Internet-Draft SR based SFC Control Plane March 2024
Yin, et al. Expires 2 September 2024 [Page]
Workgroup:
SPRING Working Group
Internet-Draft:
draft-li-spring-sr-sfc-control-plane-framework-10
Published:
Intended Status:
Informational
Expires:
Authors:
Y. Yin
China Telecom
C. Li
Huawei Technologies
A. Sawaf
Saudi Telecom Company
H. Huang
Huawei Technologies
Z. Li
Huawei Technologies

A Framework for Constructing Service Function Chaining Systems Based on Segment Routing

Abstract

Segment Routing (SR) introduces a versatile methodology for defining end-to-end network paths by encoding sequences of topological sub-paths, known as "segments". This architecture can be deployed over both MPLS and IPv6 data planes, offering a flexible routing solution.

Service Function Chaining (SFC) supports the establishment of composite services through an ordered sequence of Service Functions (SFs) that are applied to packets or frames based on initial classification. SFC's implementation can utilize various underlying technologies, including the Network Service Header (NSH) and SR, to facilitate the creation and management of service chains.

This document presents a comprehensive control framework for developing SFC architectures using Segment Routing. It explores control plane solutions for the distribution of service function instance routes and service function paths, as well as techniques for directing packets into specific service function chains. The discussion encompasses both theoretical foundations and practical considerations for integrating SR into SFC deployments.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 September 2024.

Table of Contents

1. Introduction

Segment Routing (SR), as defined in [RFC8402], introduces a source routing paradigm that assigns a specific forwarding path for packets at the ingress node via an ordered list of directives, known as segments. SR's implementation varies with the underlying data plane: SR-MPLS [RFC8660] for MPLS and SRv6 [RFC8754] for IPv6.

Service Function Chaining (SFC), outlined in [RFC7665], facilitates the assembly of composite services through a sequenced application of Service Functions (SF) on packets or frames, triggered by classification processes.

Network Service Header (NSH) [RFC8300] provides a basis for SFC, enabling a "stateful SFC" by necessitating nodes along the Service Function Path (SFP) to maintain specific SFC states, such as mappings between the Service Path Identifier (SPI) and Service Index (SI) for subsequent forwarding actions. [RFC9015] introduces the use of BGP as a control plane mechanism for SFC architectures utilizing NSH and MPLS. It proposes a new BGP address family, the SFC AFI/SAFI, comprising two route types: Service Function Instance Route (SFIR) and Service Function Path Route (SFPR), facilitating the construction of NSH or MPLS-based SFCs with SFIR and SFPR data.

Alternatively, SFC can leverage SR for instantiation, where the SR source node explicitly embeds the forwarding path into packets. In SR-based SFC, an SFC is denoted by a SID list from the source SR node, potentially linked with service details (e.g., Deep Packet Inspection, DPI), obviating the need for maintaining per-SFC state along the SFP, hence termed "stateless SFC."

To deploy SR-based SFC, this document explores several mechanisms, including the distribution of SFIR and SFPR, as well as packet steering into an SFP. The review aims to establish a comprehensive framework for constructing an SFC system utilizing Segment Routing.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

1.2. Terminology

MPLS: Multiprotocol Label Switching.

SID: Segment Identifier.

SR: Segment Routing.

SR-MPLS: Segment Routing with MPLS data plane.

SRH: Segment Routing Header.

SFIR: Service Function Instance Route

SFPR: Service Function Path Route

Further, this document makes use of the terms defined in [RFC7665] and [I-D.ietf-spring-sr-service-programming].

2. Overview of SR Based SFC Control Plane

As per [RFC7665], the architecture of SFC consists of classifiers, Service Function Forwarders (SFFs), Service Functions (SFs) and SFC Proxies. This is illustrated in Figure 1.

                                      +-----+         +-----+   +-----+
                                      |     |         | SFC |   |     |
                                      | SF1 |         |Proxy|---| SF2 |
                                      +-----+         +-----+   +-----+
                                         |               |
    +--------------+                     |               |
    |   Service    |       SFC        +------+        +------+
    |Classification|  Encapsulation   | SFF1 |        | SFF2 |
--->|   Function   |+---------------->|      |--------|      |------->
    |              |                  |      |        |      |
    +--------------+                  +------+        +------+

         SFC-enabled Domain


                      Figure 1. SFC Architecture

In order to construct an SFC, SFIR and SFPR should be distributed to classifiers and SFFs. Also, the rules of steering packets into specific SFPs should be configured at the classifier. [RFC9015].

