draft-ietf-mpls-sfc-encapsulation-03.txt   draft-ietf-mpls-sfc-encapsulation-04.txt 
MPLS Working Group A. Malis MPLS Working Group A. Malis
Internet-Draft S. Bryant Internet-Draft S. Bryant
Intended status: Informational Huawei Technologies Intended status: Informational Huawei Technologies
Expires: September 1, 2019 J. Halpern Expires: September 22, 2019 J. Halpern
Ericsson Ericsson
W. Henderickx W. Henderickx
Nokia Nokia
February 28, 2019 March 21, 2019
MPLS Transport Encapsulation For The SFC NSH MPLS Transport Encapsulation For The SFC NSH
draft-ietf-mpls-sfc-encapsulation-03 draft-ietf-mpls-sfc-encapsulation-04
Abstract Abstract
This document describes how to use a Service Function Forwarder (SFF) This document describes how to use a Service Function Forwarder (SFF)
Label (similar to a pseudowire label or VPN label) to indicate the Label (similar to a pseudowire label or VPN label) to indicate the
presence of a Service Function Chaining (SFC) Network Service Header presence of a Service Function Chaining (SFC) Network Service Header
(NSH) between an MPLS label stack and the packet original packet/ (NSH) between an MPLS label stack and the packet original packet/
frame. This allows SFC packets using the NSH to be forwarded between frame. This allows SFC packets using the NSH to be forwarded between
SFFs over an MPLS network, and to select one of multiple SFFs in the SFFs over an MPLS network, and to select one of multiple SFFs in the
destination MPLS node. destination MPLS node.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 1, 2019. This Internet-Draft will expire on September 22, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 23 skipping to change at page 2, line 23
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. MPLS Encapsulation Using an SFF Label . . . . . . . . . . . . 3 2. MPLS Encapsulation Using an SFF Label . . . . . . . . . . . . 3
2.1. MPLS Label Stack Construction at the Sending Node . . . . 4 2.1. MPLS Label Stack Construction at the Sending Node . . . . 4
2.2. SFF Label Processing at the Destination Node . . . . . . 5 2.2. SFF Label Processing at the Destination Node . . . . . . 5
3. Equal Cost Multipath (ECMP) Considerations . . . . . . . . . 5 3. Equal Cost Multipath (ECMP) Considerations . . . . . . . . . 5
4. Operations, Administration, and Maintenance (OAM) 4. Operations, Administration, and Maintenance (OAM)
Considerations . . . . . . . . . . . . . . . . . . . . . . . 6 Considerations . . . . . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
As discussed in [RFC8300], a number of transport encapsulations for As discussed in [RFC8300], a number of transport encapsulations for
the Service Function Chaining (SFC) Network Service Header (NSH) the Service Function Chaining (SFC) Network Service Header (NSH)
already exist, such as Ethernet, UDP, GRE, and others. already exist, such as Ethernet, UDP, GRE, and others.
This document describes an MPLS transport encapsulation for the NSH This document describes an MPLS transport encapsulation for the NSH
and how to use a Service Function Forwarder (SFF) [RFC7665] Label to and how to use a Service Function Forwarder (SFF) [RFC7665] Label to
skipping to change at page 4, line 35 skipping to change at page 4, line 35
2.1. MPLS Label Stack Construction at the Sending Node 2.1. MPLS Label Stack Construction at the Sending Node
When one SFF wishes to send an SFC packet with a NSH to another SFF When one SFF wishes to send an SFC packet with a NSH to another SFF
over an MPLS transport network, a label stack needs to be constructed over an MPLS transport network, a label stack needs to be constructed
by the MPLS node that contains the sending SFF in order to transport by the MPLS node that contains the sending SFF in order to transport
the packet to the destination MPLS node that contains the receiving the packet to the destination MPLS node that contains the receiving
SFF. The label stack is constructed as follows: SFF. The label stack is constructed as follows:
1. Push zero or more labels that are interpreted by the destination 1. Push zero or more labels that are interpreted by the destination
MPLS node on to the packet, such as the Generic Associated MPLS node on to the packet, such as the Generic Associated
Channel [RFC5586] label (see Section 4). The TTL For these Channel [RFC5586] label (see Section 4). The TTL for these
labels is set according to the relevant standards that define labels is set according to the relevant standards that define
these labels. these labels.
