Internet-Draft | SRv6 Inter Domain Routing | September 2024 |
Mishra & McDougall | Expires 30 March 2025 | [Page] |
This draft describes the SRv6 Inter Domain routing architecture with IP VPN and EVPN overlays and seamlessly stitching the overlays across inter domain boundaries. This draft analyzes the SRv6 Design and Operational considerations regarding SRv6 Inter Domain routing and the SRv6 forwarding plane. This draft also describes three real world use cases of SRv6 Compression Next CSID and operational considrations with regards to SRv6 inter domain routing.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 30 March 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This draft describes the SRv6 Inter Domain routing architecture with IP VPN and EVPN overlays and seamlessly stitching the overlays across inter domain boundaries. This draft analyzes the SRv6 Design and Operational considerations regarding SRv6 Inter Domain routing and the SRv6 forwarding plane. This draft also describes three real world use cases of SRv6 Compression Next CSID and operational considrations with regards to SRv6 inter domain routing.¶
[RFC4364] describes BGP/MPLS IPv4 VPN and [RFC4659] describes BGP/MPLS IPv6 VPN. [RFC4364] describes BGP/MPLS IPv4 VPN Section 10 (a) describes Inter-AS Options A known as back to back PE-CE style peering, Section (b) Inter-AS Option B BGP-LU with Direct eBGP peering VPN overlay, Section (c) describes Inter-AS Option-C ASBR to ASBR interdomain loopbacks advertised with RR to RR eBGP multihop peering with next-hop unchangd.¶
With SRv6 MPLS Inter-AS options described in [RFC4364] and [RFC4659] are not applicable. However the knobs and concepts used in overaly stitching are still very applicable and are used with SRv6. SRv6 Service SID refers to the SRv6 specific endpoint behaviors defined in SRv6 Programming [RFC8986]. In this draft we discuss in detail the end to end service stitching of the L2 VPN EVPN and IP VPN SRv6 Service SID endpoint behaviors which includes L2 VPN endpoint behaviors End.DX2, End.DX2V, End.DX2U, End.DX2M and IP VPN endpoint behaviors End.DX4, End.DX6, End.DT4 and End.DT6.¶
SRv6 inter domain routting L2 VPN EVPN and IP VPN SRv6 service stitching is applicable to SRv6 Programming [RFC8986] 128 bit full SID and SRv6 Compression [I-D.ietf-spring-srv6-srh-compression] C-SID Next C-SID (uSID) endpoint flavor and Replace SID C-SID (G-SID) endpoint flavor.¶
[RFC9252] describes BGP Overlay services over SRv6 forwarding plane. For SRv6 Best effort (BE) service, the egress PE signals an SRv6 service SID with ingress PE for the BGP service overlay route. The ingress PE encapsulates the payload packet from the CE in an outer IPv6 header where the desitnation address is the SRv6 Service SID provided by the egress PE. In this case the underlay intermediate notes only need to support IPv6 data plane. In order to provide SRv6 service with an SLA from ingress PE to egress PE, the ingress PE colors the overlay service route with a color extended community [RFC9012] so the overlay color extended community maps to SR Policy [RFC9012], overlay color to underlay intent mapping. The ingress PE encapsulates the payload paacket from the CE in an outer IPv6 header with SR Policy candidate SID list related to the SLA path bound to the forwarding plane with Binding SID (BSID) set with the SRv6 service SID associated with the overlay service route active segment in the SRH for 128 bit Full SID or SRv6 Compression Next SID carrier uN endpoint function to forward along the static SID list or dynamic SID list path end to end steering.¶
SRv6 Prefix SID attribute [RFC8669] is extended by [RFC9252] to carry the SRv6 L2 VPN and IP VPN Service SIDs and their associated information in BGP NLRI AFI / SAFI. SRv6 L3 Service TLV encodes the service SID information for the SRv6 based L3 services providing the equivalent functionality of MPLS service label when received with a Layer 3 Service route as defined in BGP/MPLS VPN-IPv4 [RFC4364] and BGP/MPLS VPN-IPv6 [RFC4659]. Essentially the SRv6 L3 Service TLV encodes the L3 Service SID for SRv6 based services as an MPLS label for SRv6 Programming [RFC8986] endpoint behaviors End.DX4, End.DX6, End.DT4 and End.DT6. SRv6 L2 Service TLV encodes the service SID information for the SRv6 based L2 services providing the equivalent functionality of MPLS service label for an Ethernet VPN (EVPN) Route Types for L2 services as defined in BGP/MPLS EVPN [RFC7432]. Essentially the SRv6 L2 Service TLV encodes the L2 VPN Service SID for SRv6 based services as an MPLS label for SRv6 Programming [RFC8986] endpoint behaviors End.DX2, End.DX2V, End.DX2U, End.DX2M.¶
