Skip to main content

BGP Signaling of IPv6-Segment-Routing-based VPN Networks
draft-dawra-idr-srv6-vpn-04

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Authors Gaurav Dawra , Clarence Filsfils , Darren Dukes , Patrice Brissette , Pablo Camarillo , John Leddy , Daniel Voyer , Daniel Bernier , Dirk Steinberg , Robert Raszuk , Bruno Decraene , Satoru Matsushima , Shunwan Zhuang
Last updated 2018-06-26 (Latest revision 2017-12-26)
Replaces draft-dawra-bgp-srv6-vpn
Replaced by draft-dawra-bess-srv6-services
RFC stream (None)
Formats
Additional resources
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-dawra-idr-srv6-vpn-04
Inter-Domain Routing
Internet-Draft
Intended status: Standards Track                           G. Dawra, Ed.
Expires: December 27, 2018                                      LinkedIn
                                                             C. Filsfils
                                                                D. Dukes
                                                            P. Brissette
                                                             P. Camarilo
                                                           Cisco Systems
                                                                J. Leddy
                                                                 Comcast
                                                                D. Voyer
                                                              D. Bernier
                                                             Bell Canada
                                                            D. Steinberg
                                                    Steinberg Consulting
                                                               R. Raszuk
                                                            Bloomberg LP
                                                             B. Decraene
                                                                  Orange
                                                           S. Matsushima
                                                                SoftBank
                                                               S. Zhuang
                                                     Huawei Technologies
                                                           June 25, 2018

        BGP Signaling of IPv6-Segment-Routing-based VPN Networks
                      draft-dawra-idr-srv6-vpn-04

Abstract

   This draft defines procedures and messages for BGP SRv6-based L3VPN
   and EVPN.  It builds on RFC4364 "BGP/MPLS IP Virtual Private Networks
   (VPNs)" and RFC7432 "BGP MPLS-Based Ethernet VPN" and provides a
   migration path from MPLS-based VPNs to SRv6 based VPNs.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

Dawra, et al.           Expires December 27, 2018               [Page 1]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 27, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  SRv6-VPN SID TLV  . . . . . . . . . . . . . . . . . . . . . .   4
   3.  BGP based L3 over SRv6  . . . . . . . . . . . . . . . . . . .   5
     3.1.  IPv4 VPN Over SRv6 Core . . . . . . . . . . . . . . . . .   6
     3.2.  IPv6 VPN Over SRv6 Core . . . . . . . . . . . . . . . . .   6
     3.3.  Global IPv4 over SRv6 Core  . . . . . . . . . . . . . . .   7
     3.4.  Global IPv6 over SRv6 Core  . . . . . . . . . . . . . . .   7
   4.  BGP based Ethernet VPN(EVPN) over SRv6  . . . . . . . . . . .   8
     4.1.  Ethernet Auto-discovery Route over SRv6 Core  . . . . . .   9
       4.1.1.  EVPN Route Type-1(Per ES AD)  . . . . . . . . . . . .   9
       4.1.2.  Prefix Type-1(Per EVI/ES AD)  . . . . . . . . . . . .  10
     4.2.  MAC/IP Advertisement Route(Type-2) with SRv6 Core . . . .  10
     4.3.  Inclusive Multicast Ethernet Tag Route with SRv6 Core . .  12
     4.4.  Ethernet Segment Route with SRv6 Core . . . . . . . . . .  13
     4.5.  IP prefix router(Type-5) with SRv6 Core . . . . . . . . .  14
     4.6.  Multicast routes (EVPN Route Type-6, Type-7, Type-8)  . .  14
   5.  Migration from L3 MPLS based Segment Routing to SRv6 Segment
       Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .  15
   6.  Implementation Status . . . . . . . . . . . . . . . . . . . .  15
   7.  Error Handling of BGP SRv6 SID Updates  . . . . . . . . . . .  16
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  17
   10. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . .  17
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17

Dawra, et al.           Expires December 27, 2018               [Page 2]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

     11.1.  Normative References . . . . . . . . . . . . . . . . . .  17
     11.2.  Informative References . . . . . . . . . . . . . . . . .  18
     11.3.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  19
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  19
   Appendix B.  Contributors . . . . . . . . . . . . . . . . . . . .  19
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19

1.  Introduction

   SRv6 refers to Segment Routing instantiated on the IPv6 dataplane [I-
   D.filsfils-spring-srv6-network-programming][I-D.ietf-6man-segment-rou
   ting-header].

   SRv6-based VPN (SRv6-VPN) refers to the creation of VPN between PE's
   leveraging the SRv6 dataplane and more specifically the END.DT*
   (crossconnect to a VRF) and END.DX* (crossconnect to a nexthop).
   SRv6-L3VPN refers to the creation of Layer3 VPN service between PE's
   supporting an SRv6 data plane.  SRv6-EVPN refers to the creation of
   Layer2/Layer3 VPN service between PE's supporting an SRv6 data plane.

