<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="3"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-yu-idr-bgp-sr-policy-orf-00"
     ipr="trust200902">
  <front>
    <title abbrev="BGP SR Policy ORF">On-Demand Distributing BGP SR Policy
    Using Outbound Route Filtering Capability</title>

    <author fullname="Pingping Yu" initials="P." surname="Yu">
      <organization>Huawei Technologies</organization>

      <address>
        <postal>
          <street>Huawei Bld., No.156 Beiqing Rd.</street>

          <city>Beijing</city>

          <code>100095</code>

          <country>China</country>
        </postal>

        <email>susana.yu@huawei.com</email>
      </address>
    </author>

    <author fullname="Shunwan Zhuang" initials="S." surname="Zhuang">
      <organization>Huawei Technologies</organization>

      <address>
        <postal>
          <street>Huawei Bld., No.156 Beiqing Rd.</street>

          <city>Beijing</city>

          <region/>

          <code>100095</code>

          <country>China</country>
        </postal>

        <phone/>

        <facsimile/>

        <email>zhuangshunwan@huawei.com</email>

        <uri/>
      </address>
    </author>

    <author fullname="Haibo Wang" initials="H." surname="Wang">
      <organization>Huawei Technologies</organization>

      <address>
        <postal>
          <street>Huawei Bld., No.156 Beiqing Rd.</street>

          <city>Beijing</city>

          <code>100095</code>

          <country>China</country>
        </postal>

        <email>rainsword.wang@huawei.com</email>
      </address>
    </author>

    <date day="6" month="July" year="2026"/>

    <abstract>
      <t>The BGP SR Policy address family defines a mechanism to distribute
      Segment Routing (SR) policies from a centralized controller to head-end
      routers. However, pre-provisioning all candidate SR Policies across
      massive-scale networks impose significant control-plane memory and
      processing overhead on edge nodes. This document specifies an extension
      to the BGP Outbound Route Filtering (ORF) capability, leveraging the
      framework defined in RFC 5291. It introduces a new SR Policy Tuple ORF
      type that allows a head-end router to precisely request or subscribe to
      specific SR Policies based on a Color and Endpoint tuple, enabling pure
      on-demand, pull-based policy distribution.</t>

      <t/>
    </abstract>

    <note title="Requirements Language">
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
      "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
      "OPTIONAL" in this document are to be interpreted as described in BCP 14
      <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when,
      they appear in all capitals, as shown here.</t>
    </note>
  </front>

  <middle>
    <section title="Introduction">
      <t>Segment Routing Policy Architecture <xref target="RFC9256"/> enables
      traffic engineering by utilizing an ordered list of segments. In
      large-scale networks, manually or universally pushing thousands of
      distinct SR Policies to every provider edge (PE) router leads to severe
      scalability constraints. Many policies remain dormant, occupying
      valuable BGP Routing Information Base (RIB) resources without steering
      any active live traffic.</t>

      <t><xref target="RFC5291"/> defines a cooperative mechanism for Outbound
      Route Filtering (ORF), allowing a BGP speaker to advertise its route
      filtering entries to a peer. By advertising these filters, the upstream
      peer can suppress sending routes that would otherwise be dropped by the
      receiver.</t>

      <t>This document applies the RFC 5291 ORF framework to the BGP SR Policy
      NLRI (AFI 1, SAFI 73) <xref target="RFC9256"/>. By implementing an
      "On-Demand Pull" model, a head-end router dynamically sends a BGP
      ROUTE_REFRESH message containing the desired &lt;Color, Endpoint&gt;
      tuple ORF entries when a localized service or color-coded traffic flow
      becomes active. The centralized controller or Route Reflector (RR) then
      pushes only the matched policies, keeping the router's control-plane
      lightweight.</t>

      <t/>
    </section>

    <section title="BGP SR Policy ORF Capability Negotiation">
      <t>A BGP speaker supporting the mechanisms defined in this document MUST
      negotiate the Cooperative Route Filtering Capability as defined in <xref
      target="RFC5291"/>, using the BGP SR Policy AFI/SAFI (AFI=1,
      SAFI=73).</t>

      <t>The Capability Value fields MUST contain:</t>

      <t><list style="symbols">
          <t>AFI: 1 (IPv4) or 2 (IPv6)</t>

          <t>SAFI: 73 (BGP SR Policy)</t>

          <t>ORF Type: TBD (SR Policy Tuple ORF)</t>

          <t>Send/Receive: A head-end router sets this to "Receive-ORF"
          (0x01). A controller/RR sets this to "Send-ORF" (0x02).</t>
        </list></t>

      <t>BGP speakers MUST negotiate Capability Advertisements <xref
      target="RFC5492"/> for AFI=TBD1 / SAFI=TBD2 during the BGP session
      initialization phase.</t>
    </section>

    <section title="SR Policy Tuple ORF Type Encoding">
      <t>This document defines a new ORF type called SR Policy Tuple ORF
      (Suggested Value: TBD1 by IANA).</t>

