idnits 2.17.1 draft-li-idr-flowspec-populate-to-fib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC5575, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: o The populated FlowSpec rules in the FIB MUST not be overridden by IGP or BGP updates. (Using the creation date from RFC5575, updated by this document, for RFC5378 checks: 2007-08-15) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 3, 2018) is 2245 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-27) exists of draft-ietf-idr-rfc5575bis-06 ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR Z. Li 3 Internet-Draft China Mobile 4 Updates: 5575 (if approved) J. Dong 5 Intended status: Standards Track S. Zhuang 6 Expires: September 4, 2018 Huawei Technologies 7 March 3, 2018 9 Populate to FIB Action for FlowSpec 10 draft-li-idr-flowspec-populate-to-fib-02 12 Abstract 14 A bit, F bit, is defined in traffic action extended community, which 15 is used by FlowSpec to indicate the associated specifications be 16 populated in FIB (Forwarding Information Base) after appropriate 17 process. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on September 4, 2018. 36 Copyright Notice 38 Copyright (c) 2018 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 55 3. Populate to FIB Action . . . . . . . . . . . . . . . . . . . 3 56 4. Implementation Considerations . . . . . . . . . . . . . . . . 3 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 7. Normative References . . . . . . . . . . . . . . . . . . . . 4 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 62 1. Introduction 64 BGP FlowSpec [RFC5575] provides a flexible mechanism to distribute 65 traffic flow specifications, where the matching rules are encoded in 66 the Border Gateway Protocol Network Layer Reachability Information 67 (BGP NLRI) with defined new format and the corresponding actions are 68 encoded in BGP Extended communities. 70 In routers, traffic flow specifications distributed by BGP FlowSpec 71 [RFC5575] are stored in distinct set of RIBs (Routing Information 72 Base) according to their (AFI, SAFI) pairs. These RIBs are then 73 populated to the dedicated hardware (most of them are TCAM based) 74 usually shared with ACLs (Access Control Lists). The dedicated 75 hardware is much more expensive and space limited when compared with 76 the hardware used to store the FIB (Forwarding Information Base), 77 which is usually sufficient to fit several millions of FIB entries. 78 Although in some implementations, the hardware used to populate 79 traffic flow specifications and FIB entries is the same, the size for 80 each parts is fixed at design stage. As the number of ACL rules and 81 FlowSpec specifications increases, especially when FlowSpec is used 82 for dynamic traffic flow steering, which is one of the three BGP 83 FlowSpec applications listed in [RFC5575] and 84 [I-D.ietf-idr-rfc5575bis], hardware space requirement of FlowSpec 85 specifications in the field network may exceed the size of the 86 dedicated hardware. To save the limited and expensive space of the 87 dedicated hardware, it is better to populate some FlowSpec 88 specifications to FIB if possible. The destination prefix based 89 FlowSpec specifications, for example, are suitable to be populated to 90 FIB. 92 However, there is no method in the current version of BGP FlowSpec 93 [RFC5575] and RFC5575bis [I-D.ietf-idr-rfc5575bis] to indicate the 94 associated specifications are suitable to be populated to FIB. This 95 document defines a new bit, F bit (populate to FIB), in 0x8007 96 traffic action extended community to satisfy the requirement. 98 2. Requirements Language 100 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 101 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 102 document are to be interpreted as described in [RFC2119]. 104 3. Populate to FIB Action 106 F bit, populate to FIB bit, is defined in 0x8007 traffic action 107 extended community [RFC5575] to indicate the associated BGP FlowSpec 108 specifications are suitable to be populated to FIB. Thus the space 109 of the dedicated hardware that is used to store the BGP FlowSpec 110 specifications can be saved for other kinds of BGP FlowSpec 111 specifications and ACL rules. 113 The encoding format of the traffic action extended community with F 114 bit is shown below. The F bit is solicited to be assigned by IANA. 116 40 41 42 43 44 45 46 47 117 +---+---+---+---+---+---+---+---+ 118 | reserved | F | S | T | 119 +---+---+---+---+---+---+---+---+ 121 Traffic-action extended community consists of 2 bytes for type and 122 subtype, the value of which MUST be 0x8007, and 6 bytes for value, of 123 which only the 3 least significant bits of the 6th byte (from left to 124 right) are currently defined. S and T are defined in BGP FlowSpec 125 [RFC5575]. F is defined as: 127 o F: Populate to FIB Action (bit 45, to be assined by IANA): When 128 this bit is set, the associated BGP FlowSpec specifications SHOULD 129 be populated to FIB. If not set, the associated BGP FlowSpec 130 specifications MUST NOT be populated to FIB. If this bit is set 131 and the associated BGP FlowSpec specifications can not be 132 populated to FIB, the associated BGP FlowSpec specifications MUST 133 be ignored. 135 4. Implementation Considerations 137 FlowSpec rules are ordering sensitive. After ordering processing as 138 per section 5.1 of [RFC5575], they are searched sequentially until a 139 matching rule is found. FIB entries, on the contrary, have no 140 ordering implication. Longest prefix matching is the rule to choose 141 the matching FIB entry. Only the destination prefix based, F bit 142 tagged FlwoSpec rules that pass the validation (as per section 6 of 144 [RFC5575]) and ordering (as per section 5.1 of [RFC5575]) processing 145 are suitable to be populated into FIB. When populating a FlowSpec 146 rule into FIB, the following facts have to be taken into account. 148 o FlowSpec rules have higher priority than corresponding IGP and BGP 149 routing entries. 151 o When populating the FIB, the FlowSpec rules with F bit tagged are 152 preferred than the corresponding IGP and BGP routing entries. 154 o When a FlowSpec rule is being populated into FIB, the FIB entries, 155 including those come from IGP or BGP updates, covered by this 156 FlowSpec rule MUST be removed or replaced by this FlowSpec rule. 158 o The populated FlowSpec rules in the FIB MUST not be overridden by 159 IGP or BGP updates. 161 5. Security Considerations 163 This document defines a new bit in the traffic action extended 164 community to indicate the associated BGP FlowSpec specifications 165 SHOULD be populated to FIB directly. This bit does not introduce any 166 new security issues. The same security considerations as for the BGP 167 FlowSpec [RFC5575] applies. 169 6. IANA Considerations 171 One bit, F bit, is solicited to be assigned from Traffic Action 172 Fields registry. This bit is used by BGP FlowSpec to indicate the 173 associated BGP FlowSpec specifications SHOULD be populated to FIB 174 directly. 176 7. Normative References 178 [I-D.ietf-idr-rfc5575bis] 179 Hares, S., Loibl, C., Raszuk, R., McPherson, D., and M. 180 Bacher, "Dissemination of Flow Specification Rules", 181 draft-ietf-idr-rfc5575bis-06 (work in progress), October 182 2017. 184 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 185 Requirement Levels", BCP 14, RFC 2119, 186 DOI 10.17487/RFC2119, March 1997, 187 . 189 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 190 and D. McPherson, "Dissemination of Flow Specification 191 Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, 192 . 194 Authors' Addresses 196 Zhenqiang Li 197 China Mobile 198 No.32 Xuanwumenxi Ave., Xicheng District 199 Beijing 100032 200 P.R. China 202 Email: li_zhenqiang@hotmail.com 204 Jie Dong 205 Huawei Technologies 206 Huawei Campus, No. 156 Beiqing Rd. 207 Beijing 100095 208 China 210 Email: jie.dong@huawei.com 212 Shunwan Zhuang 213 Huawei Technologies 214 Huawei Campus, No. 156 Beiqing Rd. 215 Beijing 100095 216 China 218 Email: zhuangshunwan@huawei.com