   SRv6 SID refers to a SRv6 Segment Identifier as defined in
   [I-D.filsfils-spring-srv6-network-programming].

   SRv6-VPN SID refers to an SRv6 SID that MAY be associated with one of
   the END.DT or END.DX functions as defined in
   [I-D.filsfils-spring-srv6-network-programming].

   To provide SRv6-VPN service with best-effort connectivity, the egress
   PE signals an SRv6-VPN SID with the VPN route.  The ingress PE
   encapsulates the VPN packet in an outer IPv6 header where the
   destination address is the SRv6-VPN SID provided by the egress PE.
   The underlay between the PE's only need to support plain IPv6
   forwarding [RFC2460].

   To provide SRv6-VPN service in conjunction with an underlay SLA from
   the ingress PE to the egress PE, the egress PE colors the overlay VPN
   route with a color extended community.  The ingress PE encapsulates
   the VPN packet in an outer IPv6 header with an SRH that contains the
   SR policy associated with the related SLA followed by the SRv6-VPN
   SID associated with the route.  The underlay nodes whose SRv6 SID's
   are part of the SRH must support SRv6 data plane.

   BGP is used to advertise the reachability of prefixes in a particular
   VPN from an egress Provider Edge (egress-PE) to ingress Provider Edge
   (ingress-PE) nodes.

Dawra, et al.           Expires December 27, 2018               [Page 3]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   This document describes how existing BGP messages between PEs may
   carry SRv6 Segment IDs (SIDs) as a means to interconnect PEs and form
   VPNs.

2.  SRv6-VPN SID TLV

   The SRv6-VPN SID TLV is defined as another TLV for BGP-Prefix-SID
   Attribute [I-D.ietf-idr-bgp-prefix-sid].  The value field of the BGP
   Prefix SID attribute is defined here to be a set of elements encoded
   as "Type/Length/Value" (i.e., a set of TLVs).  Type for SRv6-VPN SID
   TLV is defined to be TBD.

   When an egress-PE is capable of SRv6 data-plane, it SHOULD signal
   SRv6-VPN SID TLV within the Prefix-SID attribute attached to MP-BGP
   VPN NLRI defined in [RFC4659][RFC5549][RFC7432][RFC4364] when egress-
   PE is capable of SRv6 data-plane.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       Type    |             Length            |   RESERVED    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  SRv6 SID information(Variable)                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   SRv6 SID information is encoded as follows:

                  +---------------------------------------+
                  |  SID Type (1 Octet)                   |
                  +---------------------------------------+
                  |  SID Flags    (1 octet)               |
                  +---------------------------------------+
                  |  SRv6 SID (16 octet)                  |
                  +---------------------------------------+

   Where:

   o  Type is TBD

   o  Length: 16bit field.  The total length of the value portion of the
      TLV.

   o  RESERVED: 8 bit field.  SHOULD be 0 on transmission and MUST be
      ignored on reception.

   Current Type of SID defined as:

Dawra, et al.           Expires December 27, 2018               [Page 4]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   o  Type-1 - corresponds to the equivalent functionality provided by a
      VPN MPLS Label attribute when received with a route containing a
      MPLS label[RFC4364].  Some functions which MAY be encoded are
      End.DX4, End.DT4, End.DX6, End.DT6 etc.

   o  Type-2 - corresponds to the equivalent functionality provided by a
      MPLS Label1 for EVPN Route-Types as defined in [RFC7432].  Some
      functions which MAY be encoded are End.DX2, End.DX2V, End.DT2U,
      End.DT2M / Arg.FE2 etc.

   o  SID Flags: 8 bit field which define the flags associated with the
      SID.  SHOULD be 0 on transmission and MUST be ignored on
      reception.

3.  BGP based L3 over SRv6

   BGP egress nodes (egress-PEs) advertise a set of reachable prefixes.
   Standard BGP update propagation schemes [RFC4271], which MAY make use
   of route reflectors [RFC4456], are used to propagate these prefixes.
   BGP ingress nodes (ingress-PE) receive these advertisements and may
   add the prefix to the RIB in an appropriate VRF.

   Egress-PEs which supports SRv6-VPN advertises an SRv6-VPN SID with
   VPN routes.  This SRv6-VPN SID only has local significance at the
   egress-PE, where it is allocated or configured on a per-CE or per-VRF
   basis.  In practice, the SID encodes a cross-connect to a specific
   Address Family table (END.DT) or next-hop/interface (END.DX) as
   defined in the SRv6 Network Programming Document
   [I-D.filsfils-spring-srv6-network-programming]

   The SRv6-VPN SID MAY be routable within the AS of the egress-PE and
   serves the dual purpose of providing reachability between ingress-PE
   and egress-PE while also encoding the VPN identifier.

