Simplifying Firewall Rules with Network Programming and SRH Metadata
draft-guichard-spring-srv6-simplified-firewall-02

Document Type Expired Internet-Draft (individual)
Authors Jim Guichard  , Clarence Filsfils  , daniel.bernier@bell.ca  , Zhenbin Li  , Francois Clad  , Pablo Camarillo  , Ahmed Abdelsalam 
Last updated 2020-10-10 (latest revision 2020-04-08)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-guichard-spring-srv6-simplified-firewall-02.txt

Abstract

A clear application of the SRv6 Network Programming model consists in steering, in a stateless manner, packets through a Service Function Chain (SFC). Each Service Function (SF) is identified by a segment. Each SF can enrich its operation thanks to metadata present in the SRH. This document describes a practical use-case where the SF is a firewall and the metadata helps to drastically decrease the number of rules that need to be maintained by the operation team.

Authors

Jim Guichard (james.n.guichard@futurewei.com)
Clarence Filsfils (cf@cisco.com)
daniel.bernier@bell.ca (daniel.bernier@bell.ca)
Zhenbin Li (lizhenbin@huawei.com)
Francois Clad (fclad@cisco.com)
Pablo Camarillo (pcamaril@cisco.com)
Ahmed Abdelsalam (ahabdels@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)