IDR Working Group J. Dong Internet-Draft Z. Hu Intended status: Standards Track Huawei Technologies Expires: May 7, 2020 November 4, 2019 BGP-LS Extensions for Segment Routing based Enhanced VPN draft-dong-idr-bgpls-sr-enhanced-vpn-00 Abstract Enhanced VPN (VPN+) is an enhancement to VPN services to support the needs of new applications, particularly including the applications that are associated with 5G services. These applications require better isolation and have more stringent performance requirements than that can be provided with traditional overlay VPNs. An enhanced VPN may be used for 5G transport network slicing, and will also be of use in more generic scenarios. This document specifies BGP-LS based mechanism with necessary extensions to advertise the information of Segment Routing (SR) based virtual networks. These virtual networks could be used as the underlay of enhanced VPN service. The proposed mechanism is applicable to both segment routing with MPLS data plane (SR-MPLS) and segment routing with IPv6 data plane (SRv6). Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 7, 2020. Dong & Hu Expires May 7, 2020 [Page 1] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Advertisement of Transport Network Slice Definition . . . . . 3 2.1. Sub-TLVs of TNSD TLV . . . . . . . . . . . . . . . . . . 4 3. Advertisement of Network Topology and Resource Attributes . . 6 3.1. Intra-domain Network Topology Advertisement . . . . . . . 6 3.1.1. MTR based Topology Advertisement . . . . . . . . . . 6 3.1.2. Flex-Algo based Topology Advertisement . . . . . . . 7 3.2. Intra-domain Resource Information Advertisement . . . . . 8 3.3. Inter-Domain Topology and Resource Information Advertisement . . . . . . . . . . . . . . . . . . . . . . 9 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 7.1. Normative References . . . . . . . . . . . . . . . . . . 11 7.2. Informative References . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction Driven largely by needs arising from the 5G mobile network, the concept of network slicing has gained traction [NGMN-NS-Concept][TS23501][TS28530] . Network slicing requires to partition the physical network to several pieces to provide each network slice with the required networking, computing, and storage resources and functions to meet the requirement of slice tenants. As specified in [I-D.ietf-teas-enhanced-vpn], a transport network slice is a virtual (logical) network with a particular network topology and a set of shared or dedicated network resources, which are used to provide the network slice consumer with the required connectivity, appropriate isolation and specific Service Level Agreement (SLA). Dong & Hu Expires May 7, 2020 [Page 2] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 The enhanced VPN service (VPN+) [I-D.ietf-teas-enhanced-vpn] is targeted at new applications which require better isolation from both control plane and data plane's perspective and have more stringent performance requirements than can be provided with existing overlay VPNs. To meet the requirement of enhance VPN services, a number of virtual networks need be created, each with a subset of the underlay network topology and a set of network resources allocated to meet the requirement of a specific enhanced VPN or a group of enhanced VPNs. In the context of 5G, each virtual network can be considered as a transport network slice. [I-D.dong-spring-sr-for-enhanced-vpn] describes the mechanisms to build Segment Routing (SR) based virtual networks, which could be used to as the underlay of different enhanced VPN services. [I-D.dong-lsr-sr-enhanced-vpn] specifies the IGP mechanism and extensions to build a set of SR based virtual networks with customized topology and resource attributes. When the virtual networks span multiple areas or multiple Autonomous Systems(ASes), BGP-LS is needed to advertise the virtual network information of each IGP area or AS to the network controller to build the inter-area or inter-AS SR based transport network slices. This document describes BGP-LS [RFC7752] based mechanism with necessary extensions to advertise the topology and resource information of intra-domain and inter-domain Segment Routing (SR) based transport network slices. The definition of transport network slice is advertised as a node attribute using BGP-LS. The attributes of network resources allocated to a transport network slice is advertised as a link attribute using BGP-LS. 2. Advertisement of Transport Network Slice Definition The definition of a transport network slice or virtual network consists of the combination of a set of network attributes. The topology attribute and resource attribute are two major types of attributes of a transport network slice, and they can be decoupled in the control plane advertisement and processing. Transport Network Slice Definition (TNSD) TLV is a new TLV of the optional BGP-LS Attribute which is associated with the node NLRI. The format of TNSD TLV is as follows: Dong & Hu Expires May 7, 2020 [Page 3] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Transport Network Slice Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-TLVs | ~ ... ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: o Type: TBD o Length: the length of the value field of the sub-TLV. It is variable dependent on the included Sub-TLVs. o Flags: 16-bit flags to indicate the attributes of the transport network slice. All flags are reserved and MUST be set to zero on transmission and ignored on reception. o Reserved: this field is reserved for future use, MUST be set to zero on transmission and ignored on reception. o Transport Network Slice Identifier (TNSI): A 32-bit identifier which is used to identify a transport network slice. o Sub-TLVs: optional sub-TLVs to specify the attributes of a virtual network. 2.1. Sub-TLVs of TNSD TLV The sub-TLVs of the TNSD TLV is used to advertise the identifiers of different types of attributes of the transport network slice. Two sub-TLVs of the TNSD TLV are defined in this document: Network Topology sub-TLV and Network Resource sub-TLV. The format of the Network Topology sub-TLV is as below: Dong & Hu Expires May 7, 2020 [Page 4] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |M|A| Flags | MT-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Algorithm | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: o Type: 1 o Length: the length of the value field of the sub-TLV. o Flags: 16-bit flags to indicate the attribute of the virtual network topology. Where: M flag: indicates the topology is determined by the MT-ID when set. A flag: indicates the topology is determined by the Algorithm when set. In this case, the value of the Algorithm field SHOULD be between 128 and 255. o MT-ID: 16-bit identifier which indicates the multi-topology identifier of the IGP topology. o Algorithm: 8-bit identifier which indicates the algorithm which is used within this network topology. o Reserved: this field is reserved for future use, MUST be set to zero on transmission and ignored on reception. The format of the Network Resource sub-TLV is as below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Resource Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: Dong & Hu Expires May 7, 2020 [Page 5] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 Type: 2 Length: 6 octets. Flags: 16 bit flags. All the bits are reserved, which MUST be set to 0 on transmission and ignored on receipt. Reserved: this field is reserved for future use, MUST be set to zero on transmission and ignored on reception. Resource Identifier: A 32-bit identifier which is used to identify the group of network resources allocated to a transport network slice. 3. Advertisement of Network Topology and Resource Attributes [I-D.dong-lsr-sr-enhanced-vpn] describes the candidate IGP mechanisms to distribute the topology attributes of SR based transport network slices. This section describes the BGP-LS mechanism to distribute both the intra-domain and inter-domain topology and resource attribute of SR based transport network slices. 3.1. Intra-domain Network Topology Advertisement 3.1.1. MTR based Topology Advertisement In section 3.2.1.5 of [RFC7752], the Multi-Topology Identifier (MT- ID) TLV is defined, which can contain one or more IS-IS or OSPF Multi-Topology IDs. The MT-ID TLV MAY be present in a Link Descriptor, a Prefix Descriptor, or the BGP-LS attribute of a Node NLRI. [I-D.ietf-idr-bgp-ls-segment-routing-ext] defines the BGP-LS extensions to carry the segment routing information using TLVs of BGP-LS Attribute. When MTR is used with SR-MPLS data plane, topology-specific prefix SIDs and topology-specific adjacency SIDs can be carried in the BGP-LS Attribute associated with the prefix NLRI and link NLRI respectively, the MT-ID TLV is carried in the prefix descriptor and link descriptor to identify the corresponding topology of the SIDs. [I-D.ietf-idr-bgpls-srv6-ext] defines the BGP-LS extensions to advertise SRv6 segments along with their functions and attributes. When MTR is used with SRv6 data plane, the SRv6 Locator TLV is carried in the BGP-LS Attribute associated with the prefix-NLRI, the MT-ID TLV can be carried in the prefix descriptor to identify the corresponding topology of the SRv6 Locator. The SRv6 End.X SIDs are carried in the BGP-LS Attribute associated with the link NLRI, the Dong & Hu Expires May 7, 2020 [Page 6] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 MT-ID TLV can be carried in the link descriptor to identify the corresponding topology of the SIDs. The SRv6 SID NLRI is defined to advertise other types of SRv6 SIDs, in which the SRv6 SID Descriptors can include the MT-ID TLV so as to advertise topology-specific SRv6 SIDs. [RFC7752] also defines the rules of the usage of MT-ID TLV: "In a Link or Prefix Descriptor, only a single MT-ID TLV containing the MT-ID of the topology where the link or the prefix is reachable is allowed. In case one wants to advertise multiple topologies for a given Link Descriptor or