SR Path Ingress Protection

The fast protection of a transit node of a Segment Routing (SR) path or tunnel is described in and . presents extensions to RSVP-TE for the fast protection of the ingress node of a traffic engineering (TE) Label Switching Path (LSP). However, these documents do not discuss any protocol extensions for the fast protection of the ingress node of an SR path or tunnel. This document fills that void and specifies protocol extensions to Border Gateway Protocol (BGP) for the fast protection of the ingress node of an SR path or tunnel. Ingress node and ingress, fast protection and protection as well as SR path and SR tunnel will be used exchangeably in the following sections.

The following terminologies are used in this document. Segment Routing SR for IPv6 Segment Routing Header Segment Identifier Customer Edge Provider Edge Loop-Free Alternate Topology Independent LFA Traffic Engineering Bidirectional Forwarding Detection Virtual Private Network Layer 3 VPN Forwarding Information Base Point of Local Repair Border Gateway Protocol Interior Gateway Protocol Open Shortest Path First Intermediate System to Intermediate System

To protect against the failure of the (primary) ingress node of a (primary) SR path, a backup ingress node is configured or selected and is different from the (primary) ingress node. A backup SR path from the backup ingress node is computed and installed. Primary ingress and ingress as well as primary SR path and SR path will be used exchangeably. shows an example of protecting ingress PE1 of a SR path, which is from ingress PE1 to egress PE3.

In normal operations, CE1 sends the traffic with destination PE3 to ingress PE1, which imports the traffic into the SR path. When CE1 detects the failure of ingress PE1, it switches the traffic to backup ingress PE2, which imports the traffic from CE1 into a backup SR path. The backup path is from the backup ingress PE2 to the egress PE3. When the traffic is imported into the backup path, it is sent to the egress PE3 along the path.

After the failure of the ingress of an SR path happens, there are a couple of different ways to detect the failure. In each way, there may be some specific behavior for the traffic source (e.g., CE1) and the backup ingress (e.g., PE2). In one way, the traffic source (e.g., CE1) is responsible for fast detecting the failure of the ingress (e.g., PE1) of an SR path. Fast detecting the failure means detecting the failure in a few or tens of milliseconds. The backup ingress (e.g., PE2) is ready to import the traffic from the traffic source into the backup SR path installed. In normal operations, the source sends the traffic to the ingress of the SR path. When the source detects the failure of the ingress, it switches the traffic to the backup ingress, which delivers the traffic to the egress of the SR path via the backup SR path. In another way, the backup ingress is responsible for fast detecting the failure of the ingress of an SR path. In normal operations, the source (e.g., CE1) sends the traffic to the ingress (e.g., PE1) and may send the traffic to the backup ingress (e.g., PE2). It sends the traffic to the backup ingress (e.g., PE2) after the ingress fails. The backup ingress does not import any traffic from the source into the backup SR path in normal operations. When it detects the failure of the ingress, it imports the traffic from the source into the backup SR path.

For a SR path from a primary ingress node to an egress node, a backup ingress node is selected to protect the failure of the primary ingress node of the SR path. This section describes the extensions to BGP for representing the information for protecting the primary ingress node in a BGP UPDATE message and distributing the information to the backup ingress node. The information includes a SR backup path. specifies a way of representing a SR path in a BGP UPDATE message and distributing the SR path to the ingress node of the SR path. This is extended to represent the information for protecting the primary ingress by defining a few of new Sub-TLVs.

A new Sub-TLV, called SR Path Ingress Protection Sub-TLV, is defined. When a UPDATE message is sent to the backup ingress node for protecting the primary ingress node of a SR path, the message contains this Sub-TLV. Its format is illustrated below.

TBD1 is to be assigned by IANA. Variable. 1 octet. One flag is defined. 1 bit. It is set to request a backup ingress to let the forwarding entry for the backup SR path be Active. request a backup ingress to let the forwarding entry for the backup SR path be inactive initially and to make the entry be active after detecting the failure of the primary ingress node of the primary SR path. A few optional Sub-TLVs are defined, which are Primary Ingress Sub-TLV, Service Sub-TLV and Traffic Description Sub-TLV.

A Primary Ingress Sub-TLV indicates the IP address of the primary ingress node of a primary SR path. It has two formats: one for primary ingress node IPv4 address and the other for primary ingress node IPv6 address, which are illustrated below.

Its value (1 suggested) is to be assigned by IANA. 4. 4 octets. It represents an IPv4 host address of the primary ingress node of a primary SR path.

Its value (2 suggested) is to be assigned by IANA. 16. 16 octets. It represents an IPv6 host address of the primary ingress node of a primary SR path.

A Service Sub-TLV contains a service ID or label to be added into a packet to be carried by a SR path. It has three formats: the first one for the service identified by a label, the second one for the service identified by a service identifier (ID) of 32 bits, and the third one for the service identified by a service identifier (ID) of 128 bits. Their formats are illustrated below.

Its value (3 suggested) is to be assigned by IANA. 4. the least significant 20 bits. It represents a label of 20 bits.

