idnits 2.17.1 draft-dmc-idr-flowspec-tn-aware-mobility-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 6 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 10, 2021) is 1019 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC7432' is mentioned on line 150, but not defined == Missing Reference: 'EXT-TN-AWARE-Mobility' is mentioned on line 158, but not defined == Missing Reference: 'FlowSpec-path-redirect' is mentioned on line 227, but not defined == Unused Reference: 'RFC2119' is defined on line 337, but no explicit reference was found in the text == Unused Reference: 'RFC5440' is defined on line 348, but no explicit reference was found in the text == Unused Reference: 'SRv6-Flowspec-path-redirect' is defined on line 355, but no explicit reference was found in the text == Unused Reference: 'BGP-SR-TE-POLICY' is defined on line 366, but no explicit reference was found in the text == Unused Reference: 'SDWAN-BGP-USAGE' is defined on line 370, but no explicit reference was found in the text == Unused Reference: 'SDWAN-Edge-Discover' is defined on line 373, but no explicit reference was found in the text == Outdated reference: A later version (-12) exists of draft-ietf-idr-flowspec-path-redirect-11 == Outdated reference: A later version (-11) exists of draft-ietf0-idr-srv6-flowspec-path-redirect-05 == Outdated reference: A later version (-09) exists of draft-clt-dmm-tn-aware-mobility-07 == Outdated reference: A later version (-08) exists of draft-mcd-rtgwg-extension-tn-aware-mobility-01 == Outdated reference: A later version (-26) exists of draft-ietf-idr-segment-routing-te-policy-09 Summary: 1 error (**), 0 flaws (~~), 15 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 RTG Working Group L. Dunbar 2 Internet Draft Futurewei 3 Intended status: Standard track K. Majumdar 4 Expires: October 10, 2022 CommScope 5 U. Chunduri 6 Intel 7 July 10, 2021 9 BGP Dissemination of FlowSpec for Transport Aware Mobility 10 draft-dmc-idr-flowspec-tn-aware-mobility-01 12 Abstract 14 This document defines a BGP Flow Specification (flowSpec) 15 extension to disseminate flows from 5G mobile networks so that the 16 5G mobile systems slices and Service Types (SSTs) can be mapped to 17 optimal underlying network paths in the data network outside the 18 5G UPFs, or the N6 interface in 3GPP 5G Architecture [3GPP TR 19 23.501]. 21 Status of this Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF), its areas, and its working groups. Note that 28 other groups may also distribute working documents as Internet- 29 Drafts. 31 Internet-Drafts are draft documents valid for a maximum of six 32 months and may be updated, replaced, or obsoleted by other 33 documents at any time. It is inappropriate to use Internet-Drafts 34 as reference material or to cite them other than as "work in 35 progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html 42 This Internet-Draft will expire on April 23, 2021. 44 Copyright Notice 46 Copyright (c) 2021 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with 54 respect to this document. Code Components extracted from this 55 document must include Simplified BSD License text as described in 56 Section 4.e of the Trust Legal Provisions and are provided without 57 warranty as described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction................................................2 62 2. Conventions used in this document...........................3 63 3. TN-Aware matching conditions................................4 64 4. Redirect a flow over an underlay tunnel.....................6 65 5. FlowSpec Redirect to Indirection-ID Non-Transitive Extended 66 Community......................................................8 