idnits 2.17.1 draft-zzhang-idr-bgp-rt-constrains-extension-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC4684, but the abstract doesn't seem to directly say this. It does mention RFC4684 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. (Using the creation date from RFC4684, updated by this document, for RFC5378 checks: 2004-06-02) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (21 April 2021) is 1073 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '01' on line 272 == Unused Reference: 'RFC5398' is defined on line 642, but no explicit reference was found in the text == Unused Reference: 'RFC8126' is defined on line 660, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) == Outdated reference: A later version (-22) exists of draft-ietf-idr-tunnel-encaps-21 == Outdated reference: A later version (-11) exists of draft-ietf-idr-wide-bgp-communities-05 == Outdated reference: A later version (-01) exists of draft-zzhang-idr-bitmask-route-target-00 Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 idr Z. Zhang 3 Internet-Draft J. Haas 4 Updates: 4684 (if approved) Juniper Networks 5 Intended status: Standards Track 21 April 2021 6 Expires: 23 October 2021 8 Generic Route Constraint Distribution Mechanism for BGP 9 draft-zzhang-idr-bgp-rt-constrains-extension-02 11 Abstract 13 This document defines a mechanism based upon Constrained Route 14 Distribution for BGP (RFC 4684) that works with various types of BGP 15 Community-like Path Attributes. Similar to RFC 4684, this mechanism 16 can be used to build a route distribution graph to limit the 17 propagation of BGP Routes. Unlike RFC 4684, this mechanism is not 18 restricted to BGP Extended Communities (RFC 4360). 20 Requirements Language 22 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 23 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 24 "OPTIONAL" in this document are to be interpreted as described in BCP 25 14 [RFC2119] [RFC8174] when, and only when, they appear in all 26 capitals, as shown here. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on 23 October 2021. 45 Copyright Notice 47 Copyright (c) 2021 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 52 license-info) in effect on the date of publication of this document. 53 Please review these documents carefully, as they describe your rights 54 and restrictions with respect to this document. Code Components 55 extracted from this document must include Simplified BSD License text 56 as described in Section 4.e of the Trust Legal Provisions and are 57 provided without warranty as described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 1.1. Constrained Route Distribution . . . . . . . . . . . . . 2 63 1.2. Brief Summary of Constrained Route Distribution 64 Procedure . . . . . . . . . . . . . . . . . . . . . . . . 3 65 1.3. Need for a Generic Route Constraint Distribution 66 Mechanism . . . . . . . . . . . . . . . . . . . . . . . . 4 67 2. Community-like Attributes . . . . . . . . . . . . . . . . . . 5 68 2.1. Definition of Community-like Attributes . . . . . . . . . 5 69 2.2. Prefix Structure of BGP Community-like Attributes . . . . 5 70 3. Specification . . . . . . . . . . . . . . . . . . . . . . . . 7 71 3.1. NLRI Definition . . . . . . . . . . . . . . . . . . . . . 7 72 3.2. NLRI Length Encoding . . . . . . . . . . . . . . . . . . 7 73 3.3. Operation . . . . . . . . . . . . . . . . . . . . . . . . 8 74 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8 75 4.1. IPv6 Specific Extended Communities . . . . . . . . . . . 8 76 4.2. Large BGP Communities . . . . . . . . . . . . . . . . . . 9 77 4.3. Bitmask Route Target . . . . . . . . . . . . . . . . . . 10 78 4.3.1. AS Number Bitmask Route Target . . . . . . . . . . . 11 79 4.3.2. IPv6 Address Bitmask Route Target . . . . . . . . . . 11 80 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 81 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 82 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 83 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 84 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 85 8.2. Informative References . . . . . . . . . . . . . . . . . 13 86 Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . 15 87 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 15 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 90 1. Introduction 92 1.1. Constrained Route Distribution 94 In BGP/MPLS Layer 3 VPNs [RFC4364], Route Target Extended Communities 95 [RFC4360] are used to control VPN membership. Networks providing VPN 96 services may be large. In such networks, VPN routes for a given VPN 97 may be only needed at a small subset of Provider Edge (PE) routers. 