Prefix Descriptor, multiple NLRIs need to be generated where each NLRI contains an unique MT-ID. In the BGP-LS attribute of a Node NLRI, one MT-ID TLV containing the array of MT- IDs of all topologies where the node is reachable is allowed." This indicates that only one MT-ID is allowed to be carried the Link or Prefix descriptors. When a link or prefix participates in multiple topologies, multiple NLRIs needs to be generated to report all the topologies a link or prefix participates in, together with the topology-specific segment routing information. This would increase the number of BGP Updates and may introduce additional processing burden to both the sending BGP speaker and the receiving network controller. When the number of topologies in a network is not a small number, some optimization may be introduced for the reporting of multi-topology information and the associated segment routing information in BGP-LS. This will be elaborated in a future version. 3.1.2. Flex-Algo based Topology Advertisement As specified in [I-D.dong-lsr-sr-enhanced-vpn], Flex-Algo [I-D.ietf-lsr-flex-algo] can also be used to advertise the topological constraints of a virtual network. The BGP-LS extensions for SR-MPLS [I-D.ietf-idr-bgp-ls-segment-routing-ext] and SRv6 [I-D.ietf-idr-bgpls-srv6-ext]provide the mechanisms to advertise the Flex-Algo definition information and the algorithm-specific segment routing information. The Flex-Algo definition can be used to describe the topological constraints for path computation. According to the network nodes' participation of a Flex-Algo, and the rules of including or excluding specific Admin Groups (colors), a network topology can be determined by a Flex-Algo. In[I-D.ietf-idr-bgp-ls-segment-routing-ext], algorithm-specific prefix-SIDs can be advertised as Link attributes of the associated Link NLRI. In [I-D.ietf-idr-bgpls-srv6-ext], algorithm-specific SRv6 Dong & Hu Expires May 7, 2020 [Page 7] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 Locators can be advertised as Link attributes of the associated prefix NLRI, and algorithm-specific End.X SIDs can be advertised as Link attributes of the associated Link NLRI. Other types of SRv6 SIDs are advertised using SRv6 SID NLRI and can also be algorithm- specific. 3.2. Intra-domain Resource Information Advertisement [I-D.dong-lsr-sr-enhanced-vpn] specifies the mechanism to advertise the resource information associated with each transport network slice. It is based on the extensions to the advertisement of L2 bundle member links information. This section defines the corresponding BGP-LS extensions. In [I-D.ietf-idr-bgp-ls-segment-routing-ext], L2 bundle member Attribute TLV is used to advertise the attributes of a member link of a parent L3 link. Two new sub-TLVs are defined under the L2 bundle member Attribute TLV. The link attribute sub-TLV is use to carry the link characteristics of a L2 member link. The format of the sub-TLV is as below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: Type: TBD Length: 4 octets. Flags: 16-bit flags. This field is consistent with the Flag field in IS-IS Link Attribute sub-TLV in [RFC5029]. In addition to the flags defined in [RFC5029], A new Flag V is defined in this document. When the V flag is set, it indicates this link is a L2 virtual member link. The Resource Identifier (ResID) sub-TLV is used to describe to which resource group a particular member links belongs to. A global-significant Resource Identifier (ResID) is introduced to identify a resource group which is the collection of all the network resources allocated to a transport network slice. Dong & Hu Expires May 7, 2020 [Page 8] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 The format of Resource Identifier sub-TLV is as below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Resource Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Where: o Type: TBD o Length: 12 octets. o Flags: 16 bit flags. All the bits are reserved, which MUST be set to 0 on transmission and ignored on receipt. o Reserved: this field is reserved for future use. MUST be set to 0 on transmission and ignored on receipt. o Bundle Member Link Local Identifier: A 32-bit local identifier of a member link. The link can be physical or virtual. o Resource Identifier: A 32-bit global-significant identifier to identify the resource group this member link belongs to. 3.3. Inter-Domain Topology and Resource Information Advertisement [I-D.ietf-idr-bgpls-segment-routing-epe] defines the BGP-LS extensions for advertisement of BGP Peering Segments and the peering topology information between ASes. Such information could be used by a network controller for the computation and instantiation of inter- AS traffic engineering SR paths. In some scenarios, transport network slices which spans multiple ASes need to be created. The inter-domain network slices may have different inter-domain connectivity, and may be associated with different set of network resources in each domain and on the