Network Working Group T. Li Internet-Draft Z. Chen Intended status: Standards Track Huawei Technologies Expires: November 16, 2020 May 15, 2020 Anycast SID for Flexible and Robust Service in SRv6 draft-li-spring-anycast-sid-service-00 Abstract Segment Routing enables an operator or an application to specify a packet processing program. When Segment Routing is applied to IPv6 data plane, the list of IPv6 SIDs in SRH can specify a series of execution endpoints that hold service functions that process the packet. However, steering traffic dynamically to the different execution endpoints requires a specific "re-encapsulating". This procedure may be complex and take time. This document proposes A-SID (Anycast-SID) based on SRv6 to achieve flexible and robust service provision. It uses anycast SID to identify service functions and locates the service functions based on anycast routing. The proposed solution can stay compatibility with the existing SRv6. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED","MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Li & Chen Expires November 16, 2020 [Page 1] Internet-Draft Anycast SID Service in SRv6 May 2020 This Internet-Draft will expire on November 16, 2020. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Anycast SID (A-SID) . . . . . . . . . . . . . . . . . . . . . 3 4. Control Plane . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Data Plane . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 6 6.1. Usecase1 migration of service function . . . . . . . . . 6 6.2. Usecase2 failover of service function . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 10.2. Informative References . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Segment Routing [RFC8402] enables an operator or an application to specify a packet processing program. SRv6 applies Segment Routing to IPv6 data plane. A new routing header for IPv6, which is called Segment Routing Header (SRH) [RFC8754] is defined to carry 128-bit SIDs. The list of IPv6 SIDs in SRH can specify not only a TE path, but also a series of execution endpoints that hold service functions that process the packet. In this way, a service function chain [RFC7665] is formed based on SRv6. However, more and more functions, such as firewall and DPI, are deployed in cloud technology and Network Function Virtualization, Li & Chen Expires November 16, 2020 [Page 2] Internet-Draft Anycast SID Service in SRv6 May 2020 which means that a single function may be deployed on multiple execution locations and the function may be migrated to different locations frequently. Steering traffic dynamically to the different execution endpoints requires a specific "re-encapsulating" frequently at the ingress router. This procedure may be complex and take time. This document proposes A-SID (Anycast-SID) based on SRv6 to achieve flexible and robust service provision. In addition to the SIDs that are used for TE path on the node, specific A-SIDs are used for service function chain. The execution endpoints share a SID Locator and the kind of functions is identified by Function and Argument. The A-SIDs are advertised by the control plane and the packets are forwarded to the execution endpoints based on anycast routing. The proposed solution can stay compatibility with the existing SRv6. 2. Terminology The definitions of the SRv6 terms, such as SRv6, SID, SRH, locator and function can be found in [RFC8754], [RFC8402], and [I-D.draft-ietf-spring-srv6-network-programming]. The definition of Service Function Chain can be found in [RFC7665]. The definition of anycast can be found in [RFC3513]. This document introduces the following new terms: A-SID: Anycast-based Segment Identifier. 3. Anycast SID (A-SID) The SRv6 SID contains 16 bytes and can be separated into three parts: locator, function, and argument. As for the argument, we consider it as the accessory of function. So this document omits argument for a clear description and the SRv6 SID can be mainly separated into two parts: locator and function. All of the SRv6 endpoints have their own SIDs instantiated in the FIB table locally and advertised by the control plane as defined in [I-D.draft-ietf-spring-srv6-network-programming]. In addition to the existing SRv6 SIDs, the execution endpoints that hold service functions also have Anycast SIDs. The Locator of Anycast SID is shared by all the execution endpoints in the SR domain. In other words, one specific Locator is allocated to the execution endpoints to identify the Anycast SIDs. The Function of Anycast SID identifies the kind of service functions that the endpoint node can provide. That is, if two execution endpoints provide the same kind of service functions, they will have the same Anycast SID. Li & Chen Expires