Carrying Network Resource (NR) related Information in IPv6 Extension Header

Virtual Private Networks (VPNs) provide different customers with logically isolated connectivity over a common network infrastructure. With the introduction of 5G and also in some existing network scenarios, some customers may require network connectivity services with advanced features comparing to conventional VPNs, such as resource isolation from other services or guaranteed performance. Such kind of network service is called enhanced VPN . The realization of enhanced VPN services require the coordination and integration between the overlay VPNs and the capability and resources of the underlay network. Enhanced VPNs can be used, for example, to deliver Network Slice Services as described in Section 7.4 of . Section 7.1 of introduces the concept of the Network Resource Partition (NRP), which is "a subset of the buffer/queuing/scheduling resources and associated policies on each of a connected set of links in the underlay network". An NRP may be associated with a logical network topology to select or specify the set of links and nodes involved. specifies the framework of NRP-based enhanced VPN and describes the candidate component technologies in different network planes and network layers. An NRP could be used as the underlay to meet the requirement of one or a group of enhanced VPN services. Traffic of different enhanced VPN services needs to be processed separately based on the network resources and the logical topology associated with the corresponding NRP. describes the scalability considerations and the possible optimizations for providing a relatively large number of NRPs. One approach to improve the data plane scalability of NRPs is to introduce a dedicated NRP Selector ID in data packets, which is used to identify the set of network resources allocated to an NRP. This way, packets mapped to an NRP can be processed and forwarded using the NRP-specific network resources, which could help to provide guaranteed performance for the packets. An NRP Selector ID can be used to identify a subset of the resources (e.g., bandwidth, buffer, and queuing resources) allocated on the set of links and nodes involved in the NRP. The logical topology associated with an NRP could be defined and identified using mechanisms such as Multi-Topology , , or Flex-Algo . This document specifies a mechanism to carry network resource related information in a new IPv6 Hop-by-Hop option (Section 4.3 of ) called "Network Resource (NR) option". In networks built with NRPs, the NR option SHOULD be parsed by every intermediate node along the forwarding path, and the obtained NRP Selector ID is used to invoke NRP-specific packet processing and forwarding using the set of NRP-specific resources. The Network Resource option defined in this document can support a large number of NRPs in IPv6 networks, while operators deploying NRPs are advised to consider the trade-offs between scalability, manageability, and flexibility discussed in . In this document the application of the NR option is to indicate the NRP-specific resource information, while the NR option is considered as a generic mechanism to convey network-wide resource ID and information with different semantics and functions to meet the possible use cases in the future. Some considerations about the generalization of the NR Option are described in Section 5.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 when, and only when, they appear in all capitals, as shown here.

A new Hop-by-Hop option (Section 4.3 of ) type "Network Resource" is defined to carry the network resource related information. Its format is shown in Figure 1.

Option Type: 8-bit identifier of the type of option. The type of NR option is TBA. The bits of the type field are defined as shown below: BB 00 The highest-order 2 bits are set to 00 to indicate that a node which does not recognize this type will skip over it and continue processing the header. C 0 The third highest-order bit is set to 0 to indicate this option does not change en route. TTTTT tba. Opt Data Len: 8-bit unsigned integer indicates the length of the option Data field of this option, in octets. Flags: 8-bit flags field. The most significant bit is defined in this document.