Its value (4 suggested) is to be assigned by IANA. 4. 4 octets. It represents a Service Identifier (ID) of 32 bits.

Its value (5 suggested) is to be assigned by IANA. 16. 16 octets. It represents a Service Identifier (ID) of 128 bits.

A Traffic Description Sub-TLV describes the traffic to be imported into a backup SR path. Five Traffic Description Sub-TLVs are defined. Two of them are FEC Sub-TLVs and the others are interface Sub-TLVs. Two FEC Sub-TLVs are IPv4 and IPv6 FEC Sub-TLVs. Their formats are illustrated below.

Its value (6 suggested) is to be assigned by IANA. Variable. Indicates the length of the IPv4 Prefix. IPv4 Prefix rounded to octets. 2 octets. This is optional. It indicates the ID of a virtual network.

Its value (7 suggested) is to be assigned by IANA. Variable. Indicates the length of the IPv6 Prefix. IPv6 Prefix rounded to octets. 2 octets. This is optional. It indicates the ID of a virtual network. An Interface sub-TLV indicates the interface from which the traffic is received and imported into the backup SR path/tunnel. It has three formats: one for interface index, the other two for IPv4 and IPv6 address, which are illustrated below.

Its value (8 suggested) is to be assigned by IANA. 4. 4 octets. It indicates the index of an interface.

Its value (9 suggested) is to be assigned by IANA. 4. 4 octets. It represents the IPv4 address of an interface.

Its value (10 suggested) is to be assigned by IANA. 16. 16 octets. It represents the IPv6 address of an interface.

When a backup ingress node receives a UPDATE message containing the information for protecting the primary ingress node of a SR path, it installs a forwarding entry in its FIB based on the information. The information is encoded in a SR policy of the following structure:

Attributes: Tunnel Encaps Attribute (23) Tunnel Type (15): SR Policy SR Path Ingress Protection Sub-TLV Primary Ingress Sub-TLV Service Sub-TLV Traffic Description Sub-TLV Preference Sub-TLV Binding SID Sub-TLV Explicit NULL Label Policy (ENLP) Sub-TLV Priority Sub-TLV Policy Name Sub-TLV Segment List Sub-TLV Weight Sub-TLV Segment Sub-TLV Segment Sub-TLV ... ... ]]> Where: SR Policy SAFI NLRI is defined in . Tunnel Encapsulation Attribute is defined in . Tunnel Type of SR Policy is defined in . SR Path Ingress Protection, Primary Ingress, Service and Traffic Description Sub-TLVs are defined in this document. Preference, Binding SID, ENLP, Priority, Policy Name, Segment List, Weight and Segment Sub-TLVs are defined in . After receiving a SR policy with a SR Path Ingress Protection Sub-TLV, the backup ingress node will install one or more candidate paths into its "BGP table". Another module such as SRPM will choose one or more paths and install the forwarding entries for them in the data plane. The forwarding entries for the paths installed in the data plane will be set to be inactive if the flag A in the SR Path Ingress Protection Sub-TLV is zero. When the primary ingress node fails, these forwarding entries are set to be active. The failure of the primary ingress may be detected by the backup ingress node through using a mechanism such as BFD. The IP address of the primary ingress in the Primary Ingress Sub-TLV may be used for detecting the failure of the primary ingress node. If the flag A in the SR Path Ingress Protection Sub-TLV is one, then the forwarding entries for the paths installed in the data plane will be set to be active. When there is a Service Sub-TLV in the SR Path Ingress Protection Sub-TLV, the ID or Label in the Service Sub-TLV will be included in the forwarding entries. When a packet is imported into a backup SR path using the forwarding entries, the service ID or Label is pushed first and then the sequence of segments represented in the Segment List Sub-TLV.

Protocol extensions defined in this document do not affect the BGP security other than those as discussed in the Security Considerations section of [RFC5575].

The authors of this document would like to thank Dhruv Dhody for the comments.

Under Existing Registry Name: "BGP Tunnel Encapsulation Attribute Sub-TLVs", IANA is requested to assign a new Sub-TLV value for SR Path Ingress Protection as follows:

Value sub-TLV Name Reference ----- ------------------------------------ -------------- TBD1 SR Path Ingress Protection Sub-TLV This Document

A new registry called "Ingress Protection Information Sub-TLVs" is defined in this document. IANA is requested to create and maintain new registry: Ingress Protection Information Sub-TLVs Initial values for the registry are given below. The future assignments are to be made through IETF Review .

Value sub-TLV Name Reference ----- ------------------------------------- -------------- 0 Reserved 1 Primary Ingress IPv4 Address Sub-TLV This Document 2 Primary Ingress IPv6 Address Sub-TLV This Document 3 Service Label Sub-TLV This Document 4 32 Bits Service ID Sub-TLV This Document 5 128 Bits Service ID Sub-TLV This Document 6 IPv4 FEC Sub-TLV This Document 7 IPv6 FEC Sub-TLV This Document 8 Interface Index Sub-TLV This Document 9 Interface IPv4 Address Sub-TLV This Document 10 Interface IPv6 Address Sub-TLV This Document 11-255 Unassigned