67 6. IANA Considerations.........................................9 68 7. Security Considerations.....................................9 69 8. Contributors................................................9 70 9. References..................................................9 71 9.1. Normative References...................................9 72 9.2. Informative References.................................10 73 10. Acknowledgments............................................10 74 Authors' Addresses.............................................12 76 1. Introduction 78 The [TN-AWARE-MOBILITY-EXT] describes a framework for extending 79 the mobility aware transport network characteristics through the 80 Data Network outside the 5G UPFs. 82 +-----------+ +------+ 83 | | | | 84 UE---| gNB-CU(UP)|------| UPF +|--------DN------- 85 | | | C-PE | 86 +-----------+ +------+ 88 |- N3 OR N9 -||----N6 -------------| 90 |------ Mobile Network ----||-- IP Network-------| 92 Figure 1: Mobile and IP Data Network for UE 94 The 5G UPF terminates the 5G GTP tunnels from gNB and pass the IP 95 packets to the N6 data networks, which deliver the packets over 96 hybrid paths, like MPLS, SR paths, Private-IP, or public Internet 97 to reach the packets' destinations. 99 This document focuses on using FlowSpec to disseminate rules that 100 utilize the mobility aware transport network characteristics to 101 forward 5G flows. 103 Border Gateway Protocol (BGP) Flow Specification (FlowSpec) 104 [RFC8955] and FlowSpec for IPv6 [RFC8956] leverage the BGP Control 105 Plane to simplify the distribution of rules for the specified 106 flows. FlowSpec filter rules can be injected to all BGP peers 107 simultaneously without changing router configuration. 109 2. Conventions used in this document 111 BSID - Binding SID 113 DC - Data Center 115 DN - Data Network (5G) 117 EMBB - enhanced Mobile Broadband (5G) 119 gNB - 5G NodeB 120 GTP-U - GPRS Tunneling Protocol - Userplane (3GPP) 122 MIOT - Massive IOT (5G) 124 PECP - Path Computation Element (PCE) Communication Protocol 126 SD-WAN - Software-Defined Wide Area Network 128 SID - Segment Identifier 130 SLA - Service Layer Agreement 132 SST - Slice and Service Types (5G) 134 SR - Segment Routing 136 SR-PCE - SR Path Computation Element 138 UE - User Equipment 140 UPF - User Plane Function (5G) 142 URLLC - Ultra reliable and low latency communications (5G) 144 3. TN-Aware matching conditions 146 [RFC8955] defines a BGP Network Layer Reachability Information 147 (NLRI) format used to distribute traffic flow specification rules. 148 The NLRI for (AFI=1, SAFI=133) specifies IPv4 unicast filtering. 149 The NLRI for (AFI=1, SAFI=134) specifies IPv4 BGP/MPLS VPN 150 filtering [RFC7432]. The Flow Specification match part defined in 151 [RFC8955] includes L3/L4 information like IPv4 source/destination 152 prefix, protocol, ports, and the like, so traffic flows can be 153 filtered based on L3/L4 information. This has been extended by 154 [RFC8956] to cover IPv6 (AFI=2) L3/L4. 156 The NLRI FlowSpec components described in RFC8955 and RFC8956 are 157 adequate for specifying the UDP Source Port Range which is used to 158 differentiate SLAs of flows from UPFs [EXT-TN-AWARE-Mobility]. 