idnits 2.17.1 draft-ietf-idr-flowspec-srv6-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (8 October 2021) is 923 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 130 -- Looks like a reference, but probably isn't: '1' on line 132 == Unused Reference: 'RFC7153' is defined on line 340, but no explicit reference was found in the text == Outdated reference: A later version (-05) exists of draft-hares-idr-flowspec-v2-02 == Outdated reference: A later version (-23) exists of draft-ietf-idr-flowspec-l2vpn-17 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Z. Li 3 Internet-Draft L. Li 4 Intended status: Standards Track Huawei 5 Expires: 11 April 2022 H. Chen 6 Futurewei 7 C. Loibl 8 Next Layer Communications 9 G. Mishra 10 Verizon Inc. 11 Y. Fan 12 Casa Systems 13 Y. Zhu 14 China Telecom 15 L. Liu 16 Fujitsu 17 X. Liu 18 Volta Networks 19 8 October 2021 21 BGP Flow Specification for SRv6 22 draft-ietf-idr-flowspec-srv6-00 24 Abstract 26 This document proposes extensions to BGP Flow Specification for SRv6 27 for filtering packets with a SRv6 SID that matches a sequence of 28 conditions. 30 Requirements Language 32 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 33 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 34 document are to be interpreted as described in BCP 14 35 [RFC2119][RFC8174] when, and only when, they appear in all capitals, 36 as shown here. 38 Status of This Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at https://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on 11 April 2022. 55 Copyright Notice 57 Copyright (c) 2021 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 62 license-info) in effect on the date of publication of this document. 63 Please review these documents carefully, as they describe your rights 64 and restrictions with respect to this document. Code Components 65 extracted from this document must include Simplified BSD License text 66 as described in Section 4.e of the Trust Legal Provisions and are 67 provided without warranty as described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 72 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 4 73 3. The Flow Specification Encoding for SRv6 . . . . . . . . . . 4 74 3.1. Type TBD1 - Some Parts of SID . . . . . . . . . . . . . . 4 75 3.2. Encoding Examples . . . . . . . . . . . . . . . . . . . . 6 76 3.2.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . 6 77 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 78 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 79 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 80 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 81 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 82 7.2. Informative References . . . . . . . . . . . . . . . . . 8 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 85 1. Introduction 87 [RFC8955] describes in details about a new BGP NLRI to distribute a 88 flow specification, which is an n-tuple comprising a sequence of 89 matching criteria that can be applied to IP traffic. [RFC8956] 90 extends [RFC8955] to make it also usable and applicable to IPv6 data 91 packets. [I-D.ietf-idr-flowspec-l2vpn] extends the flow-spec rules 92 for layer 2 Ethernet packets. [I-D.hares-idr-flowspec-v2] specifies 93 BGP Flow Specification Version 2. 95 Segment Routing (SR) for unicast traffic has been proposed to cope 96 with the usecases in traffic engineering, fast re-reroute, service 97 chain, etc. SR architecture can be implemented over an IPv6 data 98 plane using a new type of IPv6 extension header called Segment 99 Routing Header (SRH) [I-D.ietf-6man-segment-routing-header]. SRv6 100 Network Programming [RFC8986] defines the SRv6 network programming 101 concept and its most basic functions. An SRv6 SID may have the form 102 of LOC:FUNCT:ARG::. 104 LOC: Each operator is free to use the locator length it chooses. 105 Most often the LOC part of the SID is routable and leads to the node 106 which instantiates that SID. 108 FUNCT: The FUNCT part of the SID is an opaque identification of a 109 local function bound to the SID. (e.g. End: Endpoint, End.X, End.T, 110 End.DX2 etc.). 112 ARG: A function may require additional arguments that would be placed 113 immediately after the FUNCT. 