Gateway Auto-Discovery and Route Advertisement for Site Interconnection Using Segment RoutingOld Dog Consultingadrian@olddog.co.ukJuniper Networksjdrake@juniper.netJuniper Networkserosen52@gmail.comArrcus, Inc.keyur@arrcus.comVerizonluay.jalil@verizon.com
Routing
BESSSRGWBGPData centers are attached to the Internet or a backbone network by
gateway routers. One data center typically has more than one gateway
for commercial, load-balancing, and resiliency reasons. Other sites,
such as access networks, also need to be connected across backbone
networks through gateways.This document defines a mechanism using the BGP Tunnel Encapsulation
attribute to allow data center gateway routers to advertise routes to
the prefixes reachable in the site, including advertising them on behalf
of other gateways at the same site. This allows segment routing to be
used to identify multiple paths across the Internet or backbone network
between different gateways. The paths can be selected for
load-balancing, resilience, and quality purposes.Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
. Introduction
. Requirements Language
. Site Gateway Auto-Discovery
. Relationship to BGP - Link State and Egress Peer Engineering
. Advertising a Site Route Externally
. Encapsulation
. IANA Considerations
. Security Considerations
. Manageability Considerations
. Relationship to Route Target Constraint
. References
. Normative References
. Informative References
Acknowledgements
Authors' Addresses
IntroductionData centers (DCs) are critical components of the infrastructure used
by network operators to provide services to their customers. DCs
(sites) are interconnected by a backbone network, which consists of any
number of private networks and/or the Internet. DCs are attached to the
backbone network by routers that are gateways (GWs). One DC typically has more
than one GW for various reasons including commercial preferences, load
balancing, or resiliency against connection or device failure.Segment Routing (SR) () is a
protocol mechanism that can be used within a DC as well as for steering
traffic that flows between two DC sites. In order for a source site
(also known as an ingress site) that uses SR to load-balance the flows
it sends to a destination site (also known as an egress site), it needs
to know the complete set of entry nodes (i.e., GWs) for that egress DC
from the backbone network connecting the two DCs. Note that it is
assumed that the connected set of DC sites and the border nodes in the
backbone network on the paths that connect the DC sites are part of the
same SR BGP - Link State (LS) instance (see and ) so
that traffic engineering using SR may be used for these flows.Other sites, such as access networks, also need to be connected
across backbone networks through gateways. For illustrative purposes,
consider the ingress and egress sites shown in as separate Autonomous Systems (ASes) (noting that
the sites could be implemented as part of the ASes to which they are
attached, or as separate ASes).
The various ASes that provide connectivity between the ingress and
egress sites could each be constructed differently and use different
technologies such as IP; MPLS using global table routing information
from BGP; MPLS IP VPN; SR-MPLS IP VPN; or SRv6 IP VPN.
That is, the ingress and egress sites can be connected by tunnels across
a variety of technologies. This document describes how SR Segment
Identifiers (SIDs) are used to identify the paths between the ingress
and egress sites.The solution described in this document is agnostic as to whether the
transit ASes do or do not have SR capabilities. The solution uses SR to
stitch together path segments between GWs and through the Autonomous
System Border Routers (ASBRs). Thus, there is a requirement that the
GWs and ASBRs are SR capable. The solution supports the SR path being
extended into the ingress and egress sites if they are SR capable.The solution defined in this document can be seen in the broader
context of site interconnection in .
