| Internet-Draft | BGP-LS MT for SR-based NRP | May 2024 |
| Xie, et al. | Expires 23 November 2024 | [Page] |
Enhanced VPNs aim to deliver VPN services with enhanced characteristics, such as guaranteed resources, latency, jitter, etc., so as to support customers requirements for connectivity services with these enhanced characteristics. Enhanced VPN requires integration between the overlay VPN connectivity and the characteristics provided by the underlay network. A Network Resource Partition (NRP) is a subset of the network resources and associated policies on each of a connected set of links in the underlay network. An NRP could be used as the underlay to support one or a group of enhanced VPN services.¶
When Segment Routing is used as the data plane of NRPs, each NRP can be allocated with a group of Segment Identifiers (SIDs) to identify the topology and resource attributes of network segments in the NRP. The association between the network topology, the network resource attributes and the SR SIDs may need to be distributed to a centralized network controller. In some network scenarios, each NRP can be associated with a unique logical network topology. This document describes a mechanism to distribute the information of SR based NRPs using BGP-LS with Multi-Topology (MT).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 23 November 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Enhanced VPNs aim to deliver VPN services with enhanced characteristics, such as guaranteed resources, latency, jitter, etc., so as to support customers requirements for connectivity services with these enhanced characteristics. Enhanced VPN requires integration between the overlay VPN connectivity and the characteristics provided by the underlay network. [RFC9543] discusses the general framework, components, and interfaces for requesting and operating network slices using IETF technologies. Network slice is considered as one target use case of enhanced VPNs.¶
[RFC9543] also introduces the concept of the Network Resource Partition (NRP), which is a subset of the buffer/queuing/scheduling resources and associated policies on each of a connected set of links in an underlay network. An NRP can be associated with a logical network topology to select or specify the set of links and nodes involved. [I-D.ietf-teas-enhanced-vpn] specifies the framework of NRP-based enhanced VPNs and describes the candidate component technologies in different network planes and network layers. An NRP could be used as the underlay to meet the requirement of one or a group of enhanced VPN services. To meet the requirement of enhanced VPN services, a number of NRPs can be created, each with a subset of network resources allocated on network nodes and links in a customized topology of the physical network.¶
[I-D.ietf-spring-resource-aware-segments] introduces resource awareness to Segment Routing (SR) [RFC8402]. The resource-aware SIDs have additional semantics to identify the set of network resources available for the packet processing action associated with the SIDs. As described in [I-D.ietf-spring-sr-for-enhanced-vpn], the resource- aware SIDs can be used to build SR-based NRPs with the required network topology and network resource attributes to support enhanced VPN services. With SR-based data plane, Segment Identifiers (SIDs) can be used to represent both the topological instructions and a subset of network resources on the network nodes and links which are allocated to an NRP.¶
To allow NRP-specific constraint-based path computation and/or NRP-specific shortest path computation to be performed by network controller and network nodes, The set of resource-awere SR SIDs and the associated topology and resource attributes of an NRP need to be distributed using a control plane. When a centralized network controller is used for NRP-specific constraint-based path computation, especially when an NRP spans multiple IGP areas or multiple Autonomous Systems (ASes), BGP-LS is needed to advertise the NRP information in each IGP area or AS to the network controller, so that the controller could use the collected information to build the view of inter-area or inter-AS SR NRPs.¶
In some network scenarios, the required number of NRPs could be small, and it can be assumed that each NRP is associated with an independent topology and has a set of dedicated or shared network resources. [I-D.ietf-lsr-isis-sr-vtn-mt] describes the IGP Multi-Topology (MT) [RFC5120] based mechanism to advertise the topology and the associated SR SIDs, together with the resource and TE attributes for each SR based NRP. This document describes a mechanism to distribute the information of SR based NRPs to the network controller using BGP-LS [RFC9552] with Multi-Topology.¶
[I-D.ietf-lsr-isis-sr-vtn-mt] describes the IS-IS Multi-topology based mechanisms to distribute the topology and the SR SIDs associated with SR based NRPs. This section describes the corresponding BGP-LS mechanism to distribute both the intra-domain and inter-domain topology attributes of SR based NRPs.¶
In section 4.2.2.1 of [RFC9552], Multi-Topology Identifier (MT-ID) TLV is defined, which can contain one or more IS-IS or OSPF Multi-Topology IDs. The MT-ID TLV MAY be present in a Link Descriptor, a Prefix Descriptor, or the BGP-LS Attribute of a Node NLRI.¶
[RFC9085] defines the BGP-LS extensions to carry the SR-MPLS information using TLVs of BGP-LS Attribute. When Multi-Topology is used with SR-MPLS data plane, topology-specific Prefix-SIDs and topology-specific Adj-SIDs can be carried in the BGP-LS Attribute associated with the prefix NLRI and link NLRI respectively, the MT-ID TLV is carried in the prefix descriptor or link descriptor to identify the corresponding topology of the SIDs.¶
[RFC9514] defines the BGP-LS extensions to advertise SRv6 information along with their functions and attributes. When Multi-Topology is used with SRv6 data plane, the SRv6 Locator TLV is carried in the BGP-LS Attribute associated with the prefix-NLRI, the MT-ID TLV can be carried in the prefix descriptor to identify the corresponding topology of the SRv6 Locator. The SRv6 End.X SIDs are carried in the BGP-LS Attribute associated with the link NLRI, the MT-ID TLV can be carried in the link descriptor to identify the corresponding topology of the End.X SIDs. The SRv6 SID NLRI is defined to advertise other types of SRv6 SIDs, in which the SRv6 SID descriptors can include the MT-ID TLV so as to advertise topology-specific SRv6 SIDs.¶
