draft-ietf-mpls-sr-over-ip-00.txt   draft-ietf-mpls-sr-over-ip-01.txt 
Network Working Group X. Xu Network Working Group X. Xu
Internet-Draft Alibaba Internet-Draft Alibaba Inc.
Intended status: Standards Track S. Bryant Intended status: Standards Track S. Bryant
Expires: February 2, 2019 Huawei Expires: April 21, 2019 Huawei
A. Farrel A. Farrel
Juniper Old Dog Consulting
S. Hassan S. Hassan
Cisco Cisco
W. Henderickx W. Henderickx
Nokia Nokia
Z. Li Z. Li
Huawei Huawei
August 01, 2018 October 18, 2018
SR-MPLS over IP SR-MPLS over IP
draft-ietf-mpls-sr-over-ip-00 draft-ietf-mpls-sr-over-ip-01
Abstract Abstract
MPLS Segment Routing (SR-MPLS in short) is an MPLS data plane-based MPLS Segment Routing (SR-MPLS) is an MPLS data plane-based source
source routing paradigm in which the sender of a packet is allowed to routing paradigm in which the sender of a packet is allowed to
partially or completely specify the route the packet takes through partially or completely specify the route the packet takes through
the network by imposing stacked MPLS labels on the packet. SR-MPLS the network by imposing stacked MPLS labels on the packet. SR-MPLS
could be leveraged to realize a source routing mechanism across MPLS, could be leveraged to realize a source routing mechanism across MPLS,
IPv4, and IPv6 data planes by using an MPLS label stack as a source IPv4, and IPv6 data planes by using an MPLS label stack as a source
routing instruction set while preserving backward compatibility with routing instruction set while preserving backward compatibility with
SR-MPLS. SR-MPLS.
This document describes how SR-MPLS capable routers and IP-only This document describes how SR-MPLS capable routers and IP-only
routers can seamlessly co-exist and interoperate through the use of routers can seamlessly co-exist and interoperate through the use of
SR-MPLS label stacks and IP encapsulation/tunneling such as MPLS-in- SR-MPLS label stacks and IP encapsulation/tunneling such as MPLS-in-
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 2, 2019. This Internet-Draft will expire on April 21, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Procedures of SR-MPLS over IP . . . . . . . . . . . . . . . . 5 3. Procedures of SR-MPLS over IP . . . . . . . . . . . . . . . . 5
4.1. Forwarding Entry Construction . . . . . . . . . . . . . . 5 3.1. Forwarding Entry Construction . . . . . . . . . . . . . . 5
4.2. Packet Forwarding Procedures . . . . . . . . . . . . . . 7 3.2. Packet Forwarding Procedures . . . . . . . . . . . . . . 7
4.2.1. Packet Forwarding with Penultimate Hop Popping . . . 8 3.2.1. Packet Forwarding with Penultimate Hop Popping . . . 8
4.2.2. Packet Forwarding without Penultimate Hop Popping . . 9 3.2.2. Packet Forwarding without Penultimate Hop Popping . . 9
4.2.3. Additional Forwarding Procedures . . . . . . . . . . 10 3.2.3. Additional Forwarding Procedures . . . . . . . . . . 10
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.1. Normative References . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 15 8.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
MPLS Segment Routing (SR-MPLS in short) MPLS Segment Routing (SR-MPLS) [I-D.ietf-spring-segment-routing-mpls]
[I-D.ietf-spring-segment-routing-mpls] is an MPLS data plane-based is an MPLS data plane-based source routing paradigm in which the
source routing paradigm in which the sender of a packet is allowed to sender of a packet is allowed to partially or completely specify the
partially or completely specify the route the packet takes through route the packet takes through the network by imposing stacked MPLS
the network by imposing stacked MPLS labels on the packet. SR-MPLS labels on the packet. SR-MPLS could be leveraged to realize a source
could be leveraged to realize a source routing mechanism across MPLS, routing mechanism across MPLS, IPv4, and IPv6 data planes by using an
IPv4, and IPv6 data planes by using an MPLS label stack as a source MPLS label stack as a source routing instruction set while preserving
routing instruction set while preserving backward compatibility with backward compatibility with SR-MPLS. More specifically, the source
SR-MPLS. More specifically, the source routing instruction set routing instruction set information contained in a source routed
information contained in a source routed packet could be uniformly packet could be uniformly encoded as an MPLS label stack no matter
encoded as an MPLS label stack no matter whether the underlay is whether the underlay is IPv4, IPv6, or MPLS.
