idnits 2.17.1 draft-ietf-idr-flowspec-l2vpn-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 3 characters in excess of 72. ** The abstract seems to contain references ([RFC5575]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 244: '..., the component type MUST not be used....' RFC 2119 keyword, line 256: '..., the component type MUST not be used....' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: In single VLAN case, the component type MUST not be used. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: In single VLAN case, the component type MUST not be used. -- The document date (May 17, 2016) is 2901 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC5575' on line 429 -- Looks like a reference, but probably isn't: 'EVPN' on line 104 -- Looks like a reference, but probably isn't: 'RFC4761' on line 105 -- Looks like a reference, but probably isn't: 'RFC4762' on line 105 -- Looks like a reference, but probably isn't: 'RFC 6074' on line 106 == Missing Reference: '4761' is mentioned on line 110, but not defined == Missing Reference: '4762' is mentioned on line 110, but not defined == Missing Reference: '6074' is mentioned on line 111, but not defined == Unused Reference: '1' is defined on line 498, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 501, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 484, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 488, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 492, but no explicit reference was found in the text == Outdated reference: A later version (-11) exists of draft-ietf-l2vpn-evpn-07 -- Possible downref: Non-RFC (?) normative reference: ref. '2' Summary: 3 errors (**), 0 flaws (~~), 12 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IDR W. Hao 2 Q. Liang 3 Internet Draft Huawei 4 Intended status: Standards Track Jim Uttaro 5 AT&T 6 S. Litkowski 7 Orange Business Service 8 S. Zhuang 9 Huawei 10 Expires: November 2016 May 17, 2016 12 Dissemination of Flow Specification Rules for L2 VPN 13 draft-ietf-idr-flowspec-l2vpn-04.txt 15 Abstract 17 This document defines BGP flow-spec extension for Ethernet traffic 18 filtering in L2 VPN network. SAFI=134 in [RFC5575] is redefined for 19 dissemination traffic filtering information in an L2VPN environment. 20 A new subset of component types and extended community also are 21 defined. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six 34 months and may be updated, replaced, or obsoleted by other documents 35 at any time. It is inappropriate to use Internet-Drafts as 36 reference material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html 41 The list of Internet-Draft Shadow Directories can be accessed at 42 http://www.ietf.org/shadow.html. 44 Copyright Notice 46 Copyright (c) 2016 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with 54 respect to this document. Code Components extracted from this 55 document must include Simplified BSD License text as described in 56 Section 4.e of the Trust Legal Provisions and are provided without 57 warranty as described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction ................................................ 2 62 2. Layer 2 Flow Specification encoding in BGP................... 3 63 3. Ethernet Flow Specification encoding in BGP.................. 4 64 3.1. Order of Traffic Filtering Rules........................ 6 65 4. Ethernet Flow Specification Traffic Actions.................. 7 66 5. Security Considerations..................................... 10 67 6. IANA Considerations ........................................ 10 68 6.1. Normative References................................... 12 69 6.2. Informative References................................. 12 70 7. Acknowledgments ............................................ 12 72 1. Introduction 74 BGP Flow-spec is an extension to BGP that allows for the 75 dissemination of traffic flow specification rules. It leverages the 76 BGP Control Plane to simplify the distribution of ACLs, new filter 77 rules can be injected to all BGP peers simultaneously without 78 changing router configuration. The typical application of BGP Flow- 79 spec is to automate the distribution of traffic filter lists to 80 routers for DDOS mitigation, access control, etc. 82 RFC5575 defines a new BGP Network Layer Reachability Information 83 (NLRI) format used to distribute traffic flow specification rules. 84 NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering. NLRI (AFI=1, 85 SAFI=134)is for BGP/MPLS VPN filtering. The Flow specification match 86 part only includes L3/L4 information like source/destination prefix, 87 protocol, ports, and etc, so traffic flows can only be selectively 88 filtered based on L3/L4 information. 90 Layer 2 Virtual Private Networks L2VPNs have already been deployed 91 in an increasing number of networks today. In L2VPN network, we also 92 have requirement to deploy BGP Flow-spec to mitigate DDoS attack 93 traffic. Within L2VPN network, both IP and non-IP Ethernet traffic 94 maybe exist. For IP traffic filtering, the Flow specification rules 95 defined in [RFC5575] which include match criteria and actions can 96 still be used, flow specification rules received via new NLRI format 97 apply only to traffic that belongs to the VPN instance(s) in which 98 it is imported. For non-IP Ethernet traffic filtering, Layer 2 99 related information like source/destination MAC and VLAN should be 100 considered. But the flow specification match criteria defined in 101 RFC5575 only include layer 3 and layer 4 IP information, layer 2 102 Ethernet information haven't been included. 104 There are different kinds of L2VPN networks like EVPN [EVPN], BGP 105 VPLS [RFC4761], LDP VPLS [RFC4762] and border gateway protocol (BGP) 106 auto discovery [RFC 6074]. Because the flow-spec feature relies on 107 BGP protocol to distribute traffic filtering rules, so it can only 108 be incrementally deployed in those L2VPN networks where BGP has 109 already been used for auto discovery and/or signaling purposes such 110 as BGP-based VPLS [4761], EVPN and LDP-based VPLS [4762] with BGP 111 auto-discovery [6074]. 113 This draft proposes a new subset of component types and extended 114 community to support L2VPN flow-spec application. The flow-spec 115 rules can be enforced on all border routers or on some interface 116 sets of the border routers. SAFI=134 in [RFC5575] is redefined for 117 dissemination traffic filtering information in an L2VPN environment. 119 2. Layer 2 Flow Specification encoding in BGP 121 The [RFC5575] defines SAFI 133 and SAFI 134 for ''dissemination of 122 IPv4 flow specification rules'' and ''dissemination of VPNv4 flow 123 specification rules'' respectively. [draft-ietf-idr-flow-spec-v6-06] 124 redefines the [RFC5575] SAFIs in order to make them applicable to 125 both IPv4 and IPv6 applications. This document will further redefine 126 the SAFI 134 in order to make them applicable to L2VPN applications. 128 The following changes are defined: 130 ''SAFI 134 for dissemination of L3VPN flow specification rules'' to 131 now be defined as ''SAFI 134 for dissemination of VPN flow 132 specification rules'' 134 For SAFI 134 the indication to which address family it is referring 135 to will be recognized by AFI value (AFI=1 for VPNv4, AFI=2 VPNv6 and 136 AFI=25 for L2VPN). Such modification is fully backwards compatible 137 with existing implementation and production deployments. 139 3. Ethernet Flow Specification encoding in BGP 141 The NLRI format for this address family consists of a fixed-length 142 Route Distinguisher field (8 bytes) followed by a flow specification, 143 following the encoding defined in this document. The NLRI length 144 field shall include both the 8 bytes of the Route Distinguisher as 145 well as the subsequent flow specification. 147 Flow specification rules received via this NLRI apply only to 148 traffic that belongs to the VPN instance(s) in which it is imported. 149 Flow rules are accepted by default, when received from remote PE 150 routers. 152 Besides the component types defined in [RFC5575] and [draft-ietf- 153 idr-flow-spec-v6-06], this document proposes the following 154 additional component types for L2VPN Ethernet traffic filtering: 156 Type 14 - Ethernet Type 158 Encoding: 160 Defines a list of {operation, value} pairs used to match two-octet 161 field. Values are encoded as 2-byte quantities. Ethernet II framing 162 defines the two-octet Ethernet Type field in an Ethernet frame, 163 preceded by destination and source MAC addresses, that identifies an 164 upper layer protocol encapsulating the frame data. 166 Type 15 - Source MAC 168 Encoding: 170 Defines the source MAC Address to match. 