November 16, 2020 [Page 3] Internet-Draft Anycast SID Service in SRv6 May 2020 0 16 bytes +----------------------+--------------------+ | Locator | Function | +-------------------------------------------+ |<---Shared locator--->| | |<---------------Anycast SID--------------->| Figure 1: Anycast SID For example, the shared Locator is A::/64, Service Functions (SFs)1 - 3 are identified by B1 - B3. Node 1 provides SF1, node 2 and node 3 provide SF2, and node 4 provides SF3. The Anycast SIDs are shown in Figure 2. +---+ +---+ +---+ |SF1| |SF2| |SF3| +-+-+ +-+-+ +-+-+ | | A::B2 | | +--+---+ | | +-------+node 2+-------+ | +-------+ | | +------+ | | +------+ |ingress| +-+-+--+ +--+-+-+ |egress| | node +-----+node 1| |node 4+------+ node | | | +---+--+ +--+---+ | | +-------+ A::B1 | +------+ | A::B3 +------+ +-------+node 3+-------+ +--+---+ | A::B2 +-+-+ |SF2| +---+ Figure 2: the Anycast SIDs For example, the common prefix is A::/48, the SNID is a 16 bits value, and the SFID is a 8 bits value. Then the SSID, which is carried in the SRH, is 24 bits. 4. Control Plane The reachability of Anycast SIDs are advertised by control plane. As described in [I-D.draft-ietf-lsr-isis-srv6-extensions], a new flag in "Bit Values for Prefix Attribute Flags Sub-TLV" registry [RFC7794] is defined to advertise the anycast property. SRv6 Locator TLV is introduced to advertise Locators and End SIDs associated with each Li & Chen Expires November 16, 2020 [Page 4] Internet-Draft Anycast SID Service in SRv6 May 2020 locator. This TLV shares the sub-TLV space defined for TLVs 135, 236 and 237. This document adopts the Anycast Flag (A-flag). In addition, this document defines a new flag in SRv6 End SID sub-TLV. The format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+ | Type | Length | +---------------+---------------+---------------+ | Flags | Endpoint Behavior | +---------------+-------------------------------+---------------+ | Anycast SID (128 bits) . . . | +---------------------------------------------------------------+ | Anycast SID (cont . . .) | +---------------------------------------------------------------+ | Anycast SID (cont . . .) | +---------------------------------------------------------------+ | Anycast SID (cont . . .) | +---------------+-----------------------------------------------+ |Sub-sub-tlv-len| sub-sub-TLVs(variable). . . | +---------------+-----------------------------------------------+ Type: 5 (defined in [I-D.draft-ietf-lsr-isis-srv6-extensions]). Length: Variable. Flags: 8 bits. 0 1 2 3 4 5 6 7 +---------------+ |A|U|U|U|U|U|U|U| +---------------+ U: Unused and for future use. Must be 0 on transmission and ignored on receipt. A: Anycast flag, set when the SRv6 End SID sub-TLV carries the Anycast SIDs. Endpoint Behavior: 16 bits, code point that identifies the service functions. Anycast SID: 128 bits. Li & Chen Expires November 30, 2020 [Page 5] Internet-Draft Anycast SID Service in SRv6 May 2020 Sub-sub-TLV-length: defined in [I-D.draft-ietf-lsr-isis-srv6-extensions]. Sub-sub-TLVs: defined in [I-D.draft-ietf-lsr-isis-srv6-extensions]. The Anycast SID MUST be a subnet of the associated Locator. Anycast SIDs which are NOT a subnet of the associated locator MUST be ignored. Multiple Anycast SIDs MAY be associated with the same locator when a execution endpoint holds multiple service functions. In cases where the number of SRv6 End SID sub-TLVs exceeds the capacity of a single TLV, multiple Locator TLVs for the same locator MAY be advertised. Other details are defined in [I-D.draft-ietf-lsr-isis-srv6-extensions]. 5. Data Plane This document requires no data plane extensions to SRv6 and the Anycast SID has no differences with other SIDs. Anycast SIDs stay together with other SIDs in the SRH and the SID list can not only steer the packet along a TE path but also specifies the service functions that should process the packet. The Anycast SIDs are advertised by control plane and instantiated in the local FIB.When a SRv6-capable node receives an IPv6 packet, it performs a long-prefix-match lookup on the packets destination address. This lookup may return a FIB entry that represents a locally instantiated SID. If this matched SID is Anycast SID, the node should process the packet with the service function identified by the Anycast SID. 6. Illustration 6.1. Usecase1 migration of service function As illustrated in Figure 3, a SRv6-based service function chain needs to go through SF1, SF2 and SF3. At the beginning, SF1, SF2 and SF3 are provided on node 1, node 2 and node 4. Then, SF2 is migrated to node 3 and the flow should change the path. In addition to SRv6 SIDs A1::B1, A2::B2, A3::B2 and A4::B3 on the four nodes, they also have Anycast SIDs instantiated locally and advertised by the