S (Strict Match): The S flag is used to indicate whether the NR ID MUST be strictly matched for the processing of the packet. When the S flag in the NR option of a received packet is set to 1, if the NR ID in the packet does not match with any of the network resources provisioned on the network node, the packet MUST be dropped. When the S flag in the NR option of a received packet is set to 0, if the NR ID in the packet does not match with any of the network resources provisioned on the network node, the packet MUST be forwarded using the default set of resource and behavior as if the NR option does not exist. U (Unassigned): These flags are reserved for future use. They MUST be set to 0 on transmission and MUST be ignored on receipt. The setting of the S flag depends on the operator's policy. Such policy can be NRP-specific, and may be at a fine granularity to apply to a subset of packets within an NRP. Such policy needs to be provided to the ingress nodes to apply to packets which are mapped to corresponding NRPs. For a given NRP, the suggested default policy is to make the S flag set. As an example, for OAM packets which are used to detect the availability of a forwarding path associated with NRP-specific resources, the S flag should be set to 1. This way, only when the set of network resources and policies are correctly instantiated for the NRP on all network links along a path, the OAM packets can be received by an egress endpoint and the availability check can be passed. The S flag in the NR option provides an approach for fine-granular control of the forwarding policy of packets whose NR IDs do not match with the network resources provisioned on the transit network nodes. One alternate approach is to specify the forwarding policy of packets in different NRPs via configuration, while additional configuration would be needed when non-default fine-granular policy is required for a given NRP. Context Type (CT): One-octet field used to indicate the semantics and length of the NR ID carried in the option. The context value defined in this document is as follows: CT=0: The NR ID is a 4-octet network-wide unique NRP Selector ID, which is used to identify the subset of network resources allocated to the NRP on the involved network links. Unassigned: 2-octet field reserved for future use. They MUST be set to 0 on transmission and MUST be ignored on receipt. NR ID: The identifier of a set of network resources, the semantics of the ID is determined by the Context Type. The length of the NR ID is the Opt Data Length minus 4. Note that, in the context of 5G network slicing, if a deployment found it useful, a four-octet NRP Selector ID field (CT=0) may be derived from the four-octet Single Network Slice Selection Assistance Information (S-NSSAI) defined in 3GPP .

This section describes the procedures for NR option processing when the value of the Context Type (CT) is set to 0. In this case the NRP Selector ID is carried in the NR option. The processing procedures for NR option with other CT values are out of the scope of this document, and will be specified in separate documents which introduce those CT values.

When an ingress node of an IPv6 domain receives a packet, according to the traffic classification and mapping policy, if the packet needs to be steered into an NRP, then the packet MUST be encapsulated in an outer IPv6 header with the source and destination addresses set according to the local policy. The NRP Selector ID which the packet is mapped to according to the policy MUST be carried in the NR option of the Hop-by-Hop Options header, which is associated with the outer IPv6 header. It is RECOMMENDED the NR option is carried as the first option in the Hop-by-Hop Options header.

On receipt of a packet with an NR option, each transit network nodes which can process the Hop-by-Hop Options header and the NR option at full forwarding rate MUST use the NRP Selector ID to determine the set of local network resources which are allocated to the NRP. The packet forwarding behavior is based on both the destination IP address and the NRP Selector ID. More specifically, the destination IP address SHOULD be used to determine the next-hop and the outgoing interface, and the NRP Selector ID SHOULD be used to determine the subset of network resources on the outgoing interface which are allocated to the NRP for processing and sending the packet. If the NRP Selector ID in the packet does not match with any of the NRP provisioned on the outgoing interface, the S flag in the NR option SHOULD be used to determine whether the packet should be dropped or forwarded using the default set of network resources of the outgoing interface. The Traffic Class field of the outer IPv6 header MAY be used to provide differentiated treatment for packets which belong to the same NRP. On the egress nodes of the IPv6 domain, if the destination address in the outer IPv6 header of a received packet matches with a local address, it MUST decapsulate the outer IPv6 header and the Hop-by-Hop Options header which includes the NR option. There can be different approaches of partitioning the network resources and allocating them to different NRPs in the forwarding plane. For example, on one physical interface, a subset of the forwarding plane resources (e.g., bandwidth and the associated buffer and queuing resources) can be allocated to a particular NRP and represented as a virtual sub-interface or a data channel with reserved bandwidth resource. The IPv6 destination address of the received packet is used to identify the next-hop and the outgoing Layer 3 interface, and the NRP Selector ID is used to further identify the virtual sub-interface or the data channel on the outgoing interface which is associated with the NRP. According to , network nodes which do not support the processing of Hop-by-Hop Options header would ignore the Hop-by-Hop options header and forward the packet only based on the destination IP address. Network nodes which support Hop-by-Hop Options header, but do not support the NR option would ignore the NR option and forward the packet only based on the destination IP address. The network node may process the rest of the Hop-by-Hop options in the Hop-by-Hop Options header.

