LSR Working Group C. Xie Internet-Draft C. Ma Intended status: Informational China Telecom Expires: January 13, 2022 J. Dong Z. Li Huawei Technologies July 12, 2021 Using IS-IS Multi-Topology (MT) for Segment Routing based Virtual Transport Network draft-ietf-lsr-isis-sr-vtn-mt-01 Abstract Enhanced VPN (VPN+) aims to provide enhanced VPN service to support some application's needs of enhanced isolation and stringent performance requirements. VPN+ requires integration between the overlay VPN and the underlay network. A Virtual Transport Network (VTN) is a virtual underlay network which consists of a subset of the network topology and network resources allocated from the physical network. A VTN could be used as the underlay for one or a group of VPN+ services. In some network scenarios, each VTN can be associated with a unique logical network topology. This document describes a mechanism to build the SR based VTNs using IS-IS Multi-Topology together with other well-defined IS-IS extensions. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 13, 2022. Xie, et al. Expires January 13, 2022 [Page 1] Internet-Draft IS-IS MT for SR VTN July 2021 Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Advertisement of SR VTN Topology Attribute . . . . . . . . . 3 3. Advertisement of SR VTN Resource Attribute . . . . . . . . . 4 3.1. Advertising Topology-specific TE attributes . . . . . . . 4 4. Forwarding Plane Operations . . . . . . . . . . . . . . . . . 5 5. Scalability Considerations . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Enhanced VPN (VPN+) is an enhancement to VPN services to support the needs of new applications, particularly including the applications that are associated with 5G services. These applications require enhanced isolation and have more stringent performance requirements than that can be provided with traditional overlay VPNs. Thus these properties require integration between the underlay and the overlay networks. [I-D.ietf-teas-enhanced-vpn] specifies the framework of enhanced VPN and describes the candidate component technologies in different network planes and layers. An enhanced VPN may be used for 5G transport network slicing, and will also be of use in other generic scenarios. To meet the requirement of enhanced VPN services, a number of virtual transport networks (VTN) can be created, each with a subset of the underlay network topology and a subset of network resources allocated Xie, et al. Expires January 13, 2022 [Page 2] Internet-Draft IS-IS MT for SR VTN July 2021 from the underlay network to meet the requirement of one or a group of VPN+ services. Another possible approach is to create a set of point-to-point paths, each with a set of network resource reserved along the path, such paths are called Virtual Transport Path (VTP). Although using a set of dedicated VTPs can provide similar characteristics as a VTN, it has some scalability issues due to the per-path state in the network. [I-D.ietf-spring-resource-aware-segments] introduces resource awareness to Segment Routing (SR) [RFC8402]. The resource-aware SIDs have additional semantics to identify the set of network resources available for the packet processing action associated with the SIDs. As described in [I-D.ietf-spring-sr-for-enhanced-vpn], the resource- aware SIDs can be used to build SR based VTNs with the required network topology and network resource attributes to support enhanced VPN services. With segment routing based data plane, Segment Identifiers (SIDs) can be used to represent both the topology and the set of network resources allocated by network nodes to a virtual network. The SIDs of each VTN and the associated topology and resource attributes need to be distributed using control plane. [I-D.dong-lsr-sr-enhanced-vpn] defines the IGP mechanisms with necessary extensions to provide scalable Segment Routing (SR) based VTNs. The VTNs could be used as the underlay of the enhanced VPN service. The mechanism described in [I-D.dong-lsr-sr-enhanced-vpn] allows flexible combination of the topology and resource attribute to build a relatively large number of VTNs. In some network scenarios, it is assumed that each VTN can have an independent topology and a set of dedicated or shared network resources. This document describes a simplified mechanism to build SR based VTNs in those scenarios. The resource-aware segments can be used with this approach to provide resource guaranteed SR VTNs, the normal SR segments may also be used to provide SR VTNs with shared network resources in the forwarding plane. The approach is to use IS-IS Multi-Topology [RFC5120] with segment routing [RFC8667] to define the independent network topologies of each VTN. The attribute of network resources allocated to a VTN can be advertised by using IS-IS MT with the Traffic Engineering (TE) extensions defined in [RFC5305] and [RFC8570]. 