draft-ietf-idr-flowspec-path-redirect-04.txt   draft-ietf-idr-flowspec-path-redirect-05.txt 
IDR Working Group G. Van de Velde, Ed. IDR Working Group G. Van de Velde, Ed.
Internet-Draft Nokia Internet-Draft Nokia
Intended status: Standards Track K. Patel Intended status: Standards Track K. Patel
Expires: November 16, 2018 Arrcus Expires: November 17, 2018 Arrcus
Z. Li Z. Li
Huawei Technologies Huawei Technologies
May 15, 2018 May 16, 2018
Flowspec Indirection-id Redirect Flowspec Indirection-id Redirect
draft-ietf-idr-flowspec-path-redirect-04 draft-ietf-idr-flowspec-path-redirect-05
Abstract Abstract
This document defines a new extended community known as "FlowSpec This document defines a new extended community known as "FlowSpec
Redirect to indirection-id Extended Community". This extended Redirect to indirection-id Extended Community". This extended
community triggers advanced redirection capabilities to flowspec community triggers advanced redirection capabilities to flowspec
clients. When activated, this flowspec extended community is used by clients. When activated, this flowspec extended community is used by
a flowspec client to retrieve the corresponding next-hop and encoding a flowspec client to retrieve the corresponding next-hop and encoding
information within a localised indirection-id mapping table. information within a localised indirection-id mapping table.
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 16, 2018. This Internet-Draft will expire on November 17, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 27 skipping to change at page 3, line 27
Each indirection-id serves as anchor point, for policy-based Each indirection-id serves as anchor point, for policy-based
forwarding onto an explicit path by a flowspec client. forwarding onto an explicit path by a flowspec client.
2. indirection-id and indirection-id table 2. indirection-id and indirection-id table
The indirection-id is a 32-bit unsigned number, used as anchor point The indirection-id is a 32-bit unsigned number, used as anchor point
on a flowspec client for policy-based forwarding onto an explicit on a flowspec client for policy-based forwarding onto an explicit
path by a flowspec client. path by a flowspec client.
The indirection-id table is the table construct of indirection-id The indirection-id table is the table construct of indirection-id
values, grouped by indirection-id "Context Type". Each entry in this values, grouped by indirection-id "ID-Type". Each entry in this
table contains policy-based forwarding and encoding instructions. table contains policy-based forwarding and encoding instructions.
The configuration of the indirection-id table on a flowspec client is The configuration of the indirection-id table on a flowspec client is
a localised operation on each router, and MAY happen out-of-band from a localised operation on each router, and MAY happen out-of-band from
BGP flowspec. For some use-case scenarios the indirection-id BGP flowspec. For some use-case scenarios the indirection-id "ID-
"Context Type" provides additional (maybe even fully sufficient) Type" provides additional (maybe even fully sufficient) context for a
context for a flowspec client for policy based forwarding, making a flowspec client for policy based forwarding, making a localised
localised indirection-id table obsolete. For example, when the indirection-id table obsolete. For example, when the indirection-id
indirection-id refers to a MPLS segment routing node-id [6], then the refers to a MPLS segment routing node-id [6], then the indirection-id
indirection-id provides sufficient information for a segment routing provides sufficient information for a segment routing lookup on the
lookup on the flowspec client. flowspec client.
3. Use Case Scenarios 3. Use Case Scenarios
This section describes a few use-case scenarios when deploying This section describes a few use-case scenarios when deploying
"Redirect to indirection-id". "Redirect to indirection-id".
3.1. Redirection shortest Path tunnel 3.1. Redirection shortest Path tunnel
Description: Description:
The first use-case describes an example where a single flowspec route The first use-case describes an example where a single flowspec route
is sent from a BGP flowspec controller to many BGP flowspec clients. is sent from a BGP flowspec controller to many BGP flowspec clients.
This BGP flowspec route carries the "Redirect to indirection-id" to This BGP flowspec route carries the "Redirect to indirection-id" to
all flowspec clients with intent to redirect matching dataflows onto all flowspec clients with intent to redirect matching dataflows onto
a shortest-path tunnel pointing towards a single remote destination. a shortest-path tunnel pointing towards a single remote destination.
