BGP Dissemination of Network Virtualization Overlays (NVO3) Flow Specification Rules
draft-ietf-idr-flowspec-nvo3-02
INTERNET-DRAFT Donald Eastlake
Intended Status: Proposed Standard Weiguo Hao
Shunwan Zhuang
Zhenbin Li
Huawei Technologies
Rong Gu
China Mobil
Expires: September 20, 2018 March 21, 2018
BGP Dissemination of
Network Virtualization Overlays (NVO3) Flow Specification Rules
<draft-ietf-idr-flowspec-nvo3-02.txt>
Abstract
This draft specifies a new subset of component types to support the
(Network Virtualization Overlays (NVO3) flow-spec application.
Status of This Document
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Distribution of this document is unlimited. Comments should be sent
to the authors or the TRILL Working Group mailing list
<dnsext@ietf.org>.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
D. Eastlake, et al [Page 1]
INTERNET-DRAFT NVO3 BGP Flow-Spec
Table of Contents
1. Introduction............................................3
1.1 Terminology............................................5
2. NVO3 Flow Specification Encoding........................6
3. NVO3 Flow Specification Traffic Actions.................8
4. Security Considerations.................................8
5. IANA Considerations.....................................8
Normative References.......................................9
Informative References.....................................9
Acknowledgments...........................................10
Authors' Addresses........................................10
D. Eastlake, et al [Page 2]
INTERNET-DRAFT NVO3 BGP Flow-Spec
1. Introduction
BGP Flow-spec is an extension to BGP that supports the dissemination
of traffic flow specification rules. It uses the BGP Control Plane
to simplify the distribution of ACLs and allows new filter rules to
be injected to all BGP peers simultaneously without changing router
configuration. A typical application of BGP Flow-spec is to automate
the distribution of traffic filter lists to routers for Distributed
Denial of Service (DDOS) mitigation.
[RFC5575] defines a new BGP Network Layer Reachability Information
(NLRI) format used to distribute traffic flow specification rules.
NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering. NLRI (AFI=1,
SAFI=134) is for BGP/MPLS VPN filtering. [IPv6-FlowSpec] and [Layer2-
FlowSpec] extend the flow-spec rules for IPv6 and layer 2 Ethernet
packets respectively. All these previous flow specifications match
only single layer IP/Ethernet information fields like
source/destination MAC, source/destination IP prefix, protocol type,
ports, and the like.
In the cloud computing era, multi-tenancy has become a core
requirement for data centers. Since Network Virtualization Overlays
(NVO3) can satisfy multi-tenancy key requirements, this technology is
being deployed in an increasing number of cloud data center networks.
NVO3 is an overlay technology and VXLAN [RFC7348] and NVGRE [RFC7367]
are two typical NVO3 encapsulations. GENEVE [GENEVE], GUE [GUE] and
GPE [GPE] are three emerging NVO3 encapsulations. Because it is an
overlay technology, flow specification matching on an inner header as
well as the outer header, as specified below, is needed.
+--+
|CE|
+--+
|
+----+
+----| PE |----+
+---------+ | +----+ | +---------+
+----+ | +---+ +---+ | +----+
|NVE1|--| | | | | |--|NVE3|
Show full document text