   To support SRv6 based L3VPN overlay, a SID is advertised with BGP
   MPLS L3VPN route update[RFC4364].  SID is encoded in a SRv6-VPN SID
   TLV, which is optional transitive BGP Prefix SID
   attribute[I-D.ietf-idr-bgp-prefix-sid].  This attribute serves two
   purposes; first it indicates that the BGP egress device is reachable
   via an SRv6 underlay and the BGP ingress device receiving this route
   MAY choose to encapsulate or insert an SRv6 SRH, second it indicates
   the value of the SID to include in the SRH encapsulation.  For L3VPN,
   only a single SRv6-VPN SID MAY be necessary.  A BGP speaker
   supporting an SRv6 underlay MAY distribute SID per route via the BGP
   SRv6-VPN Attribute.  If the BGP speaker supports MPLS based L3VPN
   simultaneously, it MAY also populate the Label values in L3VPN route
   types and allow the BGP ingress device to decide which encapsulation
   to use.  If the BGP speaker does not support MPLS based L3VPN

Dawra, et al.           Expires December 27, 2018               [Page 5]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   services the MPLS Labels in L3VPN route types MUST be set to
   IMPLICIT-NULL.  Similarly, to support SRv6 based EVPN a SID (or
   multiple SIDs) are advertised in route-types 1, 2, 3 and 5[RFC7432]

   At an ingress-PE, BGP installs the advertised prefix in the correct
   RIB table, recursive via an SR Policy leveraging the received
   SRv6-VPN SID.

   Assuming best-effort connectivity to the egress PE, the SR policy has
   a path with a SID list made up of a single SID: the SRv6-VPN SID
   received with the related BGP route update.

   However, when VPN route is colored with an extended color community C
   and signaled with Next-Hop N and the ingress PE has a valid SRv6
   Policy (N, C) associated with SID list <S1,S2, S3>
   [I-D.filsfils-spring-segment-routing-policy] then the SR Policy is
   <S1, S2, S3, SRv6-VPN SID>.

   Multiple VPN routes MAY resolve recursively on the same SR Policy.

3.1.  IPv4 VPN Over SRv6 Core

   IPv4 VPN Over IPv6 Core is defined in [RFC5549], the MP_REACH_NLRI is
   encoded as follows for an SRv6 Core:

   o  AFI = 1

   o  SAFI = 128

   o  Length of Next Hop Network Address = 16 (or 32)

   o  Network Address of Next Hop = IPv6 address of the egress PE

   o  NLRI = IPv4-VPN routes

   o  Label = Implicit-Null

   SRv6-VPN SID is encoded as part of the SRv6-VPN SID TLV defined in
   Section 2.  The function of the SRv6 SID is entirely up to the
   originator of the advertisement.  In practice, the function may
   likely be End.DX4 or End.DT4.

3.2.  IPv6 VPN Over SRv6 Core

   IPv6 VPN over IPv6 Core is defined in [RFC4659], the MP_REACH_NLRI is
   enclosed as follows for an SRv6 Core:

   o  AFI = 2

Dawra, et al.           Expires December 27, 2018               [Page 6]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   o  SAFI = 128

   o  Length of Next Hop Network Address = 16 (or 32)

   o  Network Address of Next Hop = IPv6 address of the egress PE

   o  NLRI = IPv6-VPN routes

   o  Label = Implicit-Null

   SRv6-VPN SID are encoded as part of the SRv6-VPN SID TLV defined in
   Section 2.  The function of the IPv6 SRv6 SID is entirely up to the
   originator of the advertisement.  In practice the function may likely
   be End.DX6 or End.DT6.

3.3.  Global IPv4 over SRv6 Core

   IPv4 over IPv6 Core is defined in [RFC5549].  The MP_REACH_NLRI is
   encoded with:

   o  AFI = 1

   o  SAFI = 1

   o  Length of Next Hop Network Address = 16 (or 32)

   o  Network Address of Next Hop = IPv6 address of Next Hop

   o  NLRI = IPv4 routes

   SRv6 SID for Global IPv4 routes is encoded as part of the SRv6-VPN
   SID defined in Section 2.  The function of the SRv6 SID is entirely
   up to the originator of the advertisement.  In practice, the function
   may likely be End.DX6 or End.DT6.

3.4.  Global IPv6 over SRv6 Core

   The MP_REACH_NLRI is encoded with:

   o  AFI = 2

   o  SAFI = 1

   o  Length of Next Hop Network Address = 16 (or 32)

   o  Network Address of Next Hop = IPv6 address of Next Hop

   o  NLRI = IPv6 routes

Dawra, et al.           Expires December 27, 2018               [Page 7]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   SRv6 SID for Global IPv6 routes is encoded as part of the SRv6-VPN
   SID defined in Section 2.  The function of the SRv6 SID is entirely
   up to the originator of the advertisement.  In practice, the function
   may likely be End.DX6 or End.DT6.