[RFC9552] defines the rules of the usage of MT-ID TLV:¶
"The MT-ID TLV MAY be included as a Link Descriptor, as a Prefix Descriptor, or in the BGP-LS Attribute of a Node NLRI. When included as a Link or Prefix Descriptor, only a single MT-ID TLV containing the MT-ID of the topology where the link or the prefix is reachable is allowed. In case one wants to advertise multiple topologies for a given Link or Prefix Descriptor, multiple NLRIs MUST be generated where each NLRI contains a single unique MT-ID."¶
[RFC9086] and [RFC9514] defines the BGP-LS extensions for advertisement of BGP inter-domain topology information and the BGP Egress Peering Segment Identifiers. Such information could be used by a network controller for the computation and instantiation of inter-AS SR TE paths.¶
In some network scenarios, there are needs to create NRPs which span multiple ASes. The inter-domain NRPs could have different inter-domain connectivity, and may be associated with different set of network resources in each domain and also on the inter-domain links. In order to build the multi-domain SR based NRPs, it is necessary to advertise the topology and the associated BGP Peering SIDs of each NRP for inter-domain links.¶
When MT-ID is used consistently in multiple domains covered by an NRP, the topology-specific BGP peering SIDs can be advertised with the MT-ID carried in the corresponding Link NLRI. This can be achieved with the existing mechanisms as defined in [RFC9552][RFC9086] and [RFC9514].¶
Depending on the requirement of inter-domain NRPs, different mechanisms can be used on the inter-domain connection:¶
One EBGP session between two ASes can be established over multiple underlying links. In this case, different underlying links can be used for different inter-domain NRPs which requires link isolation between each other. In another similar case, the EBGP session is established over a single link, while the network resource (e.g. bandwidth) on this link can be partitioned into several pieces, each of which can be considered as a virtual member link. An NRP can be associated with one of the underlying physical or virtual member links. In both cases, different BGP Peer-Adj-SIDs or SRv6 End.X SID need to be allocated to each underlying physical or virtual member link, the association between the BGP Peer Adj-SID/End.X SID and the MT-ID of the NRP need to be advertised by the ASBR.¶
For inter-domain connection between two ASes, multiple EBGP sessions can be established between different set of peering ASBRs. It is possible that some of these BGP sessions are used for one inter-domain NRP, while some other BGP sessions are used for another inter-domain NRP. In this case, different BGP Peer Node SIDs need to be allocated to each BGP session and are advertised using the mechanism in [RFC9086] and [RFC9514], the association between the BGP Peer Node SIDs and the MT-ID of the NRP need to be advertised by the ASBR.¶
At the AS-level topology, different inter-domain NRPs may have different inter-AS connectivity. Then different BGP Peer Set SIDs MAY be allocated to represent the groups of BGP peers which can be used for load-balancing in each inter-domain NRP. The association between the BGP Peer Node SIDs and the MT-ID of the NRP need to be advertised by the ASBR.¶
In network scenarios where consistent usage of MT-ID among multiple domains can not be achieved, a global-significant identifier MAY be introduced to identify the inter-domain topology of an NRP. Within each domain, the MT based mechanism could be reused for intra-domain topology advertisement. The detailed mechanism is out of the scope of this document.¶
[I-D.ietf-lsr-isis-sr-vtn-mt] specifies the mechanism to advertise the resource and TE attributes associated with each NRP. This section describes the corresponding BGP-LS mechanisms for reporting NRP resource and TE attributes to network controllers.¶
The information of the network resources and TE attributes associated with a link of an NRP can be specified by carrying the TE Link attribute TLVs in BGP-LS Attribute [RFC9552], with the associated MT-ID carried in the corresponding Link NLRI.¶
When the Maximum Link Bandwidth sub-TLV is carried in the BGP-LS attribute associated with the Link NLRI of an NRP, it indicates the amount of link bandwidth resource allocated to the corresponding NRP on the link. The bandwidth allocated to an NRP can be exclusive for traffic in the corresponding NRP. The advertisement of other TE attributes in BGP-LS for NRP is for further study.¶
The mechanism described in this document assumes that each NRP is associated with an independent topology, and for the inter-domain NRPs, the MT-IDs used in the involved domains are consistent, so that the MT-IDs can be reused to identify the NRPs in the control plane. Reusing MT-ID can avoid introducing new mechanism with similar functionality in the control plane, while it also has some limitations. For example, even if multiple NRPs share the same topology, each NRP still need to be identified using a unique MT-ID in the control plane, thus independent path computation needs be executed for each NRP. The number of NRPs supported in a network may be dependent on the number of topologies supported, which is related to both the number of topologies supported in the protocol and the control plane overhead which the network could afford. The mechanism described in this document is considered useful for network scenarios in which the required number of NRPs is small, as no control protocol extension is required. For network scenarios where the number of required NRPs is large, more scalable solution would be needed, which may require further protocol extensions and enhancements. A detailed analysis about the NRP scalability and the possible optimizations for supporting a large number of NRPs is described in [I-D.ietf-teas-nrp-scalability].¶
This document introduces no additional security vulnerabilities to BGP-LS.¶
The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on BGP-LS.¶
This document does not request any IANA actions.¶
The authors would like to thank Shunwan Zhuang for the review and discussion of this document.¶