draft-ietf-ospf-flowspec-extensions-00.txt   draft-ietf-ospf-flowspec-extensions-01.txt 
Ospf Working Group Q. Liang Ospf Working Group Q. Liang
Internet-Draft J. You Internet-Draft J. You
Intended status: Standards Track N. Wu Intended status: Standards Track N. Wu
Expires: December 23, 2015 Huawei Expires: October 16, 2016 Huawei
P. Fan P. Fan
China Mobile Independent
K. Patel K. Patel
A. Lindem A. Lindem
Cisco Systems Cisco Systems
June 21, 2015 April 14, 2016
OSPF Extensions for Flow Specification OSPF Extensions for Flow Specification
draft-ietf-ospf-flowspec-extensions-00 draft-ietf-ospf-flowspec-extensions-01
Abstract Abstract
Dissemination of the Traffic flow information was first introduced in Dissemination of the Traffic flow information was first introduced in
the BGP protocol [RFC5575]. FlowSpec routes are used to distribute the BGP protocol [RFC5575]. FlowSpec routes are used to distribute
traffic filtering rules that are used to filter Denial-of-Service traffic filtering rules that are used to filter Denial-of-Service
(DoS) attacks. For the networks that only deploy an IGP (Interior (DoS) attacks. For the networks that only deploy an IGP (Interior
Gateway Protocol) (e.g., OSPF), it is required that the IGP is Gateway Protocol) (e.g., OSPF), it is required that the IGP is
extended to distribute Flow Specification or FlowSpec routes. extended to distribute Flow Specification or FlowSpec routes.
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 23, 2015. This Internet-Draft will expire on October 16, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 42 skipping to change at page 2, line 42
3.1. OSPF Campus Network . . . . . . . . . . . . . . . . . . . 4 3.1. OSPF Campus Network . . . . . . . . . . . . . . . . . . . 4
3.2. BGP/MPLS VPN . . . . . . . . . . . . . . . . . . . . . . 4 3.2. BGP/MPLS VPN . . . . . . . . . . . . . . . . . . . . . . 4
3.2.1. Traffic Analyzer Deployed in Provider Network . . . . 5 3.2.1. Traffic Analyzer Deployed in Provider Network . . . . 5
3.2.2. Traffic Analyzer Deployed in Customer Network . . . . 6 3.2.2. Traffic Analyzer Deployed in Customer Network . . . . 6
3.2.3. Policy Configuration . . . . . . . . . . . . . . . . 6 3.2.3. Policy Configuration . . . . . . . . . . . . . . . . 6
4. OSPF Extensions for FlowSpec Rules . . . . . . . . . . . . . 7 4. OSPF Extensions for FlowSpec Rules . . . . . . . . . . . . . 7
4.1. FlowSpec LSA . . . . . . . . . . . . . . . . . . . . . . 7 4.1. FlowSpec LSA . . . . . . . . . . . . . . . . . . . . . . 7
4.1.1. OSPFv2 FlowSpec Opaque LSA . . . . . . . . . . . . . 7 4.1.1. OSPFv2 FlowSpec Opaque LSA . . . . . . . . . . . . . 7
4.1.2. OSPFv3 FlowSpec LSA . . . . . . . . . . . . . . . . . 9 4.1.2. OSPFv3 FlowSpec LSA . . . . . . . . . . . . . . . . . 9
4.2. OSPF FlowSpec Filters TLV . . . . . . . . . . . . . . . . 10 4.2. OSPF FlowSpec Filters TLV . . . . . . . . . . . . . . . . 10
4.2.1. Order of Traffic Filtering Rules . . . . . . . . . . 11 4.2.1. Interface-Set TLV . . . . . . . . . . . . . . . . . . 11
4.2.2. Validation Procedure . . . . . . . . . . . . . . . . 12 4.2.2. Order of Traffic Filtering Rules . . . . . . . . . . 12
4.3. OSPF FlowSpec Action TLV . . . . . . . . . . . . . . . . 12 4.2.3. Validation Procedure . . . . . . . . . . . . . . . . 12
4.3.1. Traffic-rate . . . . . . . . . . . . . . . . . . . . 13 4.3. OSPF FlowSpec Action TLV . . . . . . . . . . . . . . . . 13
4.3.2. Traffic-action . . . . . . . . . . . . . . . . . . . 13 4.3.1. Traffic-rate . . . . . . . . . . . . . . . . . . . . 14
4.3.3. Traffic-marking . . . . . . . . . . . . . . . . . . . 13 4.3.2. Traffic-action . . . . . . . . . . . . . . . . . . . 14
4.3.4. Redirect-to-IP . . . . . . . . . . . . . . . . . . . 14 4.3.3. Traffic-marking . . . . . . . . . . . . . . . . . . . 14
4.4. Capability Advertisement . . . . . . . . . . . . . . . . 15 4.3.4. Redirect-to-IP . . . . . . . . . . . . . . . . . . . 15
5. Redistribution of FlowSpec Routes . . . . . . . . . . . . . . 15 4.4. Capability Advertisement . . . . . . . . . . . . . . . . 16
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 5. Redistribution of FlowSpec Routes . . . . . . . . . . . . . . 16
7. Security considerations . . . . . . . . . . . . . . . . . . . 16 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 16 7. Security considerations . . . . . . . . . . . . . . . . . . . 17
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 17
9.1. Normative References . . . . . . . . . . . . . . . . . . 16 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