IPv4, IPv6, or MPLS.
This document describes how SR-MPLS capable routers and IP-only This document describes how SR-MPLS capable routers and IP-only
routers can seamlessly co-exist and interoperate through the use of routers can seamlessly co-exist and interoperate through the use of
SR-MPLS label stacks and IP encapsulation/tunneling such as MPLS-in- SR-MPLS label stacks and IP encapsulation/tunneling such as MPLS-in-
UDP [RFC7510]. UDP [RFC7510].
Although the source routing instructions are encoded as MPLS labels, Section 2 describes various use cases for the tunneling SR-MPLS over
this is a hardware convenience rather than an indication that the IP. Section 3 describes a typical application scenario and how the
whole MPLS protocol stack needs to be deployed. In particular, the
MPLS control protocols are not used in this or any other form of SR-
MPLS.
Section 3 describes various use cases for the tunneling SR-MPLS over
IP. Section 4 describes a typical application scenario and how the
packet forwarding happens. packet forwarding happens.
2. Terminology 1.1. Terminology
This memo makes use of the terms defined in [RFC3031] and This memo makes use of the terms defined in [RFC3031] and
[I-D.ietf-spring-segment-routing-mpls]. [I-D.ietf-spring-segment-routing-mpls].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Use Cases 2. Use Cases
Tunneling SR-MPLS using IPv4 and/or IPv6 tunnels is useful at least Tunneling SR-MPLS using IPv4 and/or IPv6 tunnels is useful at least
in the following use cases: in the following use cases:
o Incremental deployment of the SR-MPLS technology may be o Incremental deployment of the SR-MPLS technology may be
facilitated by tunneling SR-MPLS packets across parts of a network facilitated by tunneling SR-MPLS packets across parts of a network
that are not SR-MPLS enabled using an IP tunneling mechanism such that are not SR-MPLS enabled using an IP tunneling mechanism such
as MPLS-in-UDP [RFC7510]. The tunnel destination address is the as MPLS-in-UDP [RFC7510]. The tunnel destination address is the
address of the next SR-MPLS-capable node along the path (i.e., the address of the next SR-MPLS capable node along the path (i.e., the
egress of the active node segment). This is shown in Figure 1. egress of the active node segment). This is shown in Figure 1.
________________________ ________________________
_______ ( ) _______ _______ ( ) _______
( ) ( IP Network ) ( ) ( ) ( IP Network ) ( )
( SR-MPLS ) ( ) ( SR-MPLS ) ( SR-MPLS ) ( ) ( SR-MPLS )
( Network ) ( ) ( Network ) ( Network ) ( ) ( Network )
( -------- -------- ) ( -------- -------- )
( | Border | SR-in-UDP Tunnel | Border | ) ( | Border | SR-in-UDP Tunnel | Border | )
( | Router |========================| Router | ) ( | Router |========================| Router | )
skipping to change at page 4, line 26 skipping to change at page 4, line 26
( ) ( ) ( ) ( ) ( ) ( )
(_______) ( ) (_______) (_______) ( ) (_______)
(________________________) (________________________)
Figure 1: SR-MPLS in UDP to Tunnel Between SR-MPLS Sites Figure 1: SR-MPLS in UDP to Tunnel Between SR-MPLS Sites
o If encoding of entropy is desired, IP tunneling mechanisms that o If encoding of entropy is desired, IP tunneling mechanisms that
allow encoding of entropy, such as MPLS-in-UDP encapsulation allow encoding of entropy, such as MPLS-in-UDP encapsulation
[RFC7510] where the source port of the UDP header is used as an [RFC7510] where the source port of the UDP header is used as an
entropy field, may be used to maximize the utilization of ECMP entropy field, may be used to maximize the utilization of ECMP
and/or UCMP, specially when it is difficult to make use of entropy and/or LAG, especially when it is difficult to make use of entropy
label mechanism. Refer to [I-D.ietf-mpls-spring-entropy-label]) label mechanism. Refer to [I-D.ietf-mpls-spring-entropy-label])
for more discussion about using entropy label in SR-MPLS. for more discussion about using entropy label in SR-MPLS.
