Network Working Group Y. Liu Internet-Draft ZTE Corporation Intended status: Standards Track C. Lin Expires: 17 August 2026 New H3C Technologies 13 February 2026 BGP Flow-Spec Redirect to SR Segment List Action draft-ll-idr-flowspec-redirect-sidlist-00 Abstract BGP Flow Specification (Flow-spec) provides a mechanism for distributing traffic filtering and policy-based forwarding rules. Existing works enables traffic steering into an SR Policy. However, in Artificial Intelligence (AI) network scenarios, "elephant flows" may require deterministic forwarding over specific segment lists within an SR Policy candidate path. This document specifies a new BGP Flow-spec Redirect action that identifies a specific segment list within an SR Policy. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 17 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights Liu & Lin Expires 17 August 2026 [Page 1] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Redirect to Segment List Action . . . . . . . . . . . . . . . 4 2.1. Action SubTLV Format . . . . . . . . . . . . . . . . . . 4 2.1.1. Flags Field . . . . . . . . . . . . . . . . . . . . . 4 2.1.2. SR Policy Identification . . . . . . . . . . . . . . 5 2.1.3. Candidate Path Identification . . . . . . . . . . . . 5 2.1.4. Segment List Identification . . . . . . . . . . . . . 6 3. Operational Considerations . . . . . . . . . . . . . . . . . 6 3.1. Validation and Installation . . . . . . . . . . . . . . . 6 3.2. Fallback Behavior . . . . . . . . . . . . . . . . . . . . 7 3.3. Recovery Behavior . . . . . . . . . . . . . . . . . . . . 7 4. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Normative References . . . . . . . . . . . . . . . . . . . . 8 8. Informative References . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction BGP Flow Specification (Flow-spec) [RFC8955] [RFC8956] is an extension to BGP that allows for the dissemination of traffic flow specification rules. BGP Flow-spec Version 2 (FSv2) is defined in [I-D.ietf-idr-flowspec-v2]. [RFC9256] details the concepts of Segment Routing (SR) Policy and steering into an SR Policy. An SR Policy consists of one or more candidate paths, each comprising one or more segment lists. As specified in [RFC9256], if a set of segment lists is associated with the active path of the policy, then the steering is per flow and weighted-ECMP (W-ECMP) based according to the relative weight of each segment list. Liu & Lin Expires 17 August 2026 [Page 2] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 Traffic generated by AI training and sample transmission exhibits elephant flow characteristics. Compared to ordinary traffic, elephant flows are characterized by high per-flow bandwidth, and long duration. When the traffic carried by an SR Policy contains elephant flows, distributing traffic across segment lists randomly based on weights may cause elephant flows to be assigned to inappropriate segment lists, leading to network load imbalance, e.g., collocation with other large flows on shared links. Currently BGP-FS supports steering traffic into an SR Policy. [I-D.ietf-idr-ts-flowspec-srv6-policy] enables steering into an SR Policy using the address in the Redirect-to-IP action [I-D.ietf-idr-flowspec-redirect-ip] as the endpoint and the color in the Color Extended Community [RFC9012] as the color of the target SR Policy. [I-D.ietf0-idr-srv6-flowspec-path-redirect] proposes a scheme that steers traffic into an SR Policy through a Binding SID. [I-D.li-idr-flowspec-sr-policy] defines a FSv2 Redirect to SR Policy action directly using Policy Color and endpoint as the identifier. This document extends BGP-FS to allow traffic to be redirected to a specific segment list within an SR Policy candidate path. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology This document uses terminology from [RFC8955], [RFC9256], and [RFC9857]. * SR Policy: Segment Routing Policy, identified by . * Candidate Path: A specific path option for an SR Policy, with an associated preference value. * Segment List: A specific SID stack that realizes a path; may have an associated weight for load balancing. * Segment List ID: A 32-bit identifier assigned to a segment list, unique within the scope of a candidate path [RFC9857]. Liu & Lin Expires 17 August 2026 [Page 3] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 * Elephant Flow: A long-lived, high-bandwidth traffic flow typical in AI/ML training data transfers and storage replication flows. 2. Redirect to Segment List Action This action instructs the headend to redirect matching traffic into a specific segment list of a specific candidate path of an SR Policy. This action is encoded as a Flow Specification v2 (FSv2) Action SubTLV carried in a Wide Community container [I-D.ietf-idr-wide-bgp-communities]. 