idnits 2.17.1 draft-li-idr-flowspec-srv6-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There is 1 instance of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (November 4, 2019) is 1632 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 126 -- Looks like a reference, but probably isn't: '1' on line 128 == Outdated reference: A later version (-22) exists of draft-ietf-idr-flow-spec-v6-09 == Outdated reference: A later version (-27) exists of draft-ietf-idr-rfc5575bis-17 ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) == Outdated reference: A later version (-23) exists of draft-ietf-idr-flowspec-l2vpn-11 Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Z. Li 3 Internet-Draft L. Li 4 Intended status: Standards Track Huawei 5 Expires: May 7, 2020 H. Chen 6 Futurewei 7 C. Loibl 8 Next Layer Communications 9 Y. Zhu 10 China Telecom 11 L. Liu 12 Fujitsu 13 X. Liu 14 Volta Networks 15 November 4, 2019 17 BGP Flow Specification for SRv6 18 draft-li-idr-flowspec-srv6-01 20 Abstract 22 This draft proposes extensions to BGP to distribute traffic Flow 23 Specifications for SRv6 for filtering SRv6 packets that match a 24 sequence of conditions. 26 Requirements Language 28 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 29 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 30 document are to be interpreted as described in [RFC2119]. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at https://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on May 7, 2020. 49 Copyright Notice 51 Copyright (c) 2019 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (https://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3 68 3. The Flow Specification Encoding for SRv6 . . . . . . . . . . 4 69 3.1. Type TBD1 - Whole SID . . . . . . . . . . . . . . . . . . 4 70 3.2. Type TBD2 - Some bits of SID . . . . . . . . . . . . . . 5 71 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 72 5. IANA . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 73 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 74 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 75 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 76 7.2. Informative References . . . . . . . . . . . . . . . . . 7 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 79 1. Introduction 81 BGP Flow Specification (BGP-FS) [RFC5575] defines a new BGP NLRI to 82 distribute a flow specification, which is an n-tuple comprising a 83 sequence of matching criteria that can be applied to IP traffic. It 84 defines a minimum set of filtering actions as BGP extended community 85 values [RFC4360] that modify the traffic packet and forwards/drops 86 the packet. [I-D.ietf-idr-rfc5575bis] gives more details about them. 87 The NLRI (AFI=1, SAFI=133) is for IPv4 unicast flow specification and 88 NLRI (AFI=1, SAFI=134) is for BGP/MPLS VPNv4 flow specification. 89 [I-D.ietf-idr-flow-spec-v6] redefines the [RFC5575] SAFIs to make 90 them AFI specific and applicable to both IPv4 and IPv6 applications. 91 [I-D.ietf-idr-flowspec-l2vpn] extends the flow-spec rules for layer 2 92 Ethernet packets. 94 Segment Routing (SR) for unicast traffic has been proposed to cope 95 with the usecases in traffic engineering, fast re-reroute, service 96 chain, etc. SR architecture can be implemented over an IPv6 data 97 plane using a new type of Segment Routing Header (SRH) 98 [I-D.ietf-6man-segment-routing-header]. SRv6 Network Programming 99 [I-D.filsfils-spring-srv6-network-programming] defines the SRv6 100 network programming concept and its most basic functions. SRv6 SID 101 may have the form of LOC:FUNCT:ARGS::. 103 LOC: Each operator is free to use the locator length it chooses. 104 Most often the LOC part of the SID is routable and leads to the node 105 which instantiates that SID. 107 FUNCT: The FUNCT part of the SID is an opaque identification of a 108 local function bound to the SID. (e.g. End: Endpoint, End.X, End.T, 109 End.DX2 etc.). 111 ARGS: A function may require additional arguments that would be 112 placed immediately after the FUNCT. 