control plane. If original SRv6 is used, the SRH is (A1::B1, A2::B2, A4::B3) before the migration and (A1::B1, A2::B2, A4::B3) after the migration. The ingress node should change the encapsulation strategies under control of the controller and re-encapsulate the packets. Li & Chen Expires November 16, 2020 [Page 6] Internet-Draft Anycast SID Service in SRv6 May 2020 If Anycast SID is used, the SRH is (A::B1, A::B2, A::B3) before and after migration. No changes to the SRH is needed. Node 2 withdraws the route of A::B2 and Node 3 advertises A::B2. Then the packets are forwarded based on the route of A::B2/128. +---+ +---+ +---+ |SF1| |SF2|***** |SF3| +-+-+ +-+-+ * +-+-+ | A::B2 | * | | +--+---+ * | | +-------+node 2+--*----+ | +-------+ | | +------+ * | | +------+ |ingress| +-+-+--+ A2::B2 * +--+-+-+ |egress| | node +-----+node 1| * |node 4+------+ node | | | +---+--+ A3::B2 * +--+---+ | | +-------+ A::B1 | +------+ * | A::B3 +------+ A1::B1+-------+node 3+--*----+ A4::B3 +---^--+ * * * ******* Figure 3: Illustration topology for usecase1 6.2. Usecase2 failover of service function As illustrated in Figure 4, a SRv6-based service function chain needs to go through SF1, SF2 and SF3. At the beginning, SF1, SF2 and SF3 are provided on node 1, node 2 and node 4. Suddenly, node 2 is down and SF2 should be provided by node 3. The flow should change the path. In addition to SRv6 SIDs A1::B1, A2::B2, A3::B2 and A4::B3 on the four nodes, they also have Anycast SIDs instantiated locally and advertised by the control plane. If original SRv6 is used, the SRH is (A1::B1, A2::B2, A4::B3) before failover and (A1::B1, A2::B2, A4::B3) after failover. The ingress node should change the encapsulation strategies under control of the controller and re-encapsulate the packets. If Anycast SID is used, the SRH is (A::B1, A::B2, A::B3) before and after failover. No changes to the SRH is needed. Node 2 withdraws the route of A::B2 and Node 3 advertises A::B2. The FIB on node 1 is updated that the packet destinated to A::B2/128 should be forwarded to node 3. Then the packets are forwarded based on the route of A::B2/128. Li & Chen Expires November 30, 2020 [Page 7] Internet-Draft Anycast SID Service in SRv6 May 2020 +---+ +---+ +---+ |SF1| |SF2|***** |SF3| +-+-+ +-+-+ * +-+-+ | A::B2 | * | | +--+---+ * | | +-------+node 2+--*----+ | +-------+ | | +------+ * | | +------+ |ingress| +-+-+--+ A2::B2 * +--+-+-+ |egress| | node +-----+node 1| * |node 4+------+ node | | | +---+--+ A3::B2 * +--+---+ | | +-------+ A::B1 | +------+ * | A::B3 +------+ A1::B1+-------+node 3+--*----+ A4::B3 +--+---+ * A::B2 | * +-+-+ * |SF2|<**** +---+ Figure 4: Illustration topology for usecase2 7. Security Considerations TBD. 8. IANA Considerations IANA is requested to allocated one bit in SRv6 End SID sub-TLV Flags to indicate that the sub-TLV carries Anycast SIDs. 9. Acknowledgements TBD. 10. References 10.1. Normative References [I-D.draft-ietf-lsr-isis-srv6-extensions] Psenak, P., Filsfils, C., Bashandy, A., Decraene, B., and Z. Hu, "IS-IS Extension to Support Segment Routing over IPv6 Dataplane", draft-ietf-lsr-isis-SRv6-extension-07 (work in prograss) , March 2020. [I-D.draft-ietf-spring-srv6-network-programming] Filsfils, C., Camarillo, P., Leddy, J., Voyer, D., Matsushima, S., and Z. Li, "SRv6 Network Programming", draft-ietf-spring-srv6-network-programming-15 (work in prograss) , March 2020. Li & Chen Expires November 16, 2020 [Page 8] Internet-Draft Anycast SID Service in SRv6 May 2020 [I-D.draft-li-spring-compressed-srv6-np] Li, Z., Li, C., Xie, C., LEE, K., Tian, H., Zhao, F., Guichard, J., Li, C., and S. Peng, "Compressed SRv6 Network Programming", draft-li-spring-compressed- SRv6-np-02 (work in prograss) , February 2020. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Spectification", RFC 8200 , July 2017. [RFC8402] Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402 , July 2018. [RFC8754] Filsfils, C., Dukes, D., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754 , March 2020. 10.2. Informative References [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) Addressing Architecture", RFC 3513 , April 2003. [RFC7665] Halpern, J. and C. Pignataro, "Service Function Chaining (SFC) Architecture", RFC 7665 , October 2015. [RFC7794] Ginsberg, L., Decraene, B., Previdi, S., Xu, X., and U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability", RFC 7794 , March 2016. Authors' Addresses Taixin Li Huawei Technologies No. 156 Beiqing Rd Beijing 100095 China Email: litaixin@huawei.com Li & Chen Expires November 16, 2020 [Page 9] Internet-Draft Anycast SID Service in SRv6 May 2020 Zhe Chen Huawei Technologies No. 156 Beiqing Rd Beijing 100095 China Email: chenzhe17@huawei.com Li & Chen Expires November 16, 2020 [Page 10]