Simplifying Firewall Rules with Network Programming and SRH Metadata
draft-guichard-spring-srv6-simplified-firewall-02
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Jim Guichard , Clarence Filsfils , Daniel Bernier , Zhenbin Li , Francois Clad , Pablo Camarillo , Ahmed Abdelsalam | ||
Last updated | 2020-10-10 (Latest revision 2020-04-08) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A clear application of the SRv6 Network Programming model consists in steering, in a stateless manner, packets through a Service Function Chain (SFC). Each Service Function (SF) is identified by a segment. Each SF can enrich its operation thanks to metadata present in the SRH. This document describes a practical use-case where the SF is a firewall and the metadata helps to drastically decrease the number of rules that need to be maintained by the operation team.
Authors
Jim Guichard
Clarence Filsfils
Daniel Bernier
Zhenbin Li
Francois Clad
Pablo Camarillo
Ahmed Abdelsalam
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)