Dissemination of Flow Specification Rules
RFC 5575
Document | Type |
RFC - Proposed Standard
(August 2009; Errata)
Obsoleted by RFC 8955
Updated by RFC 7674
|
|
---|---|---|---|
Authors | Pedro Marques , Jared Mauch , Nischal Sheth , Barry Greene , Robert Raszuk , Danny McPherson | ||
Last updated | 2020-01-21 | ||
Replaces | draft-marques-idr-flow-spec | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5575 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Adrian Farrel | ||
Send notices to | (None) |
Network Working Group P. Marques Request for Comments: 5575 Cisco Systems Category: Standards Track N. Sheth Juniper Networks R. Raszuk Cisco Systems B. Greene Juniper Networks J. Mauch NTT America D. McPherson Arbor Networks August 2009 Dissemination of Flow Specification Rules Abstract This document defines a new Border Gateway Protocol Network Layer Reachability Information (BGP NLRI) encoding format that can be used to distribute traffic flow specifications. This allows the routing system to propagate information regarding more specific components of the traffic aggregate defined by an IP destination prefix. Additionally, it defines two applications of that encoding format: one that can be used to automate inter-domain coordination of traffic filtering, such as what is required in order to mitigate (distributed) denial-of-service attacks, and a second application to provide traffic filtering in the context of a BGP/MPLS VPN service. The information is carried via the BGP, thereby reusing protocol algorithms, operational experience, and administrative processes such as inter-provider peering agreements. Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Marques, et al. Standards Track [Page 1] RFC 5575 Flow Specification August 2009 Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction ....................................................3 2. Definitions of Terms Used in This Memo ..........................5 3. Flow Specifications .............................................5 4. Dissemination of Information ....................................6 5. Traffic Filtering ..............................................12 5.1. Order of Traffic Filtering Rules ..........................13 6. Validation Procedure ...........................................14 7. Traffic Filtering Actions ......................................15 8. Traffic Filtering in BGP/MPLS VPN Networks .....................17 9. Monitoring .....................................................18 10. Security Considerations .......................................18 11. IANA Considerations ...........................................19 12. Acknowledgments ...............................................20 13. Normative References ..........................................21 Marques, et al. Standards Track [Page 2] RFC 5575 Flow Specification August 2009 1. Introduction Modern IP routers contain both the capability to forward traffic according to IP prefixes as well as to classify, shape, rate limit, filter, or redirect packets based on administratively defined policies. These traffic policy mechanisms allow the router to define match rules that operate on multiple fields of the packet header. Actions such as the ones described above can be associated with each rule. The n-tuple consisting of the matching criteria defines an aggregate traffic flow specification. The matching criteria can include elements such as source and destination address prefixes, IP protocol, and transport protocol port numbers. This document defines a general procedure to encode flow specification rules for aggregated traffic flows so that they can be distributed as a BGP [RFC4271] NLRI. Additionally, we define theShow full document text