One document matched: draft-ietf-idr-bgp-flowspec-label-00.xml


<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC5575 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5575.xml">
<!ENTITY RFC3107 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3107.xml">
<!ENTITY RFC4364 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4364.xml">
<!ENTITY RFC3032 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4360.xml">
<!ENTITY RFC4360 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3032.xml">
<!ENTITY RFC7674 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7674.xml">
<!ENTITY I-D.filsfils-spring-segment-routing-central-epe SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.filsfils-spring-segment-routing-central-epe.xml">
<!ENTITY I-D.ietf-idr-flow-spec-v6 SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-idr-flow-spec-v6.xml">
<!ENTITY I-D.ietf-idr-flowspec-l2vpn SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-idr-flowspec-l2vpn.xml">
<!ENTITY I-D.ietf-idr-bgp-flowspec-oid SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-idr-bgp-flowspec-oid.xml">
<!ENTITY I-D.ietf-idr-flowspec-mpls-match SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-idr-flowspec-mpls-match.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?>
<rfc category="std" docName="draft-ietf-idr-bgp-flowspec-label-00"
     ipr="trust200902">
  <front>
    <title abbrev="BGP FlowSpec">Carrying Label Information for BGP
    FlowSpec</title>

    <author fullname="Qiandeng Liang" initials="Q." surname="Liang">
      <organization>Huawei</organization>

      <address>
        <postal>
          <street>101 Software Avenue, Yuhuatai District</street>

          <city>Nanjing,</city>

          <code>210012</code>

          <country>China</country>
        </postal>

        <email>liangqiandeng@huawei.com</email>
      </address>
    </author>

    <author fullname="Susan Hares " initials="S." surname="Hares ">
      <organization>Huawei</organization>

      <address>
        <postal>
          <street>7453 Hickory Hill</street>

          <city>Saline, MI</city>

          <code>48176</code>

          <country>USA</country>
        </postal>

        <email>shares@ndzh.com</email>
      </address>
    </author>

    <author fullname="Jianjie You" initials="J." surname="You">
      <organization>Huawei</organization>

      <address>
        <postal>
          <street>101 Software Avenue, Yuhuatai District</street>

          <city>Nanjing,</city>

          <code>210012</code>

          <country>China</country>
        </postal>

        <email>youjianjie@huawei.com</email>
      </address>
    </author>

    <author fullname="Robert Raszuk" initials="R." surname="Raszuk">
      <organization>Nozomi</organization>

      <address>
        <email>robert@raszuk.net</email>
      </address>
    </author>

    <author fullname="Dan Ma " initials="D." surname="Ma">
      <organization>Cisco Systems</organization>

      <address>
        <email>danma@cisco.com</email>
      </address>
    </author>

    <date year="2016" />

    <area>Rtg Area</area>

    <workgroup>Idr Working Group</workgroup>

    <keyword>RFC</keyword>

    <keyword>Request for Comments</keyword>

    <keyword>I-D</keyword>

    <keyword>Internet-Draft</keyword>

    <keyword>BGP, FlowSpec</keyword>

    <abstract>
      <t>This document specifies a method in which the label mapping
      information for a particular FlowSpec rule is piggybacked in the same
      Border Gateway Protocol (BGP) Update message that is used to distribute
      the FlowSpec rule. Based on the proposed method, the Label Switching
      Routers (LSRs) (except the ingress LSR) on the Label Switched Path (LSP)
      can use label to indentify the traffic matching a particular FlowSpec
      rule; this facilitates monitoring and traffic statistics for FlowSpec
      rules.</t>
    </abstract>

    <note title="Requirements Language ">
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
      "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
      document are to be interpreted as described in <xref
      target="RFC2119"></xref>.</t>
    </note>
  </front>

