idnits 2.17.1 draft-ietf-idr-flowspec-redirect-rt-bis-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC5575, updated by this document, for RFC5378 checks: 2007-08-15) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 27, 2015) is 3195 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC-to-be' is mentioned on line 222, but not defined ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force J. Haas, Ed. 3 Internet-Draft Juniper Networks 4 Updates: 5575 (if approved) July 27, 2015 5 Intended status: Standards Track 6 Expires: January 28, 2016 8 Clarification of the Flowspec Redirect Extended Community 9 draft-ietf-idr-flowspec-redirect-rt-bis-05 11 Abstract 13 This document updates RFC 5575 (Dissemination of Flow Specification 14 Rules) to clarify the formatting of the the BGP Flowspec Redirect 15 Extended Community. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on January 28, 2016. 34 Copyright Notice 36 Copyright (c) 2015 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 53 2.1. BGP Transitive Extended Community Types . . . . . . . . . 4 54 2.2. Update to BGP Generic Transitive Experimental Use 55 Extended Community Sub-Types . . . . . . . . . . . . . . 5 56 2.3. Generic Transitive Experimental Extended Community Part 2 57 Sub-Types . . . . . . . . . . . . . . . . . . . . . . . . 5 58 2.4. Generic Transitive Experimental Extended Community Part 3 59 Sub-Types . . . . . . . . . . . . . . . . . . . . . . . . 5 60 3. Security Considerations . . . . . . . . . . . . . . . . . . . 6 61 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 62 5. Normative References . . . . . . . . . . . . . . . . . . . . 6 63 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 65 1. Introduction 67 Dissemination of Flow Specification Rules [RFC5575], commonly known 68 as BGP Flowspec, provided for a BGP Extended Community [RFC4360] that 69 served to redirect traffic to a VRF routing instance that matched the 70 flow specification NLRI. In that RFC, the Redirect Extended 71 Community was documented as follows: 73 : +--------+--------------------+--------------------------+ 74 : | type | extended community | encoding | 75 : +--------+--------------------+--------------------------+ 76 : | 0x8008 | redirect | 6-byte Route Target | 77 : +--------+--------------------+--------------------------+ 78 : 79 : [...] 80 : 81 : Redirect: The redirect extended community allows the traffic to be 82 : redirected to a VRF routing instance that lists the specified 83 : route-target in its import policy. If several local instances 84 : match this criteria, the choice between them is a local matter 85 : (for example, the instance with the lowest Route Distinguisher 86 : value can be elected). This extended community uses the same 87 : encoding as the Route Target extended community [RFC4360]. 88 : [...] 89 : 90 : 11. IANA Considerations 91 : [...] 92 : 93 : The following traffic filtering flow specification rules have been 94 : allocated by IANA from the "BGP Extended Communities Type - 95 : Experimental Use" registry as follows: 96 : [...] 97 : 98 : 0x8008 - Flow spec redirect 100 The IANA registry of BGP Extended Communities clearly identifies 101 communities of specific formats. For example, "Two-octet AS Specific 102 Extended Community" [RFC4360], "Four-octet AS Specific Extended 103 Community" [RFC5668] and "IPv4 Address Specific Extended Community" 104 [RFC4360]. Route Targets [RFC4360] identify this format in the high- 105 order (Type) octet of the Extended Community and set the value of the 106 low-order (Sub-Type) octet to 0x02. The Value field of the Route 107 Target Extended Community is intended to be interpreted in the 108 context of its format. 110 Since the Redirect Extended Community only registered a single code- 111 point in the IANA BGP Extended Community registry, a common 112 interpretation of the redirect extended community's "6-byte route 113 target" has been to look, at a receiving router, for a route target 114 value that matches the route target value in the received redirect 115 extended community, and import the advertised route to the 116 corresponding VRF instance subject to the rules defined in [RFC5575]. 117 However, because the route target format in the redirect extended 118 community is not clearly defined, the wrong match may occur. 120 This "value wildcard" matching behavior, which does not take into 121 account the format of the route target defined for a local VRF and 122 may result in the wrong matching decision, does not match deployed 123 implementations of BGP Flowspec. Deployed implementations of BGP 124 Flowspec solve this problem by defining different redirect extended 125 communities that are specific to the format of the route target 126 value. This document defines the following redirect extended 127 communities: 129 +--------+--------------------+-------------------------------------+ 130 | type | extended community | encoding | 131 +--------+--------------------+-------------------------------------+ 132 | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | 133 | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | 134 | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | 135 +--------+--------------------+-------------------------------------+ 137 It should be noted that the low-order nibble of the Redirect's Type 138 field corresponds to the Route Target Extended Community format field 139 (Type). (See [RFC4360], Secs. 3.1, 3.2, and 4 plus [RFC5668], Sec. 140 2.) The low order octet (Sub-Type) of the Redirect Extended 141 Community remains 0x08, contrasted to 0x02 for Route Targets. 