idnits 2.17.1 draft-ietf-opsawg-ipfix-bgp-community-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 6 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 16, 2018) is 1920 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-36) exists of draft-ietf-idr-bgp-extended-messages-27 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 opsawg Z. Li 3 Internet-Draft R. Gu 4 Intended status: Standards Track China Mobile 5 Expires: June 19, 2019 J. Dong 6 Huawei Technologies 7 December 16, 2018 9 Export BGP community information in IP Flow Information Export (IPFIX) 10 draft-ietf-opsawg-ipfix-bgp-community-12 12 Abstract 14 By introducing new Information Elements (IEs), this draft extends the 15 existing BGP-related IEs to enable IP Flow Information Export (IPFIX) 16 to export BGP community information, including BGP standard 17 communities defined in RFC1997, BGP extended communities defined in 18 RFC4360, and BGP large communities defined in RFC8092. Network 19 traffic information can then be accumulated and analyzed at the BGP 20 community granularity, which represents the traffic of different 21 kinds of customers, services, or geographical regions according to 22 the network operator's BGP community planning. Network traffic 23 information at the BGP community granularity is useful for network 24 traffic analysis and engineering. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on June 19, 2019. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 3. BGP Community-based Traffic Collection . . . . . . . . . . . 5 63 4. IEs for BGP Standard Community . . . . . . . . . . . . . . . 6 64 5. IEs for BGP Extended Community . . . . . . . . . . . . . . . 7 65 6. IEs for BGP Large Community . . . . . . . . . . . . . . . . . 7 66 7. Operational Considerations . . . . . . . . . . . . . . . . . 8 67 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 68 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 69 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 70 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 71 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 72 11.2. Informative References . . . . . . . . . . . . . . . . . 12 73 Appendix A. Encoding Example . . . . . . . . . . . . . . . . . . 14 74 A.1. Template Record . . . . . . . . . . . . . . . . . . . . . 14 75 A.2. Data Set . . . . . . . . . . . . . . . . . . . . . . . . 15 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 78 1. Introduction 80 IP Flow Information Export (IPFIX) [RFC7011] provides network 81 administrators with traffic flow information using the Information 82 Elements (IEs) defined in [IANA-IPFIX] registries. Based on the 83 traffic flow information, network administrators know the amount and 84 direction of the traffic in their network, and can then optimize 85 their network when needed. For example, the collected information 86 could be used for traffic monitoring, and could optionally be used 87 for traffic optimization according to operator's policy. 89 [IANA-IPFIX] has already defined the following IEs for traffic flow 90 information exporting in different granularities: sourceIPv4Address, 91 sourceIPv4Prefix, destinationIPv4Address, destinationIPv4Prefix, 92 bgpSourceAsNumber, bgpDestinationAsNumber, bgpNextHopIPv4Address, 93 etc. In some circumstances, however, especially when traffic 94 engineering and optimization are executed in Tier 1 or Tier 2 95 operators' backbone networks, traffic flow information based on these 96 IEs may not be completely suitable or sufficient. For example, flow 97 information based on IP address or IP prefix may provide much too 98 fine granularity for a large network. On the contrary, flow 99 information based on AS number may be too coarse. 101 BGP community is a BGP path attribute that includes standard 102 communities [RFC1997], extended communities [RFC4360], and large 103 communities [RFC8092]. The BGP community attribute has a variety of 104 use cases, one of which is to use BGP community with planned specific 105 values to represent groups of customers, services, and geographical 106 or topological regions, as used by operators in their networks. 