IDR Working Group                                   G. Van de Velde, Ed.
Internet-Draft                                                     Nokia
Intended status: Standards Track                                K. Patel
Expires: March September 3, 2017                                     Cisco Systems                                        Arrcus
                                                                   Z. Li
                                                     Huawei Technologies
                                                         August 30, 2016
                                                           March 2, 2017

                    Flowspec Indirection-id Redirect
                draft-ietf-idr-flowspec-path-redirect-00
                draft-ietf-idr-flowspec-path-redirect-01

Abstract

   Flowspec is an extension to BGP that allows for the dissemination of
   traffic flow specification rules.  This has many possible
   applications but the primary one for many network operators is the
   distribution of traffic filtering actions for DDoS mitigation.  The
   flow-spec standard RFC5575 [2] defines a redirect-to-VRF action for
   policy-based forwarding but this mechanism is not always sufficient,
   particularly if the redirected traffic needs to be steered into an
   engineered path or into a service plane.

   This document defines a new extended community known as redirect-to-
   indirection-id (32-bit) flowspec action to provide advanced
   redirection capabilities on flowspec clients.  When activated, the
   flowspec extended community is used by a flowspec client to find the
   correct next-hop entry within a localised indirection-id mapping
   table.

   The functionality present in this draft allows a network controller
   to decouple flowspec functionality from the creation and maintainance
   of the network's service plane itself including the setup of tunnels
   and other service constructs that could be managed by other network
   devices.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [1].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March September 3, 2017.

Copyright Notice

   Copyright (c) 2016 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  indirection-id and indirection-id table . . . . . . . . . . .   3
   3.  Use Case Scenarios  . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Redirection shortest Path tunnel  . . . . . . . . . . . .   4
     3.2.  Redirection to path-engineered tunnels  . . . . . . . . .   5
     3.3.  Redirection to Next-next-hop complex dynamically constructed tunnels  . . . . . . . . . .   6
   4.  Redirect to indirection-id Community  . . . . . . . . . . . .   7
   5.  Redirect using localised indirection-id mapping table . . . .   9   8
   6.  Validation Procedures . . . . . . . . . . . . . . . . . . . .   9
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  10   9
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  10   9
   9.  Contributor Addresses . . . . . . . . . . . . . . . . . . . .  10   9
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11  10
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12  11
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  12  11
     11.2.  Informative References . . . . . . . . . . . . . . . . .  13  12
   Appendix A.  Additional indirection_id types waiting for use-case
                description  . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   Flowspec RFC5575 [2] is an extension to BGP that allows for the
   dissemination of traffic flow specification rules.  This has many
   possible applications, however the primary one for many network
   operators is the distribution of traffic filtering actions for DDoS
   mitigation.

   Every flowspec policy route is effectively a rule, consisting of a
   matching part (encoded in the NLRI field) and an action part (encoded
   in one or more BGP extended communities).  The flow-spec standard
   RFC5575 [2] defines widely-used filter actions such as discard and
   rate limit; it also defines a redirect-to-VRF action for policy-based
   forwarding.  Using the redirect-to-VRF action to steer traffic
   towards an alternate destination is useful for DDoS mitigation but
   using this technology can be cumbersome when there is need to steer
   the traffic onto an engineered traffic path.

   This draft proposes a new redirect-to-indirection-id flowspec action
   facilitating an anchor point for policy-based forwarding onto an
   engineered path or into a service plane.  The flowspec client
   consuming and utilizing the new flowspec indirection-id extended-
   community finds constructs the redirection information based upon
   information found within a localised indirection-id mapping table.
   The localised mapping table is a table
   construct providing at one side the construct, sequenced by a
   table key and at the other side key, providing next-hop information.

   The table key consists out the combination of
   indirection-id type and indirection-id 32-bit value.

   The redirect-to-indirection-id flowspec action is encoded in a newly
   defined BGP extended community.  In addition, the  The type of redirection
   can be configured is
   identified as an extended community indirection-id type field.

   This draft defines the indirection-id extended-community and the a few
   wellknown indirection-id types.  The specific solution mechanics to construct
   the
   a localised indirection-id mapping table are out-of-scope of this
   document.