o Tunneling MPLS into IP provides a technology that enables SR in an o Tunneling MPLS into IP provides a technology that enables SR in an
IPv4 and/or IPv6 network where the routers do not support SRv6 IPv4 and/or IPv6 network where the routers do not support SRv6
capabilities [I-D.ietf-6man-segment-routing-header] and where MPLS capabilities [I-D.ietf-6man-segment-routing-header] and where MPLS
forwarding is not an option. This is shown in Figure Figure 2. forwarding is not an option. This is shown in Figure Figure 2.
__________________________________ __________________________________
__( IP Network )__ __( IP Network )__
skipping to change at page 5, line 25 skipping to change at page 5, line 25
(__ __) (__ __)
(__________________________________) (__________________________________)
Key: Key:
IR : IP-only Router IR : IP-only Router
SR : SR-MPLS-capable Router SR : SR-MPLS-capable Router
== : SR-MPLS in UDP Tunnel == : SR-MPLS in UDP Tunnel
Figure 2: SR-MPLS Enabled Within an IP Network Figure 2: SR-MPLS Enabled Within an IP Network
4. Procedures of SR-MPLS over IP 3. Procedures of SR-MPLS over IP
This section describes the construction of forwarding information This section describes the construction of forwarding information
base (FIB) entries and the forwarding behavior that allow the base (FIB) entries and the forwarding behavior that allow the
deployment of SR-MPLS when some routers in the network are IP only deployment of SR-MPLS when some routers in the network are IP only
(i.e., do not support SR-MPLS). Note that the examples described in (i.e., do not support SR-MPLS). Note that the examples in
Section 4.1 and Section 4.2 assume that OSPF or ISIS is enabled: in Section 3.1 and Section 3.2 assume that OSPF or ISIS is enabled: in
fact, other mechanisms of discovery and advertisement could be used fact, other mechanisms of discovery and advertisement could be used
including other routing protocols (such as BGP) or a central including other routing protocols (such as BGP) or a central
controller. controller.
4.1. Forwarding Entry Construction 3.1. Forwarding Entry Construction
This sub-section describes the how to construct the forwarding This sub-section describes the how to construct the forwarding
information base (FIB) entry on an SR-MPLS-capable router when some information base (FIB) entry on an SR-MPLS-capable router when some
or all of the next-hops along the shortest path towards a prefix-SID or all of the next-hops along the shortest path towards a prefix
are IP-only routers. Segment Identifier (prefix-SID) are IP-only routers.
Consider router A that receives a labeled packet with top label L(E) Consider router A that receives a labeled packet with top label L(E)
that corresponds to the prefix-SID SID(E) of prefix P(E) advertised that corresponds to the prefix-SID SID(E) of prefix P(E) advertised
by router E. Suppose the ith next-hop router (termed NHi) along the by router E. Suppose the i-th next-hop router (termed NHi) along the
shortest path from router A toward SID(E) is not SR-MPLS capable shortest path from router A toward SID(E) is not SR-MPLS capable
while both routers A and E are SR-MPLS capable. The following while both routers A and E are SR-MPLS capable. The following
processing steps apply: processing steps apply:
o Router E is SR-MPLS capable so it advertises the SR-Capabilities o Router E is SR-MPLS capable so it advertises the SRGB as described
sub-TLV including the SRGB as described in in [I-D.ietf-ospf-segment-routing-extensions] and
[I-D.ietf-ospf-segment-routing-extensions] and
[I-D.ietf-isis-segment-routing-extensions]. [I-D.ietf-isis-segment-routing-extensions].