107 Detailed examples can be found in [RFC4384], [RFC8195] and Section 3 108 of this document. To understand the traffic generated by different 109 kinds of customers, from different geographical or topological 110 regions, by different kinds of customers in different regions, we 111 need the corresponding community information related to the traffic 112 flow information exported by IPFIX. Network traffic statistics at 113 the BGP community granularity are useful not only for the traffic 114 analyzing, but also can then be used by other applications, such as 115 traffic optimization applications located in an IPFIX Collector, SDN 116 controller or PCE. [Community-TE] also states that analyzing network 117 traffic information at the BGP community granularity is preferred for 118 inbound traffic engineering. However, [IANA-IPFIX] lacks IEs defined 119 for the BGP community attribute. 121 Flow information based on BGP community may be collected by an IPFIX 122 Mediator defined in [RFC6183]. IPFIX Mediator is responsible for the 123 correlation between flow information and BGP community. However, no 124 IEs are defined in [RFC6183] for exporting BGP community information 125 in IPFIX. Furthermore, to correlate the BGP community with the flow 126 information, the IPFIX Mediator needs to learn BGP routes and perform 127 lookups in the BGP routing table to get the matching entry for a 128 specific flow. Neither BGP route learning nor routing table lookup 129 are trivial for an IPFIX Mediator. The IPFIX Mediator is mainly 130 introduced to reduce the performance requirement for the Exporter 131 [RFC5982]. In fact, to obtain the information for the already 132 defined BGP related IEs, such as bgpSourceAsNumber, 133 bgpDestinationAsNumber, and bgpNextHopIPv4Address, etc, the Exporter 134 has to hold the up-to-date BGP routing table and perform lookups in 135 the table. The Exporter can obtain the BGP community information in 136 the same procedure, thus the additional load added by exporting BGP 137 community information is minimal if the Exporter is already exporting 138 the existing BGP-related IEs. It is RECOMMENDED that the BGP 139 community information be exported by the Exporter directly using 140 IPFIX. 142 Through running BGP [RFC4271] or BMP [RFC7854] and performing lookups 143 in the BGP routing table to correlate the matching entry for a 144 specific flow, IPFIX Collectors and other applications, such as SDN 145 controller or PCE, can determine the network traffic at the BGP 146 community granularity. However, neither running BGP or BMP protocol 147 nor routing table lookup are trivial for the IPFIX Collectors and 148 other applications. Moreover, correlation between IPFIX flow 149 information and the BGP RIB on the Exporter (such as a router) is 150 more accurate, compared to the correlation on a Collector, since the 151 BGP routing table may be updated when the IPFIX Collectors and other 152 applications receive the IPFIX flow information. And as stated 153 above, the Exporter can obtain the BGP community information during 154 the same procedure when it obtains other BGP related information. So 155 exporting the BGP community information directly by the Exporter to 156 the Collector is both efficient and accurate. If the IPFIX 157 Collectors and other applications only want to determine the network 158 traffic at the BGP community granularity, they do not need to run the 159 full BGP or BMP protocols when the BGP community information can be 160 obtained by IPFIX. However, the BMP protocol has its own application 161 scenario, and the mechanism introduced in this document is not meant 162 to replace it. 164 By introducing new IEs, this draft extends the existing BGP-related 165 IEs to enable IPFIX [RFC7011] to export BGP community information, 166 including the BGP standard communities [RFC1997], BGP extended 167 communities [RFC4360], and BGP large communities [RFC8092]. Flow 168 information, including packetDeltaCount, octetDeltaCount [RFC7012], 169 etc., can then be accumulated and analyzed by the Collector or other 170 applications, such as an SDN controller or PCE [RFC4655], at the BGP 171 community granularity, which is useful for measuring the traffic 172 generated by different kinds of customers, from different 173 geographical or topological regions according to the operator's BGP 174 community plan, and can then be used by the traffic engineering or 175 traffic optimization applications, especially in the backbone 176 network. 