   Also, by utilizing the SRv6-VPN SID TLV, as defined in Section 2, to
   encode the Global SID, BGP free core is possible by encapsulating all
   BGP traffic from edge to edge over SRv6.

4.  BGP based Ethernet VPN(EVPN) over SRv6

   Ethernet VPN(EVPN), as defined in [RFC7432] provides an extendable
   method of building an EVPN overlay.  It primarily focuses on MPLS
   based EVPNs but calls out the extensibility to IP based EVPN
   overlays.  It defines 4 route-types which carry prefixes and MPLS
   Label attributes, the Labels each have specific use for MPLS
   encapsulation of EVPN traffic.  The fifth route-type carrying MPLS
   label information (and thus encapsulation information) for EVPN is
   defined in[I-D.ietf-bess-evpn-prefix-advertisement].  The Route Types
   discussed below are:

   o  Ethernet Auto-discovery Route

   o  MAC/IP Advertisement Route

   o  Inclusive Multicast Ethernet Tag Route

   o  Ethernet Segment route

   o  IP prefix route

   o  Selective Multicast route

   o  IGMP join sync route

   o  IGMP leave sync route

   To support SRv6 based EVPN overlays a SID is advertised in route-type
   1,2,3 and 5 above.  The SID (or SIDs) per route-type are advertised
   in a new SRv6-VPN SID TLV which is optional transitive BGP Prefix SID
   attribute.  This attribute serves two purposes; first it indicates
   that the BGP egress device is reachable via an SRv6 underlay and the
   BGP ingress device receiving this route MAY choose to encapsulate or
   insert an SRv6 SRH, second it indicates the value of the SID or SIDs
   to include in the SRH encapsulation.  A BGP speaker supporting an
   SRv6 underlay MAY distribute SIDs per route via the BGP SRv6
   Attribute.  If the BGP speaker supports MPLS based EVPN
   simultaneously it MAY also populate the Label values in EVPN route

Dawra, et al.           Expires December 27, 2018               [Page 8]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   types and allow the BGP ingress device to decide which encapsulation
   to use.  If the BGP speaker does not support MPLS based EVPN services
   the MPLS Labels in EVPN route types MUST be set to IMPLICIT-NULL.

4.1.  Ethernet Auto-discovery Route over SRv6 Core

   Ethernet Auto-discovery (A-D) routes are Type-1 route type defined in
   [RFC7432]and may be used to achieve split horizon filtering, fast
   convergence and aliasing.  EVPN route type-1 is also used in EVPN-
   VPWS as well as in EVPN flexible cross-connect; mainly used to
   advertise point-to-point services id.

   Multi-homed PEs MAY advertise an Ethernet auto discovery route per
   Ethernet segment with the introduced ESI MPLS label extended
   community defined in [RFC7432].  PEs may identify other PEs connected
   to the same Ethernet segment after the EVPN type-4 ES route exchange.
   All the multi-homed and remote PEs that are part of same EVI may
   import the auto discovery route.

   EVPN Route Type-1 is encoded as follows for SRv6 Core:

                   +---------------------------------------+
                   |  RD (8 octets)                        |
                   +---------------------------------------+
                   |Ethernet Segment Identifier (10 octets)|
                   +---------------------------------------+
                   |  Ethernet Tag ID (4 octets)           |
                   +---------------------------------------+
                   |  MPLS label (3 octets)                |
                   +---------------------------------------+

   For a SRv6 only BGP speaker for an SRv6 Core:

   o  SRv6-VPN SID TLV MAY be advertised with the route.

4.1.1.  EVPN Route Type-1(Per ES AD)

   Where:

   o  BGP next-hop: IPv6 address of an egress PE

   o  Ethernet Tag ID: all FFFF's

   o  MPLS Label: always set to zero value

   o  Extended Community: Per ES AD, ESI label extended community

Dawra, et al.           Expires December 27, 2018               [Page 9]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   SRv6-VPN TLV MAY be advertised along with the route advertisement and
   the behavior of the SRv6-VPN SID is entirely up to the originator of
   the advertisement.  In practice, the behavior would likely be
   Arg.FE2.

4.1.2.  Prefix Type-1(Per EVI/ES AD)

   Where:

   o  BGP next-hop: IPv6 address of an egress PE

   o  Ethernet Tag ID: non-zero for VLAN aware bridging, EVPN VPWS and
      FXC

   o  MPLS Label: Implicit-Null

   SRv6-VPN TLV MAY be advertised along with the route advertisement and
   the behavior of the SRv6-VPN SID is entirely up to the originator of
   the advertisement.  In practice, the behavior would likely be
   END.DX2, END.DX2V or END.DT2U.

