Introducing Resource Awareness to SR Segments

The Segment Routing (SR) Architecture specifies a mechanism to steer packets through an ordered list of segments. A segment is referred to by its Segment Identifier (SID). With SR, explicit source routing can be achieved without introducing per-path state into the network. The base SR specifications do not have the capability of identifying or reserving a set of network resources. Although a centralized controller can have a global view of network state and can provision different services using different SR paths, in data packet forwarding it still relies on the DiffServ QoS mechanism to provide coarse-grained traffic differentiation in the network. While such a mechanism may be sufficient for some types of services, others may require a set of dedicated network resources to achieve resource isolation in the same network. Also, the number of such services could be larger than the number of traffic classes available with DiffServ QoS. Without needing to define new SID types, this document extends the SR paradigm by associating SIDs with network resource attributes, so that network resources can be allocated to one or a set of SIDs. Such SIDs are referred to as resource-aware SIDs. These resource-aware SIDs retain their original functionality, with the additional semantics of identifying the set of network resources available for the packet processing action. Typical types of network resources include link bandwidth, buffers, and queues that are associated with class of service, scheduling weights or time cycles, and it is also possible to associate SR SIDs with other types of resources (e.g., the processing and storage resources). For a particular SR segment, multiple resource-aware SIDs can be allocated, each of which represents a subset of network resources allocated in the network to meet the requirements of one or a group of customers or services. Each subset of the network resources may be associated with one or multiple resource-aware SIDs. The allocation of network resources to segments can be done either via local configuration or via a centralized controller. Other approaches are possible such as the use of a control plane signaling protocol, but they are out of the scope of this document. An SR Policy that requires dedicated network resources can be composed of a list of resource-aware SIDs. This can be useful for service which requires dedicated network resources along the SR path. In addition, a subset of the network topology and resources (considered as a "virtual network") can be represented by a group of resource-aware SIDs that meet the connectivity and resource goals. The resources associated with each segment of the virtual network can be the same or different. The proposed mechanism is applicable to SR with both MPLS data plane (SR-MPLS) and IPv6 data plane (SRv6). The reader is expected to be familiar with the terminology in , and .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

The following terms are introduced by this document. Resource-aware segment: An SR segment which not only represents a specific instruction, but also identifies the set of network resources used for executing the action. Resouce group: A group of network resources allocated on a set of network nodes and links, which can be used for forwarding and processing packets with one or multiple resource-aware SIDs. Global resource-aware SID: A resource-aware segment identifier which is associated with a resource group. Local resource-aware SID: A resource-aware segment identifier which is associated with a specific set of resources on a network node or link in the resource group.

In the Segment Routing architecture , several types of segments are defined to represent either topological or service instructions. A topological segment can be a node segment or an adjacency segment. A service segment may be associated with specific service functions for service-chaining purposes. This document introduces additional resource semantics to the existing types of SIDs. A resource-aware SID retains its original functionality, with the additional semantics of identifying a set of network resources allocated in the underlay network for the packet processing action. A resource-aware SID is considered local resource-aware if the associated network resource is allocated on a specific node in the network. A resource-aware SID is considered global resource-aware if the associated network resources are allocated on multiple nodes in the network. A local resource-aware SID may be allocated with a dedicated set of network resources, while for global resource-aware SIDs, a common set of network resources may be allocated to a group of resource-aware SIDs. This section describes the mechanisms of using resource-aware SR SIDs to indicate the network resource information associated with the SR paths or virtual networks based on the two SR data plane instantiations: SR-MPLS and SRv6. The mechanisms to identify the forwarding path or network topology with SIDs as defined in do not change. Aligning with the SR architecture, the control plane for resource-aware segments can be centralized, distributed, or hybrid. When resource-aware segments are associated with a virtual network, the control plane for distributing the resource-aware SIDs and the associated topology or Flexible-Algorithm can be based on , and .

