Dissemination of Flow Specification Rules for NVO3
draft-hao-idr-flowspec-nvo3-00

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2015-07-05
Replaced by draft-ietf-idr-flowspec-nvo3
Stream (None)
Intended RFC status (None)
Formats pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
IDR                                                              W. Hao
                                                              S. Zhuang
                                                                  Z. Li
Internet Draft                                 Huawei Technologies Ltd.
Intended status: Standards Track

Expires: January 2016                                    July 6, 2015

             Dissemination of Flow Specification Rules for NVO3
                    draft-hao-idr-flowspec-nvo3-00.txt

Abstract

   This document defines BGP flow-spec extension for NVO3. A Flag in
   BGP Path Attribute is introduced to indicate the Flow-spec rules
   imposing on NVO3 outer or inner layer. A new subset of NVO3 specific
   component types and extended community also are defined.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of

Hao, et,al             Expires January 6, 2016                [Page 1]
Internet-Draft             NVO3 Flow Spec                    July 2015

   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents

   1. Introduction ................................................ 2
   2. Use cases ................................................... 3
      2.1. Flow-spec in Data Center................................ 3
      2.2. Flow-spec for Data Center Interconnection............... 4
      2.3. Requirements Summary.................................... 5
   3. The Flow Specification encoding for NVO3..................... 5
   4. The Flow Specification Traffic Actions for NVO3.............. 6
   5. Security Considerations...................................... 7
   6. IANA Considerations ......................................... 8
      6.1. Normative References.................................... 8
      6.2. Informative References.................................. 9
   7. Acknowledgments ............................................. 9

1. Introduction

   BGP Flow-spec is an extension to BGP that allows for the
   dissemination of traffic flow specification rules.  It leverages the
   BGP Control Plane to simplify the distribution of ACLs, new filter
   rules can be injected to all BGP peers simultaneously without
   changing router configuration. The typical application of BGP Flow-
   spec is to automate the distribution of traffic filter lists to
   routers for DDOS mitigation.

   RFC5575 defines a new BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   NLRI (AFI=1, SAFI=133)is for IPv4 unicast filtering. NLRI (AFI=1,
   SAFI=134)is for BGP/MPLS VPN filtering. The Flow specification match
   part only includes single layer IP information like
   source/destination prefix, protocol, ports, and etc, it can't be
   used for overlay network like NVO3 directly.

   In cloud computing era, multi-tenancy has become a core requirement
   for data centers. Since NVO3 can satisfy multi-tenancy key
   requirements, this technology is being deployed in an increasing
   number of cloud data center network. NVO3 focuses on the

Hao, et,al             Expires January 6, 2016                [Page 2]
Internet-Draft             NVO3 Flow Spec                    July 2015

   construction of overlay networks that operate over an IP (L3)
   underlay transport network. It can provide layer 2 bridging and
   layer 3 IP service for each tenant. VXLAN and NVGRE are two typical
   NVO3 encapsulations. GENEVE [draft-ietf-nvo3-geneve-00],GUE[draft-
   ietf-nvo3-gue-01] and GPE [draft-ietf-nvo3-vxlan-gpe-00] are three
   emerging NVO3 encapsulations in progress.
Show full document text