One document matched: draft-liang-idr-flowspec-v1-time-00.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC4271 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4271.xml">
<!ENTITY RFC4360 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4360.xml">
<!ENTITY RFC4760 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4760.xml">
<!ENTITY RFC5575 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5575.xml">
<!ENTITY RFC6074 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6074.xml">
<!ENTITY RFC6241 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6241.xml">
<!ENTITY RFC6482 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6482.xml">
<!ENTITY RFC6483 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6483.xml">
<!ENTITY RFC7153 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7153.xml">
<!ENTITY RFC7223 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7223.xml">
<!ENTITY RFC7674 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7674.xml">
<!ENTITY I-D.ietf-idr-flow-spec-v6 SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-idr-flow-spec-v6.xml">
<!ENTITY I-D.hares-idr-rfc5575bis SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hares-idr-rfc5575bis.xml">
<!ENTITY I-D.ietf-idr-flowspec-packet-rate SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.eddy-idr-flowspec-packet-rate.xml">
<!ENTITY I-D.ietf-sidr-bgpsec-protocol SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sidr-bgpsec-protocol.xml">
<!ENTITY I-D.ietf-i2rs-pkt-eca-data-model SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-i2rs-pkt-eca-data-model.xml">
<!ENTITY I-D.ietf-i2rs-fb-rib-data-model SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-i2rs-fb-rib-data-model.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?>
<rfc category="std" docName="draft-liang-idr-flowspec-v1-time-00.txt" ipr="trust200902">
<front>
<title abbrev="BGP FlowSpec v1 Time Filter">BGP Flow Specification Filter Component for Time Constraints</title>
<author fullname="Susan Hares" initials="S" surname="Hares">
<organization>Huawei</organization>
<address>
<postal>
<street>7453 Hickory Hill</street>
<city>Saline</city>
<region>MI</region>
<code>48176</code>
<country>USA</country>
</postal>
<email>shares@ndzh.com</email>
</address>
</author>
<author fullname="Qiandeng Liang" initials="Q" surname="Liang">
<organization>Huawei</organization>
<address>
<postal>
<street>101 Software Avenue, Yuhuatai District</street>
<city>Nanjing</city>
<region></region>
<code>210012</code>
<country>China</country>
</postal>
<email>liangqiandeng@huawei.com </email>
</address>
</author>
<author fullname="Jianjie You" initials="J" surname="You">
<organization>Huawei</organization>
<address>
<postal>
<street>101 Software Avenue, Yuhuatai District</street>
<city>Nanjing</city>
<region></region>
<code>210012</code>
<country>China</country>
</postal>
<email>youjianjie@huawei.com </email>
</address>
</author>
<date year="2016" />
<area>Routing Area</area>
<workgroup>IDR Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>BGP Flow Specification</keyword>
<abstract>
<t>BGP flow specification version 1 (RFC5575) describes the distribution
of traffic filter policy (traffic filters and actions) which are distributed
via BGP to BGP peers to support the following 3 applications:
(1) mitigation of Denial of Service (DoS), (2) traffic
filtering in BGP/MPLS VPNs, and (3) centralized traffic control for networks with
SDN or NFV controllers. A BGP Flow Filter that combines packet filter with
time may provide an ability to for these three applications to have
a flow filter operate for only a specific time.
</t>
<t>This document proposes a new BGP Flow specification filter based on time.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>BGP flow specification <xref target="RFC5575"></xref>
describes the distribution of filters and actions that apply when
packets are received on a router with the flow specification function turned on.
If one considers the reception of the packet as an event,
then BGP <xref target="RFC4271"></xref> flow specification describes a set of minimalistic
Event-MatchCondition-Action (ECA) policies were the
match-condition is defined in the BGP NLRI, and the action is defined
either by the default condition (accept traffic) or actions
defined in Extended BGP Communiites values <xref target="RFC4360"></xref>.