The MPLS instantiation of Segment Routing is specified in . specifies several types of SIDs, including IGP Adjacency Segment (Adj-SID), IGP-Prefix Segment (Prefix-SID), and IGP-Node Segment (Node-SID). It also introduces BGP Peer Adjacency Segment (PeerAdj SID). These types of SIDs can be reused to represent both the topological instructions and the set of network resources allocated for packet processing following the instructions. A resource-aware Adj-SID is a local resource-aware segment, it represents a subset of the network resources (e.g., bandwidth, buffer and queuing resources) on a given link, thus each resource-aware Adj-SID is associated with a subset of the link's traffic engineering (TE) capabilities and resources (known as TE attributes ). For one IGP link, multiple resource-aware Adj-SIDs can be assigned, each of which is associated with a subset of the link resources allocated on the link. For one inter-domain link, multiple BGP PeerAdj SIDs may be assigned, each of which is associated with a subset of the link resources allocated on the inter-domain link. The inter-domain link is between network domains managed by the same administrative entity and aligns with the trust model described in . The resource-aware Adj-SIDs may be associated with a specific network topology and/or algorithm, so that it is used only for resource-aware SR paths computed within the topology and/or algorithm. Note this per-segment resource allocation complies with the SR paradigm, which avoids introducing per-path state into the network. Several approaches can be used to partition and reserve the link resources, such as , logical sub-interfaces with reserved bandwidth, dedicated queues, etc. The detailed mechanism of link resource partitioning is out of scope of this document. A resource-aware prefix-SID is a global resource-aware segment, it is associated with a network topology and/or an algorithm which the attached node participates in. In addition, a resource-aware prefix-SID is allocated with a set of network resources (e.g., bandwidth, buffer and queuing resources) on the nodes and links participating in the associated topology and/or algorithm. Such set of network resources can be used for forwarding packets which are encapsulated with this resource-aware prefix-SID, along the paths computed in the associated topology and/or algorithm. Although it is possible that each resource-aware prefix-SID is allocated with a set of dedicated resources on every node and link in the associated topology and/or algorithm, the overhead of per-prefix resource reservation is usually considered unacceptable in both control plane signaling and data plane states, and it is likely some of the allocated resources will be wasted. It is RECOMMENDED that a common set of network resources be allocated by the network nodes and links participating in the topology and/or algorithm, and this common set of network resources is associated with a group of resource-aware Prefix-SIDs. Such a common set of network resources constitutes a resource group. For a given <topology, algorithm> tuple, there can be one or multiple resource groups. This way, a group of resource-aware prefix-SIDs which are associated with the same <topology, algorithm> tuple can share the set of network resources in a resource group. The association between the SR SIDs and a resource group can be provisioned using the management plane or a control plane. The recommendation above helps to reduce the dynamics in per-prefix resource allocation and adjustment, so that the network resource can be allocated based on planning and does not have to rely on dynamic signaling. When the set of nodes and links that participate in a <topology, algorithm> tuple changes, the set of network resources allocated on specific nodes and links may need to be adjusted. When the set of network resources are locally configured on the network links, this means that the resources allocated to resource-aware Adj-SIDs on those links may have to be adjusted, and new TE attributes for the associated adj-SIDs re-advertised. For one IGP prefix, multiple resource-aware prefix-SIDs can be allocated. Each resource-aware prefix-SID may be associated with a unique <topology, algorithm> tuple, in this case different <topology, algorithm> tuples can be used to distinguish the resource-aware prefix-SIDs of the same prefix. In another case, for one IGP prefix, multiple resource-aware prefix-SIDs may be associated with the same <topology, algorithm> tuple but different resource groups. Then an additional control plane distinguisher needs to be introduced to distinguish different resource-aware prefix-SIDs associated with the same <topology, algorithm> but different resource groups. The first approach is simpler and does not require extensions to control plane protocols, while there can be scalability concerns when the number of resource groups is large, as it would require a large number of topologies or Flex-Algorithms. The second approach is more scalable, while it requires additional extensions to the control plane protocols. The exact control plane extensions are out of the scope of this document, but see Section 7 for more discussion of the scalability concerns. A group of resource-aware Adj-SID and resource-aware Prefix-SIDs can be used to construct the SID lists of an SR Policy, which can be used to steer the traffic to be forwarded along the explicit paths (either strict or loose) and processed using the set of network resources identified by the resource-aware SIDs. In SR-MPLS packet forwarding, each resource-aware Adj-SID identifies both the next-hop of the node and the set of resources used for packet processing on the outgoing interface. Each resource-aware Prefix-SID identifies the path to the node which the prefix is attached to, and the resource group which consists of a set of network resources to be used for packet forwarding on the transit nodes along the path. The transit nodes use the resource-aware Prefix-SIDs to determine the next-hop of the packet and the set of local resources in the identified resource group, then forward the packet to the next-hop using the set of local resources. When the set of network resources allocated on the egress node also needs to be determined, it is RECOMMENDED that Penultimate Hop Popping (PHP) be disabled, otherwise the inner service label needs to be used to infer the set of resources to be used for packet processing on the egress node of the SR path, which would over-complicate the assignment of the service label and potentially require multiple service labels to be assigned for the same service to identify the different resource groups. This mechanism requires the allocation of additional prefix-SIDs or adj-SIDs to identify different sets of network resources. As the number of resource groups increases, the number of SIDs would increase accordingly, while it should be noted that there is still no per-path state introduced into the network.

