Export of BGP VPN Information in IPFIX

Introduction BGP/MPLS VPN, as described in , is a method that uses BGP to exchange the routes of a particular VPN among the PE routers that are attached to that VPN. And each route within a VPN is assigned an MPLS label. Typical MPLS VPN scenarios include:

MPLS VPN over MPLS traffic engineering (MPLS-TE) tunnel: The MPLS-TE tunnel can be built based on RSVP-TE LSP or SR-MPLS Policy.
MPLS VPN with MPLS best effort tunnel: A single MPLS label/SR-MPLS SID for the FEC on the egress PE is used to tunnel the VPN traffic over the backbone.

For SRv6 VPN services, defines procedures and messages for SRv6-based BGP services, including L3VPN, EVPN, and Internet services. SRv6 Service SID refers to an SRv6 SID associated with one of the service-specific SRv6 Endpoint Behaviors on the advertising PE router. As in , typical SRv6 VPN scenario includes:

SRv6 service with SRv6-TE connectivity: To provide SRv6 service in conjunction with an underlay Service Level Agreement (SLA) from the ingress PE to the egress PE, the egress PE colors the overlay service route with a Color Extended Community for steering flows for those routes. The ingress PE encapsulates the payload packet in an outer IPv6 header with the SR Policy segment list associated with the related SLA along with the SRv6 Service SID associated with the route using the Segment Routing Header (SRH) .
SRv6 service with best-effort(SRv6-BE) connectivity: The egress PE signals an SRv6 Service SID with the BGP overlay service route. The ingress PE encapsulates the payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE. The underlay between the PEs only needs to support plain IPv6 forwarding.

When monitoring traffic flows on the ingress PE in a network with BGP VPN deployed, the network monitor may want to know the following information:

Which egress PE is the flow forwarded to ?
How is the traffic transmitted through the network ?

This document introduces new IP Flow Information Export (IPFIX) information elements to carry the egress PE information in IPFIX.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document makes use of the terms defined in , and . The following terms are used as defined in :

IPFIX
IPFIX Information Elements
Metering Process
Template Record
Data Record
Collector

The following terms are used as defined in :

Segment Routing (SR)
Segment List
SRv6
SR-MPLS
Segment Identifier (SID)

The following terms are used as defined in :

SRv6 Service SID

New IPFIX IEs for VPN Egress PE Information The following subsections defines different types of IEs to fulfill the requirement to obtain the egress PE information via IPFIX.

BGP VPN Next Hop Information Two new IEs are defined in this section to identify the next hop address of the BGP VPN route. One for IPv4 address and the other for IPv6 address. The BGP next hop address is an address of the egress PE router as in .

bgpVpnNextHopIPv4Address

Name:: bgpVpnNextHopIPv4Address
ElementID:: TBD1
Description:: The 32-bit IPv4 address on the egress PE which is used as the next hop address of the BGP VPN route.
Abstract Data Type:: default
Data Type Semantics:: ipv4Address
Additional Information:: Specified in .
Reference:: This document.

bgpVpnNextHopIPv6Address

Name:: bgpVpnNextHopIPv6Address
ElementID:: TBD2
Description:: The 128-bit IPv6 address on the egress PE which is used as the next hop address of the BGP VPN route.
Abstract Data Type:: default
Data Type Semantics:: ipv6Address
Additional Information:: See for more information about the IPv6 Next Hop Network Address.
Reference:: This document.

SRv6 Service SID Locator in IPFIX In the case of SRv6 VPN, another choice to be aware of the egress PE information is to export the locator information of the SRv6 service SID, since generally the SRv6 locators are well planned in the network, and different PEs are usually assigned with different locators. defines IE "srhSegmentIPv6" and IE "srhSegmentIPv6LocatorLength", and it enables the calculation of the SRv6 Locator when the two IEs are used together. However, the requirement to export the locator of the SRv6 service SID can not be fulfilled using "srhSegmentIPv6" and "srhSegmentIPv6LocatorLength" due to the following reasons:

In the SRv6-TE scenario, the SRv6 service SID would be encapsulated in the SRH as the last segment(i.e, Segment List[0]) of the segment list in SRH. Although "srhSegmentIPv6" is the 128-bit IPv6 address that represents an SRv6 segment, there's no mechanism yet to solely export Segment List[0](or any other segment besides the active segment) in the SRH.
In the SRv6-BE scenario, the SRv6 service SID is encapsulated as the destination address of the IPv6 header by the ingress PE. Theoretically, the IE "destinationIPv6Address" and "destinationIPv6PrefixLength" defined in can be used to calculate the the IPv6 prefix length of the SRv6 service SID. But if this method is used, the network analyzer needs to know exactly which flows are VPN flows using SRv6-BE forwarding to distinguish SRv6 Service SID from the normal IPv6 address carried in the IPv6 destination address field.

To export locator of the SRv6 Service SID which is advertised via BGP VPN routes, the following IEs are defined, and this method is applicable for both SRv6-TE and SRv6-BE scenario.

srv6ServiceSidLocator

Name:: srv6ServiceSidLocator
ElementID:: TBD3
Description:: The Locator of the SRv6 Service SID signaled by the egress PE via BGP.
Abstract Data Type:: default
Data Type Semantics:: ipv6Address
Additional Information:: See for more information about the SRv6 service SID. See Section 3.1 of for more details about the SID format.
Reference:: This document.

srv6ServiceSidLocatorLength

Name:: srv6ServiceSidLocatorLength
ElementID:: TBD4
Description:: The length of the SRv6 Locator of the SRv6 service SID specified as the number of significant bits. Together with srv6ServiceSid, it enables the calculation of SRv6 Locator of the SRv6 service SID.
Abstract Data Type:: default
Data Type Semantics:: default
Additional Information:: See Section 3.1 of for more details about the SID format.
Reference:: This document.

Operational Considerations The IE bgpNextHopIPv4Address(18) and bgpNextHopIPv6Address(63) define the IPv4/IPv6 address of the next (adjacent) BGP hop. If BGP VPN route is the only BGP route deployed on the PE, IE 18 and IE 63 MAY be used to indicate the next hop address of the BGP VPN route. However, when there're many types of BGP route used in the network(e.g., BGP VPN is used together with BGP-LU), it is not clear which type of the BGP route the next BGP hop carried in IE 18 or IE 63 belongs to. In this case, using bgpVpnNextHopIPv4Address and bgpVpnNextHopIPv6Address defined in this document to carry the next hop address of the BGP VPN route is more appropriate. In the multi-as backbones, if inter-AS option A or option B with BGP next-hop changed are used as described in , the address of the egress PE can't be obtained via "bgpVpnNextHopIPv4Address" or "bgpVpnNextHopIPv6Address" since the next hop address of the BGP VPN route received by the ingress PE is not the address of the egress PE.

Security Considerations There are no additional security considerations regarding allocation of these new IPFIX IEs compared to . Other security considerations for BGP/MPLS VPN in and for BGP Overlay Services Based on SRv6 in apply to this document.

IANA Considerations This document requests IANA to create new IEs under the "IPFIX Information Elements" registry available at . IPFIX Information Elements Registry

Element ID	Name	Reference
TBD1	bgpVpnNextHopIPv4Address
TBD2	bgpVpnNextHopIPv6Address
TBD3	srv6ServiceSidLocator
TBD4	srv6ServiceSidLocatorLength