idnits 2.17.1 draft-li-idr-flowspec-srv6-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (10 August 2021) is 983 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 125 -- Looks like a reference, but probably isn't: '1' on line 127 == Unused Reference: 'RFC7153' is defined on line 336, but no explicit reference was found in the text == Outdated reference: A later version (-05) exists of draft-hares-idr-flowspec-v2-02 == Outdated reference: A later version (-23) exists of draft-ietf-idr-flowspec-l2vpn-17 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Z. Li 3 Internet-Draft L. Li 4 Intended status: Standards Track Huawei 5 Expires: 11 February 2022 H. Chen 6 Futurewei 7 C. Loibl 8 Next Layer Communications 9 G. Mishra 10 Verizon Inc. 11 Y. Fan 12 Casa Systems 13 Y. Zhu 14 China Telecom 15 L. Liu 16 Fujitsu 17 X. Liu 18 Volta Networks 19 10 August 2021 21 BGP Flow Specification for SRv6 22 draft-li-idr-flowspec-srv6-06 24 Abstract 26 This document proposes extensions to BGP Flow Specification for SRv6 27 for filtering SRv6 packets that match a sequence of conditions. 29 Requirements Language 31 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 32 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 33 document are to be interpreted as described in [RFC2119]. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at https://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on 11 February 2022. 51 Copyright Notice 53 Copyright (c) 2021 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 58 license-info) in effect on the date of publication of this document. 59 Please review these documents carefully, as they describe your rights 60 and restrictions with respect to this document. Code Components 61 extracted from this document must include Simplified BSD License text 62 as described in Section 4.e of the Trust Legal Provisions and are 63 provided without warranty as described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 4 69 3. The Flow Specification Encoding for SRv6 . . . . . . . . . . 4 70 3.1. Type TBD1 - Some Parts of SID . . . . . . . . . . . . . . 4 71 3.2. Encoding Examples . . . . . . . . . . . . . . . . . . . . 6 72 3.2.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . 6 73 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 74 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 75 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 76 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 77 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 78 7.2. Informative References . . . . . . . . . . . . . . . . . 8 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 81 1. Introduction 83 [RFC8955] describes in details about a new BGP NLRI to distribute a 84 flow specification, which is an n-tuple comprising a sequence of 85 matching criteria that can be applied to IP traffic. [RFC8956] 86 extends [RFC8955] to make it also usable and applicable to IPv6 data 87 packets. [I-D.ietf-idr-flowspec-l2vpn] extends the flow-spec rules 88 for layer 2 Ethernet packets. [I-D.hares-idr-flowspec-v2] specifies 89 BGP Flow Specification Version 2. 91 Segment Routing (SR) for unicast traffic has been proposed to cope 92 with the usecases in traffic engineering, fast re-reroute, service 93 chain, etc. SR architecture can be implemented over an IPv6 data 94 plane using a new type of Segment Routing Header (SRH) 95 [I-D.ietf-6man-segment-routing-header]. SRv6 Network Programming 96 [RFC8986] defines the SRv6 network programming concept and its most 97 basic functions. An SRv6 SID may have the form of LOC:FUNCT:ARGS::. 99 LOC: Each operator is free to use the locator length it chooses. 100 Most often the LOC part of the SID is routable and leads to the node 101 which instantiates that SID. 103 FUNCT: The FUNCT part of the SID is an opaque identification of a 104 local function bound to the SID. (e.g. End: Endpoint, End.X, End.T, 105 End.DX2 etc.). 107 ARGS: A function may require additional arguments that would be 108 placed immediately after the FUNCT. 