defines the SRv6 SID format (LOC:FUNCT:ARG) and the base set of SRv6 behaviors bound to the SRv6 SIDs. When the LOC (Locator) part of the SRv6 SIDs is routable, it leads to the node which instantiates the SID. The approach of introducing resource-awareness to SRv6 is by firstly making the SRv6 Locators resource-aware. For one SRv6 node, multiple resource-aware SRv6 Locators can be assigned. A resource-aware Locator is associated with a network topology and/or algorithm in which the originating node participates, as well as a set of network resources (e.g., bandwidth, buffer, and queueing resources) on each node and the attached links participating in the same topology and/or algorithm. Then resource-aware SRv6 SIDs are allocated using the resource-aware SRv6 Locator as the prefix, and the resource-aware SRv6 SIDs are associated with a subset of the local resources which belong to the resource group associated with the resource-aware SRv6 Locator. The set of network resources allocated to the resource-aware SRv6 Locators and SRv6 SIDs are used for forwarding packets in which the resource-aware SRv6 SIDs are encoded as the destination IPv6 addresses. Similar to the approach used with resource-aware prefix-SIDs in SR-MPLS, it is RECOMMENDED that a common set of network resources are allocated by the network nodes and links participating in a topology and/or algorithm, and this resource group is associated with a group of resource-aware Locators of the same topology and/or algorithm. For one IGP link, multiple resource-aware SRv6 End.X SIDs can be allocated to identify different sets of link resources allocated on the link. SRv6 SIDs for other types of behaviors MAY also be assigned as resource-aware SIDs, which identifies the set of network resources allocated by the node for executing the behavior. All resource-aware SRv6 SIDs MUST use a resource-aware locator as its prefix. A group of resource-aware SRv6 SIDs can be used to construct the SID lists of an SR Policy, which can be used to steer the traffic to be forwarded along the explicit paths (either strict or loose), and be processed using the set of network resources identified by the resource-aware SRv6 Locators and SIDs. In SRv6 packet forwarding, the transit nodes use the resource-aware Locator of the SRv6 SID carried in the destination IPv6 address field to determine the next-hop of the packet, and the resource group which consists of a set of network resources to be used for packet forwarding along the path. On the segment endpoint nodes, the resource-aware End.X SID identifies both the next-hop and the set of resources used for packet forwarding on the outgoing interface of the node which instantiates the SID. This mechanism requires the allocation of additional SRv6 Locators and SIDs to identify different set of network resources. As the number of resource groups increases, the number of SRv6 Locators and SIDs would increase accordingly, while it should be noted that there is still no per-path state introduced into the network.

