< draft-bonica-6man-seg-end-opt-03.txt   draft-bonica-6man-seg-end-opt-04.txt >
6man R. Bonica 6man R. Bonica
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Standards Track J. Halpern Intended status: Standards Track J. Halpern
Expires: September 24, 2019 Ericsson Expires: January 8, 2020 Ericsson
Y. Kamite
NTT Communications Corporation
T. Niwa
KDDI
N. So N. So
F. Xu F. Xu
Reliance Jio Reliance Jio
G. Chen G. Chen
Baidu Baidu
Y. Zhu Y. Zhu
G. Yang G. Yang
China Telecom China Telecom
Y. Zhou Y. Zhou
ByteDance ByteDance
March 23, 2019 July 7, 2019
The IPv6 Segment Endpoint Option The Per-Segment Service Instruction (PSSI) Option
draft-bonica-6man-seg-end-opt-03 draft-bonica-6man-seg-end-opt-04
Abstract Abstract
This document defines the IPv6 Segment Endpoint Option. Source nodes SRv6+ encodes Per-Segment Service Instructions (PSSI) in a new IPv6
can use this option to convey internet-layer information to selected option, called the PSSI Option. This document describes the PSSI
segment endpoints along a packet's delivery path. Option.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 24, 2019. This Internet-Draft will expire on January 8, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. PSSI Identifiers . . . . . . . . . . . . . . . . . . . . . . 3
4. Option Format . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Option Format . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Option Processing . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. Mutability . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. Normative References . . . . . . . . . . . . . . . . . . . . 4
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
IPv6 [RFC8200] options convey optional internet-layer information to An SRv6+ [I-D.bonica-spring-srv6-plus] path provides unidirectional
selected nodes along a packets delivery path. IPv6 options can be connectivity from its ingress node to its egress node. While an
encoded as follows: SRv6+ path can follow the least cost path from ingress to egress, it
can also follow any other path.
o In a Hop-by-hop Options header.
o In a Destination Options header that precedes a Routing header. An SRv6+ path contains one or more segments. A segment provides
unidirectional connectivity from its ingress node to its egress node.
o In a Destination Options header that precedes an upper-layer SRv6+ paths are programmable. They support several instruction
header. types, including Per-Segment Service Instructions (PSSI). The
following are examples of PSSIs:
If an option is encoded in a Hop-by-hop Options header, it conveys o Expose a packet to a firewall policy.
information to every node along the packet's delivery path, including
the destination node. (See NOTE 1). If an option is encoded in a
Destination Options header that precedes a Routing header, it conveys
information to every segment endpoint along the packet's delivery
path, including the destination node. If an option is encoded in a
Destination Options header that precedes an upper-layer header, it
conveys information to the destination node only. (See Section 4.3.4
of [RFC8200] )
This document defines the IPv6 Segment Endpoint option. The IPv6
Segment Endpoint option provides a mechanism through which a source
node can convey optional internet-layer information to selected
segment endpoints. For example, assume that a packet's delivery path
contains three segments. The source node can use the Segment
Endpoint option to convey one piece of information to the first
segment endpoint, another piece of information to the second segment
endpoint, and no information to the third segment endpoint.
NOTE 1: As per IPv6 [RFC8200], it is now expected that nodes along a o Expose a packet to a sampling policy.
packet's delivery path only examine and process the Hop-by-Hop
Options header if explicitly configured to do so.
2. Terminology PSSIs are executed at segment egress nodes and can be used to
implement limited service chains. However, they do not provide an
alternative to the Network Service Header (NSH) [RFC8300].
o Segment Endpoint - A packet that contains a Routing header SRv6+ encodes PSSIs in a new IPv6 option, called the PSSI Option.
traverses multiple segments. Each segment has an endpoint. The This document describes the PSSI Option.
first destination that appears in the IPv6 Destination Address
identifies the first segment endpoint. Subsequent destinations
listed in the Routing header identify subsequent segment
endpoints. A packet that does not contain a Routing Header
traverses exactly one segment had has exactly one segment endpoint
(i.e., the packet's ultimate destination).
3. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
4. Option Format 3. PSSI Identifiers
The Segment Endpoint option MAY appear in a Destination Options
header, regardless of whether that Destination Options header
precedes a Routing header or an upper-layer header. The Segment
Endpoint option MUST NOT appear in a Hop-by-hop Options header.
