draft-ietf-idr-flow-spec-v6-03.txt   draft-ietf-idr-flow-spec-v6-04.txt 
IDR Working Group R. Raszuk, Ed. IDR Working Group R. Raszuk, Ed.
Internet-Draft NTT MCL Inc. Internet-Draft NTT MCL Inc.
Updates: RFC5575 (if approved) B. Pithawala Updates: RFC5575 (if approved) B. Pithawala
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: October 31, 2012 D. McPherson Expires: August 1, 2014 D. McPherson
Verisign, Inc. Verisign, Inc.
April 29, 2012 A. Karch
Cisco Systems
January 28, 2014
Dissemination of Flow Specification Rules for IPv6 Dissemination of Flow Specification Rules for IPv6
draft-ietf-idr-flow-spec-v6-03 draft-ietf-idr-flow-spec-v6-04
Abstract Abstract
Dissemination of Flow Specification Rules [RFC5575] provides a Dissemination of Flow Specification Rules [RFC5575] provides a
protocol extension for propagation of traffic flow information for protocol extension for propagation of traffic flow information for
the purpose of rate limiting or filtering. The [RFC5575] specifies the purpose of rate limiting or filtering. The [RFC5575] specifies
those extensions for IPv4 protocol data packets. those extensions for IPv4 protocol data packets.
This specification extends the current [RFC5575] and defines changes This specification extends the current [RFC5575] and defines changes
to the original document in order to make it also usable and to the original document in order to make it also usable and
applicable to IPv6 data packets. applicable to IPv6 data packets.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 31, 2012. This Internet-Draft will expire on August 1, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. IPv6 Flow Specification encoding in BGP . . . . . . . . . . . . 3 2. IPv6 Flow Specification encoding in BGP . . . . . . . . . . . 2
3. IPv6 Flow Specification types changes . . . . . . . . . . . . . 4 3. IPv6 Flow Specification types changes . . . . . . . . . . . . 3
4. IPv6 Flow Specification Traffic Filtering Action changes . . . 5 3.1. Order of Traffic Filtering Rules . . . . . . . . . . . . 5
5. Security considerations . . . . . . . . . . . . . . . . . . . . 6 4. IPv6 Flow Specification Traffic Filtering Action changes . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 5. Security considerations . . . . . . . . . . . . . . . . . . . 7
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.2. Informative References . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
The growing amount of IPv6 traffic in private and public networks The growing amount of IPv6 traffic in private and public networks
requires the extension of tools used in the IPv4 only networks to be requires the extension of tools used in the IPv4 only networks to be
also capable of supporting IPv6 data packets. also capable of supporting IPv6 data packets.
In this document authors analyze the differences of IPv6 [RFC2460] In this document authors analyze the differences of IPv6 [RFC2460]
flows description from those of traditional IPv4 packets and propose flows description from those of traditional IPv4 packets and propose
subset of new encoding formats to enable Dissemination of Flow subset of new encoding formats to enable Dissemination of Flow
skipping to change at page 4, line 25 skipping to change at page 3, line 49
against routing reachability received over AFI/SAFI=2/128 against routing reachability received over AFI/SAFI=2/128
3. IPv6 Flow Specification types changes 3. IPv6 Flow Specification types changes
The following component types are redefined or added for the purpose The following component types are redefined or added for the purpose
of accommodating new IPv6 header encoding. Unless otherwise stated of accommodating new IPv6 header encoding. Unless otherwise stated
all other types as defined in RFC5575 apply to IPv6 packets as is. all other types as defined in RFC5575 apply to IPv6 packets as is.