178 The IEs introduced in this document are applicable for both IPv4 and 179 IPv6 traffic. Both the Exporter and the IPFIX Mediator can use these 180 IEs to export BGP community information in IPFIX. When needed, the 181 IPFIX Mediator or Collector can use these IEs to report BGP community 182 related traffic flow information it gets either from Exporters or 183 through local correlation to other IPFIX devices. 185 As stated above, the method introduced in this document is not the 186 definitive and the only one to obtain BGP community information 187 related to a specific traffic flow, but a possible, efficient and 188 accurate one. 190 No new BGP community attributes are defined in this document. 192 Note that this document does not update the IPFIX specification 193 [RFC7011] and the Information Model [RFC7012]. Rather, IANA's IPFIX 194 registry [IANA-IPFIX] contains the current complete Information 195 Element reference, per Section 1 of [RFC7012]. 197 Please refer to [IANA-IPFIX] for the complete list of BGP-related 198 IEs. 200 Please refer to Appendix A of this document for the encoding example 201 and Section 3 for a detailed use case. 203 2. Terminology 205 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 206 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 207 "OPTIONAL" in this document are to be interpreted as described in BCP 208 14 [RFC2119] [RFC8174] when, and only when, they appear in all 209 capitals, as shown here. 211 IPFIX-specific terminology used in this document is defined in 212 Section 2 of [RFC7011] and Section 2 of [RFC6183]. 214 BGP standard community: The BGP Communities attribute defined in 215 [RFC1997]. In order to distinguish it from BGP extended communities 216 [RFC4360], and large communities [RFC8092], BGP Communities attribute 217 is called BGP standard community in this document. 219 3. BGP Community-based Traffic Collection 221 [RFC4384] introduces the mechanism of using BGP standard community 222 and extended community to collect the geographical and topological 223 related information in the BGP routing system. [RFC8195] gives some 224 examples of the application of BGP large communities to represent the 225 geographical regions. Since the network traffic at the BGP community 226 granularity represents the traffic generated by different kinds of 227 customers, from different geographical regions according to the 228 network operator's BGP community plan, it is useful for network 229 operators to analyze and optimize the network traffic among different 230 customers and regions. This section gives a use case in which the 231 network operator uses the BGP community-based traffic information to 232 adjust the network paths for different traffic flows. 234 Consider the following scenario, AS C provides a transit connection 235 between ASes A and B. By tagging with different BGP communities, the 236 routes of AS A and B are categorized into several groups respectively 237 in the operator's plan. For example, communities A:X and A:Y are 238 used for the routes originated from different geographical regions in 239 AS A, and communities B:M and B:N are used for the routes 240 representing the different kinds of customers in AS B, such as B:M is 241 for the mobile customers and B:N is for the fixed line customers. By 242 default, all traffic originating from AS A and destined to AS B (we 243 call it traffic A-B) goes through path C1-C2-C3 (call it Path-1) in 244 AS C. When the link between C1 and C2 is congested, we cannot simply 245 steer all the traffic A-B from Path-1 to Path C1-C4-C3 (call it Path- 246 2), because it will cause congestion in Path-2. 248 +----------+ 249 | PCE/SDN | 250 +-------|Controller|-------+ 251 | +----------+ | 252 | | 253 | AS C | 254 | | +----------+ | | 255 | | +---|Router C2 |---+ | | 256 | | | +----------+ | | | 257 AS A | | |100 50| | | AS B 258 +--------+ | +---------+ +---------+ | +--------+ 259 |Router A|--|--|Router C1| |Router C3|--|--|Router B| 260 +--------+ | +---------+ +---------+ | +--------+ 261 Community: | |100 100| | Community: 262 A:X | | +----------+ | | B:M 263 A:Y | +---|Router C4 |---+ | B:N 264 +----------+ 266 Figure 1: BGP Community based Traffic Collection 268 If the PCE/SDN controller in AS C can obtain the network traffic 269 information at the BGP community granularity, it can steer some 270 traffic related to some BGP communities (when we consider only the 271 source or destination of the traffic), or some BGP community pairs 272 (when we consider