draft-ietf-opsawg-ipfix-bgp-community-11.txt   draft-ietf-opsawg-ipfix-bgp-community-12.txt 
opsawg Z. Li opsawg Z. Li
Internet-Draft R. Gu Internet-Draft R. Gu
Intended status: Standards Track China Mobile Intended status: Standards Track China Mobile
Expires: May 29, 2019 J. Dong Expires: June 19, 2019 J. Dong
Huawei Technologies Huawei Technologies
November 25, 2018 December 16, 2018
Export BGP community information in IP Flow Information Export (IPFIX) Export BGP community information in IP Flow Information Export (IPFIX)
draft-ietf-opsawg-ipfix-bgp-community-11 draft-ietf-opsawg-ipfix-bgp-community-12
Abstract Abstract
By introducing new Information Elements (IEs), this draft extends the By introducing new Information Elements (IEs), this draft extends the
existing BGP-related IEs to enable IPFIX [RFC7011] to export BGP existing BGP-related IEs to enable IP Flow Information Export (IPFIX)
community information, including BGP standard communities [RFC1997], to export BGP community information, including BGP standard
BGP extended communities [RFC4360], and BGP large communities communities defined in RFC1997, BGP extended communities defined in
[RFC8092]. Network traffic information can then be accumulated and RFC4360, and BGP large communities defined in RFC8092. Network
analyzed at the BGP community granularity, which represents the traffic information can then be accumulated and analyzed at the BGP
traffic of different kinds of customers, services, or geographical community granularity, which represents the traffic of different
regions according to the network operator's BGP community planning. kinds of customers, services, or geographical regions according to
Network traffic information at the BGP community granularity is the network operator's BGP community planning. Network traffic
useful for network traffic analysis and engineering. information at the BGP community granularity is useful for network
traffic analysis and engineering.
To clarify, no new BGP community attribute is defined in this
document and this document does not replace BGP Monitoring Protocol
(BMP) defined in RFC7854. The IEs introduced in this document are
used by IPFIX, together with other IEs, to facilitate the IPFIX
Collector analyzing network traffic at the BGP community granularity
without needing to run the heavy BGP itself. When needed, the IPFIX
Mediator or Collector can use the IEs introduced in this document to
report the BGP community-related traffic flow information it gets
either from Exporters or through local correlation to other IPFIX
devices.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 29, 2019. This Internet-Draft will expire on June 19, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 20
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. BGP Community-based Traffic Collection . . . . . . . . . . . 5 3. BGP Community-based Traffic Collection . . . . . . . . . . . 5
4. IEs for BGP Standard Community . . . . . . . . . . . . . . . 7 4. IEs for BGP Standard Community . . . . . . . . . . . . . . . 6
5. IEs for BGP Extended Community . . . . . . . . . . . . . . . 7 5. IEs for BGP Extended Community . . . . . . . . . . . . . . . 7
6. IEs for BGP Large Community . . . . . . . . . . . . . . . . . 7 6. IEs for BGP Large Community . . . . . . . . . . . . . . . . . 7
7. Operational Considerations . . . . . . . . . . . . . . . . . 8 7. Operational Considerations . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
11.1. Normative References . . . . . . . . . . . . . . . . . . 11 11.1. Normative References . . . . . . . . . . . . . . . . . . 12
11.2. Informative References . . . . . . . . . . . . . . . . . 12 11.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. Encoding Example . . . . . . . . . . . . . . . . . . 13 Appendix A. Encoding Example . . . . . . . . . . . . . . . . . . 14
A.1. Template Record . . . . . . . . . . . . . . . . . . . . . 14 A.1. Template Record . . . . . . . . . . . . . . . . . . . . . 14
A.2. Data Set . . . . . . . . . . . . . . . . . . . . . . . . 14 A.2. Data Set . . . . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
IP Flow Information Export (IPFIX) [RFC7011] provides network IP Flow Information Export (IPFIX) [RFC7011] provides network
administrators with traffic flow information using the Information administrators with traffic flow information using the Information
Elements (IEs) defined in [IANA-IPFIX] registries. Based on the Elements (IEs) defined in [IANA-IPFIX] registries. Based on the
traffic flow information, network administrators know the amount and traffic flow information, network administrators know the amount and
direction of the traffic in their network, and can then optimize direction of the traffic in their network, and can then optimize
their network when needed. For example, they can shift some flows their network when needed. For example, the collected information
from congested links to low utilized links through an SDN controller could be used for traffic monitoring, and could optionally be used
or PCE [RFC4655]. for traffic optimization according to operator's policy.
