SPRING Working Group C. Lin Internet Draft New H3C Technologies Intended status: Standards Track D. Lu Expires: December 12, 2023 Chen China Mobile M. Chen New H3C Technologies June 12, 2023 SRv6 Context Indicator SIDs for SR-Aware Services draft-lin-spring-srv6-aware-context-indicator-00 Abstract A context indicator provides the context on how to process the packet for service nodes. This document describes how to use SRv6 SIDs as context indicator for SR-aware services. The corresponding Endpoint behaviors are defined. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 12, 2023. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. lin, et al. Expire December 9, 2023 [Page 1] Internet-Draft SRv6 Context Indicator SIDs June 2023 Table of Contents 1. Introduction...................................................2 2. SRv6 Context Indicator SIDs....................................3 2.1. End.AN.CI.S: SR-Aware Service Static Context Indicator....3 2.2. End.AN.CI.D: SR-Aware Service Dynamic Context Indicator...4 2.2.1. End.AN.CI.D.A: SR-Aware Service Dynamic Context Indicator with Variable Context Information in Arguments....5 2.2.2. End.AN.CI.D.T: SR-Aware Service Dynamic Context Indicator with Variable Context Information in SRH Tag......5 2.2.3. End.AN.CI.D.V: SR-Aware Service Dynamic Context Indicator with Variable Context Information in SRH TLV......5 2.2.4. End.AN.CI.D.D: SR-Aware Service Dynamic Context Indicator with Variable Context Information in DOH before SRH ............................................................6 3. Security Considerations........................................6 4. IANA Considerations............................................6 5. References.....................................................6 5.1. Normative References......................................6 Authors' Addresses................................................8 1. Introduction Segment Routing (SR) [RFC8402] leverages the source routing paradigm. A node steers a packet through an SR Policy instantiated as an ordered list of instructions called "segments". Segment Routing (SR) can be applied to the IPv6 data plane using Segment Routing Header (SRH) [RFC8754], which is called SRv6. The segments may encode simple routing instructions for forwarding packets along a specific network path, but also steer them through VNFs or physical service appliances available in the network. [I- D.ietf-spring-sr-service-programming] describes how a service can be associated with a SID (Segment Identifier) and how these service SIDs are integrated within an SR policy. Services are categorized in two types, SR-aware and SR-unaware services. An SR-aware service can process the SR information in the packets it receives. [I-D.ietf-spring-sr-service-programming] defines an SRv6 Endpoint Behavior, End.AN, for SR-aware function. But service-specific functions are not defined. A context indicator provides the context on how to process the packet for service nodes. A SID can be associated with such function of context indicator in the SR-aware services. For example, an SR- lin, et al. Expires December 12, 2023 [Page 2] Internet-Draft SRv6 Context Indicator SIDs June 2023 aware firewall may use a context indicator SID to identify the specific virtual firewall instance when applying VPN-specific rules for inner packets. In some cases, a context indicator SID can be dynamically associated with a bunch of contexts, and indicate the SR-aware service nodes to identify the particular context with additional information carried in the packet. When such dynamic context indicator SID is contained in the SR Policy, the headend node will fill additional context information in the corresponding field of the packet, based on which traffic flow the packet belongs to. The End.AN SID defined in [I- D.ietf-spring-sr-service-programming] is not adequate for context indicators, especially for the dynamic ones. Because End.AN is too abstract and general for the headend node to determine its actions. This document describes how to use SRv6 SIDs as context indicator for SR-aware services. These SIDs are called SRv6 Context Indicator SIDs. The corresponding Endpoint behaviors for SRv6 Context Indicator SIDs are defined in this document. 2. SRv6 Context Indicator SIDs An SRv6 Context Indicator SID is associated with a local context on the SR-aware service node. It instructs the node to process the packet by using the specific context. This document defines new types of Endpoint behaviors for SRv6 Context Indicator SID, End.AN.CI.S and End.AN.CI.D (including End.AN.CI.D.A, End.AN.CI.D.T, End.AN.CI.D.V, and End.AN.CI.D.D), which are variants of the End.AN behavior [I-D.ietf-spring-sr- service-programming]. End.AN.CI.S is statically associated with one particular context. End.AN.CI.D (including End.AN.CI.D.A, End.AN.CI.D.T, End.AN.CI.D.V, and End.AN.CI.D.D) is dynamically associated with a bunch of local contexts, and additional variable information carried in the packet is used to identify the particular context. 