Dissemination of Flow Specification Rules for L2 VPN
draft-ietf-idr-flowspec-l2vpn-02
The information below is for an old version of the document |
Document |
Type |
|
Active Internet-Draft (idr WG)
|
|
Last updated |
|
2015-08-11
|
|
Replaces |
|
draft-hao-idr-flowspec-evpn
|
|
Stream |
|
IETF
|
|
Intended RFC status |
|
(None)
|
|
Formats |
|
plain text
pdf
html
bibtex
|
Stream |
WG state
|
|
WG Document
|
|
Document shepherd |
|
No shepherd assigned
|
IESG |
IESG state |
|
I-D Exists
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
IDR W. Hao
Q. Liang
Internet Draft Huawei
Intended status: Standards Track Jim Uttaro
AT&T
S. Litkowski
Orange Business Service
S. Zhuang
Huawei
Expires: February 2016 August 12, 2015
Dissemination of Flow Specification Rules for L2 VPN
draft-ietf-idr-flowspec-l2vpn-02.txt
Abstract
This document defines BGP flow-spec extension for Ethernet traffic
filtering in L2 VPN network. SAFI=134 in [RFC5575] is redefined for
dissemination traffic filtering information in an L2VPN environment.
A new subset of component types and extended community also are
defined.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
Hao & Liang,et,al Expires February 12, 2016 [Page 1]
Internet-Draft EVPN Flow Spec August 2015
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction ................................................ 2
2. Layer 2 Flow Specification encoding in BGP................... 3
3. Ethernet Flow Specification encoding in BGP.................. 4
4. Ethernet Flow Specification Traffic Actions.................. 6
5. Security Considerations...................................... 9
6. IANA Considerations ......................................... 9
6.1. Normative References................................... 10
6.2. Informative References................................. 11
7. Acknowledgments ............................................ 11
1. Introduction
BGP Flow-spec is an extension to BGP that allows for the
dissemination of traffic flow specification rules. It leverages the
BGP Control Plane to simplify the distribution of ACLs, new filter
rules can be injected to all BGP peers simultaneously without
changing router configuration. The typical application of BGP Flow-
spec is to automate the distribution of traffic filter lists to
routers for DDOS mitigation, access control, etc.
RFC5575 defines a new BGP Network Layer Reachability Information
(NLRI) format used to distribute traffic flow specification rules.
NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering. NLRI (AFI=1,
SAFI=134)is for BGP/MPLS VPN filtering. The Flow specification match
part only includes L3/L4 information like source/destination prefix,
protocol, ports, and etc, so traffic flows can only be selectively
filtered based on L3/L4 information.
Layer 2 Virtual Private Networks L2VPNs have already been deployed
in an increasing number of networks today. In L2VPN network, we also
have requirement to deploy BGP Flow-spec to mitigate DDoS attack
traffic. Within L2VPN network, both IP and non-IP Ethernet traffic
Hao & Liang,et,al Expires February 12, 2016 [Page 2]
Internet-Draft EVPN Flow Spec August 2015
maybe exist. For IP traffic filtering, the Flow specification rules
defined in [RFC5575] which include match criteria and actions can
still be used, flow specification rules received via new NLRI format
Show full document text