o Router E advertises the prefix-SID SID(E) of prefix P(E) so MUST o When Router E advertises the prefix-SID SID(E) of prefix P(E) it
also advertise the encapsulation endpoint and the tunnel type of MUST also advertise the encapsulation endpoint and the tunnel type
any tunnel used to reach E. It does this using the mechanisms of any tunnel used to reach E. It does this using the mechanisms
described in [I-D.ietf-isis-encapsulation-cap] or described in [I-D.ietf-isis-encapsulation-cap] or
[I-D.ietf-ospf-encapsulation-cap]. [I-D.ietf-ospf-encapsulation-cap].
o If A and E are in different IGP areas/levels, then: o If A and E are in different IGP areas/levels, then:
* The OSPF Tunnel Encapsulation TLV * The OSPF Tunnel Encapsulation TLV
[I-D.ietf-ospf-encapsulation-cap] or the ISIS Tunnel [I-D.ietf-ospf-encapsulation-cap] or the ISIS Tunnel
Encapsulation sub-TLV [I-D.ietf-isis-encapsulation-cap] is Encapsulation sub-TLV [I-D.ietf-isis-encapsulation-cap] is
flooded domain-wide. flooded domain-wide.
skipping to change at page 7, line 16 skipping to change at page 7, line 16
swap the top label to a value equal to SID(E) plus the lower swap the top label to a value equal to SID(E) plus the lower
bound of the SRGB of E bound of the SRGB of E
* Encapsulate the packet according to the encapsulation * Encapsulate the packet according to the encapsulation
advertised in [I-D.ietf-isis-encapsulation-cap] or advertised in [I-D.ietf-isis-encapsulation-cap] or
[I-D.ietf-ospf-encapsulation-cap] [I-D.ietf-ospf-encapsulation-cap]
* Send the packet towards the next hop NHi. * Send the packet towards the next hop NHi.
4.2. Packet Forwarding Procedures 3.2. Packet Forwarding Procedures
[RFC7510] specifies an IP-based encapsulation for MPLS, i.e., MPLS- [RFC7510] specifies an IP-based encapsulation for MPLS, i.e., MPLS-
in-UDP, which is applicable in some circumstances where IP-based in-UDP, which is applicable in some circumstances where IP-based
encapsulation for MPLS is required and further fine-grained load encapsulation for MPLS is required and further fine-grained load
balancing of MPLS packets over IP networks over Equal-Cost Multipath balancing of MPLS packets over IP networks over Equal-Cost Multipath
(ECMP) and/or Link Aggregation Groups (LAGs) is required as well. (ECMP) and/or Link Aggregation Groups (LAGs) is required as well.
This section provides details about the forwarding procedure when This section provides details about the forwarding procedure when
when UDP encapsulation is adopted for SR-MPLS over IP. when UDP encapsulation is adopted for SR-MPLS over IP.
Nodes that are SR-MPLS capable can process SR-MPLS packets. Not all Nodes that are SR-MPLS capable can process SR-MPLS packets. Not all
of the nodes in an SR-MPLS domain are SR-MPLS capable. Some nodes of the nodes in an SR-MPLS domain are SR-MPLS capable. Some nodes
may be "legacy routers" that cannot handle SR-MPLS packets but can may be "legacy routers" that cannot handle SR-MPLS packets but can
forward IP packets. An SR-MPLS-capable node may advertise its forward IP packets. An SR-MPLS-capable node may advertise its
capabilities using the IGP as described in Section 4. There are six capabilities using the IGP as described in Section 3. There are six
types of node in an SR-MPLS domain: types of node in an SR-MPLS domain:
o Domain ingress nodes that receive packets and encapsulate them for o Domain ingress nodes that receive packets and encapsulate them for
transmission across the domain. Those packets may be any payload transmission across the domain. Those packets may be any payload
protocol including native IP packets or packets that are already protocol including native IP packets or packets that are already
MPLS encapsulated. MPLS encapsulated.
