<?xml version="1.0" encoding="US-ASCII"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.6 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<?rfc comments="yes"?>
<rfc category="std" docName="draft-ietf-idr-sr-policy-nrp-12"
     ipr="trust200902">
  <front>
    <title abbrev="BGP SR Policy for NRP">BGP SR Policy Extensions for Network
    Resource Partition</title>

    <author fullname="Jie Dong" initials="J." surname="Dong">
      <organization>Huawei Technologies</organization>

      <address>
        <email>jie.dong@huawei.com</email>
      </address>
    </author>

    <author fullname="Zhibo Hu" initials="Z." surname="Hu">
      <organization>Huawei Technologies</organization>

      <address>
        <email>huzhibo@huawei.com</email>
      </address>
    </author>

    <author fullname="Ran Pang" initials="R." surname="Pang">
      <organization>China Unicom</organization>

      <address>
        <email>pangran@chinaunicom.cn</email>
      </address>
    </author>

    <date day="6" month="July" year="2026"/>

    <workgroup>IDR Working Group</workgroup>

    <abstract>
      <t>Segment Routing (SR) Policy is a set of candidate paths, each
      consisting of one or more segment lists and the associated information.
      The header of a packet steered in an SR Policy is augmented with an
      ordered list of segments associated with that SR Policy. A Network
      Resource Partition (NRP) is a subset of network resources allocated in
      the underlay network which can be used to support one or a group of RFC
      9543 network slice services.</t>

      <t>In networks where there are multiple NRPs, an SR Policy may be
      associated with a particular NRP. The association between SR Policy and
      NRP needs to be specified, so that for service traffic which is steered
      into the SR Policy, the header of the packets can be augmented with the
      information associated with the NRP. An SR Policy candidate path can be
      distributed using BGP SR Policy. This document defines the extensions to
      BGP SR Policy to specify the NRP which the SR Policy candidate path is
      associated with.</t>
    </abstract>
  </front>

  <middle>
    <section anchor="introduction" title="Introduction">
      <t>The concept of Segment Routing (SR) policy is defined in <xref
      target="RFC9256"/>. An SR Policy is a set of candidate paths, each
      consisting of one or more segment lists. The headend of an SR Policy may
      learn multiple candidate paths for an SR Policy. The header of a packet
      steered in an SR Policy is augmented with an ordered list of segments
      associated with that SR Policy. The BGP extensions to distribute SR
      Policy candidate paths are defined in <xref target="RFC9830"/>.</t>

      <t><xref target="RFC9543"/> discusses the general framework, components,
      and interfaces for requesting and operating network slices using IETF
      technologies. It also introduces the concept of Network Resource
      Partition (NRP), which is a subset of the resources and associated
      policies in the underlay network. The network slices defined in <xref
      target="RFC9543"/> can be realized by mapping one or more connectivity
      constructs to an NRP. <xref target="RFC9732"/> describes the framework
      and the candidate component technologies for providing NRP-based
      enhanced VPN services based on Traffic Engineering and VPN technologies.
      Enhanced VPN can be used for the realization of network slice services
      defined in <xref target="RFC9543"/>.</t>

      <t>As described in <xref target="I-D.ietf-teas-nrp-scalability"/>, one
      data plane approach to enable NRP and network slice is to carry a
      dedicated NRP selector ID <xref target="I-D.ietf-teas-ns-ip-mpls"/> in
      the data packet to identify the NRP the packet belongs to, so that the
      packet can be processed and forwarded using the subset of network
      resources allocated to the NRP.</t>

      <t>In networks where there are multiple NRPs, an SR Policy may be
      associated with a particular NRP. <xref
      target="I-D.ietf-spring-sr-policy-nrp"/> describes the association of SR
      Policy candidate path with NRP under the SR Policy architecture. This
      document defines the extensions to BGP to specify the control plane NRP
      ID <xref target="I-D.ietf-teas-ns-ip-mpls"/> that is associated with an
      SR Policy candidate path. The control plane NRP ID is linked to the NRP
      identifier used in data plane (denoted as NRP Selector ID).</t>

      <section title="Requirements Language">
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
        "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
        "OPTIONAL" in this document are to be interpreted as described in BCP
        14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
        when, they appear in all capitals, as shown here.</t>
      </section>