115 This document specifies one new BGP Flow Specification (FS) component 116 type to support Segment Routing over IPv6 data plane (SRv6) filtering 117 for BGP Flow Specification Version 2. The match field is destination 118 address of IPv6 header, but it's a SRv6 SID from SRH rather than a 119 traditional IPv6 address (refer to Figure 1). To support these 120 features, a Flowspec version that is IPv6 capable (i.e., AFI = 2) 121 MUST be used. These match capabilities of the features MAY be 122 permitted to match when there is an accompanying SRH. 124 +-----------------------------+ 125 IPv6 Header| SA | DA |<--Match field of this document 126 +--------------------^--------+ 127 | 128 +--------------------|--------+ 129 | +-------------+ | +-------------------+ 130 | | Segment[0] +-------> Loc | Func | Arg | 131 | +-------------+ | +-------------------+ 132 | | Segment[1] | | 133 | +-------------+ | 134 | | ... | | 135 SR Header| +-------------+ | 136 | | Segment[n] | | 137 | +-------------+ | 138 | +-------------+ | 139 | ~ Option TLV ~ | 140 | +-------------+ | 141 +-----------------------------+ 142 Figure 1: Match Field 144 2. Definitions and Acronyms 146 * FS: Flow Specification 148 * BGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS) 150 * SR: Segment Routing 152 * SRH: SR Header. 154 * SRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6 155 packets on the network based on the concept of source routing. 157 * SID: Segment Identifier 159 * BSID: Binding SID 161 3. The Flow Specification Encoding for SRv6 163 The Flow Specification NLRI-type consists of several optional 164 components, each of which begins with a type field (1 octet) followed 165 by a variable length parameter. 13 component types are defined in 166 [RFC8955] and [RFC8956] for IPv4 and IPv6. This document defines one 167 component type for SRv6. 169 3.1. Type TBD1 - Some Parts of SID 171 [RFC8986] defines the format of SID is LOC:FUNCT:ARG::. In some 172 scenarios, traffic packets can just match Locator, Function ID, 173 Arguments or some combinations of these different fields. In order 174 to match a part of SID, its prior parts need to be examined and 175 matched first. For example, in order to match the Function ID 176 (FUNCT), the Locator (LOC) needs to be examined and matched first. 177 The new component type TBD1 defined below is for matching some parts 178 of SID. 180 Encoding: 182 o type (1 octet): This indicates the new component type (TBD1, which 183 is to be assigned by IANA). 185 o LOC-Len (1 octet): This indicates the length in bits of LOC in 186 SID. 188 o FUNCT-Len (1 octet): This indicates the length in bits of FUNCT in 189 SID. 191 o ARG-Len (1 octet): This indicates the length in bits of ARG in 192 SID. 194 o [op, value]+: This contains a list of {operator, value} pairs that 195 are used to match some parts of SID. 197 The total of three lengths (i.e., LOC length + FUNCT length + ARG 198 length) MUST NOT be greater than 128. If it is greater than 128, an 199 error occurs and Error Handling is applied according to [RFC7606] and 200 [RFC4760]. 202 The operator (op) byte is encoded as: 204 0 1 2 3 4 5 6 7 205 +---+---+---+---+---+---+---+---+ 206 | e | a | field type|lt |gt |eq | 207 +---+---+---+---+---+---+---+---+ 209 where the behavior of each operator bit has clear symmetry with that 210 of [RFC8955]'s Numeric Operator field. 212 e - end-of-list bit. Set in the last {op, value} pair in the 213 sequence. 215 a - AND bit. If unset, the previous term is logically ORed with the 216 current one. If set, the operation is a logical AND. It should be 217 unset in the first operator byte of a sequence. The AND operator has 218 higher priority than OR for the purposes of evaluating logical 219 expressions. 221 field type: 223 000: SID's LOC 225 001: SID's FUNCT 227 010: SID's ARG 229 011: SID's LOC:FUNCT 231 100: SID's FUNCT:ARG 233 101: SID's LOC:FUNCT:ARG 235 For an unknown type, Error Handling is applied according to [RFC7606] 236 and [RFC4760]. 238 lt - less than comparison between data' and value'. 240 gt - greater than comparison between data' and value'. 242 eq - equality between data' and value'. 244 The data' and value' used in lt, gt and eq are indicated by the field 245 type in a operator and the value field following the operator. 247 The value field depends on the field type and has the value of SID's 248 some parts rounding up to bytes (refer to the table below). 250 +-----------------------+------------------------------+ 251 | Field Type | Value | 252 +=======================+==============================+ 253 | SID's LOC | value of LOC bits | 254 +-----------------------+------------------------------+ 255 | SID's FUNCT | value of FUNCT bits | 256 +-----------------------+------------------------------+ 257 | SID's ARG | value of ARG bits | 258 +-----------------------+------------------------------+ 259 | SID's LOC:FUNCT | value of LOC:FUNCT bits | 260 +-----------------------+------------------------------+ 261 | SID's FUNCT:ARG | value of FUNCT:ARG bits | 262 +-----------------------+------------------------------+ 263 | SID's LOC:FUNCT:ARG | value of LOC:FUNCT:ARG bits | 264 +-----------------------+------------------------------+ 266 3.2. Encoding Examples 268 3.2.1. Example 1 270 An example of a Flow Specification NLRI encoding for: all SRv6 271 packets to LOC 2001:db8:3::/48 and FUNCT {range [0100, 0300]}. 