172 Type 16 - Destination MAC 174 Encoding: 176 Defines the destination MAC Address to match. 178 Type 17 - DSAP(Destination Service Access Point) in LLC 180 Encoding: 182 Defines a list of {operation, value} pairs used to match 1-octet 183 DSAP in the 802.2 LLC(Logical Link Control Header). Values are 184 encoded as 1-byte quantities. The operation field is encoded as 185 'Numeric operator' defined in [RFC5575]. 187 Type 18 - SSAP(Source Service Access Point) in LLC 189 Encoding: 191 Defines a list of {operation, value} pairs used to match 1-octet 192 SSAP in the 802.2 LLC. Values are encoded as 1-byte quantities. 194 Type 19 - Control field in LLC 196 Encoding: 198 Defines a list of {operation, value} pairs used to match 1-octet 199 control field in the 802.2 LLC. Values are encoded as 1-byte 200 quantities. 202 Type 20 - SNAP 204 Encoding: 206 Defines a list of {operation, value} pairs used to match 5-octet 207 SNAP(Sub-Network Access Protocol) field. Values are encoded as 5- 208 byte quantities. 210 Type 21 - VLAN ID 212 Encoding: 214 Defines a list of {operation, value} pairs used to match VLAN ID. 215 Values are encoded as 2-byte quantities, where the four most 216 significant bits are zero and the 12 least significant bits contain 217 the VLAN value. 219 In virtual local-area network (VLAN) stacking case, the VLAN ID is 220 outer VLAN ID. 222 Type 22 - VLAN COS 224 Encoding: 226 Defines a list of {operation, value} pairs used to match 3-bit VLAN 227 COS fields [802.1p]. Values are encoded using a single byte, where 228 the five most significant bits are zero and the three least 229 significant bits contain the VLAN COS value. 231 In virtual local-area network (VLAN) stacking case, the VLAN COS is 232 outer VLAN COS. 234 Type 23 - Inner VLAN ID 236 Encoding: 238 Defines a list of {operation, value} pairs used to match inner VLAN 239 ID using for virtual local-area network (VLAN) stacking or Q in Q 240 case. Values are encoded as 2-byte quantities, where the four most 241 significant bits are zero and the 12 least significant bits contain 242 the VLAN value. 244 In single VLAN case, the component type MUST not be used. 246 Type 24 - Inner VLAN COS 248 Encoding: 250 Defines a list of {operation, value} pairs used to match 3-bit inner 251 VLAN COS fields [802.1p] using for virtual local-area network (VLAN) 252 stacking or Q in Q case. Values are encoded using a single byte, 253 where the five most significant bits are zero and the three least 254 significant bits contain the VLAN COS value. 256 In single VLAN case, the component type MUST not be used. 258 3.1. Order of Traffic Filtering Rules 260 The original definition for the order of traffic filtering rules can 261 be reused with new consideration for the MAC Address offset. As long 262 as the offsets are equal, the comparison is the same, retaining 263 longest-prefix-match semantics. If the offsets are not equal, the 264 lowest offset has precedence, as this flow matches the most 265 significant bit. 267 Pseudocode: 268 flow_rule_L2_cmp (a, b) 269 { 270 comp1 = next_component(a); 271 comp2 = next_component(b); 272 while (comp1 || comp2) { 273 // component_type returns infinity on end-of-list 274 if (component_type(comp1) < component_type(comp2)) { 275 return A_HAS_PRECEDENCE; 276 } 277 if (component_type(comp1) > component_type(comp2)) { 278 return B_HAS_PRECEDENCE; 279 } 281 if (component_type(comp1) == MAC_DESTINATION || MAC_SOURCE) { 282 common = MIN(MAC Address length (comp1), 283 MAC Address length (comp2)); 284 cmp = MAC Address compare(comp1, comp2, common); 285 // not equal, lowest value has precedence 286 // equal, longest match has precedence 287 } else { 288 common = 289 MIN(component_length(comp1), component_length(comp2)); 290 cmp = memcmp(data(comp1), data(comp2), common); 291 // not equal, lowest value has precedence 292 // equal, longest string has precedence 293 } 294 } 295 return EQUAL; 296 } 298 4. Ethernet Flow Specification Traffic Actions 300 The default action for a layer 2 traffic filtering flow 301 specification is to accept traffic that matches that particular rule. 302 The following extended community values per RFC5575 can be used to 303 specify particular actions in L2VPN network: 305 +--------+--------------------+--------------------------+ 306 | type | extended community | encoding | 307 +--------+--------------------+--------------------------+ 308 | 0x8006 | traffic-rate | 2-byte as#, 4-byte float | 309 | 0x8007 | traffic-action | bitmask | 310 | 0x8008 | redirect | 6-byte Route Target | 311 | 0x8009 | traffic-marking | DSCP value | 312 +--------+--------------------+--------------------------+ 313 Redirect: The action should be redefined to allow the traffic to be 314 redirected to a MAC or IP VRF routing instance that lists the 315 specified route-target in its import policy. 