[RFC9252] defines the encoding of the SRv6 SID information. The SRv6 Service SIDs for a BGP service prefix is carried in the SRv6 Service TLVs of the BGP Prefix SID attribute as described above [RFC8669]. BGP services such as IP VPN BGP/MPLS VPN-IPv4 [RFC4364] and BGP/MPLS VPN-IPv6 [RFC4659] where Per VRF SID allocation is used End.DT4 and End.DT6 endpoint behaviors the same SID is shared across multiple NLRIs, thus providing efficient packing. However for BGP services such as Ethernet VPN (EVPN) [RFC7432] and VPLS / H-VPLS where where per-PW SID allocation is required such as for End.DX2 endpoint behavior, each NLRI would have its own unique SID, resulting in inefficient update packing. [RFC9252] defines an efficient method for update packing for cases such as EVPN NLRI using a transposition scheme, where the SRv6 SID Structure Sub-Sub-TLV describes the sizes of the parts of the SRv6 SID and indicates the offsets such that the common part locator is encoded into the BGP Prefix SID attribute and the variable part Service label encoded into the func / arg field of the SRv6 Service SID is encoded into the NLRI.¶
This draft describes how to successfully implement end to end inter domain routing over an SRv6 forwarding plane where the L2 VPN EVPN and IP VPN overlay services SRv6 Service SIDs can be stitched end to end.¶
[RFC9252] BGP Service Overlay Section 2 last 2 paragraphs talk about the SRv6 data plane broken state and the solution. A BGP speaker receiving a route containing the BGP Prefix-SID attribute with one or more SRv6 service TLVs observes the following rules when advertising the received route to other peers:¶
[RFC9252] Rule-1: BGP Service Overlay Section 2 2nd to last paragraph - Broken state when Next hop is changed. If the BGP Next Hop is changed, the TLVs, Sub TLVs, or Sub-Sub-TLVs SHOULD be updated with the locally allocated SRv6 SID information from the SID Manager. Any received Sub-TLVs and Sub-Sub-TLVs that are unrecognized must be removed. SRv6 summary locators are advertised for all Algo's between domains for reachability inter domain routing. When the next hop changes between the inter-as PE for L2 VPN or L3 VPN service route the inter domain loopback propagated however since the next hop changes on the eBGP peering the next hop is set to the directly connected eBGP subnet and not the Loopback for the service route and has the locally generated SRv6 Service SID resulting in a broken SRv6 Data Plane.¶
[RFC9252] Rule-2: BGP Service Overlay Section 2 last paragraph - Solutoin for propagating L2 VPN and L3 VPN SRv6 Service SID end to end If the BGP Next Hop is Unchanged during the advertisement, the SRv6 Service TLVs, including any unrecognized types of of Sub-TLVs and Sub-Sub-TLVs, SHOULD be propagated further. In addition, all Reserved fields in the TLV, Sub-TLV, or Sub-Sub-TLV MUST be propagated Unchanged. When the next hop is unchanged between the inter-as PE for L2 VPN or L3 VPN service route the inter domain Loopback is now propagated and has the SRv6 Service SID propagated resulting in SRv6 Data Plane being intact and working end to end.¶
Terminolgoy used in defining the SRv6 Inter Domain Routing specification.¶
IDR: SRv6 Inter Domain Routing End to End¶
NH: BGP Next Hop¶
NHC: BGP Next Hop Changed¶
NHU: BGP Next Hop Unchanged¶
NHS: BGP Next Hop Self¶
Service SID Preserved: Service SID is does not change and is propagated¶
Service SID Locally Generated: Service SID is locally generated by SRv6 SID Manager¶
SRv6 Inter Domain Routing topology is made up of a two domains. Domain-1 AS1 is made up of PE1 and PE2 which have iBGP peering between them. Domain-2 AS2 is made up of PE3. PE2 is the inter-as ASBR eBGP peering to AS2 PE3 ASBR. ALl nodes PE1, PE2 and PE3 are running [I-D.ietf-spring-srv6-srh-compression] C-SID Next C-SID (uSID) endpoint flavor.¶
SRv6 Inter Domain Routing - eBGP Data Plane Broken:¶
SRv6 eBGP Inter-AS L2 EVPN, L3 VPN Overlay¶
SRv6 Data Plane Broken Characteristics:¶
1. When the Next hop changes the Label Changes¶
NHC = Next Hop Changed is the default behavior on eBGP peering¶
2. MPLS Service Label (L2 VPN / L3 VPN) = SRv6 Service SID¶
3. When the MPLS Label changes the SRv6 Service SID changes¶