114 This document specifies a couple of new BGP-FS component types to 115 support Segment Routing over IPv6 data plane (SRv6) filtering. The 116 match field is destination address of IPv6 header, but it's a SID 117 copy from SRH rather than a traditional IPv6 address (refer to the 118 figure below). 120 +-----------------------------+ 121 IPv6 Header| SA | DA |<--Match field of this document 122 +--------------------^--------+ 123 | 124 +--------------------|--------+ 125 | +-------------+ | +-------------------+ 126 | | Segment[0] +-------> Loc | Func | Args | 127 | +-------------+ | +-------------------+ 128 | | Segment[1] | | 129 | +-------------+ | 130 | | ... | | 131 SR Header| +-------------+ | 132 | | Segment[n] | | 133 | +-------------+ | 134 | +-------------+ | 135 | ~ Option TLV ~ | 136 | +-------------+ | 137 +-----------------------------+ 139 2. Definitions and Acronyms 141 o FS: Flow Specification 143 o SR: Segment Routing 144 o SRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6 145 packets on the network based on the concept of source routing. 147 o SID: Segment Identifier 149 o BSID: Binding SID 151 3. The Flow Specification Encoding for SRv6 153 The Flow Specification NLRI-type consists of several optional 154 components, each of which begins with a type field (1 octet) followed 155 by a variable length parameter. [RFC5575] defines 12 component types 156 for IPv4. IPv6 NLRI component types are described in 157 [I-D.ietf-idr-flow-spec-v6]. This document defines two new component 158 types for SRv6. 160 3.1. Type TBD1 - Whole SID 162 Encoding: 164 Contains a list of {operator, value} pairs that are used to match the 165 SID/binding SID or a range of whole SID. 167 The operator byte is encoded as: 169 0 1 2 3 4 5 6 7 170 +---+---+---+---+---+---+---+---+ 171 | e | a |lt |gt |eq | reserve | 172 +---+---+---+---+---+---+---+---+ 174 Where: 176 e - end-of-list bit. Set in the last {op, value} pair in the 177 sequence. 179 a - AND bit. If unset, the previous term is logically ORed with the 180 current one. If set, the operation is a logical AND. It should be 181 unset in the first operator byte of a sequence. The AND operator has 182 higher priority than OR for the purposes of evaluating logical 183 expressions. 185 lt - less than comparison between data and value. 187 gt - greater than comparison between data and value. 189 eq - equality between data and value. 191 The bits lt, gt, and eq can be combined to match the SID or a range 192 of SID (e.g. less than SID1 and greater than SID2). 194 The value field is encoded as: 196 0 1 2 3 197 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 198 +---------------------------------------------------------------+ 199 ~ SID(128bits) ~ 200 +---------------------------------------------------------------+ 202 The format of SID is described in 203 [I-D.ietf-6man-segment-routing-header] and 204 [I-D.filsfils-spring-srv6-network-programming] 206 3.2. Type TBD2 - Some bits of SID 208 For some scenarios route policy with the whole 128 bits SID matching 209 is too long and not necessary. 210 [I-D.filsfils-spring-srv6-network-programming] defines the format of 211 SID is LOC:FUNCT:ARGS::. In some scenarios, traffic packets can just 212 match Locator, Function ID, Argument or some combinations of these 213 different fields rather than whole 128 bits SID. The new component 214 type TBD2 defined below is for matching some bits of SID. 216 Encoding: 218 Contains a list of {operator, value} pairs that are used to match 219 some bits of SID. 221 The operator byte is encoded as: 223 0 1 2 3 4 5 6 7 224 +---+---+---+---+---+---+---+---+ 225 | e | a | type |reserve| 226 +---+---+---+---+---+---+---+---+ 228 Where: 230 e - end-of-list bit. Set in the last {op, value} pair in the list. 232 a - AND bit. If unset, the previous term is logically ORed with the 233 current one. If set, the operation is a logical AND. It should be 234 unset in the first operator byte of a sequence. The AND operator has 235 higher priority than OR for the purposes of evaluating logical 236 expressions. 