99 The Constrained Route Distribution feature [RFC4684] assists in 100 scaling such large VPN networks by building a distribution graph of 101 VPN routes through the BGP routing infrastructure. Much of the 102 benefit of this feature comes from BGP routers, such as Route 103 Reflectors [RFC4456], avoiding the work of sending all VPN routes to 104 a PE that may simply discard unneeded routes. Instead, the PE may 105 receive only the VPN routes for VPNs located on that PE. 107 1.2. Brief Summary of Constrained Route Distribution Procedure 109 BGP Speakers implementing [RFC4684] advertise their interest in 110 receiving VPN routes that contain specific Route Target Extended 111 Communities by advertising Route Target membership NLRI. 113 The format of the Route Target membership NLRI in [RFC4684] follows. 114 It may be of length from 0 to 96 bits. 116 +-------------------------------+ 117 | Origin AS (4 octets) | 118 +-------------------------------+ 119 | Route Target (8 octets) | 120 + + 121 | | 122 +-------------------------------+ 124 The Origin AS contains the Autonomous System number of the originator 125 of this NLRI. 127 The Route Target contains a BGP Route Target Extended Community, or a 128 prefix of a BGP Route Target Extended Community. 130 Route Target membership NLRI act as a filter mechanism on VPN routes. 131 The BGP Speaker receiving these Route Target membership NLRI from 132 another BGP Speaker will propagate VPN routes that match these 133 membership NLRI. VPN routes that do not match these membership NLRI 134 will not be propagated. 136 The propagation of Route Target membership NLRI from an originating 137 PE router to other interested BGP Speakers builds a distribution 138 graph for VPN routes matching the desired Route Targets. 140 1.3. Need for a Generic Route Constraint Distribution Mechanism 142 Since BGP/MPLS Layer 3 VPNs were introduced, many new BGP VPN 143 features have been created that leverage the original concepts in 144 [RFC4364]. While many of these new features similarly use Route 145 Target Extended Communities for VPN membership, some use other 146 Extended Communities. That is, they utilize a different Type/Sub- 147 Type code than those defined in [RFC4360]. 149 While [RFC4684] is explicit about being utilized for Route Targets, 150 the definition of a Route Target has become more fluid as VPN 151 features have been introduced; for example, ES-Import from [RFC7432]. 152 It could be observed that that [RFC4684] is capable of being used on 153 any type of [RFC4360] BGP Extended Community, for any VPN route type. 154 However, other attributes are coming to be used for idenitifying VPN 155 routes and a procedure that is only applicable to Extended 156 Communities cannot be used. 158 [RFC5701] introduced the IPv6 Address Specific BGP Extended Community 159 Attribute. This type of BGP Community permits the encoding of an 160 IPv6 address as the Global Administrator of a route. Similar to the 161 [RFC4360] Extended Communities, the IPv6 Address Specific type 162 carries a Type and Sub-Type field. One of the Type/Sub-Type 163 allocations is for an IPv6 address specific Route Target. This 164 permits operators to leverage IPv6 addressing when building their 165 VPNs. 167 IPv6 Extensions for Route Target Distribution 168 [I-D.ietf-idr-bgp-ipv6-rt-constrain] proposes to permit matching for 169 IPv6 address specific Extended Communities using [RFC4684] by 170 overloading the NLRI length for Route Target membership NLRI for NLRI 171 longer than 96 bits. (See [RFC4684], Section 4.) However, this 172 doesn't account for Route Target membership NLRI length shorter than 173 96 bits. These shorter prefixes permit matching of many more 174 specific Route Targets from a less specific Route Target membership 175 BGP Route. Therefore, a different mechanism is needed for safely 176 matching IPv6 address specific Route Targets. 178 The simplest change would be to utilize a new AFI/SAFI for IPv6 Route 179 Target Distribution that only matches IPv6 address specific Route 180 Targets. It can be further observed that various forms of BGP 181 "Community" types continue to evolve to suit a variety of BGP route 182 filtering needs, including those not intended for VPN services. 183 Examples of these include BGP Large Communities [RFC8092], BGP Wide 184 Communities [I-D.ietf-idr-wide-bgp-communities], and Bitmask Route 185 Targets [I-D.zzhang-idr-bitmask-route-target]. 187 This document proposes a mechanism to match arbitrary BGP Community- 188 like attributes, including those with Route Target-like semantics, 189 for building Constrained Route Distribution graphs for BGP routes 190 containing those attributes. 