inter- domain links. In order to build the inter-domain transport network slices using segment routing, it is necessary to advertise the topology and resource attribute of the inter-domain links and the associated BGP Peering Segments. Dong & Hu Expires May 7, 2020 [Page 9] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 Depending on the requirement of inter-domain network slices, different levels of isolation on the inter-domain connection can be achieved: o One EBGP session between two ASes can be established over several underlying links. In this case, different underlying links can be used for different inter-domain transport network slices which requires hard isolation between each other. In another similar case, the EBGP session is established over a single link, while the resource on this link can be splited into several pieces, each of which can be considered as a virtual member link. In both cases, different BGP Peer-Adj-SIDs are allocated to each underlying physical or virtual link, and the ASBRs SHOULD advertise the transport network slice identifiers associated with each BGP Peer-Adj-SID. o For inter-domain connection between two ASes, multiple EBGP sessions can be established between different peering ASBRs. It is possible that some of these BGP sessions are used for one inter-domain transport network slice, while some other BGP sessions are used for another inter-domain transport network slice. Different BGP peer-node-SIDs are allocated to each BGP session, and ASBR SHOULD advertise the information of topology identifiers associated with different BGP Peer-node-SIDs. o Different inter-domain transport network slices can have different inter-domain connectivity at the AS level. Different BGP Peer- Set-SID can be allocated to represent the groups of BGP peers which can be used for load-balancing in each transport network slice. The detailed protocol extensions for advertising the inter-domain network slice information will be specified in a future version. 4. Security Considerations This document introduces no additional security vulnerabilities to BGP-LS. The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on BGP-LS. 5. IANA Considerations TBD Dong & Hu Expires May 7, 2020 [Page 10] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 6. Acknowledgments The authors would like to thank Shunwan Zhuang for the review and discussion of this document. 7. References 7.1. Normative References [I-D.dong-lsr-sr-enhanced-vpn] Dong, J. and S. Bryant, "IGP Extensions for Segment Routing based Enhanced VPN", draft-dong-lsr-sr-enhanced- vpn-01 (work in progress), October 2018. [I-D.dong-spring-sr-for-enhanced-vpn] Dong, J., Bryant, S., Miyasaka, T., Zhu, Y., Qin, F., and Z. Li, "Segment Routing for Enhanced VPN Service", draft- dong-spring-sr-for-enhanced-vpn-05 (work in progress), October 2019. [I-D.ietf-idr-bgp-ls-segment-routing-ext] Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., and M. Chen, "BGP Link-State extensions for Segment Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-16 (work in progress), June 2019. [I-D.ietf-idr-bgpls-segment-routing-epe] Previdi, S., Talaulikar, K., Filsfils, C., Patel, K., Ray, S., and J. Dong, "BGP-LS extensions for Segment Routing BGP Egress Peer Engineering", draft-ietf-idr-bgpls- segment-routing-epe-19 (work in progress), May 2019. [I-D.ietf-teas-enhanced-vpn] Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A Framework for Enhanced Virtual Private Networks (VPN+) Service", draft-ietf-teas-enhanced-vpn-03 (work in progress), September 2019. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5029] Vasseur, JP. and S. Previdi, "Definition of an IS-IS Link Attribute Sub-TLV", RFC 5029, DOI 10.17487/RFC5029, September 2007, . Dong & Hu Expires May 7, 2020 [Page 11] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and S. Ray, "North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP", RFC 7752, DOI 10.17487/RFC7752, March 2016, . 7.2. Informative References [I-D.ietf-idr-bgpls-srv6-ext] Dawra, G., Filsfils, C., Talaulikar, K., Chen, M., daniel.bernier@bell.ca, d., and B. Decraene, "BGP Link State Extensions for SRv6", draft-ietf-idr-bgpls- srv6-ext-01 (work in progress), July 2019. [I-D.ietf-lsr-flex-algo] Psenak, P., Hegde, S., Filsfils, C., Talaulikar, K., and A. Gulko, "IGP Flexible Algorithm", draft-ietf-lsr-flex- algo-04 (work in progress), September 2019. [I-D.ietf-lsr-isis-srv6-extensions] Psenak, P., Filsfils, C., Bashandy, A., Decraene, B., and Z. Hu, "IS-IS Extension to Support Segment Routing over IPv6 Dataplane", draft-ietf-lsr-isis-srv6-extensions-03 (work in progress), October 2019. [NGMN-NS-Concept] "NGMN NS Concept", 2016, . [TS23501] "3GPP TS23.501", 2016, . [TS28530] "3GPP TS28.530", 2016, . Authors' Addresses Jie Dong Huawei Technologies Email: jie.dong@huawei.com Dong & Hu Expires May 7, 2020 [Page 12] Internet-Draft BGP-LS Extensions for SR VPN+ November 2019 Zhibo Hu Huawei Technologies Email: huzhibo@huawei.com Dong & Hu Expires May 7, 2020 [Page 13]