The NRP Selecor ID is a network-wide unique identifier which needs to be managed by the network operator. To avoid possible conflicts in the assignment and use of NRP Selector IDs, operators are RECOMMENDED to start the allocation of NRP Selector ID from 1, and continue the allocation incrementally in the NRP Selector ID space. As described in section 4.8 of , network nodes may be configured to ignore the Hop-by-Hop Options header, drop packets containing a Hop-by-Hop Options header, or assign packets containing a Hop-by-Hop Options header to a slow processing path. In networks with such network nodes, packets mapped to an NRP may be dropped due to the existence of the Hop-by-Hop Options header. Thus operators need to make sure that all the network nodes involved in an NRP can either process the Hop-by-Hop Options header in full forwarding rate, or ignore the Hop-by-Hop Options header. Since an NRP is associated with a logical network topology, one practical approach is to ensure that all the network nodes involved in that logical topology support the processing of the Hop-by-Hop Options header and the NR option in the fast path, and constrain the packet forwarding path to the logical topology of the NRP. specifies the modified procedures for the processing of IPv6 Hop-by-Hop Options header, with the purpose of making the Hop-by-Hop Options header useful. Network nodes complying with will not drop packets with Hop-by-Hop Options header and the NR option.

This section gives some analysis about to what extent the semantics of NR Option could be generalized, and how the generalization could be achieved with the encoding specified in section 2. Based on the NRP definition in , the concept of NRP could be extended as: an underlay network construct which is associated with a set of network-wide attributes and states maintained on each participating network node. The attributes associated with an NRP may include but not limited to, forwarding plane resources, network topologies, and network functions etc. The network resource can refer to various type of forwarding plane resources, including link bandwidth, buffering and queueing resources. The network resource can refer to topologies with multipoint-to-multipoint, point-to-point, point-to-multipoint, or multipoint-to-point connectivity. The network resources may include both packet forwarding actions and other types network functions which can be executed on data packets. Thus the semantics of network resource can be quite generic. Although generalization is something good to have, it would be important to understand and identify the boundary of generalization. In this document, it is anticipated that for one network attribute to be considered as network resource, it needs to be network-wide attribute rather than a single node-specific attribute. Thus whether a network-wide view can be provided or not could be considered as one prerequisite of making one attribute part of the NR option. The format of the NR option contains the Flags field, the Context Type field, and the Unassigned field, which provide the capability for future extensions. That said, since the NR option needs to be processed by network nodes with full forwarding rate, the capability of network devices need to be considered when new semantics and encoding are introduced.

This document requests IANA to assign a new option type from "Destination Options and Hop-by-Hop Options" registry .

This document requests IANA to create a new registry for the "NR Option Context Type" under the "Internet Protocol Version 6 (IPv6) Parameters" registry. The allocation policy of this registry is "Standards Action". The initial code points are assigned by this document as follows:

This document requests IANA to create a new registry for the "NR Option Flags" under the "Internet Protocol Version 6 (IPv6) Parameters" registry. The allocation policy of this registry is "Standards Action". The initial code points are assigned by this document as follows:

The security considerations with IPv6 Hop-by-Hop Options header are described in , , and . This document introduces a new IPv6 Hop-by-Hop option which is either processed in the fast path or ignored by network nodes, thus it does not introduce additional security issues.

The authors would like to thank Juhua Xu, James Guichard, Joel Halpern, Tom Petch, Aijun Wang, Zhenqiang Li, Tom Herbert, Adrian Farrel, Eric Vyncke, Erik Kline, Mohamed Boucadair, Ketan Talaulikar and Vishnu Pavan Beeram for their review and valuable comments.