273 Some Parts of SID 274 | 275 length v LOC==20010db80003 FUN>=100 FUN<=300 276 0x12 0f 30 10 40 01 2001 0db8 0003 4b 0100 bd 0300 277 ^ ^ ^ 278 | | | 279 Length of LOC FUN ARG 281 Decoded: 282 Value 283 0x12 length 18 octets (if len<240, 1 octet) 284 TBD1(0x0f) type type TBD1(0x0f) - Some Parts of SID 285 0x30 LOC Length = 48 (bits) 286 0x10 FUNCT Length = 16 (bits) 287 0x40 ARG Length = 64 (bits) 288 0x01 op LOC == 289 0x2001 value LOC's value = 2001:db8:3 290 0x0db8 291 0x0003 292 0x4b op "AND", FUNCT >= 293 0x0100 value FUNCT's value = 0100 294 0xbd op end-of-list, "AND", FUNCT <= 295 0x0300 value FUNCT's value = 0300 297 4. Security Considerations 299 No new security issues are introduced to the BGP protocol by this 300 specification over the security considerations in [RFC8955] and 301 [RFC8956]. 303 5. IANA Considerations 305 Under "Flow Spec Component Types" registry, IANA is requested to 306 assign the following values: 308 +-----------+------------+-------------------+----------------+ 309 | Value | IPv4 Name | IPv6 Name | Reference | 310 +-----------+------------+-------------------+----------------+ 311 | TBD1 | Unassigned | Some Parts of SID | This Document | 312 +-----------+------------+-------------------+----------------+ 314 6. Acknowledgments 316 The authors would like to thank Joel Halpern, Jeffrey Haas, Ketan 317 Talaulikar, Aijun Wang, Dhruv Dhody, Shunwan Zhuang and Rainsword 318 Wang for their valuable suggestions and comments on this draft. 320 7. References 322 7.1. Normative References 324 [I-D.hares-idr-flowspec-v2] 325 Hares, S. and D. Eastlake, "BGP Flow Specification Version 326 2", Work in Progress, Internet-Draft, draft-hares-idr- 327 flowspec-v2-02, 26 July 2021, . 330 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 331 Requirement Levels", BCP 14, RFC 2119, 332 DOI 10.17487/RFC2119, March 1997, 333 . 335 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 336 "Multiprotocol Extensions for BGP-4", RFC 4760, 337 DOI 10.17487/RFC4760, January 2007, 338 . 340 [RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP 341 Extended Communities", RFC 7153, DOI 10.17487/RFC7153, 342 March 2014, . 344 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 345 Patel, "Revised Error Handling for BGP UPDATE Messages", 346 RFC 7606, DOI 10.17487/RFC7606, August 2015, 347 . 349 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 350 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 351 May 2017, . 353 [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. 354 Bacher, "Dissemination of Flow Specification Rules", 355 RFC 8955, DOI 10.17487/RFC8955, December 2020, 356 . 358 [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., 359 "Dissemination of Flow Specification Rules for IPv6", 360 RFC 8956, DOI 10.17487/RFC8956, December 2020, 361 . 363 7.2. Informative References 365 [I-D.ietf-6man-segment-routing-header] 366 Filsfils, C., Dukes, D., Previdi, S., Leddy, J., 367 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 368 (SRH)", Work in Progress, Internet-Draft, draft-ietf-6man- 369 segment-routing-header-26, 22 October 2019, 370 . 373 [I-D.ietf-idr-flowspec-l2vpn] 374 Hao, W., Eastlake, D. E., Litkowski, S., and S. Zhuang, 375 "BGP Dissemination of L2 Flow Specification Rules", Work 376 in Progress, Internet-Draft, draft-ietf-idr-flowspec- 377 l2vpn-17, 12 May 2021, . 380 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, 381 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 382 (SRv6) Network Programming", RFC 8986, 383 DOI 10.17487/RFC8986, February 2021, 384 . 386 Authors' Addresses 388 Zhenbin Li 389 Huawei 390 156 Beiqing Road 391 Beijing, 100095 392 P.R. China 394 Email: lizhenbin@huawei.com 396 Lei Li 397 Huawei 398 156 Beiqing Road 399 Beijing 400 100095 401 P.R. China 403 Email: lily.lilei@huawei.com 405 Huaimo Chen 406 Futurewei 407 Boston, MA, 408 United States of America 410 Email: Huaimo.chen@futurewei.com 412 Christoph Loibl 413 Next Layer Communications 414 Mariahilfer Guertel 37/7 415 1150 Vienna 416 Austria 417 Email: cl@tix.at 419 Gyan S. Mishra 420 Verizon Inc. 421 13101 Columbia Pike 422 Silver Spring, MD 20904 423 United States of America 425 Phone: 301 502-1347 426 Email: gyan.s.mishra@verizon.com 428 Yanhe Fan 429 Casa Systems 430 United States of America 432 Email: yfan@casa-systems.com 434 Yongqing Zhu 435 China Telecom 436 109, West Zhongshan Road, Tianhe District 437 Guangzhou 438 510000 439 China 441 Email: zhuyq8@chinatelecom.cn 443 Lei Liu 444 Fujitsu 445 United States of America 447 Email: liulei.kddi@gmail.com 449 Xufeng Liu 450 Volta Networks 451 McLean, VA 452 United States of America 454 Email: xufeng.liu.ietf@gmail.com