both the source and the destination of the traffic) 273 from Path-1 to Path-2 according to the utilization of different 274 paths. For instance, steer the traffic generated by community A:X 275 from Path-1 to Path-2 by deploying a route policy at Router C1, or 276 steer the traffic from community A:Y to community B:M from Path-1 to 277 Path-2. Using the IEs defined in this document, IPFIX can export the 278 BGP community information related to a specific traffic flow together 279 with other flow information. The traffic information can then be 280 accumulated at the BGP community granularity and used by the PCE/SDN 281 controller to steer the appropriate traffic from Path-1 to Path-2. 283 4. IEs for BGP Standard Community 285 [RFC1997] defines the BGP Communities attribute, called BGP Standard 286 Community in this document, which describes a group of routes sharing 287 some common properties. BGP Standard Community is treated as 32 bit 288 value as stated in [RFC1997]. 290 In order to export BGP standard community information along with 291 other flow information defined by IPFIX, three new IEs are 292 introduced. One is bgpCommunity, which is used to identify that the 293 value in this IE is a BGP standard community. The other two are 294 bgpSourceCommunityList and bgpDestinationCommunityList, which are 295 both basicList [RFC6313] of bgpCommunity, and are used to export BGP 296 standard community information corresponding to a specific flow's 297 source and destination IP address respectively. 299 The detailed information of the three new IEs are shown in Section 9, 300 IANA Considerations. 302 5. IEs for BGP Extended Community 304 [RFC4360] defines the BGP Extended Communities attribute, which 305 provides a mechanism for labeling the information carried in BGP. 306 Each Extended Community is encoded as an 8-octet quantity with the 307 format defined in [RFC4360]. 309 In order to export BGP Extended Community information together with 310 other flow information by IPFIX, three new IEs are introduced. The 311 first one is bgpExtendedCommunity, which is used to identify that the 312 value in this IE is a BGP Extended Community. The other two are 313 bgpSourceExtendedCommunityList and 314 bgpDestinationExtendedCommunityList, which are both basicList 315 [RFC6313] of bgpExtendedCommunity, and are used to export the BGP 316 Extended Community information corresponding to a specific flow's 317 source and destination IP address respectively. 319 The detailed information of the three new IEs are shown in Section 9, 320 IANA Considerations. 322 6. IEs for BGP Large Community 324 [RFC8092] defines the BGP Large Communities attribute, which is 325 suitable for use with all Autonomous System Numbers (ASNs) including 326 four-octet ASNs. Each BGP Large Community is encoded as a 12-octet 327 quantity with the format defined in [RFC8092]. 329 In order to export BGP Large Community information together with 330 other flow information by IPFIX, three new IEs are introduced. The 331 first one is bgpLargeCommunity, which is used to identify that the 332 value in this IE is a BGP Large Community. The other two are 333 bgpSourceLargeCommunityList and bgpDestinationLargeCommunityList, 334 which are both basicList [RFC6313] of bgpLargeCommunity, and are used 335 to export the BGP Large Community information corresponding to a 336 specific flow's source and destination IP address respectively. 338 The detailed information of the three new IEs are shown in Section 9, 339 IANA Considerations. 341 7. Operational Considerations 343 The maximum length of an IPFIX message is 65535 bytes as per 344 [RFC7011] , and the maximum length of a normal BGP message is 4096 345 bytes as per [RFC4271]. Since BGP communities, including standard, 346 extended, and large communities, are BGP path attributes carried in 347 BGP Update messages, the total length of these attributes can not 348 exceed the length of a BGP message, i.e. 4096 bytes. So one IPFIX 349 message with a maximum length of 65535 bytes has enough space to fit 350 all the communities related to a specific flow, relating to both the 351 source and destination IP addresses. 