That document shows how other existing protocol elements may be combined
with the solution defined in this document to provide a full system, but
it is not a necessary reference for understanding this document.Suppose that there are two gateways, GW1 and GW2 as shown in , for a given egress site and
that they each advertise a route to prefix X, which is located within the
egress site with each setting itself as next hop. One might think that
the GWs for X could be inferred from the routes' next-hop fields, but
typically it is not the case that both routes get distributed across the
backbone: rather only the best route, as selected by BGP, is
distributed. This precludes load-balancing flows across both GWs.The obvious solution to this problem is to use the BGP feature that
allows the advertisement of multiple paths in BGP (known as Add-Paths)
() to ensure that all routes to X
get advertised by BGP. However, even if this is done, the identity of
the GWs will be lost as soon as the routes get distributed through an
ASBR that will set itself to be the
next hop. And if there are multiple ASes in the
backbone, not only will the next hop change several times, but the
Add-Paths technique will experience scaling issues. This all means that
the Add-Paths approach is effectively limited to sites connected over a
single AS.This document defines a solution that overcomes this limitation and
works equally well with a backbone constructed from one or more ASes
using the Tunnel Encapsulation attribute () as follows:
When a GW to a given site advertises a route to a prefix X within
that site, it will include a Tunnel Encapsulation attribute that
contains the union of the Tunnel Encapsulation attributes advertised
by each of the GWs to that site, including itself.
In other words, each route advertised by a GW identifies all of the
GWs to the same site (see for a discussion of how GWs discover each other),
i.e., the Tunnel Encapsulation attribute advertised by each GW contains
multiple Tunnel TLVs, one or more from each active GW, and each Tunnel
TLV will contain a Tunnel Egress Endpoint sub-TLV that identifies the GW
for that Tunnel TLV. Therefore, even if only one of the routes is
distributed to other ASes, it will not matter how many times the next
hop changes, as the Tunnel Encapsulation attribute will remain
unchanged.To put this in the context of , GW1 and GW2 discover each other as gateways for the
egress site. Both GW1 and GW2 advertise themselves as having routes to
prefix X. Furthermore, GW1 includes a Tunnel Encapsulation attribute,
which is the union of its Tunnel Encapsulation attribute and GW2's
Tunnel Encapsulation attribute. Similarly, GW2 includes a Tunnel
Encapsulation attribute, which is the union of its Tunnel Encapsulation
attribute and GW1's Tunnel Encapsulation attribute. The gateway in the
ingress site can now see all possible paths to X in the egress site
regardless of which route is propagated to it, and it can choose one or
balance traffic flows as it sees fit.Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
Site Gateway Auto-DiscoveryTo allow a given site's GWs to auto-discover each other and to coordinate their operations,
the following procedures are implemented:
A route target () MUST be
attached to each GW's auto-discovery route (defined below), and its
value MUST be set to a value that indicates the site identifier. The
rules for constructing a route target are detailed in . It is RECOMMENDED that a Type
x00 or x02 route target be used.
Site identifiers are set through configuration. The site
identifiers MUST be the same across all GWs to the site (i.e., the
same identifier is used by all GWs to the same site) and MUST be
unique across all sites that are connected (i.e., across all GWs to
all sites that are interconnected).
Each GW MUST construct an import filtering rule to import any
route that carries a route target with the same site identifier that
the GW itself uses. This means that only these GWs will import those
routes, and that all GWs to the same site will import each other's
routes and will learn (auto-discover) the current set of active GWs
for the site.
The auto-discovery route that each GW advertises consists of the following:
IPv4 or IPv6 Network Layer Reachability Information (NLRI) () containing one of the GW's
loopback addresses (that is, with an AFI/SAFI pair that is one of the
following: IPv4/NLRI used for unicast forwarding (1/1); IPv6/NLRI used for
unicast forwarding (2/1); IPv4/NLRI with MPLS Labels (1/4); or
IPv6/NLRI with MPLS Labels (2/4)).
A Tunnel Encapsulation attribute () containing the GW's encapsulation information
encoded in one or more Tunnel TLVs.