In SR, a source node can explicitly indicate the forwarding path for packets by inserting an ordered list of instructions. These packet steering policies, known as SR policy, can be installed by a central controller via BGP [I-D.ietf-idr-sr-policy-safi] or other mechanisms.

When SFC is constructed based on SR, SFPR and packet steering rules can be installed by SR policy at the ingress node, which plays the role of classifier in the SFC architecture. In other words, SFPR does not need to be distributed to all the nodes along the SFP. The architecture of SR based SFC is illustrated in Figure 2.

        +-----+                       +-----+         +-----+   +-----+
        |     |                       |     |         | SR  |   |     |
        |SR-C |                       | SF1 |         |Proxy|---| SF2 |
        +-----+                       +-----+         +-----+   +-----+
           |                             |               |
           |                             |               |
    +--------------+                  +------+        +------+
    |              |   SFC Encap/SR   | SFF1/|        | SFF2/|
--->|CF/SR ingress |+---------------->|  SR  |--------|  SR  |------->
    |              |                  |      |        |      |
    +--------------+                  +------+        +------+

         SFC-enabled Domain

                    Figure 2. SR based SFC architecture.

There are two solutions to encode SFC in the SR data plane. [I-D.ietf-spring-sr-service-programming] defines data plane functionality required to implement service segments and achieve service programming in SR-enabled MPLS and IP networks. It can be termed "Stateless SFC" since no per-SFC state is maintained on the SR nodes along the SFP.

The second solution can be termed "Stateful SFC" [RFC9491], since it still maintains per-SFC state on nodes. [RFC9491]describes two modes of operation:

In order to support these data plane encodings, control plane mechanisms are required. The existing control plane mechanisms are shown in Table 1.

Table 1: SR based SFC Control Plane Solutions
SR based SFC SFIR SFPR Steering policy
Stateless BGP
BGP-LS
IGP
BGP
PCEP
BGP
PCEP
NSH-based SFC with SR-based transport tunnel BGP BGP
PCEP
BGP
SR-based SFC with Integrated NSH Service Plane BGP
BGP-LS
IGP
BGP
PCEP
BGP
PCEP

3. Stateless SR Based SFC

As describe in [I-D.ietf-spring-sr-service-programming], service instances are associated with a segment, called a service SID. These service SIDs are leveraged as part of a SID-list to steer packets through the corresponding services

3.1. Service Function Instance Route Distribution

To associate a segment with a service, service information, such as Service Function Type (SFT), should be included in segment distribution. [I-D.dawra-idr-bgp-ls-sr-service-segments] specifies the extensions to BGP-LS for discovery and advertisement of service segments to enable setup of service programming paths using Segment Routing. [I-D.dawra-idr-bgp-ls-sr-service-segments] extends SRv6 Node SID TLV [RFC9514] and SR-MPLS SID/ Label TLV [RFC9085] to associate the Service SID Value with Service-related Information using Service Chaining Sub-TLV. The Service Chaining Sub-TLV contains information of Service SID value, Function Identifier (Static Proxy, Dynamic Proxy, Shared Memory Proxy, Masquerading Proxy, SR Aware Service Etc.), Service Type (DPI, Firewall, Classifier, LB etc.), Traffic Type (IPv4 OR IPv6 OR Ethernet) and Opaque Data (such as brand and version, other extra information). This extension works for both SR- MPLS and SRv6.

[RFC9015] proposes a BGP-based SFC control plane solution, and it works for SR-MPLS as well. Service function instance route distribution can use SFIR in SFC AFI/SAFI. SFPR and steering rules for the classifier can be distributed by SR policy, which is defined in [I-D.ietf-idr-sr-policy-safi]. BGP control plane of SRv6-based SFC still needs to be defined.

IGP extensions are proposed by [I-D.xu-lsr-isis-service-function-adv] and [I-D.xu-lsr-ospf-service-function-adv]. In IS-IS solution, SFFs within the SFC domain need to advertise each SF they are offering by using a new sub-TLV of the IS-IS Router CAPABILITY TLV [RFC7981]. This new sub-TLV is called Service Function sub-TLV, and it can appear multiple times within a given IS-IS Router CAPABILITY TLV or when more than one SF needs to be advertised. OSPF extensions are similar, and use the OSPF Router Information (RI) Opaque LSA [RFC7770] to carry Service Function sub-TLV.