2.1. End.AN.CI.S: SR-Aware Service Static Context Indicator The "Endpoint with SR-Aware Service Static Context Indicator" behavior ("End.AN.CI.S" for short) is a variant of the End.AN behavior. One of the applications of the End.AN.CI.S behavior is the SR-aware firewall use case where the associated context identifies a specific virtual firewall instance. lin, et al. Expires December 12, 2023 [Page 3] Internet-Draft SRv6 Context Indicator SIDs June 2023 When N receives a packet whose IPv6 DA is S and S is a local End.AN.CI.S SID associated with a local context C, N does the following: S01. When an SRH is processed { S02. If (Segments Left == 0) { S03. Proceed to process the next header in the packet. S04. } S05. If (IPv6 Hop Limit <= 1) { S06. Send an ICMP Time Exceeded message to the Source Address with Code 0 (Hop limit exceeded in transit), interrupt packet processing, and discard the packet. S07. } S08. max_LE = (Hdr Ext Len / 2) - 1 S09. If ((Last Entry > max_LE) or (Segments Left > Last Entry+1)) { S10. Send an ICMP Parameter Problem to the Source Address with Code 0 (Erroneous header field encountered) and Pointer set to the Segments Left field, interrupt packet processing, and discard the packet. S11. } S12. Set the packet's associated context to C and perform service S13. Decrement IPv6 Hop Limit by 1 S14. Decrement Segments Left by 1 S15. Update IPv6 DA with Segment List[Segments Left] S16. Submit the packet to the egress IPv6 FIB lookup for transmission to the new destination S17. } 2.2. End.AN.CI.D: SR-Aware Service Dynamic Context Indicator The "Endpoint with SR-Aware Service Dynamic Context Indicator" behavior ("End.AN.CI.D" for short) is a variant of the End.AN behavior. When N receives a packet whose IPv6 DA is S and S is a local End.AN.CI.D SID, the line S12 from the End.AN.CI.S processing is replaced by the following: S12. Set the packet's associated context by using variable context information carried in the packet and perform service There are four sub-types of End.AN.CI.D SID, carrying variable context information associated with the End.AN.CI.D SID in different positions: o End.AN.CI.D.A: Arguments in SID lin, et al. Expires December 12, 2023 [Page 4] Internet-Draft SRv6 Context Indicator SIDs June 2023 o End.AN.CI.D.T: SRH Tag o End.AN.CI.D.V: SRH TLV for context o End.AN.CI.D.D: New options in DoH before SRH 2.2.1. End.AN.CI.D.A: SR-Aware Service Dynamic Context Indicator with Variable Context Information in Arguments The behavior also takes an argument: "Arg.VCI". This argument provides variable context information for service. In this case, the line S12 from the End.AN.CI.D processing is as the following: S12. Set the packet's associated context by using variable context information carried in the Arg.VCI and perform service 2.2.2. End.AN.CI.D.T: SR-Aware Service Dynamic Context Indicator with Variable Context Information in SRH Tag The Tag field in SRH could be used to carry variable context information. In this case, the line S12 from the End.AN.CI.D processing is as the following: S12. Set the packet's associated context by using variable context information carried in the SRH Tag and perform service 2.2.3. End.AN.CI.D.V: SR-Aware Service Dynamic Context Indicator with Variable Context Information in SRH TLV Optional TLV in SRH could be extended for variable context information, which is used together with End.AN.CI.D. The Context Information TLV has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Context Information (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ In this case, the line S12 from the End.AN.CI.D processing is as the following: lin, et al. Expires December 12, 2023 [Page 5] Internet-Draft SRv6 Context Indicator SIDs June 2023 S12. Set the packet's associated context by using variable context information carried in the SRH Context Information TLV and perform service 2.2.4. End.AN.CI.D.D: SR-Aware Service Dynamic Context Indicator with Variable Context Information in DOH before SRH Variable context information could also be carried through DOH before SRH for the specified segment. The definition of such DOH Option is outside the scope of this document. In this case, the line S12 from the End.AN.CI.D processing is as the following: S12. Set the packet's associated context by using variable context information carried in the DOH and perform service 3. Security Considerations TBD 4. IANA Considerations This I-D requests the IANA to allocate, within the "SRv6 Endpoint Behaviors" sub-registry belonging to the top-level "Segment-routing with IPv6 dataplane (SRv6) Parameters" registry, the following allocations: Value Description Reference -------------------------------------- TBA-1 End.AN.CI.S [This.ID] TBA-2 End.AN.CI.D.A [This.ID] TBA-3 End.AN.CI.D.T [This.ID] TBA-4 End.AN.CI.D.V [This.ID] TBA-5 End.AN.CI.D.D [This.ID] 5. References 5.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . lin, et al. Expires December 12, 2023 [Page 6] Internet-Draft SRv6 Context Indicator SIDs June 2023 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, . [I-D.ietf-spring-sr-service-programming] Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C., Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and S. Salsano, "Service Programming with Segment Routing", Work in Progress, Internet-Draft, draft-ietf-spring-sr-service-programming-07, 15 February 2023, . lin, et al. Expires December 12, 2023 [Page 7] Internet-Draft SRv6 Context Indicator SIDs June 2023 Authors' Addresses Changwang Lin New H3C Technologies China Email: linchangwang.04414@h3c.com Dongjie Lu China mobile China Email: ludongjie@chinamobile.com Meiling Chen China Mobile China Email: chenmeiling@chinamobile.com Mengxiao Chen New H3C Technologies China Email: chen.mengxiao@h3c.com lin, et al. Expires December 12, 2023 [Page 8]