353 [I-D.ietf-idr-bgp-extended-messages] extends the maximum size of a 354 BGP Update message to 65535 bytes. In that case, the BGP community 355 information related to a specific flow could theoretically exceed the 356 length of one IPFIX message. However, according to information 357 regarding actual networks in the field, the number of BGP communities 358 in one BGP route is usually no more than ten. Nevertheless, BGP 359 speakers that support the extended message SHOULD only convey as many 360 communities as possible without exceeding the 65536-byte limit of an 361 IPFIX message. The Collector which receives an IPFIX message with 362 maximum length and BGP communities contained in its data set SHOULD 363 generate a warning or log message to indicate that the BGP 364 communities may be truncated due to limited message space. In this 365 case, it is recommended to configure the export policy of BGP 366 communities to limit the BGP communities by including or excluding 367 specific communities. 369 If needed, the IPFIX message length could be extended from 16 bits to 370 32 bits to solve this problem completely. The details of increasing 371 the IPFIX message length is out of scope of this document. 373 To align with the size of the BGP extended community and large 374 community attributes, the size of IE bgpExtendedCommunity and 375 bgpLargeCommunity is 8 octets and 12 octets respectively. In the 376 event that the bgpExtendedCommunity or bgpLargeCommunity IE is not of 377 its expected size, the IPFIX Collector SHOULD ignore it. This is 378 intended to protect implementations using BGP logic from calling 379 their parsing routines with invalid lengths. 381 For the proper processing of the Exporter when it receives the 382 template requesting to report the BGP community information (refer to 383 Appendix A for an example), the Exporter SHOULD obtain the 384 corresponding BGP community information through BGP lookup using the 385 corresponding source or destination IP address of the specific 386 traffic flow. When exporting the IPFIX information to the Collector, 387 the Exporter SHOULD include the corresponding BGP communities in the 388 IPFIX message. 390 8. Security Considerations 392 This document defines new IEs for IPFIX. The same security 393 considerations as for the IPFIX Protocol Specification [RFC7011] and 394 Information Model [RFC7012] apply. 396 Systems processing BGP community information collected by IPFIX 397 collectors need to be aware of the use of communities as an attack 398 vector [Weaponizing-BGP], and only include BGP community information 399 in their decisions where they are confident of its validity. Thus we 400 can not assume that all BGP community information collected by IPFIX 401 collectors is credible and accurate. It is RECOMMENDED to use only 402 the IPFIX collected BGP community information that the processing 403 system can trust, for example the BGP communities generated by the 404 consecutive neighboring ASs within the same trust domain as the 405 processing system (for instance, the consecutive neighboring ASs and 406 the processing system are operated by one carrier). 408 [RFC7011] says that the storage of the information collected by IPFIX 409 must be protected and confined its visibility to authorized users via 410 technical as well as policy means to ensure the privacy of the 411 information collected. [RFC7011] also provides mechanisms to ensure 412 the confidentiality and integrity of IPFIX data transferred from an 413 Exporting Process to a Collecting Proces. The mechanism to 414 authenticate IPFIX Collecting and Exporting Processes is provided in 415 [RFC7011], too. If sensitive information is contained in the 416 community information, the above recommendations and mechanisms are 417 recommended to be used. No additional privacy risks are introduced 418 by this standard. 420 9. IANA Considerations 422 This draft specifies the following IPFIX IEs to export BGP community 423 information along with other flow information. 425 The Element IDs for these IEs are requested to be assigned by IANA. 426 The following table is for IANA's use to place in each field in the 427 registry. 