o Legacy transit nodes that are IP routers but that are not SR-MPLS o Legacy transit nodes that are IP routers but that are not SR-MPLS
capable (i.e., are not able to perform segment routing). capable (i.e., are not able to perform segment routing).
skipping to change at page 8, line 5 skipping to change at page 8, line 5
o Transit nodes that are SR-MPLS capable and need to perform SR-MPLS o Transit nodes that are SR-MPLS capable and need to perform SR-MPLS
routing because they are identified by a SID in the SID stack. routing because they are identified by a SID in the SID stack.
o The penultimate SR-MPLS capable node on the path that processes o The penultimate SR-MPLS capable node on the path that processes
the last SID on the stack on behalf of the domain egress node. the last SID on the stack on behalf of the domain egress node.
o The domain egress node that forwards the payload packet for o The domain egress node that forwards the payload packet for
ultimate delivery. ultimate delivery.
4.2.1. Packet Forwarding with Penultimate Hop Popping 3.2.1. Packet Forwarding with Penultimate Hop Popping
The description in this section assumes that the label associated The description in this section assumes that the label associated
with each prefix-SID is advertised by the owner of the prefix-SID is with each prefix-SID is advertised by the owner of the prefix-SID is
a Penultimate Hop Popping (PHP) label. That is, the NP flag in OSPF a Penultimate Hop Popping (PHP) label. That is, the NP flag in OSPF
or the P flag in ISIS associated with the prefix SID is not set. or the P flag in ISIS associated with the prefix SID is not set.
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
| A +-------+ B +-------+ C +--------+ D +--------+ H | | A +-------+ B +-------+ C +--------+ D +--------+ H |
+-----+ +--+--+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+ +--+--+ +-----+
| | | | | |
skipping to change at page 9, line 37 skipping to change at page 9, line 37
protocol. That is, the final SR-MPLS has been popped exposing the protocol. That is, the final SR-MPLS has been popped exposing the
payload packet. payload packet.
To handle this, when a router (here it is router G) pops the final To handle this, when a router (here it is router G) pops the final
SR-MPLS label, it inserts an explicit null label [RFC3032] before SR-MPLS label, it inserts an explicit null label [RFC3032] before
encapsulating the packet in an MPLS-over-UDP tunnel toward router H encapsulating the packet in an MPLS-over-UDP tunnel toward router H
and sending it out. That is, router G pops the top label, discovers and sending it out. That is, router G pops the top label, discovers
it has reached the bottom of stack, pushes an explicit null label, it has reached the bottom of stack, pushes an explicit null label,
and then encapsulates the MPLS packet in a UDP tunnel to router H. and then encapsulates the MPLS packet in a UDP tunnel to router H.
4.2.2. Packet Forwarding without Penultimate Hop Popping 3.2.2. Packet Forwarding without Penultimate Hop Popping
Figure 4 demonstrates the packet walk in the case where the label Figure 4 demonstrates the packet walk in the case where the label
associated with each prefix-SID advertised by the owner of the associated with each prefix-SID advertised by the owner of the
prefix-SID is not a Penultimate Hop Popping (PHP) label (i.e., the prefix-SID is not a Penultimate Hop Popping (PHP) label (i.e., the
the NP flag in OSPF or the P flag in ISIS associated with the prefix the NP flag in OSPF or the P flag in ISIS associated with the prefix
SID is set). Apart from the PHP function the roles of the routers is SID is set). Apart from the PHP function the roles of the routers is
unchanged from Section 4.2.1. unchanged from Section 3.2.1.
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
| A +-------+ B +-------+ C +--------+ D +--------+ H | | A +-------+ B +-------+ C +--------+ D +--------+ H |
+-----+ +--+--+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+ +--+--+ +-----+
| | | | | |
| | | | | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| E +-------+ F +--------+ G | | E +-------+ F +--------+ G |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
skipping to change at page 10, line 34 skipping to change at page 10, line 34
+--------+ +--------+ +--------+ +--------+ +--------+ +--------+
| Packet | ---> | Packet | ---> | Packet | | Packet | ---> | Packet | ---> | Packet |
+--------+ +--------+ +--------+ +--------+ +--------+ +--------+
Figure 4: Packet Forwarding Example without PHP Figure 4: Packet Forwarding Example without PHP
As can be seen from the figure, the SR-MPLS label for each segment is As can be seen from the figure, the SR-MPLS label for each segment is
left in place until the end of the segment where it is popped and the left in place until the end of the segment where it is popped and the
next instruction is processed. next instruction is processed.