[IANA-IPFIX] has already defined the following IEs for traffic flow [IANA-IPFIX] has already defined the following IEs for traffic flow
information exporting in different granularities: sourceIPv4Address, information exporting in different granularities: sourceIPv4Address,
sourceIPv4Prefix, destinationIPv4Address, destinationIPv4Prefix, sourceIPv4Prefix, destinationIPv4Address, destinationIPv4Prefix,
bgpSourceAsNumber, bgpDestinationAsNumber, bgpNextHopIPv4Address, bgpSourceAsNumber, bgpDestinationAsNumber, bgpNextHopIPv4Address,
etc. In some circumstances, however, especially when traffic etc. In some circumstances, however, especially when traffic
engineering and optimization are executed in Tier 1 or Tier 2 engineering and optimization are executed in Tier 1 or Tier 2
operators' backbone networks, traffic flow information based on these operators' backbone networks, traffic flow information based on these
IEs may not be completely suitable or sufficient. For example, flow IEs may not be completely suitable or sufficient. For example, flow
information based on IP address or IP prefix may provide much too information based on IP address or IP prefix may provide much too
skipping to change at page 5, line 28 skipping to change at page 5, line 19
Please refer to [IANA-IPFIX] for the complete list of BGP-related Please refer to [IANA-IPFIX] for the complete list of BGP-related
IEs. IEs.
Please refer to Appendix A of this document for the encoding example Please refer to Appendix A of this document for the encoding example
and Section 3 for a detailed use case. and Section 3 for a detailed use case.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
IPFIX-specific terminology used in this document is defined in IPFIX-specific terminology used in this document is defined in
Section 2 of [RFC7011] and Section 2 of [RFC6183]. Section 2 of [RFC7011] and Section 2 of [RFC6183].
BGP standard community: The BGP Communities attribute defined in BGP standard community: The BGP Communities attribute defined in
[RFC1997]. In order to distinguish it from BGP extended communities [RFC1997]. In order to distinguish it from BGP extended communities
[RFC4360], and large communities [RFC8092], BGP Communities attribute [RFC4360], and large communities [RFC8092], BGP Communities attribute
is called BGP standard community in this document. is called BGP standard community in this document.
3. BGP Community-based Traffic Collection 3. BGP Community-based Traffic Collection
skipping to change at page 8, line 24 skipping to change at page 8, line 15
specific flow's source and destination IP address respectively. specific flow's source and destination IP address respectively.
The detailed information of the three new IEs are shown in Section 9, The detailed information of the three new IEs are shown in Section 9,
IANA Considerations. IANA Considerations.
7. Operational Considerations 7. Operational Considerations
The maximum length of an IPFIX message is 65535 bytes as per The maximum length of an IPFIX message is 65535 bytes as per
[RFC7011] , and the maximum length of a normal BGP message is 4096 [RFC7011] , and the maximum length of a normal BGP message is 4096
bytes as per [RFC4271]. Since BGP communities, including standard, bytes as per [RFC4271]. Since BGP communities, including standard,
extended, and large communities , are BGP path attributes carried in extended, and large communities, are BGP path attributes carried in
BGP Update messages, the total length of these attributes can not BGP Update messages, the total length of these attributes can not
exceed the length of a BGP message, i.e. 4096 bytes. So one IPFIX exceed the length of a BGP message, i.e. 4096 bytes. So one IPFIX
message with a maximum length of 65535 bytes has enough space to fit message with a maximum length of 65535 bytes has enough space to fit
all the communities related to a specific flow, relating to both the all the communities related to a specific flow, relating to both the
source and destination IP addresses. source and destination IP addresses.
