BGP Flow-Spec Redirect to SR Segment List Action

Introduction BGP Flow Specification (Flow-spec) is an extension to BGP that allows for the dissemination of traffic flow specification rules. BGP Flow-spec Version 2 (FSv2) is defined in . details the concepts of Segment Routing (SR) Policy and steering into an SR Policy. An SR Policy consists of one or more candidate paths, each comprising one or more segment lists. As specified in , if a set of segment lists is associated with the active path of the policy, then the steering is per flow and weighted-ECMP (W-ECMP) based according to the relative weight of each segment list. Traffic generated by AI training and sample transmission exhibits elephant flow characteristics. Compared to ordinary traffic, elephant flows are characterized by high per-flow bandwidth, and long duration. When the traffic carried by an SR Policy contains elephant flows, distributing traffic across segment lists randomly based on weights may cause elephant flows to be assigned to inappropriate segment lists, leading to network load imbalance, e.g., collocation with other large flows on shared links. Currently BGP-FS supports steering traffic into an SR Policy. enables steering into an SR Policy using the address in the Redirect-to-IP action as the endpoint and the color in the Color Extended Community as the color of the target SR Policy. proposes a scheme that steers traffic into an SR Policy through a Binding SID. defines a FSv2 Redirect to SR Policy action directly using Policy Color and endpoint as the identifier. This document extends BGP-FS to allow traffic to be redirected to a specific segment list within an SR Policy candidate path.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Terminology This document uses terminology from , , and .

SR Policy: Segment Routing Policy, identified by <headend, color, endpoint>.
Candidate Path: A specific path option for an SR Policy, with an associated preference value.
Segment List: A specific SID stack that realizes a path; may have an associated weight for load balancing.
Segment List ID: A 32-bit identifier assigned to a segment list, unique within the scope of a candidate path .
Elephant Flow: A long-lived, high-bandwidth traffic flow typical in AI/ML training data transfers and storage replication flows.

Redirect to Segment List Action This action instructs the headend to redirect matching traffic into a specific segment list of a specific candidate path of an SR Policy. This action is encoded as a Flow Specification v2 (FSv2) Action SubTLV carried in a Wide Community container .

Action SubTLV Format The Redirect to Segment List action is encoded as a single FSv2 Action SubTLV. Sub-Type: TBD1 (2 octets)
Length: 2 octets, indicating the total number of octets of the Value field.
Value: Variable, formatted as follows:

Redirect to Segment List Action SubTLV Format

Flags Field The Flags field is 1 octet and defined as follows:

F (Fallback Enabled - 1 bit):
When set (1), the headend MUST perform the fallback procedure described in Section 3.2 if the designated segment list or candidate path becomes invalid or ceases to be the active candidate path. When clear (0), the headend MUST NOT fall back. R (Recovery - 1 bit):
When set (1), indicates that if the designated segment list later recovers, the headend SHOULD revert to pinning the traffic flow onto it. When clear (0), the headend SHOULD NOT automatically revert. Reserved (6 bits):
MUST be set to 0 on transmission and ignored on receipt.

SR Policy Identification Color (4 octets):
The Color value of the target SR Policy, an unsigned non-zero 32-bit integer. AFI (2 octets):
Address Family Identifier of the Endpoint. Values are taken from IANA's "Address Family Numbers" registry. This field determines the length of the Endpoint field:
- 1 (IPv4): Endpoint = 4 octets
- 2 (IPv6): Endpoint = 16 octets
Other AFI values are reserved and MUST NOT be sent; if received, the entire Action SubTLV MUST be treated as malformed (Section 4). Endpoint (variable):
The endpoint address of the SR Policy, encoded according to the AFI field.

Candidate Path Identification Protocol-Origin (4 octets):
The Protocol-Origin value of the candidate path. (See Section 2.3.) Originator (20 octets):
The Originator of the candidate path as specified in Section 2.4. Discriminator (4 octets):
The Discriminator of the candidate path, as defined in Section 2.5.

Segment List Identification Segment List ID (4 octets):
The identifier of the segment list within the candidate path. The value zero is reserved and MUST NOT be used; if received, the Action SubTLV MUST be treated as malformed.

Operational Considerations

Validation and Installation Upon receipt of a Flow Specification route containing this Action SubTLV, the headend MUST perform the following steps in order:

Resolve the SR Policy using <Color, Endpoint>.
Locate the candidate path within that SR Policy that exactly matches <Protocol-Origin, Originator, Discriminator>.
Verify that the candidate path is the active candidate path of the SR Policy (as in Section 2.9) .
Locate the segment list within that candidate path whose Segment List ID matches the value in the SubTLV.
Verify that the segment list is valid as per Section 5.

If any of these steps fail, the Action SubTLV is considered invalid, and the Flow Specification rule continues to be processed as if this Action SubTLV were not present. An implementation SHOULD log the validation failure. If all steps succeed, the headend installs a forwarding rule that redirects matching traffic exclusively to the designated segment list. Traffic SHOULD NOT be load-balanced to other segment lists within the same candidate path.

Fallback Behavior After successful installation, if the F-Flag is set and any of the following events occur:

The designated segment list becomes invalid,
The designated candidate path becomes invalid,
The designated candidate path is no longer the active candidate path of the SR Policy.

Then the headend MUST revert to ordinary SR Policy forwarding behavior as defined in . An implementation SHOULD generate an alert to indicate that explicit path pinning is no longer in effect and the reason for fallback.

Recovery Behavior If the R-Flag is set and the designated segment list later recovers (becomes valid again) while the designated candidate path remains active, the headend SHOULD revert to pinning the traffic flow onto the recovered segment list. An implementation MAY apply a configurable revert timer to avoid flapping. During the reversion process, traffic MUST NOT be dropped. The transition MAY be performed via make-before-break. If the R-Flag is clear, the headend SHOULD NOT automatically revert. A controller MAY withdraw and re-advertise the Flow Specification route to re-establish pinning.

Error Handling A Redirect to SR Policy Segment List SubTLV is considered malformed if:

The Length field does not match the expected size derived from the AFI and fixed fields.
The AFI is not 1 (IPv4) or 2 (IPv6).
The Segment List ID is zero.
The Originator field does not comply with the encoding rules (e.g., non-zero high-order bits for an IPv4 address).
The Protocol-Origin field has non-zero high-order 24 bits.

Malformed SubTLVs MUST be handled according to as treat-as-withdraw. The implementation SHOULD log the error.

IANA Considerations IANA is requested to assign a new Action Sub-Type value from the "BGP FSv2 Action types" registry (established by ) for the action defined in this document.

Security Considerations The security considerations of , , and apply. The ability to pin traffic to a specific candidate path and segment list introduces additional risk. A malicious controller could direct all elephant flows to a single segment list, causing link overload and congestion collapse. Operators SHOULD:

Implement per-session policies to restrict which BGP peers are allowed to send BGP-FS routes with this action.
Limit the rate of BGP-FS updates to protect headend resources.