| Internet-Draft | IPFIX for BGP VPN | November 2025 |
| Liu & Zhao | Expires 1 June 2026 | [Page] |
This document introduces new IP Flow Information Export (IPFIX) information elements to carry the egress PE information in IPFIX.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 1 June 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
BGP/MPLS VPN, as described in [RFC4364], is a method that uses BGP to exchange the routes of a particular VPN among the PE routers that are attached to that VPN. And each route within a VPN is assigned an MPLS label.¶
Typical MPLS VPN scenarios include:¶
For SRv6 VPN services, [RFC9252] defines procedures and messages for SRv6-based BGP services, including L3VPN, EVPN, and Internet services. SRv6 Service SID refers to an SRv6 SID associated with one of the service-specific SRv6 Endpoint Behaviors on the advertising PE router.¶
As in [RFC9252], typical SRv6 VPN scenario includes:¶
When monitoring traffic flows on the ingress PE in a network with BGP VPN deployed, the network monitor may want to know the following information:¶
This document introduces new IP Flow Information Export (IPFIX) information elements to carry the egress PE information in IPFIX.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document makes use of the terms defined in [RFC7011], [RFC8402] and [RFC9252].¶
The following terms are used as defined in [RFC7011]:¶
The following terms are used as defined in [RFC8402]:¶
The following terms are used as defined in [RFC9252]:¶
The following subsections defines different types of IEs to fulfill the requirement to obtain the egress PE information via IPFIX.¶
Two new IEs are defined in this section to identify the next hop address of the BGP VPN route. One for IPv4 address and the other for IPv6 address. The BGP next hop address is an address of the egress PE router as in [RFC4364].¶
bgpVpnNextHopIPv6Address¶
TBD2¶
The 128-bit IPv6 address on the egress PE which is used as the next hop address of the BGP VPN route.¶
default¶
ipv6Address¶
See [RFC4659] for more information about the IPv6 Next Hop Network Address.¶
This document.¶
In the case of SRv6 VPN, another choice to be aware of the egress PE information is to export the locator information of the SRv6 service SID, since generally the SRv6 locators are well planned in the network, and different PEs are usually assigned with different locators.¶
[RFC9487] defines IE "srhSegmentIPv6" and IE "srhSegmentIPv6LocatorLength", and it enables the calculation of the SRv6 Locator when the two IEs are used together. However, the requirement to export the locator of the SRv6 service SID can not be fulfilled using "srhSegmentIPv6" and "srhSegmentIPv6LocatorLength" due to the following reasons:¶
To export locator of the SRv6 Service SID which is advertised via BGP VPN routes, the following IEs are defined, and this method is applicable for both SRv6-TE and SRv6-BE scenario.¶
srv6ServiceSidLocator¶
TBD3¶
The Locator of the SRv6 Service SID signaled by the egress PE via BGP.¶
default¶
ipv6Address¶
See [RFC9252] for more information about the SRv6 service SID. See Section 3.1 of [RFC8986] for more details about the SID format.¶
This document.¶
srv6ServiceSidLocatorLength¶
TBD4¶
The length of the SRv6 Locator of the SRv6 service SID specified as the number of significant bits. Together with srv6ServiceSid, it enables the calculation of SRv6 Locator of the SRv6 service SID.¶
default¶
default¶
See Section 3.1 of [RFC8986] for more details about the SID format.¶
This document.¶
The IE bgpNextHopIPv4Address(18) and bgpNextHopIPv6Address(63) define the IPv4/IPv6 address of the next (adjacent) BGP hop. If BGP VPN route is the only BGP route deployed on the PE, IE 18 and IE 63 MAY be used to indicate the next hop address of the BGP VPN route. However, when there're many types of BGP route used in the network(e.g., BGP VPN [RFC4364] is used together with BGP-LU[RFC8277]), it is not clear which type of the BGP route the next BGP hop carried in IE 18 or IE 63 belongs to. In this case, using bgpVpnNextHopIPv4Address and bgpVpnNextHopIPv6Address defined in this document to carry the next hop address of the BGP VPN route is more appropriate.¶
In the multi-as backbones, if inter-AS option A or option B with BGP next-hop changed are used as described in Section 10 of [RFC4364], the address of the egress PE can't be obtained via "bgpVpnNextHopIPv4Address" or "bgpVpnNextHopIPv6Address" since the next hop address of the BGP VPN route received by the ingress PE is not the address of the egress PE.¶
There are no additional security considerations regarding allocation of these new IPFIX IEs compared to [RFC7012].¶
Other security considerations for BGP/MPLS VPN in [RFC4364] and for BGP Overlay Services Based on SRv6 in [RFC9252] apply to this document.¶
This document requests IANA to create new IEs under the "IPFIX Information Elements" registry [RFC7012] available at [IANA-IPFIX].¶
| Element ID | Name | Reference |
| TBD1 | bgpVpnNextHopIPv4Address | Section 3.1.1 |
| TBD2 | bgpVpnNextHopIPv6Address | Section 3.1.2 |
| TBD3 | srv6ServiceSidLocator | Section 3.2.1 |
| TBD4 | srv6ServiceSidLocatorLength | Section 3.2.2 |