  <middle>
    <section anchor="intro" title="Introduction">
      <t>This section provides the background for proposing a new action for
      BGP Flow specification that push/pops MPLS or swaps MPLS tags. For those
      familiar with BGP Flow specification (<xref target="RFC5575"></xref>,
      <xref target="RFC7674"></xref>, <xref
      target="I-D.ietf-idr-flow-spec-v6"></xref>, <xref
      target="I-D.ietf-idr-flowspec-l2vpn"></xref>, <xref
      target="I-D.ietf-idr-bgp-flowspec-oid"></xref> and MPLS (<xref
      target="RFC3107"></xref>) can skip this background section.</t>

      <section title="Background">
        <t><xref target="RFC5575"></xref> defines the flow specification
        (FlowSpec) that is an n-tuple consisting of several matching criteria
        that can be applied to IP traffic. The matching criteria can include
        elements such as source and destination address prefixes, IP protocol,
        and transport protocol port numbers. A given IP packet is said to
        match the defined flow if it matches all the specified criteria. <xref
        target="RFC5575"></xref> also defines a set of filtering actions, such
        as rate limit, redirect, marking, associated with each flow
        specification. A new Border Gateway Protocol Network Layer
        Reachability Information (BGP NLRI) (AFI/SAFI: 1/133 for IPv4,
        AFI/SAFI: 1/134 for VPNv4) encoding format is used to distribute
        traffic flow specifications.</t>

        <t><xref target="RFC3107"></xref> specifies the way in which the label
        mapping information for a particular route is piggybacked in the same
        Border Gateway Protocol Update message that is used to distribute the
        route itself. Label mapping information is carried as part of the
        Network Layer Reachability Information (NLRI) in the Multiprotocol
        Extensions attributes. The Network Layer Reachability Information is
        encoded as one or more triples of the form <length, label,
        prefix>. The NLRI contains a label is indicated by using Subsequent
        Address Family Identifier (SAFI) value 4.</t>

        <t><xref target="RFC4364"></xref> describes a method in which each
        route within a Virtual Private Network (VPN) is assigned a
        Multiprotocol Label Switching (MPLS) label. If the Address Family
        Identifier (AFI) field is set to 1, and the SAFI field is set to 128,
        the NLRI is an MPLS-labeled VPN-IPv4 address.</t>
      </section>

      <section title="MPLS Flow Specification Deployment">
        <t>In BGP VPN/MPLS networks when flow specification policy rules exist
        on multiple forwarding devices in the network bound with labels from
        one or more LSPs, only the ingress LSR (Label Switching Router) needs
        to identify a particular traffic flow based on the matching criteria
        for flow. Once the flow is match by the ingress LSR, the ingress LSR
        steers the packet to a corresponding LSP (Label Switched Path). Other
        LSRs of the LSP just need to forward the packet according to the label
        carried in it.</t>
      </section>
    </section>

    <section title="Terminology">
      <t>This section contains definitions of terms used in this document.</t>

      <t><list>
          <t>Flow Specification (FlowSpec): A flow specification is an n-tuple
          consisting of several matching criteria that can be applied to IP
          traffic, including filters and actions. Each FlowSpec consists of a
          set of filters and a set of actions.</t>
        </list></t>
    </section>

    <section title="Overview of Proposal">
      <t>This document proposes adding a BGP-FS action in an extended
      community alters the label switch path associated with a matched flow.
      If the match does not have a label switch path, this action is
      skipped.</t>

      <t>The BGP flow specification (BGP-FS) policy rule could match on the
      destination prefix and then utilize a BGP-FS action to adjust the label
      path associated with it (push/pop/swap tags.) Or a BGP-FS policy rule
      could match on any set of BGP-FS match conditions associated with a
      BGP-FS action that adjust the label switch path (push/pop/swap).</t>

      <t><xref target="I-D.ietf-idr-flowspec-mpls-match"></xref> provides a
      match BGP-FS that may be used with this action to match and direct MPLS
      packets.</t>

      <t>Example of Use:</t>

      <t>Forwarding information for the traffic from IP1 to IP2 in the
      Routers:</t>