238 type: 240 0000 : SID's LOC bits 242 0001 : SID's FUNCT bits 244 0010 : SID's LOC:FUNCT bits 246 0011 : SID's FUNCT:ARGS bits 248 The value field is encoded below as the lengths in bits of LOC, FUNCT 249 and ARGS followed by the SID rounding up to bytes: 251 0 1 2 3 252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | LOC Length | FUNCT Length | ARGS Length | SID | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 256 ~ SID(continue) ~ 257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 Where: 261 LOC Length : 1-octet field indicating the length in bits of LOC in 262 SID. 264 FUNCT Length : 1-octet field indicating the length in bits of FUNCT 265 in SID. 267 ARGS Length : 1-octet field indicating the length in bits of ARGS in 268 SID. 270 SID : the SID containing LOC, FUNCT and ARGS, and rounding up to 271 bytes. 273 4. Security Considerations 275 No new security issues are introduced to the BGP protocol by this 276 specification. 278 5. IANA 280 Under "Flow Spec Component Types" registry, IANA is requested to 281 assign the following values: 283 +-----------+-------------------+----------------+ 284 | Value | Name | Reference | 285 +-----------+-------------------+----------------+ 286 | TBD1 (15) | Whole SID | This Document | 287 +-----------+-------------------+----------------+ 288 | TBD2 (16) | Some bits of SID | This Document | 289 +-----------+-------------------+----------------+ 291 6. Acknowledgments 293 The authors would like to thank Shunwan Zhuang and Rainsword Wang for 294 their valuable suggestions and comments on this draft. 296 7. References 298 7.1. Normative References 300 [I-D.ietf-idr-flow-spec-v6] 301 McPherson, D., Raszuk, R., Pithawala, B., 302 akarch@cisco.com, a., and S. Hares, "Dissemination of Flow 303 Specification Rules for IPv6", draft-ietf-idr-flow-spec- 304 v6-09 (work in progress), November 2017. 306 [I-D.ietf-idr-rfc5575bis] 307 Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. 308 Bacher, "Dissemination of Flow Specification Rules", 309 draft-ietf-idr-rfc5575bis-17 (work in progress), June 310 2019. 312 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 313 Requirement Levels", BCP 14, RFC 2119, 314 DOI 10.17487/RFC2119, March 1997, 315 . 317 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 318 Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, 319 February 2006, . 321 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 322 and D. McPherson, "Dissemination of Flow Specification 323 Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, 324 . 326 7.2. Informative References 328 [I-D.filsfils-spring-srv6-network-programming] 329 Filsfils, C., Camarillo, P., Leddy, J., 330 daniel.voyer@bell.ca, d., Matsushima, S., and Z. Li, "SRv6 331 Network Programming", draft-filsfils-spring-srv6-network- 332 programming-07 (work in progress), February 2019. 334 [I-D.ietf-6man-segment-routing-header] 335 Filsfils, C., Dukes, D., Previdi, S., Leddy, J., 336 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 337 (SRH)", draft-ietf-6man-segment-routing-header-26 (work in 338 progress), October 2019. 340 [I-D.ietf-idr-flowspec-l2vpn] 341 Weiguo, H., Eastlake, D., Uttaro, J., Litkowski, S., and 342 S. Zhuang, "BGP Dissemination of L2VPN Flow Specification 343 Rules", draft-ietf-idr-flowspec-l2vpn-11 (work in 344 progress), July 2019. 346 Authors' Addresses 348 Zhenbin Li 349 Huawei 350 156 Beiqing Road 351 Beijing, 100095 352 P.R. China 354 Email: lizhenbin@huawei.com 356 Lei Li 357 Huawei 358 156 Beiqing Road 359 Beijing 100095 360 P.R. China 362 Email: lily.lilei@huawei.com 364 Huaimo Chen 365 Futurewei 366 Boston, MA 367 USA 369 Email: Huaimo.chen@futurewei.com 370 Christoph Loibl 371 Next Layer Communications 372 Mariahilfer Guertel 37/7 373 Vienna 1150 374 AT 376 Email: cl@tix.at 378 Yongqing 379 China Telecom 380 109, West Zhongshan Road, Tianhe District 381 Guangzhou 510000 382 China 384 Email: zhuyq.gd@chinatelecom.cn 386 Lei Liu 387 Fujitsu 388 USA 390 Email: liulei.kddi@gmail.com 392 Xufeng Liu 393 Volta Networks 394 McLean, VA 395 USA 397 Email: xufeng.liu.ietf@gmail.com