4.2.3. Additional Forwarding Procedures 3.2.3. Additional Forwarding Procedures
Non-MPLS Interfaces: Although the description in the previous two Non-MPLS Interfaces: Although the description in the previous two
sections is based on the use of prefix-SIDs, tunneling SR-MPLS sections is based on the use of prefix-SIDs, tunneling SR-MPLS
packets is useful when the top label of a received SR-MPLS packet packets is useful when the top label of a received SR-MPLS packet
indicates an adjacency-SID and the corresponding adjacent node to indicates an adjacency-SID and the corresponding adjacent node to
that adjacency-SID is not capable of MPLS forwarding but can still that adjacency-SID is not capable of MPLS forwarding but can still
process SR-MPLS packets. In this scenario the top label would be process SR-MPLS packets. In this scenario the top label would be
replaced by an IP tunnel toward that adjacent node and then replaced by an IP tunnel toward that adjacent node and then
forwarded over the corresponding link indicated by the adjacency- forwarded over the corresponding link indicated by the adjacency-
SID. SID.
skipping to change at page 11, line 16 skipping to change at page 11, line 16
now an SR-MPLS-capable transit node while all the other now an SR-MPLS-capable transit node while all the other
assumptions keep unchanged, since F is not identified by a SID in assumptions keep unchanged, since F is not identified by a SID in
the stack and an MPLS-over-UDP tunnel is preferred to an MPLS LSP the stack and an MPLS-over-UDP tunnel is preferred to an MPLS LSP
according to local policies, router E would replace the current according to local policies, router E would replace the current
top label with an MPLS-over-UDP tunnel toward router G and send it top label with an MPLS-over-UDP tunnel toward router G and send it
out. out.
IP Header Fields: When encapsulating an MPLS packet in UDP, the IP Header Fields: When encapsulating an MPLS packet in UDP, the
resulting packet is further encapsulated in IP for transmission. resulting packet is further encapsulated in IP for transmission.
IPv4 or IPv6 may be used according to the capabilities of the IPv4 or IPv6 may be used according to the capabilities of the
network. The address fields are set as described in Section 3. network. The address fields are set as described in Section 2.
The other IP header fields (such as DSCP code point, or IPv6 Flow The other IP header fields (such as DSCP code point, or IPv6 Flow
Label) on each UDP-encapsulated segment can be set according to Label) on each UDP-encapsulated segment can be set according to
the operator's policy: they may be copied from the header of the the operator's policy: they may be copied from the header of the
incoming packet; they may be promoted from the header of the incoming packet; they may be promoted from the header of the
payload packet; they may be set according to instructions payload packet; they may be set according to instructions
programmed to be associated with the SID; or they may be programmed to be associated with the SID; or they may be
configured dependent on the outgoing interface and payload. configured dependent on the outgoing interface and payload.
Entropy and ECMP: When encapsulating an MPLS packet with an IP Entropy and ECMP: When encapsulating an MPLS packet with an IP
tunnel header that is capable of encoding entropy (such as tunnel header that is capable of encoding entropy (such as
skipping to change at page 11, line 44 skipping to change at page 11, line 44
copied to the source port of the UDP header. Otherwise, the copied to the source port of the UDP header. Otherwise, the
encapsulator may have to perform a hash on the whole label stack encapsulator may have to perform a hash on the whole label stack
or the five-tuple of the SR-MPLS payload if the payload is or the five-tuple of the SR-MPLS payload if the payload is
determined as an IP packet. To avoid re-performing the hash or determined as an IP packet. To avoid re-performing the hash or
hunting for the entropy label each time the packet is encapsulated hunting for the entropy label each time the packet is encapsulated
in a UDP tunnel it MAY be desirable that the entropy value in a UDP tunnel it MAY be desirable that the entropy value
contained in the incoming packet (i.e., the UDP source port value) contained in the incoming packet (i.e., the UDP source port value)
is retained when stripping the UDP header and is re-used as the is retained when stripping the UDP header and is re-used as the
entropy value of the outgoing packet. entropy value of the outgoing packet.