The mechanism described in this document assumes the use of a centralized controller to collect the information about the network (configuration, state, routing databases, etc.) as well as the service information (traffic matrix, performance statistics, etc.) for the planning of network resources based on the service requirements. The centralized controller can also be used to instruct the network nodes to allocate the network resources and associate the resources to resource-aware SIDs. The resource-aware SIDs can be either explicitly provisioned by the controller, or can be dynamically allocated by network nodes. The distributed control plane is complementary to the centralized controller. When the resource-aware SIDs are locally configured or dynamically allocated, a distributed control plane can be used for the collection and distribution of the resource-aware SIDs among network nodes, together with the set of associated local network resource information. Then some of the network nodes can distribute the collected information to the centralized controller. The mechanisms as defined in and can be reused with possible extensions to improve the efficiency and scalability. It is anticipated that augmentations to the SR YANG models would provide a way to configure and learn about the relationship between resource-aware SIDs and the resources on specific nodes.The details are out of the scope of this document. If an attempt to associate a resource-aware SID with resources on a router fails (for example, due to an error in the amount of resource requested) the control plane solution MUST report this so that the situation can be corrected. The support for a resource group and the SR SIDs or SRv6 locators information to associate packets to it MUST be aligned among the network nodes in that resource group, so as to ensure that packets are processed consistently within a resource group. This task can be accomplished via local configuration or via a centralized controller. Other approaches may be possible. provides some guidance on the provisioning of resource-aware segments for network resource partitions (NRPs). The centralized controller or management system is responsible for consistent provisioning of resource groups, and should be able to roll back in case of partial provisioning failure. A resource group SHOULD NOT be used until it is fully provisioned. An update to a resource group is finished until all changes to the involved network nodes are successfully made. To indicate the support for a given resource group, a node needs to advertise the identifier of the resource group, the associated topology and algorithm, the resource-aware SIDs and the TE attributes representing the resources allocated to the resource-aware SIDs in the resource-group. The TE attributes of a resource group may be used as constraints in path computation. The controller is also responsible for the centralized computation and optimization of the SR paths taking the topology, algorithm and network resource constraints into consideration. The interaction between the controller and the network nodes can be based on Netconf/YANG , BGP SR Policy or PCEP . In some scenarios, extensions to some of these protocols may be needed to improve the efficiency and scalability of the control plane, but these are out of the scope of this document. Distributed computation of resource-aware SR paths is also possible, the topology, algorithm and/or resource constraints need to be taken into consideration by network nodes. The distributed control plane may be based on , , with necessary extensions. When a network node is instructed to associate a SID with specific resources, its actions will depend on the operational mechanisms of the network. In some cases the association between SIDs and resources is configured on the individual network nodes, and the control plane (e.g. IGP) is used to distribute the SID information and the allocated resource information to the controller and the ingress nodes for TE constraint-based path computation. In network cases with SR and other TE mechanisms (such as RSVP-TE) co-existing in the network, the IGP advertisements of available resources may need to be updated to indicate that there has been a change to the available resources resulting from the instantiation of a new resource-aware SID, it is suggested such updates would be rate-limited to avoid overloading the IGP system using suppression mechanisms as described in . In still other cases the association between SIDs and network resources is provisioned by the central controller which is responsible for all TE management, then the distributed control plane does not need to take any additional action.

This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC.

This section is to be removed before publishing as an RFC. RFC-Editor: Please clean up the references cited by this section before publication. This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in . The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit". This section is provided in compliance with the SPRING working group policies ().

Huawei Technologies reported the following implementations of the resource-aware segments (Section 2). The resource-aware segments are used to build SR based Network Resource Partitions (NRPs) and resource guaranteed SR Policies. Huawei ATN9XX, CX600 routers. Huawei NE40E, NE8000, NE5000E routers. At the time of this report, all the implementations listed above are in production and follow the specification in the latest version of this document, including all the "MUST" and "SHOULD" clauses for the resource-aware segments. This report was last updated on August 28, 2025.

