💾 Archived View for gemini.bortzmeyer.org › rfc-mirror › rfc9545.txt captured on 2024-05-10 at 10:54:58.
⬅️ Previous capture (2024-03-21)
-=-=-=-=-=-=-
Internet Engineering Task Force (IETF) W. Cheng, Ed. Request for Comments: 9545 H. Li Category: Standards Track China Mobile ISSN: 2070-1721 C. Li, Ed. Huawei Technologies R. Gandhi Cisco Systems, Inc. R. Zigler Broadcom February 2024 Path Segment Identifier in MPLS-Based Segment Routing Networks Abstract A Segment Routing (SR) path is identified by an SR segment list. A subset of segments from the segment list cannot be leveraged to distinguish one SR path from another as they may be partially congruent. SR path identification is a prerequisite for various use cases such as performance measurement and end-to-end 1+1 path protection. In an SR over MPLS (SR-MPLS) data plane, an egress node cannot determine on which SR path a packet traversed the network from the label stack because the segment identifiers are removed from the label stack as the packet transits the network. This document defines a Path Segment Identifier (PSID) to identify an SR path on the egress node of the path. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9545. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 1.1. Requirements Language 1.2. Abbreviations and Terms 2. Path Segment 2.1. Equal-Cost Multipath (ECMP) Considerations 3. Use Cases 3.1. PSID for Performance Measurement 3.2. PSID for Bidirectional SR Paths 3.3. PSID for End-to-End Path Protection 3.4. Nesting of PSIDs 4. Security Considerations 5. IANA Considerations 6. References 6.1. Normative References 6.2. Informative References Acknowledgements Contributors Authors' Addresses 1. Introduction Segment Routing (SR) [RFC8402] leverages the source-routing paradigm to steer packets from a source node through a controlled set of instructions, called "segments", by prepending the packet with an SR header. In SR with the MPLS data plane [RFC8660], the SR header is instantiated through a label stack. In an SR-MPLS network, when a packet is transmitted along an SR path, the labels in the MPLS label stack will be swapped or popped. The result of this is that no label or only the last label may be left in the MPLS label stack when the packet reaches the egress node. Thus, the egress node cannot use the SR label stack to determine along which SR path the packet came. However, identifying a path on the egress node is a prerequisite for various use cases in SR-MPLS networks, such as performance measurement (Section 3.1), bidirectional paths (Section 3.2), and end-to-end 1+1 path protection (a Live-Live case) (Section 3.3). Therefore, this document defines a new segment type, referred to herein as a "Path Segment". A Path Segment is defined to uniquely identify an SR path on the egress node of the path. It MAY be used by the egress node for path identification. Note that per-path state will be maintained in the egress node due to the requirements in the aforementioned use cases, though in normal cases, the per-path state will be maintained in the ingress node only. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Abbreviations and Terms MPLS: Multiprotocol Label Switching PSID: Path Segment Identifier SID: Segment Identifier SR: Segment Routing SR-MPLS: SR over MPLS SR path: A path described by a segment list. Sub-Path: A part of a path, which contains a subset of the nodes and links of the path. 2. Path Segment A Path Segment is a local segment [RFC8402] that uniquely identifies an SR path on the egress node. A Path Segment Identifier (PSID) is a single label that is assigned from the Segment Routing Local Block (SRLB) [RFC8402] of the egress node of an SR path. A PSID is used to identify a segment list. However, one PSID can be used to identify multiple segment lists in some use cases if needed. For example, one single PSID MAY be used to identify some or all segment lists in a candidate path or an SR policy if an operator would like to aggregate these segment lists in operation. When a PSID is used, the PSID can be inserted at the ingress node and MUST immediately follow the last label of the SR path; in other words, it must be inserted after the routing segment (adjacency, node, or prefix segment) that is pointing to the egress node of the SR path. Therefore, a PSID will not be the top label in the label stack when received on an intermediate node of the associated path, but it can be the top label in the label stack on the penultimate node. The value of the TTL field in the MPLS label stack entry containing a PSID can be set to any value except 0. If a PSID is the bottom