BGP Flowspec for IETF Network Slice Traffic Steering

BGP Flow Specification (Flowspec) and BGP Flow Specification Version 2 provide the BGP based mechanism to distribute traffic flow specifications and the forwarding actions to be performed to the matched traffic flows. A set of Flowspec components are defined to specify the matching criteria that is applied to the packet, and a set of Traffic Filtering Action are defined to encode the actions a routing system can take on a packet which matches the flow specification. As described in , An IETF Network Slice enables connectivity between a set of Service Demarcation Points (SDPs) with specific Service Level Objectives (SLOs) and Service Level Expectations (SLEs) over a common underlay network. To meet the connectivity and performance requirement of specific network slice services, the network slice services need to be mapped to an Network Resource Partition (NRP). Each NRP is a collection of resources (bufferage, queuing, scheduling, etc.) in the underlay network. The edge nodes of the NRP needs to identify the traffic flows which belong a network slice and steer the matched traffic to the corresponding NRP or a specific path within the corresponding NRP. BGP Flowspec can be used to distribute the matching criteria and the forwarding actions to be preformed on specific network slice services. The existing flowspec filter components defined in BGP Flowpsec can be used for the matching of specific network slice services flows. This document defines the extensions to BGP Flowspec actions for IETF network slice traffic steering (NS-TS).

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

A set of traffic matching rules can be used as the criteria to match the traffic flows of a IETF network slice. The BGP Flowspec components as defined in can be used to specify the matching rules for network slice service packets. New Flowspec components may be defined for the matching of specific types of network slice services, which are for further study.

For packets which match the flow specification of a network slice, specific forwarding actions need to be applied to the packet. As the network slice is mapped to an NRP in the underlay network, the packet will be forwarded in the corresponding NRP using either a shortest path or a traffic engineering (TE) path. This section describes several actions to be performed on packets which match the flow specification of a network slice.

Packets of a network slice can be steered into an NRP and forwarded to the NRP egress node following the shortest path with the NRP. In this case, the identifier of the NRP needs to be carried in the packet so that the packet forwarding will be performed using the set of resources allocated to the NRP. Depends on the type of the data plane NRP specific identifier, there are two options of this traffic steering.

When resource-aware SR segments are used to represent the network resources allocated to an NRP, packets of a network slice could be steered into an NRP BE path by encapsulating the packets with an resource-aware segment of the egress node in the NRP. For SRv6 data plane, this could be achieved using the redirect-to-ip action defined in . The mechanism for SR-MPLS data plane will be specified in a future version.

When a data plane NRP ID is used to identify the set of network resources allocated to an NRP, packets of a network slice could be steered into an NRP BE path by encapsulating the packets with an NRP ID together with the address of the egress node in the NRP. A new BGP extended community is defined for the "Encapsulate-NRP-ID" action.

where: Type: 0x80. It belongs to the Generic Transitive Extended Community Type as defined in . Sub-type: 1 octet to be assigned by IANA. Flags: 2-octet flag field. All the flags are unused. NRP ID: 4-octet domain significant identifier of an NRP. If a packet matches the flow specification of an IETF network slice, and the traffic actions associated with the flow specification is the Encapsulate-NRP-ID action, then the packet is encapsulated with an NRP ID in the packet header. The Encapsulate-NRP-ID action MAY be used together with the "Rediect-to-IP" action as defined in , in that case the destination address of the outer IP header is set to to the IP address in the redirect to IP next-hop action. The IPv6 encapsulation of NRP ID is specified in . The encapsulation of NRP-ID in other data plane is for further study and out of the scope of this document.

Packets of a network slice can be steered into a TE path within the corresponding NRP. In an SR network, the network slice traffic can be steered into an SR Policy which is associated with the corresponding NRP. In SR networks where the NRP is instantiated using NRP specific resource-aware segments , the segment list of the SR policy are built with resource-aware SR segments which represents the subset of network resources allocated to the NRP on different network segments. In SR networks where the data plane NRP-ID is used to identify the set of network resources allocated to the NRP, the mechanism as defined in provides the BGP SR Policy extensions to associate an SR Policy candidate path with an NRP-ID. In both the above two cases, the mechanism defined in could be used to steer traffic to an SR Policy which is associated with an NRP.

The security considerations of BGP and BGP Flowspec apply to this document.

IANA is requested to assign a new sub-type from "Generic Transitive Extended Community Sub-Types" registry.

The authors would like to thank Haibo Wang and Shunwan Zhuang for the review and discussion of this document.