192 2. Community-like Attributes 194 2.1. Definition of Community-like Attributes 196 BGP Communities were originally introduced in [RFC1997]. That RFC 197 contains the definition, "A community is a group of destinations 198 which share some common property." Recall that in BGP-4 [RFC4271], a 199 BGP Route is defined as a pairing of destinations (NLRI) with Path 200 Attributes. 202 In practice, a Community is implemented as an element of a BGP Path 203 Attribute that is used to mark a prefix in a way that protocol and 204 BGP policy mechanisms may be used to interact with that BGP Route. 206 Since [RFC1997], this idea of marking BGP Routes has been extended to 207 other mechanisms such as BGP Extended Communities [RFC4360], and BGP 208 Large Communities [RFC8092]. Other similar mechanisms are regularly 209 considered for standardization. 211 For purposes of this document, a Community-like Attribute (CLA) has 212 the semantics of being an attribute of a BGP Path Attribute that is 213 intended to interact with protocol mechanisms and may enable policy 214 mechanisms to interact with that BGP Route. Thus, classic [RFC1997] 215 BGP Communities, BGP Extended Communities, and Large BGP Communities 216 are all CLAs. 218 2.2. Prefix Structure of BGP Community-like Attributes 220 [RFC4684] provides for matching less-specific BGP Extended 221 Communities by utilizing a shorter NLRI length for the Route Target 222 membership NLRI. To highlight situations where such summarization is 223 useful, consider the various forms of Route Target extended community 224 from [RFC4360]. In each of those types, the Sub-Type field is 0x02, 225 with the Type selecting the format: 227 * 0x00 - 2-octet Global Administrator field, 4-octet Local 228 Administrator field. 230 * 0x01 - 4-octet Global Administrator field, 2-octet Local 231 Administrator field. 233 * 0x02 - 4-octet IPv4 Address Global Administrator field, 2-octet 234 Local Administrator field. 236 The Global Administrator field for Route Targets is typically an 237 Autonomous System number. 239 Summarization offers several useful options where the Sub-Type of the 240 Route Target Extended Community is 0x02. Examples include: 242 * Type = 0x00 and NLRI length = 48: Match all 2-octet Global 243 Administrator fields of a given value; for example Origin AS 244 64511:Route Target 64496:*. 246 * Type = 0x01 and NLRI length = 64: Match all 4-octet Global 247 Administrator fields of a given value; for example Origin AS 248 64511:Route Target 65551:*. 250 * Type = 0x03 and NLRI length = 88: Match all IPv4 Address Global 251 Administrator fields of a given value; for example Origin AS 252 64511:Route Target 192.0.2.*:*. 254 Similarly, for inter-domain purposes, matching all Route Target 255 Membership NLRI for a given Origin AS may be useful: 257 * NLRI length = 32; for example Origin AS 64511:*. This matches all 258 classes of Extended Community originated from AS 64511. 260 * NLRI length = 44; for example Origin AS 64511:0x0002:*. This 261 matches all Extended Communities originated from AS 64511 that 262 have the first two octets as 0x0002, which includes the class of 263 Extended Communities that are 2-octet Global Administrator Route 264 Target types. 266 It's even possible to utilize a Prefix Length that splits a well 267 defined field. When the structure of that field is understood, 268 clever operators may be able to generate summaries. It should be 269 noted that understanding the intent of such summarization may be 270 difficult to discern from the NLRI in question. Some examples: 272 * NLRI length = 31; for example Origin AS 6451[01]:*. This matches 273 all classes of Extended Community originated from Origin ASes 274 64510 and 64511. 276 * NLRI length = 47; for example Origin AS 64511:0x0002:*. This 277 matches all two-octet AS-Specific Extended Communities originated 278 from AS 64511 that include Route Targets (0x02) and Route Origins 279 (0x03). 281 The purpose of highlighting that a variable NLRI length can be 282 applied in these ways is to demonstrate the flexibility of 283 summarization. This is most true when the structure of that 284 attribute is arranged most general to most specific; that is, Global 285 to Local Admin as we have in Extended Communities. 