idnits 2.17.1 draft-chen-idr-flowspec-nrp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 13 instances of too long lines in the document, the longest one being 4 characters in excess of 72. ** The abstract seems to contain references ([I-D.hares-idr-flowspec-v2], [RFC8955]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (14 April 2022) is 743 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-10) exists of draft-bestbar-teas-ns-packet-08 ** Downref: Normative reference to an Informational draft: draft-bestbar-teas-ns-packet (ref. 'I-D.bestbar-teas-ns-packet') == Outdated reference: A later version (-25) exists of draft-ietf-teas-ietf-network-slices-10 ** Downref: Normative reference to an Informational draft: draft-ietf-teas-ietf-network-slices (ref. 'I-D.ietf-teas-ietf-network-slices') Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR R. Chen 3 Internet-Draft H. Wu 4 Intended status: Standards Track ZTE Corporation 5 Expires: 16 October 2022 14 April 2022 7 BGP Flow Specification for Network Resource Partition 8 draft-chen-idr-flowspec-nrp-00 10 Abstract 12 [RFC8955] defines BGP flow specification version 1 (FSv1) and 13 [I-D.hares-idr-flowspec-v2] defines BGP flow specification (FSv2) 14 protocol. This document proposes extensions to BGP Flow 15 Specification Version 2 to support IETF network slice filtering. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on 16 October 2022. 34 Copyright Notice 36 Copyright (c) 2022 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Revised BSD License text as 45 described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Revised BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 52 3. BGP Flow Specification Encoding for NRP . . . . . . . . . . . 3 53 3.1. Filtering Rules for NRP . . . . . . . . . . . . . . . . . 3 54 3.2. Traffic Action for NRP . . . . . . . . . . . . . . . . . 4 55 4. Application Example . . . . . . . . . . . . . . . . . . . . . 4 56 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 57 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 58 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 59 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 62 1. Introduction 64 [I-D.ietf-teas-ietf-network-slices] provides the definition of a 65 network slice for use within the IETF and discusses the general 66 framework for requesting and operating IETF Network Slices, their 67 characteristics, and the necessary system components and 68 interfaces.It also discusses the function of an IETF Network Slice 69 Controller and the requirements on its northbound and southbound 70 interfaces. 72 [I-D.bestbar-teas-ns-packet] introduces a Slice-Flow Aggregate as the 73 collection of packets (from one or more IETF network slice traffic 74 streams) that match an NRP Policy selection criteria and are offered 75 the same forwarding treatment. The NRP Policy is used to realize an 76 NRP by instantiating specific control and data plane resources on 77 select topological elements in an IP/MPLS network. The NRP 78 Identifier (NRP-ID) is globally unique within an NRP domain and that 79 can be used in the control or management plane to identify the 80 resources associated with the NRP. 82 The NRP-ID can be encapsulated in various data plane in order to 83 provide QoS on a per slice basis. In an IPv6 scenario, the NRP-ID 84 could be carried in either the IPv6 fixed header or the extension 85 headers. In an MPLS scenario, the NRP-ID could be carried in either 86 the MPLS label stack or following the MPLS label stack. 88 [RFC8955] defines BGP flow specification version 1 (FSv1) and 89 [I-D.hares-idr-flowspec-v2] defines BGP flow specification (FSv2) 90 protocol. This document proposes extensions to BGP Flow 91 Specification Version 2 to support IETF network slice filtering.It 92 specifies new FSv2 traffic Filters and Actions. 94 2. Requirements Language 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 98 document are to be interpreted as described in RFC 2119 [RFC2119]. 100 cloud transport network: It is usually a national or province 101 backbone network to achieve interconnection between multiple regional 102 clouds/core clouds deployed in the country/province. 104 3. BGP Flow Specification Encoding for NRP 106 [I-D.hares-idr-flowspec-v2] uses an NRLI with the format for AFIs for 107 IPv4 (AFI =1), IPv6 (AFI = 2), L2 (AFI = 6), L2VPN (AFI=25), and SFC 108 (AFI=31) with two following SAFIs to support transmission of the flow 109 specification which supports user ordering of traffic filters and 110 actions for IP traffic and IP VPN traffic. It defines FSv2 traffic 111 Filters and Actions. This document specifies new FSv2 traffic 112 Filters and Actions.This document specifies new FSv2 traffic Filters 113 and Actions. 