2. Advertisement of SR VTN Topology Attribute IS-IS Multi-Topology Routing (MTR) [RFC5120] has been defined to create independent topologies in one network. In [RFC5120], MT-based TLVs are introduced to carry topology-specific link-state information. The MT-specific Link or Prefix TLVs are defined by adding additional two bytes, which includes 12-bit MT-ID field in Xie, et al. Expires January 13, 2022 [Page 3] Internet-Draft IS-IS MT for SR VTN July 2021 front of the ISN TLV and IP or IPv6 Reachability TLVs. This provides the capability of specifying the customized attributes of each topology. When each VTN is associated with an independent network topology, MT-ID could be used as the identifier of VTN in control plane. MTR can be used with segment routing based data plane. Thus the topology attribute of an SR based VTN could be advertised using MTR with segment routing. The IS-IS extensions to support the advertisement of topology-specific MPLS SIDs are specified in [RFC8667]. Topology-specific Prefix-SIDs can be advertised by carrying the Prefix-SID sub-TLVs in the IS-IS TLV 235 (MT IP Reachability) and TLV 237 (MT IPv6 IP Reachability). Topology- specific Adj-SIDs can be advertised by carrying the Adj-SID sub-TLVs in IS-IS TLV 222 (MT-ISN) and TLV 223 (MT IS Neighbor Attribute). The topology-specific Prefix-SIDs and Adj-SIDs can be resource-aware segments or normal SR segments. The IS-IS extensions to support the advertisement of topology- specific SRv6 Locators and SIDs are specified in [I-D.ietf-lsr-isis-srv6-extensions]. The topology-specific SRv6 locators are advertised using SRv6 Locator TLV, and SRv6 End SIDs inherit the MT-ID from the parent locator. The topology-specific End.X SID are advertised by carrying SRv6 End.X SID sub-TLVs in the IS-IS TLV 222 (MT-ISN) and TLV 223 (MT IS Neighbor Attribute). The topology-specific SRv6 locators can be resource-aware locator or normal SRv6 locator, and accordingly the topology-specific SRv6 SIDs can be resource-aware SRv6 segments or normal SRv6 segments. 3. Advertisement of SR VTN Resource Attribute In order to perform constraint based path computation for each VTN on the network controller or on the ingress nodes, the network resource and other attributes associated with each VTN need to be advertised. 3.1. Advertising Topology-specific TE attributes On each network link, the information of the network resources and other attributes associated with a VTN can be specified by carrying the TE attributes sub-TLVs [RFC5305] and [RFC8570] in the IS-IS TLV 222 (MT-ISN) and TLV 223 (MT IS Neighbor Attribute) of the corresponding topology. When Maximum Link Bandwidth sub-TLV is carried in the MT-ISN TLV of a topology, it indicates the amount of link bandwidth allocated to the corresponding VTN. The bandwidth allocated to a VTN can be exclusive for services carried in the corresponding VTN. The usage of other TE attributes in topology-specific TLVs is for further study. Xie, et al. Expires January 13, 2022 [Page 4] Internet-Draft IS-IS MT for SR VTN July 2021 Editor's note1: It is noted that carrying per-topology TE attributes was considered as a possible feature in future when the encoding of IS-IS multi-topology was defined in [RFC5120]. 4. Forwarding Plane Operations For SR-MPLS data plane, a Prefix-SID is associated with the paths calculated in the corresponding topology of a VTN. An outgoing interface is determined for each path. In addition, the prefix-SID also steers the traffic to use the subset of network resources allocated to the VTN on the outgoing interface for packet forwarding. An Adj-SID is associated with a subset of network resources allocated to a VTN on the link. The Adj-SIDs and Prefix-SIDs associated with the same VTN can be used together to build SR-MPLS paths with the topological and resource constraints of the VTN. For SRv6 data plane, an SRv6 Locator is a prefix which is associated with the paths calculated in the corresponding topology of a VTN. An outgoing interface is determined for each path. In addition, the SRv6 Locator prefix also steers the traffic to use the subset of network resources which are allocated to the VTN on the outgoing interface for packet forwarding. An End.X SID is associated with a subset