RTG Working Group                                           L. Dunbar
Internet Draft                                              Futurewei
Intended status: Standard track                           K. Majumdar
Expires: October 7, 2022                                   CommScope
                                                          U. Chunduri
                                                                Intel
                                                         July 7, 2021


       BGP Dissemination of FlowSpec for Transport Aware Mobility
              draft-dmc-idr-flowspec-tn-aware-mobility-00

Abstract

   This document defines a BGP Flow Specification (flowSpec)
   extension to disseminate flows from 5G mobile networks so that the
   5G mobile systems slices and Service Types (SSTs) can be mapped to
   optimal underlying network paths in the data network outside the
   5G UPFs, or the N6 interface in 3GPP 5G Architecture [3GPP TR
   23.501].

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html




xxx, et al.            Expires January 7, 2022              [Page 1]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


   This Internet-Draft will expire on April 23, 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents


   1. Introduction..................................................                                                                          2
   2. Conventions used in this document.............................                                                                          3
   3. TN-Aware matching conditions..................................                                                                          4
   4. Redirect a flow over underlay tunnels.........................                                                                          6
   5. Indirection-id Community for IPv4 IPsec Tunnel................                                                                          7
   6. IANA Considerations...........................................                                                                          9
   7. Security Considerations.......................................                                                                          9
   8. Contributors..................................................                                                                          9
   9. References....................................................                                                                          9
      9.1. Normative References.....................................                                                                          9
      9.2. Informative References..................................                                                                         10
   10. Acknowledgments.............................................                                                                         10
   Authors' Addresses..............................................                                                                         12


1. Introduction

   The [TN-AWARE-MOBILITY-EXT] describes a framework for extending
   the mobility aware transport network characteristics through the
   Data Network outside the 5G UPFs.






Dunbar, et al.         Expires October15, 2022              [Page 2]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


          +-----------+      +------+
           |           |      |      |
      UE---| gNB-CU(UP)|------| UPF +|--------DN-------
           |           |      | C-PE |
           +-----------+      +------+

                   |- N3 OR N9 -||----N6 -------------|

      |------ Mobile Network ----||-- IP Network-------|

                Figure 1: Mobile and IP Data Network for UE



   The 5G UPF terminates the 5G GTP tunnels from gNB and pass the IP
   packets to the N6 data networks, which deliver the packets over
   hybrid paths, like MPLS, SR paths, Private-IP, or public Internet
   to reach the packets' destinations.

   This document focuses on using FlowSpec to disseminate rules that
   utilize the mobility aware transport network characteristics to
   forward 5G flows.

   Border Gateway Protocol (BGP) Flow Specification (FlowSpec)
   [RFC8955] and FlowSpec for IPv6 [RFC8956] leverage the BGP Control
   Plane to simplify the distribution of rules for the specified
   flows. FlowSpec filter rules can be injected to all BGP peers
   simultaneously without changing router configuration.



2. Conventions used in this document

   BSID       - Binding SID

   DC         - Data Center

   DN         - Data Network (5G)

   EMBB       - enhanced Mobile Broadband (5G)

   gNB        - 5G NodeB



Dunbar, et al.         Expires October15, 2022              [Page 3]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


   GTP-U      - GPRS Tunneling Protocol - Userplane (3GPP)

   MIOT       - Massive IOT (5G)

   PECP       - Path Computation Element (PCE) Communication Protocol

   SD-WAN     - Software-Defined Wide Area Network

   SID        - Segment Identifier

   SLA        - Service Layer Agreement

   SST        - Slice and Service Types (5G)

   SR         - Segment Routing

   SR-PCE     - SR Path Computation Element

   UE         - User Equipment

   UPF        - User Plane Function (5G)

   URLLC      - Ultra reliable and low latency communications (5G)


3. TN-Aware matching conditions

   [RFC8955] defines a BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   The NLRI for (AFI=1, SAFI=133) specifies IPv4 unicast filtering.
   The NLRI for (AFI=1, SAFI=134) specifies IPv4 BGP/MPLS VPN
   filtering [RFC7432]. The Flow Specification match part defined in
   [RFC8955] includes L3/L4 information like IPv4 source/destination
   prefix, protocol, ports, and the like, so traffic flows can be
   filtered based on L3/L4 information. This has been extended by
   [RFC8956] to cover IPv6 (AFI=2) L3/L4.

   The NLRI FlowSpec components described in RFC8955 and RFC8956 are
   adequate for specifying the UDP Source Port Range which is used to
   differentiate SLAs of flows from UPFs [EXT-TN-AWARE-Mobility].




