Network Working Group S. Kini, Ed. Internet-Draft Ericsson Intended status: Informational R. Folkes Expires: August 18, 2014 Juniper J. Medved Cisco R. Krishnan Brocade A. Ghanwani Dell February 14, 2014 Information model for Policy Based Routing draft-kini-i2rs-pbr-info-model-00 Abstract Policy Based Routing (PBR) is a generic term that describes functionality that currently exists in several routing systems where packets are routed, not just based on the destination address but rather based on a policy that is configured/programmed in the router. This document describes the information model for PBR as it exists in many current implementations. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 18, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. Kini, et al. Expires August 18, 2014 [Page 1] Internet-Draft Info model - Policy Based Routing February 2014 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Abbreviations and Terminology . . . . . . . . . . . . . . . . 3 3. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. PBR-RIB definition . . . . . . . . . . . . . . . . . . . . . 4 5. Routing Instance . . . . . . . . . . . . . . . . . . . . . . 4 6. Policy Route . . . . . . . . . . . . . . . . . . . . . . . . 4 7. Policy Action . . . . . . . . . . . . . . . . . . . . . . . . 5 8. Reading, writing and notifications . . . . . . . . . . . . . 6 9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 6 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 12. Security Considerations . . . . . . . . . . . . . . . . . . . 6 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 13.1. Normative References . . . . . . . . . . . . . . . . . . 6 13.2. Informative References . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Policy Based Routing (PBR) is a commonly used term that describes a capability that has existed on many routing systems for several years. However, PBR has not been described through an information model published as a standard. Most network operators and applications that want to configure/program PBR on a network element have used vendor specific mechanisms. Defining a standardized PBR information model can help to simplify the implementations of existing use-cases and to define new ones. Use cases that can benefit from PBR are described in [I-D.krishnan-i2rs-large-flow-use-case] and [I-D.white-i2rs-use-case]. The need to provide a standardized interface to the routing system's functionality is described in [I-D.ietf-i2rs-problem-statement]. The architecture for a standardized interface is described in [I-D.ietf-i2rs-architecture] and requires standardized data models. Kini, et al. Expires August 18, 2014 [Page 2] Internet-Draft Info model - Policy Based Routing February 2014 This document defines a PBR information model that is fundamental to developing a standardized data model for PBR. At a high level PBR is a specific forwarding behavior that is applied to traffic matched by a filter. Unlike destination address based forwarding, the match filter in PBR can use multiple fields of the traffic's protocol data units (PDUs). 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Abbreviations and Terminology PBR - Policy Based Routing PBF - Policy Based Forwarding (This abbreviation has been used in the industry synonymously with PBR. We do not use this abbreviation in this document) FBF - Filter Based Forwarding (This abbreviation has been used in the industry synonymously with PBR. We do not use this abbreviation in this document) I2RS - Interface to Routing System RIB - Routing Information Base PDU - Protocol Data Unit MPLS - Multi Protocol Label Switching PBR-RIB - Policy Based Routing - Routing Information Base 3. Scope The match filter is mainly restricted to IP (both IPv4 [RFC0791] and IPv6 [RFC2460]). MPLS may be included in a future revision of this document. Support for protocols encapsulated within IP is restricted to TCP [RFC0793], UDP [RFC0768], SCTP [RFC4960] and ICMP [RFC0792]. This will be extended to include more protocols in future revisions. Kini, et al. Expires August 18, 2014 [Page 3] Internet-Draft Info model - Policy Based Routing February 2014 4. PBR-RIB definition A PBR-RIB is an entity that contains an ordered list of policy routes and is analogous to the RIB defined in [I-D.ietf-i2rs-rib-info-model]. The data model MUST allow inserting into the ordered list at any position and deleting a previously added entry. Each PBR-RIB is contained within a routing instance. It is identified by a name that is unique within the routing instance and is in the same namespace as RIB names. A PBR-RIB has one of the following types - IPv4 or IPv6. Each PBR-RIB has the following optional fields: o interface-list: A list of interfaces of the same type as this PBR- RIB. It must be a subset of the interface-list of the routing instance in which this PBR-RIB is contained. o default-routing-RIB: A RIB of the same type contained in the same routing instance as this PBR-RIB. When a packet does not match any FIB entries installed using this PBR-RIB, then destination based forwarding using FIB entries installed using the default- routing-RIB is performed. 