160 The Ingress PE, which is either a function inside UPF or directly 161 connected to UFP, acting as BGP FlowSpec Receiver is assumed to 162 have a BGP FlowSpec session with the FlowSpec Controller. The 163 Mobility traffic destination would resolve in the BGP Peer Next 164 Hop in the data network. The BGP FlowSpec Controller would be 165 programmed with {5G UDP Src Port Range} to map different SSTs 166 defined in [TN-AWARE-MOBILITY] to create internal mapping Table 167 for {5G UDP Src Port Range} < -- > {BGP FlowSpec Generalized 168 Indirection-ID}. The Mobility IP packets coming out of the UPF, 169 i.e., GTP header being decapsulated, carrying specific UDP Source 170 Port can be classified based on the matching policy carried by the 171 FlowSpec NLRI. 173 For example, to filter out flows with source UDP port number 174 between [i, j], the following encoding can be used in the NLRI 175 (SAFI=133 or SAFI 134): 177 Encoding 179 181 183 185 Numberic_Op1 is: 187 0 1 2 3 4 5 6 7 188 +---+---+---+---+---+---+---+---+ 189 | e | a | len | 0 |lt |gt |eq | 190 | 0 | 1 | 00 | 0 | 0 | 1 | 0 | 191 +---+---+---+---+---+---+---+---+ 193 Numberic_Op2 is: 195 0 1 2 3 4 5 6 7 196 +---+---+---+---+---+---+---+---+ 197 | e | a | len | 0 |lt |gt |eq | 198 | 1 | 1 | 00 | 0 | 1 | 0 | 0 | 199 +---+---+---+---+---+---+---+---+ 201 Where len ==0, meaning two bytes of value [i] follows the 202 Numeric_op1 and two bytes of value [j] follows the Numberic_op2. 204 The "numeric_op3" and "numeric_op4" are for comparing the source 205 and destination addresses of the UE traffic. 207 4. Redirect a flow over an underlay tunnel 209 For the flows matching with the filter conditions carried by the 210 FlowSpec NLRI, the policy for redirect path can indicate a set of 211 underlay tunnels or one underlay tunnel. 213 As the action of taking specific underlay tunnels is performed by 214 the headend router, a non-transitive Extended Community for Path 215 Redirect [Flowspec-path-redirect] and [SRv6-flowspec-path- 216 redirect] should be used. 218 [IANA Action: need a new type: 220 0x49 FlowSpec Redirect to Indirection-id Non-transitive 221 Extended Community. 223 ] 225 For hierarchical RR deployments where the FlowSpec rules need to 226 be propagated, the Transitive Path Redirect Extended Community 227 [FlowSpec-path-redirect] can be used. 229 The below figure tries to capture the overall topology, showing 230 the mobility traffic from UPF being redirected to different paths 231 per the BGP FlowSpec from the Controller: 233 +-----------+ +----+{5G UDP Src Port Range} 234 | FlowSpec |-->| Map| <--> 235 | Controller| | DB |{Generalized Indirection-ID} 236 +-----------+ +----+ 237 / 238 / 239 / BGP FlowSpec NLRI with 5G 240 BGP FlowSpec / Src-Pfx, Dst-Pfx, UDP Source Port Range 241 Session / 242 / BGP FlowSpec Redirect 243 / Indirection-ID Ext Comm / 244 / /Public 245 / MIOT / Cloud 246 / +------/ 247 +-------+ Ind-ID1: UDP Src Port Xx-Xy / 248 | A1-------------------------------+ 249 | | Ind-ID2: UDP Src Port Yx-Yy URLLC 250 UE------| UPF + A2-------------------------------------Internet 251 | PE1 | Ind-ID3: UDP Src Port Zx-Zy 252 | A3-------------------------------+ 253 | | \ 254 +-------+ +-----+ 255 {UE Src IP, UE Dst IP, UDP Src Port Num# <--> \ 256 FlowSpec Ind-ID# -> Transport Hdr} EMBB \ 257 \ 259 ----------> 260 +------+----------+-------+-----+----------+ 261 | Data | Inner IP | GTP-U | UDP | Outer IP | 262 +------+----------+-------+-----+----------+ 264 ----------> 265 +------+----------+------------------+ 266 | Data | Inner IP | Transport Header | 267 +------+----------+------------------+ 269 Figure 2: TN Aware Mobility Traffic Mapping to FS Redirect Path 271 5. FlowSpec Redirect to Indirection-ID Non-Transitive Extended 272 Community 274 This section defines "FlowSpec Redirect to Indirection-ID Non- 275 Transitive Extended Community for IPSec Tunnel ID". The format of 276 this extended community is shown below: 278 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 | Type |IPSecSA SubType| Flags(1 octet)|IPSecSA ID-Type| 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 | IPsec Tunnel