In this first use-case scenario, each flowspec client receives In this first use-case scenario, each flowspec client receives
flowspec routes. The received flowspec routes have the extended flowspec routes. The received flowspec routes have the extended
"Redirect to indirection-id" community attached. Each "Redirect to "Redirect to indirection-id" community attached. Each "Redirect to
indirection-id" community embeds two relevant components: (1) 32-bit indirection-id" community embeds two relevant components: (1) 32-bit
indirection-id and (2) context type. These two components provide indirection-id and (2) ID-type. These two components provide the
the flowspec client with sufficient information for policy based flowspec client with sufficient information for policy based
forwarding, with intent to steer and encapsulate the data-packet forwarding, with intent to steer and encapsulate the data-packet
accordingly upon a shortest path tunnel to a single remote end-point. accordingly upon a shortest path tunnel to a single remote end-point.
Requirements: Requirements:
For redirect to shortest path tunnel it is required that the tunnel For redirect to shortest path tunnel it is required that the tunnel
MUST be operational and allow packets to flow between tunnel head- MUST be operational and allow packets to flow between tunnel head-
and tail-end. and tail-end.
Example: Indirection-ID community "Context Type" which can be used: Example: Indirection-ID community "ID-Type" which can be used:
o 0 (localised ID): When the intent is to use a localised o 0 (localised ID): When the intent is to use a localised
Indirection-id table, configured through out-of-band procedures. Indirection-id table, configured through out-of-band procedures.
o 1 or 2 (Node ID's): This type can be used when the goal is to use o 1 or 2 (Node ID's): This type can be used when the goal is to use
MPLS based Segment Routing towards a remote destination. In this MPLS based Segment Routing towards a remote destination. In this
use-case scenario the flowspec rule contains a SR (Segment use-case scenario the flowspec rule contains a SR (Segment
Routing) node SID to steer traffic towards. Routing) node SID to steer traffic towards.
3.2. Redirection to path-engineered tunnels 3.2. Redirection to path-engineered tunnels
skipping to change at page 4, line 45 skipping to change at page 4, line 45
The second use-case describes an example where a single flowspec The second use-case describes an example where a single flowspec
route is sent from a BGP flowspec controller to many BGP flowspec route is sent from a BGP flowspec controller to many BGP flowspec
clients. This BGP flowspec route carries policy information to steer clients. This BGP flowspec route carries policy information to steer
traffic upon a path-engineered tunnel. It is assumed that the path traffic upon a path-engineered tunnel. It is assumed that the path
engineered tunnels are configured using out-of-band from BGP engineered tunnels are configured using out-of-band from BGP
flowspec. flowspec.
Segment Routing Example: Segment Routing Example:
For this example the indirection-id "Context Type" points towards a For this example the indirection-id "ID-Type" points towards a
Segment Routing Binding SID. The Binding SID is a segment identifier Segment Routing Binding SID. The Binding SID is a segment identifier
value (as per segment routing definitions in [I-D.draft-ietf-spring- value (as per segment routing definitions in [I-D.draft-ietf-spring-
segment-routing] [6]) used to associate an explicit path. The segment-routing] [6]) used to associate an explicit path. The
Binding SID and the associated path engineered tunnel may for example Binding SID and the associated path engineered tunnel may for example
be setup by a controller using BGP as specified in [I-D.sreekantiah- be setup by a controller using BGP as specified in [I-D.sreekantiah-
idr-segment-routing-te] [5] or alternatly by using PCEP as detailed idr-segment-routing-te] [5] or alternately by using PCEP as detailed
in draft-ietf-pce-segment-routing [7]. To conclude, when a BGP in draft-ietf-pce-segment-routing [7]. To conclude, when a BGP
speaker at some point in time receives a flowspec route with an speaker at some point in time receives a flowspec route with an
extended "Redirect to indirection-id' community, it installs a extended "Redirect to indirection-id' community, it installs a
policy-based forwarding rule to redirect packets onto an explicit policy-based forwarding rule to redirect packets onto an explicit
path, associated with the corresponding Binding SID. The encoding of path, associated with the corresponding Binding SID. The encoding of
the Binding SID within the "Redirect to indirection-id" extended the Binding SID within the "Redirect to indirection-id" extended
community is specified in section 4. community is specified in section 4.