Dunbar, et al.         Expires October15, 2022              [Page 4]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


   The Ingress PE, which is either a function inside UPF or directly
   connected to UFP, acting as BGP FlowSpec Receiver is assumed to
   have a BGP FlowSpec session with the FlowSpec Controller. The
   Mobility traffic destination would resolve in the BGP Peer Next
   Hop in the data network. The BGP FlowSpec Controller would be
   programmed with {5G UDP Src Port Range} to map different SSTs
   defined in [TN-AWARE-MOBILITY] to create internal mapping Table
   for {5G UDP Src Port Range} < -- > {BGP FlowSpec Generalized
   Indirection-ID}. The Mobility IP packets coming out of the UPF,
   i.e., GTP header being decapsulated, carrying specific UDP Source
   Port can be classified based on the matching policy carried by the
   FlowSpec NLRI.

   For example, to filter out flows with source UDP port number
   between [i, j], the following encoding can be used in the NLRI
   (SAFI=133 or SAFI 134):

   Encoding

     <Type = 6, [numeric_op1, i][numberic_op2, j]>

     <Type = 2, [numeric_op3, Src-Prefix]>

     <Type = 1, [numeric_op4, Dest-prefix]>

   Numberic_Op1 is:

       0    1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      | e | a | len   | 0 |lt |gt |eq |
      | 0 | 1 |  00   | 0 | 0 | 1 | 0 |
      +---+---+---+---+---+---+---+---+

   Numberic_Op2 is:

       0    1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      | e | a | len   | 0 |lt |gt |eq |
      | 1 | 1 |  00   | 0 | 1 | 0 | 0 |
      +---+---+---+---+---+---+---+---+

   Where len ==0, meaning two bytes of value [i] follows the
   Numeric_op1 and two bytes of value [j] follows the Numberic_op2.




Dunbar, et al.         Expires October15, 2022              [Page 5]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


   The "numeric_op3" and "numeric_op4" are for comparing the source
   and destination addresses of the UE traffic.

4. Redirect a flow over underlay tunnels

   For the flows matching with the filter conditions carried by the
   FlowSpec NLRI, the policy for redirect path can indicate a set of
   underlay tunnels or one underlay tunnel.

   The Transitive Extended Community described by [Flowspec-path-
   redirect] and [SRv6-flowspec-path-redirect] can be extended to
   steer flows to hybrid underlay paths.

   The below figure tries to capture the overall topology, showing
   the mobility traffic from UPF being redirected to different paths
   per the BGP FlowSpec from the Controller:



                            +-----------+   +----+{5G UDP Src Port Range}
                            |  FlowSpec |-->| Map|       <-->
                            | Controller|   | DB |{Generalized Indirection-ID}
                            +-----------+   +----+
                              /
                             /
                            / BGP FlowSpec NLRI with 5G
              BGP FlowSpec /   Src-Pfx, Dst-Pfx, UDP Source Port Range
                Session   /
                         / BGP FlowSpec Redirect
                        / Indirection-ID Ext Comm                 /
                       /                                         /Public
                      /                                    MIOT / Cloud
                     /                                  +------/
             +-------+ Ind-ID1: UDP Src Port Xx-Xy     /
             |       A1-------------------------------+
             |       | Ind-ID2: UDP Src Port Yx-Yy          URLLC
     UE------| UPF + A2-------------------------------------Internet
             | PE1   | Ind-ID3: UDP Src Port Zx-Zy
             |       A3-------------------------------+
             |       |                                 \
             +-------+                                  +-----+
{UE Src IP, UE Dst IP, UDP Src Port Num# <-->                   \
 FlowSpec Ind-ID# -> Transport Hdr}                         EMBB \
                                                                 \






Dunbar, et al.         Expires October15, 2022              [Page 6]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


                  ---------->
       +------+----------+-------+-----+----------+
       | Data | Inner IP | GTP-U | UDP | Outer IP |
       +------+----------+-------+-----+----------+

                                      ---------->
                     +------+----------+------------------+
                     | Data | Inner IP | Transport Header |
                     +------+----------+------------------+

         Figure 2: TN Aware Mobility Traffic Mapping to FS Redirect Path



5. Indirection-id Community for IPv4 IPsec Tunnel

   This section defines a new sub-type value for in "FlowSpec
   Redirect to indirection-id Extended Community". The format of this
   extended community with the new sub-type value is show below:


    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type          |Sub-Type (TBD) | Flags(1 octet)| ID-Type       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          IPsec redirection ID (16 octets)                     |
   ~                                                               ~
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Figure 3: FlowSpec IPsec Redirection ID Sub-TLV

   Where

   Type: 1 octet, defined in [flowspec-path-redirect].

   Sub-Type: 1 octet, its value (TBD) will be assigned by IANA.

   Flags: Same as that defined in [flowspec-path-redirect].

   ID-Type: 1 octet value. Here is the new value needed for IPsec
   IPv4 tunnel.

