Carrying NRP related Information in MPLS Packets

Virtual Private Networks (VPNs) provide different customers with logically isolated connectivity over a common network infrastructure. With the introduction of 5G and also in some existing network scenarios, some customers may require network connectivity services with advanced features comparing to conventional VPNs, such as resource isolation from other services or guaranteed performance. Such kind of network service is called enhanced VPN . Enhanced VPN service requires the coordination and integration between the overlay VPNs and the capability and resources of the underlay network. Enhanced VPN can be used, for example, to deliver network slice services as described in . also introduces the concept of the Network Resource Partition (NRP), which is a subset of the buffer/queuing/scheduling resources and associated policies on each of a connected set of links in the underlay network. An NRP can be associated with a logical network topology to select or specify the set of links and nodes involved. In packet forwarding, traffic of different Enhanced VPN services needs to be processed separately based on the network resources and the logical topology associated with the corresponding NRP. describes the scalability considerations and the possible optimizations for providing a relatively large number of NRPs. The approach to improve the data plane scalability of NRP is to introduce a dedicated data plane identifier (which is called NRP Selector ID) in the data packets to identify the set of network resources allocated to an NRP, so that the packets mapped to an NRP can be processed and forwarded using the NRP-specific network resources, which could avoid possible resource competition with services in other NRPs. This document proposes a mechanism to carry the NRP Selector ID and related information in MPLS data packets, so that the packet will be processed by network nodes using the subset of network resources and policy of the corresponding NRP. The procedure for processing the NRP Selector ID is also specified. The destination and forwarding path of the MPLS LSP is determined using the MPLS label stack in the packet, and the set of network resources and policy used for processing the packet is determined by the NRP action carried as post-stack data (PSD) . The mechanism introduced in this document is applicable to both MPLS networks with RSVP-TE or LDP LSPs, and MPLS networks with Segment Routing (SR) .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 when, and only when, they appear in all capitals, as shown here.

The NRP Selector ID and related information are carried as Ancillary Data of the MPLS NRP action. In this document, the NRP action and ancillary data are defined using Post-Stack Data (PSD) due to the following reasons: NRP Selector ID with 32-bit length does not fit well into the MPLS Label Stack Entry (LSE) due to the existence of S bit in LSE (e.g., in 31-bit Format D). Optional NRP related information which may be mutable or variable is more suitable and efficient to be encoded as Post-stack Data. This document makes use of the post-stack header mechanism as defined in . A new type of Post-Stack network action called "Network Resource Partition (NRP)" is defined to carry the NRP Selector ID and other NRP related information. The Opcode of the NRP action is to be assigned by IANA. The format of the NRP action and its ancillary data is shown as below:

Where: PS-NRP-OP: Post-stack Opcode for the NRP action, the value is to be assigned by IANA. PS-NAL: Post-Stack network action length in 4-octet units, excludeing the first 4-octets. Flags: 8-bit flag field. The most significant bit is defined in this document.

S (Strict Match): The S flag is used to indicate whether the NRP ID MUST be strictly matched for the processing of the packet. When the S flag in the NR option of a received packet is set to 1, if the NRP ID in the packet does not match with any of the network resources provisioned on the network node, the packet MUST be dropped. When the S flag in the NRP option of a received packet is set to 0, if the NRP ID in the packet does not match with any of the network resources provisioned on the network node, the packet MUST be forwarded using the default set of resource and behavior as if the NRP option does not exist. U (Unused): These flags are reserved for future use. They MUST be set to 0 on transmission and MUST be ignored on receipt. Reserved: 8-bit field reserved for future use. NRP Selector ID: 4-octet Network-wide identifier which uniquely identifies the set of network resources allocated to an NRP. The size of the NRP Selector ID is determined by the value of PS-NAL. Optional NRP related information: Other NRP related information which may be carried as ancillary data of the NRP action. One example is the traffic accounting data of a specific NRP. The detailed encoding and mechanisms are out of the scope of this document. The length of the optional NRP related information in 4-octet units is determined by the value of PS-NAL minus 1. The PS-NRP action SHOULD be processed hop-by-hop (HBH). It is suggested the PS-NRP action be placed closer to the top of the PSD than any Post-Stack actions with the Ingress-To-Egress scope

When an LSP ingress receives a packet, the traffic classifications and mapping policies are checked. If a match is found that the packet needs to be steered on to one of the NRPs of the MPLS network, the packet is encapsulated with an MPLS Label Stack and a Post-Stack Header is added after the label stack. The Post-Stack Header contains a Post-Stack NRP action, which includes the NRP Selector ID and optional NRP related information.

On receipt of an MPLS packet which carries the PS-NRP action, network nodes which support the mechanism defined in this document MUST parse the Post-Stack header and the NRP action, and use the NRP Selector ID to identify the NRP the packet belongs to, then the local resources allocated to the NRP are used to process and forward the packet. The forwarding behavior is based on both the MPLS label stack and the Post-Stack NRP action. The top MPLS label is used for the lookup of the next-hop, and the NRP Selector ID can be used to determine the set of network resources allocated by the network nodes for processing and sending the packet to the next-hop. Network nodes which do not support the mechanism in this document MUST ignore the NRP action, and forward the packet only based on the top MPLS label. There can be different approaches used for allocating network resources on each network node to the NRPs. For example, on one interface, a subset of forwarding plane resources (e.g., bandwidth and the associated buffer/queuing/scheduling resources) allocated to a particular NRP can be considered as a virtual layer-2 sub-interface with dedicated bandwidth and the associated resources. In packet forwarding, the top MPLS label of the received packet is used to identify the next-hop and the outgoing layer-3 interface, and the NRP Selector ID is used to further identify the virtual sub-interface which is associated with the NRP on the outgoing interface. The egress node of the MPLS LSP MUST pop the Post-Stack NRP action, together with the Post-Stack header and other Post-Stack actions if there is any.

Before inserting the Post-Stack NRP action into an MPLS packet, the ingress node wants to know whether the nodes along the LSP can process the NRP extension header properly based on the mechanisms defined in this document. This can be achieved by introducing the capability advertisement and negotiation mechanism for the Post-Stack NRP action. The ingress node also needs to know whether the egress node of the LSP can remove the Post-Stack NRP action as part of the Post-Stack header properly before parsing the upper layer and sending the packet to the next hop. The signaling mechanism for capability advertisement and negotiation is out of the scope of this document.

IANA is requested to assign the code point for the PS-NRP action from the "Post-Stack Network Action Opcodes" registry as below:

The security considerations in and apply to this document. The introduction of Post-Stack NRP actions allows attacking traffic targeting at a specific NRP in the network, which can impact the performance of services carried by the NRP. Operator needs to make sure that only trusted network nodes can add Post-stack NRP action to packets.

The authors would like to thank Loa Andersson for the review and comments.