2.  indirection-id and indirection-id table

   An indirection-id is an abstract number (32-bit value) used as
   identifier for a localised indirection decision.  The indirection-id
   will allow a flowspec client to redirect traffic into a service plane
   or consequently onto an engineered traffic path.  For example, when a
   BGP flowspec controller signals a flowspec client the indirection-id
   extended community, then the flowspec client uses the indirection-id
   to make a recursive lookup to retrieve find the next-hop information.  The
   indirection-id is used to find the corresponding next-hop information found in a
   within the localised indirection mapping table.

   The indirection-id table is a router localised table. on the router.  The
   indirection-id table is constructed out of table keys keys, each mapped to
   flowspec client
   localised redirection information.  The  Each table key is
   created composed by the combination of the
   combining indirection-id type and the an indirection-id 32-bit value.
   Each entry in the indirection-table key maps to sufficient
   information (parameters regarding encapsulation,
   interface, egress-interface,
   QoS, etc...) to successfully redirect traffic. traffic according flowspec
   controller expectations.

3.  Use Case Scenarios

   This section describes use-case scenarios when deploying redirect-to-
   indirection-id.

3.1.  Redirection shortest Path tunnel

   Possible

   Example: Indirection-ID type examples: community types to be used:

   o  0 (localised ID): When deploying on flowspec client the intent is to use a localised
      Indirection-id
      table: 0 (localised ID)

   o  When deploying table on the flowspec client

   o  1 (Node ID): When the intent is to use a Segment Routing based
      Indirection-id table: 1 (Node ID) table on the flowspec client

   Description:

   A

   The first use-case is allowing a BGP Flowspec controller to send describes an example where a single flowspec policy route
   (i.e. flowspec_route#1) is sent by a flowspec controller to many BGP
   flowspec clients.  This single flowspec route signals the will instruct all
   Flowspec clients to redirect traffic matching dataflows onto a shortest-path
   tunnel pointing towards a single IP destination address.

   For this first use-case scenario, the each flowspec client receives from
   the flowspec controller a
   flowspec route (i.e. flowspec_route#1)
   including (flowspec_route#1) which has the redirect-to-indirection-id redirect-to-
   indirection-id extended community. community attached.  The
   redirect-to-indirection-id extended redirect-
   to-indirection-id community contains the table key
   (indirection-id consisting out of
   the indirection-id type + and indirection-id 32-bit value) value.  The table
   key is used on the flowspec client to map to select the corresponding next-hop next-
   hop information from within the flowpsec client localised local indirection-id table.  The resulting next-hop information for finite
   result of this
   use-case operation is a remote tunnel end-point IP address
   together with accordingly sufficient tunnel encapsulation information
   to forward and encapsulate the packet data-packet accordingly.

   Requirements:

   For redirect to shortest path tunnel it is required that the tunnel
   MUST be operational and allow packets to be exchanged between tunnel
   head- and tail-end.

3.2.  Redirection to path-engineered tunnels

   Possible

   Example: Indirection-ID type examples: community types to be used:

   o  0 (localised ID): When deploying on flowspec client the intent is to use a localised
      Indirection-id
      table: 0 (localised ID)

   o  When deploying table on the flowspec client

   o  6 (Binding Segment ID): When the intent is to use a Segment
      Routing based Indirection-id table: 6 (Binding Segment ID)

   Description:

   For a second use-case, it is expected that table on the flowspec client
   redirect traffic matches the

   Description:

   The second use-case describes an example where a flowspec rule, controler
   injects a single flowspec route which gets distributed to many BGP
   flowspec clients.  This single flowspec route intends to instruct all
   Flowspec clients to redirect corresponding dataflows onto a path
   engineered tunnel.  The  It is expected that each of the path engineered tunnel on the flowspec client SHOULD be
   created
   tunnels is instantiated by out-of-band mechanisms.  Each used path
   engineered tunnel
   deployed for flowspec redirection, has a unque table key as an identifier. consequently, the
   table key (=indirection-id type and indirection-id 32-bit
   value) uniquely identifies a single path engineered tunnel on the
   flowspec client.  The localised indirection-id mapping table is the
   collection of all keys corresponding all exactly -one- path engineered tunnels on
   the flowspec client.

   For tunnel.

   In this second use-case scenario, example, the flowspec controller sends a flowspec
   route (i.e. flowspec_route#2) to some flowspec clients.  The
   flowspec clients, respectively receive each of the flowspec route. clients and this flowspec route has a
   redirect-to-indirection-id extended community attached.  The
   redirect-to-indirection-id extended community contains embeds table key
   information and hence provides sufficient information for the flowspec clients to select the
   corresponding path-engineered tunnel and consequently provides sufficient tunnel
   encapsulation information to redirect the packet according
   the flowspec controller expectations.

