Skip to main content

BGP Dissemination of FlowSpec for Transport Aware Mobility
draft-dmc-idr-flowspec-tn-aware-mobility-05

Document Type Active Internet-Draft (individual)
Authors Linda Dunbar , Kausik Majumdar , Uma Chunduri
Last updated 2024-07-29
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-dmc-idr-flowspec-tn-aware-mobility-05
RTG Working Group                                     L. Dunbar
Internet Draft                                        Futurewei
Intended status: Standard track                     K. Majumdar
Expires: January 26, 2025                       Argus Networks
                                                  U. Chunduri
                                                         Intel
                                                  July 29, 2024

    BGP Dissemination of FlowSpec for Transport Aware Mobility
           draft-dmc-idr-flowspec-tn-aware-mobility-05

Abstract

   This document defines a BGP Flow Specification (FlowSpec)
   extension to disseminate the policies from 5G mobile
   networks. This allows the 5G mobile systems slices and
   Service Types (SSTs) can be mapped to optimal underlying
   network paths in the data network outside the 5G UPFs,
   specifically at the N6 interface in 3GPP 5G Architecture
   [3GPP TR 23.501].

Status of this Memo

   This Internet-Draft is submitted in full conformance with
   the provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet
   Engineering Task Force (IETF), its areas, and its working
   groups.  Note that other groups may also distribute working
   documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of
   six months and may be updated, replaced, or obsoleted by
   other documents at any time.  It is inappropriate to use
   Internet-Drafts as reference material or to cite them other
   than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be
   accessed at http://www.ietf.org/shadow.html

xxx, et al.            Expires January 26, 2025        [Page 1]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

   This Internet-Draft will expire on April 23, 2021.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as
   the document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's
   Legal Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date
   of publication of this document. Please review these
   documents carefully, as they describe your rights and
   restrictions with respect to this document. Code Components
   extracted from this document must include Simplified BSD
   License text as described in Section 4.e of the Trust Legal
   Provisions and are provided without warranty as described in
   the Simplified BSD License.

Table of Contents

   1. Introduction............................................2
   2. Conventions used in this document.......................3
   3. TN-Aware matching conditions............................4
   4. Redirect a flow over an underlay tunnel.................6
   5. FlowSpec Redirect to Indirection-ID Non-Transitive
   Extended Community.........................................8
   6. IANA Considerations.....................................9
   7. Security Considerations.................................9
   8. Contributors............................................9
   9. References..............................................9
      9.1. Normative References...............................9
      9.2. Informative References............................10
   10. Acknowledgments.......................................11
   Authors' Addresses........................................12

1. Introduction

   The [TN-AWARE-MOBILITY-EXT] describes a framework for
   extending the mobility-aware transport network
   characteristics through the Data Network outside the 5G
   UPFs.

Dunbar, et al.         Expires October15, 2025        [Page 2]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

          +-----------+      +------+
           |           |      |      |
      UE---| gNB-CU(UP)|------| UPF +|--------DN-------
           |           |      | C-PE |
           +-----------+      +------+

                   |- N3 OR N9 -||----N6 -------------|

      |------ Mobile Network ----||-- IP Network-------|

             Figure 1: Mobile and IP Data Network for UE

   The 5G UPF terminates the 5G GTP tunnels from gNB and passes
   the IP packets to the N6 Interface [3GPP] data networks,
   which deliver the packets over hybrid paths, like MPLS, SR
   paths, Private-IP, or public Internet to reach the packets'
   destinations.

   This document specifies how to use FlowSpec to disseminate
   the policies from 5G mobile networks so that the 5G mobile
   systems slices and Service Types (SSTs) can be mapped to
   optimal underlying network paths in the data network outside
   the 5G UPFs which is the N6 interface in 3GPP 5G
   Architecture [3GPP TR 23.501].

   Border Gateway Protocol (BGP) Flow Specification (FlowSpec)
   [RFC8955] and FlowSpec for IPv6 [RFC8956] leverage the BGP
   Control Plane to simplify the distribution of rules &
   policies for the specified flows. FlowSpec filter rules can
   be injected into all BGP peers simultaneously without
   changing router configuration.

2. Conventions used in this document

   BSID       - Binding SID

   DC         - Data Center

Dunbar, et al.         Expires October15, 2025        [Page 3]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

   DN         - Data Network (5G)

   EMBB       - enhanced Mobile Broadband (5G)

   gNB        - 5G NodeB

   GTP-U      - GPRS Tunneling Protocol - Userplane (3GPP)

   MIOT       - Massive IOT (5G)

   PECP       - Path Computation Element (PCE) Communication
               Protocol

   SD-WAN     - Software-Defined Wide Area Network

   SID        - Segment Identifier

   SLA        - Service Layer Agreement

   SST        - Slice and Service Types (5G)

   SR         - Segment Routing

   SR-PCE     - SR Path Computation Element

   UE         - User Equipment

   UPF        - User Plane Function (5G)

   URLLC      - Ultra reliable and low latency communications
               (5G)

3. TN-Aware matching conditions

   [RFC8955] defines a BGP Network Layer Reachability
   Information (NLRI) format to distribute traffic flow
   specification rules. The NLRI for (AFI=1, SAFI=133)
   specifies IPv4 unicast filtering. The NLRI for (AFI=1,
   SAFI=134) specifies IPv4 BGP/MPLS VPN filtering [RFC7432].
   The Flow Specification match part defined in [RFC8955]

Dunbar, et al.         Expires October15, 2025        [Page 4]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

   includes L3/L4 information like IPv4 source/destination
   prefix, protocol, ports, etc., so traffic flows can be
   filtered based on L3/L4 information. [RFC8956] specifies the
   filtering to cover IPv6 (AFI=2) L3/L4.

   The NLRI FlowSpec components described in RFC8955 and
   RFC8956 are adequate for specifying the UDP Source Port
   Range which is used to differentiate SLAs of flows from UPFs
   [EXT-TN-AWARE-Mobility].

   The ingress PE, which can be a function integrated with a
   UPF or an edge router directly connected to a UFP, acting as
   BGP FlowSpec Receiver, is assumed to have a BGP FlowSpec
   session with the FlowSpec Controller. The mobility traffic
   destination would resolve in the BGP Peer Next Hop in the
   data network. The BGP FlowSpec Controller would be
   programmed with {5G UDP Src Port Range} to map different
   SSTs defined in [TN-AWARE-MOBILITY] to create an internal
   mapping table for {5G UDP Src Port Range} < -- > {BGP
   FlowSpec Generalized Indirection-ID}. The Mobility IP
   packets coming out of the UPF, i.e., the GTP header being
   decapsulated, carrying a specific UDP Source Port, can be
   classified based on the matching policies carried by the
   FlowSpec NLRI.

   For example, to filter out flows with source UDP port number
   between [i, j], the following encoding can be used in the
   NLRI (SAFI=133 or SAFI 134):

   Encoding

     <Type = 6, [numeric_op1, i][numberic_op2, j]>

     <Type = 2, [numeric_op3, Src-Prefix]>

     <Type = 1, [numeric_op4, Dest-prefix]>

   Numberic_Op1 is:

       0    1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      | e | a | len   | 0 |lt |gt |eq |
      | 0 | 1 |  00   | 0 | 0 | 1 | 0 |
      +---+---+---+---+---+---+---+---+

Dunbar, et al.         Expires October15, 2025        [Page 5]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

   Numberic_Op2 is:

       0    1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      | e | a | len   | 0 |lt |gt |eq |
      | 1 | 1 |  00   | 0 | 1 | 0 | 0 |
      +---+---+---+---+---+---+---+---+

   Where len ==0, which indicates two bytes of value [i] follow
   the Numeric_op1 and two bytes of value [j] follow the
   Numberic_op2.

   The "numeric_op3" and "numeric_op4" are for comparing the
   source and destination addresses of the UE traffic.

