BGP Dissemination of L2VPN Flow Specification Rules
draft-ietf-idr-flowspec-l2vpn-11

Document Type Active Internet-Draft (idr WG)
Last updated 2019-07-08
Replaces draft-hao-idr-flowspec-evpn
Stream IETF
Intended RFC status (None)
Formats plain text pdf htmlized bibtex
Stream WG state WG Document
Doc Shepherd Follow-up Underway, Other - see Comment Log
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
INTERNET-DRAFT                                                    W. Hao
Intended Status: Proposed Standard                   Huawei Technologies
                                                             D. Eastlake
                                                  Futurewei Technologies
                                                               J. Uttaro
                                                                    AT&T
                                                            S. Litkowski
                                                 Orange Business Service
                                                               S. Zhuang
                                                    Huawei Technologies"
Expires: January 7, 2020                                    July 8, 2019

          BGP Dissemination of L2VPN Flow Specification Rules
                    draft-ietf-idr-flowspec-l2vpn-11

Abstract
   This document defines a BGP flow-spec extension to disseminate L2 VPN
   Ethernet traffic filtering rules.  SAFI=134 in draft-ietf-idr-
   rfc5575bis is redefined for this purpose.  A new subset of component
   types and extended community also are defined.  A new subset of
   component types and new extended community also are defined.

Status of This Document

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Distribution of this document is unlimited. Comments should be sent
   to the authors or the TRILL Working Group mailing list
   <dnsext@ietf.org>.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
   Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

W. Hao, et al                                                   [Page 1]
INTERNET-DRAFT                                           L2VPN Flow Spec

Table of Contents

      1. Introduction............................................3
      1.1 Terminology............................................4

      2. Layer 2 Flow Specification encoding in BGP..............5

      3. Ethernet Flow Specification encoding in BGP.............6
      3.1 Order of Traffic Filtering Rules.......................8

      4. Ethernet Flow Specification Traffic Actions.............9
      4.1 VLAN-action............................................9
      4.2 TPID-action...........................................11

      5. IANA Considerations....................................12
      6. Security Considerations................................13

      7. Acknowledgements.......................................13
      8. Contributors...........................................13

      Normative References......................................14
      Informative References....................................14

      Authors' Addresses........................................15

W. Hao, et al                                                   [Page 2]
INTERNET-DRAFT                                           L2VPN Flow Spec

1. Introduction

   BGP Flow-spec is an extension to BGP that supports the dissemination
   of traffic flow specification rules.  It leverages the BGP Control
   Plane to simplify the distribution of ACLs.  Using this extension new
   filter rules can be injected to all BGP peers simultaneously without
   changing router configuration.  The typical application of BGP Flow-
   spec is to automate the distribution of traffic filter lists to
   routers for DDOS mitigation, access control, etc.

   [RFC5575bis] defines a new BGP Network Layer Reachability Information
   (NLRI) format used to distribute traffic flow specification rules.
   NLRI (AFI=1, SAFI=133) is for IPv4 unicast filtering.  NLRI (AFI=1,
   SAFI=134) is for BGP/MPLS VPN filtering.  The Flow specification
   match part only includes L3/L4 information like source/destination
   prefix, protocol, ports, and etc., so traffic flows can only be
   selectively filtered based on L3/L4 information.

   Layer 2 Virtual Private Networks (L2VPNs) have already been deployed
   in an increasing number of networks today.  In an L2VPN network, we
   also have requirements to deploy BGP Flow-spec to mitigate DDoS
   attack traffic.  Within an L2VPN network, both IP and non-IP Ethernet
   traffic maybe exist.  For IP traffic filtering, the Flow
   specification rules defined in [RFC5575bis] which include match
   criteria and actions can still be used, flow specification rules
Show full document text