2.1. Action SubTLV Format The Redirect to Segment List action is encoded as a single FSv2 Action SubTLV. Sub-Type: TBD1 (2 octets) Length: 2 octets, indicating the total number of octets of the Value field. Value: Variable, formatted as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | AFI | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Color (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Endpoint (4 or 16 octets) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Protocol-Origin (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator( 20octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Discriminator (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Segment List ID (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Redirect to Segment List Action SubTLV Format 2.1.1. Flags Field The Flags field is 1 octet and defined as follows: Liu & Lin Expires 17 August 2026 [Page 4] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |F|R| Reserved | +-+-+-+-+-+-+-+-+ Figure 2 F (Fallback Enabled - 1 bit): When set (1), the headend MUST perform the fallback procedure described in Section 3.2 if the designated segment list or candidate path becomes invalid or ceases to be the active candidate path. When clear (0), the headend MUST NOT fall back. R (Recovery - 1 bit): When set (1), indicates that if the designated segment list later recovers, the headend SHOULD revert to pinning the traffic flow onto it. When clear (0), the headend SHOULD NOT automatically revert. Reserved (6 bits): MUST be set to 0 on transmission and ignored on receipt. 2.1.2. SR Policy Identification Color (4 octets): The Color value of the target SR Policy, an unsigned non-zero 32-bit integer. AFI (2 octets): Address Family Identifier of the Endpoint. Values are taken from IANA's "Address Family Numbers" registry. This field determines the length of the Endpoint field: - 1 (IPv4): Endpoint = 4 octets - 2 (IPv6): Endpoint = 16 octets Other AFI values are reserved and MUST NOT be sent; if received, the entire Action SubTLV MUST be treated as malformed (Section 4). Endpoint (variable): The endpoint address of the SR Policy, encoded according to the AFI field. 2.1.3. Candidate Path Identification Protocol-Origin (4 octets): The Protocol-Origin value of the candidate path. (See [RFC9256] Section 2.3.) Liu & Lin Expires 17 August 2026 [Page 5] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 Originator (20 octets): The Originator of the candidate path as specified in [RFC9256] Section 2.4. Discriminator (4 octets): The Discriminator of the candidate path, as defined in [RFC9256] Section 2.5. 2.1.4. Segment List Identification Segment List ID (4 octets): The identifier of the segment list within the candidate path. The value zero is reserved and MUST NOT be used; if received, the Action SubTLV MUST be treated as malformed. 3. Operational Considerations 3.1. Validation and Installation Upon receipt of a Flow Specification route containing this Action SubTLV, the headend MUST perform the following steps in order: 1. Resolve the SR Policy using . 2. Locate the candidate path within that SR Policy that exactly matches . 3. Verify that the candidate path is the active candidate path of the SR Policy (as in [RFC9256] Section 2.9) . 4. Locate the segment list within that candidate path whose Segment List ID matches the value in the SubTLV. 5. Verify that the segment list is valid as per [RFC9256] Section 5. If any of these steps fail, the Action SubTLV is considered invalid, and the Flow Specification rule continues to be processed as if this Action SubTLV were not present. An implementation SHOULD log the validation failure. If all steps succeed, the headend installs a forwarding rule that redirects matching traffic exclusively to the designated segment list. Traffic SHOULD NOT be load-balanced to other segment lists within the same candidate path. Liu & Lin Expires 17 August 2026 [Page 6] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 3.2. Fallback Behavior After successful installation, if the F-Flag is set and any of the following events occur: * The designated segment list becomes invalid, * The designated candidate path becomes invalid, * The designated candidate path is no longer the active candidate path of the SR Policy. Then the headend MUST revert to ordinary SR Policy forwarding behavior as defined in [RFC9256]. An implementation SHOULD generate an alert to indicate that explicit path pinning is no longer in effect and the reason for fallback. 