317 Besides the above extended communities, this document also proposes 318 the following BGP extended communities specifications for Ethernet 319 flow to extend [RFC5575]: 321 +--------+------------------------+--------------------------+ 322 | type | extended community | encoding | 323 +--------+------------------------+--------------------------+ 324 | TBD1 | VLAN-action | bitmask | 325 | TBD2 | TPID-action | bitmask | 326 +--------+------------------------+--------------------------+ 328 VLAN-action: The VLAN-action extended community consists of 6 bytes 329 which include the fields of action Flags, two VLAN IDs and the 330 associating COS value. The action Flags fields are further divided 331 into two parts which correspond to the first action and the second 332 action respectively, bit 0 to bit 7 belong to the first action part 333 while bit 8 to bit 15 belong to the second part. The bits of PO, PU, 334 SW, RI and RO in each part represent the action of Pop, Push, Swap, 335 Rewrite inner VLAN and Rewrite outer VLAN respectively. Through this 336 method, more complicated actions also can be represented in a single 337 VLAN-action extend community, such as SwapPop, PushSwap, etc. For 338 example, SwapPop action is the concatenation of two actions, the 339 first action is Swap and the second action is Pop. 341 0 7 15 342 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 343 |PO1|PU1|SW1|RI1|RO1|...|PO2|PU2|SW2|RI2|RO2|...| 344 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 345 | VLAN ID1 |COS1 |R1| 346 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 347 | VLAN ID2 |COS2 |R2| 348 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 350 PO1: Pop action. If the PO1 flag is one it indicates the outmost 351 VLAN should be removed. 353 PU1: Push action. If PU1 is one it indicates VLAN ID1 will be added, 354 the associated COS is COS1. 356 SW1: Swap action. If the SW1 flag is one it indicates the outer VLAN 357 and inner VLAN should be swapped. 359 PO2: Pop action. If the PO2 flag is one it indicates the outmost 360 VLAN should be removed. 362 PU2: Push action. If PU2 is one it indicates VLAN ID2 will be added, 363 the associated COS is COS2. 365 SW2: Swap action. If the SW2 flag is one it indicates the outer VLAN 366 and inner VLAN should be swapped. 368 RI1 and RI2: Rewrite inner VLAN action. If the RI flag is one it 369 indicates the inner VLAN should be replaced by a new VLAN, the new 370 VLAN is VLAN ID1, the associated COS is COS1. If the VLAN ID1 is 0, 371 the action is to only modify the COS value of inner VLAN. 373 RO1 and RO2: Rewrite outer VLAN action. If the RO flag is one it 374 indicates the outer VLAN should be replaced by a new VLAN, the new 375 VLAN is VLAN ID2, the associated COS is COS2. If the VLAN ID2 is 0, 376 the action is to only modify the COS value of outer VLAN. 378 R1 and R2: Reserved for future use. 380 Giving an example, if the action of PUSH Inner VLAN 10 with COS 381 value 5 and Outer VLAN 20 with COS value 6 is needed, the format of 382 the VLAN-action extended community is as follows: 384 0 7 15 385 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 386 |0 |1 |0 |0 |0 |0 |0 |0 |0 |1 |0 |0 |0 |0 |0 |0 | 387 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 388 | 10 |1 |0 |1 |0 | 389 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 390 | 20 |1 |1 |0 |0 | 391 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 393 TPID-action: The TPID-action extended community consists of 6 bytes 394 which includes the fields of action Flags, TPID1 and TPID2. 396 0 15 397 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 398 |TI|TO| Resv | 399 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 400 | TP ID1 | 401 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 402 | TP ID2 | 403 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 405 TI: Mapping inner TP ID action. If the TI flag is one it indicates 406 the inner TP ID should be replaced by a new TP ID, the new TP ID is 407 TP ID1. 