To avoid the side effect of applying the Tunnel Encapsulation
attribute to any packet that is addressed to the GW itself, the address
advertised for auto-discovery MUST be a different
loopback address than is advertised for packets directed to the gateway
itself.As described in , each
GW will include a Tunnel Encapsulation attribute with the GW
encapsulation information for each of the site's active GWs (including
itself) in every route advertised externally to that site. As the
current set of active GWs changes (due to the addition of a new GW or
the failure/removal of an existing GW), each externally advertised route
will be re-advertised with a new Tunnel Encapsulation attribute, which
reflects the current set of active GWs.If a gateway becomes disconnected from the backbone network, or if
the site operator decides to terminate the gateway's activity, it
MUST withdraw the advertisements described above. This
means that remote gateways at other sites will stop seeing
advertisements from or about this gateway. Note that if the routing
within a site is broken (for example, such that there is a route from
one GW to another but not in the reverse direction), then it is
possible that incoming traffic will be routed to the wrong GW to reach
the destination prefix; in this degraded network situation, traffic may
be dropped.Note that if a GW is (mis)configured with a different site identifier
from the other GWs to the same site, then it will not be auto-discovered
by the other GWs (and will not auto-discover the other GWs). This would
result in a GW for another site receiving only the Tunnel Encapsulation
attribute included in the BGP best route, i.e., the Tunnel Encapsulation
attribute of the (mis)configured GW or that of the other GWs.Relationship to BGP - Link State and Egress Peer EngineeringWhen a remote GW receives a route to a prefix X, it uses the Tunnel
Egress Endpoint sub-TLVs in the containing Tunnel Encapsulation
attribute to identify the GWs through which X can be reached. It uses
this information to compute SR Traffic Engineering (SR TE) paths across
the backbone network looking at the information advertised to it in SR
BGP - Link State (BGP-LS) () and
correlated using the site identity. SR Egress Peer Engineering (EPE)
() can be used to supplement the information advertised
in BGP-LS.Advertising a Site Route ExternallyWhen a packet destined for prefix X is sent on an SR TE path to a GW
for the site containing X (that is, the packet is sent in the ingress
site on an SR TE path that describes the whole path including those
parts that are within the egress site), it needs to carry the receiving
GW's SID for X such that this SID becomes the next SID that is due to be
processed before the GW completes its processing of the packet. To
achieve this, each Tunnel TLV in the Tunnel Encapsulation attribute
contains a Prefix-SID sub-TLV () for X.As defined in , the
Prefix-SID sub-TLV is only for IPv4/IPV6 Labeled Unicast routes, so the
solution described in this document only applies to routes of those
types. If the use of the Prefix-SID sub-TLV for routes of other types
is defined in the future, further documents will be needed to describe
their use for site interconnection consistent with this document.Alternatively, if MPLS SR is in use and if the GWs for a given egress
site are configured to allow GWs at remote ingress sites to perform SR
TE through that egress site for a prefix X, then each GW to the egress
site computes an SR TE path through the egress site to X and places each
in an MPLS Label Stack sub-TLV () in the SR Tunnel TLV for that GW.Please refer to for worked examples of how the SID stack
is constructed in this case and how the advertisements would work.Encapsulation
If a site is configured to allow remote GWs to send packets to the site in
the site's native encapsulation, then each GW to the site will also include
multiple instances of a Tunnel TLV for that native encapsulation in
externally advertised routes: one for each GW. Each Tunnel TLV contains a
Tunnel Egress Endpoint sub-TLV with the address of the GW that the Tunnel TLV
identifies. A remote GW may then encapsulate a packet according to the rules
defined via the sub-TLVs included in each of the Tunnel TLVs.IANA Considerations
IANA maintains the "BGP Tunnel Encapsulation Attribute Tunnel
Types" registry in the "Border Gateway Protocol (BGP) Tunnel
Encapsulation" registry.
IANA had previously assigned the value 17 from this subregistry
for "SR Tunnel", referencing this document as an Internet-Draft.
At that time, the assignment policy for this range of the registry
was "First Come First Served" .
IANA has marked that assignment as deprecated. IANA may reclaim that
codepoint at such a time that the registry is depleted.
Security ConsiderationsFrom a protocol point of view, the mechanisms described in this
document can leverage the security mechanisms already defined for BGP.
