BGP Flow Specification Filter for MPLS Label
draft-ietf-idr-flowspec-mpls-match-01

Document Type Active Internet-Draft (idr WG)
Last updated 2016-12-06
Replaces draft-yong-idr-flowspec-mpls-match
Stream IETF
Intended RFC status (None)
Formats plain text pdf xml html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
IDR Working Group                                                L. Yong
Internet-Draft                                                  S. Hares
Intended status: Standards Track                                Q. Liang
Expires: June 9, 2017                                             J. You
                                                                  Huawei
                                                        December 6, 2016

              BGP Flow Specification Filter for MPLS Label
               draft-ietf-idr-flowspec-mpls-match-01.txt

Abstract

   This draft proposes BGP flow specification rules that are used to
   filter MPLS labeled packets.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 9, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Yong, et al.              Expires June 9, 2017                  [Page 1]
Internet-Draft             FlowSpec MPLS Match             December 2016

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The Flow Specification Encoding for MPLS Match  . . . . . . .   3
   3.  Deployment Example: DDoS Traffic  . . . . . . . . . . . . . .   4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   BGP Flow Specification (BGP-FS) [RFC5575] is an extension to that
   allows for the dissemination of traffic flow specification rules via
   BGP ([RFC4271]).  BGP-FS policies have a match condition that may be
   n-tuple match in a policy, and an action that modifies the packet and
   forwards/drops the packet.  Via BGP, new filter rules can be sent to
   all BGP peers simultaneously without changing router configuration,
   and the BGP peer can install these routes in the forwarding table.
   The typical application of BGP-FS is to automate the distribution of
   traffic filter lists to routers for DDOS mitigation.

   [RFC5575] defines a new BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering.  NLRI (AFI=1,
   SAFI=134)is for BGP/MPLS VPN filtering.  [I-D.ietf-idr-flow-spec-v6]
   defines flow-spec extension for IPv6 data packets.
   [I-D.ietf-idr-flowspec-l2vpn] extends the flow-spec rules for layer 2
   Ethernet packets (AFI=25, SAFI=133, SAFI=134).  All these flow
   specifications match parts only reflect single layer IP (source/
   destination IP prefix, protocol type, ports, etc.) and Ethernet
   information with matches for source/destination MAC

   [I-D.hr-idr-rfc5575bis] provides updates to [RFC5575] to resolve
   unclear sections in text and conflicts with interactions of filtering
   actions.

   MPLS technologies [RFC3031] have been widely deployed in WAN
   networks.  MPLS label stack [RFC3032] is the foundation for label
   switched data plane.  A label on a label stack may represent a label
   switch path (LSP), application identification such as Pseudo Wire
   (PW), a reserved label that triggers a specific data plane action, or
   etc.  The data plane label switching operations includes pop, push,
   or swap label on the label stack.
Show full document text