BGP Dissemination of Flow Specification Rules for Tunneled Traffic
draft-ietf-idr-flowspec-nvo3-07

The information below is for an old version of the document
Document Type Active Internet-Draft (idr WG)
Authors Donald Eastlake  , Hao Weiguo  , Shunwan Zhuang  , Zhenbin Li  , Rong Gu 
Last updated 2019-11-04 (latest revision 2019-07-08)
Replaces draft-hao-idr-flowspec-nvo3
Stream IETF
Intended RFC status Proposed Standard
Formats pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR 1 References Referenced by Nits 
INTERNET-DRAFT                                               D. Eastlake
Intended Status: Proposed Standard                Futurewei Technologies
                                                                  W. Hao
                                                               S. Zhuang
                                                                   Z. Li
                                                     Huawei Technologies
                                                                   R. Gu
                                                             China Mobil
Expires: May 3, 2020                                    November 4, 2019

                          BGP Dissemination of
             Flow Specification Rules for Tunneled Traffic
                    draft-ietf-idr-flowspec-nvo3-07

Abstract
   This draft specifies a Border Gateway Protocol Network Layer
   Reachability Information (BGP NLRI) encoding format for flow
   specifications (RFC 5575bis) that can match on a variety of tunneled
   traffic. In addition, flow specification components are specified for
   certain tunneling header fields.

Status of This Document

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Distribution of this document is unlimited. Comments should be sent
   to the authors or the IDR Working Group mailing list <idr@ietf.org>.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
   Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

D. Eastlake, et al                                              [Page 1]
INTERNET-DRAFT                                      BGP Tunnel Flow-Spec

Table of Contents

      1. Introduction............................................3
      1.1 Terminology............................................3

      2. Tunneled Traffic Flow Specification NLRI................5
      2.1 SAFI Code Point........................................6
      2.2 Component Code Points..................................6
      2.3 Specific Tunnel Types..................................8
      2.3.1 VXLAN................................................8
      2.3.2 VXLAN-GPE............................................8
      2.3.3 NVGRE................................................9
      2.3.4 L2TPv3...............................................9
      2.3.5 GRE.................................................10
      2.3.6 IP-in-IP............................................10
      2.4 Tunneled Traffic Actions..............................11

      3. Order of Traffic Filtering Rules.......................12
      4. Flow Spec Validation...................................13

      5. Security Considerations................................13
      6. IANA Considerations....................................13

      Normative References......................................14
      Informative References....................................15

      Acknowledgments...........................................16
      Authors' Addresses........................................16

D. Eastlake, et al                                              [Page 2]
INTERNET-DRAFT                                      BGP Tunnel Flow-Spec

1. Introduction

   BGP Flow-spec [RFC5575bis] is an extension to BGP that supports the
   dissemination of traffic flow specification rules.  It uses the BGP
   control plane to simplify the distribution of Access Control Lists
   (ACLs) and allows new filter rules to be injected to all BGP peers
   simultaneously without changing router configuration. A typical
   application of BGP Flow-spec is to automate the distribution of
   traffic filter lists to routers for Distributed Denial of Service
   (DDOS) mitigation.

   BGP Flow-spec defines a BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   AFI=1/SAFI=133 is for IPv4 unicast filtering. AFI=1/SAFI=134 is for
   IPv4 BGP/MPLS VPN filtering. [FlowSpecV6] and [Layer2- FlowSpec]
   extend the flow-spec rules for IPv6 and layer 2 Ethernet packets
   respectively. All these previous flow specifications match only a
   single level of IP/Ethernet information fields such as
   source/destination IP prefix, protocol type, source/destination MAC,
   ports, EtherType and the like.

   In the cloud computing era, multi-tenancy has become a core
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools