Using Flex-Algo for Segment Routing (SR) based Network Resource Partition (NRP)

Enhanced VPNs aim to deliver VPN services with enhanced characteristics, such as guaranteed resources, latency, jitter, etc., so as to support customers requirements for connectivity services with these enhanced characteristics. Enhanced VPN requires integration between the overlay VPN connectivity and the characteristics provided by the underlay network. discusses the general framework, components, and interfaces for requesting and operating network slices using IETF technologies. Network slice is considered as one target use case of enhanced VPNs. also introduces the concept of the Network Resource Partition (NRP), which is a subset of the buffer/queuing/scheduling resources and associated policies on each of a connected set of links in an underlay network. An NRP can be associated with a logical network topology to select or specify the set of links and nodes involved. specifies the framework of NRP-based enhanced VPNs and describes the candidate component technologies in different network planes and network layers. An NRP could be used as the underlay to meet the requirement of one or a group of enhanced VPN services. To meet the requirement of enhanced VPN services, a number of NRPs can be created, each with a subset of network resources allocated on network nodes and links in a customized topology of the physical network. introduces resource awareness to Segment Routing (SR) . The resource-aware SIDs have additional semantics to identify the set of network resources available for the packet processing action associated with the SIDs. As described in , the resource- aware SIDs can be used to build SR-based NRPs with the required network topology and network resource attributes to support enhanced VPN services. In an SR-based data plane, Segment Identifiers (SIDs) can be used to represent both the topological instructions and a subset of network resources on the network nodes and links which are allocated to an NRP. The SR SIDs and the associated topology and resource attributes of an NRP need to be distributed using a control plane. In some network scenarios, the required number of NRPs could be small, then it can be assumed that each NRP is associated with an independent logical topology, and has a set of dedicated or shared network resources. For such scenarios, this document describes a simple mechanism to build Segment Routing (SR) based NRPs, by combining SR Flex-Algo and IGP L2 bundles with minor extensions. More specifically, each NRP is associated with a unique Flex-Algo, and the subset of network resources allocated to the NRP are instantiated using either virtual sub-interfaces or layer-2 member links of L3 interfaces. This document updates by defining a new flag in the Parent L3 Neighbor Descriptor in the L2 Bundle Member Attributes TLV. states that all bit fields not defined in that document "MUST be set to zero on transmission and ignored on receipt". Section 3 of this document defines a new flag and specifies when it should be set and how it should be processed.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

specifies the mechanism to provide distributed constraint-path computation, and the use of SR-MPLS prefix-SIDs and SRv6 locators in data plane for steering traffic along the constrained paths. The Flex-Algo Definition (FAD) is the combination of calculation-type, metric-type and the topological constraints used for path computation. According to the network nodes' participation of a Flex-Algo, and the rules of including or excluding Admin Groups (i.e. colors) and Shared Risk Link Groups (SRLGs), the topology of an NRP can be described using the associated Flex-Algo. If each NRP is associated with a unique Flex-Algo, the Flex-Algo identifier could be used as the identifier of the NRP in the control plane. With the mechanisms defined in , SR-MPLS prefix-SID advertisement can be associated with a constrained topology, which can be defined by a Flex-Algo. This allows the nodes to use the prefix-SIDs to steer traffic along distributed computed constraint paths according to the associated Flex-Algo in a particular topology. specifies the IS-IS extensions to support SRv6 data plane, in which the SRv6 locators advertisement is associated with a constrained topology, which can be defined by a Flex-Algo. This allows the nodes to use the SRv6 locators to steer traffic along constraint paths computed using the Flex-Algo in the associated topology. In addition, SRv6 End SIDs and End.X SIDs which are associated with a Flex-Algo can be used to enforce traffic over the Loop-Free Alternatives (LFA) computed backup paths.

Each NRP can be allocated with a set of dedicated or shared network resources on a connected set of links in the underlay network. In order for a network controller or the ingress nodes to perform constraint based path computation for each NRP, the resource attributes of each NRP need to be advertised in the control plane, and distributed to the network controller. This way, the network controller or the ingress node can compute an SR-TE path in the NRP by taking both the Flex-Algo constraints and the resource attributes of the NRP into consideration. IS-IS L2 Bundle was defined to advertise the link attributes of the layer-2 bundle member links. In this section, it is extended to advertise different subset of link resources and attributes associated with different NRPs on a layer-3 link. The layer-3 link must have the capability of partitioning the link resources into different subsets and allocate them to different NRPs it participates in. Each partition of the link resources can be instantiated as a virtual sub-interface, which can be seen as a virtual layer-2 member link of the layer-3 link. When the layer-3 link is a layer-2 link bundle, the subset of link resources allocated to a specific NRP may be provided by one or multiple physical layer-2 member links in the link bundle. Normally the member links of a L2 link bundle are used in load-balancing mode, some extension is needed to indicate that each member link is used exclusively for traffic of a specific NRP. A new flag "E" (Exclusive) is defined in the flag field of the Parent L3 Neighbor Descriptor in the L2 Bundle Member Attributes TLV (25).