9.2. Informative References . . . . . . . . . . . . . . . . . 17 9.1. Normative References . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 9.2. Informative References . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
[RFC5575] defines Border Gateway Protocol protocol extensions that [RFC5575] defines Border Gateway Protocol protocol extensions that
can be used to distribute traffic flow specifications. One can be used to distribute traffic flow specifications. One
application of this encoding format is to automate inter-domain application of this encoding format is to automate inter-domain
coordination of traffic filtering, such as what is required in order coordination of traffic filtering, such as what is required in order
to mitigate (distributed) denial-of-service attacks. [RFC5575] to mitigate (distributed) denial-of-service attacks. [RFC5575]
allows flow specifications received from an external autonomous allows flow specifications received from an external autonomous
system to be forwarded to a given BGP peer. However, in order to system to be forwarded to a given BGP peer. However, in order to
skipping to change at page 4, line 27 skipping to change at page 4, line 27
3.1. OSPF Campus Network 3.1. OSPF Campus Network
For networks not deploying BGP, for example, the campus network using For networks not deploying BGP, for example, the campus network using
OSPF, it is expected to extend OSPF to distribute FlowSpec routes as OSPF, it is expected to extend OSPF to distribute FlowSpec routes as
shown in Figure 3. In this kind of network, the traffic analyzer shown in Figure 3. In this kind of network, the traffic analyzer
could be deployed with a router, then the FlowSpec routes from the could be deployed with a router, then the FlowSpec routes from the
traffic analyzer need to be distributed to the other routers in this traffic analyzer need to be distributed to the other routers in this
domain using OSPF. domain using OSPF.
+--------+ +--------+
|Traffic | |Traffic |
+---+Analyzer| +---+Analyzer|
| +--------+ | +--------+
| |
|FlowSpec |FlowSpec
| |
| |
+--+-------+ +----------+ +--------+ +--+-------+ +----------+ +--------+
| Router A +-----------+ Router B +--------+Attacker| | Router A +-----------+ Router B +--------+Attacker|
+----------+ +----------+ +--------+ +----------+ +----------+ +--------+
| | | | | |
| OSPF FlowSpec | Attack Traffic | | OSPF FlowSpec | Attack Traffic |
| | | | | |
Figure 3: OSPF Campus Network Figure 3: OSPF Campus Network
3.2. BGP/MPLS VPN 3.2. BGP/MPLS VPN
[RFC5575] defines a BGP NLRI encoding format to distribute traffic [RFC5575] defines a BGP NLRI encoding format to distribute traffic
flow specifications in BGP deployed network. However, in the BGP/ flow specifications in BGP deployed network. However, in the BGP/
MPLS VPN scenario, the IGP (e.g., IS-IS, or OSPF) is used between the MPLS VPN scenario, the IGP (e.g., IS-IS, or OSPF) is used between the
PE (Provider Edge) and CE (Customer Edge) in many deployments. In PE (Provider Edge) and CE (Customer Edge) in many deployments. In
order to distribute the FlowSpec routes to the customer network, the order to distribute the FlowSpec routes to the customer network, the
IGP needs to support FlowSpec route distribution. The FlowSpec IGP needs to support FlowSpec route distribution. The FlowSpec
routes are usually generated by the traffic analyzer or the traffic routes are usually generated by the traffic analyzer or the traffic
skipping to change at page 5, line 26 skipping to change at page 5, line 26
Network Layer Reachability information (NRLI) corresponding to VPN1 Network Layer Reachability information (NRLI) corresponding to VPN1
are distributed from the traffic analyzer to the PE1 to which the are distributed from the traffic analyzer to the PE1 to which the
traffic analyzer is attached. If the traffic analyzer is also a BGP traffic analyzer is attached. If the traffic analyzer is also a BGP
speaker, it can distribute the FlowSpec routes using BGP [RFC5575]. speaker, it can distribute the FlowSpec routes using BGP [RFC5575].
Then the PE1 distributes the FlowSpec routes further to the PE2. Then the PE1 distributes the FlowSpec routes further to the PE2.
Finally, the FlowSpec routes need to be distributed from PE2 to the Finally, the FlowSpec routes need to be distributed from PE2 to the
CE2 using OSPF, i.e., to the customer network VPN1. As an attacker CE2 using OSPF, i.e., to the customer network VPN1. As an attacker
is more likely in the customer network, FlowSpec routes installed is more likely in the customer network, FlowSpec routes installed
directly on CE2 could mitigate the impact of DoS attacks better. directly on CE2 could mitigate the impact of DoS attacks better.