Further discussion of security considerations for BGP may be found in
the BGP specification itself ()
and in the security analysis for BGP (). The original discussion of the use of the TCP MD5
signature option to protect BGP sessions is found in , while includes an analysis of BGP keying and authentication
issues.The mechanisms described in this document involve sharing routing or
reachability information between sites, which may mean disclosing
information that is normally contained within a site. So it needs to be
understood that normal security paradigms based on the boundaries of
sites are weakened and interception of BGP messages may result in
information being disclosed to third parties. Discussion of these
issues with respect to VPNs can be found in , while
describes many of the issues associated with the exchange of topology or
TE information between sites.Particular exposures resulting from this work include:
Gateways to a site will know about all other gateways to the same
site. This feature applies within a site, so it is not a substantial
exposure, but it does mean that if the BGP exchanges within a site can
be snooped or if a gateway can be subverted, then an attacker may learn
the full set of gateways to a site. This would facilitate more
effective attacks on that site.
The existence of multiple gateways to a site becomes more visible
across the backbone and even into remote sites. This means that an
attacker is able to prepare a more comprehensive attack than exists
when only the locally attached backbone network (e.g., the AS that
hosts the site) can see all of the gateways to a site. For example, a
Denial-of-Service attack on a single GW is mitigated by the existence
of other GWs, but if the attacker knows about all the gateways, then
the whole set can be attacked at once.
A node in a site that does not have external BGP peering (i.e., is
not really a site gateway and cannot speak BGP into the backbone
network) may be able to get itself advertised as a gateway by letting
other genuine gateways discover it (by speaking BGP to them within the
site), so it may get those genuine gateways to advertise it as a
gateway into the backbone network. This would allow the malicious
node to attract traffic without having to have secure BGP peerings
with out-of-site nodes.
An external party intercepting BGP messages anywhere between sites
may learn information about the functioning of the sites and the
locations of endpoints. While this is not necessarily a significant
security or privacy risk, it is possible that the disclosure of this
information could be used by an attacker.
If it is possible to modify a BGP message within the backbone, it
may be possible to spoof the existence of a gateway. This could cause
traffic to be attracted to a specific node and might result in traffic
not being delivered.
All of the issues in the list above could cause disruption to site
interconnection, but they are not new protocol vulnerabilities so much
as new exposures of information that SHOULD be protected
against using existing protocol mechanisms such as securing the TCP
sessions over which the BGP messages flow. Furthermore, it is a general
observation that if these attacks are possible, then it is highly likely
that far more significant attacks can be made on the routing system. It
should be noted that BGP peerings are not discovered but always arise
from explicit configuration.Given that the gateways and ASBRs are connected by tunnels that may
run across parts of the network that are not trusted, data center
operators using the approach set out in this network MUST
consider using gateway-to-gateway encryption to protect the data center
traffic. Additionally, due consideration MUST be given
to encrypting end-to-end traffic as it would be for any traffic that
uses a public or untrusted network for transport.Manageability ConsiderationsThe principal configuration item added by this solution is the
allocation of a site identifier. The same identifier
MUST be assigned to every GW to the same site, and each
site MUST have a different identifier. This requires
coordination, probably through a central management agent.It should be noted that BGP peerings are not discovered but always
arise from explicit configuration. This is no different from any other
BGP operation.The site identifiers that are configured and carried in route targets
(see ) are an important
feature to ensure that all of the gateways to a site discover each
other. Therefore, it is important that this value is not misconfigured
since that would result in the gateways not discovering each other and
not advertising each other.Relationship to Route Target Constraint
In order to limit the VPN routing information that is maintained at a given
route reflector, suggests that route reflectors use
"Cooperative Route Filtering", which was renamed "Outbound Route Filtering"
and defined in .
