New H3C Technologies

8 Yongjia North Road Beijing Haidian District 100094 China linchangwang.04414@h3c.com

China Mobile

32 Xuanwumen West Street Beijing Xicheng District 100053 China chengweiqiang@chinamobile.com

ZTE

China liu.yao71@zte.com.cn

Cisco Systems

India ketant.ietf@gmail.com

New H3C Technologies

China chen.mengxiao@h3c.com

IDR Segment Routing is a source routing paradigm that explicitly indicates the forwarding path for packets at the ingress node. An SR Policy is a set of candidate paths, each consisting of one or more segment lists. This document defines extensions to BGP SR Policy to specify the identifier of segment list.

Introduction Segment routing (SR) is a source routing paradigm that explicitly indicates the forwarding path for packets at the ingress node. The ingress node steers packets into a specific path according to the Segment Routing Policy (SR Policy) as defined in . In order to distribute SR policies to the headend, specifies a mechanism by using BGP. However, there is no identifier for segment list in BGP SR Policy, which may cause inconvenience for other mechanisms to designate segment lists distributed by BGP. Consider the case of a network controller distributing SR policies to the headend nodes where the headend nodes need to collect traffic forwarding statistics per segment list. When a headend node reports each statistic to the controller, it needs to specify the segment list which the statistic belongs to. Due to the lack of identifier, the headend node usually reports all SIDs in the associated segment list along with the statistic, and then the controller needs to compare the SIDs one by one to recognize which segment list it is. The advertisement of all SIDs in the segment list consumes a lot of octets, and the comparison of SIDs can be complicated. Consider a second example where a network controller distributes SR policies using BGP, and then it uses NETCONF to set some configurations of the segment lists which are not suitable to be carried in BGP. The controller needs to specify which segment list these configurations belong to when it issues them. In this case, a simple identifier of segment list can also be helpful. An identifier of segment list may also serve as a user-friendly attribute for debugging and troubleshooting purposes, such as displaying an invalid segment list when its associated BFD session is down. This document defines extensions to BGP SR Policy to specify the identifier of segment list.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Segment List Identifier in SR Policy As defined in , the SR policy encoding structure is as follows:

SR Policy Encoding Attributes: Tunnel Encapsulation Attribute (23) Tunnel Type: SR Policy (15) Binding SID SRv6 Binding SID Preference Priority Policy Name Policy Candidate Path Name Explicit NULL Label Policy (ENLP) Segment List Weight Segment Segment ... ... ]]>

SR policy with segment list identifier is expressed as below:

SR policy with segment list identifier Encoding Attributes: Tunnel Encapsulation Attribute (23) Tunnel Type: SR Policy (15) Binding SID SRv6 Binding SID Preference Priority Policy Name Policy Candidate Path Name Explicit NULL Label Policy (ENLP) Segment List Weight Segment List Identifier Segment Segment ... ... ]]>

The segment list identifier can be advertised using the Segment List ID sub-TLV, as defined in . When signaling SR Policy by PCEP (see section 5.2), a segment list is identified by "Path ID", which is a 4-octet identifier. In this document, the segment list identifier is also represented using a 4-octet ID.

Segment List ID Sub-TLV The Segment List ID sub-TLV is defined in the BGP Tunnel Encapsulation Attribute . The Segment List ID sub-TLV can be carried in the BGP Tunnel Encapsulation Attribute with the tunnel type set to SR Policy. The Segment List ID sub-TLV specifies the identifier of the segment list by a 4-octet number. The Segment List ID is unique within the context of a Candidate Path. The Segment List ID sub-TLV is optional and it MUST NOT appear more than once inside the Segment List sub-TLV. If multiple instances are present, then the first one is considered valid and the other instances MUST be ignored and MUST NOT considered to be malformed. The Segment List ID sub-TLV has the following format:

Segment List ID sub-TLV

where:

• Type: TBD(19).
• Length: 6.
• Flags: 1 octet of flags. None are defined at this stage. Flags SHOULD be set to zero on transmission and MUST be ignored on receipt.
• RESERVED: 1 octet of reserved bits. SHOULD be set to zero on transmission and MUST be ignored on receipt.
• Segment List ID: 4 octets which carry a 32-bit unsigned non-zero number that serves as the identifier associated with the segment list. A value of 0 indicates that there is no identifier associated with the Segment List. The scope of this identifier is the SR Policy Candidate path.

The validation of an SR Policy NLRI with the Segment List ID sub-TLV in the BGP tunnel encapsulation attribute follows the procedures in section 4.2 of . The Segment List ID sub-TLV is considered malformed if its format does not match the above description. If its format is considered malformed, the associated BGP SR Policy NLRI is considered malformed and the "treat-as-withdraw" strategy of MUST be applied.

Security Considerations The protocol extensions defined in this document do not affect the base BGP security model. The security requirements and mechanisms described in also apply to this document. SR operates within a trusted SR domain and its security considerations also apply to BGP sessions when carrying SR Policy information. The Segment List ID sub-TLV is an optional sub-TLV that specifies an identifier associated with a segment list. The scope of this identifier is the SR Policy Candidate Path. The Segment List ID uniquely identifies a segment list within an SR Policy Candidate Path. The Segment List ID is assigned by a controller, distributed via BGP, and used as an identifier for the segment list. Since this identifier may expose mission-critical or commercially sensitive network information, it introduces a confidentiality risk. Network operators MUST ensure that only trusted nodes (including both routers and controller applications) within the SR domain are permitted to receive this information.