287 3. Specification 289 3.1. NLRI Definition 291 To support applying Constrained Route Distribution procedures to BGP 292 Community-like attributes, the following NLRI is defined. The 293 "Generic Route Constraint Distribution Mechanism" NLRI uses a new 294 SAFI (TBD) with the following format: 296 0 1 2 3 297 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 | Origin AS (4 octets) | 300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 301 | CLA Selector (2 octets) | 302 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 303 ~ CLA Value (variable) ~ 304 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 It can be observed that the format of this NLRI emulates the format 307 of the Route Target membership NLRI from [RFC4684], with the addition 308 of the CLA selector to permit the recipient to correctly interpret 309 the CLA value. 311 3.2. NLRI Length Encoding 313 To support potentially large Community-like Values, the NLRI length 314 field is encoded using 1 or 2 octets using the same mechanism as 315 [RFC5575], Section 4. The text from that RFC is copied here: 317 If the NLRI length value is smaller than 240 (0xf0 hex), 318 the length field can be encoded as a single octet. 319 Otherwise, it is encoded as an extended-length 2-octet 320 value in which the most significant nibble of the first 321 byte is all ones. 323 In the figure above, values less-than 240 are encoded 324 using two hex digits (0xnn). Values above 240 are encoded 325 using 3 hex digits (0xfnnn). The highest value that can 326 be represented with this encoding is 4095. The value 241 327 is encoded as 0xf0f1. 329 3.3. Operation 331 The two-octet CLA Selector identifies the type of Community-like 332 attribute in a BGP route to apply the Constrained Route Distribution 333 procedures to. The value of this field, registered with IANA, may 334 identify Community-like attributes that exist in a given BGP Path 335 Attribute, or internal fields of structured BGP Path Attributes. 336 Examples of a stand-alone BGP Path Attribute may be [RFC1997] classic 337 BGP Communities or [RFC8092] Large BGP Communities. Examples of 338 internal community values may be Bitmask Route Targets 339 [I-D.zzhang-idr-bitmask-route-target] defined inside a BGP Wide 340 Community Container, or newly defined sub-TLVs in a BGP Tunnel 341 Encapsulation Attribute [I-D.ietf-idr-tunnel-encaps]. 343 The Community-like Attribute is encoded in the CLA Value field. 344 Sufficient octets are encoded for the Prefix Length of this NLRI. 346 4. Examples 348 4.1. IPv6 Specific Extended Communities 350 [RFC5701] defines IPv6 Specific Extended Communities. Its structure, 351 from the RFC is: 353 0 1 2 3 354 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | 0x00 or 0x40 | Sub-Type | Global Administrator | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 | Global Administrator (cont.) | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | Global Administrator (cont.) | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | Global Administrator (cont.) | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Global Administrator (cont.) | Local Administrator | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 Where Global Administrator is 16 octets in length, and Local 368 Administrator is 2 octets in length. The community is a fixed length 369 of 20 octets. 371 The Community Selector for Large BGP Communities is assigned 1, per 372 this document. 374 The encoding for a Generic Route Constraint Distribution Mechanism 375 NLRI for an IPv6 Specific Extended Community for an Origin AS of 376 64511, for the IPv6 Specific Extended Community [2001:DB8::2]:100 377 would be: 379 NLRI length = 0xd0 (208) 380 Origin AS = 0x0000fbff (64511) 381 Community Selector = 0x0001 (2) # IPv6 Specific 382 # Extended Community 383 Community-like Value = 0x0001000f (65551) # Global Administrator 384 0x2001 0DB8 0000 0000 0000 0000 0000 0000 385 0x0000 0000 0000 0000 0000 0000 0000 0002 386 # Global Administrator 387 0x00000064 (100) # Local Administrator 389 4.2. Large BGP Communities 391 [RFC8092] defines Large BGP Communities. Its structure, from the RFC 392 is: 394 0 1 2 3 395 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 | Global Administrator | 398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 | Local Data Part 1 | 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 | Local Data Part 2 | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 Where each of the fields Global Administrator, Local Data Part 1, and 405 Local Data Part 2 are 4 octets in length. The community is a fixed 406 length of 12 octets. 408 The Community Selector for Large BGP Communities is assigned 2, per 409 this document. 