Dissemination of Flow Specification Rules for NVO3
draft-hao-idr-flowspec-nvo3-02

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2015-10-19
Replaced by draft-ietf-idr-flowspec-nvo3
Stream (None)
Intended RFC status (None)
Formats pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
IDR Working Group                                                W. Hao
                                                              S. Zhuang
                                                                  Z. Li
Internet Draft                                                   Huawei
Intended status: Standards Track

Expires: April 2016                                    October 19, 2015

             Dissemination of Flow Specification Rules for NVO3
                    draft-hao-idr-flowspec-nvo3-02.txt

Abstract

   This draft proposes a new subset of component types to support the
   NVO3 flow-spec application.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with

Hao, et,al             Expires April 19, 2016                 [Page 1]
Internet-Draft             NVO3 Flow Spec                 October 2015

   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents

   1. Introduction ................................................ 2
   2. The Flow Specification encoding for NVO3..................... 3
   3. The Flow Specification Traffic Actions for NVO3.............. 5
   4. Security Considerations...................................... 5
   5. IANA Considerations ......................................... 5
      5.1. Normative References.................................... 5
      5.2. Informative References.................................. 6
   6. Acknowledgments ............................................. 6

1. Introduction

   BGP Flow-spec is an extension to BGP that allows for the
   dissemination of traffic flow specification rules.  It leverages the
   BGP Control Plane to simplify the distribution of ACLs, new filter
   rules can be injected to all BGP peers simultaneously without
   changing router configuration. The typical application of BGP Flow-
   spec is to automate the distribution of traffic filter lists to
   routers for DDOS mitigation.

   RFC5575 defines a new BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   NLRI (AFI=1, SAFI=133)is for IPv4 unicast filtering. NLRI (AFI=1,
   SAFI=134)is for BGP/MPLS VPN filtering. [IPv6-FlowSpec] defines
   flow-spec extension for IPv6 data packets. [Layer2-FlowSpec] extends
   the flow-spec rules for layer 2 Ethernet packets.

   In cloud computing era, multi-tenancy has become a core requirement
   for data centers. Since NVO3 can satisfy multi-tenancy key
   requirements, this technology is being deployed in an increasing
   number of cloud data center network. NVO3 focuses on the
   construction of overlay networks that operate over an IP (L3)
   underlay transport network. It can provide layer 2 bridging and
   layer 3 IP service for each tenant. VXLAN and NVGRE are two typical
   NVO3 encapsulations.

   [EVPN-Overlays] provides a scalable and efficient multi-tenant
   solution within the Data Center where VXLAN, NVGRE or MPLS over GRE

Hao, et,al             Expires April 19, 2016                 [Page 2]
Internet-Draft             NVO3 Flow Spec                 October 2015

   can be used as possible data plane encapsulation options. It uses
   EVPN as the control plane. [Inter-Overlays] provides a interconnect
   solution for EVPN overlay networks.

   Both in data center inside or DCI networks, we also have
   requirements to deploy BGP Flow-spec for DDoS attack traffic
   mitigation. The Flow specification rules in NVO3 network can be
   based on inner layer 2 Ethernet header, inner layer 3 IP header,
   outer layer 2 Ethernet header, outer layer 3 IP header, and/or NVO3
Show full document text