5. IANA Considerations 4. IANA Considerations
This document makes no requests for IANA action. This document makes no requests for IANA action.
6. Security Considerations 5. Security Considerations
The security consideration of [RFC8354] and [RFC7510] apply. DTLS The security consideration of [RFC8354] and [RFC7510] apply. DTLS
[RFC6347] SHOULD be used where security is needed on an MPLS-SR-over- [RFC6347] SHOULD be used where security is needed on an MPLS-SR-over-
UDP segment. UDP segment.
It is difficult for an attacker to pass a raw MPLS encoded packet It is difficult for an attacker to pass a raw MPLS encoded packet
into a network and operators have considerable experience at into a network and operators have considerable experience at
excluding such packets at the network boundaries. excluding such packets at the network boundaries.
It is easy for an ingress node to detect any attempt to smuggle an IP It is easy for an ingress node to detect any attempt to smuggle an IP
packet into the network since it would see that the UDP destination packet into the network since it would see that the UDP destination
port was set to MPLS. SR packets not having a destination address port was set to MPLS. SR packets not having a destination address
terminating in the network would be transparently carried and would terminating in the network would be transparently carried and would
pose no security risk to the network under consideration. pose no security risk to the network under consideration.
Where control plane techniques are used (as described in Where control plane techniques are used (as described in
Authors' Addresses it is important that these protocols are Authors' Addresses it is important that these protocols are
adequately secured for the environment in which they are run. adequately secured for the environment in which they are run.
7. Contributors 6. Contributors
Ahmed Bashandy Ahmed Bashandy
Individual Individual
Email: abashandy.ietf@gmail.com Email: abashandy.ietf@gmail.com
Clarence Filsfils Clarence Filsfils
Cisco Cisco
Email: cfilsfil@cisco.com Email: cfilsfil@cisco.com
John Drake John Drake
skipping to change at page 13, line 30 skipping to change at page 13, line 30
Email: gunter.van_de_velde@nokia.com Email: gunter.van_de_velde@nokia.com
Tal Mizrahi Tal Mizrahi
Marvell Marvell
Email: talmi@marvell.com Email: talmi@marvell.com
Jeff Tantsura Jeff Tantsura
Individual Individual
Email: jefftant@gmail.com Email: jefftant@gmail.com
8. Acknowledgements 7. Acknowledgements
Thanks to Joel Halpern, Bruno Decraene, Loa Andersson, Ron Bonica, Thanks to Joel Halpern, Bruno Decraene, Loa Andersson, Ron Bonica,
Eric Rosen, Jim Guichard, and Gunter Van De Velde for their Eric Rosen, Jim Guichard, and Gunter Van De Velde for their
insightful comments on this draft. insightful comments on this draft.
9. References 8. References
9.1. Normative References
[I-D.ietf-isis-encapsulation-cap]
Xu, X., Decraene, B., Raszuk, R., Chunduri, U., Contreras,
L., and L. Jalil, "Advertising Tunnelling Capability in
IS-IS", draft-ietf-isis-encapsulation-cap-01 (work in
progress), April 2017.
[I-D.ietf-isis-segment-routing-extensions]
Previdi, S., Ginsberg, L., Filsfils, C., Bashandy, A.,
Gredler, H., Litkowski, S., Decraene, B., and J. Tantsura,
"IS-IS Extensions for Segment Routing", draft-ietf-isis-
segment-routing-extensions-19 (work in progress), July
2018.
[I-D.ietf-ospf-encapsulation-cap]
Xu, X., Decraene, B., Raszuk, R., Contreras, L., and L.
Jalil, "The Tunnel Encapsulations OSPF Router
Information", draft-ietf-ospf-encapsulation-cap-09 (work
in progress), October 2017.