411 The encoding for a Generic Route Cosntraint Mechanism NLRI for Large 412 BGP Communities for an Origin AS of 64511, for Large BGP Community 413 65551:100:16777215 would be: 415 NLRI length = 0x90 (144) 416 Origin AS = 0x0000fbff (64511) 417 Community Selector = 0x0001 (2) # Large BGP Community 418 Community-like Value = 0x0001000f (65551) # Global Administrator 419 0x00000064 (100) # Local Data Part 1 420 0x00ffffff (16777215) # Local Data Part 2 422 4.3. Bitmask Route Target 424 [I-D.zzhang-idr-bitmask-route-target] defines Bitmask Route Targets. 425 Bitmask Route Targets are encoded within the BGP Community Container 426 Path Attribute, which is defined in 427 [I-D.ietf-idr-wide-bgp-communities]. The structure of the Bitmask 428 Route Target, from the Internet-Draft, is: 430 0 1 2 3 431 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 | GA Type | GA Sub-Type | GA Length | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 | Global Administrator (variable length) ~ 436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 437 | Local Administrator | 438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 439 | Bitmask Length | 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 ~ Bitmask (variable length) ~ 442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 444 GA Type, GA Sub-Type, and GA Length are 1 octet in length. 446 Local Administrator is 4 octets in length. 448 The Bitmask is a number of octets that will fit the Bitmask Length. 450 The following GA Types and corresponding lengths are defined: 452 o 1: AS Number, 4 octets 454 o 2: IPv4 Address, 4 octets 456 o 3: IPv6 Address, 16 octets 458 The Community Selector for Bitmask Route Targets is assigned 3, per 459 this document. 461 The Bitmask Route Target, a Community-like attribute, is carried as 462 the payload (that is, the value portion) of another Path Attribute. 463 The Generic Route Constraint Distribution Mechanism NLRI is not 464 constructed to match any of the outer portions of the Community 465 Container; rather it matches only the payload, that is, the Bitmask 466 Route Target itself. 468 4.3.1. AS Number Bitmask Route Target 470 The encoding for a Generic Route Constraint Distribution Mechanism 471 NLRI for Origin AS 64511 for an AS-Number based Bitmask Route Target 472 for AS 65551 with Local Administrator value 100 and a bitmask of 473 0xc0ffee (3 octets) would be: 475 NLRI length = 0xa8 (168) 476 Origin AS = 0x0000fbff (64511) 477 Community Selector = 0x0002 (3) # Bitmask Route Target 478 Community-Like Value = 0x01 (1) # GA Type AS Number 479 0x02 (2) # GA Sub-Type (Route Target) 480 0x04 (4) # GA Length 481 0x0001000f (65551) # Global Administrator 482 0x00000064 (100) # Local Administrator 483 0x03 (3) # Bitmask Length 484 0xc0ffee # Bitmask 486 4.3.2. IPv6 Address Bitmask Route Target 488 The encoding for a Generic Route Constraint Distribution Mechanism 489 NLRI for Origin AS 64511 for an AS-Number based Bitmask Route Target 490 for 2001:DB8::2 with Local Administrator value 100 and a bitmask of 491 0xc0ffee (3 octets) would be: 493 NLRI length = 0xf108 (264) 494 Origin AS = 0x0000fbff (64511) 495 Community Selector = 0x0002 (2) # Bitmask Route Target 496 Community-Like Value = 0x01 (1) # GA Type IPv6 Address 497 0x02 (2) # GA Sub-Type (Route Target) 498 0x10 (16) # GA Length 499 0x2001 0DB8 0000 0000 0000 0000 0000 0000 500 0x0000 0000 0000 0000 0000 0000 0000 0002 501 # Global Administrator 502 0x00000064 (100) # Local Administrator 503 0x03 (3) # Bitmask Length 504 0xc0ffee # Bitmask 506 5. Security Considerations 508 This document does not change security aspects discussed in 509 [RFC4684]. 511 6. IANA Considerations 513 This document requests IANA to assign a new SAFI, the "Generic Route 514 Constraint Distribution Mechanism" from the First Come First Served 515 "Subsequent Address Family Identifiers (SAFI) Parameters" registry. 517 This documument requests IANA to create a new registry, the Generic 518 Route Constraint CLA Selector Registry. It should have the following 519 initial values and registration policies assigned: 521 +==========+===============+========================+===========+ 522 | Value | Description | Defining Specification | Reference | 523 | | | for Community-like | for this | 524 | | | attribute (CLA) | Value | 525 +==========+===============+========================+===========+ 526 | 0 | RESERVED | - | This | 527 | | | | document | 528 +----------+---------------+------------------------+-----------+ 529 | 1 | IPv6 Address | RFC 5701 | This | 530 | | Specific BGP | | document | 531 | | Extended | | | 532 | | Communities | | | 533 +----------+---------------+------------------------+-----------+ 534 | 2 | Large BGP | RFC 8092 | This | 535 | | Communities | | document | 536 +----------+---------------+------------------------+-----------+ 537 | 3 | Bitmask Route | draft-zzhang-idr- | This | 538 | | Targets | bitmask-route-target | document | 539 +----------+---------------+------------------------+-----------+ 540 | 4..64511 | Available for | | | 541 | | first come, | | | 542 | | first served | | | 543 | | allocation. | | | 544 +----------+---------------+------------------------+-----------+ 545 | 255 | RESERVED | - | This | 546 | | | | document | 547 +----------+---------------+------------------------+-----------+ 549 Table 1 551 7. Acknowledgements 553 The authors would like to thank John Scudder for his comments and 554 suggestions. 