   Segment Routing Example:

   A concrete embodiment of a Segment Routing use-case example of this use-case can be is found
   in segment routed networks where path engineered tunnels can be
   setup are created by means of a controller signaling explicit paths to peering
   routers. Segment
   Routing MPLS label stack.  In such a case, deployment, the indirection-id references
   provides an anchorpoint reference to a Segment Routing Binding SID, while SID.
   However, the indirection-id type references provides a pointer to the
   Bindging Binding
   SID semantic. semantics to be used.  The Binding SID is a segment identifier
   value (as per segment routing definitions in [I-D.draft-ietf-spring-
   segment-routing] [6]) used to associate with an explicit path path.  The
   Binding SID and corresponding path engineered tunnel can for example
   be setup by a controller using BGP as specified in [I-D.sreekantiah-
   idr-segment-routing-te] [5] or by using PCE PCEP as detailed in draft-ietf-
   pce-segment-routing draft-
   ietf-pce-segment-routing [7].  When  To conclude, when a BGP speaker at
   some point in time receives a flow-spec route with a 'redirect to Binding SID' an extended
   'redirect-to-indirection-id' community, it installs a traffic
   filtering rule that matches the particular packets described
   by the NLRI field and redirects them to the
   onto an explicit path associated with the corresponding Binding SID.

   The explicit path is specified as a set/stack
   of segment identifiers as detailed in the previous documents.  The
   stack of segment identifiers is now imposed on packets matching the
   flow-spec rule to perform redirection as per the explicit path setup
   prior.  The encoding of the Binding SID value within the redirect-to-indirection-id
   extended community is specified in section
   4, with the indirection-id field now encoding the associated value
   for the binding SID. 4.

   Requirements:

   For redirect to path engineered tunnels it is required that the
   engineered tunnel MUST be operational active and allow packets to be exchanged
   between tunnel head- and tail-end.

3.3.  Redirection to Next-next-hop complex dynamically constructed tunnels

   Possible

   Example: Indirection-ID type examples: community types to be used:

   o  0 (localised ID) with TID: When deploying on flowspec client using the intent is to use a localised
      Indirection-id
      table the table, then TID (Table ID) is used: one indirection-id community of
      type 0 (localised ID) with TID=0 and second indirection-id
      community (Table-ID) field could be used to
      sequence multiple redirect-to-indirection-id actions together to
      construct a more complex path engineered tunnel.  The order of type 0 with TID=1
      sequencing the redirection information may be identified by using
      the TID field.

   Description:

   A Third third use-case describes the application and redirection towards
   complex dynamically constructed tunnels.  For this use-case is when a BGP Flowspec
   flowspec controller sends injects a single flowspec policy route to flowspec clients to signal redirection
   towards next-next-hop tunnels.  In this use-case The with multiple 'redirect-
   to-indirection-id' communities attached.  A recipient flowspec rule is
   instructing the Flowspec client
   may use the Table-ID (TID) field embedded within each 'redirect-to-
   indirection-id' community to redirect traffic using a sequence
   of indirection-id extended communities. the redirect information.  The sequence of indirection-
   ids
   complex dynamically constructed tunnel is managed using Tunnel IDs (TID). the product of
   concatenating the available redirect information (i.e.  MPLS Segment
   Routing Labels).

   Segment Routing Example:

   i.e. a classic Segment Routing example would be using complex tunnels is found
   in DDoS mitigation
   towards and traffic offload.  Suspicious traffic (e.g.
   dirty traffic flows) may be steered into a Segment Routing Central
   Egress Path Engineered tunnel [4].
   To steer DDoS traffic towards egress peer engineering paths,  For this particular complex
   dynamic redirect tunnel embodiment, a first
   indirection-id redirect-to-indirection-
   id (i.e.  TID=0) will steer is used to redirect traffic onto into a tunnel to an towards a
   particlar egress router, while the a second indirection-id (TID=1) redirect-to-indirection-id
   (i.e.  TID=1) is used to steer traffic beyond the particular egress
   router arrived traffic onto towards a pre-identified interface/
   peer.  The flowspec client will for interface/peer.