Type 1 - Destination IPv6 Prefix Type 1 - Destination IPv6 Prefix
Encoding: <type (1 octet), prefix length (1 octet), prefix offset Encoding: <type (1 octet), prefix offset (1 octet), prefix length
(1 octet), prefix> (1 octet), prefix>
Defines the destination prefix to match. Prefix offset has been Defines the destination prefix to match. Prefix offset has been
defined to allow for flexible match on the part of the IPv6 defined to allow for flexible matching on part of the IPv6 address
address where we want to skip (don't care) of N first bits of the where we want to skip (don't care) of N first bits of the address.
address. This can be especially useful where part of the IPv6 This can be especially useful where part of the IPv6 address
address consists of embedded IPv4 address and match needs to consists of an embedded IPv4 address and matching needs to happen
happen only on the part of embedded IPv4 address. The default only on the embedded IPv4 address. The encoded prefix contains
value for prefix offset is 0x00 (match on all bits as indicated by enough octets for the bits used in matching (length minus offset
prefix length). Otherwise prefixes are encoded as in BGP UPDATE bits).
messages, a length in bits is followed by enough octets to contain
the prefix information.
Type 2 - Source IPv6 Prefix Type 2 - Source IPv6 Prefix
Encoding: <type (1 octet), prefix length (1 octet), prefix offset Encoding: <type (1 octet), prefix offset (1 octet), prefix length
(1 octet), prefix> (1 octet), prefix>
Defines the source prefix to match. Prefix offset has been Defines the source prefix to match. Prefix offset has been
defined to allow for flexible match on the part of the IPv6 defined to allow for flexible matching on part of the IPv6 address
address where we want to skip (don't care) of N first bits of the where we want to skip (don't care) of N first bits of the address.
address. This can be especially useful where part of the IPv6 This can be especially useful where part of the IPv6 address
address consists of embedded IPv4 address and match needs to consists of an embedded IPv4 address and matching needs to happen
happen only on the part of embedded IPv4 address. The default only on the embedded IPv4 address. The encoded prefix contains
value for prefix offset is 0x00 (match on all bits as indicated by enough octets for the bits used in matching (length minus offset
prefix length). Otherwise prefixes are encoded as in BGP UPDATE bits).
messages, a length in bits is followed by enough octets to contain
the prefix information.
Type 3 - Next Header Type 3 - Next Header
Encoding: <type (1 octet), [op, value]+> Encoding: <type (1 octet), [op, value]+>
Contains a set of {operator, value} pairs that are used to match Contains a set of {operator, value} pairs that are used to match
the last Next Header value octet in IPv6 packets. The operator the last Next Header value octet in IPv6 packets. The operator
byte is encoded as specified in component type 3 of [RFC5575]. byte is encoded as specified in component type 3 of [RFC5575].
While IPv6 allows for more then one Next Header field in the While IPv6 allows for more then one Next Header field in the
packet the main goal of Type 3 flow specification component is to packet the main goal of Type 3 flow specification component is to
match on the subsequent IP protocol value. Therefor the match on the subsequent IP protocol value. Therefor the
definition is limited to match only on last Next Header field in definition is limited to match only on last Next Header field in
the packet. the packet.
Type 11 - Traffic Class Type 12 - Fragment
Encoding: <type (1 octet), [op, value]+> Encoding: <type (1 octet), [op, bitmask]+>
Contains a set of {operator, value} pairs that are used to match Uses bitmask operand format defined above. Bit-7 is not used and
the Traffic Class 8-bit field [RFC2460] encoded in a single MUST be 0 to provide backwards-compatibility with the definition
octet.The operator byte is encoded as specified in component type in RFC5575.
3 of [RFC5575].
Type 12 - Fragment - Not supported for AFI=2 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| Reserved |LF |FF |IsF| 0 |
+---+---+---+---+---+---+---+---+
This type is not supported for AFI=2 as in IPv6 fragmentation does Bitmask values:
not happen in the network.
+ Bit 6 - Is a fragment (IsF)
+ Bit 5 - First fragment (FF)
+ Bit 4 - Last fragment (LF)
Type 13 - Flow Label - New type Type 13 - Flow Label - New type
Encoding: <type (1 octet), [op, value]+> Encoding: <type (1 octet), [op, value]+>
Contains a set of {operator, value} pairs that are used to match Contains a set of {operator, value} pairs that are used to match
the 20-bit Flow Label field [RFC2460].The operator byte is encoded the 20-bit Flow Label field [RFC2460]. The operator byte is
as specified in the component type 3 of [RFC5575]. encoded as specified in the component type 3 of [RFC5575].