[I-D.ietf-idr-bgp-extended-messages] extends the maximum size of a [I-D.ietf-idr-bgp-extended-messages] extends the maximum size of a
BGP Update message to 65535 bytes. In that case, the BGP community BGP Update message to 65535 bytes. In that case, the BGP community
information related to a specific flow could theoretically exceed the information related to a specific flow could theoretically exceed the
length of one IPFIX message. However, according to information length of one IPFIX message. However, according to information
regarding actual networks in the field, the number of BGP communities regarding actual networks in the field, the number of BGP communities
in one BGP route is usually no more than ten. Nevertheless, BGP in one BGP route is usually no more than ten. Nevertheless, BGP
speakers that support the extended message SHOULD be careful to speakers that support the extended message SHOULD only convey as many
export the BGP communities in the IPFIX message properly, so that communities as possible without exceeding the 65536-byte limit of an
they only convey as many communities as possible in the IPFIX IPFIX message. The Collector which receives an IPFIX message with
message. The Collector which receives an IPFIX message with maximum maximum length and BGP communities contained in its data set SHOULD
length and BGP communities contained in its data set SHOULD be aware generate a warning or log message to indicate that the BGP
that the BGP communities may be truncated due to limited message communities may be truncated due to limited message space. In this
space. In this case, it is RECOMMENDED to configure the export case, it is recommended to configure the export policy of BGP
policy of BGP communities to limit the BGP communities by including communities to limit the BGP communities by including or excluding
or excluding specific communities. specific communities.
If needed, the IPFIX message length could be extended from 16 bits to If needed, the IPFIX message length could be extended from 16 bits to
32 bits to solve this problem completely. The details of increasing 32 bits to solve this problem completely. The details of increasing
the IPFIX message length is out of scope of this document. the IPFIX message length is out of scope of this document.
To align with the size of the BGP extended community and large To align with the size of the BGP extended community and large
community attributes, the size of IE bgpExtendedCommunity and community attributes, the size of IE bgpExtendedCommunity and
bgpLargeCommunity is 8 octets and 12 octets respectively. In the bgpLargeCommunity is 8 octets and 12 octets respectively. In the
event that the bgpExtendedCommunity or bgpLargeCommunity IE is not of event that the bgpExtendedCommunity or bgpLargeCommunity IE is not of
its expected size, the IPFIX Collector SHOULD ignore it. This is its expected size, the IPFIX Collector SHOULD ignore it. This is
skipping to change at page 9, line 24 skipping to change at page 9, line 13
template requesting to report the BGP community information (refer to template requesting to report the BGP community information (refer to
Appendix A for an example), the Exporter SHOULD obtain the Appendix A for an example), the Exporter SHOULD obtain the
corresponding BGP community information through BGP lookup using the corresponding BGP community information through BGP lookup using the
corresponding source or destination IP address of the specific corresponding source or destination IP address of the specific
traffic flow. When exporting the IPFIX information to the Collector, traffic flow. When exporting the IPFIX information to the Collector,
the Exporter SHOULD include the corresponding BGP communities in the the Exporter SHOULD include the corresponding BGP communities in the
IPFIX message. IPFIX message.
8. Security Considerations 8. Security Considerations
This document only defines new IEs for IPFIX. This document itself This document defines new IEs for IPFIX. The same security
does not directly introduce any new security issues. The same considerations as for the IPFIX Protocol Specification [RFC7011] and
security considerations as for the IPFIX Protocol Specification Information Model [RFC7012] apply.
[RFC7011] and Information Model [RFC7012] apply.