3.3. Recovery Behavior If the R-Flag is set and the designated segment list later recovers (becomes valid again) while the designated candidate path remains active, the headend SHOULD revert to pinning the traffic flow onto the recovered segment list. An implementation MAY apply a configurable revert timer to avoid flapping. During the reversion process, traffic MUST NOT be dropped. The transition MAY be performed via make-before-break. If the R-Flag is clear, the headend SHOULD NOT automatically revert. A controller MAY withdraw and re-advertise the Flow Specification route to re-establish pinning. 4. Error Handling A Redirect to SR Policy Segment List SubTLV is considered malformed if: * The Length field does not match the expected size derived from the AFI and fixed fields. * The AFI is not 1 (IPv4) or 2 (IPv6). * The Segment List ID is zero. * The Originator field does not comply with the encoding rules (e.g., non-zero high-order bits for an IPv4 address). Liu & Lin Expires 17 August 2026 [Page 7] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 * The Protocol-Origin field has non-zero high-order 24 bits. Malformed SubTLVs MUST be handled according to [RFC7606] as treat-as- withdraw. The implementation SHOULD log the error. 5. IANA Considerations IANA is requested to assign a new Action Sub-Type value from the "BGP FSv2 Action types" registry (established by [I-D.ietf-idr-flowspec-v2]) for the action defined in this document. Sub-Type Name Reference -------------------------------------------------------- TBD1 Redirect to SR Policy Segment List [this document] 6. Security Considerations The security considerations of [RFC8955], [RFC9256], and [I-D.ietf-idr-flowspec-v2] apply. The ability to pin traffic to a specific candidate path and segment list introduces additional risk. A malicious controller could direct all elephant flows to a single segment list, causing link overload and congestion collapse. Operators SHOULD: * Implement per-session policies to restrict which BGP peers are allowed to send BGP-FS routes with this action. * Limit the rate of BGP-FS updates to protect headend resources. 7. Normative References [I-D.ietf-idr-flowspec-v2] Hares, S., Eastlake, D. E., Yadlapalli, C., and S. Maduschke, "BGP Flow Specification Version 2", Work in Progress, Internet-Draft, draft-ietf-idr-flowspec-v2-04, 28 April 2024, . [I-D.ietf-idr-wide-bgp-communities] Raszuk, R., Haas, J., Lange, A., Decraene, B., Amante, S., and P. Jakma, "BGP Community Container Attribute", Work in Progress, Internet-Draft, draft-ietf-idr-wide-bgp- communities-12, 17 March 2025, . Liu & Lin Expires 17 August 2026 [Page 8] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. Patel, "Revised Error Handling for BGP UPDATE Messages", RFC 7606, DOI 10.17487/RFC7606, August 2015, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. Bacher, "Dissemination of Flow Specification Rules", RFC 8955, DOI 10.17487/RFC8955, December 2020, . [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., "Dissemination of Flow Specification Rules for IPv6", RFC 8956, DOI 10.17487/RFC8956, December 2020, . [RFC9012] Patel, K., Van de Velde, G., Sangli, S., and J. Scudder, "The BGP Tunnel Encapsulation Attribute", RFC 9012, DOI 10.17487/RFC9012, April 2021, . [RFC9256] Filsfils, C., Talaulikar, K., Ed., Voyer, D., Bogdanov, A., and P. Mattes, "Segment Routing Policy Architecture", RFC 9256, DOI 10.17487/RFC9256, July 2022, . [RFC9857] Previdi, S., Talaulikar, K., Ed., Dong, J., Gredler, H., and J. Tantsura, "Advertisement of Segment Routing Policies Using BGP - Link State", RFC 9857, DOI 10.17487/RFC9857, October 2025, . 8. Informative References [I-D.ietf-idr-flowspec-redirect-ip] Haas, J., Henderickx, W., and A. Simpson, "BGP Flow-Spec Redirect-to-IP Action", Work in Progress, Internet-Draft, draft-ietf-idr-flowspec-redirect-ip-04, 2 September 2025, . Liu & Lin Expires 17 August 2026 [Page 9] Internet-Draft Flow-Spec Redirect to SR Segment List February 2026 [I-D.ietf-idr-ts-flowspec-srv6-policy] Wenying, J., Liu, Y., Zhuang, S., Mishra, G. S., and S. Chen, "Traffic Steering using BGP FlowSpec with SR Policy", Work in Progress, Internet-Draft, draft-ietf-idr- ts-flowspec-srv6-policy-08, 1 February 2026, . [I-D.ietf0-idr-srv6-flowspec-path-redirect] Van de Velde, G., Patel, K., Li, Z., Zhuang, S., and H. Chen, "Flowspec Indirection-id Redirect for SRv6", Work in Progress, Internet-Draft, draft-ietf0-idr-srv6-flowspec- path-redirect-14, 28 December 2025, . [I-D.li-idr-flowspec-sr-policy] Li, Z. and liusong, "BGP Flowspec Redirects to SR Policy", Work in Progress, Internet-Draft, draft-li-idr-flowspec- sr-policy-02, 14 October 2025, . Authors' Addresses Yao Liu ZTE Corporation Email: liu.yao71@zte.com.cn Changwang Lin New H3C Technologies Email: linchangwang.04414@h3c.com Liu & Lin Expires 17 August 2026 [Page 10]