Figure 1 depicts the Segment Endpoint option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 1: Segment Endpoint Option
o Option Type - Segment Endpoint option. Value TBD by IANA. See
NOTE 1 and NOTE 2, below.
o Opt Data Len - 8-bit unsigned integer. Length of the Option Data
field, in octets.
o Option Data - See Figure 2.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Segments Left | Containers | Container List
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 2: Option Data
Option Data contains the following fields:
o Segments Left - 8-bit unsigned integer. Number of route segments
remaining. If the packet also contains a Routing header, this
value MUST be identical to the value of the Segments Left field in
the Routing heder. See Section 5.
o Containers - 8-bit unsigned integer. The number of containers in
the Container List.
o Container List - A list of Containers (Figure 3).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Segment ID | IPv6 Options
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 3: A Container
Each element of Container List contains the following fields:
o Segment ID - 8-bit unsigned integer. Identifies the segment that
should process the IPv6 Option contained by this container. See
Section 5.
o IPv6 Options - Any IPv6 Options [IPv6-OPT] except for the Segment
Endpoint Option.
Within a Container list, Containers MUST be sorted in descending
order by Segment ID. A Segment ID MUST NOT appear more than once in
the Container list.
NOTE 1: The highest-order two bits of the Option Type (i.e., the
"act" bits) are 10. These bits specify the action taken by a
destination node that does not recognize Segment Endpoint option.
The required action is to discard the packet and send an ICMPv6
[RFC4443] Parameter Problem, Code 2, message to the packet's Source
Address, pointing to the Segment Endpoint option Type.
NOTE 2: The third highest-order bit of the Option Type (i.e., the
"chg" bit) is 1. This indicates that Option Data can be modified
along the path between the packet's source and its destination.
5. Option Processing
If the option appears in a Hop-by-hop Options header, the processing
node discards the packet and sends an ICMPv6 [RFC4443] Parameter
Problem, Code 2, message to the packet's Source Address, pointing to
the Segment Endpoint option Type.
If the option appears in a Destination Options header, the processing
node locates the following fields in Option Data:
o Segments Left.
o Containers.
o Container List. PSSI Identifiers identify PSSIs. They have domain-wide significance.
When a controller creates a limited service chain, also allocates a
PSSI Identifier. It then distributes the following information to
each node that contributes to the limited service chain:
It then processes each member of the Container List as follows: o The PSSI Identifier.
o Locate the Segment ID and IPv6 Option field in the container. o The PSSI that the node should execute when it receives a packet
that has the PSSI Identifier encoded within it.
o If Segments Left less than the Segment ID, skip over the 4. Option Format
container.
o If Segments Left equals the Segment ID, and the IPv6 Option is a The PSSI Option contains the following fields:
Segment Endpoint option, skip over the container.
o If Segments Left equals the Segment ID, and the IPv6 Option is not o Option Type: 8-bit selector. PSSI option. Value TBD by IANA.
a Segment Endpoint option, process the IPv6 Option as per (Suggested value: 0x10). See Note below.
[RFC8200].
o If Segments Left is greater than Segment ID, skip over all o Opt Data Len - 8-bit unsigned integer. Length of the option, in
remaining members of the Container List. octets, excluding the Option Type and Option Length fields. This
field MUST be set to 4.
Finally, decrement the Segment ID field and process the next option o PSSI identifier - (32-bit selector). Identifies a PSSI.
or header.
6. Mutability The PSSI option MAY appear in any Destination Options header,
regardless of whether that Destination Options header precedes a
Routing header or an upper-layer header. The PSSI option MUST NOT
appear in a Hop-by-hop Options header.
The Segments Left field of the Segment Endpoint option is mutable. NOTE : The highest-order two bits of the Option Type (i.e., the "act"
Intermediate nodes MAY change the value of this field. bits) are 00. These bits specify the action taken by a destination
node that does not recognize the option. The required action is to
skip over this option and continue processing the header.
All other fields in the Segment Endpoint option are immutable. The third highest-order bit of the Option Type (i.e., the "chg" bit)
Intermediate nodes MUST NOT change the values of these fields. is 0. This indicates that Option Data cannot be modified along the
path between the packet's source and its destination.