      <figure>
        <artwork>       PE1:   in(<IP2,IP1>) --> out(Label2)
       ASBR1: in(Label2) --> out(Label3)
       ASBR2: in(Label3) --> out(Label4)
       PE2:   in(Label4) --> out(--)</artwork>
      </figure>

      <t>Labels allocated by flow policy process:</t>

      <figure>
        <artwork>       Label4 allocated by PE2
       Label3 allocated by ASBR2
       Label2 allocated by ASBR1</artwork>
      </figure>

      <figure align="left">
        <artwork align="left">
           |<------AS1----->|    |<------AS2----->|
           +-----+    +-----+    +-----+    +-----+
VPN 1,IP1..| PE1 |====|ASBR1|----|ASBR2|====| PE2 |..VPN1,IP2
           +-----+    +-----+    +-----+    +-----+
             | LDP LSP1 |          | LDP LSP2 |
             | -------> |          | -------> |
             |-------BGP VPN Flowspec LSP---->|
          (Label1)    (Label2)   (Label3)   (Label4)
                   
              Figure 1: Usage of FlowSpec with Label
</artwork>
      </figure>

      <t>BGP-FS rule1 (locally configured):</t>

      <figure>
        <artwork>       Filters:
          destination ip prefix:IP2/32
          source ip prefix:IP1/32

       Actions: Extended Communities 
          traffic-marking: 1   
          MPLS POP      </artwork>
      </figure>

      <t>Note:</t>

      <t>The following Extended Communities are added/deleted</t>

      <figure>
        <artwork>       [rule-1a] BGP-FS action MPLS POP [used on PE2]  
       [rule-1b] BGP-FS action SWAP 4   [used on ASBR-2]
       [rule-1c] BGP-FS action SWAP 3   [used on ASBR-1]
       [rule-1d] BGP-FS action push 2   [used on PE1] </artwork>
      </figure>

      <figure>
        <artwork>PE-2 Changes BGP-FS rule-1a to rule-1b prior to sending
     Clears Extended Community: BGP-FS action MPLS POP 
     Adds   Extended Community: BGP-FS action MPLS SWAP 4</artwork>
      </figure>

      <figure>
        <artwork>ASBR-2 receives BGP-FS rule-1b (NRLI + 2 Extended Community)
       Installs the BGP-FS rule-1b (MPLS SWAP 4, traffic-marking)  
       Changes BGP-FS rule-1b to rule-1c prior to sending to ASBR1 
       Clear Extended Community: BGP-FS action MPLS SWAP 4
       Adds  Extended Community: BGP-FS action MPLS SWAP 3</artwork>
      </figure>

      <figure>
        <artwork>ASBR-1 Receives BGP-FS rule-1c (NLRI + 2 Extended Community)
       Installs the BGP-FS rule-1c (MPLS SWAP 3, traffic-marking
       Changes BGP-FS rule-1c to rule-1d prior to sending to PE-2 
       Clear Extended Community: BGP-FS action MPLS SWAP 3
       Adds  Extended Community: BGP-FS action MPLS SWAP 2 </artwork>
      </figure>

      <figure>
        <artwork>PE-1 Receives BGP-FS rule-1d (NLRI + 2 Extended Communities)
     Installs BGP-FS rule-1d action [MPLS SWAP 2, traffic-marking]  </artwork>
      </figure>
    </section>

    <section title="Protocol Extensions">
      <t>In this document, BGP is used to distribute the FlowSpec rule bound
      with label(s). A new label-action is defined as BGP extended community
      value based on Section 7 of <xref target="RFC5575"></xref>.</t>

      <figure>
        <artwork align="center">
+--------+--------------------+--------------------------+
| type   | extended community | encoding                 |
+--------+--------------------+--------------------------+
| TBD1   | label-action       | MPLS tag                 |
+--------+--------------------+--------------------------+
</artwork>
      </figure>