Type 14 - Traffic Class - New type
Encoding: <type (1 octet), [op, value]+>
Contains a set of {operator, value} pairs that are used to match
the full Traffic Class 8-bit field [RFC2460] encoded in a single
octet. The operator byte is encoded as specified in component
type 3 of [RFC5575].
The following example demonstrates the new prefix encoding for: "all
packets to ::1234:5678:9A00:0/80-104 from 192::/8 and port {range
[137, 139] or 8080}".
+---------------------------+-------------+-------------------------+
| destination | source | port |
+---------------------------+-------------+-------------------------+
| 0x01 40 68 12 34 56 78 9A | 02 00 08 c0 | 04 03 89 45 8b 91 1f 90 |
+---------------------------+-------------+-------------------------+
3.1. Order of Traffic Filtering Rules
The orignal definition for the order of traffic filtering rules can
be reused with new consideration for the IPv6 prefix offset. As long
as the offsets are equal, the comparison is the same, retaining
longest-prefix-match semantics. If the offsets are not equal, the
lowest offset has precedence, as this flow matches the most
significant bit.
Pseudocode:
flow_rule_v6_cmp (a, b)
{
comp1 = next_component(a);
comp2 = next_component(b);
while (comp1 || comp2) {
// component_type returns infinity on end-of-list
if (component_type(comp1) < component_type(comp2)) {
return A_HAS_PRECEDENCE;
}
if (component_type(comp1) > component_type(comp2)) {
return B_HAS_PRECEDENCE;
}
if (component_type(comp1) == IPV6_DESTINATION || IPV6_SOURCE) {
// offset not equal, lowest offset has precedence
// offset equal ...
common_len = MIN(prefix_length(comp1), prefix_length(comp2));
cmp = prefix_compare(comp1, comp2, offset, common_len);
// not equal, lowest value has precedence
// equal, longest match has precedence
} else {
common =
MIN(component_length(comp1), component_length(comp2));
cmp = memcmp(data(comp1), data(comp2), common);
// not equal, lowest value has precedence
// equal, longest string has precedence
}
}
return EQUAL;
}
4. IPv6 Flow Specification Traffic Filtering Action changes 4. IPv6 Flow Specification Traffic Filtering Action changes
One of the traffic filtering actions which can be expressed by BGP One of the traffic filtering actions which can be expressed by BGP
extended community is defined in [RFC5575] as traffic-marking. This extended community is defined in [RFC5575] as traffic-marking. This
extended community type is of value: 0x8009. extended community type is of value: 0x8009.
For the purpose of making it compatible with IPv6 header action For the purpose of making it compatible with IPv6 header action
expressed by presence of this extended community has been modified to expressed by presence of this extended community has been modified to
read: read:
Traffic Marking: The traffic marking extended community instructs a Traffic Marking: The traffic marking extended community instructs a
system to modify first 6 bits of Traffic Class field as (recommended system to modify first 6 bits of Traffic Class field as (recommended
by [RFC2474]) of a transiting IPv6 packet to the corresponding value. by [RFC2474]) of a transiting IPv6 packet to the corresponding value.
This extended community is encoded as a sequence of 42 zero bits This extended community is encoded as a sequence of 42 zero bits
followed by the 6 bits overwriting DSCP portion of Traffic Class followed by the 6 bits overwriting DSCP portion of Traffic Class
value. value.
Another traffic filtering action defined in [RFC5575] as a BGP
extended community is redirect. To allow an IPv6 address specific
route-target, a new traffic action IPv6 address specific extended
community is provided. The extended community type has the value
0x800b.