110 This document specifies one new BGP Flow Specification (FS) component 111 type to support Segment Routing over IPv6 data plane (SRv6) filtering 112 for BGP Flow Specification Version 2. The match field is destination 113 address of IPv6 header, but it's a SID from SRH rather than a 114 traditional IPv6 address (refer to Figure 1). To support these 115 features, a Flowspec version that is IPv6 capable (i.e., AFI = 2) 116 MUST be used. These match capabilities of the features are only 117 permitted to match when there is an accompanying SRH. 119 +-----------------------------+ 120 IPv6 Header| SA | DA |<--Match field of this document 121 +--------------------^--------+ 122 | 123 +--------------------|--------+ 124 | +-------------+ | +-------------------+ 125 | | Segment[0] +-------> Loc | Func | Args | 126 | +-------------+ | +-------------------+ 127 | | Segment[1] | | 128 | +-------------+ | 129 | | ... | | 130 SR Header| +-------------+ | 131 | | Segment[n] | | 132 | +-------------+ | 133 | +-------------+ | 134 | ~ Option TLV ~ | 135 | +-------------+ | 136 +-----------------------------+ 138 Figure 1: Match Field 140 2. Definitions and Acronyms 142 * FS: Flow Specification 144 * BGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS) 146 * SR: Segment Routing 148 * SRH: SR Header. 150 * SRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6 151 packets on the network based on the concept of source routing. 153 * SID: Segment Identifier 155 * BSID: Binding SID 157 3. The Flow Specification Encoding for SRv6 159 The Flow Specification NLRI-type consists of several optional 160 components, each of which begins with a type field (1 octet) followed 161 by a variable length parameter. 13 component types are defined in 162 [RFC8955] and [RFC8956] for IPv4 and IPv6. This document defines one 163 component type for SRv6. 165 3.1. Type TBD1 - Some Parts of SID 167 [RFC8986] defines the format of SID is LOC:FUNCT:ARGS::. In some 168 scenarios, traffic packets can just match Locator, Function ID, 169 Arguments or some combinations of these different fields. In order 170 to match a part of SID, its prior parts need to be examined and 171 matched first. For example, in order to match the Function ID 172 (FUNCT), the Locator (LOC) needs to be examined and matched first. 173 The new component type TBD1 defined below is for matching some parts 174 of SID. 176 Encoding: 178 o type (1 octet): This indicates the new component type (TBD1, which 179 is to be assigned by IANA). 181 o LOC-Len (1 octet): This indicates the length in bits of LOC in 182 SID. 184 o FUNCT-Len (1 octet): This indicates the length in bits of FUNCT in 185 SID. 187 o ARGS-Len (1 octet): This indicates the length in bits of ARGS in 188 SID. 190 o [op, value]+: This contains a list of {operator, value} pairs that 191 are used to match some parts of SID. 193 The total of three lengths (i.e., LOC length + FUNCT length + ARGS 194 length) MUST NOT be greater than 128. If it is greater than 128, an 195 error occurs and Error Handling is applied according to [RFC7606] and 196 [RFC4760]. 198 The operator (op) byte is encoded as: 200 0 1 2 3 4 5 6 7 201 +---+---+---+---+---+---+---+---+ 202 | e | a | field type|lt |gt |eq | 203 +---+---+---+---+---+---+---+---+ 205 where the behavior of each operator bit has clear symmetry with that 206 of [RFC8955]'s Numeric Operator field. 208 e - end-of-list bit. Set in the last {op, value} pair in the 209 sequence. 211 a - AND bit. If unset, the previous term is logically ORed with the 212 current one. If set, the operation is a logical AND. It should be 213 unset in the first operator byte of a sequence. The AND operator has 214 higher priority than OR for the purposes of evaluating logical 215 expressions. 217 field type: 219 000: SID's LOC 221 001: SID's FUNCT 223 010: SID's ARGS 225 011: SID's LOC:FUNCT 227 100: SID's FUNCT:ARGS 229 101: SID's LOC:FUNCT:ARGS 231 For an unknown type, Error Handling is applied according to [RFC7606] 232 and [RFC4760]. 234 lt - less than comparison between data' and value'. 236 gt - greater than comparison between data' and value'. 238 eq - equality between data' and value'. 240 The data' and value' used in lt, gt and eq are indicated by the field 241 type in a operator and the value field following the operator. 243 The value field depends on the field type and has the value of SID's 244 some parts rounding up to bytes (refer to the table below). 246 +-----------------------+------------------------------+ 247 | Field Type | Value | 248 +=======================+==============================+ 249 | SID's LOC | value of LOC bits | 250 +-----------------------+------------------------------+ 251 | SID's FUNCT | value of FUNCT bits | 252 +-----------------------+------------------------------+ 253 | SID's ARGS | value of ARGS bits | 254 +-----------------------+------------------------------+ 255 | SID's LOC:FUNCT | value of LOC:FUNCT bits | 256 +-----------------------+------------------------------+ 257 | SID's FUNCT:ARGS | value of FUNCT:ARGS bits | 258 +-----------------------+------------------------------+ 259 | SID's LOC:FUNCT:ARGS | value of LOC:FUNCT:ARGS bits | 260 +-----------------------+------------------------------+ 262 3.2. Encoding Examples 264 3.2.1. Example 1 266 An example of a Flow Specification NLRI encoding for: all SRv6 267 packets to LOC 2001:db8:3::/48 and FUNCT {range [0100, 0300]}. 