However, due to IGP flooding issues, IGP extensions are not very appropriate, and the drafts have expired for a long time.

3.2. Service Function Path Route Distribution

With SR, the SFPR does not need to be distributed to nodes along the SFP but only to the ingress node. SFPR and steering rules for the classifier can be distributed by SR policy. The BGP extension is defined in [I-D.ietf-idr-sr-policy-safi]. The PCEP extension is defined in [I-D.ietf-pce-segment-routing-policy-cp].

3.3. Steer Packets into SFC

In SR, packet steering rules are learned through SR policy. Thus, there is no need to install other rules in the classifier, which is the SR source node.

4. Stateful SR Based SFC

"Stateful SFC" [RFC9491] proposes two modes of SR based SFC:

4.1. Service Function Route Distribution

For NSH-based SFC with SR-based transport tunnel, service information is maintained by NSH while SR is only used for transport between SFFs, so [RFC9015] can be used for this mode.

To indicate NSH, an SFF label [RFC8596] should be inserted as the last label in the label stack in SR-MPLS. The control plane of SFF is also described in [RFC9015]. For choosing/configuring SR as the transport tunnel, BGP route of SFF's BGP Tunnel Encapsulation Attribute Type should be "SR TE Policy Type" [I-D.ietf-idr-sr-policy-safi]. For SR-based SFC with Integrated NSH Service Plane, there is no control plane solution as yet defined.

4.2. Service Function Path Route Distribution

Same as SFIR distribution, SFPR BGP distribution in NSH-based SFC with SR-based transport tunnel is identical to the mechanism defined in [RFC9015]. PCEP extension for SFPR distribution can reuse the NSH based SFC extension defined in [I-D.wu-pce-traffic-steering-sfc]. For SR-based SFC with Integrated NSH Service Plane, control plane solution is to be added in other documents.

4.3. Steer Packets into SFC

For NSH-based SFC with SR-based transport tunnel, it is the same with the NSH based SFC. The Classifier is responsible for determining to which packet flow a packet belongs (usually by inspecting the packet header), imposing an NSH, and initializing the NSH with the SPI of the selected SFP and the SI of its first hop [RFC9015]. For SR-based SFC with Integrated NSH Service Plane, control plane solution is to be added in other document.

5. IANA Considerations

This document does not require any IANA actions.

6. Security Considerations

This document does not introduce additional security requirements and mechanisms.

Acknowledgements

Many thanks for Ruizhao Hu's valuable comments and help.

References

Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.

