Skip to main content

An Information Model for Basic Network Policy and Filter Rules

Document Type Expired Internet-Draft (candidate for idr WG)
Author Susan Hares
Last updated 2016-09-06 (Latest revision 2016-03-05)
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text xml pdf htmlized pdfized bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


BGP flow specification (RFC5575) describes the distribution policy that contains filters and actions that apply when packets are received on a router with the flow specification function turned on. The popularity of these flow specification filters in deployment for DoS and SDN/NFV has led to the requirement for more BGP flow specification match filters in the NLRI and more BGP flow specification actions. Two solutions exist for adding new filters: 1) expanding the BGP Flow Specification version 1 (NLRI match filters and extended communities actions) to included limited number of filters and actions, and 2) creating a BGP Flow Specification version 2 that allows for ordering filters and actions (using new NLRI and wide-communities for actions). The two solutions can exist in parallel. This document contains an overview existing proposals for expansion of BGP flow specification policy, proposals for BGP Flow Specification v1 and a new BGP Flow specification version 2 that supports order of filters and actions plus allowing more actions. This document also provides rules for the interaction of IDR Flow Specification policy (session ephemeral policy) with policy found in I2RS (reboot ephemeral policy), and policy found in ACLs and Policy routing (configuration policy). This document does not contain the individual definitions of policy rule conditions or actions.


Susan Hares

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)