</t>
<t>
The initial set of policy <xref target="RFC5575"></xref>
for this policy includes 12 types of match filters encoded in two application
specific AFI/SAFIs for the IPv4 AFI and the following SAFIs:
<list>
<t>IP traffic: AFI:1, SAFI, 133;
</t>
<t>BGP/MPLS VPN AFI:1 VPN SAFI, 134) for IPv4.
</t>
</list>
The 12 filters specified in <xref target="RFC5575"></xref> are "ANDED" and
measured in a specific order. The packet does not match unless all
filters match.
</t>
<t>The popularity of these flow specification filters in deployment for the following
applications has led to the requirement for more BGP flow specification match filters
in the NLRI and more BGP flow specification actions to support these applications
<list style="symbols">
<t>mitigation of Denail of Service (DoS),</t>
<t>support of traffic filtering in BGP/MPLS VPNs, </t>
<t>centralized traffic control for networks with SDN or NFV controllers.</t>
</list>
</t>
<t>See <xref target="I-D.hares-idr-rfc5575bis"></xref> for additional details on these
additional filters for BGP Flow Specification 1.
</t>
<t>
Since DDoS attacks are dynamic, redirection or filtering of a flow may be necessary only
for some specified, and may be undesirable at other times. Thus network administrators
may want to add a time filter to group of filters to be matched. For example,
a network administrator may need to insert DoS filters for only a specific period while
a DoS attack or a Distributed DoS (DDoS) attack is occuring. Another example, is the
filter of traffic in the BGP/MPLS VPN to support prioritization of high priority
services such as video traffic and limiting of bandwidth of low priority services
(such as web browsing).
</t>
</section>
<section title="RFC 2119 language">
<t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref target="RFC2119"></xref>.
</t>
</section>
<section title="Encoding of BGP-FS time ">
<t> The encoding for BGP Flow Specification time
<list style="hanging">
<t hangText="Type: ">Time Filter (TBD) Flow Specification Component type
</t>
<t hangText="Function: ">Match filter based on time. </t>
<t hangText="Encoding: "><type(1 octet), length(1 octet), <value>
</t>
<t hangText="value field: "> has the form shown in figure 3.
</t>
</list>
</t>
<t>
<figure>
<artwork>
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Starting Time (seconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Starting Time (microseconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Duration (seconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Duration (microseconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1:Time filersub-TLV Format
</artwork>
</figure>
</t>
<t>
<list style="hanging">
<t hangText="Starting Time:">Expressed in seconds and microseconds since
midnight (zero hour), January 1, 1970 (UTC). Precision of the
"Starting Time" is implementation-dependent. If the "Starting
Time Type" is set to 0, this field is invalid.
An Invalid FlowSpecification filter is logged, and the NLRI ignored.
</t>
<t hangText="Duration:"> Expressed in seconds and microseconds. If this field
is zero this filter is invalid. An Invalid FlowSpecification filter is logged,
and the NLRI ignored.
</t>
</list>
</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document requests IANA BGP allocations in line with
<xref target="RFC7153"></xref>.
</t>
<t> This document requests IANA allocates an entry in the
Flow Specification Component Types Registry with the following
values:
</t>
<t>
<figure>
<artwork>
Name Value Document
----------- ------- -------
Time Filter TBD This document.
</artwork>
</figure>
</t>
</section>
<section title="Security Considerations">
<t>The time filter augments the other BGP Flow Filters
with an indication of the time these filters are active.
It is anticipated that these filters are deployed within
secure BGP infrastructures and not in home environments.
In home environments, the time of filters may provide insight
to the activities of individuals. Anyone installing BGP Flow
Filters in home environments should secure any flow filters
by encrypting the data that flows over IP links.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&RFC2119;
&RFC4271;
&RFC4360;
&RFC4760;
&RFC5575;
&RFC7153;
&RFC7674;
</references>
<references title="Informative References">
&I-D.hares-idr-rfc5575bis;
</references>
</back>
</rfc>| PAFTECH AB 2003-2026 | 2026-04-24 10:07:31 |