New H3C Technologies

8 Yongjia North Road Beijing Haidian District 100094 China linchangwang.04414@h3c.com

China Mobile

32 Xuanwumen West Street Beijing Xicheng District 100053 China chengweiqiang@chinamobile.com

ZTE

China liu.yao71@zte.com.cn

Cisco Systems

India ketant.ietf@gmail.com

New H3C Technologies

China chen.mengxiao@h3c.com

IDR Segment Routing (SR) is a source routing paradigm that explicitly indicates the forwarding path for packets at the ingress node. An SR Policy is a set of candidate paths, each consisting of one or more segment lists. This document defines extensions to BGP SR Policy to specify the identifier of a segment list.

Introduction Segment routing (SR) is a source routing paradigm that explicitly indicates the forwarding path for packets at the ingress node. The ingress node steers packets into a specific path according to the Segment Routing Policy (SR Policy) as defined in . In order to distribute SR policies to the headend, specifies a mechanism by using BGP. However, there is no identifier for segment lists in BGP SR Policy, which may cause inconvenience for other mechanisms to designate segment lists distributed by BGP. Consider a scenario where a network controller distributes SR policies to the headend nodes, which need to collect traffic forwarding statistics per segment list. When a headend node reports each statistic to the controller, it needs to specify the segment list to which the statistic belongs. Due to the lack of an identifier, the headend node usually reports all SIDs in the associated segment list along with the statistic, and then the controller needs to compare the SIDs one by one to recognize which segment list it is. The advertisement of all SIDs in the segment list consumes a lot of octets, and the comparison of SIDs can be complicated. Consider a second example where a network controller distributes SR policies using BGP, and then uses NETCONF to set some configurations of the segment lists that are not suitable to be carried in BGP. The controller needs to specify which segment list these configurations belong to when it issues them. In this case, a simple identifier of the segment list can also be helpful. An identifier of a segment list may also serve as a user-friendly attribute for debugging and troubleshooting purposes, such as displaying an invalid segment list when its associated BFD session is down. Section 5.7.4 of defines an SR Segment List Identifier sub-TLV for reporting the identifier associated with a specific SID list. This document defines extensions to BGP SR Policy to specify the identifier of an SR Segment List.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Segment List Identifier in SR Policy As defined in , the SR policy encoding structure is as follows:

SR Policy Encoding Attributes: Tunnel Encapsulation Attribute (23) Tunnel Type: SR Policy (15) Binding SID SRv6 Binding SID Preference Priority Policy Name Policy Candidate Path Name Explicit NULL Label Policy (ENLP) Segment List Weight Segment Segment ... ... ]]>

SR policy with segment list identifier is expressed as below:

SR policy with segment list identifier Encoding Attributes: Tunnel Encapsulation Attribute (23) Tunnel Type: SR Policy (15) Binding SID SRv6 Binding SID Preference Priority Policy Name Policy Candidate Path Name Explicit NULL Label Policy (ENLP) Segment List Weight Segment List Identifier Segment Segment ... ... ]]>

The segment list identifier can be advertised using the Segment List ID sub-TLV, as defined in .

Segment List ID Sub-TLV The Segment List ID sub-TLV is defined in the BGP Tunnel Encapsulation Attribute . The Segment List ID sub-TLV can be carried in the BGP Tunnel Encapsulation Attribute with the tunnel type set to SR Policy. The Segment List ID sub-TLV specifies the identifier of the segment list by a 4-octet number. The Segment List ID is unique within the context of a Candidate Path. The Segment List ID sub-TLV is optional and it MUST NOT appear more than once inside the Segment List sub-TLV. If multiple instances are present, then the first one is considered valid and the other instances MUST be ignored and MUST NOT considered to be malformed. The Segment List ID sub-TLV has the following format:

Segment List ID sub-TLV

where:

• Type: 19.
• Length: 6.
• Flags: 1 octet of flags. None are defined at this stage. Flags SHOULD be set to zero on transmission and MUST be ignored on receipt.
• RESERVED: 1 octet of reserved bits. SHOULD be set to zero on transmission and MUST be ignored on receipt.
• Segment List ID: 4 octets which carry a 32-bit unsigned non-zero number that serves as the identifier associated with the segment list. A value of 0 indicates that there is no identifier associated with the Segment List. The scope of this identifier is the SR Policy Candidate path.

The validation of an SR Policy NLRI with the Segment List ID sub-TLV in the BGP tunnel encapsulation attribute follows the procedures in Section 4.2 of . The Segment List ID sub-TLV is considered malformed if its format does not match the above description. If its format is considered malformed, the associated BGP SR Policy NLRI is considered malformed and the "treat-as-withdraw" strategy of MUST be applied.