4.2.  MAC/IP Advertisement Route(Type-2) with SRv6 Core

   EVPN route type-2 is used to advertise unicast traffic MAC+IP address
   reachability through MP-BGP to all other PEs in a given EVPN
   instance.

   A MAC/IP Advertisement route type is encoded as follows for SRv6
   Core:

Dawra, et al.           Expires December 27, 2018              [Page 10]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

                   +---------------------------------------+
                   |  RD (8 octets)                        |
                   +---------------------------------------+
                   |Ethernet Segment Identifier (10 octets)|
                   +---------------------------------------+
                   |  Ethernet Tag ID (4 octets)           |
                   +---------------------------------------+
                   |  MAC Address Length (1 octet)         |
                   +---------------------------------------+
                   |  MAC Address (6 octets)               |
                   +---------------------------------------+
                   |  IP Address Length (1 octet)          |
                   +---------------------------------------+
                   |  IP Address (0, 4, or 16 octets)      |
                   +---------------------------------------+
                   |  MPLS Label1 (3 octets)               |
                   +---------------------------------------+
                   |  MPLS Label2 (0 or 3 octets)          |
                   +---------------------------------------+

   where:

   o  BGP next-hop: IPv6 address of an egress PE

   o  MPLS Label1: Implicit-null

   o  MPLS Label2: Implicit-null

   SRv6-VPN SID TLV MAY be advertised.  The behavior of the SRv6-VPN SID
   is entirely up to the originator of the advertisement.  In practice,
   the behavior of the SRv6 SID is as follows:

   o  END.DX2, END.DT2U (Layer 2 portion of the route)

   o  END.DT6/4 or END.DX6/4 (Layer 3 portion of the route)

   Described below are different types of Type-2 advertisements.

   o  MAC/IP Advertisement Route(Type-2) with MAC Only

      *  BGP next-hop: IPv6 address of egress PE

      *  MPLS Label1: Implicit-null

      *  MPLS Label2: Implicit-null

      *  SRv6-VPN SID TLV MAY encode END.DX2 or END.DT2U behavior

Dawra, et al.           Expires December 27, 2018              [Page 11]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   o  MAC/IP Advertisement Route(Type-2) with MAC+IP

      *  BGP next-hop: IPv6 address of egress PE

      *  MPLS Label1: Implicit-Null

      *  MPLS Label2: Implicit-Null

      *  SRv6-VPN SID TLV MAY encode Layer2 END.DX2 or END.DT2U behavior
         and Layer3 END.DT6/4 or END.DX6/4 behavior

4.3.  Inclusive Multicast Ethernet Tag Route with SRv6 Core

   EVPN route Type-3 is used to advertise multicast traffic reachability
   information through MP-BGP to all other PEs in a given EVPN instance.

                  +---------------------------------------+
                  |  RD (8 octets)                        |
                  +---------------------------------------+
                  |  Ethernet Tag ID (4 octets)           |
                  +---------------------------------------+
                  |  IP Address Length (1 octet)          |
                  +---------------------------------------+
                  |  Originating Router's IP Address      |
                  |          (4 or 16 octets)             |
                  +---------------------------------------+

   An Inclusive Multicast Ethernet Tag route type specific EVPN NLRI
   consists of the following [RFC7432] where:

   o  BGP next-hop: IPv6 address of egress PE

   o  SRv6-VPN TLV MAY encode END.DX2/END.DT2M function.

   o  BGP Attribute: PMSI Tunnel Attribute[RFC6514] MAY contain MPLS
      implicit-null label and Tunnel Type would be similar to defined in
      EVPN Type-6 i.e. Ingress replication route.

   The format of PMSI Tunnel Attribute attribute is encoded as follows
   for an SRv6 Core:

Dawra, et al.           Expires December 27, 2018              [Page 12]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

                  +---------------------------------------+
                  |  Flag (1 octet)                       |
                  +---------------------------------------+
                  |  Tunnel Type (1 octet)                |
                  +---------------------------------------+
                  |  MPLS label (3 octet)                 |
                  +---------------------------------------+
                  |  Tunnel Identifier (variable)         |
                  +---------------------------------------+

   o  Flag: zero value defined per [RFC7432]

   o  Tunnel Type: defined per [RFC6514]

   o  MPLS label: Implicit-Null

   o  Tunnel Identifier: IP address of egress PE

   SRv6 SID MAY be encoded as part of the SRv6-VPN SID TLV.  The
   behavior of the SRv6-VPN SID is entirely up to the originator of the
   advertisement.  In practice, the behavior of the SRv6 SID is as
   follows:

   o  END.DX2 or END.DT2M function

   o  The lower 32 bits of the SRv6-VPN SID TLV MAY be all zero's.  The
      ESI Filtering argument(Arg.FE2) carried along with EVPN Route
      Type-1 MAY be merged together by doing a bitwise logical OR to
      create a single SID on the ingress PE for Split-horizon and other
      filtering mechanisms.  Details of filtering mechanisms are
      described in[RFC7432]