429 ---------------------------------------------------------------------- 430 |ElementID| Name | Data Type|Data Type Semantics| 431 |--------------------------------------------------------------------| 432 | TBA1 | bgpCommunity |unsigned32| identifier | 433 |--------------------------------------------------------------------| 434 | TBA2 | bgpSourceCommunityList | basicList| list | 435 |--------------------------------------------------------------------| 436 | TBA3 |bgpDestinationCommunityList| basicList| list | 437 |--------------------------------------------------------------------| 438 | TBA4 | bgpExtendedCommunity |octetArray| default | 439 |--------------------------------------------------------------------| 440 | TBA5 | bgpSourceExtended | | | 441 | | CommunityList | basicList| list | 442 |--------------------------------------------------------------------| 443 | TBA6 | bgpDestinationExtended | | | 444 | | CommunityList | basicList| list | 445 |--------------------------------------------------------------------| 446 | TBA7 | bgpLargeCommunity |octetArray| default | 447 |--------------------------------------------------------------------| 448 | TBA8 |bgpSourceLargeCommunityList| basicList| list | 449 |--------------------------------------------------------------------| 450 | TBA9 | bgpDestinationLarge | | | 451 | | CommunityList | basicList| list | 452 |--------------------------------------------------------------------| 454 ---------------------------------------------------------------------- 455 |ElementID| Description | Units | 456 |--------------------------------------------------------------------| 457 | TBA1 | BGP community as defined in [RFC1997] | | 458 |--------------------------------------------------------------------| 459 | | basicList of zero or more bgpCommunity IEs, | | 460 | TBA2 | containing the BGP communities corresponding| | 461 | | with source IP address of a specific flow | | 462 |--------------------------------------------------------------------| 463 | | basicList of zero or more bgpCommunity IEs, | | 464 | TBA3 |containing the BGP communities corresponding | | 465 | |with destination IP address of a specific flow| | 466 |--------------------------------------------------------------------| 467 | TBA4 |BGP Extended Community as defined in [RFC4360]| | 468 | |The size of this IE MUST be 8 octets | | 469 |--------------------------------------------------------------------| 470 | |basicList of zero or more bgpExtendedCommunity| | 471 | TBA5 |IEs, containing the BGP Extended Communities | | 472 | |corresponding with source IP address of | | 473 | | a specific flow | | 474 |--------------------------------------------------------------------| 475 | |basicList of zero or more bgpExtendedCommunity| | 476 | TBA6 |IEs, containing the BGP Extended Communities | | 477 | | corresponding with destination IP address | | 478 | | of a specific flow | | 479 |--------------------------------------------------------------------| 480 | TBA7 | BGP Large Community as defined in [RFC8092] | | 481 | | The size of this IE MUST be 12 octets. | | 482 |--------------------------------------------------------------------| 483 | | basicList of zero or more bgpLargeCommunity | | 484 | | IEs, containing the BGP Large Communities | | 485 | TBA8 | corresponding with source IP address | | 486 | | of a specific flow | | 487 |--------------------------------------------------------------------| 488 | | basicList of zero or more bgpLargeCommunity | | 489 | | IEs, containing the BGP Large Communities | | 490 | TBA9 | corresponding with destination IP address | | 491 | | of a specific flow | | 492 |--------------------------------------------------------------------| 494 ---------------------------------------------------------------------- 495 |ElementID| Range | References | Requester | Revision | date | 496 |--------------------------------------------------------------------| 497 | TBA1 | | RFC1997 |this draft | 0 | | 498 |--------------------------------------------------------------------| 499 | TBA2 | |RFC6313,RFC1997|this draft | 0 | | 500 |--------------------------------------------------------------------| 501 | TBA3 | |RFC6313,RFC1997|this draft | 0 | | 502 |--------------------------------------------------------------------| 503 | TBA4 | | RFC4360 |this draft | 0 | | 504 |--------------------------------------------------------------------| 505 | TBA5 | |RFC6313,RFC4360|this draft | 0 | | 506 |--------------------------------------------------------------------| 507 | TBA6 | |RFC6313,RFC4360|this draft | 0 | | 508 |--------------------------------------------------------------------| 509 | TBA7 | | RFC8092 |this draft | 0 | | 510 |--------------------------------------------------------------------| 511 | TBA8 | |RFC6313,RFC8092|this draft | 0 | | 512 |--------------------------------------------------------------------| 513 | TBA9 | |RFC6313,RFC8092|this draft | 0 | | 514 |--------------------------------------------------------------------| 516 Figure 2: IANA Considerations 518 10. Acknowledgements 520 The authors would like to thank Benoit Claise and Paul Aitken for 521 their comments and suggestions to promote this document. We also 522 thank Tianran Zhou, Warren Kumari, Jeffrey Haas, Ignas Bagdonas, 523 Stewart Bryant, Paolo Lucente, Job Snijders, Jared Mauch, Rudiger 524 Volk, and Andrew Malis for their discussion, comments, and 525 suggestions to improve this document.. 