Unified Source Routing Instruction using MPLS Label Stack
draft-xu-mpls-unified-source-routing-instruction-00

Abstract

MPLS-SPRING is an MPLS-based source routing paradigm in which a sender of a packet is allowed to partially or completely specify the route the packet takes through the network by imposing stacked MPLS labels to the packet. This MPLS -based source routing paradigm could actually be leveraged to realize a unified source routing instruction for both IPv4 and IPv6 underlays.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on September 13, 2017.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

• 1. Introduction
• 1.1. Requirements Language
• 2. Terminology
• 3. Use Cases
• 4. Packet Forwarding Procedures
• 5. Acknowledgements
• 6. IANA Considerations
• 7. Security Considerations
• 8. References
• 8.1. Normative References
• 8.2. Informative References
• Authors' Addresses

1. Introduction

MPLS-SPRING [I-D.ietf-spring-segment-routing-mpls] is a MPLS-based source routing paradigm in which a sender of a packet is allowed to partially or completely specify the route the packet takes through the network by imposing stacked MPLS labels to the packet. This MPLS-based source routing paradigm could actually be leveraged to realize a unified source routing instruction for both IPv4 and IPv6 underlays. In other words, the source routing instruction information contained in IPv4 and IPv6 source routed packets could be uniformly encoded as an MPLS label stack. As a result, there is no need any more to develop and implement transport-dependent source routing mechanisms for IPv4 and IPv6 respectively.

The traditional IPv4 and IPv6 source routing mechanisms by use of IPv4 Source Routing Options and IPv6 Route Header Type 0 Extension respectively have been deprecated due to their obvious security vulnerabilities. IPv6 SPRING [I-D.ietf-6man-segment-routing-header] is a newly proposed IPv6 source routing mechanism in which the source route instruction information is encoded as an ordered list of 128-bit long IPv6 addresses and contained in the Source Routing Header (SRH). Although it has overcome the security vulnerability issues associated with the traditional IPv6 source routing mechanism as claimed in [I-D.ietf-6man-segment-routing-header], it still has the following obvious drawbacks at least: 1) the encapsulation overhead is significant especially when the list of the explicit routing hops is very long; 2) for those transit IPv6 routers that don't support the flow label based load-balancing mechanism yet, the ECMP load-balancing effect may be impacted seriously since they could not recognize the SRH and therefore could not obtain the five tuple of the source routed IPv6 packet; 3) it requires a new forwarding logic on basis of the SRH and the forwarding performance associated with the IPv6 SRH may still be a big concern for some hardware platforms.

Section 3 describes various use cases for the unified source routing and Section 4 describes a typical application scenario and how the packet forwarding happens.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

2. Terminology

This memo makes use of the terms defined in [RFC3031] and [I-D.ietf-spring-segment-routing-mpls].

3. Use Cases

The unified source routing mechanism across MPLS, IPv4 and IPv6 is useful at least in the following use cases:

• Incremental deployment of the MPLS-SPRING technology. Since there is no need to run any other label distribution protocol (e.g., LDP, see [I-D.filsfils-spring-segment-routing-ldp-interop] for more details.) on those non-MPLS-SPRING routers, the network provisioning is greatly simplified, which is one of the major claimed benefits of the MPLS-SPRING technology (i.e., running a single protocol).
• MPLS-based Service Function Chaining (SFC) [I-D.xu-mpls-service-chaining]. Based on the unified source routing mechanism as described in this document, only SFC-related nodes including Service Function Forwarders (SFF), Service Functions (SF) and classifiers are required to recognize the SFC encapsulation header in the MPLS label stack form, while the intermediate routers just need to support vanilla IP forwarding (either IPv4 or IPv6). In other words, it undoubtedly complies with the transport-independence requirement as listed in the SFC architecture document [RFC7665].
• Traffic Engineering scenarios where only a few routers (e.g., the entry and exit nodes of each plane in the dual-plane network ) are specified as segments of explicit paths. In this way, only a few routers are required to support the MPLS-SPRING capability while all the other routers just need to support IP forwarding capability, which would significantly reduce the deployment cost of this new technology.
• A light-weight alternative to IPv6 SPRING technology [I-D.ietf-6man-segment-routing-header]. The Source Routing Header (SRH) [I-D.ietf-6man-segment-routing-header] consisting of an ordered list of 128-bit long IPv6 addresses is now replaced by an ordered list of 20-bit long labels (i.e., label stack). As a result, the encapsulation overhead and forwarding performance issues associated with the IPv6 SPRING are eliminated.
• A new IPv4 source routing mechanism which has overcome the security vulnerability issues associated with the traditional IPv4 source routing mechanism.

