Internet DRAFT - draft-li-idr-flowspec-redirect-generalized-sid
draft-li-idr-flowspec-redirect-generalized-sid
Network Working Group Z. Li
Internet-Draft S. Zhuang
Intended status: Standards Track N. Wu
Expires: September 22, 2016 Huawei Technologies
March 21, 2016
BGP FlowSpec Redirect to Generalized Segment ID Action
draft-li-idr-flowspec-redirect-generalized-sid-00
Abstract
This document defines a new type of the redirect extended community,
called as Redirect to Generalized Segment ID Extended Community.
When activated, the Redirect to Generalized Segment ID Extended
Community is used by BGP FlowSpec Controller to signal the specific
redirecting action to BGP Flowspec Client, and then the BGP Flowspec
Client will use the Generalized Segment ID and the Segment Type to
find a local forwarding entity in a local mapping table.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 22, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
Li, et al. Expires September 22, 2016 [Page 1]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3
3. Redirect to Generalized Segment ID Extended Community . . . . 3
4. Using Redirect to Generalized Segment ID Extended Community . 5
5. Validation Procedures . . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Segment Routing [I-D.ietf-spring-segment-routing] for unicast traffic
has been proposed to cope with the usecases in traffic engineering,
fast re-reroute, service chain, etc. Segment Path Programming (SPP)
[I-D.li-spring-segment-path-programming] generalizes more use cases
based on segment and proposes the concept of Segment Path
Programming. In the field of Segment Path Programming: 1. The
Segment used in the programmed segment path is not only used in the
forwarding plane, but also used in the control plane. 2. The
programmed segment path is not only used in the transport layer, but
also used in the service layer.
[RFC5575] defines the flow specification (FlowSpec) that allows to
convey flow specifications and traffic Action/Rules associated (rate-
limiting, redirect, remark ...). BGP Flow specifications are encoded
within the MP_REACH_NLRI and MP_UNREACH_NLRI attributes. Rules
(Actions associated) are encoded in Extended Community attribute.
The BGP Flow Specification function allows BGP Flow Specification
routes that carry traffic policies to be transmitted to BGP Flow
Specification peers to control attack traffic.
Now the drafts of BGP Flowspec for redirecting to VRF/IP/Tunnel keep
the traditional way to extend BGP FlowSpec to redirect to an entity
Li, et al. Expires September 22, 2016 [Page 2]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
with explicit meaning which has been defined clearly in the existing
work.
We can reuse some work of segment routing and generalize the concept
of Segment, and then it can provide a base for the abstracted view of
different forwarding entities. Since now segment ID can be the
indicator of interface, node, tunnel, if we do not map segment ID to
MPLS label or IPv6 address, it can be an identifier of all kinds of
forwarding entities in the control plane which can be used outside.
This document defines a new type of the redirect extended community,
called as Redirect to Generalized Segment ID Extended Community.
When activated, the Redirect to Generalized Segment ID Extended
Community is used by BGP FlowSpec Controller to signal the specific
redirecting action to BGP Flowspec Client, and then the BGP Flowspec
Client will use the Generalized Segment ID and Segment Type to find a
local forwarding entity in a local mapping table.
Existing technologies (BGP, IGP, LDP, SR, RSVP, Manual-Config, etc...
) can be used to setup the mapping tables per segment type.
2. Definitions and Acronyms
o FS: Flow Specification
o SR: Segment Routing
o SID: Segment Identifier
o GSID: Generalized Segment ID
o SPP: Segment Path Programming
3. Redirect to Generalized Segment ID Extended Community
This document defines a new type of the redirect extended community,
called as Redirect to Generalized Segment ID Extended Community.
This extended community is a new transitive extended community with
the Type is TBD1 and the Sub-Type field is TBD2.
This document defines the following Redirect to Generalized Segment
ID Extended Community:
Li, et al. Expires September 22, 2016 [Page 3]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=TBD1 | Sub-Type=TBD2 | Flags(1 octet)| Segment Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Generalized Segment ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Redirect to Generalized Segment ID Extended Community Format
Where:
Type: 1 octet, to be assigned by IANA
Sub-Type: 1 octet, to be assigned by IANA
Flags: 1 octet field, TBD
Segment Type: 1 octet, Per [I-D.li-spring-segment-path-programming],
the Segment Type includes:
o 1 - Node Segment
o 2 - Agency Segment
o 3 - AS (Autonomous System) Segment
o 4 - Anycast Segment
o 5 - Multicast Segment
o 6 - Tunnel Segment (Tunnel Binding Segment )
o 7 - VPN Segment
o 8 - OAM Segment
o 9 - ECMP (Equal Cost Multi-Path) Segment
o 10 - QoS Segment
o 11 - Bandwidth-Guarantee Segment
o 12 - Security Segment
o 13 - Multi-Topology Segment
o etc.