4.4.  Ethernet Segment Route with SRv6 Core

   An Ethernet Segment route type specific EVPN NLRI consists of the
   following defined in [RFC7432]

                  +---------------------------------------+
                  |  RD (8 octets)                        |
                  +---------------------------------------+
                  |  Ethernet Tag ID (4 octets)           |
                  +---------------------------------------+
                  |  IP Address Length (1 octet)          |
                  +---------------------------------------+
                  |  Originating Router's IP Address      |
                  |          (4 or 16 octets)             |
                  +---------------------------------------+

Dawra, et al.           Expires December 27, 2018              [Page 13]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   where:

   o  BGP next-hop: IPv6 address of egress PE

   As oppose as previous route types, SRv6-VPN TLV is NOT advertised
   along with the route.  The processing of that route has not changed;
   it remains as described in [RFC7432].

4.5.  IP prefix router(Type-5) with SRv6 Core

   EVPN route Type-5 is used to advertise IP address reachability
   through MP-BGP to all other PEs in a given EVPN instance.  IP address
   may include host IP prefix or any specific subnet.  EVPN route Type-5
   is defined in[I-D.ietf-bess-evpn-prefix-advertisement]

   An IP Prefix advertisement is encoded as follows for an SRv6 Core:

                  +---------------------------------------+
                  |  RD (8 octets)                        |
                  +---------------------------------------+
                  |Ethernet Segment Identifier (10 octets)|
                  +---------------------------------------+
                  |  Ethernet Tag ID (4 octets)           |
                  +---------------------------------------+
                  |  IP Prefix Length (1 octet)           |
                  +---------------------------------------+
                  |  IP Prefix (4 or 16 octets)           |
                  +---------------------------------------+
                  |  GW IP Address (4 or 16 octets)       |
                  +---------------------------------------+
                  |  MPLS Label (3 octets)                |
                  +---------------------------------------+

   o  BGP next-hop: IPv6 address of egress PE

   o  MPLS Label: Implicit-Null

   SRv6-VPN SID TLV MAY be advertised.  The behavior of the SRv6-VPN SID
   is entirely up to the originator of the advertisement.  In practice,
   the behavior of the SRv6 SID is an End.DT6/4 or End.DX6/4.

4.6.  Multicast routes (EVPN Route Type-6, Type-7, Type-8)

   These routes do not require any additional SRv6-VPN TLV.  As per EVPN
   route-type 4, the BGP nexthop is equal to the IPv6 address of egress
   PE.  More details may be added in future revisions of this document.

Dawra, et al.           Expires December 27, 2018              [Page 14]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

5.  Migration from L3 MPLS based Segment Routing to SRv6 Segment Routing

   Migration from IPv4 to IPv6 is independent of SRv6 BGP endpoints, and
   the selection of which route to use (received via the IPv4 or IPv6
   session) is a local configurable decision of the ingress-PE, and is
   outside the scope of this document.

   Migration from IPv6 MPLS based underlay to an SRv6 underlay with BGP
   speakers is achieved with a few simple rules at each BGP speaker.

 At Egress-PE
   If BGP offers an SRv6-VPN service
       Then BGP allocates an SRv6-VPN SID for the VPN service
       and adds the BGP SRv6-VPN SID TLV while advertising VPN prefixes.
   If BGP offers an MPLS VPN service
       Then BGP allocates an MPLS Label for the VPN service and
       use it in NLRI as normal for MPLS L3 VPNs.
   else MPLS label for VPN service is set to IMPLICIT-NULL.

 At Ingress-PE
   *Selection of which encapsulation below (SRv6-VPN or MPLS-VPN) is
    defined by local BGP policy
   If BGP supports SRv6-VPN service, and
   receives a BGP SRv6-VPN SID Attribute with an SRv6 SID
       Then BGP programs the destination prefix in RIB recursive via
       the related SR Policy.
   If BGP supports MPLS VPN service, and
   the MPLS Label is not Implicit-Null
       Then the MPLS label is used as a VPN label and inserted with the
       prefix into RIB via the BGP Nexthop.

