sending additional new IA_SRV6_LOCATOR options. However, a typical
operator usually prefers to assign a single, larger prefix. In most
deployments, it is RECOMMENDED that the client request a larger SRv6
Locator in its initial transmissions rather than request additional
SRv6 Locators later on.
DHCPv6 Server Behavior
When the server receives a valid Request message or a valid Solicit
message with a Rapid Commit option, the server creates the bindings
for that client according to the server's policy and configuration
information and records the IAs and other information requested by
the client.
The DHCPv6 server treats the SRv6 Locator as the prefix of prefix
pool. Upon the receipt of the IA_SRV6_LOCATOR option, the server
searches the SRv6 Locator prefix pool and allocates appropriate SRv6
Locators for the client.
If there is an assignable SRv6 Locator, the server creates the SRv6
Locator binding entry for that client according to the server's
policy and configuration information and constructs a Reply message
that includes an IA_SRV6_LOCATOR option with the SRv6 Locator
information (including LB-Len, LN-Len, Fun-Len, and Arg-Len)
assigned to the client.
The IA_SRV6_LOCATOR option is filled with the SRv6 Locator
information assigned to the client. The IA_SRV6_LOCATOR option
populates the SRv6 Locator block length, locator node length,
function length, and arguments length.
Upon receiving a Release message from the client or when the SRv6
Locator lease expires, the server reclaims the SRv6 Locator prefix
resource and deletes the corresponding binding entry.
For any IA_SRV6_LOCATOR option in the Request message to which the
server cannot assign any SRv6 Locators, the server MUST return the
IA_SRV6_LOCATOR option in the Reply message with no SRv6 Locator
prefixes in the IA_SRV6_LOCATOR and with a Status Code option
containing status code NoSRv6LocatorAvail in the IA_SRV6_LOCATOR.
After receiving a DHCP message with multiple IA_SRV6_LOCATOR options
at the same time, whether the server can assign multiple SRv6
Locators to the client depends on the server policy, which is out of
scope for this document. Note that the configuration behavior of the
server and client SHOULD be consistent (e.g., "Clients and Servers
new assign a single locator unless explicitly configured").
DHCPv6 Relay Agent Behavior
The allocation of SRv6 locators to clients that reside on a different
link from the server requires a DHCPv6 relay agent. A DHCPv6 relay agent
forwards messages containing IA_SRV6_LOCATOR options in the same way as
it would relay addresses (i.e., per Sections 19.1.1 and 19.1.2 of
).
Advertisement of SRv6 Locator Route
This section describes the processing of SRv6 Locator routes.
As shown in Figure 5, when a DHCPv6 Relay or DHCPv6 Server receives
an SRv6 Locator allocation request from a client, it MAY assign an
SRv6 Locator to the client and install a corresponding SRv6 Locator route locally.
The next hop of this route SHOULD point to the requesting client.
Through this route, the DHCPv6 Relay or DHCPv6 Server can access the Host under the DHCPv6 Client,
while the DHCPv6 Relay or DHCPv6 Server MAY then advertise this route via traditional routing protocols
(e.g., an IGP) to allow other routers to learn it.
SRv6 Locators with an Algorithm value of zero can be advertised
as normal IP prefix reachability information. Conversely, SRv6 Locators with a non-zero
Algorithm value MUST be advertised using the Locators TLV as defined in
and .
Upon receiving an SRv6 Locator release request from the client, the
the DHCPv6 Relay or DHCPv6 Server MUST release the allocated SRv6 Locator, remove the local SRv6
Locator route, and withdraw the previously advertised SRv6 Locator
route via traditional routing protocols.
Add SRv6 locator route
Advertise SRv6 Locator route -->
Release Locator--> Del SRv6 locator route
Withdraw SRv6 Locator route -->
Figure 6: Advertisement of SRv6 Locator Route
]]>
Operational Considerations
This section outlines some operational considerations of assigning SRv6 Locators through DHCPv6.
The SRv6 Locator can be used to allocate SIDs with SR Endpoint Behaviors
as defined in , and also to allocate
SIDs with the NEXT and REPLACE flavors defined in .
Operators can allocate corresponding SIDs based on the LB and LN lengths of the
SRv6 Locator, as well as local policies.
When processing the newly defined SRv6 Locator in this document, if an error occurs in packet processing,
SRv6 Locator allocation fails, or lease aging is handled, the DHCPv6 Client and DHCPv6 Server
SHOULD log or record these SRv6 Locators as required by local policy.
Section 4.4 of provides necessary functional
requirements for operating DHCPv6 relays with prefix delegation.
These requirements also apply to the allocation of SRv6 Locators in DHCPv6 Relay scenarios.
Routing Stability as an Additional Operational Consideration.
Network operators may advertise an aggregated route rather than individual
prefixes in certain deployments to optimize Routing Information Base (RIB) performance.