2. Push the SFF Label to identify the desired SFF in the receiving 2. Push the SFF Label to identify the desired SFF in the receiving
MPLS node. The TTL For this MPLS label MUST be set to one to MPLS node. The TTL for this MPLS label MUST be set to one to
avoid mis-forwarding. avoid mis-forwarding.
3. Push zero or more additional labels such that (a) the resulting 3. Push zero or more additional labels such that (a) the resulting
label stack will cause the packet to be transported to the label stack will cause the packet to be transported to the
destination MPLS node, and (b) when the packet arrives at the destination MPLS node, and (b) when the packet arrives at the
destination node, either: destination node, either:
* the SFF Label will be at the top of the label stack (this is * the SFF Label will be at the top of the label stack (this is
typically the case when penultimate hop popping is used at the typically the case when penultimate hop popping is used at the
penultimate node, or the source and destination nodes are penultimate node, or the source and destination nodes are
skipping to change at page 5, line 46 skipping to change at page 5, line 46
equal to 0x4 or 0x6, these routers (sometimes incorrectly, as equal to 0x4 or 0x6, these routers (sometimes incorrectly, as
discussed in [RFC4928]) assume that the payload is IPv4 or IPv6 discussed in [RFC4928]) assume that the payload is IPv4 or IPv6
respectively, and as a result, perform ECMP load balancing based on respectively, and as a result, perform ECMP load balancing based on
(presumed) information present in IP/TCP/UDP payload headers or in a (presumed) information present in IP/TCP/UDP payload headers or in a
combination of MPLS label stack and (presumed) IP/TCP/UDP payload combination of MPLS label stack and (presumed) IP/TCP/UDP payload
headers in the packet. headers in the packet.
For SFC, ECMP may or may not be desirable. To prevent ECMP when it For SFC, ECMP may or may not be desirable. To prevent ECMP when it
is not desired, the NSH Base Header was carefully constructed so that is not desired, the NSH Base Header was carefully constructed so that
the NSH could not look like IPv4 or IPv6 based on its first nibble. the NSH could not look like IPv4 or IPv6 based on its first nibble.
See Section 2.2 of [RFC8300] for further details. See Section 2.2 of [RFC8300] for further details. Accordingly, the
default behavior for MPLS-encapsulated SFC is to not use ECMP.
If ECMP is desired when SFC is used with an MPLS transport network, If ECMP is desired when SFC is used with an MPLS transport network,
there are two possible options, Entropy [RFC6790] and Flow-Aware there are two possible options, Entropy [RFC6790] and Flow-Aware
Transport [RFC6391] labels. A recommendation between these options, Transport [RFC6391] labels. A recommendation between these options,
and their proper placement in the label stack, is for future study. and their proper placement in the label stack, is for future study.
4. Operations, Administration, and Maintenance (OAM) Considerations 4. Operations, Administration, and Maintenance (OAM) Considerations
OAM at the SFC Layer is handled by SFC-defined mechanisms [RFC8300]. OAM at the SFC Layer is handled by SFC-defined mechanisms [RFC8300].
However, OAM may be required at the MPLS transport layer. If so, However, OAM may be required at the MPLS transport layer. If so,
skipping to change at page 6, line 28 skipping to change at page 6, line 28
6. Security Considerations 6. Security Considerations
This document describes a method for transporting SFC packets using This document describes a method for transporting SFC packets using
the NSH over an MPLS transport network. It follows well-established the NSH over an MPLS transport network. It follows well-established
MPLS procedures in widespread operational use and does not define any MPLS procedures in widespread operational use and does not define any
new protocol elements or allocate any new code points, and is no more new protocol elements or allocate any new code points, and is no more
or less secure than carrying any other protocol over MPLS. To the or less secure than carrying any other protocol over MPLS. To the
MPLS network, the NSH and its contents is simply an opaque payload. MPLS network, the NSH and its contents is simply an opaque payload.