of network resources allocated to a VTN on the link. The End.X SIDs and the SRv6 Locator prefixes associated with the same VTN can be used together to build SRv6 paths with the topological and resource constraints of the VTN. 5. Scalability Considerations The mechanism described in this document assumes that each VTN is associated with a unique topology, so that the MT-IDs can be reused to identify the VTNs in the control plane. While this brings the benefit of simplicity, it also has some limitations. For example, it means that even if multiple VTNs have the same topology, they would still need to be identified using different MT-IDs in the control plane, then independent path computation needs to be executed for each VTN. Thus the number of VTNs supported in a network may be dependent on the number of topologies supported, which is related to the control plane overhead. The mechanism described in this document is applicable to network scenarios where the number of required VTN is relatively small. A detailed analysis about the VTN scalability and the possible optimizations for supporting a large number of VTNs is described in [I-D.dong-teas-enhanced-vpn-vtn-scalability]. Xie, et al. Expires January 13, 2022 [Page 5] Internet-Draft IS-IS MT for SR VTN July 2021 6. Security Considerations This document introduces no additional security vulnerabilities to IS-IS. The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on IGPs. 7. IANA Considerations This document does not request any IANA actions. 8. Acknowledgments The authors would like to thank Zhibo Hu, Dean Cheng, Les Ginsberg and Peter Psenak for the review and discussion of this document. 9. References 9.1. Normative References [I-D.ietf-lsr-isis-srv6-extensions] Psenak, P., Filsfils, C., Bashandy, A., Decraene, B., and Z. Hu, "IS-IS Extension to Support Segment Routing over IPv6 Dataplane", draft-ietf-lsr-isis-srv6-extensions-14 (work in progress), April 2021. [I-D.ietf-spring-resource-aware-segments] Dong, J., Bryant, S., Miyasaka, T., Zhu, Y., Qin, F., Li, Z., and F. Clad, "Introducing Resource Awareness to SR Segments", draft-ietf-spring-resource-aware-segments-02 (work in progress), February 2021. [I-D.ietf-spring-sr-for-enhanced-vpn] Dong, J., Bryant, S., Miyasaka, T., Zhu, Y., Qin, F., Li, Z., and F. Clad, "Segment Routing based Virtual Transport Network (VTN) for Enhanced VPN", draft-ietf-spring-sr-for- enhanced-vpn-00 (work in progress), February 2021. [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/RFC5120, February 2008, . [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic Engineering", RFC 5305, DOI 10.17487/RFC5305, October 2008, . Xie, et al. Expires January 13, 2022 [Page 6] Internet-Draft IS-IS MT for SR VTN July 2021 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . [RFC8570] Ginsberg, L., Ed., Previdi, S., Ed., Giacalone, S., Ward, D., Drake, J., and Q. Wu, "IS-IS Traffic Engineering (TE) Metric Extensions", RFC 8570, DOI 10.17487/RFC8570, March 2019, . [RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C., Bashandy, A., Gredler, H., and B. Decraene, "IS-IS Extensions for Segment Routing", RFC 8667, DOI 10.17487/RFC8667, December 2019, . 9.2. Informative References [I-D.dong-lsr-sr-enhanced-vpn] Dong, J., Hu, Z., Li, Z., Tang, X., Pang, R., JooHeon, L., and S. Bryant, "IGP Extensions for Segment Routing based Enhanced VPN", draft-dong-lsr-sr-enhanced-vpn-05 (work in progress), February 2021. [I-D.dong-teas-enhanced-vpn-vtn-scalability] Dong, J., Li, Z., Qin, F., Yang, G., and J. N. Guichard, "Scalability Considerations for Enhanced VPN (VPN+)", draft-dong-teas-enhanced-vpn-vtn-scalability-02 (work in progress), February 2021. [I-D.ietf-teas-enhanced-vpn] Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A Framework for Enhanced Virtual Private Network (VPN+) Services", draft-ietf-teas-enhanced-vpn-07 (work in progress), February 2021. Authors' Addresses Chongfeng Xie China Telecom China Telecom Beijing Information Science & Technology, Beiqijia Beijing 102209 China Email: xiechf@chinatelecom.cn Xie, et al. Expires January 13, 2022 [Page 7] Internet-Draft IS-IS MT for SR VTN July 2021 Chenhao Ma China Telecom China Telecom Beijing Information Science & Technology, Beiqijia Beijing 102209 China Email: machh@chinatelecom.cn Jie Dong Huawei Technologies Huawei Campus, No. 156 Beiqing Road Beijing 100095 China Email: jie.dong@huawei.com Zhenbin Li Huawei Technologies Huawei Campus, No. 156 Beiqing Road Beijing 100095 China Email: lizhenbin@huawei.com Xie, et al. Expires January 13, 2022 [Page 8]