MPLS Network Actions for Network Resource Partition Selector

An IETF Network Slice service provides connectivity coupled with a set of specific commitments of network resources between a number of endpoints over a shared underlay network. The IETF Network Slice service is expressed in terms of one or more connectivity constructs. A Network Resource Partition (NRP) is a collection of resources identified in the underlay network to support IETF Network Slice services (or any other services that need logical network structures with required characteristics to be created). An NRP Policy is a policy construct that enables instantiation of mechanisms in support of service specific control and data plane behaviors on select topological elements associated with the NRP. A Slice-Flow Aggregate refers to the set of traffic streams from one or more connectivity constructs belonging to one or more IETF Network Slices that are mapped to a specific NRP and are provided the same forwarding treatment. The NRP policy dictates the identification of the flow aggregate that the packet belongs to and the corresponding forwarding treatment that needs to be applied to the packet. The packets associated with a Slice-Flow Aggregate may carry a marking in the packet's network layer header to identify this association and this marking is referred to as NRP Selector (NRPS). discusses a few options for carrying the NRP Selector in MPLS packets, including overloading the semantics of forwarding/service labels and using a dedicated identifier field. specifies an architectural framework for the MPLS Network Actions (MNA) technologies. MNA technologies are used to indicate actions for Label Switched Paths (LSPs) and/or MPLS packets and to transfer data needed for these actions. The MNA architecture can facilitate carrying the dedicated identifier based NRP Selector in the MPLS label stack. This document discusses a few options for using MPLS network actions to carry the NRP Selector. The proposed encodings are compliant with the MNA header encoding formats defined in . The reader is expected to be familiar with terminology specified in and MNA header encoding formats defined in .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

The format of the 13-bit NRP Selector (NRPS13) Action (when encoded in the second label stack entry in the Network Action Sub-Stack):

Name: 13-bit NRP Selector (NRPS13) Action Network Action Indication: The NRPS13 Action indication is opcode TBA1. Scope: The NRPS13 Action is valid in all scopes. In-Stack Data: The NRPS13 Action carries 13 bits of ancillary data. The NRPS is encoded in the 13 bits. The packet carrying the NRPS13 action should be given the forwarding treatment specified by the associated policy. LSE Format: B. Post-Stack Data: None.

The format of the 20-bit NRP Selector (NRPS20) Action:

Name: 20-bit NRP Selector (NRPS20) Action Network Action Indication: The NRPS20 Action indication is opcode TBA2. Scope: The NRPS20 Action is valid in all scopes. In-Stack Data: The NRPS20 Action carries 20 bits of ancillary data. The NRPS is encoded in the 20 bits. The packet carrying the NRPS20 action should be given the forwarding treatment specified by the associated policy. LSE Format: C. The Network Action Length (NAL) field SHOULD be transmitted as zero. Post-Stack Data: None.

The format of the 20-bit Entropy and NRP Selector (ENRPS20) Action:

Name: 20-bit Entropy and NRP Selector (ENRPS20) Action Network Action Indication: The ENRPS20 Action indication is opcode TBA3. Scope: The ENRPS20 Action is valid in all scopes. In-Stack Data: The ENRPS20 Action carries 20 bits of ancillary data. The most significant 12 bits of ancillary data is the Entropy Value. The least significant 8 bits of ancillary data is the NRPS. The Entropy Value has semantics consistent with the Entropy Label . While the RFC 6790 Entropy Label has some restrictions to avoid collisions with the reserved label space (0-15) , those restrictions are not necessary for the Entropy Value and do not apply. The packet carrying the ENRPS20 action should be given the forwarding treatment specified by the associated policy. LSE Format: C. The Network Action Length (NAL) field SHOULD be transmitted as zero. Post-Stack Data: None.

This document requests that IANA allocate a codepoint (TBA1) from the "Multiprotocol Label Switching Architecture (MPLS)"/"MPLS Network Actions Parameters"/"Network Action Opcodes" registry for the 13-bit NRP Selector Action. The allocation should reference this document.

This document requests that IANA allocate a codepoint (TBA2) from the "Multiprotocol Label Switching Architecture (MPLS)"/"MPLS Network Actions Parameters"/"Network Action Opcodes" registry for the 20-bit NRP Selector Action. The allocation should reference this document.

This document requests that IANA allocate a codepoint (TBA3) from the "Multiprotocol Label Switching Architecture (MPLS)"/"MPLS Network Actions Parameters"/"Network Action Opcodes" registry for the 20-bit Entropy and NRP Selector Action. The allocation should reference this document.

The forwarding plane is insecure. If an adversary can affect the forwarding plane, then they can inject data, remove data, corrupt data, or modify data. MNA additionally allows an adversary to make packets perform arbitrary network actions. Link-level security mechanisms can help mitigate some on-link attacks, but does nothing to preclude hostile nodes.

The following individuals contributed to this document: Colby Barth

Juniper Networks

Email: cbarth@juniper.net Srihari R. Sangli

Juniper Networks

Email: ssangli@juniper.net Chandra Ramachandran

Juniper Networks

Email: csekar@juniper.net Kireeti Kompella

Juniper Networks

Email: kireeti@juniper.net