Skip to main content

Simplifying Firewall Rules with Network Programming and SRH Metadata
draft-guichard-spring-srv6-simplified-firewall-02

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Jim Guichard , Clarence Filsfils , Daniel Bernier , Zhenbin Li , Francois Clad , Pablo Camarillo , Ahmed Abdelsalam
Last updated 2020-10-10 (Latest revision 2020-04-08)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

A clear application of the SRv6 Network Programming model consists in steering, in a stateless manner, packets through a Service Function Chain (SFC). Each Service Function (SF) is identified by a segment. Each SF can enrich its operation thanks to metadata present in the SRH. This document describes a practical use-case where the SF is a firewall and the metadata helps to drastically decrease the number of rules that need to be maintained by the operation team.

Authors

Jim Guichard
Clarence Filsfils
Daniel Bernier
Zhenbin Li
Francois Clad
Pablo Camarillo
Ahmed Abdelsalam

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)