Using Flex-Algo for Segment Routing based VTN

Enhanced VPN (VPN+) is an enhancement to VPN services to support the needs of new applications, particularly including the applications that are associated with 5G services. These applications require enhanced isolation and have more stringent performance requirements than that can be provided with traditional overlay VPNs. Thus these properties require integration between the underlay and the overlay networks. specifies the framework of enhanced VPN and describes the candidate component technologies in different network planes and layers. An enhanced VPN may be used for 5G transport network slicing, and will also be of use in other generic scenarios. To meet the requirement of enhanced VPN services, a number of virtual transport networks (VTN) can be created, each with a subset of the underlay network topology and a set of network resources allocated from the underlay network to meet the requirement of a specific VPN+ service or a group of VPN+ services. Another possible approach is to create a set of point-to-point paths, each with a set of network resource reserved along the path, such paths are called Virtual Transport Paths (VTPs). Although using a set of dedicated VTPs can provide similar characteristics as VTN, it has some scalability issues due to the per-path state in the network. introduces resource awareness to Segment Routing (SR) . As described in , the resource-aware SIDs can be used to build VTNs with the required network topology and network resource attributes to support VPN+ services. With segment routing based data plane, Segment Identifiers (SIDs) can be used to represent both the topology and the set of network resources allocated by network nodes to a VTN. The SIDs of each VTN together with its associated topology and resource attributes need to be distributed using control plane. defines the IGP mechanisms and extensions to provide scalable Segment Routing (SR) based VTNs. The mechanism in allows flexible combination of the topology and resource attribute to provide a relatively large number of VTNs. In some network scenarios, each VTN can be associated with a unique Flex-Algo, and the set of network resources allocated to the VTN can be instantiated using layer-2 sub-interfaces or member links of the L3 interfaces. This document describes a mechanism to build the SR based VTNs using SR Flex-Algo and IGP L2 bundle with minor extensions.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 RFC 2119 RFC 8174 when, and only when, they appear in all capitals, as shown here.

specifies the mechanism to provide distributed constraint-path computation, and the usage of SR-MPLS prefix-SIDs and SRv6 locators for steering traffic along the constrained paths. The Flex-Algo Definition (FAD) is the combination of calculation-type, metric-type and the topological constraints used for path computation. According to the network nodes' participation of a Flex-Algo, and the rules of including or excluding Admin Groups (i.e. colors) and Shared Risk Link Groups (SRLGs), the topology of a VTN can be described using the associated Flex-Algo. If each VTN is associated with a unique Flex-Algo, the Flex-Algo identifier could be reused as the identifier of the VTN in the control plane. With the mechanisms defined in , SR-MPLS prefix-SID advertisement can be associated with a specific topology and a specific algorithm, which can be a Flex-Algo. This allows the nodes to use the prefix-SIDs to steer traffic along distributed computed constraint paths according to the associated Flex-Algo in a particular topology. specifies the IS-IS extensions to support SRv6 data plane, in which the SRv6 locators advertisement is associated with a topology and a specific algorithm, which can be a Flex-Algo. This allows the nodes to use the SRv6 locators to steer traffic along distributed computed constraint paths according to the associated Flex-Algo in a particular topology. In addition, topology/algorithm specific SRv6 End SIDs and End.X SIDs can be used to enforce traffic over the Loop-Free Alternatives (LFA) computed backup paths.

Each VTN can be allocated with a set of dedicated network resources on different network nodes and links. In order to perform constraint based path computation for each VTN on network controller and the ingress nodes, the resource attribute of each VTN also needs to be advertised. This way, the network controller or the ingress node can compute an SR TE path in a VTN by taking both the Flex-Algo constraints and the resource attribute of the VTN into consideration. IS-IS L2 Bundle was defined to advertise the link attributes of the layer-2 bundle member links. In this section, it is extended to advertise the set of network resource attributes associated with different VTNs on a layer-3 link. The layer-3 link may or may not be a bundle of layer-2 links, as long as it has the capability of partitioning the link resources into different subsets for different VTNs it participates in. One partition of the link resources can be instantiated as a layer-2 sub-interface, which can be seen as a virtual layer-2 member link of the layer-3 link. If the layer-3 link is a layer-2 link bundle, it is possible that the set of link resource allocated to a specific VTN is provided by one or multiple physical layer-2 member links. A new flag "E" (Exclusive) is defined in the flag field of the Parent L3 Neighbor Descriptor in the L2 Bundle Member Attributes TLV (25).

