BGP Dissemination of L2VPN Flow Specification Rules
draft-ietf-idr-flowspec-l2vpn-12

The information below is for an old version of the document
Document Type Active Internet-Draft (idr WG)
Authors Hao Weiguo  , Donald Eastlake  , Jim Uttaro  , Stephane Litkowski  , Shunwan Zhuang 
Last updated 2019-11-03 (latest revision 2019-07-08)
Replaces draft-hao-idr-flowspec-evpn
Stream IETF
Intended RFC status (None)
Formats pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Doc Shepherd Follow-up Underway, Other - see Comment Log
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
INTERNET-DRAFT                                                    W. Hao
Intended Status: Proposed Standard                   Huawei Technologies
                                                             D. Eastlake
                                                  Futurewei Technologies
                                                               J. Uttaro
                                                                    AT&T
                                                            S. Litkowski
                                                           Cisco Systems
                                                               S. Zhuang
                                                     Huawei Technologies
Expires: May 2, 2020                                   November 3, 2019

          BGP Dissemination of L2VPN Flow Specification Rules
                    draft-ietf-idr-flowspec-l2vpn-12

Abstract
   This document defines a Border Gateway Protocol (BGP) Flow-spec
   extension to disseminate Layer 2 Virtual Private Network (L2VPN)
   Ethernet traffic filtering rules.  AFI=25 SAFI=134 is used for this
   purpose.  New component types and an extended community also are
   defined.

Status of This Document

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Distribution of this document is unlimited. Comments should be sent
   to the authors or the IDR Working Group mailing list <idr@ietf.org>.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
   Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

W. Hao, et al                                                   [Page 1]
INTERNET-DRAFT                                           L2VPN Flow Spec

Table of Contents

      1. Introduction............................................3
      1.1 Terminology............................................4

      2. Layer 2 Flow Specification Encoding in BGP..............5

      3. L2VPN Flow Specification Encoding in BGP................6
      3.1 Order of Traffic Filtering Rules.......................8

      4. Ethernet Flow Specification Traffic Actions............10
      4.1 VLAN-action...........................................10
      4.2 TPID-action...........................................12

      5. Flow Spec Validation...................................13

      6. IANA Considerations....................................14
      7. Security Considerations................................15

      8. Acknowledgements.......................................15
      9. Contributors...........................................15

      Normative References......................................16
      Informative References....................................16

      Authors' Addresses........................................17

W. Hao, et al                                                   [Page 2]
INTERNET-DRAFT                                           L2VPN Flow Spec

1. Introduction

   Border Gateway Protocol (BGP) Flow-spec [RFC5575bis] is an extension
   to BGP that supports the dissemination of traffic flow specification
   rules and actions to be taken on packets in a specified flow.  It
   leverages the BGP Control Plane to simplify the distribution of ACLs
   (Access Control Lists).  Using the Flow-spec extension new filter
   rules can be injected to all BGP peers simultaneously without
   changing router configuration.  The typical application is to
   automate the distribution of traffic filter lists to routers for DDOS
   (Distributed Denial of Service) mitigation, access control, etc.

   BGP Flow-spec [RFC5575bis] defines a BGP Network Layer Reachability
   Information (NLRI) format used to distribute traffic flow
   specification rules.  NLRI (AFI=1, SAFI=133) is for IPv4 unicast
   filtering.  NLRI (AFI=1, SAFI=134) is for IPv4 BGP/MPLS VPN
   filtering.  The Flow specification match part defined in [RFC5575bis]
   only includes L3/L4 information like IPv4 source/destination prefix,
   protocol, ports, and the like, so traffic flows can only be filtered
   based on L3/L4 information. This has been extended by [FlowSpecV6] to
   cover IPv6.

   Layer 2 Virtual Private Networks (L2VPNs) have been deployed in an
   increasing number of networks.  Such networks also have requirements
   to deploy BGP Flow-spec to mitigate DDoS attack traffic.  Within an
Show full document text