     6 - IPsec SA ID (Assuming the IPsec SA is pre-established, its
     Security Association (SA) ID is within a single administrative


Dunbar, et al.         Expires October15, 2022              [Page 7]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


     domain a globally unique identifier. The allocation and
     establishment of the IPsec SA among peers is outside scope of
     the document).

     The IPsec-SA-ID sub-TLV specified by [SDWAN-Edge-Discovery] can
     be placed in the IPsec Indirection ID field in Figure 3:

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type= IPsec-SA-ID subTLV      |  Length (2 Octets)            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      IPsec SA Identifier #1                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      IPsec SA Identifier #2                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



   This draft continues using the Context Types specified by
   [Flowspec-RedirectSRv6]:

     0 - Localised ID (The flowspec client uses the received
     indirection-id to lookup forwarding information within the
     localised indirection-id table. The allocation and programming
     of the localised indirection-id table is outside scope of the
     document)

     1 - Node ID with SID/index in MPLS-based Segment Routing (This
     means the indirection-id is mapped to an MPLS label using the
     index as a global offset in the SID/label space)

     2 - Node ID with SID/label in MPLS-based Segment Routing (This
     means the indirection-id is mapped to an MPLS label using the
     indirection-id as global label)

     3 - Binding Segment ID with SID/index in MPLS-based Segment
     Routing (This means the indirection-id is mapped to an MPLS
     binding label using the indirection-id as index for global
     offset in the SID/label space).

     4 - Binding Segment ID with SID/label in MPLS-based Segment



Dunbar, et al.         Expires October15, 2022              [Page 8]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


     Routing (This means indirection-id is mapped to an MPLS binding

     label using the indirection-id as global label).

     5 - Tunnel ID (Tunnel ID is within a single administrative
     domain a globally unique tunnel identifier. The allocation and
     programming of the Tunnel ID within the localized indirection-id
     table is outside scope of the document)



6. IANA Considerations

   This draft needs an IANA code point allocation for
   Sub-Type: IPsec SA.

   A request for any IANA code point allocation would be submitted.

7. Security Considerations

    TBD.


8. Contributors

   The following people have contributed to this document.




9. References


9.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC8955] C. Loibl, et al, "Dissemination of Flow specification
             Rules", Dec 2020.




Dunbar, et al.         Expires October15, 2022              [Page 9]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


   [RFC8956] C. Loibl, et, al, "Dissemination of Flow Specification
             Rules for IPv6".  Dec 2020.


9.2. Informative References

   [RFC5440] JP. Vasseur, Ed., JL. Le Roux, Ed., "Path Computation
   Element (PCE) Communication Protocol (PCEP)", March 2009

   [Flowspec-path-redirect] G. Van De Velde, et al, "Flowspec
   Indirection-id Redirect", draft-ietf-idr-flowspec-path-redirect-
   11, March 2020

   [SRv6-Flowspec-path-redirect] G. Van De Velde, et al, "Flowspec
   Indirection-id Redirect for SRv6], draft-ietf0-idr-srv6-flowspec-
   path-redirect-05, Jan. 2021

   [TN-AWARE-MOBILITY] U. Chunduri, et al, "Transport Network aware
   Mobility for 5G", draft-clt-dmm-tn-aware-mobility-07, April 2021

   [TN-AWARE-MOBILITY-EXT] K. majumdar, et al, "Extension of
   Transport Aware Mobility in Data Network", draft-mcd-rtgwg-
   extension-tn-aware-mobility-01, May 2021

   [BGP-SR-TE-POLICY] S. Previdi, et al, "Advertising Segment Routing
   Policies in BGP", draft-ietf-idr-segment-routing-te-policy-09,
   November 2020

   [SDWAN-BGP-USAGE] L. Dunber, et al, "BGP Usage for SDWAN Overlay
   Networks", draft-dunbar-bess-bgp-sdwan-usage-08, January 2021



   [SDWAN-Edge-Discover] L. Dunber, et al, "BGP UPDATE for SDWAN Edge
   Discovery", draft-dunbar-idr-sdwan-edge-discovery-04, April 2021



10. Acknowledgments

   TBD.

   This document was prepared using 2-Word-v2.0.template.dot.




Dunbar, et al.         Expires October15, 2022             [Page 10]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


















































Dunbar, et al.         Expires October15, 2022             [Page 11]


Internet-Draft       FlowSpec of TN Aware Mobility          July 2021


Authors' Addresses

   Linda Dunbar
   Futurewei
   2330 Central Expressway
   Santa Clara, CA  95050

   Email: linda.dunbar@futurewei.com

   Kausik Majumdar
   CommScope
   350 W Java Drive, Sunnyvale, CA 94089

   Email: kausik.majumdar@commscope.com

   Uma Chunduri
   Intel
   2200 Mission College Blvd
   Santa Clara, CA  95052

   Email: umac.ietf@gmail.com

























Dunbar, et al.         Expires October15, 2022             [Page 12]