      <section title="Terminology">
        <t>The following terminology is used in this document:</t>

        <t>Network Resource Partition (NRP): refer to the definition in <xref
        target="RFC9543"/></t>

        <t>NRP Identifier (NRP ID): refer to the definition in <xref
        target="I-D.ietf-teas-ns-ip-mpls"/></t>

        <t>NRP Selector ID: refer to the definition in <xref
        target="I-D.ietf-teas-ns-ip-mpls"/></t>
      </section>
    </section>

    <section title="NRP Identifier of SR Policy">
      <t>In order to specify the NRP the candidate path of SR Policy is
      associated with, a new sub-TLV called "NRP ID" sub-TLV is defined in the
      BGP Tunnel Encapsulation Attribute <xref target="RFC9012"/>. The NRP ID
      sub-TLV can be carried in the BGP Tunnel Encapsulation Attribute with
      the tunnel type set to SR Policy. The use of the NRP ID sub-TLV in other
      tunnel types is outside the scope of this document.</t>

      <t>The NRP ID sub-TLV has the following format:</t>

      <t><figure>
          <artwork align="center"><![CDATA[    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |   Length      |     Flags     |   Reserved    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         NRP ID (4 octets)                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                      Figure 1. NRP ID Sub-TLV]]></artwork>
        </figure></t>

      <t>where:</t>

      <t><list style="symbols">
          <t>Type: 123 (assigned by IANA)</t>

          <t>Length: The Length field MUST be set to 6 octets</t>

          <t>Flags: 1-octet flag field. None is defined in this document. The
          flags MUST be set to zero on transmission and MUST be ignored on
          receipt.</t>

          <t>Reserved: 1 octet of reserved bits. It MUST be set to zero on
          transmission and MUST be ignored on receipt.</t>

          <t>NRP ID: A 32-bit identifier in the control plane which uniquely
          identifies an NRP in an NRP domain <xref
          target="I-D.ietf-teas-ns-ip-mpls"/>. Value 0 is reserved, which MUST
          NOT be used by the sender. On receipt of the NRP ID TLV, if the NRP
          ID is 0, the NRP ID TLV MUST be ignored.</t>
        </list></t>

      <t>The encoding structure of BGP SR Policy (the Subsequent Address
      Family Identifier (SAFI) is 73) Network Layer Reachability Information
      (NLRI) and attributes with the NRP ID sub-TLV is expressed as below:</t>

      <figure>
        <artwork><![CDATA[         SR Policy SAFI NLRI: <Distinguisher, Policy-Color, Endpoint>
         Attributes:
            Tunnel Encaps Attribute (23)
               Tunnel Type: SR Policy (15)
                   Binding SID
                   SRv6 Binding SID
                   Preference
                   Priority
                   Policy Name
                   Policy Candidate Path Name
                   Explicit NULL Label Policy (ENLP)
                   NRP ID
                   Segment List
                       Weight
                       Segment
                       Segment
                       ...
                   ...
             Figure 2. SR Policy Encoding with NRP ID sub-TLV]]></artwork>
      </figure>

      <t/>

      <t>The NRP ID sub-TLV is OPTIONAL and MUST NOT appear more than once for
      one SR Policy candidate path.</t>
    </section>

    <section title="Procedures">
      <t>When a candidate path of SR Policy is instantiated within an NRP, and
      a domain-wide data plane NRP Selector ID is used for identifying the
      resources of the NRP, the originating node of SR Policy MUST include the
      NRP ID sub-TLV in the BGP Tunnel Encapsulation Attribute of the BGP SR
      Policy. The setting of other fields and attributes in BGP SR Policy
      follows the mechanism as defined in <xref target="RFC9830"/>.</t>

      <t>On reception of an SR Policy NLRI with NRP ID sub-TLV in the BGP
      Tunnel Encapsulation Attribute , a BGP speaker determines if it is valid
      and usable according to the rules defined in Section 4.2 of <xref
      target="RFC9830"/>.</t>

      <t>The selected best routes of the SR Policy SAFI is passed on to the SR
      Policy Module (SRPM) for further processing as described in Section
      4.2.2 of <xref target="RFC9830"/>.</t>
    </section>

    <section title="Error Handling">
      <t>The error handling of the BGP Update messages for BGP SR Policy SAFI
      with the NRP extensions defined in this document follows the procedures
      in section 5 of <xref target="RFC9830"/>.</t>

