IDR R. Chen Internet-Draft H. Wu Intended status: Standards Track ZTE Corporation Expires: 16 October 2022 14 April 2022 BGP Flow Specification for Network Resource Partition draft-chen-idr-flowspec-nrp-00 Abstract [RFC8955] defines BGP flow specification version 1 (FSv1) and [I-D.hares-idr-flowspec-v2] defines BGP flow specification (FSv2) protocol. This document proposes extensions to BGP Flow Specification Version 2 to support IETF network slice filtering. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 16 October 2022. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Chen & Wu Expires 16 October 2022 [Page 1] Internet-Draft BGP-FS for NRP April 2022 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. BGP Flow Specification Encoding for NRP . . . . . . . . . . . 3 3.1. Filtering Rules for NRP . . . . . . . . . . . . . . . . . 3 3.2. Traffic Action for NRP . . . . . . . . . . . . . . . . . 4 4. Application Example . . . . . . . . . . . . . . . . . . . . . 4 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction [I-D.ietf-teas-ietf-network-slices] provides the definition of a network slice for use within the IETF and discusses the general framework for requesting and operating IETF Network Slices, their characteristics, and the necessary system components and interfaces.It also discusses the function of an IETF Network Slice Controller and the requirements on its northbound and southbound interfaces. [I-D.bestbar-teas-ns-packet] introduces a Slice-Flow Aggregate as the collection of packets (from one or more IETF network slice traffic streams) that match an NRP Policy selection criteria and are offered the same forwarding treatment. The NRP Policy is used to realize an NRP by instantiating specific control and data plane resources on select topological elements in an IP/MPLS network. The NRP Identifier (NRP-ID) is globally unique within an NRP domain and that can be used in the control or management plane to identify the resources associated with the NRP. The NRP-ID can be encapsulated in various data plane in order to provide QoS on a per slice basis. In an IPv6 scenario, the NRP-ID could be carried in either the IPv6 fixed header or the extension headers. In an MPLS scenario, the NRP-ID could be carried in either the MPLS label stack or following the MPLS label stack. [RFC8955] defines BGP flow specification version 1 (FSv1) and [I-D.hares-idr-flowspec-v2] defines BGP flow specification (FSv2) protocol. This document proposes extensions to BGP Flow Specification Version 2 to support IETF network slice filtering.It specifies new FSv2 traffic Filters and Actions. Chen & Wu Expires 16 October 2022 [Page 2] Internet-Draft BGP-FS for NRP April 2022 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. cloud transport network: It is usually a national or province backbone network to achieve interconnection between multiple regional clouds/core clouds deployed in the country/province. 3. BGP Flow Specification Encoding for NRP [I-D.hares-idr-flowspec-v2] uses an NRLI with the format for AFIs for IPv4 (AFI =1), IPv6 (AFI = 2), L2 (AFI = 6), L2VPN (AFI=25), and SFC (AFI=31) with two following SAFIs to support transmission of the flow specification which supports user ordering of traffic filters and actions for IP traffic and IP VPN traffic. It defines FSv2 traffic Filters and Actions. This document specifies new FSv2 traffic Filters and Actions.This document specifies new FSv2 traffic Filters and Actions. 