Requirements: Requirements:
For redirect to path engineered tunnels it is required that the For redirect to path engineered tunnels it is required that the
tunnel MUST be operational and allow packets to flow over the tunnel MUST be operational and allow packets to flow over the
engineered path between tunnel head- and tail-end. engineered path between tunnel head- and tail-end.
Example: Indirection-ID community "Context Type" to be used: Example: Indirection-ID community "ID-Type" to be used:
o 0 (localised ID): When the intent is to policy-based steer traffic o 0 (localised ID): When the intent is to policy-based steer traffic
using Indirection. The engineered path is configured through out- using Indirection. The engineered path is configured through out-
of-band procedures and uses the 32-bit Indirection-id as local of-band procedures and uses the 32-bit Indirection-id as local
anchor point on the local flowspec client. anchor point on the local flowspec client.
o 3 or 4 (Binding Segment ID's): This type can be used when the goal o 3 or 4 (Binding Segment ID's): This type can be used when the goal
is to use MPLS based Segment Routing towards an out-of-band is to use MPLS based Segment Routing towards an out-of-band
configured explicit path. configured explicit path.
skipping to change at page 6, line 25 skipping to change at page 6, line 25
Requirements: Requirements:
To achieve redirection towards complex dynamically constructed To achieve redirection towards complex dynamically constructed
tunnels, multiple "Redirect to indirection-id" communities are tunnels, multiple "Redirect to indirection-id" communities are
imposed upon the flowspec route. The "Redirect to indirection-id" imposed upon the flowspec route. The "Redirect to indirection-id"
communities should be sequenced using the Sequence ID (S-ID). For communities should be sequenced using the Sequence ID (S-ID). For
redirect to complex dynamic engineered tunnels the tunnel MUST be redirect to complex dynamic engineered tunnels the tunnel MUST be
operational and allow packets to flow over the engineered path operational and allow packets to flow over the engineered path
between tunnel head- and tail-end. between tunnel head- and tail-end.
Example: Indirection-ID community "Context Type" to be used: Example: Indirection-ID community "ID-Type" to be used:
o 0 (localised ID) with S-ID: When the intent is to construct a o 0 (localised ID) with S-ID: When the intent is to construct a
dynamic engineered tunnel, then a sequence of localised dynamic engineered tunnel, then a sequence of localised
indirection-ids may be used. The Sequence ID (S-ID) MUST be used indirection-ids may be used. The Sequence ID (S-ID) MUST be used
to sequence multiple "Redirect to indirection-id" actions to to sequence multiple "Redirect to indirection-id" actions to
construct a more complex engineered tunnel. The creation of the construct a more complex engineered tunnel. The creation of the
localised indirection-id table is operationalised out-of-band and localised indirection-id table is operationalised out-of-band and
is outside scope of this document. is outside scope of this document.
4. Redirect to indirection-id Community 4. Redirect to indirection-id Community
This document defines a new transitive BGP extended community known This document defines a new transitive BGP extended community known
as "FlowSpec Redirect to indirection-id Extended Community" with the as "FlowSpec Redirect to indirection-id Extended Community" with the
Type and the Sub-Type field to be assigned by IANA. The format of Type and the Sub-Type field to be assigned by IANA. The format of
this extended community is show in Figure 1. this extended community is show in Figure 1.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Sub-Type | Flags(1 octet)| Context Type | | Type | Sub-Type | Flags(1 octet)| ID-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Generalized indirection_id | | Generalized indirection_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 Figure 1
The meaning of the extended community fields are as follows: The meaning of the extended community fields are as follows:
Type: 1 octet to be assigned by IANA. Type: 1 octet to be assigned by IANA.