   For this use-case DDoS use-case, in its simplest embodiment, the simpliest
   implementation flowspec
   client must dynamically append 2 MPLS labels.  A first MPLS label
   (the outer label) is used to steer the original packet to the egress
   node, while the next node
   (and hence using a shortest path tunnel), while a second MPLS label (the inner label, corresponding
   (matching redirect-to-indirection-id with TID=1), the indirection-id identified with TID=1) instructs inner label, to
   steer on the egress router
   to steer the original packet to a pre-defined interface/peer
   corresponding
   interface/peer.  The basic data-plane principles are documented by
   [4].

   Requirements:

   To achieve this type of redirection to next-next-hop towards complex dynamically constructed
   tunnels, for each flowspec route, multiple indirection-ids, each
   using a unique Tunnel ID are may imposed upon a the given flowspec policy
   rule.  It is required that there is synchronisation established
   between the labels used by the
   Egress Peer Engineering egress router data- and the flowspec client
   originally imposing the sequens control-plane of EPE Segment Routing segments.  It
   is required that the the engineered next-next-hop all relevant devices involved.
   Each complex dynamically constructed tunnel MUST be operational and
   allow packets to be exchanged between tunnel head- and tail-end. tail-end
   before it should be used to redirect traffic.

4.  Redirect to indirection-id Community

   This document defines a new BGP extended community known as a
   Redirect-to-indirection-id extended community.  This extended
   community is a new transitive extended community with the Type and
   the Sub-Type field to be assigned by IANA.  The format of this
   extended community is show in Figure 1.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Type          | Sub-Type      | Flags(1 octet)| Indirection ID|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                  Generalized indirection_id                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 1

   The meaning of the extended community fields are as follows:

   Type: 1 octet to be assigned by IANA.

   Sub-Type: 1 octet to be assigned by IANA.

   Flags: 1 octet field.  Following Flags are defined.

                              0             1
                              0 1 2 3 4 5 6 7
                             +-+-+-+-+-+-+-+-+
                             | RES |  TID  |C|
                             +-+-+-+-+-+-+-+-+

                                 Figure 2

   The least-significant Flag bit is defined as the 'C' (or copy) bit.
   When the 'C' bit is set the redirection applies to copies of the
   matching packets and not to the original traffic stream.

   The 'TID' field identifies a 4 bit Table-id field.  This field is
   used to provide the flowspec client an indication how and where to
   sequence the received indirection-ids to redirecting traffic.  TID
   value 0 indicates that Table-id field is NOT set and SHOULD be
   ignored.

   All bits other than the 'C' and 'TID' bits MUST be set to 0 by the
   originating BGP speaker and ignored by receiving BGP speakers.

   Indirection ID: 1 octet value.  This draft defines following
   indirection_id Types:

      0 - Localised ID (The flowspec client uses the received
      indirection-id to lookup the redirection information in the
      localised indirection-id table.)

      1 - Node ID (The flowspec client uses the received indirection-id
      as a Segment Routing Node ID to redirect traffic towards)

      2 - Agency ID (The flowspec client uses the received indirection-
      id as a Segment Routing Agency ID to redirect traffic towards)

      3 - AS (Autonomous System) ID (The flowspec client uses the
      received indirection-id as a Segment Routing Autonomous System ID
      to redirect traffic towards)

      4 - Anycast ID (The flowspec client uses the received indirection-
      id as a Segment Routing Anycast ID to redirect traffic towards)

      5 - Multicast ID (The flowspec client uses the received
      indirection-id as a Segment Routing Multicast ID to redirect
      traffic towards)

      6 - Binding Segment ID (The flowspec client uses the received
      indirection-id as a Segment Routing Binding Segment ID to redirect
      traffic towards) [I-D.draft-ietf-spring-segment-routing] [6]

      7 - VPN ID (The flowspec client uses the received

5.  Redirect using localised indirection-id
      as mapping table

   When a Segment Routing VPN ID to redirect traffic towards)

      8 - OAM ID (The BGP flowspec client uses the received indirection-id
      as receives a Segment Routing OAM ID to redirect traffic towards)

      9 - ECMP (Equal Cost Multi-Path) ID (The flowspec client uses the
      received indirection-id as policy route with a Segment Routing PeerSet ID
   'redirect to
      redirect traffic towards)

      10 - QoS ID (The flowspec client uses indirection-id' extended community attached and the received indirection-id
      as
   route represents the best BGP path, it will install a Segment Routing QoS ID to redirect traffic towards)

      11 - Bandwidth-Guarantee ID (The flowspec client uses the received
      indirection-id as a Segment Routing Bandwidth-Guarantee ID to
      redirect traffic towards)

