Network Working Group S. Previdi, Ed.
Internet-Draft C. Filsfils
Intended status: Standards Track Cisco Systems, Inc.
Expires: September 19, 2016 B. Field
Comcast
I. Leung
Rogers Communications
J. Linkova
Google
E. Aries
Facebook
T. Kosugi
NTT
E. Vyncke
Cisco Systems, Inc.
D. Lebrun
Universite Catholique de Louvain
March 18, 2016
IPv6 Segment Routing Header (SRH)
draft-ietf-6man-segment-routing-header-01
Abstract
Segment Routing (SR) allows a node to steer a packet through a
controlled set of instructions, called segments, by prepending an SR
header to the packet. A segment can represent any instruction,
topological or service-based. SR allows to enforce a flow through
any path (topological, or application/service based) while
maintaining per-flow state only at the ingress node to the SR domain.
Segment Routing can be applied to the IPv6 data plane with the
addition of a new type of Routing Extension Header. This draft
describes the Segment Routing Extension Header Type and how it is
used by SR capable nodes.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Previdi, et al. Expires September 19, 2016 [Page 1]
Internet-Draft IPv6 Segment Routing Header (SRH) March 2016
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 19, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Segment Routing Documents . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Data Planes supporting Segment Routing . . . . . . . . . 4
2.2. Segment Routing (SR) Domain . . . . . . . . . . . . . . . 4
2.2.1. SR Domain in a Service Provider Network . . . . . . . 5
2.2.2. SR Domain in a Overlay Network . . . . . . . . . . . 6
3. Segment Routing Extension Header (SRH) . . . . . . . . . . . 8
3.1. SRH TLVs . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.1. Ingress Node TLV . . . . . . . . . . . . . . . . . . 10
3.1.2. Egress Node TLV . . . . . . . . . . . . . . . . . . . 11
3.1.3. Opaque Container TLV . . . . . . . . . . . . . . . . 12
3.1.4. Padding TLV . . . . . . . . . . . . . . . . . . . . . 12
3.1.5. HMAC TLV . . . . . . . . . . . . . . . . . . . . . . 13
3.2. SRH and RFC2460 behavior . . . . . . . . . . . . . . . . 14
4. SRH Procedures . . . . . . . . . . . . . . . . . . . . . . . 15
4.1. Source SR Node . . . . . . . . . . . . . . . . . . . . . 15
4.2. Transit Node . . . . . . . . . . . . . . . . . . . . . . 16
4.3. SR Segment Endpoint Node . . . . . . . . . . . . . . . . 16
5. Security Considerations . . . . . . . . . . . . . . . . . . . 17
Previdi, et al. Expires September 19, 2016 [Page 2]
Internet-Draft IPv6 Segment Routing Header (SRH) March 2016
5.1. Threat model . . . . . . . . . . . . . . . . . . . . . . 17
5.1.1. Source routing threats . . . . . . . . . . . . . . . 18
5.1.2. Applicability of RFC 5095 to SRH . . . . . . . . . . 18
5.1.3. Service stealing threat . . . . . . . . . . . . . . . 19
5.1.4. Topology disclosure . . . . . . . . . . . . . . . . . 19
5.1.5. ICMP Generation . . . . . . . . . . . . . . . . . . . 19
5.2. Security fields in SRH . . . . . . . . . . . . . . . . . 20
5.2.1. Selecting a hash algorithm . . . . . . . . . . . . . 21
5.2.2. Performance impact of HMAC . . . . . . . . . . . . . 21
5.2.3. Pre-shared key management . . . . . . . . . . . . . . 22
5.3. Deployment Models . . . . . . . . . . . . . . . . . . . . 23
5.3.1. Nodes within the SR domain . . . . . . . . . . . . . 23
5.3.2. Nodes outside of the SR domain . . . . . . . . . . . 23
5.3.3. SR path exposure . . . . . . . . . . . . . . . . . . 24
5.3.4. Impact of BCP-38 . . . . . . . . . . . . . . . . . . 24
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
7. Manageability Considerations . . . . . . . . . . . . . . . . 25
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
10.1. Normative References . . . . . . . . . . . . . . . . . . 25
10.2. Informative References . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
1. Segment Routing Documents
Segment Routing terminology is defined in
[I-D.ietf-spring-segment-routing].
Segment Routing use cases are described in
[I-D.ietf-spring-problem-statement] and
[I-D.ietf-spring-ipv6-use-cases].
Segment Routing protocol extensions are defined in
[I-D.ietf-isis-segment-routing-extensions], and
[I-D.ietf-ospf-ospfv3-segment-routing-extensions].
2. Introduction
Segment Routing (SR), defined in [I-D.ietf-spring-segment-routing],
allows a node to steer a packet through a controlled set of
instructions, called segments, by prepending an SR header to the
packet. A segment can represent any instruction, topological or
service-based. SR allows to enforce a flow through any path
(topological or service/application based) while maintaining per-flow
state only at the ingress node to the SR domain. Segments can be
derived from different components: IGP, BGP, Services, Contexts,
Previdi, et al. Expires September 19, 2016 [Page 3]
Internet-Draft IPv6 Segment Routing Header (SRH) March 2016
Locators, etc. The list of segment forming the path is called the
Segment List and is encoded in the packet header.
SR allows the use of strict and loose source based routing paradigms
without requiring any additional signaling protocols in the
infrastructure hence delivering an excellent scalability property.
The source based routing model described in
[I-D.ietf-spring-segment-routing] is inherited from the ones proposed
by [RFC1940] and [RFC2460]. The source based routing model offers
the support for explicit routing capability.
2.1. Data Planes supporting Segment Routing
Segment Routing (SR), can be instantiated over MPLS
([