E flag: When the E flag is set, it indicates each member link under the Parent L3 link are used exclusively for one VTN, and load sharing among the member links is not allowed. When the E flag is clear, it indicates load balancing and sharing among the member links are allowed. For each virtual or physical layer-2 member link, the TE attributes defined in such as the Maximum Link Bandwidth and Admin Groups SHOULD be advertised using the mechanism as defined in . The SR-MPLS Adj-SIDs or SRv6 End.X SIDs associated with each of the virtual or physical Layer-2 member links SHOULD also be advertised according to and . In order to correlate the virtual or physical layer-2 member links with the Flex-Algo ID which is used to identify the VTN, each VTN SHOULD be assigned with a unique Admin Group (AG) or Extended Admin Group (EAG), and the virtual or physical layer-2 member links associated with this VTN SHOULD be configured with the AG or EAG assigned to the VTN. The AG or EAG of the parent layer-3 link SHOULD be set to the union of all the AGs or EAGs of its virtual or physical layer-2 member links. In the definition of the Flex-Algo corresponding to the VTN, It MUST use the Include-Any Admin Group rule with only the AG or EAG assigned to the VTN as the link constraints, the Include-All Admin Goup rule or the Exclude Admin Group rule MUST NOT be used. This is to ensure that the layer-3 link is included in the Flex-Algo constraint based path computation for each VTN it participates in.

For SR-MPLS data plane, a prefix SID is associated with the paths calculated using the Flex-Algo corresponding to a VTN. An outgoing layer-3 interface is determined for each path. In addition, the prefix-SID also steers the traffic to use the virtual or physical layer-2 member link which is associated with the VTN on the outgoing layer-3 interface for packet forwarding. The Adj-SIDs associated with the virtual or physical member links of a VTN MAY be used with the prefix-SIDs of the same VTN together to build SR-MPLS TE paths with the topological and resource constraints of the VTN. For SRv6 data plane, an SRv6 Locator is a prefix which is associated with the paths calculated using the Flex-Algo corresponding to a VTN. An outgoing Layer-3 interface is determined for each path. In addition, the SRv6 Locator prefix also steers the traffic to use the virtual or physical layer-2 member link which is associated with the VTN on the outgoing layer-3 interface for packet forwarding. The End.XU SIDs associated with the virtual or physical member links of a VTN MAY be used with the SRv6 Locator prefix of the same VTN together to build SRv6 paths with the topological and resource constraints of the VTN.

The mechanism described in this document assumes that each VTN is associated with a unique Flex-Algo, so that the Flex-Algo IDs can be reused to identify the VTNs in the control plane. While this brings the benefit of simplicity, it also has some limitations. For example, it means that even if multiple VTNs share the same topological constraints, they still need to be identified using different Flex-Algo IDs in the control plane, then independent path computation needs to be executed for each VTN. The number of VTNs supported in a network may be dependent on the number of Flex-Algos supported, which is related to the number of Flex-Algos defined in the protocol (which is 128) and the control plane overhead on network nodes. The mechanism described in this document is applicable to network scenarios where the number of required VTN is relatively small. A detailed analysis about the VTN scalability and the possible optimizations for supporting a large number of VTNs is described in .

This document introduces no additional security vulnerabilities to IS-IS. The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on IGPs.

This document does not request any IANA actions.

The authors would like to thank Zhenbin Li and Peter Psenak for the review and discussion of this document.