+--------+ +--------+
|Traffic | |Traffic |
+---+Analyzer| ----------- +---+Analyzer| -----------
| +--------+ //- -\\ | +--------+ //- -\\
| /// \\\ | /// \\\
|FlowSpec / \ |FlowSpec / \
| // \\ | // \\
| | | | | |
+--+--+ +-----+ | +-----+ +--------+ | +--+--+ +-----+ | +-----+ +--------+ |
| PE1 +-------+ PE2 +-------+--+ CE2 +-------+Attacker| | | PE1 +-------+ PE2 +-------+--+ CE2 +-------+Attacker| |
+-----+ +-----+ | +-----+ +--------+ | +-----+ +-----+ | +-----+ +--------+ |
| | | |
| | | | | | | | | | | |
| BGP FlowSpec | OSPF FlowSpec | Attack Traffic| | | BGP FlowSpec | OSPF FlowSpec | Attack Traffic| |
| | \\ | | // | | \\ | | //
\ / \ /
\\\ VPN1 /// \\\ VPN1 ///
\\-- --// \\-- --//
--------- ---------
Figure 1: Traffic Analyzer deployed in Provider Network Figure 1: Traffic Analyzer deployed in Provider Network
3.2.2. Traffic Analyzer Deployed in Customer Network 3.2.2. Traffic Analyzer Deployed in Customer Network
The traffic analyzer (also acting as the traffic policy center) could The traffic analyzer (also acting as the traffic policy center) could
be deployed in the customer network as shown in Figure 2. If the be deployed in the customer network as shown in Figure 2. If the
traffic analyzer detects attack traffic, it would generate FlowSpec traffic analyzer detects attack traffic, it would generate FlowSpec
routes to prevent associated DoS attacks. Then the FlowSpec routes routes to prevent associated DoS attacks. Then the FlowSpec routes
would be distributed from the traffic analyzer to the CE1 using OSPF would be distributed from the traffic analyzer to the CE1 using OSPF
or another policy protocol (e.g., RESTful API over HTTP). or another policy protocol (e.g., RESTful API over HTTP).
Furthermore, the FlowSpec routes need to be distributed throughout Furthermore, the FlowSpec routes need to be distributed throughout
the provider network via PE1/PE2 to CE2, i.e., to the remote customer the provider network via PE1/PE2 to CE2, i.e., to the remote customer
network VPN1 Site1. If the FlowSpec routes installed on the CE2, it network VPN1 Site1. If the FlowSpec routes installed on the CE2, it
could block the attack traffic as close to the source of the attack could block the attack traffic as close to the source of the attack
as possible. as possible.
+--------+ +--------+
|Traffic | |Traffic |
+---+Analyzer| +---+Analyzer|
| +--------+ ------ | +--------+ --------
| //-- --\\ | //-- --\\
|FlowSpec // \\ |FlowSpec // \\
| / \ | / \
| // \\ | // \\
+--+--+ +-----+ +-----+ | +-----+ +--------+ | +--+--+ +-----+ +-----+ | +-----+ +--------+
| CE1 +--------+ PE1 +-------+ PE2 +----- +--+ CE2 +-----+Attacker| | | CE1 +--------+ PE1 +-------+ PE2 +--------+-+ CE2 +------+Attacker|
+-----+ +-----+ +-----+ | +-----+ +--------+ | +-----+ +-----+ +-----+ | +-----+ +--------+
| | | | | | | | |
| OSPF FlowSpec | BGP FlowSpec| OSPF FlowSpec |Attack Traffic| | | | | | | |
| | | | | | | | OSPF FlowSpec | BGP FlowSpec| OSPF FlowSpec | Attack Traffic |
| | | | | | | |
\\ // | |
\ VPN1 Site1 / \\ //
\\ // \ VPN1 Site1 /
\\-- --// \\ //
----- \\-- --//
--------
Figure 2: Traffic Analyzer deployed in Customer Network Figure 2: Traffic Analyzer deployed in Customer Network
3.2.3. Policy Configuration 3.2.3. Policy Configuration
The CE or PE could deploy local filtering policies to filter OSPF The CE or PE could deploy local filtering policies to filter OSPF
FlowSpec rules, for example, deploying a filtering policy to filter FlowSpec rules, for example, deploying a filtering policy to filter
the incoming OSPF FlowSpec rules in order to prevent illegal or the incoming OSPF FlowSpec rules in order to prevent illegal or
invalid FlowSpec rules from being applied. invalid FlowSpec rules from being applied.
The PE should configure FlowSpec importing policies to control The PE should configure FlowSpec importing policies to control
importing action between the BGP IP/VPN FlowSpec RIB and the OSPF importing action between the BGP IP/VPN FlowSpec RIB and the OSPF
skipping to change at page 7, line 22 skipping to change at page 7, line 22
This document defines a new OSPFv2 flow specification Opaque Link This document defines a new OSPFv2 flow specification Opaque Link
State Advertisement (LSA) encoding format that can be used to State Advertisement (LSA) encoding format that can be used to
distribute traffic flow specifications. This new OSPF FlowSpec distribute traffic flow specifications. This new OSPF FlowSpec
Opaque LSA is extended based on [RFC5250]. Opaque LSA is extended based on [RFC5250].