7. Security Considerations 5. Security Considerations
The Segment Endpoint Option shares many security concerns with IPv6 The PSSI option shares many security concerns with IPv6 routing
routing headers. In particular, any boundary filtering protecting a headers. In particular, any boundary filtering protecting a domain
domain from external routing headers should also protect against from external routing headers should also protect against external
external Segment Endpoint Options being processed inside a domain. PSSI options being processed inside a domain. This occurs naturally
This occurs naturally if encapsulation is used to add routing headers if encapsulation is used to add routing headers to a packet. If
to a packet. If external routing headers are allowed, then external routing headers are allowed, then protections must also
protections must also include ensuring that any provided Segment include ensuring that any provided PSSI option is properly protected,
Endpoint option before the routing header is properly protect, e.g. e.g. with an IPSEC AH header or other suitable means.
with an IPSEC AH header or other suitable means.
As with Routing headers, the security assumption within a domain is As with Routing headers, the security assumption within a domain is
that the domain is trusted to provide, and to avoid improperly that the domain is trusted to provide, and to avoid improperly
modifying, the Segment Endpoint Option. modifying, the PSSI Option.
8. IANA Considerations 6. IANA Considerations
IANA is requested to allocate a codepoint from the Destination IANA is requested to allocate a cod epoint from the Destination
Options and Hop-by-hop Options registry Options and Hop-by-hop Options registry
(https://www.iana.org/assignments/ipv6-parameters/ (https://www.iana.org/assignments/ipv6-parameters/
ipv6-parameters.xhtml#ipv6-parameters-2). This option is called ipv6-parameters.xhtml#ipv6-parameters-2). This option is called
"Segment Endpoint". The "act" bits are 10 and the "chg" bit is 1. "PSSI". The "act" bits are 00 and the "chg" bit is 0. (Suggested
value: 0x10).
9. Acknowledgements 7. Acknowledgements
Thanks to Fred Baker and Shizhang Bi for their careful review of this Thanks to Fred Baker and Shizhang Bi for their careful review of this
document. document.
10. References 8. Normative References
10.1. Normative References [I-D.bonica-spring-srv6-plus]
Bonica, R., Hegde, S., Kamite, Y., Alston, A., Henriques,
D., Halpern, J., and J. Linkova, "IPv6 Support for Segment
Routing: SRv6+", draft-bonica-spring-srv6-plus-01 (work in
progress), July 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89, Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006, RFC 4443, DOI 10.17487/RFC4443, March 2006,
skipping to change at page 7, line 42 skipping to change at page 5, line 20
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
10.2. Informative References [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300,
[IPv6-OPT] DOI 10.17487/RFC8300, January 2018,
IANA, ""Destination Options and Hop-by-Hop Options"", <https://www.rfc-editor.org/info/rfc8300>.
August 1987, <https://www.iana.org/assignments/ipv6-
parameters/ipv6-parameters.xhtml#ipv6-parameters-2>.
Authors' Addresses Authors' Addresses
Ron Bonica Ron Bonica
Juniper Networks Juniper Networks
2251 Corporate Park Drive 2251 Corporate Park Drive
Herndon, Virginia 20171 Herndon, Virginia 20171
USA USA
Email: rbonica@juniper.net Email: rbonica@juniper.net
Joel Halpern Joel Halpern
Ericsson Ericsson
P. O. Box 6049 P. O. Box 6049
Leesburg, Virginia 20178 Leesburg, Virginia 20178
USA USA
Email: joel.halpern@ericsson.com Email: joel.halpern@ericsson.com
Yuji Kamite
NTT Communications Corporation
3-4-1 Shibaura, Minato-ku
Tokyo 108-8118
Japan
Email: : y.kamite@ntt.com
Tomonobu Niwa
KDDI
3-22-7, Yoyogi, Shibuya-ku
Tokyo 151-0053
JP
Email: to-niwa@kddi.com
Ning So Ning So
Reliance Jio Reliance Jio
3010 Gaylord PKWY, Suite 150 3010 Gaylord PKWY, Suite 150
Frisco, Texas 75034 Frisco, Texas 75034
USA USA
Email: Ning.So@ril.com Email: Ning.So@ril.com
Fengman Xu Fengman Xu
Reliance Jio Reliance Jio
 End of changes. 38 change blocks. 
189 lines changed or deleted 103 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/