label, the S bit MUST be set, and if the PSID is NOT the bottom label, the S bit MUST be 0. The egress node MUST pop the PSID. The egress node MAY use the PSID for further processing. For example, when performance measurement is enabled on the SR path, it can trigger packet counting or timestamping. The addition of the PSID will require the egress to read and process the PSID label in addition to the regular processing. This additional processing may have an impact on forwarding performance. Behavior relating to the use of explicit null directly preceding the PSID is undefined in this document. A Generic Associated Channel Label (GAL) MAY be used for Operations, Administration, and Maintenance (OAM) in MPLS networks. As per [RFC5586], when a GAL is used, the Associated Channel Header (ACH) appears immediately after the bottom of the label stack. The SR path computation needs to know the Maximum SID Depth (MSD) that can be imposed at the ingress node of a given SR path [RFC8664]. This ensures that the SID stack depth of a computed path does not exceed the number of SIDs the node is capable of imposing. As per [RFC8491], the MSD signals the total number of MPLS labels that can be imposed, where the total number of MPLS labels includes the PSID. An example label stack with a PSID is shown in Figure 1: +--------------------+ | ... | +--------------------+ | Label 1 | +--------------------+ | Label 2 | +--------------------+ | ... | +--------------------+ | Label n | +--------------------+ | PSID | +--------------------+ ~ Payload ~ +--------------------+ Figure 1: Label Stack with a PSID Where: * The Labels 1 to n are the segment label stack used to direct how to steer the packets along the SR path. * The PSID identifies the SR path in the context of the egress node of the SR path. The signaling of the PSID between the egress node, the ingress node, and possibly a centralized controller is out of the scope of this document. 2.1. Equal-Cost Multipath (ECMP) Considerations If an Entropy Label (EL) is also used on the egress node, as per [RFC6790], the EL and Entropy Label Indicator (ELI) would be placed before the tunnel label; hence, they do not interfere with the PSID, which is placed below. It is worthy to note that in the case of ECMP, with or without the use of an EL, the SR packets may be forwarded over multiple paths. In this case, the SID list cannot directly reflect the actual forwarding path and the PSID can only identify the SID list rather than the actual forwarding path. Also, similar to a Synonymous Flow Label (SFL) [RFC8957], the introduction of a PSID to an existing flow may cause that flow to take a different path through the network under the conditions of ECMP. In turn, this may invalidate certain uses of the PSID, such as performance measurement applications. Therefore, the considerations of SFLs as per Section 5 of [RFC8957] also apply to PSIDs in implementation. 3. Use Cases This section describes use cases that can leverage the PSID. The content is for informative purposes, and the detailed solutions might be defined in other documents in the future. 3.1. PSID for Performance Measurement As defined in [RFC7799], performance measurement can be classified into Passive, Active, and Hybrid measurements. Since a PSID is encoded in the SR-MPLS label stack, as shown in Figure 1, existing implementations on the egress node can leverage a PSID for measuring packet counts. For Passive performance measurement, path identification at the measuring points is the prerequisite. A PSID can be used by the measuring points (e.g., the ingress and egress nodes of the SR path or a centralized controller) to correlate the packet counts and timestamps from the ingress and egress nodes for a specific SR path; then, packet loss and delay can be calculated for the end-to-end path, respectively. Furthermore, a PSID can also be used for: * Active performance measurement for an SR path in SR-MPLS networks for collecting packet counters and timestamps from the egress node using probe messages. * In situ OAM [RFC9197] for SR-MPLS to identify the SR path associated with the in situ data fields in the data packets on the egress node. * In-band performance measurement for SR-MPLS to identify the SR path associated with the collected performance metrics. 