527 11. References 529 11.1. Normative References 531 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 532 Requirement Levels", BCP 14, RFC 2119, 533 DOI 10.17487/RFC2119, March 1997, 534 . 536 [RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, 537 "Export of Structured Data in IP Flow Information Export 538 (IPFIX)", RFC 6313, DOI 10.17487/RFC6313, July 2011, 539 . 541 [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, 542 "Specification of the IP Flow Information Export (IPFIX) 543 Protocol for the Exchange of Flow Information", STD 77, 544 RFC 7011, DOI 10.17487/RFC7011, September 2013, 545 . 547 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 548 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 549 May 2017, . 551 11.2. Informative References 553 [Community-TE] 554 Shao, W., Devienne, F., Iannone, L., and JL. Rougier, "On 555 the use of BGP communities for fine-grained inbound 556 traffic engineering", Computer Science 27392(1):476-487, 557 November 2015. 559 [I-D.ietf-idr-bgp-extended-messages] 560 Bush, R., Patel, K., and D. Ward, "Extended Message 561 support for BGP", draft-ietf-idr-bgp-extended-messages-27 562 (work in progress), December 2018. 564 [IANA-IPFIX] 565 "IP Flow Information Export (IPFIX) Entities", 566 . 568 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 569 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 570 . 572 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 573 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 574 DOI 10.17487/RFC4271, January 2006, 575 . 577 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 578 Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, 579 February 2006, . 581 [RFC4384] Meyer, D., "BGP Communities for Data Collection", BCP 114, 582 RFC 4384, DOI 10.17487/RFC4384, February 2006, 583 . 585 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation 586 Element (PCE)-Based Architecture", RFC 4655, 587 DOI 10.17487/RFC4655, August 2006, 588 . 590 [RFC5982] Kobayashi, A., Ed. and B. Claise, Ed., "IP Flow 591 Information Export (IPFIX) Mediation: Problem Statement", 592 RFC 5982, DOI 10.17487/RFC5982, August 2010, 593 . 595 [RFC6183] Kobayashi, A., Claise, B., Muenz, G., and K. Ishibashi, 596 "IP Flow Information Export (IPFIX) Mediation: Framework", 597 RFC 6183, DOI 10.17487/RFC6183, April 2011, 598 . 600 [RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model 601 for IP Flow Information Export (IPFIX)", RFC 7012, 602 DOI 10.17487/RFC7012, September 2013, 603 . 605 [RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP 606 Monitoring Protocol (BMP)", RFC 7854, 607 DOI 10.17487/RFC7854, June 2016, 608 . 610 [RFC8092] Heitz, J., Ed., Snijders, J., Ed., Patel, K., Bagdonas, 611 I., and N. Hilliard, "BGP Large Communities Attribute", 612 RFC 8092, DOI 10.17487/RFC8092, February 2017, 613 . 615 [RFC8195] Snijders, J., Heasley, J., and M. Schmidt, "Use of BGP 616 Large Communities", RFC 8195, DOI 10.17487/RFC8195, June 617 2017, . 619 [Weaponizing-BGP] 620 Streibelt, F., Lichtblau, F., Beverly, R., and et al., 621 "Weaponizing BGP Using Communities", November 2018, 622 . 625 Appendix A. Encoding Example 627 In this section, we provide an example to show the encoding format 628 for the new introduced IEs. 630 Flow information, including BGP communities, is shown in the 631 following table. In this example, all the fields are reported by 632 IPFIX. 