skipping to change at page 7, line 36 skipping to change at page 7, line 36
used to provide a flowspec client an indication how and where to used to provide a flowspec client an indication how and where to
sequence the received indirection-ids. The Sequence ID value 0 sequence the received indirection-ids. The Sequence ID value 0
indicates that Sequence ID field is NOT set and SHOULD be ignored. A indicates that Sequence ID field is NOT set and SHOULD be ignored. A
single flowspec rule MUST NOT have more as one indirection-id per single flowspec rule MUST NOT have more as one indirection-id per
S-ID. On a flowspec client the indirection-id with lowest S-ID MUST S-ID. On a flowspec client the indirection-id with lowest S-ID MUST
be imposed first for any given flowspec entry. be imposed first for any given flowspec entry.
All bits other than the 'C' and 'S-ID' bits MUST be set to 0 by the All bits other than the 'C' and 'S-ID' bits MUST be set to 0 by the
originating BGP speaker and ignored by receiving BGP speakers. originating BGP speaker and ignored by receiving BGP speakers.
Context Type: 1 octet value. This draft defines following Context ID-Type: 1 octet value. This draft defines following Context Types:
Types:
0 - Localised ID (The flowspec client uses the received 32-bit 0 - Localised ID (The flowspec client uses the received 32-bit
indirection-id to lookup forwarding information within the indirection-id to lookup forwarding information within the
localised indirection-id table. The allocation and programming of localised indirection-id table. The allocation and programming of
the localised indirection-id table is outside scope of the the localised indirection-id table is outside scope of the
document) document)
1 - Node ID with SID/index in MPLS-based Segment Routing (This 1 - Node ID with SID/index in MPLS-based Segment Routing (This
means the 32-bit indirection-id is mapped to an MPLS label using means the 32-bit indirection-id is mapped to an MPLS label using
the index as a global offset in the SID/label space) the index as a global offset in the SID/label space)
skipping to change at page 8, line 20 skipping to change at page 8, line 20
binding label using the indirection-id as index for global offset binding label using the indirection-id as index for global offset
in the SID/label space) [I-D.draft-ietf-spring-segment-routing] in the SID/label space) [I-D.draft-ietf-spring-segment-routing]
[6] [6]
4 - Binding Segment ID with SID/label in MPLS-based Segment 4 - Binding Segment ID with SID/label in MPLS-based Segment
Routing (This means 32-bit indirection-id is mapped to an MPLS Routing (This means 32-bit indirection-id is mapped to an MPLS
binding label using the 32-bit indirection-id as global label) [I- binding label using the 32-bit indirection-id as global label) [I-
D.draft-ietf-spring-segment-routing] [6] D.draft-ietf-spring-segment-routing] [6]
5 - Tunnel ID (Tunnel ID is within a single administrative domain 5 - Tunnel ID (Tunnel ID is within a single administrative domain
a 32-bit global tunnel identifier. The allocation and programming a 32-bit globally unique tunnel identifier. The allocation and
of the Tunnel ID within the localised indirection-id table is programming of the Tunnel ID within the localised indirection-id
outside scope of the document) table is outside scope of the document)
Generalized indirection_id: 32-bit identifier used as indirection_id
5. Redirect using localised indirection-id mapping table 5. Redirect using localised indirection-id mapping table
When a BGP flowspec client receives a flowspec policy route with a When a BGP flowspec client receives a flowspec policy route with a
"Redirect to indirection-id" extended community attached, and the "Redirect to indirection-id" extended community attached, and the
route represents the best BGP path, it will install a flowspec route represents the best BGP path, it will install a flowspec
policy-based forwarding rule matching the tupples described by the policy-based forwarding rule matching the tupples described by the
flowpsec NLRI field and consequently redirects the flow (C=0) or flowpsec NLRI field and consequently redirects the flow (C=0) or
copies the flow (C=1) using the information identified by the copies the flow (C=1) using the information identified by the
"Redirect to indirection-id" community. "Redirect to indirection-id" community.
 End of changes. 15 change blocks. 
25 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/