Discussion of the security properties of SFC networks can be found in In addition, the security considerations in [I-D.ietf-mpls-sfc] also
[RFC7665]. Further security discussion regarding the NSH is apply to this document.
contained in [RFC8300].
[RFC8300] references a number of transport encapsulations of the NSH,
including Ethernet, GRE, UDP, and others. This document simply
defines one additional transport encapsulation. The NSH was
specially constructed to be agnostic to its transport encapsulation.
As as result, in general this additional encapsulation is no more or
less secure than carrying the NSH in any other encapsulation.
However, it can be argued that carrying the NSH over MPLS is more
secure than using other encapsulations, as it is extremely difficult,
due to the MPLS architecture, for an attempted attacker to inject
unexpected MPLS packets into a network, as MPLS networks do not by
design accept MPLS packets from external interfaces, and an attacker
would need knowledge of the specific labels allocated by control and/
or management plane protocols. Thus, an attacker attempting to spoof
MPLS-encapsulated NSH packets would require insider knowledge of the
network's control and management planes and a way to inject packets
into internal interfaces. This is compared to, for example, NSH over
UDP over IP, which could be injected into any external interface in a
network that was not properly configured to filter out such packets
at the ingress.
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Jim Guichard, Eric Rosen, Med The authors would like to thank Jim Guichard, Eric Rosen, Med
Boucadair, Sasha Vainshtein, Jeff Tantsura, Anoop Ghanwani, John Boucadair, Sasha Vainshtein, Jeff Tantsura, Anoop Ghanwani, John
Drake, Loa Andersson, Carlos Pignataro, and Christian Hopps for their Drake, Loa Andersson, Carlos Pignataro, Christian Hopps, and Benjamin
reviews and comments. Kaduk for their reviews and comments.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-mpls-sfc]
Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based
Forwarding Plane for Service Function Chaining", draft-
ietf-mpls-sfc-07 (work in progress), March 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, Label Switching Architecture", RFC 3031,
DOI 10.17487/RFC3031, January 2001, DOI 10.17487/RFC3031, January 2001,
<https://www.rfc-editor.org/info/rfc3031>. <https://www.rfc-editor.org/info/rfc3031>.
skipping to change at page 8, line 10 skipping to change at page 7, line 39
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300, "Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018, DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/info/rfc8300>. <https://www.rfc-editor.org/info/rfc8300>.
8.2. Informative References 8.2. Informative References
[I-D.ietf-bess-nsh-bgp-control-plane] [I-D.ietf-bess-nsh-bgp-control-plane]
Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L. Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L.
Jalil, "BGP Control Plane for NSH SFC", draft-ietf-bess- Jalil, "BGP Control Plane for NSH SFC", draft-ietf-bess-
nsh-bgp-control-plane-07 (work in progress), February nsh-bgp-control-plane-09 (work in progress), March 2019.
2019.
[I-D.ietf-mpls-sfc]
Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based
Forwarding Plane for Service Function Chaining", draft-
ietf-mpls-sfc-05 (work in progress), February 2019.
[RFC4928] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal [RFC4928] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal
Cost Multipath Treatment in MPLS Networks", BCP 128, Cost Multipath Treatment in MPLS Networks", BCP 128,
RFC 4928, DOI 10.17487/RFC4928, June 2007, RFC 4928, DOI 10.17487/RFC4928, June 2007,
<https://www.rfc-editor.org/info/rfc4928>. <https://www.rfc-editor.org/info/rfc4928>.
[RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed.,
"MPLS Generic Associated Channel", RFC 5586, "MPLS Generic Associated Channel", RFC 5586,
DOI 10.17487/RFC5586, June 2009, DOI 10.17487/RFC5586, June 2009,
<https://www.rfc-editor.org/info/rfc5586>. <https://www.rfc-editor.org/info/rfc5586>.
 End of changes. 12 change blocks. 
44 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/