269 Some Parts of SID 270 | 271 length v LOC==20010db80003 FUN>=100 FUN<=300 272 0x12 0f 30 10 40 01 2001 0db8 0003 4b 0100 bd 0300 273 ^ ^ ^ 274 | | | 275 Length of LOC FUN ARGS 277 Decoded: 278 Value 279 0x12 length 18 octets (if len<240, 1 octet) 280 TBD1(0x0f) type type TBD1(0x0f) - Some Parts of SID 281 0x30 LOC Length = 48 (bits) 282 0x10 FUNCT Length = 16 (bits) 283 0x40 ARGS Length = 64 (bits) 284 0x01 op LOC == 285 0x2001 value LOC's value = 2001:db8:3 286 0x0db8 287 0x0003 288 0x4b op "AND", FUNCT >= 289 0x0100 value FUNCT's value = 0100 290 0xbd op end-of-list, "AND", FUNCT <= 291 0x0300 value FUNCT's value = 0300 293 4. Security Considerations 295 No new security issues are introduced to the BGP protocol by this 296 specification over the security considerations in [RFC8955] and 297 [RFC8956]. 299 5. IANA Considerations 301 Under "Flow Spec IPv6 Component Types" registry, IANA is requested to 302 assign the following values: 304 +-----------+-------------------+----------------+ 305 | Value | Name | Reference | 306 +-----------+-------------------+----------------+ 307 | TBD1 (15) | Some Parts of SID | This Document | 308 +-----------+-------------------+----------------+ 310 6. Acknowledgments 312 The authors would like to thank Joel Halpern, Jeffrey Haas, Ketan 313 Talaulikar, Aijun Wang, Shunwan Zhuang and Rainsword Wang for their 314 valuable suggestions and comments on this draft. 316 7. References 318 7.1. Normative References 320 [I-D.hares-idr-flowspec-v2] 321 Hares, S. and D. Eastlake, "BGP Flow Specification Version 322 2", Work in Progress, Internet-Draft, draft-hares-idr- 323 flowspec-v2-02, 26 July 2021, . 326 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 327 Requirement Levels", BCP 14, RFC 2119, 328 DOI 10.17487/RFC2119, March 1997, 329 . 331 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 332 "Multiprotocol Extensions for BGP-4", RFC 4760, 333 DOI 10.17487/RFC4760, January 2007, 334 . 336 [RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP 337 Extended Communities", RFC 7153, DOI 10.17487/RFC7153, 338 March 2014, . 340 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 341 Patel, "Revised Error Handling for BGP UPDATE Messages", 342 RFC 7606, DOI 10.17487/RFC7606, August 2015, 343 . 345 [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. 346 Bacher, "Dissemination of Flow Specification Rules", 347 RFC 8955, DOI 10.17487/RFC8955, December 2020, 348 . 350 [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., 351 "Dissemination of Flow Specification Rules for IPv6", 352 RFC 8956, DOI 10.17487/RFC8956, December 2020, 353 . 355 7.2. Informative References 357 [I-D.ietf-6man-segment-routing-header] 358 Filsfils, C., Dukes, D., Previdi, S., Leddy, J., 359 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 360 (SRH)", Work in Progress, Internet-Draft, draft-ietf-6man- 361 segment-routing-header-26, 22 October 2019, 362 . 365 [I-D.ietf-idr-flowspec-l2vpn] 366 Hao, W., Eastlake, D. E., Litkowski, S., and S. Zhuang, 367 "BGP Dissemination of L2 Flow Specification Rules", Work 368 in Progress, Internet-Draft, draft-ietf-idr-flowspec- 369 l2vpn-17, 12 May 2021, . 372 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, 373 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 374 (SRv6) Network Programming", RFC 8986, 375 DOI 10.17487/RFC8986, February 2021, 376 . 378 Authors' Addresses 380 Zhenbin Li 381 Huawei 382 156 Beiqing Road 383 Beijing, 100095 384 P.R. China 386 Email: lizhenbin@huawei.com 388 Lei Li 389 Huawei 390 156 Beiqing Road 391 Beijing 392 100095 393 P.R. China 395 Email: lily.lilei@huawei.com 397 Huaimo Chen 398 Futurewei 399 Boston, MA, 400 United States of America 402 Email: Huaimo.chen@futurewei.com 404 Christoph Loibl 405 Next Layer Communications 406 Mariahilfer Guertel 37/7 407 1150 Vienna 408 Austria 410 Email: cl@tix.at 411 Gyan S. Mishra 412 Verizon Inc. 413 13101 Columbia Pike 414 Silver Spring, MD 20904 415 United States of America 417 Phone: 301 502-1347 418 Email: gyan.s.mishra@verizon.com 420 Yanhe Fan 421 Casa Systems 422 United States of America 424 Email: yfan@casa-systems.com 426 Yongqing Zhu 427 China Telecom 428 109, West Zhongshan Road, Tianhe District 429 Guangzhou 430 510000 431 China 433 Email: zhuyq8@chinatelecom.cn 435 Lei Liu 436 Fujitsu 437 United States of America 439 Email: liulei.kddi@gmail.com 441 Xufeng Liu 442 Volta Networks 443 McLean, VA 444 United States of America 446 Email: xufeng.liu.ietf@gmail.com