Informative References

[I-D.dawra-idr-bgp-ls-sr-service-segments]
Dawra, G., Filsfils, C., Talaulikar, K., Clad, F., Bernier, D., Uttaro, J., Decraene, B., Elmalky, H., Xu, X., Guichard, J., and C. Li, "BGP-LS Advertisement of Segment Routing Service Segments", Work in Progress, Internet-Draft, draft-dawra-idr-bgp-ls-sr-service-segments-06, , <https://datatracker.ietf.org/doc/html/draft-dawra-idr-bgp-ls-sr-service-segments-06>.
[I-D.ietf-idr-sr-policy-safi]
Previdi, S., Filsfils, C., Talaulikar, K., Mattes, P., and D. Jain, "Advertising Segment Routing Policies in BGP", Work in Progress, Internet-Draft, draft-ietf-idr-sr-policy-safi-00, , <https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr-policy-safi-00>.
[I-D.ietf-pce-segment-routing-policy-cp]
Koldychev, M., Sivabalan, S., Barth, C., Peng, S., and H. Bidgoli, "PCEP Extensions for SR Policy Candidate Paths", Work in Progress, Internet-Draft, draft-ietf-pce-segment-routing-policy-cp-14, , <https://datatracker.ietf.org/doc/html/draft-ietf-pce-segment-routing-policy-cp-14>.
[I-D.ietf-spring-sr-service-programming]
Clad, F., Xu, X., Filsfils, C., Bernier, D., Li, C., Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and S. Salsano, "Service Programming with Segment Routing", Work in Progress, Internet-Draft, draft-ietf-spring-sr-service-programming-09, , <https://datatracker.ietf.org/doc/html/draft-ietf-spring-sr-service-programming-09>.
[I-D.wu-pce-traffic-steering-sfc]
Wu, Q., Dhody, D., Boucadair, M., Jacquenet, C., and J. Tantsura, "PCEP Extensions for Service Function Chaining (SFC)", Work in Progress, Internet-Draft, draft-wu-pce-traffic-steering-sfc-12, , <https://datatracker.ietf.org/doc/html/draft-wu-pce-traffic-steering-sfc-12>.
[I-D.xu-lsr-isis-service-function-adv]
Xu, X., Huang, H., Shah, H. C., and L. M. Contreras, "Advertising Service Functions Using IS-IS", Work in Progress, Internet-Draft, draft-xu-lsr-isis-service-function-adv-00, , <https://datatracker.ietf.org/doc/html/draft-xu-lsr-isis-service-function-adv-00>.
[I-D.xu-lsr-ospf-service-function-adv]
Xu, X., Huang, H., Shah, H. C., and L. M. Contreras, "Advertising Service Functions Using OSPF", Work in Progress, Internet-Draft, draft-xu-lsr-ospf-service-function-adv-00, , <https://datatracker.ietf.org/doc/html/draft-xu-lsr-ospf-service-function-adv-00>.
[RFC7665]
Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, , <https://www.rfc-editor.org/rfc/rfc7665>.
[RFC7770]
Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and S. Shaffer, "Extensions to OSPF for Advertising Optional Router Capabilities", RFC 7770, DOI 10.17487/RFC7770, , <https://www.rfc-editor.org/rfc/rfc7770>.
[RFC7981]
Ginsberg, L., Previdi, S., and M. Chen, "IS-IS Extensions for Advertising Router Information", RFC 7981, DOI 10.17487/RFC7981, , <https://www.rfc-editor.org/rfc/rfc7981>.
[RFC8300]
Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., "Network Service Header (NSH)", RFC 8300, DOI 10.17487/RFC8300, , <https://www.rfc-editor.org/rfc/rfc8300>.
[RFC8402]
Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, , <https://www.rfc-editor.org/rfc/rfc8402>.
[RFC8596]
Malis, A., Bryant, S., Halpern, J., and W. Henderickx, "MPLS Transport Encapsulation for the Service Function Chaining (SFC) Network Service Header (NSH)", RFC 8596, DOI 10.17487/RFC8596, , <https://www.rfc-editor.org/rfc/rfc8596>.
[RFC8660]
Bashandy, A., Ed., Filsfils, C., Ed., Previdi, S., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing with the MPLS Data Plane", RFC 8660, DOI 10.17487/RFC8660, , <https://www.rfc-editor.org/rfc/rfc8660>.
[RFC8754]
Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, , <https://www.rfc-editor.org/rfc/rfc8754>.
[RFC9015]
Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L. Jalil, "BGP Control Plane for the Network Service Header in Service Function Chaining", RFC 9015, DOI 10.17487/RFC9015, , <https://www.rfc-editor.org/rfc/rfc9015>.
[RFC9085]
Previdi, S., Talaulikar, K., Ed., Filsfils, C., Gredler, H., and M. Chen, "Border Gateway Protocol - Link State (BGP-LS) Extensions for Segment Routing", RFC 9085, DOI 10.17487/RFC9085, , <https://www.rfc-editor.org/rfc/rfc9085>.
[RFC9491]
Guichard, J., Ed. and J. Tantsura, Ed., "Integration of the Network Service Header (NSH) and Segment Routing for Service Function Chaining (SFC)", RFC 9491, DOI 10.17487/RFC9491, , <https://www.rfc-editor.org/rfc/rfc9491>.
[RFC9514]
Dawra, G., Filsfils, C., Talaulikar, K., Ed., Chen, M., Bernier, D., and B. Decraene, "Border Gateway Protocol - Link State (BGP-LS) Extensions for Segment Routing over IPv6 (SRv6)", RFC 9514, DOI 10.17487/RFC9514, , <https://www.rfc-editor.org/rfc/rfc9514>.

Authors' Addresses

Yuanyang Yin
China Telecom
Guangzhou
China
Cheng Li
Huawei Technologies
Ahmed El Sawaf
Saudi Telecom Company
Riyadh
Saudi Arabia
Hongyi Huang
Huawei Technologies
Huawei Campus, No. 156 Beiqing Rd.
Beijing
100095
China
Zhenbin Li
Huawei Technologies
Huawei Campus, No. 156 Beiqing Rd.
Beijing
100095
China