BGP Dissemination of Network Virtualization Overlays (NVO3) Flow Specification Rules
draft-ietf-idr-flowspec-nvo3-06

Document Type Active Internet-Draft (idr WG)
Last updated 2019-07-08
Replaces draft-hao-idr-flowspec-nvo3
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)
INTERNET-DRAFT                                               D. Eastlake
Intended Status: Proposed Standard                Futurewei Technologies
                                                                  W. Hao
                                                               S. Zhuang
                                                                   Z. Li
                                                     Huawei Technologies
                                                                   R. Gu
                                                             China Mobil
Expires: NJanuary 7, 2020                                   July 8, 2019

                          BGP Dissemination of
    Network Virtualization Overlays (NVO3) Flow Specification Rules
                 <draft-ietf-idr-flowspec-nvo3-06.txt>

Abstract
   This draft specifies a new subset of component types to support the
   (Network Virtualization Overlays (NVO3)) flow-spec application.

Status of This Document

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Distribution of this document is unlimited. Comments should be sent
   to the authors or the TRILL Working Group mailing list
   <dnsext@ietf.org>.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
   Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

D. Eastlake, et al                                              [Page 1]
INTERNET-DRAFT                                        NVO3 BGP Flow-Spec

Table of Contents

      1. Introduction............................................3
      1.1 Terminology............................................5

      2. NVO3 Flow Specification Encoding........................6
      3. NVO3 Flow Specification Traffic Actions.................8

      4. Security Considerations.................................8
      5. IANA Considerations.....................................8

      Normative References.......................................9
      Informative References.....................................9

      Acknowledgments...........................................11
      Authors' Addresses........................................11

D. Eastlake, et al                                              [Page 2]
INTERNET-DRAFT                                        NVO3 BGP Flow-Spec

1. Introduction

   BGP Flow-spec is an extension to BGP that supports the dissemination
   of traffic flow specification rules.  It uses the BGP Control Plane
   to simplify the distribution of Access Control Lists (ACLs) and
   allows new filter rules to be injected to all BGP peers
   simultaneously without changing router configuration. A typical
   application of BGP Flow-spec is to automate the distribution of
   traffic filter lists to routers for Distributed Denial of Service
   (DDOS) mitigation.

   [RFC5575bis] defines a new BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering. NLRI (AFI=1,
   SAFI=134) is for BGP/MPLS VPN filtering. [IPv6-FlowSpec] and [Layer2-
   FlowSpec] extend the flow-spec rules for IPv6 and layer 2 Ethernet
   packets respectively. All these previous flow specifications match
   only single layer IP/Ethernet information fields like
   source/destination MAC, source/destination IP prefix, protocol type,
   ports, and the like.

   In the cloud computing era, multi-tenancy has become a core
   requirement for data centers. Since Network Virtualization Overlays
   (NVO3 [RFC8014]) can satisfy multi-tenancy key requirements, this
   technology is being deployed in an increasing number of cloud data
   center networks. NVO3 is an overlay technology and VXLAN [RFC7348]
   and NVGRE [RFC7367] are two typical NVO3 encapsulations. GENEVE
   [GENEVE], GUE [GUE] and GPE [GPE] are three emerging NVO3
   encapsulations. Because it is an overlay technology involving an
   additional level of encapsulation, flow specification matching on the
   inner header as well as the outer header, as specified below, is
   needed.

D. Eastlake, et al                                              [Page 3]
INTERNET-DRAFT                                        NVO3 BGP Flow-Spec

                                +--+
                                |CE|
Show full document text