The OSPFv2 FlowSpec Opaque LSA is defined below in Figure 4: The OSPFv2 FlowSpec Opaque LSA is defined below in Figure 4:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS Age | Options | LS Type | | LS Age | Options | LS Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opaque Type | Opaque ID | | Opaque Type | Opaque ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Advertising Router | | Advertising Router |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS sequence number | | LS sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS checksum | Length | | LS checksum | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| TLVs | | TLVs |
+ + + +
| ... | | ... |
Figure 4: OSPFv2 FlowSpec Opaque LSA Figure 4: OSPFv2 FlowSpec Opaque LSA
LS age: the same as defined in [RFC2328]. LS age: the same as defined in [RFC2328].
Options: the same as defined in [RFC2328]. Options: the same as defined in [RFC2328].
LS type: A type-11 or type-10 Opaque-LSA SHOULD be originated. LS type: A type-11 or type-10 Opaque-LSA SHOULD be originated.
Since the type-11 LSA has the same flooding scope as a type-5 LSA Since the type-11 LSA has the same flooding scope as a type-5 LSA
as stated in [RFC5250], it will not be flooded into stub areas or as stated in [RFC5250], it will not be flooded into stub areas or
NSSAs (Not-So-Stubby Areas). When stub or NSSA areas are NSSAs (Not-So-Stubby Areas). When stub or NSSA areas are
encountered in the scenario of flow spec, we may have to make our encountered in the scenario of flow spec, we may have to make our
skipping to change at page 8, line 28 skipping to change at page 8, line 28
TLVs: one or more TLVs MAY be included in a FlowSpec Opaque LSA to TLVs: one or more TLVs MAY be included in a FlowSpec Opaque LSA to
carry FlowSpec information. carry FlowSpec information.
The variable TLVs section consists of one or more nested Type/Length/ The variable TLVs section consists of one or more nested Type/Length/
Value (TLV) tuples. Nested TLVs are also referred to as sub-TLVs. Value (TLV) tuples. Nested TLVs are also referred to as sub-TLVs.
The format of each TLV is shown in Figure 5: The format of each TLV is shown in Figure 5:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Values... | | Values... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: TLV Format Figure 5: TLV Format
The Length field defines the length of the value portion in octets The Length field defines the length of the value portion in octets
(thus a TLV with no value portion would have a length of 0). The TLV (thus a TLV with no value portion would have a length of 0). The TLV
is padded to 4-octet alignment; padding is not included in the length is padded to 4-octet alignment; padding is not included in the length
field (so a 3-octet value would have a length of 3, but the total field (so a 3-octet value would have a length of 3, but the total
size of the TLV would be 8 octets). Nested TLVs are also 32-bit size of the TLV would be 8 octets). Nested TLVs are also 32-bit
aligned. For example, a 1-octet value would have the length field aligned. For example, a 1-octet value would have the length field
set to 1, and 3 octets of padding would be added to the end of the set to 1, and 3 octets of padding would be added to the end of the
value portion of the TLV. value portion of the TLV.
skipping to change at page 9, line 13 skipping to change at page 9, line 13
Stub and NSSA areas. Stub and NSSA areas.
4.1.2. OSPFv3 FlowSpec LSA 4.1.2. OSPFv3 FlowSpec LSA
This document defines a new OSPFv3 flow specification LSA encoding This document defines a new OSPFv3 flow specification LSA encoding
format that can be used to distribute traffic flow specifications. format that can be used to distribute traffic flow specifications.
This new OSPFv3 FlowSpec LSA is extended based on [RFC5340]. This new OSPFv3 FlowSpec LSA is extended based on [RFC5340].
The OSPFv3 FlowSpec LSA is defined below in Figure 6: The OSPFv3 FlowSpec LSA is defined below in Figure 6:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS Age | LS Type | | LS Age | LS Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Link State ID | | Link State ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Advertising Router | | Advertising Router |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS sequence number | | LS sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LS checksum | Length | | LS checksum | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| TLVs | | TLVs |
+ + + +
| ... | | ... |
Figure 6: OSPFv3 FlowSpec LSA Figure 6: OSPFv3 FlowSpec LSA
LS age: the same as defined in [RFC5340]. LS age: the same as defined in [RFC5340].