409 TO: Mapping outer TP ID action. If the TO flag is one it indicates 410 the outer TP ID should be replaced by a new TP ID, the new TP ID is 411 TP ID2. 413 Resv: Reserved for future use. 415 5. Security Considerations 417 No new security issues are introduced to the BGP protocol by this 418 specification. 420 6. IANA Considerations 422 IANA is requested to rename currently defined SAFI 134 per [RFC5575] 423 to read: 425 134 VPN dissemination of flow specification rules 427 IANA is requested to create and maintain a new registry for "Flow 428 spec L2VPN Component Types". For completeness, the types defined in 429 [RFC5575] and [draft-ietf-idr-flow-spec-v6-06] also are listed here. 431 +--------+-------------------------------+--------------------------+ 432 | type | RFC or Draft | discription | 433 +--------+-------------------------------+--------------------------+ 434 | 1 |RFC5575 | Destination Prefix | 435 | 1 |draft-ietf-idr-flow-spec-v6-06 | Destination IPv6 Prefix | 436 | 2 |RFC5575 | Source Prefix | 437 | 2 |draft-ietf-idr-flow-spec-v6-06 | Source IPv6 Prefix | 438 | 3 |RFC5575 | IP Protocol | 439 | 3 |draft-ietf-idr-flow-spec-v6-06 | Next Header | 440 | 4 |RFC5575 | Port | 441 | 5 |RFC5575 | Destination port | 442 | 6 |RFC5575 | Source port | 443 | 7 |RFC5575 | ICMP type | 444 | 8 |RFC5575 | ICMP code | 445 | 9 |RFC5575 | TCP flags | 446 | 10 |RFC5575 | Packet length | 447 | 11 |RFC5575 | DSCP | 448 | 12 |RFC5575 | Fragment | 449 | 13 |draft-ietf-idr-flow-spec-v6-06 | Flow Label | 450 | 14 |This draft | Ethernet Type | 451 | 15 |This draft | Source MAC | 452 | 16 |This draft | Destination MAC | 453 | 17 |This draft | DSAP in LLC | 454 | 18 |This draft | SSAP in LLC | 455 | 19 |This draft | Control field in LLC | 456 | 20 |This draft | SNAP | 457 | 21 |This draft | VLAN ID | 458 | 22 |This draft | VLAN COS | 459 | 23 |This draft | Inner VLAN ID | 460 | 24 |This draft | Inner VLAN COS | 461 +--------+-------------------------------+--------------------------+ 462 IANA is requested to update the reference for the following 463 assignment in the "BGP Extended Communities Type - extended, 464 transitive" registry: 466 Type value Name Reference 468 ---------- ---------------------------------------- --------- 470 0x080A Flow spec VLAN action [this document] 472 0x080B Flow spec TPID action [this document] 474 6.1. Normative References 476 [1] [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 478 Requirement Levels", BCP 14, RFC 2119, March 1997. 480 [2] [RFC5575] P. Marques, N. Sheth, R. Raszuk, B. Greene, J.Mauch, 481 D. McPherson, "Dissemination of Flow Specification Rules", RFC 482 5575, August 2009. 484 [3] [RFC4761] K. Kompella, Ed., Y. Rekhter, Ed., "Virtual Private 485 LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", 486 RFC4761, January 2007. 488 [4] [RFC4762] M. Lasserre, Ed., V. Kompella, Ed., "Virtual Private 489 LAN Service (VPLS) Using Label Distribution Protocol (LDP) 490 Signaling", RFC4762, January 2007. 492 [5] [RFC6074] E. Rosen, B. Davie, V. Radoaca, "Provisioning, Auto- 493 Discovery, and Signaling in Layer 2 Virtual Private Networks 494 (L2VPNs)", RFC6074, January 2011. 496 6.2. Informative References 498 [1] [EVPN] Sajassi et al., "BGP MPLS Based Ethernet VPN", draft- 499 ietf-l2vpn-evpn-07.txt, work in progress, May, 2014. 501 [2] [IEEE 802.1p] Javin, et.al. "IEEE 802.1p: LAN Layer 2 QoS/CoS 502 Protocol for Traffic Prioritization", 2012-02-15 504 7. Acknowledgments 506 The authors wish to acknowledge the important contributions of 507 Hannes Gredler, Xiaohu Xu, Zhenbin Li and Lucy Yong. 509 Authors' Addresses 511 Weiguo Hao 512 Huawei Technologies 513 101 Software Avenue, 514 Nanjing 210012 515 China 516 Email: haoweiguo@huawei.com 518 Qiandeng Liang 519 Huawei Technologies 520 101 Software Avenue, 521 Nanjing 210012 522 China 523 Email: liangqiandeng@huawei.com 525 James Uttaro 526 AT&T 527 Email: uttaro@att.com 529 Stephane Litkowski 530 Orange 531 Email: stephane.litkowski@orange.com 533 Shunwan Zhuang 534 Huawei Technologies 535 Huawei Bld., No.156 Beiqing Rd. 536 Beijing 100095 537 China 538 Email: zhuangshunwan@huawei.com