      <t>An SR Policy is uniquely identified by the 2-tuple: `&lt;Color,
      Endpoint&gt;`. The type-specific entry encoded within the standard BGP
      ROUTE_REFRESH [RFC2918] ORF message body is structured as follows:</t>

      <t><figure>
          <artwork align="left"><![CDATA[
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Action (2b)  | Match (2b)    |       Reserved (4b)           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Color (32 bits)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  Endpoint Length (1 octet)                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               Endpoint Address (4 or 16 octets)               |
   ~                                                               ~
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


]]></artwork>
        </figure></t>

      <t/>

      <t><list style="symbols">
          <t>Action: Encoded as specified in <xref target="RFC5291"/> (ADD,
          REMOVE, or REMOVE-ALL).</t>

          <t>Match: Encoded as specified in <xref target="RFC5291"/>
          (Permit/Deny). In the context of "On-Demand Pull", a 'Permit' match
          behaves as a subscription request.</t>

          <t>Color: A 4-octet unsigned integer indicating the targeted Color
          value.</t>

          <t>Endpoint Length: 1 octet indicating the length of the Endpoint
          address. Typically 4 (IPv4) or 16 (IPv6).</t>

          <t>Endpoint Address: The network address representing the
          destination endpoint of the requested SR Policy.</t>
        </list></t>

      <t/>

      <t/>
    </section>

    <section title="Operational Procedures">
      <t/>

      <section title="Subscription Triggering (Head-End Node)">
        <t>By default, the upstream controller/RR applies an implicit "Deny
        All" outbound filter for SAFI 73 toward the head-end router until an
        ORF entry is received.</t>

        <t>When a service route (e.g., EVPN or VPNv4) with a specific BGP
        Color Extended Community is received by the head-end router, or when
        local traffic profiling demands steering toward `&lt;Color,
        Endpoint&gt;`, the router initiates the pull mechanism:</t>

        <t><list style="numbers">
            <t>The router constructs a BGP ROUTE_REFRESH message containing an
            SR Policy Tuple ORF entry.</t>

            <t>The Action field is set to ADD, and Match is set to Permit.</t>

            <t>The targeted Color and Endpoint are written into the respective
            fields.</t>

            <t>The router sends this message to its upstream controller or
            Route Reflector.</t>
          </list></t>

        <t/>
      </section>

      <section title="Policy Advertisement (Controller / Route Reflector)">
        <t>Upon receiving the ROUTE_REFRESH message with the SR Policy Tuple
        ORF:</t>

        <t><list style="numbers">
            <t>The controller parses the requested `&lt;Color,
            Endpoint&gt;`.</t>

            <t>It dynamic looks up or computes the segment lists satisfying
            the request.</t>

            <t>It dynamically constructs a BGP SR Policy UPDATE message
            containing the requested policy data and transmits it down to the
            head-end node.</t>
          </list></t>

        <t/>
      </section>

      <section title="Subscription Teardown / Deletion">
        <t>If the service route is withdrawn, or if the traffic flow ceases to
        exist over an implementation-specific idle timer, the head-end router
        MUST tear down the subscription. It sends a ROUTE_REFRESH message with
        Action set to REMOVE for that specific tuple. The upstream controller
        then withdraws the corresponding BGP SR Policy route to free up remote
        memory.</t>

        <t/>
      </section>
    </section>

    <section title="Security Considerations">
      <t>Malicious ORF injections could allow an attacker to trigger
      policy-request loops or flush out necessary policies on the controller,
      leading to Denial of Service (DoS). Standard BGP security practices,
      including GTSM <xref target="RFC5082"/> and TCP-AO <xref
      target="RFC5295"/>, MUST be enforced on the peering session.</t>

      <t/>
    </section>

    <section anchor="IANA" title="IANA Considerations">
      <t>This document requests IANA to define a new type code in the "BGP
      Outbound Route Filtering (ORF) Types" registry:</t>

      <t><figure>
          <artwork align="left"><![CDATA[
   o  Type: TBD1
   o  Description: SR Policy Tuple ORF
   o  Reference: [This-Document]

]]></artwork>
        </figure></t>

      <t/>
    </section>

    <section title="Contributors ">
      <t>The following people made significant contributions to this
      document:</t>

      <t><figure>
          <artwork align="left"><![CDATA[To be added.

]]></artwork>
        </figure></t>
    </section>

    <section anchor="Acknowledgements" title="Acknowledgements">
      <t>The authors would like to acknowledge the review and inputs from
      xxx.</t>
    </section>
  </middle>

  <back>
    <references title="Normative References">
      <?rfc include="reference.RFC.2119"?>

      <?rfc include='reference.RFC.4271'?>

      <?rfc include='reference.RFC.4456'?>

      <?rfc include='reference.RFC.4760'?>

      <?rfc include='reference.RFC.5082'?>

      <?rfc include='reference.RFC.5291'?>

      <?rfc include='reference.RFC.5295'?>

      <?rfc include='reference.RFC.5492'?>

      <?rfc include='reference.RFC.8174'?>

      <?rfc include='reference.RFC.8205'?>

      <?rfc include='reference.RFC.9256'?>
    </references>

    <references title="Informative References"/>
  </back>
</rfc>