LS type: the same as defined in [RFC5340]. The format of the LS LS type: the same as defined in [RFC5340]. The format of the LS
type is as follows: type is as follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|U |S2|S1| LSA Function Code | |U |S2|S1| LSA Function Code |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Figure 7: LSA Type Figure 7: LSA Type
In this document, the U bit should be set indicating that the In this document, the U bit should be set indicating that the
OSPFv3 FlowSpec LSA should be flooded even if it is not OSPFv3 FlowSpec LSA should be flooded even if it is not
understood. For the area scope, the S1 bit should be set and the understood. For the area scope, the S1 bit should be set and the
S2 should be clear. For the AS scope, the S1 bit should be clear S2 should be clear. For the AS scope, the S1 bit should be clear
and the S2 bit should be set. A new LSA Function Code (TBD2) and the S2 bit should be set. A new LSA Function Code (TBD2)
needs to be defined for OSPFv3 FlowSpec LSA. To facilitate inter- needs to be defined for OSPFv3 FlowSpec LSA. To facilitate inter-
area reachability validation, any OSPFv3 router originating AS area reachability validation, any OSPFv3 router originating AS
scoped LSAs is considered an AS Boundary Router (ASBR). scoped LSAs is considered an AS Boundary Router (ASBR).
skipping to change at page 10, line 28 skipping to change at page 10, line 28
carry FlowSpec information. carry FlowSpec information.
4.2. OSPF FlowSpec Filters TLV 4.2. OSPF FlowSpec Filters TLV
The FlowSpec Opaque LSA carries one or more FlowSpec Filters TLVs and The FlowSpec Opaque LSA carries one or more FlowSpec Filters TLVs and
corresponding FlowSpec Action TLVs. The OSPF FlowSpec Filters TLV is corresponding FlowSpec Action TLVs. The OSPF FlowSpec Filters TLV is
defined below in Figure 8. defined below in Figure 8.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Filters (variable) ~ | Flags | Filters (variable) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Filters (variable) ~ ~ Filters (variable) ~
+ + + +
| ... | | ... |
Figure 8: OSPF FlowSpec Filters TLV Figure 8: OSPF FlowSpec Filters TLV
Type: the TLV type (Type Code: TBD3) Type: the TLV type (Type Code: TBD3)
Length: the size of the value field in octets Length: the size of the value field in octets
Flags: One octet Field identifying Flags. Flags: One octet Field identifying Flags.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Reserved |S| | Reserved |S|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
The least significant bit S is defined as a strict Filter check bit. The least significant bit S is defined as a strict Filter check bit.
If set, Strict Validation rules outlined in the validation section If set, Strict Validation rules outlined in the validation
Section 4.2.2 need to be enforced. Section 4.2.2 need to be enforced.
Filters: the same as "flow-spec NLRI value" defined in [RFC5575] and Filters: the same as "flow-spec NLRI value" defined in [RFC5575] and
[I-D.ietf-idr-flow-spec-v6]. [I-D.ietf-idr-flow-spec-v6].
Table 1: OSPF Supported FlowSpec Filters Table 1: OSPF Supported FlowSpec Filters
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| Type | Description | RFC/ WG draft | | Type | Description | RFC/ WG draft |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 1 | Destination IPv4 Prefix| RFC5575 | | 1 | Destination IPv4 Prefix| RFC5575 |
| | Destination IPv6 Prefix| I-D.ietf-idr-flow-spec-v6 | | | Destination IPv6 Prefix| I-D.ietf-idr-flow-spec-v6 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 2 | Source IPv4 Prefix | RFC5575 | | 2 | Source IPv4 Prefix | RFC5575 |
| | Source IPv6 Prefix | I-D.ietf-idr-flow-spec-v6 | | | Source IPv6 Prefix | I-D.ietf-idr-flow-spec-v6 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 3 | IP Protocol | RFC5575 | | 3 | IP Protocol | RFC5575 |
| | Next Header | I-D.ietf-idr-flow-spec-v6 | | | Next Header | I-D.ietf-idr-flow-spec-v6 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 4 | Port | RFC5575 | | 4 | Port | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 5 | Destination port | RFC5575 | | 5 | Destination port | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 6 | Source port | RFC5575 | | 6 | Source port | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 7 | ICMP type | RFC5575 | | 7 | ICMP type | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 8 | ICMP code | RFC5575 | | 8 | ICMP code | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 9 | TCP flags | RFC5575 | | 9 | TCP flags | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 10 | Packet length | RFC5575 | | 10 | Packet length | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 11 | DSCP | RFC5575 | | 11 | DSCP | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 12 | Fragment | RFC5575 | | 12 | Fragment | RFC5575 |
+------+------------------------+------------------------------+ +------+------------------------+------------------------------+
| 13 | Flow Label | I-D.ietf-idr-flow-spec-v6 | | 13 | Flow Label | I-D.ietf-idr-flow-spec-v6 |
+------+----------------------- ------------------------------+ +------+------------------------+------------------------------+
| 14 | Interface-Set | Described Below |
+------+------------------------+------------------------------+
4.2.1. Order of Traffic Filtering Rules 4.2.1. Interface-Set TLV
The Interface-Set TLV is used to limit the FlowSpec rules to a set of
interfaces configured locally with the specified Group ID. The
Interface-Set TLV was inspired by
[I-D.litkowski-idr-flowspec-interfaceset] and uses similar encodings.
The Autonomous System (AS) number is not required since OSPF usage is
within a single AS.
The Interface-Set TLV is encoded as:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TBD, 14 Suggested | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|O|I| Flags | Group ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
O : if set, the flow specification rule MUST be applied in outbound
direction to the interface set referenced by the specified Group ID.
