SRv6 Operations E. Kline Internet-Draft Aalyria Technologies, Inc. Intended status: Informational N. Buraglio Expires: 9 May 2025 Energy Sciences Network 5 November 2024 SID Space (5f00::/16) Inter-domain Addressing Recommendations draft-eknb-srv6ops-interdomain-sidspace-00 Abstract This specification recommends a specific structured use of the SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core of the proposal is to structure the address space by Autonomous System Number (ASN). Use of this proposed structure is entirely voluntary. Voluntary use of this structure aids SRv6 operations while preserving the ability to use this prefix across cooperating SRv6 domains, but not across the general Internet. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://ipvsix.github.io/draft-sidspace-experiment/draft-ek-srv6ops- sidspace-experiment.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-eknb-srv6ops- interdomain-sidspace/. Discussion of this document takes place on the SRv6 Operations Working Group mailing list (mailto:srv6ops@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/srv6ops/. Subscribe at https://www.ietf.org/mailman/listinfo/srv6ops/. Source for this draft and an issue tracker can be found at https://github.com/ipvsix/draft-sidspace-experiment. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Kline & Buraglio Expires 9 May 2025 [Page 1] Internet-Draft SID Space Inter-domain Addressing. November 2024 Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 9 May 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Inter-domain SRv6 SIDs . . . . . . . . . . . . . . . . . . . 3 3. Proposed Structure . . . . . . . . . . . . . . . . . . . . . 3 3.1. Generation of ASN derived SRv6 prefix SID . . . . . . . . 4 3.1.1. SRv6 SID Documentation Prefixes . . . . . . . . . . . 4 3.1.2. SRv6 SID Private Use Prefixes . . . . . . . . . . . . 4 4. Routing and Filtering . . . . . . . . . . . . . . . . . . . . 5 5. Example test case . . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 8.2. Informative References . . . . . . . . . . . . . . . . . 7 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Kline & Buraglio Expires 9 May 2025 [Page 2] Internet-Draft SID Space Inter-domain Addressing. November 2024 1. Introduction [RFC9602] requested of IANA a dedicated prefix for Segment Routing over IPv6 [RFC8402] Segment Identifiers (SRv6 SIDs), with the aim of "improv[ing] security by making it simpler to filter traffic at the edge of the SR domains." The prefix 5f00::/16 was allocated for this purpose [IANA-IPv6Special]. No requirements were placed on the use of this prefix nor any recommendations made for structured use of this prefix. This specification recommends a specific structured use of the SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core of the proposal is to structure the address space by Autonomous System Number (ASN). Use of this proposed structure is entirely voluntary. Voluntary use of this structure aids SRv6 operations while preserving the ability to use this prefix across cooperating SRv6 domains, but not across the general Internet. The SID space prefix was allocated to improve ease of filtering. Where SRv6 traffic using these prefixes may be shared with cooperating partner networks, this proposal makes it easier to craft filters that permit only SRv6 traffic from identified ASNs. As a point of historical interest, this proposal contains echos of the structure of the original 6bone test allocation [RFC1897]. 2. Inter-domain SRv6 SIDs An inter-domain SRv6 SID, as used in this document, means an SRv6 SID from the address space used by one SRv6 domain that is advertised to another SRv6 domain force inclusion an SRv6 Policy used by the second domain when forwarding policy-specific traffic to the advertising SRv6 domain. 3. Proposed Structure The recommendation of this specification is for SRv6 domains to allocate SIDs from prefixes that are concatenations of the SRv6 SID prefix (5f00::/16) and an applicable ASN. Assuming 32-bit ASNs, this yields a /48 per ASN in use within an SRv6 domain, i.e. 5f00:as- hi16:as-lo16::/48. Kline & Buraglio Expires 9 May 2025 [Page 3] Internet-Draft SID Space Inter-domain Addressing. November 2024 3.1. Generation of ASN derived SRv6 prefix SID Each unique ASN generates a prefix from the IANA allocation by converting mutually agreed upon ASNs to hexidecimal, and inserting this hex into a /48 prefix. 3.1.1. SRv6 SID Documentation Prefixes Using 16-bit and 32-bit ASNs reserved for documentation purposes [IANA-ASNs] yields several SRv6 SID prefixes that might be used for SRv6 documentation purposes. These prefixes presently include ASNs in the range of 64496-64511 as defined in [RFC5398]: 5f00:0:fbf0::/48 ... 