BGP Flow Specification
for SRv6Huawei156 Beiqing RoadBeijing, 100095P.R. Chinalizhenbin@huawei.comHuawei156 Beiqing RoadBeijing100095P.R. Chinalily.lilei@huawei.comFutureweiBoston, MAUSAHuaimo.chen@futurewei.comNext Layer CommunicationsMariahilfer Guertel 37/7Vienna1150ATcl@tix.atVerizon Inc.13101 Columbia PikeSilver SpringMD 20904USA 301 502-1347gyan.s.mishra@verizon.comCasa SystemsUSAyfan@casa-systems.comChina Telecom109, West Zhongshan Road, Tianhe DistrictGuangzhou510000Chinazhuyq8@chinatelecom.cnFujitsuUSAliulei.kddi@gmail.comVolta NetworksMcLeanVAUSAxufeng.liu.ietf@gmail.comThis document proposes extensions to BGP
Flow Specification for SRv6 for
filtering packets with a SRv6 SID that matches a sequence of
conditions.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP
14
when, and only when, they appear in all capitals,
as shown here. describes in details about
a new BGP NLRI to distribute a flow specification, which is an
n-tuple comprising a sequence of matching criteria that can be applied
to IP traffic.
extends
to make it
also usable and applicable to IPv6 data packets.
extends the flow-spec rules for layer 2 Ethernet packets.
specifies BGP Flow Specification Version 2.Segment Routing (SR) for unicast traffic has been proposed to cope
with the usecases in traffic engineering, fast re-reroute, service
chain, etc. SR architecture can be implemented over an IPv6 data plane
using a new type of IPv6 extension header
called Segment Routing Header (SRH) . SRv6 Network
Programming
defines the SRv6 network programming concept and its most basic
functions. An SRv6 SID may have the form of LOC:FUNCT:ARG::.LOC: Each operator is free to use the locator length it chooses. Most
often the LOC part of the SID is routable and leads to the node which
instantiates that SID.FUNCT: The FUNCT part of the SID is an opaque identification of a
local function bound to the SID. (e.g. End: Endpoint, End.X, End.T,
End.DX2 etc.).ARG: A function may require additional arguments that would be
placed immediately after the FUNCT.This document specifies one new BGP Flow Specification (FS)
component type to
support Segment Routing over IPv6 data plane (SRv6) filtering
for BGP Flow Specification Version 2.
The match
field is destination address of IPv6 header, but it's a SRv6 SID from
SRH rather than a traditional IPv6 address (refer to
).
To support these features, a Flowspec version that is IPv6 capable
(i.e., AFI = 2) MUST be used.
These match capabilities of the features MAY be
permitted to match when there is an accompanying SRH.FS: Flow SpecificationBGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS)SR: Segment RoutingSRH: SR Header.SRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6
packets on the network based on the concept of source routing.SID: Segment IdentifierBSID: Binding SIDThe Flow Specification NLRI-type consists of several optional
components, each of which begins with a type field (1 octet) followed
by a variable length parameter. 13 component types are defined in
and
for IPv4 and IPv6.
This document defines one component type for SRv6. defines the format of SID is
LOC:FUNCT:ARG::.
In some scenarios, traffic packets can just match Locator,
Function ID, Arguments or some combinations of these
different fields.
In order to match a part of SID, its prior parts
need to be examined and matched first.
For example, in order to match
the Function ID (FUNCT), the Locator (LOC)
needs to be examined and matched first.
The new component type TBD1 defined below is
for matching some parts of SID.Encoding: <type, LOC-Len, FUNCT-Len, ARG-Len, [op, value]+>This indicates the new
component type (TBD1, which is to be assigned by IANA).This indicates the length in
bits of LOC in SID.This indicates the length in
bits of FUNCT in SID.This indicates the length in
bits of ARG in SID.This contains a list of {operator, value}
pairs that are used to match some parts of SID.The total of three lengths
(i.e., LOC length + FUNCT length + ARG length)
MUST NOT be greater than 128.
If it is greater than 128, an error occurs and
Error Handling is applied according to
and .The operator (op) byte is encoded as:
where
the behavior of each operator bit has clear symmetry with that of
's
Numeric Operator field. e - end-of-list bit. Set in the last {op, value} pair in the
sequence.a - AND bit. If unset, the previous term is logically ORed with the
current one. If set, the operation is a logical AND. It should be unset
in the first operator byte of a sequence. The AND operator has higher
priority than OR for the purposes of evaluating logical expressions.field type:
SID's LOCSID's FUNCTSID's ARGSID's LOC:FUNCTSID's FUNCT:ARGSID's LOC:FUNCT:ARGFor an unknown type,
Error Handling is applied according to
and .
lt - less than comparison between data' and value'.gt - greater than comparison between data' and value'.eq - equality between data' and value'.The data' and value' used in lt, gt and eq
are indicated by the field type in a operator and
the value field following the operator.The value field depends on the field type and
has the value of SID's some parts
rounding up to bytes (refer to the table below). An example of a Flow Specification NLRI encoding for:
all SRv6 packets to LOC 2001:db8:3::/48 and
FUNCT {range [0100, 0300]}.No new security issues are introduced to the BGP protocol by this
specification over the security considerations in
and
.Under "Flow Spec Component Types" registry,
IANA is requested to assign the following values:The authors would like to thank
Joel Halpern, Jeffrey Haas,
Ketan Talaulikar, Aijun Wang, Dhruv Dhody,
Shunwan Zhuang and Rainsword Wang
for their valuable suggestions and comments on this draft.