[I-D.ietf-ospf-segment-routing-extensions] 8.1. Normative References
Psenak, P., Previdi, S., Filsfils, C., Gredler, H.,
Shakir, R., Henderickx, W., and J. Tantsura, "OSPF
Extensions for Segment Routing", draft-ietf-ospf-segment-
routing-extensions-25 (work in progress), April 2018.
[I-D.ietf-spring-segment-routing-mpls] [I-D.ietf-spring-segment-routing-mpls]
Bashandy, A., Filsfils, C., Previdi, S., Decraene, B., Bashandy, A., Filsfils, C., Previdi, S., Decraene, B.,
Litkowski, S., and R. Shakir, "Segment Routing with MPLS Litkowski, S., and R. Shakir, "Segment Routing with MPLS
data plane", draft-ietf-spring-segment-routing-mpls-14 data plane", draft-ietf-spring-segment-routing-mpls-14
(work in progress), June 2018. (work in progress), June 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
skipping to change at page 15, line 24 skipping to change at page 14, line 43
[RFC7981] Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions [RFC7981] Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions
for Advertising Router Information", RFC 7981, for Advertising Router Information", RFC 7981,
DOI 10.17487/RFC7981, October 2016, DOI 10.17487/RFC7981, October 2016,
<https://www.rfc-editor.org/info/rfc7981>. <https://www.rfc-editor.org/info/rfc7981>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 8.2. Informative References
[I-D.ietf-6man-segment-routing-header] [I-D.ietf-6man-segment-routing-header]
Filsfils, C., Previdi, S., Leddy, J., Matsushima, S., and Filsfils, C., Previdi, S., Leddy, J., Matsushima, S., and
d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header d. daniel.voyer@bell.ca, "IPv6 Segment Routing Header
(SRH)", draft-ietf-6man-segment-routing-header-14 (work in (SRH)", draft-ietf-6man-segment-routing-header-14 (work in
progress), June 2018. progress), June 2018.
[I-D.ietf-mpls-spring-entropy-label] [I-D.ietf-mpls-spring-entropy-label]
Kini, S., Kompella, K., Sivabalan, S., Litkowski, S., Kini, S., Kompella, K., Sivabalan, S., Litkowski, S.,
Shakir, R., and J. Tantsura, "Entropy label for SPRING Shakir, R., and J. Tantsura, "Entropy label for SPRING
skipping to change at page 15, line 47 skipping to change at page 15, line 20
[RFC8354] Brzozowski, J., Leddy, J., Filsfils, C., Maglione, R., [RFC8354] Brzozowski, J., Leddy, J., Filsfils, C., Maglione, R.,
Ed., and M. Townsley, "Use Cases for IPv6 Source Packet Ed., and M. Townsley, "Use Cases for IPv6 Source Packet
Routing in Networking (SPRING)", RFC 8354, Routing in Networking (SPRING)", RFC 8354,
DOI 10.17487/RFC8354, March 2018, DOI 10.17487/RFC8354, March 2018,
<https://www.rfc-editor.org/info/rfc8354>. <https://www.rfc-editor.org/info/rfc8354>.
Authors' Addresses Authors' Addresses
Xiaohu Xu Xiaohu Xu
Alibaba Alibaba Inc.
Email: xiaohu.xxh@alibaba-inc.com Email: xiaohu.xxh@alibaba-inc.com
Stewart Bryant Stewart Bryant
Huawei Huawei
Email: stewart.bryant@gmail.com Email: stewart.bryant@gmail.com
Adrian Farrel Adrian Farrel
Juniper Old Dog Consulting
Email: afarrel@juniper.net Email: adrian@olddog.co.uk
Syed Hassan Syed Hassan
Cisco Cisco
Email: shassan@cisco.com Email: shassan@cisco.com
Wim Henderickx Wim Henderickx
Nokia Nokia
Email: wim.henderickx@nokia.com Email: wim.henderickx@nokia.com
 End of changes. 39 change blocks. 
102 lines changed or deleted 70 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/