defines an extension to that
mechanism to include support for multiple autonomous systems and
asymmetric VPN topologies such as hub-and-spoke. The mechanism in RFC
4684 is known as Route Target Constraint (RTC).An operator would not normally configure RTC by default for any
AFI/SAFI combination and would only enable it after careful
consideration. When using the mechanisms defined in this document,
the operator should carefully consider the effects of filtering
routes. In some cases, this may be desirable, and in others, it could
limit the effectiveness of the procedures.ReferencesNormative ReferencesKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.A Border Gateway Protocol 4 (BGP-4)This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol.The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced.BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths.This document obsoletes RFC 1771. [STANDARDS-TRACK]BGP Extended Communities AttributeThis document describes the "extended community" BGP-4 attribute. This attribute provides a mechanism for labeling information carried in BGP-4. These labels can be used to control the distribution of this information, or for other applications. [STANDARDS-TRACK]Multiprotocol Extensions for BGP-4This document defines extensions to BGP-4 to enable it to carry routing information for multiple Network Layer protocols (e.g., IPv6, IPX, L3VPN, etc.). The extensions are backward compatible - a router that supports the extensions can interoperate with a router that doesn't support the extensions. [STANDARDS-TRACK]The TCP Authentication OptionThis document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK]North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGPIn a number of environments, a component external to a network is called upon to perform computations based on the network topology and current state of the connections within the network, including Traffic Engineering (TE) information. This is information typically distributed by IGP routing protocols within the network.This document describes a mechanism by which link-state and TE information can be collected from networks and shared with external components using the BGP routing protocol. This is achieved using a new BGP Network Layer Reachability Information (NLRI) encoding format. The mechanism is applicable to physical and virtual IGP links. The mechanism described is subject to policy control.Applications of this technique include Application-Layer Traffic Optimization (ALTO) servers and Path Computation Elements (PCEs).Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.The BGP Tunnel Encapsulation AttributeThis document defines a BGP path attribute known as the "Tunnel Encapsulation attribute", which can be used with BGP UPDATEs of various Subsequent Address Family Identifiers (SAFIs) to provide information needed to create tunnels and their corresponding encapsulation headers. It provides encodings for a number of tunnel types, along with procedures for choosing between alternate tunnels and routing packets into tunnels.This document obsoletes RFC 5512, which provided an earlier definition of the Tunnel Encapsulation attribute. RFC 5512 was never deployed in production. Since RFC 5566 relies on RFC 5512, it is likewise obsoleted. This document updates RFC 5640 by indicating that the Load-Balancing Block sub-TLV may be included in any Tunnel Encapsulation attribute where load balancing is desired.Informative ReferencesBGP Security Vulnerabilities AnalysisBorder Gateway Protocol 4 (BGP-4), along with a host of other infrastructure protocols designed before the Internet environment became perilous, was originally designed with little consideration for protection of the information it carries. There are no mechanisms internal to BGP that protect against attacks that modify, delete, forge, or replay data, any of which has the potential to disrupt overall network routing behavior.This document discusses some of the security issues with BGP routing data dissemination. This document does not discuss security issues with forwarding of packets. This memo provides information for the Internet community.BGP/MPLS IP Virtual Private Networks (VPNs)This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK]Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs)This document defines Multi-Protocol BGP (MP-BGP) procedures that allow BGP speakers to exchange Route Target reachability information. This information can be used to build a route distribution graph in order to limit the propagation of Virtual Private Network (VPN) Network Layer Reachability Information (NLRI) between different autonomous systems or distinct clusters of the same autonomous system. This document updates RFC 4364. [STANDARDS-TRACK]Outbound Route Filtering Capability for BGP-4This document defines a BGP-based mechanism that allows a BGP speaker to send to its BGP peer a set of Outbound Route Filters (ORFs) that the peer would use to constrain/filter its outbound routing updates to the speaker. [STANDARDS-TRACK]Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design GuideThis document analyzes TCP-based routing protocols, the Border Gateway Protocol (BGP), the Label Distribution Protocol (LDP), the Path Computation Element Communication Protocol (PCEP), and the Multicast Source Distribution Protocol (MSDP), according to guidelines set forth in Section 4.2 of "Keying and Authentication for Routing Protocols Design Guidelines", RFC 6518.Advertisement of Multiple Paths in BGPThis document defines a BGP extension that