5. Routing Instance This document extends the routing-instance from [I-D.ietf-i2rs-rib-info-model] to contain PBR-RIBs. A routing instance can optionally contain multiple PBR-RIBs. Each interface of the routing instance can be associated with at most one PBR-RIB. Packets arriving on an interface associated with a PBR-RIB are forwarded using the FIB generated using the policy-routes of that PBR-RIB. 6. Policy Route A policy-route is a generalization of the route described in sec 2.3 of [I-D.ietf-i2rs-rib-info-model] and consists of a match-filter and an associated policy-action (see Section 7). When a packet successfully matches a match-filter, the corresponding policy-action is applied and the processing for that packet terminates. The match- filter is optional and when it is not specified, then the policy- action is applied as if the match was successful. If a match fails, then a match is attempted on the next policy-route in the order specified in that PBR-RIB. Failure to match the filter of any of the policy-routes in a PBR-RIB results in destination based forwarding using the FIB generated by the default-routing-RIB. If a default- routing-RIB is not specified, the packet is discarded. It should be noted that different implementations will vary in their capabilities for the type and number of matches and actions that they can perform. Kini, et al. Expires August 18, 2014 [Page 4] Internet-Draft Info model - Policy Based Routing February 2014 A mechanism to dynamically learn such capabilities is under discussion. The following types of operations are defined to build a match-filter expression to be used in a policy-route. 1. Match sub-expression on one of the IP PDU fields * Longest prefix match for IP source address or destination address. * An exact match or a range match for IP protocol type or IP-TOS /DSCP. * If the IP protocol type is one of TCP/UDP/SCTP then an exact or range match of the source port or the destination port. * If the IP protocol type is ICMP then an exact or range match of the ICMP code and/or the ICMP type. * PDU length range match. 2. A logical OR of the above sub-expressions for a given PDU field. 3. A logical negation of the above sub-expressions. This may contain zero or more logical OR sub-expressions of a given PDU field. 4. A logical AND of the above sub-expressions for the PDU fields. 7. Policy Action A policy-action is an ordered sequence of zero or more PDU manipulation/behavior actions followed by one PDU forwarding action. It is a named entity and has its own namespace. The following PDU manipulation/behavior actions are defined: o Set IP-TOS/DSCP. o A vendor-specific action. E.g. Apply a rate-limiter. This is outside the scope of this document. The following PDU forwarding actions are defined: o Drop packet and optionally generate ICMP o Forward to a specified nexthop. The nexthop is the same as defined in sec 2.4 of [I-D.ietf-i2rs-rib-info-model] Kini, et al. Expires August 18, 2014 [Page 5] Internet-Draft Info model - Policy Based Routing February 2014 o Forward by destination addressed based lookup of FIB entries installed using the default-routing-RIB 8. Reading, writing and notifications The PBR-RIB data model has reading, writing and notification requirements that are similar to those listed in [I-D.ietf-i2rs-rib-info-model]. 9. Open Issues Performing actions associated with multiple policy-routes when the packet successfully matches the match-filter of multiple policy routes. 10. Acknowledgements The authors would like to thank Alok Gulati and TBD for their review. 11. IANA Considerations This memo includes no request to IANA. 12. Security Considerations 13. References 13.1. Normative References [I-D.ietf-i2rs-architecture] Atlas, A., Halpern, J., Hares, S., Ward, D., and T. Nadeau, "An Architecture for the Interface to the Routing System", draft-ietf-i2rs-architecture-02 (work in progress), February 2014. [I-D.ietf-i2rs-problem-statement] Atlas, A., Nadeau, T., and D. Ward, "Interface to the Routing System Problem Statement", draft-ietf-i2rs- problem-statement-00 (work in progress), August 2013. [I-D.ietf-i2rs-rib-info-model] Bahadur, N., Folkes, R., Kini, S., and J. Medved, "Routing Information Base Info Model", draft-ietf-i2rs-rib-info- model-02 (work in progress), February 2014. Kini, et al. Expires August 18, 2014 [Page 6] Internet-Draft Info model - Policy Based Routing February 2014 [I-D.krishnan-i2rs-large-flow-use-case] ramki, r., Ghanwani, A., Kini, S., McDysan, D., and D. Lopez, "Large Flow Use Cases for I2RS PBR and QoS", draft- krishnan-i2rs-large-flow-use-case-03 (work in progress), February 2014. [I-D.white-i2rs-use-case] White, R., Hares, S., and A. Retana, "Protocol Independent Use Cases for an Interface to the Routing System", draft- white-i2rs-use-case-02 (work in progress), February 2014. [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980. [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, September 1981. [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007. 13.2. Informative References [RFC1104] Braun, H., "Models of policy based routing", RFC 1104, June 1989. Authors' Addresses Sriganesh Kini (editor) Ericsson Email: sriganesh.kini@ericsson.com Kini, et al. Expires August 18, 2014 [Page 7] Internet-Draft Info model - Policy Based Routing February 2014 Ron Folkes Juniper Email: ronf@juniper.net Jan Medved Cisco Email: jmedved@cisco.com Ram Krishnan Brocade Email: ramk@brocade.com Anoop Ghanwani Dell Email: anoop@alumni.duke.edu Kini, et al. Expires August 18, 2014 [Page 8]