The withdrawal of specific routes triggered by address releases may lead to a reduction
in advertised routes. An alternative approach is to implement a policy that governs
this behavior. In such cases, delegating routers will discard packets destined for
specific prefixes that are not "delegated" on the customer-facing interface.
Implementation Status
[Note to the RFC Editor - remove this section before publication, as well as remove the reference to [RFC7942].
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of
this Internet-Draft, and is based on a proposal described in
. The description of implementations in this section is
intended to assist the IETF in its decision processes in progressing
drafts to RFCs. Please note that the listing of any individual
implementation here does not imply endorsement by the IETF.
Furthermore, no effort has been spent to verify the information
presented here that was supplied by IETF contributors. This is not
intended as, and must not be construed to be, a catalog of available
implementations or their features. Readers are advised to note that
other implementations may exist.
According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".
New H3C Technologies
-
Organization: New H3C Technologies.
-
Implementation: H3C CR16000, CR19000 series routers implementation
of Distribute SRv6 Locator by DHCP.
-
Description: All sections including all the "MUST" and "SHOULD"
clauses have been implemented in above-mentioned New H3C
Products(running Version 7.1.099 and above).
-
Maturity Level: Product
-
Coverage: All sections.
-
Version: Draft-04
-
Licensing: N/A
-
Implementation experience: Nothing specific.
-
Contact: linchangwang.04414@h3c.com
-
Last updated: October 22, 2024
Raisecom Corporation
-
Organization: Raisecom Corporation.
-
Implementation: Raisecom's RaizSec-VNF RaizSec-VNF Series SD-WAN
Gateway implementation of Distribute SRv6 Locator by DHCP
-
Description: All sections including all the "MUST" and "SHOULD"
clauses have been implemented in Raisecom RaizSec-VNF series SD-
WAN Gateway.
-
Maturity Level: GA
-
Coverage: ALL
-
Version: Draft-04
-
Licensing: N/A
-
Implementation experience: Nothing specific.
-
Contact: jiarongbin@raisecom.com
-
Last updated: October 10, 2024
IANA Considerations
IANA through its early assignment policy assigned the following new DHCPv6 Option Codes in the
"Option Codes" registry maintained at
.
IANA is requested to assign a value for the following new DHCPv6
Status code in the registry maintained in
Security Considerations
See Section 22 of and Section 23 of
for the DHCP security considerations.
See for
the IPv6 security considerations.
As discussed in Section 22 of : DHCP lacks
end-to-end encryption between clients and servers; thus, hijacking,
tampering, and eavesdropping attacks are all possible as a result.
In some network environments, it is possible to secure them, as
discussed later in Section 22 of .
If not all parties use this mechanism to obtain an SRv6 Locator from
the DHCPv6 server, there is the possibility of the same SRv6 Locator
being used by more than one device. Note that this issue could exist
on these networks even if DHCP were not used to obtain the SRv6
Locator. A potential mitigation is to partition the available
address prefixes, ensuring that different allocation mechanisms draw
from non-overlapping pools.
Server implementations SHOULD consider configuration options to
limit the maximum number of SRv6 Locators to allocate (both in a
single request and in total) to a client. However, note that this
does not prevent a bad client actor from pretending to be many
different clients and consuming all available SRv6 Locators.
The SR domain is a trusted domain, as defined in , Sections
2 and 8.2. Having such a well-defined trust boundary is necessary in
order to operate SRv6-based services for internal traffic while
preventing any external traffic from accessing or exploiting the
SRv6-based services. Care and rigor in IPv6 address allocation for
use for SRv6 SID allocations and network infrastructure addresses,
as distinct from IPv6 addresses allocated for end users and systems
(as illustrated in Section 5.1 of ),
can provide the clear distinction between internal and external address space that is
required to maintain the integrity and security of the SRv6 Domain.
When assigning SRv6 Locators to SRv6 Segment Endpoint Nodes using
DHCPv6 as specified in this document, DHCPv6 Clients and DHCPv6 Servers MUST
operate within a single trusted SR domain. As a border node device, a DHCPv6 client
may reside in customer premises, while the DHCPv6 server is located within the provider network.
Although they belong to the same trusted SR domain, the DHCPv6 client MUST implement
appropriate traffic filtering capabilities on both its internal and external interfaces,
as required by Section 5.1 of .
Acknowledgements
The authors would like to thank Chongfeng Xie, Joel Halpern, Robert
Raszuk, Aihua Liu, Cheng Li, Xuewei Wang, Hao Li, Junjie Wang,
Mengxiao Chen, Fang Gao, Aijun Wang, Xinxin Yi, Shenchao Xu, Yisong
Liu, Xueshun Wang, Min Xiao, Liyan Gong, Linda Dunbar, Quan Xiong,
Adrian Farrel and Bernie Volz for their comments to this document.
References
Normative References
Informative References