634 ---------------------------------------------------------------------- 635 | Source |Destination| BGP community | BGP community | 636 | IP | IP | corresponding with | corresponding with | 637 | | | Source IP | Destination IP | 638 ---------------------------------------------------------------------- 639 | 1.1.1.1 | 2.2.2.2 | 1:1001,1:1002,8:1001 | 2:1002,8:1001 | 640 ---------------------------------------------------------------------- 641 | 3.3.3.3 | 4.4.4.4 | 3:1001,3:1002,8:1001 | 4:1001,8:1001 | 642 ---------------------------------------------------------------------- 644 Figure 3: Flow information including BGP communities 646 A.1. Template Record 648 0 1 2 3 649 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 | SET ID = 2 | Length = 24 | 652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 | Template ID = 256 | Field Count = 4 | 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 |0| SourceIPv4Address = 8 | Field length = 4 | 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 |0| DestinationIPv4Address = 12 | Field length = 4 | 658 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 |0| bgpSourceCommunityList= TBA2| Field length = 0xFFFF | 660 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 |0| bgpDestinationCommunityList | Field length = 0xFFFF | 662 | | = TBA3 | | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 665 Figure 4: Template Record Encoding Format 667 In this example, the Template ID is 256, which will be used in the 668 Data Record. The field length for bgpSourceCommunityList and 669 bgpDestinationCommunityList is 0xFFFF, which means the length of this 670 IE is variable, and the actual length of this IE is indicated by the 671 list length field in the basic list format as per [RFC6313]. 673 A.2. Data Set 675 The data set is represented as follows: 677 0 1 2 3 678 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 680 | SET ID = 256 | Length = 92 | 681 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 682 | SourceIPv4Address = 1.1.1.1 | 683 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 684 | DestinationIPv4Address = 2.2.2.2 | 685 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 686 | 255 | List length = 17 |semantic=allof | 687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 688 | bgpCommunity = TBA1 | Field Len = 4 | 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 690 | BGP Source Community Value 1 = 1:1001 | 691 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 692 | BGP Source Community Value 2 = 1:1002 | 693 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 694 | BGP Source Community Value 3 = 8:1001 | 695 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 696 | 255 | List length = 13 |semantic =allof| 697 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 698 | bgpCommunity = TBA1 | Field Len = 4 | 699 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 700 | BGP Destination Community Value 1 = 2:1002 | 701 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 702 | BGP Destination Community Value 2 = 8:1001 | 703 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 704 | SourceIPv4Address = 3.3.3.3 | 705 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 706 | DestinationIPv4Address = 4.4.4.4 | 707 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 708 | 255 | List length = 17 |semantic =allof| 709 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 710 | bgpCommunity = TBA1 | Field Len = 4 | 711 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 712 | BGP Source Community Value 1 = 3:1001 | 713 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 714 | BGP Source Community Value 2 = 3:1002 | 715 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 716 | BGP Source Community Value 3 = 8:1001 | 717 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 718 | 255 | List length = 13 |semantic =allof| 719 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 720 | bgpCommunity = TBA1 | Field Len = 4 | 721 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 722 | BGP Destination Community Value 1 = 4:1001 | 723 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 724 | BGP Destination Community Value 2 = 8:1001 | 725 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 727 Figure 5: Data Set Encoding Format 729 Authors' Addresses 731 Zhenqiang Li 732 China Mobile 733 32 Xuanwumen West Ave, Xicheng District 734 Beijing 100053 735 China 737 Email: li_zhenqiang@hotmail.com 739 Rong Gu 740 China Mobile 741 32 Xuanwumen West Ave, Xicheng District 742 Beijing 100053 743 China 745 Email: gurong_cmcc@outlook.com 747 Jie Dong 748 Huawei Technologies 749 Huawei Campus, No. 156 Beiqing Rd. 750 Beijing 100095 751 China 753 Email: jie.dong@huawei.com