6.  Implementation Status

   The SRv6-VPN is available for SRv6 on various Cisco hardware and
   other software platforms.  An end-to-end integration of SRv6 L3VPN,
   SRv6 Traffic-Engineering and Service Chaining.  All of that with
   data-plane interoperability across different implementations [1]:

   o  Three Cisco Hardware-forwarding platforms: ASR 1K, ASR 9k and NCS
      5500

   o  Huawei network operating system

   o  Two Cisco network operating systems: IOS XE and IOS XR

   o  Barefoot Networks Tofino on OCP Wedge-100BF

Dawra, et al.           Expires December 27, 2018              [Page 15]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   o  Linux Kernel officially upstreamed in 4.10

   o  Fd.io

7.  Error Handling of BGP SRv6 SID Updates

   The SRv6-VPN SID TLV is considered malformed, if the length of the
   field SRv6 SID Information is not a multiple of 18.

   If the SRv6-VPN SID TLV within the received Prefix-SID attribute is
   malformed, consider the entire Prefix-SID attribute as malformed,
   discard it and not propagate it further to other peers i.e. use the
   -attribute discard- action specified in [RFC7606] an error MAY be
   logged for further analysis.

   The SRv6-VPN SID TLV is not considered to be malformed in the
   following cases.  The rest of the Prefix-SID attribute MUST be
   processed normally.  An error MAY be logged for further analysis.

   o  The length of the TLV is 0 or 1: Ignore the TLV but store and
      propagate it further to other peers.

   o  The SID Type is unrecognized: all unrecognized SID Types must be
      stored locally and propagated further to other peers.  It is a
      matter of local implementation whether to use locally any
      recognized SID Types that may be present in the TLV along with the
      unrecognized Types.

   In addition, the following rules apply for processing NLRIs received
   with Prefix-SID attribute containing SRv6-VPN SID TLV:

   o  If the TLV is advertised by a CE peer, the receiving PE may
      discard it before advertising the route to its PE peers.

   o  If the received NLRI has neither a valid SRv6-VPN SID nor a valid
      MPLS label as specified in [RFC4659][RFC5549][RFC7432][RFC4364] ,
      the NLRI MUST be considered unreachable i.e. apply the -treat as
      withdraw- action specified in [RFC7606].

8.  IANA Considerations

   This document defines a new TLV, SRv6-VPN SID, within Prefix-SID
   attribute.  A new Type, is requested in the BGP Prefix-SID TLV Types
   registry and is assigned to SRv6-VPN SID TLV defined in this
   document.

Dawra, et al.           Expires December 27, 2018              [Page 16]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

9.  Security Considerations

   This document introduces no new security considerations beyond those
   already specified in [RFC4271] and [RFC8277].

10.  Conclusions

   This document proposes extensions to the BGP to allow advertising
   certain attributes and functionalities related to SRv6.

11.  References

11.1.  Normative References

   [I-D.filsfils-spring-segment-routing-policy]
              Filsfils, C., Sivabalan, S., Hegde, S.,
              daniel.voyer@bell.ca, d., Lin, S., bogdanov@google.com,
              b., Krol, P., Horneffer, M., Steinberg, D., Decraene, B.,
              Litkowski, S., Mattes, P., Ali, Z., Talaulikar, K., Liste,
              J., Clad, F., and K. Raza, "Segment Routing Policy
              Architecture", draft-filsfils-spring-segment-routing-
              policy-06 (work in progress), May 2018.

   [I-D.filsfils-spring-srv6-network-programming]
              Filsfils, C., Li, Z., Leddy, J., daniel.voyer@bell.ca, d.,
              daniel.bernier@bell.ca, d., Steinberg, D., Raszuk, R.,
              Matsushima, S., Lebrun, D., Decraene, B., Peirens, B.,
              Salsano, S., Naik, G., Elmalky, H., Jonnalagadda, P., and
              M. Sharif, "SRv6 Network Programming", draft-filsfils-
              spring-srv6-network-programming-04 (work in progress),
              March 2018.

   [I-D.ietf-6man-segment-routing-header]
              Previdi, S., Filsfils, C., Leddy, J., Matsushima, S., and
              d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header
              (SRH)", draft-ietf-6man-segment-routing-header-13 (work in
              progress), May 2018.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <https://www.rfc-editor.org/info/rfc2460>.

   [RFC4456]  Bates, T., Chen, E., and R. Chandra, "BGP Route
              Reflection: An Alternative to Full Mesh Internal BGP
              (IBGP)", RFC 4456, DOI 10.17487/RFC4456, April 2006,
              <https://www.rfc-editor.org/info/rfc4456>.

Dawra, et al.           Expires December 27, 2018              [Page 17]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   [RFC6514]  Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP
              Encodings and Procedures for Multicast in MPLS/BGP IP
              VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012,
              <https://www.rfc-editor.org/info/rfc6514>.

   [RFC7432]  Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
              Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
              Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
              2015, <https://www.rfc-editor.org/info/rfc7432>.

