BGP SR Policy Extensions for Network Resource Partition

The concept of Segment Routing (SR) policy is defined in . An SR Policy is a set of candidate paths, each consisting of one or more segment lists. The headend of an SR Policy may learn multiple candidate paths for an SR Policy. The header of a packet steered in an SR Policy is augmented with an ordered list of segments associated with that SR Policy. The BGP extensions to distribute SR Policy candidate paths are defined in . discusses the general framework, components, and interfaces for requesting and operating network slices using IETF technologies. It also introduces the concept of Network Resource Partition (NRP), which is a subset of the resources and associated policies in the underlay network. The network slices defined in can be realized by mapping one or more connectivity constructs to an NRP. describes the framework and the candidate component technologies for providing NRP-based enhanced VPN services based on VPN and Traffic Engineering (TE) technologies. Enhanced VPN can be used for the realization of network slice services defined in . As described in , one scalable data plane approach to support network slicing is to carry a dedicated NRP selector ID in the data packet to identify the NRP the packet belongs to, so that the packet can be processed and forwarded using the subset of network resources allocated to the NRP. In networks where there are multiple NRPs, an SR Policy may be associated with a particular NRP. describes the association of candidate paths with NRPs under the SR Policy architecture. This document defines the extensions to BGP to specify the control plane NRP ID that is associated with an SR Policy candidate path. The control plane NRP ID is linked to the NRP identifier used in data plane (denoted as NRP Selector ID).

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

In order to specify the NRP the candidate path of SR policy is associated with, a new sub-TLV called "NRP ID" sub-TLV is defined in the BGP Tunnel Encapsulation Attribute . The NRP ID sub-TLV can be carried in the BGP Tunnel Encapsulation Attribute with the tunnel type set to SR Policy. The use of the NRP ID sub-TLV in other tunnel types is outside the scope of this document. The NRP sub-TLV has the following format:

where: Type: 123 (assigned by IANA) Length: 6 octets. Flags: 1-octet flag field. None is defined at this stage. The flags MUST be set to zero on transmission and MUST be ignored on receipt. Reserved: 1 octet of reserved bits. It MUST be set to zero on transmission and MUST be ignored on receipt. NRP ID: A 32-bit domain significant identifier which is used to identify an NRP in the control plane . The values of 0 and 0xFFFFFFFF are reserved. The encoding structure of BGP SR Policy with the NRP ID sub-TLV is expressed as below:

Attributes: Tunnel Encaps Attribute (23) Tunnel Type: SR Policy (15) Binding SID SRv6 Binding SID Preference Priority Policy Name Policy Candidate Path Name Explicit NULL Label Policy (ENLP) NRP ID Segment List Weight Segment Segment ... ... Figure 2. SR Policy Encoding with NRP ID sub-TLV]]> The NRP ID sub-TLV is optional and MUST NOT appear more than once for one SR Policy candidate path.

When a candidate path of SR Policy is instantiated within an NRP, and a network-wide data plane NRP Selector ID is used for identifying the resources of the NRP, the originating node of SR Policy MUST include the NRP ID sub-TLV in the BGP Tunnel Encapsulation Attribute of the BGP SR Policy. The setting of other fields and attributes in BGP SR Policy follows the mechanism as defined in . On reception of an SR Policy NLRI with NRP ID sub-TLV in the BGP Tunnel Encapsulation Attribute , a BGP speaker determines if it is valid and usable according to the rules defined in Section 4.2 of . The selected best routes of the SR Policy SAFI is passed on to the SR Policy Module (SRPM) for further processing as described in Section 4.2.2 of . Although the proposed mechanism allows different candidate paths in one SR policy to be associated with different NRPs, in normal network scenarios it is considered that the association between an SR Policy and NRP is consistent, in such case all candidate paths of one SR policy SHOULD be associated with the same NRP.

The error handling of the BGP Update messages for BGP SR Policy SAFI with the NRP extensions defined in this document follows the procedures in section 5 of . The NRP ID sub-TLV is considered malformed if its format does not match the above description. If the NRP ID sub-TLV appears more than once, or its format is considered malformed, the associated BGP SR Policy NLRI is considered malformed and the "treat-as-withdraw" strategy of MUST be applied.

The mechanism specified in this document adds additional information to the signaling of SR Policy candidate paths in BGP. As the number of NRP increases, the number of SR Policies may also increase. When SR Policies are associated with different NRPs, the amount of control plane information exchanged between the network controller and the headend nodes for provisioning SR Policy would increase. However, since the SR Policy candidate paths distributed using BGP are only installed by the corresponding headend nodes, the impacts to the BGP control plane are considered acceptable.

The security considerations of BGP and BGP SR Policy apply to this document. The security considerations of SR Policy and SR Policy NRP extensions apply to this document.

IANA has assigned the sub-TLV type as defined in Section 2 from "BGP Tunnel Encapsulation Attribute sub-TLVs" registry in the "Border Gateway Protocol (BGP) Tunnel Encapsulation" registry group.

The authors would like to thank Guoqi Xu, Lei Bao, Haibo Wang, Shunwan Zhuang and Susan Hares for their review and discussion of this document.