      <t>The NRP ID sub-TLV is considered malformed if the length field of the
      sub-TLV is not 6 octets. If the NRP ID sub-TLV appears more than once,
      or its format is considered malformed, the NRP ID information associated
      with the BGP SR Policy NLRI is considered malformed and the
      "treat-as-withdraw" strategy of <xref target="RFC7606"/> MUST be
      applied.</t>
    </section>

    <section title="Operational Considerations">
      <t>The mechanism specified in this document adds additional information
      to the SR Policy candidate paths advertisement in BGP. As the number of
      NRP increases, the number of SR Policies and candidate paths may also
      increase, and the amount of information exchanged between the network
      controller and the headend nodes for provisioning SR Policy would
      increase proportional to the number of SR Policies and candidate paths.
      However, there is no change to the SR Policy advertisment procedure, and
      no change to BGP best-path selection. As SR Policy candidate paths
      advertised using BGP are only installed by the corresponding headend
      nodes, the increase of SR Policy and candidate path information does not
      impact the state maintained on the transit nodes.</t>

      <t>Although the updates to SR Policy architecture in <xref
      target="I-D.ietf-spring-sr-policy-nrp"/> allow different candidate paths
      in one SR Policy to be associated with different NRPs, in normal network
      scenarios it is considered that no matter which candidate path is
      active, the association between an SR Policy and NRP is consistent. In
      such case all candidate paths of one SR Policy SHOULD be associated with
      the same NRP. The cases where different candidate paths of an SR Policy
      are associated with different NRPs is valid but NOT RECOMMENDED.</t>
    </section>

    <section anchor="security-considerations" title="Security Considerations">
      <t>The security considerations of BGP data integrity and authentication
      in <xref target="RFC4271"/> apply to this document. The security
      considerations of SR Policy architecture <xref target="RFC9256"/> and
      using BGP for SR Policy information advertisement in <xref
      target="RFC9830"/> apply to this document.</t>

      <t>The security considerations of SR Policy NRP extensions <xref
      target="I-D.ietf-spring-sr-policy-nrp"/> apply to this document.
      Incorrect association of NRP ID with SR Policy can affect traffic
      isolation and resource guarantee. And the adverisement of the associated
      NRP ID of SR Policy constitutes a risk to confidentiality of
      mission-critical or commercially sensitive information. It is the
      responsibility of the network operator to ensure that only trusted nodes
      (that include both routers and controller applications) within the SR
      domain are configured to send and receive such information, and to
      ensure the correctness of NRP association.</t>
    </section>

    <section anchor="iana-considerations" title="IANA Considerations">
      <t>IANA has assigned the sub-TLV type as defined in Section 2 from "BGP
      Tunnel Encapsulation Attribute sub-TLVs" registry in the "Border Gateway
      Protocol (BGP) Tunnel Encapsulation" registry group.</t>

      <t><figure>
          <artwork align="center"><![CDATA[      Value     Description                     Reference
      ----------------------------------------------------
       123        NRP ID                       This document
]]></artwork>
        </figure></t>
    </section>

    <section anchor="acknowledgments" title="Acknowledgments">
      <t>The authors would like to thank Guoqi Xu, Lei Bao, Haibo Wang,
      Shunwan Zhuang and Susan Hares for their review and discussion of this
      document.</t>
    </section>
  </middle>

  <back>
    <references title="Normative References">
      <?rfc include='reference.RFC.2119'?>

      <?rfc include='reference.RFC.8174'?>

      <?rfc include='reference.RFC.4271'?>

      <?rfc include='reference.RFC.7606'?>

      <?rfc include='reference.RFC.9012'?>

      <?rfc include='reference.RFC.9256'?>

      <?rfc include='reference.RFC.9543'?>

      <?rfc include='reference.RFC.9830'?>

      <?rfc include='reference.I-D.ietf-teas-ns-ip-mpls'?>

      <?rfc include='reference.I-D.ietf-spring-sr-policy-nrp'?>
    </references>

    <references title="Informative References">
      <?rfc include='reference.RFC.9732'?>

      <?rfc include='reference.I-D.ietf-teas-nrp-scalability'?>
    </references>
  </back>

  <!---->
</rfc>