Li, et al. Expires September 22, 2016 [Page 4]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
Generalized Segment ID: 4 octets, it can be used to find a local
forwarding entity in the mapping table designated by the Segment
Type.
4. Using Redirect to Generalized Segment ID Extended Community
In the transport layers, there can be multiple tunnels with different
constraints to one specific destination. In the traditional way, the
tunnel is set up by the distributed forwarding nodes. As the PCE-
initiated LSP setup [I-D.ietf-pce-pce-initiated-lsp]is introduced,
the tunnel setup can be triggered by the central controlled way. In
order to satisfy the different service requirements, it is necessary
to provide the capability to flexibly map the service to different
tunnels. Since the central control point has enough information
based on the whole network view, it can be an effective way to map
the service to the tunnel by the central point and advertise the
mapping information to the end-points of the service to guide the
mapping in the forwarding node.
The method to implement mapping service to tunnels can directly
introduce the tunnel attribute to specify the tunnel proposed by [I-
D.li-idr-mpls-path-programming]. [I-D.li-spring-tunnel-segment]
proposes one new type of segment, Tunnel Segment, which can provide
an alternative way to implement mapping service to tunnels. In the
following figure, the central controller can trigger to set up the
MPLS TE tunnels through PCE-initiated LSP and allocate Segment ID for
the tunnel in the Node-1.
+------------+
| Central |
| Controller |
+------------+
^ Tunnel Binding
| SID (Z)
| .-----.
| ( )
V .--( )--.
+-------+ ( ) +-------+
| |_( IP/MPLS Network )_| |
|Node-1 | ( ================> ) |Node-2 |
+-------+ (MPLS TE/IP Tunnel) +-------+
'--( )--'
( )
'-----'
Figure 2: Using Tunnel Segment for Mapping Service to Tunnel
Li, et al. Expires September 22, 2016 [Page 5]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
The central controller can send a flowspec route to Node-1 with a
'Redirect to Generalized Segment ID' Extended Community to map a
specfic service to the tunnel segment identified by the Segment Type
and Generalized Segment ID.
When Node-1 receives a flowspec route with a 'Redirect to Generalized
Segment ID' Extended Community. It installs a traffic filtering rule
that matches the packets described by the NLRI field and redirects
them to the tunnel with the Generalized Segment ID.
5. Validation Procedures
The validation check described in [RFC 5575] and revised in
[I-D.ietf-idr-bgp-flowspec-oid] SHOULD be applied by default to
received flowspec routes with a Redirect to Generalized Segment ID
Extended Community. This means that a flowspec route with a
destination prefix subcomponent SHOULD NOT be accepted from an EBGP
peer unless that peer also advertised the best path for the matching
unicast route.
6. IANA Considerations
TBD.
7. Security Considerations
TBD.
8. Acknowledgements
TBD.
9. References
[I-D.ietf-idr-bgp-flowspec-oid]
Uttaro, J., Filsfils, C., Smith, D., Alcaide, J., and P.
Mohapatra, "Revised Validation Procedure for BGP Flow
Specifications", draft-ietf-idr-bgp-flowspec-oid-03 (work
in progress), March 2016.
[I-D.ietf-isis-segment-routing-extensions]
Previdi, S., Filsfils, C., Bashandy, A., Gredler, H.,
Litkowski, S., Decraene, B., and J. Tantsura, "IS-IS
Extensions for Segment Routing", draft-ietf-isis-segment-
routing-extensions-06 (work in progress), December 2015.
Li, et al. Expires September 22, 2016 [Page 6]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
[I-D.ietf-spring-segment-routing]
Filsfils, C., Previdi, S., Decraene, B., Litkowski, S.,
and R. Shakir, "Segment Routing Architecture", draft-ietf-
spring-segment-routing-07 (work in progress), December
2015.
[I-D.li-spring-segment-path-programming]
Li, Z. and I. Milojevic, "Segment Path Programming (SPP)",
draft-li-spring-segment-path-programming-00 (work in
progress), October 2015.
[I-D.li-spring-tunnel-segment]
Li, Z. and N. Wu, "Tunnel Segment in Segment Routing",
draft-li-spring-tunnel-segment-01 (work in progress),
March 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006,
<http://www.rfc-editor.org/info/rfc4271>.
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760,
DOI 10.17487/RFC4760, January 2007,
<http://www.rfc-editor.org/info/rfc4760>.
[RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement
with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February
2009, <http://www.rfc-editor.org/info/rfc5492>.
[RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J.,
and D. McPherson, "Dissemination of Flow Specification
Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009,
<http://www.rfc-editor.org/info/rfc5575>.
Authors' Addresses
Li, et al. Expires September 22, 2016 [Page 7]
Internet-Draft FlowSpec Redirect to GSID Action March 2016
Zhenbin Li
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: lizhenbin@huawei.com
Shunwan Zhuang
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: zhuangshunwan@huawei.com
Nan Wu
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: eric.wu@huawei.com
Li, et al. Expires September 22, 2016 [Page 8]