I : if set, the flow specification rule MUST be applied in input
direction to the interface set referenced by the specified Group ID
Both flags can be set at the same time in the interface-set extended
community leading to flow rule to be applied in both directions. An
interface-set TLV with both flags set to zero MUST be treated as an
error and as consequence, the FlowSpec update MUST be ignore and an
error should be logged.
The Group Identifier is coded as a 16-bit number (values goes from 0
to 65535).
Multiple instances of the interface-set community may be present in a
Flow-Spec rule. This may appear if the flow rule need to be applied
to multiple set of interfaces.
4.2.2. Order of Traffic Filtering Rules
With traffic filtering rules, more than one rule may match a With traffic filtering rules, more than one rule may match a
particular traffic flow. The order of applying the traffic filter particular traffic flow. The order of applying the traffic filter
rules is the same as described in Section 5.1 of [RFC5575] and in rules is the same as described in Section 5.1 of [RFC5575] and in
Section 3.1 of [I-D.ietf-idr-flow-spec-v6]. Section 3.1 of [I-D.ietf-idr-flow-spec-v6].
4.2.2. Validation Procedure 4.2.3. Validation Procedure
[RFC5575] defines a validation procedure for BGP FlowSpec rules, and [RFC5575] defines a validation procedure for BGP FlowSpec rules, and
[I-D.ietf-idr-bgp-flowspec-oid] describes a modification to the [I-D.ietf-idr-bgp-flowspec-oid] describes a modification to the
validation procedure defined in [RFC5575] for the dissemination of validation procedure defined in [RFC5575] for the dissemination of
BGP flow specifications. The OSPF FlowSpec should support similar BGP flow specifications. The OSPF FlowSpec should support similar
features to mitigate the unnecessary application of traffic filter features to mitigate the unnecessary application of traffic filter
rules. The OSPF FlowSpec validation procedure is described as rules. The OSPF FlowSpec validation procedure is described as
follows. follows.
When a router receives a FlowSpec rule including a destination prefix When a router receives a FlowSpec rule including a destination prefix
skipping to change at page 13, line 5 skipping to change at page 14, line 5
There are one or more FlowSpec Action TLVs associated with a FlowSpec There are one or more FlowSpec Action TLVs associated with a FlowSpec
Filters TLV. Different FlowSpec Filters TLV could have the same Filters TLV. Different FlowSpec Filters TLV could have the same
FlowSpec Action TLVs. The following OSPF FlowSpec action TLVs, FlowSpec Action TLVs. The following OSPF FlowSpec action TLVs,
except Redirect, are same as defined in [RFC5575]. except Redirect, are same as defined in [RFC5575].
Redirect: IPv4 or IPv6 address. This IP address may correspond to a Redirect: IPv4 or IPv6 address. This IP address may correspond to a
tunnel, i.e., the redirect allows the traffic to be redirected to a tunnel, i.e., the redirect allows the traffic to be redirected to a
directly attached next-hop or a next-hop requiring a route lookup. directly attached next-hop or a next-hop requiring a route lookup.
Table 2: Traffic Filtering Actions in [RFC5575], etc. Table 2: Traffic Filtering Actions in [RFC5575], etc.
+-------+-----------------+---------------------------------------+ +-------+-----------------+---------------------------------------+
| type | FlowSpec Action | RFC/WG draft | | type | FlowSpec Action | RFC/WG draft |
+-------+-----------------+---------------------------------------+ +-------+-----------------+---------------------------------------+
| 0x8006| traffic-rate | RFC5575 | | 0x8006| traffic-rate | RFC5575 |
| | | | | | | |
| 0x8007| traffic-action | RFC5575 | | 0x8007| traffic-action | RFC5575 |
| | | | | | | |
| 0x8108| redirect-to-IPv4| I-D.ietf-idr-flowspec-redirect-rt-bis | | 0x8108| redirect-to-IPv4| I-D.ietf-idr-flowspec-redirect-rt-bis |
| | | | | |
| 0x800b| redirect-to-IPv6| I-D.ietf-idr-flow-spec-v6 | | 0x800b| redirect-to-IPv6| I-D.ietf-idr-flow-spec-v6 |
| | | | | | | |
| 0x8009| traffic-marking | RFC5575 | | 0x8009| traffic-marking | RFC5575 |
+-------+-----------------+---------------------------------------+ +-------+-----------------+---------------------------------------+
4.3.1. Traffic-rate 4.3.1. Traffic-rate
Traffic-rate TLV is encoded as: Traffic-rate TLV is encoded as:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TBD5,0x8006 suggested | 4 | | TBD5,0x8006 suggested | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Traffic-rate | | Traffic-rate |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Traffic-rate: the same as defined in [RFC5575]. Traffic-rate: the same as defined in [RFC5575].
4.3.2. Traffic-action 4.3.2. Traffic-action
Traffic-action TLV is encoded as: Traffic-action TLV is encoded as:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 15, line 8 skipping to change at page 16, line 8
IPv4/6 Address: the redirection target address. IPv4/6 Address: the redirection target address.