115 3.1. Filtering Rules for NRP 117 [I-D.hares-idr-flowspec-v2] defines several types for FSv2 TLV format 118 of the NRLI, such as IP header rules, L2 traffic rules, SFC Traffic 119 rules, and others. This document defines a new IP sub-TLV type for 120 IETF slice network. 122 Function: This match applies to NRP-ID carried in the packet. 124 Encoding:< type (1 octet), length (1 octet), [operator, value] +>. 126 It contains a set of {operator, value} pairs that are used to match 127 NRP-ID. The operator field is encoded as specified in 128 Section 4.2.1.1 of [RFC8955]. 130 The value field is encoded as: 132 1 2 3 4 133 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 | NRP-ID | 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 138 3.2. Traffic Action for NRP 140 [I-D.hares-idr-flowspec-v2] defines the FSv2 actions may be sent in 141 an Extended Community or a Wide Community, and it defines the several 142 FSv2-Action in the Wide Community, such as, ACO (action chain 143 operation), TAIS (traffic actions per interface group) ,and others. 144 This document defines two new action in the Wide Community for IETF 145 slice network. 147 Function: NRP-ID Action. 149 Sub-TLV: TBD2 151 Length: 8 octets 153 Value: 155 [Action (1 octet)] 157 [NRP-ID (4 octets)] 159 Where Action: 161 +----------+------------------------------------------------------------+ 162 |Action | Function | 163 +----------+------------------------------------------------------------+ 164 | 0 | Encapsulate the NRP-ID | 165 +----------+------------------------------------------------------------+ 166 | 1 | Rewrite the NRP-ID | 167 +----------+------------------------------------------------------------+ 168 | 2 ~255 | Reserved | 169 +----------+------------------------------------------------------------+ 171 The location of the NRP-ID is determined according to local policy. 172 The location of the NRP-ID can also be carried in the NRP-ID action, 173 which can be discussed in subsequent versions. 175 4. Application Example 177 BGP FlowSpec Controller signals the filter Rules and action to 178 ingress node of a domain. [RFC8955], [RFC8956] and 179 [I-D.hares-idr-flowspec-v2] define several rule condition to match a 180 particular traffic flow, for example, the 5-tuple components (e.g. 181 destination IP address and source IP address ). 183 |<-------AS1------>| |<--------AS2----->| 184 +-----+ +------+ +------+ +-----+ 185 VPN 1,IP1..| PE1 |-----| ASBR1|------| ASBR2|------| PE2 |..VPN1,IP2 186 +-----+ +------+ +------+ +-----+ 187 | NRP-ID1 | | NRP-ID2 | 188 | --------->| |------------>| 190 Figure 1: Usage of FlowSpec with NRP-ID 192 An example of BGP-FS rule1 (locally conf igured) for PE1: 194 Filters: 195 destination ip prefix:IP2/32 196 source ip prefix:IP1/32 198 Actions: Wide Communities-- NRP-ID Action 199 Encapsulate the NRP-ID 201 Notice: In this example, it use the global NRP-ID. In some scenario, 202 each AS may have different NRP-ID, so the "Rewrite the NRP-ID" action 203 may be used for ASBR2. 205 Another example of BGP-FS rule2 (locally configured) for ASBR2: 207 Filters: 208 NRP-ID 210 Actions: Wide Communities-- NRP-ID Action 211 Rewrite the NRP-ID 213 5. Acknowledgements 215 TBD. 217 6. IANA Considerations 219 TBD. 221 7. Security Considerations 223 TBD. 225 8. Normative References 227 [I-D.bestbar-teas-ns-packet] 228 Saad, T., Beeram, V. P., Dong, J., Wen, B., Ceccarelli, 229 D., Halpern, J., Peng, S., Chen, R., Liu, X., Contreras, 230 L. M., Rokui, R., and L. Jalil, "Realizing Network Slices 231 in IP/MPLS Networks", Work in Progress, Internet-Draft, 232 draft-bestbar-teas-ns-packet-08, 2 February 2022, 233 . 236 [I-D.hares-idr-flowspec-v2] 237 Hares, S., Eastlake, D., Yadlapalli, C., and S. Maduschke, 238 "BGP Flow Specification Version 2", Work in Progress, 239 Internet-Draft, draft-hares-idr-flowspec-v2-05, 4 February 240 2022, . 243 [I-D.ietf-teas-ietf-network-slices] 244 Farrel, A., Drake, J., Rokui, R., Homma, S., Makhijani, 245 K., Contreras, L. M., and J. Tantsura, "Framework for IETF 246 Network Slices", Work in Progress, Internet-Draft, draft- 247 ietf-teas-ietf-network-slices-10, 27 March 2022, 248 . 251 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 252 Requirement Levels", BCP 14, RFC 2119, 253 DOI 10.17487/RFC2119, March 1997, 254 . 256 [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. 257 Bacher, "Dissemination of Flow Specification Rules", 258 RFC 8955, DOI 10.17487/RFC8955, December 2020, 259 . 261 [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., 262 "Dissemination of Flow Specification Rules for IPv6", 263 RFC 8956, DOI 10.17487/RFC8956, December 2020, 264 . 266 Authors' Addresses 268 Ran Chen 269 ZTE Corporation 270 Nanjing 271 China 272 Email: chen.ran@zte.com.cn 273 HaiSheng Wu 274 ZTE Corporation 275 Nanjing 276 China 277 Email: wu.haisheng@zte.com.cn