E flag: When the E flag is set, it indicates each member link under the Parent L3 link is used exclusively for one NRP, and load balancing among the member links is not allowed. When the E flag is clear, it indicates load balancing and sharing among the member links are allowed. The E flag can be used by a network controller to compute paths which only use the set of dedicated member link resources of an NRP. In addition, it can also be used by network nodes which perform Flex-Algo based constrained path computation, taking the exclusive member link resource into consideration. This way, packets with Flex-Algo specific SR SIDs can be steered to only use the member link resources associated with the Flex-Algo for forwarding. Note that a legacy implementations of will set the E flag to zero (clear) meaning that load balancing among the component links is the default behavior. Further, when a legacy implementation receives an E flag that is set, it will ignore the flag and so will assume that load balancing among component links is allowed even when the sender has requested it to not be used. The Flex-Algo associated with the NRP can be defined that only nodes which support the E flag and the mechanisms defined in this document are included in the constraint-based path computation and packet forwarding of the NRP. For each virtual or physical layer-2 member link under the layer-3 interface, the Admin Groups (AG) or Extended Admin Group (EAG) attribute MUST be advertised using the mechanisms as defined in . Other TE attributes as defined in such as the Maximum Link Bandwidth attribute MAY be advertised for the constraint-based path computation. The SR-MPLS Adj-SIDs or SRv6 End.X SIDs associated with each of the virtual or physical layer-2 member links SHOULD be advertised according to and . In order to correlate the virtual or physical layer-2 member links with the associated Flex-Algo ID of the NRP, each NRP SHOULD be assigned with a unique Admin Group (AG) or Extended Admin Group (EAG), and the virtual or physical layer-2 member links associated with this NRP SHOULD be configured with the AG or EAG of the NRP. The AG or EAG of the parent layer-3 link SHOULD be set to the union of all the AGs or EAGs of its virtual or physical layer-2 member links. In the definition of the Flex-Algo which is associated with the NRP, the Include-Any Admin Group with only the AG or EAG assigned to the NRP SHOULD be used as the link constraints, the Include-All Admin Goup or the Exclude Admin Group rules MUST NOT be used for a Flex-Algo associated with an NRP. This is to ensure that the layer-3 link is included in the Flex-Algo constraint path computation for each NRP it participates in.

For the SR-MPLS data plane, a prefix SID is associated with the paths calculated using the Flex-Algo corresponding to the NRP. An outgoing layer-3 interface is determined for each path. In addition, the prefix-SID also steers the traffic to use the virtual or physical layer-2 member link which is associated with the NRP on the outgoing layer-3 interface for packet forwarding. A forwarding entry MUST be installed in the forwarding plane using the MPLS label that corresponds to the Prefix-SID associated with the Flex-algorithm corresponding to the NRP. The Adj-SIDs associated with the virtual or physical member links of an NRP MAY be used together with the prefix-SIDs of the same NRP to build SR-MPLS TE paths under the topological and resource constraints of the NRP. For the SRv6 data plane, an SRv6 Locator is a prefix which is associated with the paths calculated using the Flex-Algo corresponding to the NRP. An outgoing Layer-3 interface is determined for each path. In addition, the SRv6 Locator prefix also steers the traffic to use the virtual or physical layer-2 member link which is associated with the NRP on the outgoing layer-3 interface for packet forwarding. A forwarding entry for the SRv6 Locator prefix MUST be installed in the forwarding plane for the Flex-algorithm corresponding to the NRP. The End.XU SIDs associated with the virtual or physical member links of an NRP MAY be used together with other types of SRv6 SIDs of the same NRP to build SRv6 paths under the topological and resource constraints of the NRP.

The mechanism described in this document assumes that each NRP is associated with a unique Flex-Algo, so that the Flex-Algo IDs can be reused to identify the NRPs in the control plane. While this brings the benefit of simplicity, it also has some limitations. For example, it means that even if multiple NRPs share the same constrained topology, they would still need to be identified using different Flex-Algos in the control plane, then independent path computation needs to be executed for each NRP. Thus the number of NRPs supported in a network may be dependent on the number of topologies supported, which is related to both the number of topologies supported in the protocol and the control plane overhead which the network nodes could accomodate. The mechanism described in this document is considered useful for network scenarios in which the required number of NRPs is small, as minor control protocol extension is required. For network scenarios where the number of required NRPs is large, more scalable solution would be needed, which may require further protocol extensions and enhancements. A detailed analysis about the NRP scalability and the possible optimizations for supporting a large number of NRPs is described in .

This document introduces no additional security vulnerabilities to IS-IS. The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on IS-IS.

This document does not request any IANA actions.

The authors would like to thank Zhenbin Li, Peter Psenak, Adrian Farrel and Gyan Mishra for the review and discussion of this document.