'C' (or copy) bit: when the 'C' bit is set, the redirection applies 'C' (or copy) bit: when the 'C' bit is set, the redirection applies
to copies of the matching packets and not to the original traffic to copies of the matching packets and not to the original traffic
stream [I-D.ietf-idr-flowspec-redirect-ip]. stream [I-D.ietf-idr-flowspec-redirect-ip].
4.4. Capability Advertisement 4.4. Capability Advertisement
This document defines a capability bit for OSPF Router-Information This document defines a capability bit for OSPF Router-Information
LSA [I-D.ietf-ospf-rfc4970bis] as FlowSpec Capability Advertisement LSA [RFC7770] as FlowSpec Capability Advertisement bit. When set,
bit. When set, the OSPF router indicates its ability to support the the OSPF router indicates its ability to support the FlowSpec
FlowSpec functionality. The FlowSpec Capability Advertisement bit functionality. The FlowSpec Capability Advertisement bit has a value
has a value to be assigned by IANA from OSPF Router Functional to be assigned by IANA from OSPF Router Functional Capability Bits
Capability Bits Registry [I-D.ietf-ospf-rfc4970bis]. Registry [I-D.ietf-ospf-rfc4970bis].
5. Redistribution of FlowSpec Routes 5. Redistribution of FlowSpec Routes
In certain scenarios, FlowSpec routes MAY get redistributed from one In certain scenarios, FlowSpec routes MAY get redistributed from one
protocol domain to another; specifically from BGP to OSPF and vice- protocol domain to another; specifically from BGP to OSPF and vice-
versa. When redistributed from BGP, the OSPF speaker SHOULD generate versa. When redistributed from BGP, the OSPF speaker SHOULD generate
an Opaque LSA for the redistributed routes and announce it within an an Opaque LSA for the redistributed routes and announce it within an
OSPF domain. An implementation MAY provide an option for an OSPF OSPF domain. An implementation MAY provide an option for an OSPF
speaker to announce a redistributed FlowSpec route within a OSPF speaker to announce a redistributed FlowSpec route within a OSPF
domain regardless of being installed in its local FIB. An domain regardless of being installed in its local FIB. An
skipping to change at page 16, line 6 skipping to change at page 17, line 6
This document defines a new FlowSpec capability which need to be This document defines a new FlowSpec capability which need to be
advertised in an RI Opaque LSA. A new informational capability bit advertised in an RI Opaque LSA. A new informational capability bit
needs to be assigned for OSPF FlowSpec feature (FlowSpec Bit: TBD4). needs to be assigned for OSPF FlowSpec feature (FlowSpec Bit: TBD4).
This document defines a new Router LSA bit known as a FlowSpec This document defines a new Router LSA bit known as a FlowSpec
Capability Advertisement bit. This document requests IANA to assign Capability Advertisement bit. This document requests IANA to assign
a bit code type for FlowSpec Capability Advertisement bit from the a bit code type for FlowSpec Capability Advertisement bit from the
OSPF Router Functional Capability Bits registry. OSPF Router Functional Capability Bits registry.
Type 1 - Destination IPv4/IPv6 Prefix Type 1 - Destination IPv4/IPv6 Prefix
Type 2 - Source IPv4/IPv6 Prefix Type 2 - Source IPv4/IPv6 Prefix
Type 3 - IP Protocol/Next Header Type 3 - IP Protocol/Next Header
Type 4 - Port Type 4 - Port
Type 5 - Destination port Type 5 - Destination port
Type 6 - Source port Type 6 - Source port
Type 7 - ICMP type Type 7 - ICMP type
Type 8 - ICMP code Type 8 - ICMP code
Type 9 - TCP flags Type 9 - TCP flags
Type 10 - Packet length Type 10 - Packet length
Type 11 - DSCP Type 11 - DSCP
Type 12 - Fragment Type 12 - Fragment
Type 13 - Flow Label Type 13 - Flow Label
Type 14 - Interface-Set
This document defines a group of FlowSpec actions. The following TLV This document defines a group of FlowSpec actions. The following TLV
types need to be assigned: types need to be assigned:
Type 0x8006(TBD5) - traffic-rate Type 0x8006(TBD5) - traffic-rate
Type 0x8007(TBD6) - traffic-action Type 0x8007(TBD6) - traffic-action
Type 0x8009(TBD7) - traffic-marking Type 0x8009(TBD7) - traffic-marking
Type 0x8108(TBD8) - redirect to IPv4 Type 0x8108(TBD8) - redirect to IPv4
Type 0x800b(TBD9) - redirect to IPv6 Type 0x800b(TBD9) - redirect to IPv6
7. Security considerations 7. Security considerations
This extension to OSPF does not change the underlying security issues This extension to OSPF does not change the underlying security issues
inherent in the existing OSPF. Implementations must assure that inherent in the existing OSPF. Implementations must assure that
malformed TLV and Sub-TLV permutations do not result in errors which malformed TLV and Sub-TLV permutations do not result in errors which
cause hard OSPF failures. cause hard OSPF failures.