Implementation Status [Note to the RFC Editor - remove this section before publication, as well as remove the reference to [RFC7942]. This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

New H3C Technologies

• Organization: New H3C Technologies.
• Implementation: H3C CR16000, CR19000 series routers implementation.
• Description: All sections including all the "MUST" and "SHOULD" clauses have been implemented in above-mentioned New H3C Products(running Version 7.1.099 and above).
• Maturity Level: Product
• Coverage: All sections.
• Version: Draft-03
• Licensing: N/A
• Implementation experience: Nothing specific.
• Contact: linchangwang.04414@h3c.com
• Last updated: February 10, 2025

ZTE Corp

• Organization: ZTE Corporation
• Implementation: ZTE's ZXR10 core router
• Description: The implementation in lab has been completed. The commercial implementation is under development.
• Maturity Level: Product
• Coverage: All
• Version: Draft-03
• Licensing: N/A
• Implementation experience: Nothing specific.
• Contact: feng.jun99@zte.com.cn
• Last updated: February 6, 2025

IANA Considerations This document defines a new Sub-TLV in the registry "SR Policy Segment List Sub-TLVs" :

Acknowledgments The authors would like to thank Susan Hares, Hao Li, Haiyang Zhang, Yisong Liu, Ran Chen, Libin Liu, Lancheng Qin and Xinxin Yi for their review and discussion of this document.

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. According to the base BGP specification, a BGP speaker that receives an UPDATE message containing a malformed attribute is required to reset the session over which the offending attribute was received. This behavior is undesirable because a session reset would impact not only routes with the offending attribute but also other valid routes exchanged over the session. This document partially revises the error handling for UPDATE messages and provides guidelines for the authors of documents defining new attributes. Finally, it revises the error handling procedures for a number of existing attributes. This document updates error handling for RFCs 1997, 4271, 4360, 4456, 4760, 5543, 5701, and 6368. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Segment Routing (SR) leverages the source routing paradigm. A node steers a packet through an ordered list of instructions, called "segments". A segment can represent any instruction, topological or service based. A segment can have a semantic local to an SR node or global within an SR domain. SR provides a mechanism that allows a flow to be restricted to a specific topological path, while maintaining per-flow state only at the ingress node(s) to the SR domain. SR can be directly applied to the MPLS architecture with no change to the forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels. The segment to process is on the top of the stack. Upon completion of a segment, the related label is popped from the stack. SR can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address (DA) of the packet. The next active segment is indicated by a pointer in the new routing header. This document defines a BGP path attribute known as the "Tunnel Encapsulation attribute", which can be used with BGP UPDATEs of various Subsequent Address Family Identifiers (SAFIs) to provide information needed to create tunnels and their corresponding encapsulation headers. It provides encodings for a number of tunnel types, along with procedures for choosing between alternate tunnels and routing packets into tunnels. This document obsoletes RFC 5512, which provided an earlier definition of the Tunnel Encapsulation attribute. RFC 5512 was never deployed in production. Since RFC 5566 relies on RFC 5512, it is likewise obsoleted. This document updates RFC 5640 by indicating that the Load-Balancing Block sub-TLV may be included in any Tunnel Encapsulation attribute where load balancing is desired. Segment Routing (SR) allows a node to steer a packet flow along any path. Intermediate per-path states are eliminated thanks to source routing. SR Policy is an ordered list of segments (i.e., instructions) that represent a source-routed policy. Packet flows are steered into an SR Policy on a node where it is instantiated called a headend node. The packets steered into an SR Policy carry an ordered list of segments associated with that SR Policy. This document updates RFC 8402 as it details the concepts of SR Policy and steering into an SR Policy. Huawei Technologies Cisco Systems Cisco Systems Microsoft Google A Segment Routing (SR) Policy is an ordered list of segments (also referred to as instructions) that define a source-routed policy. An SR Policy consists of one or more candidate paths, each comprising one or more segment lists. A headend can be provisioned with these candidate paths using various mechanisms, such as CLI, NETCONF, PCEP, or BGP. This document specifies how BGP can be used to distribute SR Policy candidate paths. It introduces a BGP SAFI for advertising a candidate path of an SR Policy and defines sub-TLVs for the Tunnel Encapsulation Attribute to signal information related to these candidate paths. Furthermore, this document updates RFC9012 by extending the Color Extended Community to support additional steering modes over SR Policy. Informative References Ciena Corporation Ciena Corporation Cisco Systems Juniper Networks, Inc. Nokia Ciena Huawei Technologies Verizon Inc. Cisco Systems. Certain traffic engineering path computation problems require solutions that consist of multiple traffic paths, that together form a solution. Returning just one single traffic path does not provide a valid solution. This document defines mechanisms to encode multiple paths for a single set of objectives and constraints. This allows encoding of multiple Segment Lists per Candidate Path within a Segment Routing Policy. The new PCEP mechanisms are meant to be generic, where possible, to allow for future re-use outside of SR Policy. The new PCEP mechanisms are applicable to both stateless and stateful PCEP.