BGP Flowspec for IETF Network Slice Traffic Steering

BGP Flow Specification (Flowspec) and BGP Flow Specification Version 2 provide the BGP based mechanism to distribute traffic flow specifications and the forwarding actions to be performed to the matched traffic flows. A set of Flowspec components are defined to specify the matching criteria that is applied to the packet, and a set of Traffic Filtering Action are defined to encode the actions a routing system can take on a packet which matches the flow specification. defines the term "IETF Network Slice" and discusses the general framework for requesting and operating IETF Network Slices, their characteristics, and the necessary system components and interfaces. As described in , an IETF Network Slice enables connectivity between a set of Service Demarcation Points (SDPs) with specific Service Level Objectives (SLOs) and Service Level Expectations (SLEs) over a common underlay network. To meet the connectivity and performance requirements, network slice services may need to be mapped to a Network Resource Partition (NRP). An NRP is a collection of resources (bufferage, queuing, scheduling, etc.) in the underlay network. Each NRP can be idenified using a unique NRP ID in control plane and management plane. The NRP ID may also be encapsulated in data packet to guide the NRP-specific packet forwarding. The edge nodes of an NRP needs to identify the traffic flows of specific connectivity constructs of network slices, and steer the matched packets into the corresponding NRP, so that the packet can be forwarded via either a shortest path or a Traffic Engineering (TE) path within the NRP. BGP Flowspec can be used to distribute the matching criteria and the forwarding actions to be preformed on specific network slice services. The existing Flowspec components can be reused for the matching of network slice service flows. New components and traffic actions may need to be defined for steering network slice service flows into the corresponding NRP. This document defines the extensions to BGP Flowspec for IETF Network Slice Traffic Steering (NS-TS).

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

A set of traffic matching rules can be used as the criteria to match the traffic flows of specific connectivity constructs of IETF network slice. The BGP Flowspec components as defined in can be used to specify the matching rules for network slice service packets. In some cases, such as for multi-domain network slices, data packets of a network slice are encapsulated with data plane NRP ID in a upstream network domain using the mechanisms as described in . Then the ingress edge node of the downstream network domain may perform traffic matching based on the NRP ID in the packets, so that the packets can be steered into a corresponding NRP in the local domain. A new Flow component called NRP ID component is defined for this purpose.

The format of the NRP ID component follows the Flowspec encoding as defined in , which consists of 1-octet type field, 1-octet length field, and variable value field. The type of NRP ID component is to be assigned by IANA. The format of the value field is shown as below:

Where Flags: 2-octet flag field. The first (most significant) bit is defined in this document, the rest of the flag bits SHOULD be set to zero on transmission and MUST be ignored on receipt. Global bit (g): When set, it indicates the NRP ID to be matched is a global unique NRP ID; otherwise the NRP ID is a domain significant NRP ID. The g bit is used for an NRP which span multiple network domains, and a global NRP ID has been coordinated among these domains. Reserved: 2-octet reserved bits. It SHOULD be set to zero on transmission and MUST be ignored on receipt. NRP ID: A 4-octet identifier which is used to identify an NRP.

For data packets which match the flow specification of a network slice, specific forwarding actions need to be applied. When the network slice service flows are mapped to an NRP in the underlay network, the packets of the flows need to be forwarded in the corresponding NRP using either a shortest (BE) path or a Traffic Engineering (TE) path. This section describes several actions to be performed on packets which match the flow specification of a network slice.

Packets of a network slice service flow can be steered into an NRP and forwarded to the NRP egress node following the shortest path with the NRP. In this case, the identifier of the NRP needs to be carried in the packet so that the packet forwarding will be performed using the set of resources allocated to the NRP. Depends on the type of the data plane NRP specific identifier, there are two options of this traffic steering.

When resource-aware SR segments are used to represent the network resources allocated to an NRP, packets of a network slice could be steered into an NRP BE path by encapsulating the packets with an resource-aware segment of the egress node in the NRP. For SRv6 data plane, this could be achieved using the redirect-to-ip action defined in . The mechanism for SR-MPLS data plane will be specified in a future version.

When a data plane NRP ID is used to identify the set of network resources allocated to an NRP, packets of a network slice service flow could be steered into an NRP BE path by encapsulating the NRP ID together with the IP address or the SR SID of the egress node in the NRP. For encapsulating the NRP ID to the matched packets, a new BGP extended community is defined for the "Encapsulate-NRP-ID" action. The format of this extended community is as below:

where: Type: 0x80. It belongs to the Generic Transitive Extended Community Type as defined in . Sub-type: 1 octet to be assigned by IANA. Flags: 2-octet flag field. The first bit is defined in this document. The rest of the flags are unused, which SHOULD be set to zero on transmission and MUST be ignored on receipt. Encapsulate (E) bit: When set, it indicates the NRP ID MUST be encapsulated with an outer header to the packet. Otherwise the NRP ID replaces the NRP ID in the existing header of the packet. NRP ID: A 4-octet identifier which is used to identify an NRP. If a packet matches the flow specification of an IETF network slice, and the traffic actions associated with the flow specification is the Encapsulate-NRP-ID action, then the packet is encapsulated with an NRP ID in the packet header. The Encapsulate-NRP-ID action MAY be used together with the "Rediect-to-IP" action as defined in , in that case the destination address of the outer IP header is set to the IP address in the redirect to IP next-hop action. The IPv6 encapsulation of NRP ID is specified in . The encapsulation of NRP-ID in other data plane is for further study and out of the scope of this document.

Packets of a network slice can be steered into a TE path within the corresponding NRP. In an SR network, the network slice traffic can be steered into an SR Policy which is associated with the corresponding NRP. In SR networks where the NRP is instantiated using NRP specific resource-aware segments , the segment list of the SR policy are built with resource-aware SR segments which represents the set of network resources allocated to the NRP on different network segments. In SR networks where the data plane NRP-ID is used to identify the set of network resources allocated to the NRP, the mechanism as defined in provides the BGP SR Policy extensions to associate an SR Policy candidate path with an NRP-ID. In both the above two cases, the mechanism defined in could be used to steer traffic to an SR Policy which is associated with an NRP.

The security considerations of BGP and BGP Flowspec apply to this document.

IANA is requested to assign a new type code point from "Flow Spec Component Types" registry.

IANA is requested to assign a new sub-type from "Generic Transitive Extended Community Sub-Types" registry.

The authors would like to thank Haisheng Wu, Haibo Wang and Shunwan Zhuang for the review and discussion of this document.