3.1. Filtering Rules for NRP [I-D.hares-idr-flowspec-v2] defines several types for FSv2 TLV format of the NRLI, such as IP header rules, L2 traffic rules, SFC Traffic rules, and others. This document defines a new IP sub-TLV type for IETF slice network. Function: This match applies to NRP-ID carried in the packet. Encoding:< type (1 octet), length (1 octet), [operator, value] +>. It contains a set of {operator, value} pairs that are used to match NRP-ID. The operator field is encoded as specified in Section 4.2.1.1 of [RFC8955]. The value field is encoded as: 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | NRP-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chen & Wu Expires 16 October 2022 [Page 3] Internet-Draft BGP-FS for NRP April 2022 3.2. Traffic Action for NRP [I-D.hares-idr-flowspec-v2] defines the FSv2 actions may be sent in an Extended Community or a Wide Community, and it defines the several FSv2-Action in the Wide Community, such as, ACO (action chain operation), TAIS (traffic actions per interface group) ,and others. This document defines two new action in the Wide Community for IETF slice network. Function: NRP-ID Action. Sub-TLV: TBD2 Length: 8 octets Value: [Action (1 octet)] [NRP-ID (4 octets)] Where Action: +----------+------------------------------------------------------------+ |Action | Function | +----------+------------------------------------------------------------+ | 0 | Encapsulate the NRP-ID | +----------+------------------------------------------------------------+ | 1 | Rewrite the NRP-ID | +----------+------------------------------------------------------------+ | 2 ~255 | Reserved | +----------+------------------------------------------------------------+ The location of the NRP-ID is determined according to local policy. The location of the NRP-ID can also be carried in the NRP-ID action, which can be discussed in subsequent versions. 4. Application Example BGP FlowSpec Controller signals the filter Rules and action to ingress node of a domain. [RFC8955], [RFC8956] and [I-D.hares-idr-flowspec-v2] define several rule condition to match a particular traffic flow, for example, the 5-tuple components (e.g. destination IP address and source IP address ). Chen & Wu Expires 16 October 2022 [Page 4] Internet-Draft BGP-FS for NRP April 2022 |<-------AS1------>| |<--------AS2----->| +-----+ +------+ +------+ +-----+ VPN 1,IP1..| PE1 |-----| ASBR1|------| ASBR2|------| PE2 |..VPN1,IP2 +-----+ +------+ +------+ +-----+ | NRP-ID1 | | NRP-ID2 | | --------->| |------------>| Figure 1: Usage of FlowSpec with NRP-ID An example of BGP-FS rule1 (locally conf igured) for PE1: Filters: destination ip prefix:IP2/32 source ip prefix:IP1/32 Actions: Wide Communities-- NRP-ID Action Encapsulate the NRP-ID Notice: In this example, it use the global NRP-ID. In some scenario, each AS may have different NRP-ID, so the "Rewrite the NRP-ID" action may be used for ASBR2. Another example of BGP-FS rule2 (locally configured) for ASBR2: Filters: NRP-ID Actions: Wide Communities-- NRP-ID Action Rewrite the NRP-ID 5. Acknowledgements TBD. 6. IANA Considerations TBD. 7. Security Considerations TBD. 8. Normative References Chen & Wu Expires 16 October 2022 [Page 5] Internet-Draft BGP-FS for NRP April 2022 [I-D.bestbar-teas-ns-packet] Saad, T., Beeram, V. P., Dong, J., Wen, B., Ceccarelli, D., Halpern, J., Peng, S., Chen, R., Liu, X., Contreras, L. M., Rokui, R., and L. Jalil, "Realizing Network Slices in IP/MPLS Networks", Work in Progress, Internet-Draft, draft-bestbar-teas-ns-packet-08, 2 February 2022, . [I-D.hares-idr-flowspec-v2] Hares, S., Eastlake, D., Yadlapalli, C., and S. Maduschke, "BGP Flow Specification Version 2", Work in Progress, Internet-Draft, draft-hares-idr-flowspec-v2-05, 4 February 2022, . [I-D.ietf-teas-ietf-network-slices] Farrel, A., Drake, J., Rokui, R., Homma, S., Makhijani, K., Contreras, L. M., and J. Tantsura, "Framework for IETF Network Slices", Work in Progress, Internet-Draft, draft- ietf-teas-ietf-network-slices-10, 27 March 2022, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. Bacher, "Dissemination of Flow Specification Rules", RFC 8955, DOI 10.17487/RFC8955, December 2020, . [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., "Dissemination of Flow Specification Rules for IPv6", RFC 8956, DOI 10.17487/RFC8956, December 2020, . Authors' Addresses Ran Chen ZTE Corporation Nanjing China Email: chen.ran@zte.com.cn Chen & Wu Expires 16 October 2022 [Page 6] Internet-Draft BGP-FS for NRP April 2022 HaiSheng Wu ZTE Corporation Nanjing China Email: wu.haisheng@zte.com.cn Chen & Wu Expires 16 October 2022 [Page 7]