Resource-aware segments can coexist with the existing SR segments. Network operators may introduce resource-aware segments into a portion of their SR networks to support services which require guaranteed network resources (e.g. bandwidth). The use of either base SR segments or resource-aware SR segments for specific service is based on operators' local policy. Resource-aware segments require to introduce additional SR-MPLS SIDs or SRv6 Locators/SIDs for different subsets of network resources. This would increase the amount of SR SIDs to be managed, and would also increase the amount of state to be maintained by network nodes. Although with the SR paradigm, per-path state can be avoided in the network. The scalability of the deployed solution may also depend on the control plane solution that is available in implementations. If no additional control plane features are available, the only choice is to use different <topology, algorithm> tuples to distinguish the resource-aware prefix-SIDs of the same prefix. This approach may be suitable for small numbers of resource groups (less than ten or so), but with more resource groups, this approach will require more topologies or Flex-Algorithms, each of which requires separate management and can stress operational systems. If a larger number of resource groups are required, then operators should use the alternate method to allocate additional prefix-SIDs or adj-SIDs to identify the resource groups, but must utilize additional control plane mechanisms (see Section 3) to distribute the association of SIDs to resource groups. Operators need to be aware of the additional cost of introducing resource-aware segments, and provide careful planning of the resource groups, so that the resource-aware segments can meet the service requirements without introducing unacceptable complexity to network operation and management. The consistency in the binding between resource-aware segments and resource groups across all participating nodes in the network is crucial for correct and consistent treatment to packets so as to meet the resource guarantee and SLA requirements. If this is not the case, it may cause problems including service quality degradation or packet drop. Such issues could be detected and diagonosed using performance measurement or packet trace mechanisms with the same resource-aware segments as in the data packets used for forwarding. Control plane mechanisms need to include consistency checks to allow the configured state of resource allocation in network nodes to be verified against the intended state. If inconsistency in resource binding is detected by a network node, by default the impacted resource-aware SIDs MUST NOT be used for traffic forwarding, and an error SHOULD be logged and reported. Operators need to specify the policy for traffic which exceeds the allocated resources of the resource-aware SID carried. The options include: drop the traffic, lower the priority and treat it in best effort, etc.

The security considerations of segment routing and SRv6 in , and are applicable to this document. The allocaton of network resources, the association of resource-aware SIDs with the allocated network resources, and the distribution of information of the resource-aware SIDs together with the associated TE attributes MUST be done via control or management protocol channels with proper mechanisms for authentication, authorization, integrity or replay-protection. The specifications of the control or managment plane protocols for resource-aware segments SHOULD specify how these security properties are provided. When the control plane of resource-aware segments is based on Flex-Algo, the security threats described in need to be considered, as the hijack of a Flex-Algo which associates with an resource group would compromise not just path selection but also resource isolation correctness. A compromised or misconfigured controller, or a node with local configuration authority, could allocate sufficient network resources and resource-aware SIDs to exhaust link or node resources, thereby starving the base SR forwarding plane. The allocation of network resources and resource-aware SIDs MUST be under some admission control, and implementations SHOULD reject network resource and resource-aware SIDs allocation when it would exceed a configurable threshold, ensuring that base SR forwarding plane availability cannot be compromised by resource exhaustion. The resource-aware SIDs may be used for provisioning of SR paths or virtual networks to carry traffic with specific SLA requirements (such as latency). By disrupting the SLA of such traffic an attack can be directly targeted at the customer application, or can be targeted at the network operator by causing them to violate their SLA, triggering commercial consequences. Dynamic attacks of this sort are not something that networks have traditionally guarded against, and networking techniques need to be developed to defend against this type of attack. By rigorously policing ingress traffic and carefully provisioning network resources provided to such services, this type of attack can be prevented. However care needs to be taken when providing shared resources, and when the network needs to be reconfigured as part of ongoing maintenance or in response to a failure. A compromised network node may choose not to actually allocate the claimed resources to the resource-aware SIDs, overstate the available resources, or selectively degrade specific resource groups, this may result in the expected SLA being disrupted due to lack of resource guarantee. The resource-aware SIDs carried in data packets can reveal not just where the packets go, but also the corresponding resource groups. The details about resource allocation in the underlay network MUST NOT be exposed to third parties, so as to prevent attacks aimed at exploiting shared network resources.

The authors would like to thank Mach Chen, Stefano Previdi, Charlie Perkins, Bruno Decraene, Loa Andersson, Alexander Vainshtein, John Drake and Alvaro Retana for the valuable discussion and suggestions to this document.