   [RFC7606]  Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
              Patel, "Revised Error Handling for BGP UPDATE Messages",
              RFC 7606, DOI 10.17487/RFC7606, August 2015,
              <https://www.rfc-editor.org/info/rfc7606>.

   [RFC8277]  Rosen, E., "Using BGP to Bind MPLS Labels to Address
              Prefixes", RFC 8277, DOI 10.17487/RFC8277, October 2017,
              <https://www.rfc-editor.org/info/rfc8277>.

11.2.  Informative References

   [I-D.ietf-bess-evpn-prefix-advertisement]
              Rabadan, J., Henderickx, W., Drake, J., Lin, W., and A.
              Sajassi, "IP Prefix Advertisement in EVPN", draft-ietf-
              bess-evpn-prefix-advertisement-11 (work in progress), May
              2018.

   [I-D.ietf-idr-bgp-prefix-sid]
              Previdi, S., Filsfils, C., Lindem, A., Sreekantiah, A.,
              and H. Gredler, "Segment Routing Prefix SID extensions for
              BGP", draft-ietf-idr-bgp-prefix-sid-26 (work in progress),
              June 2018.

   [I-D.ietf-isis-segment-routing-extensions]
              Previdi, S., Ginsberg, L., Filsfils, C., Bashandy, A.,
              Gredler, H., Litkowski, S., Decraene, B., and J. Tantsura,
              "IS-IS Extensions for Segment Routing", draft-ietf-isis-
              segment-routing-extensions-18 (work in progress), June
              2018.

   [I-D.ietf-spring-segment-routing]
              Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B.,
              Litkowski, S., and R. Shakir, "Segment Routing
              Architecture", draft-ietf-spring-segment-routing-15 (work
              in progress), January 2018.

Dawra, et al.           Expires December 27, 2018              [Page 18]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC4271]  Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
              Border Gateway Protocol 4 (BGP-4)", RFC 4271,
              DOI 10.17487/RFC4271, January 2006,
              <https://www.rfc-editor.org/info/rfc4271>.

   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
              2006, <https://www.rfc-editor.org/info/rfc4364>.

   [RFC4659]  De Clercq, J., Ooms, D., Carugi, M., and F. Le Faucheur,
              "BGP-MPLS IP Virtual Private Network (VPN) Extension for
              IPv6 VPN", RFC 4659, DOI 10.17487/RFC4659, September 2006,
              <https://www.rfc-editor.org/info/rfc4659>.

   [RFC5549]  Le Faucheur, F. and E. Rosen, "Advertising IPv4 Network
              Layer Reachability Information with an IPv6 Next Hop",
              RFC 5549, DOI 10.17487/RFC5549, May 2009,
              <https://www.rfc-editor.org/info/rfc5549>.

11.3.  URIs

   [1] http://www.segment-routing.net

Appendix A.  Acknowledgements

   The authors would like to thank Shyam Sethuram for comments and
   discussion of TLV processing and validation.

Appendix B.  Contributors

   Bart Peirens
   Proximus
   Belgium

   Email: bart.peirens@proximus.com

Authors' Addresses

Dawra, et al.           Expires December 27, 2018              [Page 19]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   Gaurav Dawra (editor)
   LinkedIn
   USA

   Email: gdawra.ietf@gmail.com

   Clarence Filsfils
   Cisco Systems
   Belgium

   Email: cfilsfil@cisco.com

   Darren Dukes
   Cisco Systems
   Canada

   Email: ddukes@cisco.com

   Patrice Brissette
   Cisco Systems
   Canada

   Email: pbrisset@cisco.com

   Pablo Camarilo
   Cisco Systems
   Spain

   Email: pcamaril@cisco.com

   Jonn Leddy
   Comcast
   USA

   Email: john_leddy@cable.comcast.com

   Daniel Voyer
   Bell Canada
   Canada

   Email: daniel.voyer@bell.ca

Dawra, et al.           Expires December 27, 2018              [Page 20]
Internet-Draft    BGP Signaling of IPv6-SR VPN Networks        June 2018

   Daniel Bernier
   Bell Canada
   Canada

   Email: daniel.bernier@bell.ca

   Dirk Steinberg
   Steinberg Consulting
   Germany

   Email: dws@steinberg.net

   Robert Raszuk
   Bloomberg LP
   USA

   Email: robert@raszuk.net

   Bruno Decraene
   Orange
   France

   Email: bruno.decraene@orange.com

   Satoru Matsushima
   SoftBank
   1-9-1,Higashi-Shimbashi,Minato-Ku
   Japan 105-7322

   Email: satoru.matsushima@g.softbank.co.jp

   Shunwan Zhuang
   Huawei Technologies
   China

   Email: zhuangshunwan@huawei.com

Dawra, et al.           Expires December 27, 2018              [Page 21]