Redirect-IPv6: The redirect IPv6 address specific extended community
allows the traffic to be redirected to a VRF routing instance that
lists the specified IPv6 address specific route-target in its import
policy. If several local instances match this criteria, the choice
between them is a local matter (for example, the instance with the
lowest Route Distinguisher value can be elected). This extended
community uses the same encoding as the IPv6 address specific Route
Target extended community [RFC5701].
5. Security considerations 5. Security considerations
No new security issues are introduced to the BGP protocol by this No new security issues are introduced to the BGP protocol by this
specification. specification.
6. IANA Considerations 6. IANA Considerations
IANA is requested to rename currently defined SAFI 133 and SAFI 134 IANA is requested to rename currently defined SAFI 133 and SAFI 134
per [RFC5575] to read: per [RFC5575] to read:
skipping to change at page 6, line 40 skipping to change at page 8, line 5
Type 1 - Destination IPv6 Prefix Type 1 - Destination IPv6 Prefix
Type 2 - Source IPv6 Prefix Type 2 - Source IPv6 Prefix
Type 3 - Next Header Type 3 - Next Header
Type 4 - Port Type 4 - Port
Type 5 - Destination port Type 5 - Destination port
Type 6 - Source port Type 6 - Source port
Type 7 - ICMP type Type 7 - ICMP type
Type 8 - ICMP code Type 8 - ICMP code
Type 9 - TCP flags Type 9 - TCP flags
Type 10 - Packet length Type 10 - Packet length
Type 11 - Traffic Class Type 11 - DSCP
Type 12 - Reserved Type 12 - Fragment
Type 13 - Flow Label Type 13 - Flow Label
Type 14 - Traffic Class
7. Acknowledgments 7. Acknowledgments
Authors would like to thank Pedro Marques, Hannes Gredler and Bruno Authors would like to thank Pedro Marques, Hannes Gredler and Bruno
Rijsman and Brian Carpenter for their valuable input. Rijsman, Brian Carpenter, and Thomas Mangin for their valuable input.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-6man-flow-3697bis] [I-D.ietf-6man-flow-3697bis]
Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", "IPv6 Flow Label Specification", draft-ietf-6man-flow-
draft-ietf-6man-flow-3697bis-07 (work in progress), 3697bis-07 (work in progress), July 2011.
July 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS "Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474, Field) in the IPv4 and IPv6 Headers", RFC 2474, December
December 1998. 1998.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006. Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement
with BGP-4", RFC 5492, February 2009. with BGP-4", RFC 5492, February 2009.
[RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J.,
and D. McPherson, "Dissemination of Flow Specification and D. McPherson, "Dissemination of Flow Specification
Rules", RFC 5575, August 2009. Rules", RFC 5575, August 2009.
[RFC5701] Rekhter, Y., "IPv6 Address Specific BGP Extended Community
Attribute", RFC 5701, November 2009.
8.2. Informative References 8.2. Informative References
[RFC5095] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation [RFC5095] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation
of Type 0 Routing Headers in IPv6", RFC 5095, of Type 0 Routing Headers in IPv6", RFC 5095, December
December 2007. 2007.
Authors' Addresses Authors' Addresses
Robert Raszuk (editor) Robert Raszuk (editor)
NTT MCL Inc. NTT MCL Inc.
101 S Ellsworth Avenue Suite 350 101 S Ellsworth Avenue Suite 350
San Mateo, CA 94401 San Mateo, CA 94401
US US
Email: robert@raszuk.net Email: robert@raszuk.net
skipping to change at line 315 skipping to change at page 9, line 31
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
US US
Email: bpithaw@cisco.com Email: bpithaw@cisco.com
Danny McPherson Danny McPherson
Verisign, Inc. Verisign, Inc.
Email: dmcpherson@verisign.com Email: dmcpherson@verisign.com
Andy Karch
Cisco Systems
170 West Tasman Drive
San Jose, CA 95134
US
Email: akarch@cisco.com
 End of changes. 27 change blocks. 
59 lines changed or deleted 144 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/