Flowspec Indirection-id Redirect
draft-ietf-idr-flowspec-path-redirect-01
IDR Working Group G. Van de Velde, Ed.
Internet-Draft Nokia
Intended status: Standards Track K. Patel
Expires: September 3, 2017 Arrcus
Z. Li
Huawei Technologies
March 2, 2017
Flowspec Indirection-id Redirect
draft-ietf-idr-flowspec-path-redirect-01
Abstract
Flowspec is an extension to BGP that allows for the dissemination of
traffic flow specification rules. This has many possible
applications but the primary one for many network operators is the
distribution of traffic filtering actions for DDoS mitigation. The
flow-spec standard RFC5575 [2] defines a redirect-to-VRF action for
policy-based forwarding but this mechanism is not always sufficient,
particularly if the redirected traffic needs to be steered into an
engineered path or into a service plane.
This document defines a new extended community known as redirect-to-
indirection-id (32-bit) flowspec action to provide advanced
redirection capabilities on flowspec clients. When activated, the
flowspec extended community is used by a flowspec client to find the
correct next-hop entry within a localised indirection-id mapping
table.
The functionality present in this draft allows a network controller
to decouple flowspec functionality from the creation and maintainance
of the network's service plane itself including the setup of tunnels
and other service constructs that could be managed by other network
devices.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Van de Velde, et al. Expires September 3, 2017 [Page 1]
Internet-Draft Flowspec Indirection-id Redirect March 2017
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 3, 2017.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. indirection-id and indirection-id table . . . . . . . . . . . 3
3. Use Case Scenarios . . . . . . . . . . . . . . . . . . . . . 4
3.1. Redirection shortest Path tunnel . . . . . . . . . . . . 4
3.2. Redirection to path-engineered tunnels . . . . . . . . . 5
3.3. Redirection to complex dynamically constructed tunnels . 6
4. Redirect to indirection-id Community . . . . . . . . . . . . 7
5. Redirect using localised indirection-id mapping table . . . . 8
6. Validation Procedures . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
9. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 9
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
11.1. Normative References . . . . . . . . . . . . . . . . . . 11
Show full document text