4. Redirect a flow over an underlay tunnel

   For the flows matching with the filter conditions carried by
   the FlowSpec NLRI, the policy for redirect path can indicate
   a set of underlay tunnels or one underlay tunnel.

   As the BGP FlowSpec Receiver, i.e., the ingress PE, takes
   the action of redirecting traffic to specific underlay
   tunnels, a non-transitive Extended Community for Path
   Redirect [Flowspec-path-redirect] and [SRv6-flowspec-path-
   redirect] should be used.

     0x49   FlowSpec Redirect to Indirection-id Non-transitive
     Extended Community.

   For hierarchical RR deployments where the FlowSpec rules
   need to be propagated via the RRs to the ingress PE, the
   Transitive Path Redirect Extended Community [FlowSpec-path-
   redirect] can be used.

   The figure below depicts the overall topology, showing the
   mobility traffic from UPF being redirected to different
   paths per the BGP FlowSpec from the Controller:

Dunbar, et al.         Expires October15, 2025        [Page 6]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

                            +-----------+   +----+{5G UDP SrcPort Range}
                            |  FlowSpec |-->| Map|       <-->
                            | Controller|   | DB |{Generalized
     Indirection-ID}
                            +-----------+   +----+
                              /
                             /
                            / BGP FlowSpec NLRI with 5G
              BGP FlowSpec /   Src-Pfx, Dst-Pfx, UDP Source Port Range
                Session   /
                         / BGP FlowSpec Redirect
                        / Indirection-ID Ext Comm               /
                       /                                       /Public
                      /                                  MIOT / Cloud
                     /                                  +----/
             +-------+ Ind-ID1: UDP Src Port Xx-Xy     /
             |       A1-------------------------------+
             |       | Ind-ID2: UDP Src Port Yx-Yy
     UE------| UPF + A2------------------------------------Internet
             | PE1   | Ind-ID3: UDP Src Port Zx-Zy
             |       A3-------------------------------+
             |       |                                 \
             +-------+                                  +-----+
{UE Src IP, UE Dst IP, UDP Src Port Num# <-->                  \
 FlowSpec Ind-ID# -> Transport Hdr}                        EMBB \
                                                                 \

                  ---------->
       +------+----------+-------+-----+----------+
       | Data | Inner IP | GTP-U | UDP | Outer IP |
       +------+----------+-------+-----+----------+

                                      ---------->
                     +------+----------+------------------+
                     | Data | Inner IP | Transport Header |
                     +------+----------+------------------+

           Figure 2: Mobility Traffic Mapping to Redirect Path

Dunbar, et al.         Expires October15, 2025        [Page 7]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

5. FlowSpec Redirect to Indirection-ID Non-Transitive Extended
   Community

   This section defines "FlowSpec Redirect to Indirection-ID
   Non-Transitive Extended Community for IPSec Tunnel ID". The
   format of this extended community is shown below:

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type          |IPSecSA SubType| Flags(1 octet)|IPSecSA ID-Type|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   IPsec Tunnel ID (4 octets)                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Figure 3: Redirect to Ind-ID Ext Community for IPSec Tunnel

   Where

   Type = 0x49: Non-Transitive FlowSpec Redirect to
   Indirection-ID Extended Community for IPSec Tunnel ID.

   [Note: Type = 0x09 for Transitive FlowSpec Redirect to
   Indirection-ID Extended Community can also be used for
   Hierarchical deployment, where the FlowSpec Update needs to
   be propagated]

   IPSec SA Sub-Type: 1 octet, its value (TBD) will be assigned
   by IANA to indicate the ID carried by the Extended Community
   is IPsec SA ID. Assuming the IPsec SA is pre-established,
   its Security Association (SA) ID is within a single
   administrative domain a globally unique identifier. The
   allocation and establishment of the IPsec SA among peers is
   outside scope of the document.

   Flags: Same as that defined in [Flowspec-path-redirect].

