BGP Dissemination of Flow Specification Rules for Tunneled Traffic
draft-ietf-idr-flowspec-nvo3-11
INTERNET-DRAFT D. Eastlake
Intended Status: Proposed Standard Futurewei Technologies
W. Hao
S. Zhuang
Z. Li
Huawei Technologies
R. Gu
China Mobil
Expires: May 31, 2021 December 1, 2020
BGP Dissemination of
Flow Specification Rules for Tunneled Traffic
draft-ietf-idr-flowspec-nvo3-11
Abstract
This draft specifies a Border Gateway Protocol (BGP) Network Layer
Reachability Information (NLRI) encoding format for flow
specifications (RFC 5575bis) that can match on a variety of tunneled
traffic. In addition, flow specification components are specified for
certain tunneling header fields.
Status of This Document
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Distribution of this document is unlimited. Comments should be sent
to the authors or the IDR Working Group mailing list <idr@ietf.org>.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
D. Eastlake, et al [Page 1]
INTERNET-DRAFT BGP Tunnel Flowspec
Table of Contents
1. Introduction............................................3
1.1 Terminology............................................3
2. Tunneled Traffic Flow Specification NLRI................5
2.1 The SAFI Code Point....................................8
2.2 Tunnel Header Component Code Points....................8
2.3 Specific Tunnel Types.................................10
2.3.1 VXLAN...............................................10
2.3.2 VXLAN-GPE...........................................11
2.3.3 NVGRE...............................................11
2.3.4 L2TPv3..............................................12
2.3.4.1 L2TPv3 Data Messages..............................12
2.3.4.2 L2TPv3 Control Messages...........................13
2.3.5 GRE.................................................13
2.3.6 IP-in-IP............................................13
2.4 Tunneled Traffic Actions..............................14
3. Order of Traffic Filtering Rules.......................15
4. Flow Spec Validation...................................16
5. Security Considerations................................16
6. IANA Considerations....................................17
Normative References......................................18
Informative References....................................19
Acknowledgments...........................................20
Authors' Addresses........................................20
D. Eastlake, et al [Page 2]
INTERNET-DRAFT BGP Tunnel Flowspec
1. Introduction
BGP Flow Specification (flowspec [RFC5575bis]) is an extension to BGP
that supports the dissemination of traffic flow specification rules.
It uses the BGP control plane to simplify the distribution of Access
Control Lists (ACLs) and allows new filter rules to be injected to
all BGP peers simultaneously without changing router configuration. A
typical application of BGP flowspec is to automate the distribution
of traffic filter lists to routers for Distributed Denial of Service
(DDOS) mitigation.
BGP flowspec defines BGP Network Layer Reachability Information
(NLRI) formats used to distribute traffic flow specification rules.
AFI=1/SAFI=133 is for IPv4 unicast filtering. AFI=1/SAFI=134 is for
IPv4 BGP/MPLS VPN filtering [RFC5575bis]. [FlowSpecV6] and
[FlowSpecL2] extend the flowspec rules for IPv6 and Layer 2 Ethernet
packets respectively. None of these previously defined flow
specifications are suitable for matching in cases of tunneling or
Show full document text