allows the advertisement of multiple paths for the same address prefix without the new paths implicitly replacing any previous ones. The essence of the extension is that each path is identified by a Path Identifier in addition to the address prefix.Problem Statement and Architecture for Information Exchange between Interconnected Traffic-Engineered NetworksIn Traffic-Engineered (TE) systems, it is sometimes desirable to establish an end-to-end TE path with a set of constraints (such as bandwidth) across one or more networks from a source to a destination. TE information is the data relating to nodes and TE links that is used in the process of selecting a TE path. TE information is usually only available within a network. We call such a zone of visibility of TE information a domain. An example of a domain may be an IGP area or an Autonomous System.In order to determine the potential to establish a TE path through a series of connected networks, it is necessary to have available a certain amount of TE information about each network. This need not be the full set of TE information available within each network but does need to express the potential of providing TE connectivity. This subset of TE information is called TE reachability information.This document sets out the problem statement for the exchange of TE information between interconnected TE networks in support of end-to-end TE path establishment and describes the best current practice architecture to meet this problem statement. For reasons that are explained in this document, this work is limited to simple TE constraints and information that determine TE reachability.Guidelines for Writing an IANA Considerations Section in RFCsMany protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.This is the third edition of this document; it obsoletes RFC 5226.Segment Routing ArchitectureSegment Routing (SR) leverages the source routing paradigm. A node steers a packet through an ordered list of instructions, called "segments". A segment can represent any instruction, topological or service based. A segment can have a semantic local to an SR node or global within an SR domain. SR provides a mechanism that allows a flow to be restricted to a specific topological path, while maintaining per-flow state only at the ingress node(s) to the SR domain.SR can be directly applied to the MPLS architecture with no change to the forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels. The segment to process is on the top of the stack. Upon completion of a segment, the related label is popped from the stack.SR can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address (DA) of the packet. The next active segment is indicated by a pointer in the new routing header.Border Gateway Protocol - Link State (BGP-LS) Extensions for Segment RoutingSegment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological subpaths, called "segments". These segments are advertised by routing protocols, e.g., by the link-state routing protocols (IS-IS, OSPFv2, and OSPFv3) within IGP topologies.This document defines extensions to the Border Gateway Protocol - Link State (BGP-LS) address family in order to carry SR information via BGP.Border Gateway Protocol - Link State (BGP-LS) Extensions for Segment Routing BGP Egress Peer EngineeringA node steers a packet through a controlled set of instructions, called segments, by prepending the packet with a list of segment identifiers (SIDs). A segment can represent any instruction, topological or service based. SR segments allow steering a flow through any topological path and service chain while maintaining per-flow state only at the ingress node of the SR domain.This document describes an extension to Border Gateway Protocol - Link State (BGP-LS) for advertisement of BGP Peering Segments along with their BGP peering node information so that efficient BGP Egress Peer Engineering (EPE) policies and strategies can be computed based on Segment Routing.Interconnection of Segment Routing Sites - Problem Statement and Solution LandscapeOld Dog ConsultingJuniper Networks Segment Routing (SR) is a forwarding paradigm for use in MPLS and
IPv6 networks. It is intended to be deployed in discrete sites that
may be data centers, access networks, or other networks that are
under the control of a single operator and that can easily be
upgraded to support this new technology.
Traffic originating in one SR site often terminates in another SR
site, but must transit a backbone network that provides
interconnection between those sites.
This document describes a mechanism for providing connectivity
between SR sites to enable end-to-end or site-to-site traffic
engineering.
The approach described allows connectivity between SR sites, utilizes
traffic engineering mechanisms (such as RSVP-TE or Segment Routing)
across the backbone network, makes heavy use of pre-existing
technologies, and requires the specification of very few additional
mechanisms.
This document provides some background and a problem statement,
explains the solution mechanism, gives references to other documents
that define protocol mechanisms, and provides examples. It does not
define any new protocol mechanisms.
Work in ProgressAcknowledgementsThanks to , , ,
, ,
and for review comments, and to
for useful discussions. provided a helpful GenArt review, and and made
helpful comments during IESG review.Authors' AddressesOld Dog Consultingadrian@olddog.co.ukJuniper Networksjdrake@juniper.netJuniper Networkserosen52@gmail.comArrcus, Inc.keyur@arrcus.comVerizonluay.jalil@verizon.com