556 8. References 558 8.1. Normative References 560 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 561 Requirement Levels", BCP 14, RFC 2119, 562 DOI 10.17487/RFC2119, March 1997, 563 . 565 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 566 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 567 DOI 10.17487/RFC4271, January 2006, 568 . 570 [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 571 Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, 572 February 2006, . 574 [RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, 575 R., Patel, K., and J. Guichard, "Constrained Route 576 Distribution for Border Gateway Protocol/MultiProtocol 577 Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual 578 Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684, 579 November 2006, . 581 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 582 and D. McPherson, "Dissemination of Flow Specification 583 Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, 584 . 586 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 587 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 588 May 2017, . 590 8.2. Informative References 592 [I-D.ietf-idr-bgp-ipv6-rt-constrain] 593 Patel, K., Raszuk, R., Djernaes, M., Dong, J., and M. 594 Chen, "IPv6 Extensions for Route Target Distribution", 595 Work in Progress, Internet-Draft, draft-ietf-idr-bgp-ipv6- 596 rt-constrain-12, 26 April 2018, . 600 [I-D.ietf-idr-rtc-no-rt] 601 Rosen, E., Patel, K., Haas, J., and R. Raszuk, "Route 602 Target Constrained Distribution of Routes with no Route 603 Targets", Work in Progress, Internet-Draft, draft-ietf- 604 idr-rtc-no-rt-12, 1 October 2019, . 607 [I-D.ietf-idr-tunnel-encaps] 608 Patel, K., Velde, G., Sangli, S., and J. Scudder, "The BGP 609 Tunnel Encapsulation Attribute", Work in Progress, 610 Internet-Draft, draft-ietf-idr-tunnel-encaps-21, 7 January 611 2021, . 614 [I-D.ietf-idr-wide-bgp-communities] 615 Raszuk, R., Haas, J., Lange, A., Decraene, B., Amante, S., 616 and P. Jakma, "BGP Community Container Attribute", Work in 617 Progress, Internet-Draft, draft-ietf-idr-wide-bgp- 618 communities-05, 2 July 2018, . 622 [I-D.zzhang-idr-bitmask-route-target] 623 Zhang, Z., Sangli, S., and J. Haas, "Bitmask Route 624 Target", Work in Progress, Internet-Draft, draft-zzhang- 625 idr-bitmask-route-target-00, 12 July 2020, 626 . 629 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 630 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 631 . 633 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 634 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 635 2006, . 637 [RFC4456] Bates, T., Chen, E., and R. Chandra, "BGP Route 638 Reflection: An Alternative to Full Mesh Internal BGP 639 (IBGP)", RFC 4456, DOI 10.17487/RFC4456, April 2006, 640 . 642 [RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for 643 Documentation Use", RFC 5398, DOI 10.17487/RFC5398, 644 December 2008, . 646 [RFC5701] Rekhter, Y., "IPv6 Address Specific BGP Extended Community 647 Attribute", RFC 5701, DOI 10.17487/RFC5701, November 2009, 648 . 650 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., 651 Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based 652 Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 653 2015, . 655 [RFC8092] Heitz, J., Ed., Snijders, J., Ed., Patel, K., Bagdonas, 656 I., and N. Hilliard, "BGP Large Communities Attribute", 657 RFC 8092, DOI 10.17487/RFC8092, February 2017, 658 . 660 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 661 Writing an IANA Considerations Section in RFCs", BCP 26, 662 RFC 8126, DOI 10.17487/RFC8126, June 2017, 663 . 665 Appendix A. Open Issues 667 * How should BGP Routes with no communities of a given type be 668 handled? The scenario covered in [I-D.ietf-idr-rtc-no-rt] becomes 669 potentially far more common. 671 Appendix B. Change Log 673 * 01 -> 02: Update text for bitmask route target definition. Add 674 open issues. 676 Authors' Addresses 678 Zhaohui Zhang 679 Juniper Networks 681 Email: zzhang@juniper.net 683 Jeffrey Haas 684 Juniper Networks 686 Email: jhaas@juniper.net