      12 - Security ID (The flowspec client uses the received
      indirection-id as a Segment Routing Security ID to redirect
      traffic towards)

      13 - Multi-Topology ID (The flowspec client uses the received
      indirection-id as a Segment Routing Multi-Topology ID to redirect
      traffic towards)

5.  Redirect using localised indirection-id mapping table

   When a BGP speaker receives a flowspec policy route with a 'redirect
   to indirection-id' extended community and this route represents the
   one and only best path or an equal cost multipath, it installs a
   traffic filtering rule that matches matching the packets IP tupples described by the
   flowpsec NLRI field and consequently redirects them the flow (C=0) or
   copies them (C=1) towards the
   indirection-id local recursed path.  To construct the local recursed
   path, the flowspec client does a local indirection-id mapping table
   lookup (i.e. indirection-id type = 0) flow (C=1) using the key comprised of the
   indirection-id 32-bit value and indirection-id type (=0) to retrieve information identified by the correct redirection information.
   'redirect-to-indirection-id' community.

6.  Validation Procedures

   The validation check described in RFC5575 [2] and revised in [3]
   SHOULD be applied by default to received flow-spec routes with a
   'redirect to indirection-id' extended community.  This means that a
   flow-spec route with a destination prefix subcomponent SHOULD NOT be
   accepted from an EBGP peer unless that peer also advertised the best
   path for the matching unicast route.

   While it MUST NOT happen, and is seen as invallid combination, it is
   possible from a semenatics perspective to have multiple clashing
   redirect actions defined within a single flowspec rule.  For best and
   consistant RFC5575 flowspec redirect behavior the redirect as
   documented by RFC5575 MUST not be broken, and hence when a clash
   occurs, then RFC5575 based redirect SHOULD take priority.
   Additionally, if the 'redirect to indirection-id' does not result in
   a valid redirection, then the flowspec rule must be processed as if
   the 'redirect to indirection-id' community was not attached to the
   flowspec route and MUST provide an indication within the BGP routing
   table that the respective 'redirect to indirection-id' resulted in an
   invalid redirection action.

7.  Security Considerations

   A system using 'redirect-to-indirection-id' extended community can
   cause during the redirect mitigation of a DDoS attack result in
   overflow of traffic received by the mitigation infrastructure.

8.  Acknowledgements

   This document received valuable comments and input from IDR working
   group including Adam Simpson, Mustapha Aissaoui, Jan Mertens, Robert
   Raszuk, Jeff Haas, Susan Hares and Lucy Yong.

9.  Contributor Addresses

   Below is a list of other contributing authors in alphabetical order:

   Arjun Sreekantiah
   Cisco Systems
   170 W. Tasman Drive
   San Jose, CA  95134
   USA

   Email: asreekan@cisco.com

   Nan Wu
   Huawei Technologies
   Huawei Bld., No. 156 Beiquing Rd
   Beijing  100095
   China

   Email: eric.wu@huawei.com

   Shunwan Zhuang
   Huawei Technologies
   Huawei Bld., No. 156 Beiquing Rd
   Beijing  100095
   China

   Email: zhuangshunwan@huawei.com

   Wim Henderickx
   Nokia
   Antwerp
   BE

   Email: wim.henderickx@nokia.com

                                 Figure 3

10.  IANA Considerations

   This document requests a new type and sub-type for the Redirect to
   indirection-id Extended community from the "Transitive Extended
   community" registry.  The Type name shall be "Redirect to
   indirection-id Extended Community" and the Sub-type name shall be
   'Flow-spec Redirect to 32-bit Path-id'.

   In addition, this document requests IANA to create a new registry for
   Redirect to indirection-id Extended Community INDIRECTION-IDs as
   follows:

   Under "Transitive Extended Community:"

   Registry: "Redirect Extended Community indirection_id"

   Reference: [RFC-To-Be]

   Registration Procedure(s): First Come, First Served

   Registry: "Redirect Extended Community indirection_id"

           Value    Code                              Reference

           0        Localised ID                      [RFC-To-Be]
           1        Node ID                           [RFC-To-Be]
           2        Agency ID                         [RFC-To-Be]
           3        AS (Autonomous System) ID         [RFC-To-Be]
           4        Anycast ID                        [RFC-To-Be]
           5        Multicast ID                      [RFC-To-Be]
           6        Tunnel ID (Tunnel Binding ID )    [RFC-To-Be]
           7        VPN ID                            [RFC-To-Be]
           8        OAM ID                            [RFC-To-Be]
           9        ECMP (Equal Cost Multi-Path) ID   [RFC-To-Be]
           10       QoS ID                            [RFC-To-Be]
           11       Bandwidth-Guarantee ID            [RFC-To-Be]
           12       Security ID                       [RFC-To-Be]
           13       Multi-Topology ID                 [RFC-To-Be]

                                 Figure 4

11.  References

11.1.  Normative References

   [1]        Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997,
              <http://xml.resource.org/public/rfc/html/rfc2119.html>.