Security Considerations The protocol extensions defined in this document do not affect the base BGP security model. The security requirements and mechanisms described in also apply to this document. SR operates within a trusted SR domain and its security considerations also apply to BGP sessions when carrying SR Policy information. The Segment List ID sub-TLV is an optional sub-TLV that specifies an identifier associated with a segment list. The scope of this identifier is the SR Policy Candidate Path. The Segment List ID uniquely identifies a segment list within an SR Policy Candidate Path. The Segment List ID is assigned by a controller, distributed via BGP, and used as an identifier for the segment list. Since this identifier may expose mission-critical or commercially sensitive network information, it introduces a confidentiality risk. Network operators MUST ensure that only trusted nodes (including both routers and controller applications) within the SR domain are permitted to receive this information.

Implementation Status [Note to the RFC Editor - remove this section before publication, as well as remove the reference to .] This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in . The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

New H3C Technologies

• Organization: New H3C Technologies.
• Implementation: H3C CR16000, CR19000 series routers implementation.
• Description: All sections including all the "MUST" and "SHOULD" clauses have been implemented in above-mentioned New H3C Products(running Version 7.1.099 and above).
• Maturity Level: Product
• Coverage: All sections.
• Version: Draft-03
• Licensing: N/A
• Implementation experience: Nothing specific.
• Contact: linchangwang.04414@h3c.com
• Last updated: February 10, 2025

ZTE Corp

• Organization: ZTE Corporation
• Implementation: ZTE's ZXR10 core router
• Description: The implementation in lab has been completed. The commercial implementation is under development.
• Maturity Level: Product
• Coverage: All
• Version: Draft-03
• Licensing: N/A
• Implementation experience: Nothing specific.
• Contact: feng.jun99@zte.com.cn
• Last updated: February 6, 2025

IANA Considerations This document defines a new Sub-TLV in the registry "SR Policy Segment List Sub-TLVs" :

Acknowledgments The authors would like to thank Susan Hares, Hao Li, Haiyang Zhang, Yisong Liu, Ran Chen, Libin Liu, Lancheng Qin and Xinxin Yi for their review and discussion of this document.

References Normative References Informative References

Cross WG Information This section describes cross-working group information for the IETF review process. This section will be removed by the RFC Editor before publication. The RFC Editor will also remove the references to and .

Spring WG RFC9526 does not define any identifier for a Segment List. The Segment List ID was introduced in all these protocols as a result of protocol encoding and other operational requirements. Consider a scenario where a network controller distributes SR policies to the headend nodes, which need to collect traffic forwarding statistics per segment list. When a headend node reports each statistic to the controller, it needs to specify the segment list to which the statistic belongs. Due to the lack of an identifier, the headend node usually reports all SIDs in the associated segment list along with the statistic, and then the controller needs to compare the SIDs one by one to recognize which segment list it is. The advertisement of all SIDs in the segment list consumes a lot of octets, and the comparison of SIDs can be complicated. Consider a second example where a network controller distributes SR policies using BGP, and then uses NETCONF to set some configurations of the segment lists that are not suitable to be carried in BGP. The controller needs to specify which segment list these configurations belong to when it issues them. In this case, a simple identifier of the segment list can also be helpful. An identifier of a segment list may also serve as a user-friendly attribute for debugging and troubleshooting purposes, such as displaying an invalid segment list when its associated BFD session is down. Section 5.7.4 of defines an SR Segment List Identifier sub-TLV for reporting the identifier associated with a specific SID list. Section 4.2 of defines a Path ID for SR Segment Lists. Note that the names are different due to the objects/TLVs in respective protocols but the semantics are identical. This document defines extensions to BGP SR Policy to specify the identifier of an SR Segment List.

PCE WG The BGP extension in this document for the identifier of segment list also could be implemented via PCEP according to Section 4.2 of . The Path ID uniquely identifies a Path within the context of an LSP. Path IDs MUST be unique across all these path types within the same LSP. In this document, Path IDs correspond to the identifier of a segment list under CP. Sections 4.3 and 4.4 of describe the usage of Path IDs in load-balancing and multiple paths for protection scenarios, respectively. Additionally, Appendix A of specifies how Path IDs are encapsulated within the PCEP protocol.

SRv6OPS This document is unrelated to SRv6OPS and only relates to BGP-TE extensions. defines an optional sub-TLV (called SR Segment List Identifier sub-TLV) used to report an identifier associated with the specific SID list via BGP-LS. This sub-TLV is carried in the optional non-transitive BGP-LS Attribute defined in and are associated with the SR Policy Candidate Path NLRI type.