      <t>Label-action is described below:<figure align="center">
          <artwork>  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |      Type  (TBD1              | OpCode|Reserve| order         |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label
 |                Label                  | Exp |S|       TTL     | Stack
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Entry
</artwork>
        </figure></t>

      <t>The use and the meaning of these fields are as follows:<list>
          <t>Type: the same as defined in <xref target="RFC4360"></xref></t>

          <t>OpCode: Operation code<figure align="center">
              <artwork>+------+------------------------------------------------------------+
|OpCode| Function                                                   |
+------+------------------------------------------------------------+
|  0   | Push the MPLS tag                                          |
+------+------------------------------------------------------------+
|  1   | Pop the outermost MPLS tag in the packet                   |
+------+------------------------------------------------------------+
|  2   | Swap the MPLS tag with the outermost MPLS tag in the packet|
+------+------------------------------------------------------------+
| 3~15 | Reserved                                                   |
+------+------------------------------------------------------------+</artwork>
            </figure><list>
              <t>When the Opcode field is set to 0, the label stack entry
              Should be pushed on the MPLS label stack.</t>

              <t>When the OpCode field is set to 1, the label stack entry is
              invalid, and the router SHOULD pop the existing outermost MPLS
              tag in the packet.</t>

              <t>When the OpCode field is set to 2, the router SHOULD swap the
              label stack entry with the existing outermost MPLS tag in the
              packet. If the packet has no MPLS tag, it just pushes the label
              stack entry.</t>

              <t>The OpCode 0 or 1 may be used in some SDN networks, such as
              the scenario described in <xref
              target="I-D.filsfils-spring-segment-routing-central-epe"></xref>.</t>

              <t>The OpCode 2 can be used in traditional BGP MPLS/VPN
              networks.</t>
            </list></t>

          <t>Reserved: all zeros.</t>

          <t>Order: A FlowSpec rule MAY include one or more ordering
          label-action(s). If multiple label action extended communities are
          associated with a BGP-FS Rule, this gives the order of this in the
          list. The Last action received for an order will be used.</t>

          <t>Label: the same as defined in <xref target="RFC3032"></xref>.</t>

          <t>Bottom of Stack (S): the same as defined in <xref
          target="RFC3032"></xref>. It SHOULD be invalid, and set to zero by
          default. It MAY be modified by the forwarding router locally.</t>

          <t>Time to Live (TTL): the same as defined in<xref
          target="RFC3032"></xref>. It MAY be modified by the forwarding
          router locally.</t>

          <t>Experimental Use (Exp): the same as defined in <xref
          target="RFC3032"></xref>. It MAY be modified by the forwarding
          router according to the local routing policy.</t>
        </list></t>
    </section>

    <section title="IANA Considerations">
      <t>For the purpose of this work, IANA should allocate the following
      Extended community:<list>
          <t>TBD1 for label-action</t>
        </list></t>
    </section>

    <section title="Security considerations">
      <t>This extension to BGP does not change the underlying security issues
      inherent in the existing BGP.</t>
    </section>

    <section title="Acknowledgement">
      <t>The authors would like to thank Shunwan Zhuang, Zhenbin Li, Peng Zhou
      and Jeff Haas for their comments.</t>
    </section>
  </middle>

  <back>
    <references title="Normative References">
      &RFC2119;
      &RFC5575;
      &RFC3107;
      &RFC4364;
      &RFC3032;
      &RFC4360;
      &RFC7674;
    </references>

    <references title="Informative References">
      &I-D.filsfils-spring-segment-routing-central-epe;
      &I-D.ietf-idr-flow-spec-v6;
      &I-D.ietf-idr-flowspec-l2vpn;
      &I-D.ietf-idr-bgp-flowspec-oid;
	  &I-D.ietf-idr-flowspec-mpls-match;
    </references>
  </back>
</rfc>

PAFTECH AB 2003-20262026-04-24 03:51:31