3.2. PSID for Bidirectional SR Paths In some scenarios (e.g., mobile backhaul transport networks), there are requirements to support bidirectional paths [RFC6965], and the path is normally treated as a single entity. Forward and reverse directions of the path have the same fate; for example, failure in one direction will result in switching traffic at both directions. MPLS supports this by introducing the concepts of a co-routed bidirectional Label Switched Path (LSP) and an associated bidirectional LSP [RFC5654]. In the current SR architecture, an SR path is a unidirectional path [RFC8402]. In order to support bidirectional SR paths, a straightforward way is to bind two unidirectional SR paths to a single bidirectional SR path. PSIDs can be used to identify and correlate the traffic for the two unidirectional SR paths at both ends of the bidirectional path. The mechanism of constructing bidirectional paths using a PSID is out of the scope of this document and has been described in several documents, such as [BIDIR-PATH] and [SR-EXTENSIONS]. 3.3. PSID for End-to-End Path Protection For end-to-end 1+1 path protection (i.e., a Live-Live case), the egress node of the path needs to know the set of paths that constitute the primary and the secondaries in order to select the primary path packets for onward transmission and to discard the packets from the secondaries [RFC4426]. To do this in SR, each SR path needs a path identifier that is unique at the egress node. For SR-MPLS, this can be the Path Segment label allocated by the egress node. The detailed solution of using a PSID in end-to-end 1+1 path protection is out of the scope of this document. 3.4. Nesting of PSIDs A Binding SID (BSID) [RFC8402] can be used for SID list compression. With a BSID, an end-to-end SR path in a trusted domain can be split into several sub-paths, where each sub-path is identified by a BSID. Then, an end-to-end SR path can be identified by a list of BSIDs; therefore, it can provide better scalability. A BSID and a PSID can be combined to achieve both sub-path and end- to-end path monitoring. A reference model for such a combination (Figure 2) shows an end-to-end path (A->D) in a trusted domain that spans three subdomains (the Access, Aggregation, and Core domains) and consists of three sub-paths, one in each subdomain (sub-path (A->B), sub-path (B->C), and sub-path (C->D)). The SID list of a sub-path can be expressed as <SID1, SID2, ..., SIDn, s-PSID>, where the s-PSID is the PSID of the sub-path. Each sub-path is associated with a BSID and an s-PSID. The SID list of the end-to-end path can be expressed as <BSID1, BSID2, ..., BSIDn, e-PSID>, where the e-PSID is the PSID of the end- to-end path. Figure 2 shows the details of the label stacks when a PSID and a BSID are used to support both sub-path and end-to-end path monitoring in a multi-domain scenario. /--------\ /--------\ /--------\ / \ / \ / \ A{ Access }B{ Aggregation }C{ Core }D \ / \ / \ / \--------/ \--------/ \--------/ sub-path(A->B) sub-path(B->C) sub-path(C->D) |<--------------->|<-------------->|<-------------->| E2E Path(A->D) |<------------------------------------------------->| +-------------+ ~A->B sub-path~ +-------------+ +-------------+ |s-PSID(A->B) | ~B->C sub-path~ +-------------+ +-------------+ +-------------+ | BSID(B->C) | |s-PSID(B->C) | ~C->D sub-path~ +-------------+ +-------------+ +-------------+ | BSID(C->D) | | BSID(C->D) | |s-PSID(C->D) | +-------------+ +-------------+ +-------------+ +------------+ |e-PSID(A->D) | |e-PSID(A->D) | |e-PSID(A->D) | |e-PSID(A->D)| +-------------+ +-------------+ +-------------+ +------------+ Figure 2: Nesting of PSIDs 4. Security Considerations A PSID in SR-MPLS is a local label similar to other labels and segments, such as a VPN label, defined in MPLS and SR-MPLS. The data plane processing of a PSID is a local implementation of an ingress node or an egress node, which follows the same logic of an existing MPLS data plane. As per the definition of a PSID, only the egress node and the ingress node of the associated path will learn the information of a PSID. The intermediate nodes of this path will not learn it. A PSID may be used on an ingress node that is not the ingress of the associated path if the associated label stack with the PSID is part of a deeper label stack that represents a longer path. For example, the case described in Section 3.4 and the related BSID are not used while the original label stack of a sub-path is inserted as a part of the whole label stack. In this case, the PSID must be distributed in a trusted domain under the considerations defined in Section 8.1 of [RFC8402]. A PSID is used within an SR-MPLS trusted domain [RFC8402] and must not leak outside the domain; therefore, no new security threats are introduced compared to current SR-MPLS. As per [RFC8402], SR domain boundary routers MUST filter any external traffic destined to a label associated with a segment within the trusted domain; this applies to a PSID as well. Other security considerations of SR-MPLS described in Section 8.1 of [RFC8402] apply to this document. The distribution of a PSID from an egress node to an ingress node is performed within an SR-trusted domain, and it is out of the scope of this document. The details of the mechanism and related security considerations will be described in other documents. 