   IPSec SA ID-Type: 1 octet value. Here are the new values
   needed for IPsec IPv4 tunnel (to be assigned by IANA)

     v1 -  Inner Encap type = IPSec+GRE

Dunbar, et al.         Expires October15, 2025        [Page 8]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

     v2 -  Inner Encap type = IPSec+Vxlan

6. IANA Considerations

   This draft needs an IANA code point allocation for the Non-
   Transitive FlowSpec Redirect to Indirection-ID Extended
   Community.

     IPsec SA Sub-Type: to indicate that IPsec SA ID is carried
     by the FlowSpec Redirect Extended Community.

     IPSec SA ID-Type:
      v1 -  Inner encap type = IPSec+GRE
      v2 -  Inner encap type = IPSec+Vxlan

7. Security Considerations

   When using the "Redirect to indirection-id" extended
   community to redirect matched traffic to an IPsec SA, The
   IPsec SA to which the traffic is redirected must be pre-
   established. If the IPsec SA referenced in the indirection
   ID is not pre-established, the FlowSpec rule will be
   ineffective. Traffic matching the FlowSpec will not be
   redirected.

8. Contributors

   The following people have contributed to this document.

9. References

9.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to
             Indicate Requirement Levels", BCP 14, RFC 2119,
             March 1997.

Dunbar, et al.         Expires October15, 2025        [Page 9]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

   [RFC8955] C. Loibl, et al, "Dissemination of Flow
             specification Rules", Dec 2020.

   [RFC8956] C. Loibl, et, al, "Dissemination of Flow
             Specification Rules for IPv6".  Dec 2020.

9.2. Informative References

   [RFC5440] JP. Vasseur, Ed., JL. Le Roux, Ed., "Path
   Computation Element (PCE) Communication Protocol (PCEP)",
   March 2009

   [Flowspec-path-redirect] G. Van De Velde, et al, "Flowspec
   Indirection-id Redirect", draft-ietf-idr-flowspec-path-
   redirect-11, March 2020

   [SRv6-Flowspec-path-redirect] G. Van De Velde, et al,
   "Flowspec Indirection-id Redirect for SRv6], draft-ietf0-
   idr-srv6-flowspec-path-redirect-05, Jan. 2021

   [TN-AWARE-MOBILITY] U. Chunduri, et al, "Mobility aware
   Transport Network Slicing for 5G", draft-ietf-dmm-tn-aware-
   mobility-09, Feb 2024

   [TN-AWARE-MOBILITY-EXT] K. majumdar, et al, "Extension of
   Transport Aware Mobility in Data Network", draft-mcd-rtgwg-
   extension-tn-aware-mobility-06, July 2023

   [BGP-SR-TE-POLICY] S. Previdi, et al, "Advertising Segment
   Routing Policies in BGP", draft-ietf-idr-segment-routing-te-
   policy-09, November 2020

   [SDWAN-BGP-USAGE] L. Dunber, et al, "BGP Usage for SDWAN
   Overlay Networks", draft-ietf-bess-bgp-sdwan-usage-22, July
   2023

   [SDWAN-Edge-Discover] L. Dunber, et al, "BGP UPDATE for
   SDWAN Edge Discovery", draft-ietf-idr-sdwan-edge-discovery-
   13, June 2024

Dunbar, et al.         Expires October15, 2025       [Page 10]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

10. Acknowledgments

   TBD.

   This document was prepared using 2-Word-v2.0.template.dot.

Dunbar, et al.         Expires October15, 2025       [Page 11]
Internet-Draft       FlowSpec of TN Aware Mobility    July 2024

Authors' Addresses

   Linda Dunbar
   Futurewei
   2330 Central Expressway
   Santa Clara, CA  95050

   Email: linda.dunbar@futurewei.com

   Kausik Majumdar
   Argus Networks
   Email: kausikm.ietf@gmail.com

   Uma Chunduri
   Intel
   2200 Mission College Blvd
   Santa Clara, CA  95052

   Email: umac.ietf@gmail.com

Dunbar, et al.         Expires October15, 2025       [Page 12]