8. Acknowledgement 8. Acknowledgement
The authors would also like to thank Burjiz Pithawala, Rashmi The authors would also like to thank Burjiz Pithawala, Rashmi
Shrivastava and Mike Dubrovsky for their contribution to the original Shrivastava and Mike Dubrovsky for their contribution to the original
version of the document. version of the document.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<http://www.rfc-editor.org/info/rfc2328>.
[RFC5250] Berger, L., Bryskin, I., Zinin, A., and R. Coltun, "The [RFC5250] Berger, L., Bryskin, I., Zinin, A., and R. Coltun, "The
OSPF Opaque LSA Option", RFC 5250, July 2008. OSPF Opaque LSA Option", RFC 5250, DOI 10.17487/RFC5250,
July 2008, <http://www.rfc-editor.org/info/rfc5250>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, July 2008. for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<http://www.rfc-editor.org/info/rfc5340>.
[RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J.,
and D. McPherson, "Dissemination of Flow Specification and D. McPherson, "Dissemination of Flow Specification
Rules", RFC 5575, August 2009. Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009,
<http://www.rfc-editor.org/info/rfc5575>.
9.2. Informative References 9.2. Informative References
[I-D.ietf-idr-bgp-flowspec-oid] [I-D.ietf-idr-bgp-flowspec-oid]
Uttaro, J., Filsfils, C., Smith, D., Alcaide, J., and P. Uttaro, J., Filsfils, C., Smith, D., Alcaide, J., and P.
Mohapatra, "Revised Validation Procedure for BGP Flow Mohapatra, "Revised Validation Procedure for BGP Flow
Specifications", draft-ietf-idr-bgp-flowspec-oid-02 (work Specifications", draft-ietf-idr-bgp-flowspec-oid-03 (work
in progress), January 2014. in progress), March 2016.
[I-D.ietf-idr-flow-spec-v6] [I-D.ietf-idr-flow-spec-v6]
Raszuk, R., Pithawala, B., McPherson, D., and A. Andy, McPherson, D., Raszuk, R., Pithawala, B., Andy, A., and S.
"Dissemination of Flow Specification Rules for IPv6", Hares, "Dissemination of Flow Specification Rules for
draft-ietf-idr-flow-spec-v6-06 (work in progress), IPv6", draft-ietf-idr-flow-spec-v6-07 (work in progress),
November 2014. March 2016.
[I-D.ietf-idr-flowspec-redirect-ip] [I-D.ietf-idr-flowspec-redirect-ip]
Uttaro, J., Haas, J., Texier, M., Andy, A., Ray, S., Uttaro, J., Haas, J., Texier, M., Andy, A., Ray, S.,
Simpson, A., and W. Henderickx, "BGP Flow-Spec Redirect to Simpson, A., and W. Henderickx, "BGP Flow-Spec Redirect to
IP Action", draft-ietf-idr-flowspec-redirect-ip-02 (work IP Action", draft-ietf-idr-flowspec-redirect-ip-02 (work
in progress), February 2015. in progress), February 2015.
[I-D.litkowski-idr-flowspec-interfaceset]
Litkowski, S., Simpson, A., Patel, K., and J. Haas,
"Applying BGP flowspec rules on a specific interface set",
draft-litkowski-idr-flowspec-interfaceset-03 (work in
progress), December 2015.
[RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and
S. Shaffer, "Extensions to OSPF for Advertising Optional
Router Capabilities", RFC 7770, DOI 10.17487/RFC7770,
February 2016, <http://www.rfc-editor.org/info/rfc7770>.
Authors' Addresses Authors' Addresses
Qiandeng Liang Qiandeng Liang
Huawei Huawei
101 Software Avenue, Yuhuatai District 101 Software Avenue, Yuhuatai District
Nanjing, 210012 Nanjing, 210012
China China
Email: liuweihang@huawei.com Email: liangqiandeng@huawei.com
Jianjie You Jianjie You
Huawei Huawei
101 Software Avenue, Yuhuatai District 101 Software Avenue, Yuhuatai District
Nanjing, 210012 Nanjing, 210012
China China
Email: youjianjie@huawei.com Email: youjianjie@huawei.com
Nan Wu Nan Wu
Huawei Huawei
Email: eric.wu@huawei.com Email: eric.wu@huawei.com
Peng Fan Peng Fan
China Mobile Independent
Email: fanpeng@chinamobile.com Email: peng.fan@139.com
Keyur Patel Keyur Patel
Cisco Systems Cisco Systems
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95124 95134 San Jose, CA 95134
USA USA
Email: keyupate@cisco.com Email: keyupate@cisco.com
Acee Lindem Acee Lindem
Cisco Systems Cisco Systems
170 W. Tasman Drive 301 Midenhall Way
San Jose, CA 95124 95134 Cary, NC 27519
USA USA
Email: acee@cisco.com Email: acee@cisco.com
 End of changes. 49 change blocks. 
201 lines changed or deleted 264 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/