143 The IANA Registries for BGP Extended Communities [RFC7153] document 144 was written to update the previously-mentioned IANA registries to 145 better document BGP Extended Community formats. The IANA 146 Considerations section below further amends those registry updates in 147 order to properly document the Flowspec redirect communities. 149 2. IANA Considerations 151 2.1. BGP Transitive Extended Community Types 153 IANA is requested to update the "BGP Transitive Extended Community 154 Types" registry as follows: 156 0x81 - Generic Transitive Experimental Use Extended Community 157 Part 2 (Sub-Types are defined in the "Generic Transitive 158 Experimental Extended Community Part 2 Sub-Types" Registry) 159 0x82 - Generic Transitive Experimental Use Extended Community 160 Part 3 (Sub-Types are defined in the "Generic Transitive 161 Experimental Extended Community Part 3 Sub-Types" Registry) 163 2.2. Update to BGP Generic Transitive Experimental Use Extended 164 Community Sub-Types 166 IANA is requested to update the "BGP Generic Transitive Experimental 167 Use Extended Community Sub-Types" registry as follows: 169 0x08 - Flow spec redirect AS-2byte format. [RFC5575, RFC-to-be] 171 (Note to RFC Editor - replace RFC-to-be with this RFC number.) 173 2.3. Generic Transitive Experimental Extended Community Part 2 Sub- 174 Types 176 IANA is requested to create the "Generic Transitive Experimental Use 177 Extended Community Part 2 Sub-Types" registry. This registry should 178 be created under the BGP Extended Communities registry. It will 179 contain the following note: 181 This registry contains values of the second octet (the "Sub-Type" 182 field) of an extended community when the value of the first octet 183 (the "Type" field) is 0x81. 185 Registry Name: Generic Transitive Experimental Use Extended Community 186 Part 2 Sub-Types 188 RANGE REGISTRATION PROCEDURE REFERENCE 190 0x00-0xBF First Come First Served 191 0xC0-0xFF IETF Review 193 SUB-TYPE VALUE NAME 194 0x00-0x07 Unassigned 195 0x08 Flow spec redirect IPv4 format. [RFC-to-be] 196 0x09-0xff Unassigned 198 (Note to RFC Editor - replace RFC-to-be with this RFC number.) 200 2.4. Generic Transitive Experimental Extended Community Part 3 Sub- 201 Types 203 IANA is requested to create the "Generic Transitive Experimental Use 204 Extended Community Part 3 Sub-Types" registry. This registry should 205 be created under the BGP Extended Communities registry. It will 206 contain the following note: 208 This registry contains values of the second octet (the "Sub-Type" 209 field) of an extended community when the value of the first octet 210 (the "Type" field) is 0x82. 212 Registry Name: Generic Transitive Experimental Use Extended Community 213 Part 2 Sub-Types 215 RANGE REGISTRATION PROCEDURE REFERENCE 217 0x00-0xBF First Come First Served 218 0xC0-0xFF IETF Review 220 SUB-TYPE VALUE NAME 221 0x00-0x07 Unassigned 222 0x08 Flow spec redirect AS-4byte format. [RFC-to-be] 223 0x09-0xff Unassigned 225 (Note to RFC Editor - replace RFC-to-be with this RFC number.) 227 3. Security Considerations 229 This document introduces no additional security considerations than 230 those already covered in [RFC5575]. It should be noted that if the 231 wildcard behavior were actually implemented, this ambiguity may lead 232 to the installation of Flowspec rules in an incorrect VRF and may 233 lead to traffic to be incorrectly delivered. 235 4. Acknowledgements 237 The contents of this document was raised as part of implementation 238 discussions of BGP Flowspec with the following individuals: 240 Andrew Karch (Cisco) 242 Robert Raszuk 244 Adam Simpson (Alcatel-Lucent) 246 Matthieu Texier (Arbor Networks) 248 Kaliraj Vairavakkalai (Juniper) 250 5. Normative References 252 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 253 Communities Attribute", RFC 4360, February 2006. 255 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 256 and D. McPherson, "Dissemination of Flow Specification 257 Rules", RFC 5575, August 2009. 259 [RFC5668] Rekhter, Y., Sangli, S., and D. Tappan, "4-Octet AS 260 Specific BGP Extended Community", RFC 5668, October 2009. 262 [RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP 263 Extended Communities", RFC 7153, March 2014. 265 Author's Address 267 Jeffrey Haas (editor) 268 Juniper Networks 270 Email: jhaas@juniper.net