   [2]        Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J.,
              and D. McPherson, "Dissemination of Flow Specification
              Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009,
              <http://www.rfc-editor.org/info/rfc5575>.

11.2.  Informative References

   [3]        Uttaro, J., Filsfils, C., Alcaide, J., and P. Mohapatra,
              "Revised Validation Procedure for BGP Flow
              Specifications", January 2014.

   [4]        Filsfils, C., Previdi, S., Aries, E., Ginsburg, D., and D.
              Afanasiev, "Segment Routing Centralized Egress Peer
              Engineering", October 2015.

   [5]        Sreekantiah, A., Filsfils, C., Previdi, S., Sivabalan, S.,
              Mattes, P., and S. Lin, "Segment Routing Traffic
              Engineering Policy using BGP", October 2015.

   [6]        Filsfils, C., Previdi, S., Decraene, B., Litkowski, S.,
              Shakir, R., Bashandy, A., Horneffer, M., Henderickx, W.,
              Tantsura, J., Crabbe, E., Milojevic, I., and S. Ytti,
              "Segment Routing Architecture", December 2015.

   [7]        Sivabalan, S., Medved, M., Filsfils, C., Litkowski, S.,
              Raszuk, R., Bashandy, A., Lopez, V., Tantsura, J.,
              Henderickx, W., Hardwick, J., Milojevic, I., and S. Ytti,
              "PCEP Extensions for Segment Routing", December 2015.

Appendix A.  Additional indirection_id types waiting for use-case
             description

   This section is a placeholder and collection of potential additional
   indirection_id types.  The current use-cases do not require these
   particular indirection types, however at later stage when use-cases
   are identified they may be added to the body of teh draft.

   2 - Agency ID (The flowspec client uses the received indirection-id
   as a Segment Routing Agency ID to redirect traffic towards)

   3 - AS (Autonomous System) ID (The flowspec client uses the received
   indirection-id as a Segment Routing Autonomous System ID to redirect
   traffic towards)

   4 - Anycast ID (The flowspec client uses the received indirection-id
   as a Segment Routing Anycast ID to redirect traffic towards)

   5 - Multicast ID (The flowspec client uses the received indirection-
   id as a Segment Routing Multicast ID to redirect traffic towards)

   7 - VPN ID (The flowspec client uses the received indirection-id as a
   Segment Routing VPN ID to redirect traffic towards)
   8 - OAM ID (The flowspec client uses the received indirection-id as a
   Segment Routing OAM ID to redirect traffic towards)

   9 - ECMP (Equal Cost Multi-Path) ID (The flowspec client uses the
   received indirection-id as a Segment Routing PeerSet ID to redirect
   traffic towards)

   10 - QoS ID (The flowspec client uses the received indirection-id as
   a Segment Routing QoS ID to redirect traffic towards)

   11 - Bandwidth-Guarantee ID (The flowspec client uses the received
   indirection-id as a Segment Routing Bandwidth-Guarantee ID to
   redirect traffic towards)

   12 - Security ID (The flowspec client uses the received indirection-
   id as a Segment Routing Security ID to redirect traffic towards)

   13 - Multi-Topology ID (The flowspec client uses the received
   indirection-id as a Segment Routing Multi-Topology ID to redirect
   traffic towards)

Authors' Addresses

   Gunter Van de Velde (editor)
   Nokia
   Antwerp
   BE

   Email: gunter.van_de_velde@nokia.com

   Keyur Patel
   Cisco Systems
   170 W. Tasman Drive
   San Jose, CA  95134
   Arrcus
   USA

   Email: keyupate@cisco.com keyur@arrcus.com

   Zhenbin Li
   Huawei Technologies
   Huawei Bld., No. 156 Beiquing Rd
   Beijing  100095
   China

   Email: lizhenbin@huawei.com