ID (4 octets) | 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 Figure 3: Redirect to Ind-ID Ext Community for IPSec Tunnel 286 Where 288 Type = 0x49 (to be assigned by IANA): Non-Transitive FlowSpec 289 Redirect to Indirection-ID Extended Community for IPSec Tunnel ID. 291 [Note: Type = 0x09 for Transitive FlowSpec Redirect to 292 Indirection-ID Extended Community can also be used for 293 Hierarchical deployment, where the FlowSpec Update needs to be 294 propagated] 296 IPSec SA Sub-Type: 1 octet, its value (TBD) will be assigned by 297 IANA to indicate the ID carried by the Extended Community is IPsec 298 SA ID. Assuming the IPsec SA is pre-established, its Security 299 Association (SA) ID is within a single administrative domain a 300 globally unique identifier. The allocation and establishment of 301 the IPsec SA among peers is outside scope of the document. 303 Flags: Same as that defined in [Flowspec-path-redirect]. 305 IPSec SA ID-Type: 1 octet value. Here is the new value needed for 306 IPsec IPv4 tunnel (to be assigned by IANA) 308 v1 - Inner Encap type = IPSec+GRE 309 v2 - Inner Encap type = IPSec+Vxlan 311 6. IANA Considerations 313 This draft needs an IANA code point allocation for the Non- 314 Transitive FlowSpec Redirect to Indirection-ID Extended Community. 316 Type: Non-Transitive FlowSpec Redirect to Indirection-ID 317 Extended Community for IPSec Tunnel ID. 319 IPsec SA Sub-Type: 321 IPSec SA ID-Type: 322 v1 - Inner encap type = IPSec+GRE 323 v2 - Inner encap type = IPSec+Vxlan 325 7. Security Considerations 327 TBD. 329 8. Contributors 331 The following people have contributed to this document. 333 9. References 335 9.1. Normative References 337 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 338 Requirement Levels", BCP 14, RFC 2119, March 1997. 340 [RFC8955] C. Loibl, et al, "Dissemination of Flow specification 341 Rules", Dec 2020. 343 [RFC8956] C. Loibl, et, al, "Dissemination of Flow Specification 344 Rules for IPv6". Dec 2020. 346 9.2. Informative References 348 [RFC5440] JP. Vasseur, Ed., JL. Le Roux, Ed., "Path Computation 349 Element (PCE) Communication Protocol (PCEP)", March 2009 351 [Flowspec-path-redirect] G. Van De Velde, et al, "Flowspec 352 Indirection-id Redirect", draft-ietf-idr-flowspec-path-redirect- 353 11, March 2020 355 [SRv6-Flowspec-path-redirect] G. Van De Velde, et al, "Flowspec 356 Indirection-id Redirect for SRv6], draft-ietf0-idr-srv6-flowspec- 357 path-redirect-05, Jan. 2021 359 [TN-AWARE-MOBILITY] U. Chunduri, et al, "Transport Network aware 360 Mobility for 5G", draft-clt-dmm-tn-aware-mobility-07, April 2021 362 [TN-AWARE-MOBILITY-EXT] K. majumdar, et al, "Extension of 363 Transport Aware Mobility in Data Network", draft-mcd-rtgwg- 364 extension-tn-aware-mobility-01, May 2021 366 [BGP-SR-TE-POLICY] S. Previdi, et al, "Advertising Segment Routing 367 Policies in BGP", draft-ietf-idr-segment-routing-te-policy-09, 368 November 2020 370 [SDWAN-BGP-USAGE] L. Dunber, et al, "BGP Usage for SDWAN Overlay 371 Networks", draft-dunbar-bess-bgp-sdwan-usage-08, January 2021 373 [SDWAN-Edge-Discover] L. Dunber, et al, "BGP UPDATE for SDWAN Edge 374 Discovery", draft-dunbar-idr-sdwan-edge-discovery-04, April 2021 376 10. Acknowledgments 378 TBD. 380 This document was prepared using 2-Word-v2.0.template.dot. 382 Authors' Addresses 384 Linda Dunbar 385 Futurewei 386 2330 Central Expressway 387 Santa Clara, CA 95050 389 Email: linda.dunbar@futurewei.com 391 Kausik Majumdar 392 CommScope 393 350 W Java Drive, Sunnyvale, CA 94089 395 Email: kausik.majumdar@commscope.com 397 Uma Chunduri 398 Intel 399 2200 Mission College Blvd 400 Santa Clara, CA 95052 402 Email: umac.ietf@gmail.com