4. Packet Forwarding Procedures

 +-----+       +-----+       +-----+        +-----+        +-----+
 |  A  +-------+  B  +-------+  C  +--------+  D  +--------+  H  |
 +-----+       +--+--+       +--+--+        +--+--+        +-----+
                  |             |              |
                  |             |              |
               +--+--+       +--+--+        +--+--+
               |  E  +-------+  F  +--------+  G  |
               +-----+       +-----+        +-----+

      +--------+
      |IP(A->E)|
      +--------+                 +--------+
      |  L(G)  |                 |IP(E->G)|
      +--------+                 +--------+        +--------+
      |  L(H)  |                 |  L(H)  |        |IP(G->H)|
      +--------+                 +--------+        +--------+
      | Packet |     --->        | Packet |  --->  | Packet |
      +--------+                 +--------+        +--------+
                         Figure 1

[RFC7510] or MPLS-over-GRE [RFC4023]) towards router E and then send it out. In other words, router A would pop the top label and then encapsulate the MPLS packet with an IP-based tunnel towards router E. When the IP-encapsulated MPLS packet arrives at router E, router E would strip the IP-based tunnel header and then process the decapsulated MPLS packet accordingly. Since there is no LSP towards router G which is indicated by the current top label of the decapsulated MPLS packet, router E would replace the current top label with an IP-based tunnel towards router G and send it out. When the packet arrives at router G, router G would strip the IP-based tunnel header and then process the decapsulated MPLS packet. Since there is no LSP towards router H, router G would replace the current top label with an IP-based tunnel towards router H. Now the packet encapsulated with the IP-based tunnel towards router H is exactly the original packet that router A had intended to send towards router H. If the packet is an MPLS packet, router G could use any IP-based tunnel for MPLS (e.g., MPLS-over-UDP [RFC7510] or MPLS-over-GRE [RFC4023]). If the packet is an IP packet, router G could use any IP tunnel for IP (e.g., IP-in-UDP [I-D.xu-intarea-ip-in-udp] or GRE [RFC2784]). That original IP or MPLS packet would be forwarded towards router H via an IP-based tunnel. When the encapsulated packet arrives at router H, router H would decapsulate it into the original packet and then process it accordingly. Note that in the above description, it's assumed that the label associated with each prefix-SID advertised by the owner of the prefix-SID is a Penultimate Hop Popping (PHP) label (e.g., the NP-flag [I-D.ietf-ospf-segment-routing-extensions] associated with the corresponding prefix SID is not set). Figure 2 demostrates the packet walk in the case where the label associated with each prefix-SID advertised by the owner of the prefix-SID is not a Penultimate Hop Popping (PHP) label (e.g., the NP-flag [I-D.ietf-ospf-segment-routing-extensions] associated with the corresponding prefix SID is set).

 +-----+       +-----+       +-----+        +-----+        +-----+
 |  A  +-------+  B  +-------+  C  +--------+  D  +--------+  H  |
 +-----+       +--+--+       +--+--+        +--+--+        +-----+
                  |             |              |
                  |             |              |
               +--+--+       +--+--+        +--+--+
               |  E  +-------+  F  +--------+  G  |
               +-----+       +-----+        +-----+

      +--------+
      |IP(A->E)|
      +--------+                 +--------+
      |  L(E)  |                 |IP(E->G)|
      +--------+                 +--------+        +--------+
      |  L(G)  |                 |  L(G)  |        |IP(G->H)|
      +--------+                 +--------+        +--------+
      |  L(H)  |                 |  L(H)  |        |  L(H)  |
      +--------+                 +--------+        +--------+
      | Packet |     --->        | Packet |  --->  | Packet |
      +--------+                 +--------+        +--------+
                         Figure 2

Note that as for which tunnel encapsulation type should be used, it could be manually specified on each tunnel ingress routers or be learnt from the tunnel egress routers' advertisements of its tunnel encapsulation capability. How to advertise the tunnel encapsulation capability using IS-IS or OSPF are specified in [I-D.ietf-isis-encapsulation-cap] and [I-D.ietf-ospf-encapsulation-cap] respectively.

5. Acknowledgements

Thanks Joel Halpern, Bruno Decraene and Loa Andersson for their insightful comments on this draft.

6. IANA Considerations

No IANA action is required.

7. Security Considerations

TBD.

8. References

8.1. Normative References

8.2. Informative References

Authors' Addresses