5f00:0:fbff::/48 or any /48 prefix between these. It should be noted that 32-but ASNs do not have a specific range dedicated for documentation but do have a private use block as defined in [RFC6996]. 3.1.2. SRv6 SID Private Use Prefixes Using 16-bit and 32-bit ASNs reserved for private use purposes [IANA-ASNs] and defined by yields several SRv6 SID prefixes for private use. These prefixes are defined by RFC 6996 and presently include: +==========+=======================+ | ASN size | Private Use Range | +==========+=======================+ | 16-bit | 64512-65534 | +----------+-----------------------+ | 32-bit | 4200000000-4294967294 | +----------+-----------------------+ Table 1 yielding: 5f00:0:fc00::/48 ... 5f00:0:fffe::/48 and Kline & Buraglio Expires 9 May 2025 [Page 4] Internet-Draft SID Space Inter-domain Addressing. November 2024 5f00:fa56:ea00::/48 ... 5f00:ffff:fffe::/48 or any /48 prefix between these, as private use ASN-derived SID prefixes. 4. Routing and Filtering As noted in [draft-bdmgct-spring-srv6-security], it is assumed that each ASN using this SRv6 SID space structure has deployed their respective SRv6 implementations within a limited domain [RFC8799] with appropriate filtering at the domain boundaries. Because this is intended for inter-domain use, the requisite filtering exceptions must be made between each SRv6 domain to allow for the desired Inter- Domain communication to occur. Care should be taken to allow only the desired and necessary communication between each SRv6 domain. The mechanisms used should be conformant with the given domain's security policy and may include, but are not limited to: * routing filters such as BGP prefix-lists, route-maps, route- policies, or other analogous mechanisms, or * access control filters at the domain edge 5. Example test case One possible test case is the exchange of the IPv6 prefix SID between two autonomous systems with independent management domains. In this example, AS4294967294 exchanges their SRv6 SID prefix (5f00:ffff:fffe::/48) with AS4200000000 who announces their ASN derived SRv6 SID prefix (5f00:fa56:ea00::/48). Kline & Buraglio Expires 9 May 2025 [Page 5] Internet-Draft SID Space Inter-domain Addressing. November 2024 ┌─────────────────────────────────┐ ┌──────────────────────────────────┐ │ │ │ │ │ │ │ │ │ eBGP speaker │ │ eBGP speaker │ │ 5f00:ffff:fffe::/48 │ │ 5f00:fa56:ea00::/48 │ │ ┌─────┐ ┌────┐ │ │ ┌────┐ ┌─────┐ │ │ │ ├──────┐ │ ├──┼───────────┼──┤ │ ┌───────┤ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └─────┘ ┌──┴──┐ └─┬──┘ │ │ └──┬─┘ ┌──┴──┐ └─────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ ├───────┘ │ │ └───────┤ │ │ │ └─────┘ │ │ └─────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ AS4294967294 │ │ AS4200000000│ └─────────────────────────────────┘ └──────────────────────────────────┘ Within this structure, appropriate and agreed upon policy may be shared between the partner ASNs. Defining the policy or use cases is outside of the scope of this document. 6. Security Considerations This document does not alter the inherent security posture of SRv6 [RFC8402], [RFC8754]. The SID space prefix was allocated to improve ease of filtering. Where SRv6 traffic using these prefixes may be shared with cooperating partner networks, this proposal makes it easier to craft filters that permit only SRv6 traffic from identified ASNs. 7. IANA Considerations This document has no IANA actions. 8. References 8.1. Normative References [IANA-ASNs] "Autonomous System (AS) Numbers", n.d., . [IANA-IPv6Special] "IANA IPv6 Special-Purpose Address Registry", n.d., . Kline & Buraglio Expires 9 May 2025 [Page 6] Internet-Draft SID Space Inter-domain Addressing. November 2024 [RFC9602] Krishnan, S., "Segment Routing over IPv6 (SRv6) Segment Identifiers in the IPv6 Addressing Architecture", RFC 9602, DOI 10.17487/RFC9602, October 2024, . 8.2. Informative References [draft-bdmgct-spring-srv6-security] "SRv6 Security Considerations", n.d., . [RFC1897] Hinden, R. and J. Postel, "IPv6 Testing Address Allocation", RFC 1897, DOI 10.17487/RFC1897, January 1996, . [RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for Documentation Use", RFC 5398, DOI 10.17487/RFC5398, December 2008, . [RFC6996] Mitchell, J., "Autonomous System (AS) Reservation for Private Use", BCP 6, RFC 6996, DOI 10.17487/RFC6996, July 2013, . [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, . [RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, . [RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020, . Acknowledgments TODO acknowledge. Authors' Addresses Erik Kline Aalyria Technologies, Inc. Email: ek.ietf@gmail.com Kline & Buraglio Expires 9 May 2025 [Page 7] Internet-Draft SID Space Inter-domain Addressing. November 2024 Nick Buraglio Energy Sciences Network Email: buraglio@forwardingplane.net Kline & Buraglio Expires 9 May 2025 [Page 8]