5. IANA Considerations This document has no IANA actions. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, <https://www.rfc-editor.org/info/rfc8402>. [RFC8660] Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing with the MPLS Data Plane", RFC 8660, DOI 10.17487/RFC8660, December 2019, <https://www.rfc-editor.org/info/rfc8660>. 6.2. Informative References [BIDIR-PATH] Li, C., Chen, M., Cheng, W., Gandhi, R., and Q. Xiong, "Path Computation Element Communication Protocol (PCEP) Extensions for Associated Bidirectional Segment Routing (SR) Paths", Work in Progress, Internet-Draft, draft-ietf- pce-sr-bidir-path-13, 13 February 2024, <https://datatracker.ietf.org/doc/html/draft-ietf-pce-sr- bidir-path-13>. [RFC4426] Lang, J., Ed., Rajagopalan, B., Ed., and D. Papadimitriou, Ed., "Generalized Multi-Protocol Label Switching (GMPLS) Recovery Functional Specification", RFC 4426, DOI 10.17487/RFC4426, March 2006, <https://www.rfc-editor.org/info/rfc4426>. [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., "MPLS Generic Associated Channel", RFC 5586, DOI 10.17487/RFC5586, June 2009, <https://www.rfc-editor.org/info/rfc5586>. [RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., Sprecher, N., and S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, DOI 10.17487/RFC5654, September 2009, <https://www.rfc-editor.org/info/rfc5654>. [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L. Yong, "The Use of Entropy Labels in MPLS Forwarding", RFC 6790, DOI 10.17487/RFC6790, November 2012, <https://www.rfc-editor.org/info/rfc6790>. [RFC6965] Fang, L., Ed., Bitar, N., Zhang, R., Daikoku, M., and P. Pan, "MPLS Transport Profile (MPLS-TP) Applicability: Use Cases and Design", RFC 6965, DOI 10.17487/RFC6965, August 2013, <https://www.rfc-editor.org/info/rfc6965>. [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, May 2016, <https://www.rfc-editor.org/info/rfc7799>. [RFC8491] Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg, "Signaling Maximum SID Depth (MSD) Using IS-IS", RFC 8491, DOI 10.17487/RFC8491, November 2018, <https://www.rfc-editor.org/info/rfc8491>. [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., and J. Hardwick, "Path Computation Element Communication Protocol (PCEP) Extensions for Segment Routing", RFC 8664, DOI 10.17487/RFC8664, December 2019, <https://www.rfc-editor.org/info/rfc8664>. [RFC8957] Bryant, S., Chen, M., Swallow, G., Sivabalan, S., and G. Mirsky, "Synonymous Flow Label Framework", RFC 8957, DOI 10.17487/RFC8957, January 2021, <https://www.rfc-editor.org/info/rfc8957>. [RFC9197] Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi, Ed., "Data Fields for In Situ Operations, Administration, and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197, May 2022, <https://www.rfc-editor.org/info/rfc9197>. [SR-EXTENSIONS] Li, C., Li, Z., Yin, Y., Cheng, W., and K. Talaulikar, "SR Policy Extensions for Path Segment and Bidirectional Path", Work in Progress, Internet-Draft, draft-ietf-idr- sr-policy-path-segment-09, 19 February 2024, <https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr- policy-path-segment-09>. Acknowledgements The authors would like to thank Adrian Farrel, Stewart Bryant, Shuangping Zhan, Alexander Vainshtein, Andrew G. Malis, Ketan Talaulikar, Shraddha Hegde, Xinyue Zhang, Loa Andersson, and Bruno Decraene for their review, suggestions, comments, and contributions to this document. The authors would like to acknowledge the contribution from Alexander Vainshtein on "Nesting of PSIDs" (Section 3.4). Contributors The following people have substantially contributed to this document. Mach(Guoyi) Chen Huawei Technologies Co., Ltd. Email: mach.chen@huawei.com Lei Wang China Mobile Email: wangleiyj@chinamobile.com Aihua Liu ZTE Corp. Email: liu.aihua@zte.com.cn Greg Mirsky ZTE Corp. Email: gregimirsky@gmail.com Gyan S. Mishra Verizon Inc. Email: gyan.s.mishra@verizon.com Authors' Addresses Weiqiang Cheng (editor) China Mobile Email: chengweiqiang@chinamobile.com Han Li China Mobile Email: lihan@chinamobile.com Cheng Li (editor) Huawei Technologies China Email: c.l@huawei.com Rakesh Gandhi Cisco Systems, Inc. Canada Email: rgandhi@cisco.com Royi Zigler Broadcom Email: royi.zigler@broadcom.com