Skip to main content

Customer-Controlled Filtering Using SDN

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Wesley Eddy , Gilbert Clark , Justin Dailey
Last updated 2016-02-12 (Latest revision 2015-08-11)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


In order to reduce unwanted traffic and make efficient use of limited access link capacity or other network resources, it is advantageous to filter traffic upstream of the end-networks that the packets are destined to. This document describes filtering within access Internet Service Provider (ISP) networks. The ISP's end-network customers are given control over ISP filtering of traffic destined to their own prefixes, since each customer's definition of desirable versus undesirable traffic may change over time (e.g. as new network services and protocols are introduced). In this document, we describe an SDN-based means for customers to express flow definitions to their ISPs in order to distinguish between desirable and undesirable inbound traffic. These rules can be dynamically and securely updated within the running ISP network, with full automation One use case for this capability is in mitigating denial of service attacks. Even if such filtering is only implemented in an ISP's access network, it preserves capacity on the customer access links for desirable traffic. If implemented at the ISP's edge connections to other providers, or prior to ingress to their core, it can also preserve the ISP's own network capacity and other resources that may be threatened by attacks.


Wesley Eddy
Gilbert Clark
Justin Dailey

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)