SRv6 SID is now locally generated by SID Manager instead of being propagated¶
[RFC9252] Rule-1: BGP Service Overlay Section 2 2nd to last paragraph when the Next Hop is Changed (NHC) the SRv6 Service SID is locally generated¶
4. SRv6 Data Plane is Broken¶
SRv6 Inter Domain Routing - eBGP Data Plane Working:¶
SRv6 eBGP Inter-AS L2 EVPN, L3 VPN Overlay¶
SRv6 Data Plane Working Characteristics:¶
1. When the Next hop is Unchanged the MPLS Label is Preserved¶
NHU = Next Hop Unchanged¶
2. MPLS Service Label (L2 VPN / L3 VPN) = SRv6 Service SID¶
3. When the MPLS Label is preserved the SRv6 Service SID is preserved¶
[RFC9252] Rule-2: BGP Service Overlay Section 2 last paragraph when the next hop is Unchanged (NHU) the SRv6 Service SID is propagated¶
4. SRv6 SID is successfully propagated end to end. SRv6 Data Plane is Working¶
SRv6 Inter Domain Routing - eBGP / iBGP Data Plane Broken:¶
SRv6 eBGP Inter-AS L2 EVPN, L3 VPN Overlay¶
SRv6 Data Plane Broken Characteristics End to End:¶
1. When the Next hop changes the Label Changes¶
NHC = Next Hop Changed is the default behavior on eBGP peering¶
[RFC9252] Rule-1: BGP Service Overlay Section 2 2nd to last paragraph when the Next Hop is Changed (NHC) the SRv6 Service SID is locally generated¶
NHS = Next Hop Self configuration on iBGP peering PE-RR (Typical configuration)¶
For the iBGP peering (Remote peering) with NHS the next hop is re-written to the Loopback0 (Changed)¶
[RFC9252] Rule-1: BGP Service Overlay Section 2 2nd to last paragraph when the Next Hop is Changed (NHC) the SRv6 Service SID is locally generated¶
2. MPLS Service Label (L2 VPN / L3 VPN) = SRv6 Service SID¶
3. When the MPLS Label changes the SRv6 Service SID changes¶
SRv6 SID is now locally generated by SID Manager instead of being propagated¶
4. SRv6 Data Plane is Broken¶
SRv6 Inter Domain Routing - eBGP Data Plane Working:¶
SRv6 eBGP Inter-AS L2 EVPN, L3 VPN Overlay¶
SRv6 Data Plane Working Characteristics End to End:¶
1. When the Next hop is Unchanged the MPLS Label is Preserved¶
[RFC9252] Rule-2: BGP Service Overlay Section 2 last paragraph when the next hop is Unchanged (NHU) the SRv6 Service SID is propagated¶
NHU = Next Hop Unchanged¶
Remove NHS = Next Hop Self configuration on iBGP peering PE-RR¶
By removing NHS the NH does not change essentially "unchanged" allowing the NH to be propagated end to end¶
[RFC9252] Rule-2: BGP Service Overlay Section 2 last paragraph when the next hop is Unchanged (NHU) the SRv6 Service SID is propagated¶
2. MPLS Service Label (L2 VPN / L3 VPN) = SRv6 Service SID¶
3. When the MPLS Label is preserved by not changing the SRv6 Service SID is preserved¶
SRv6 SID is successfully propagated end to end. SRv6 Data Plane is Working¶
Traffic Engineering and Carrier Grade Features are not a requirement in the Data Center¶
Operators can use white box switches and disaggerated hardware and software with Vanilla IPv6 Only DC Fabric blindly passing the IPv6 Next SID packets. Massive bandwidth where Multi Petabits of fiber can be thrown at the DC fabric, with the focus on High Bandwidth packet pushing with Ultra simplified fabric.¶
Steering is initiated from the Data Center host attachment using IGP shortest path leaving the entire fabric 100% Vanilla IPv6.¶
Traffic Engineering and Carrier Grade Features are a requirement only in the Data Center.¶
Traffic Engineering capabilities in the Data Center, and the intermediate domains follow IGP shortest path blindly forwarding SRv6 Next SID packets.¶
Massive scale and resiliency with full carrier grade features in the Data Center.¶
Steering is initiated from the Data Center host attachment and follows IGP shortest path along the intermediate domains to the egress Data Center or domain.¶
There are not any IANA considerations.¶
No new extensions are defined in this document. As such, no new security issues are raised beyond those that already exist in BGP-4 and use of MP-BGP for IPv6.¶
The security features of BGP and corresponding security policy defined in the ISP domain are applicable.¶
For the inter-AS distribution of IPv6 prefixes according to case (a) of Section 4 of this document, no new security issues are raised beyond those that already exist in the use of eBGP for IPv6 [RFC2545].¶
SRv6 Compression [I-D.ietf-spring-srv6-srh-compression] C-SID Next C-SID (uSID) endpoint flavor Inter Domain Routing development work is all contained in GitHub link below.¶
https://github.com/segmentrouting/srv6-labs/tree/main/3-srv6-dc-case-studies¶