As the BGP community information is deducible by other means, there Systems processing BGP community information collected by IPFIX
are no increased privacy concerns as well. collectors need to be aware of the use of communities as an attack
vector [Weaponizing-BGP], and only include BGP community information
in their decisions where they are confident of its validity. Thus we
can not assume that all BGP community information collected by IPFIX
collectors is credible and accurate. It is RECOMMENDED to use only
the IPFIX collected BGP community information that the processing
system can trust, for example the BGP communities generated by the
consecutive neighboring ASs within the same trust domain as the
processing system (for instance, the consecutive neighboring ASs and
the processing system are operated by one carrier).
[RFC7011] says that the storage of the information collected by IPFIX
must be protected and confined its visibility to authorized users via
technical as well as policy means to ensure the privacy of the
information collected. [RFC7011] also provides mechanisms to ensure
the confidentiality and integrity of IPFIX data transferred from an
Exporting Process to a Collecting Proces. The mechanism to
authenticate IPFIX Collecting and Exporting Processes is provided in
[RFC7011], too. If sensitive information is contained in the
community information, the above recommendations and mechanisms are
recommended to be used. No additional privacy risks are introduced
by this standard.
9. IANA Considerations 9. IANA Considerations
This draft specifies the following IPFIX IEs to export BGP community This draft specifies the following IPFIX IEs to export BGP community
information along with other flow information. information along with other flow information.
The Element IDs for these IEs are requested to be assigned by IANA. The Element IDs for these IEs are requested to be assigned by IANA.
The following table is for IANA's use to place in each field in the The following table is for IANA's use to place in each field in the
registry. registry.
skipping to change at page 12, line 16 skipping to change at page 12, line 25
"Export of Structured Data in IP Flow Information Export "Export of Structured Data in IP Flow Information Export
(IPFIX)", RFC 6313, DOI 10.17487/RFC6313, July 2011, (IPFIX)", RFC 6313, DOI 10.17487/RFC6313, July 2011,
<https://www.rfc-editor.org/info/rfc6313>. <https://www.rfc-editor.org/info/rfc6313>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX) "Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77, Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013, RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>. <https://www.rfc-editor.org/info/rfc7011>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
11.2. Informative References 11.2. Informative References
[Community-TE] [Community-TE]
Shao, W., Devienne, F., Iannone, L., and JL. Rougier, "On Shao, W., Devienne, F., Iannone, L., and JL. Rougier, "On
the use of BGP communities for fine-grained inbound the use of BGP communities for fine-grained inbound
traffic engineering", Computer Science 27392(1):476-487, traffic engineering", Computer Science 27392(1):476-487,
November 2015. November 2015.
[I-D.ietf-idr-bgp-extended-messages] [I-D.ietf-idr-bgp-extended-messages]
Bush, R., Patel, K., and D. Ward, "Extended Message Bush, R., Patel, K., and D. Ward, "Extended Message
support for BGP", draft-ietf-idr-bgp-extended-messages-26 support for BGP", draft-ietf-idr-bgp-extended-messages-27
(work in progress), June 2018. (work in progress), December 2018.
[IANA-IPFIX] [IANA-IPFIX]
"IP Flow Information Export (IPFIX) Entities", "IP Flow Information Export (IPFIX) Entities",
<http://www.iana.org/assignments/ipfix/>. <http://www.iana.org/assignments/ipfix/>.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<https://www.rfc-editor.org/info/rfc1997>. <https://www.rfc-editor.org/info/rfc1997>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
skipping to change at page 13, line 39 skipping to change at page 14, line 5
[RFC8092] Heitz, J., Ed., Snijders, J., Ed., Patel, K., Bagdonas, [RFC8092] Heitz, J., Ed., Snijders, J., Ed., Patel, K., Bagdonas,
I., and N. Hilliard, "BGP Large Communities Attribute", I., and N. Hilliard, "BGP Large Communities Attribute",
RFC 8092, DOI 10.17487/RFC8092, February 2017, RFC 8092, DOI 10.17487/RFC8092, February 2017,
<https://www.rfc-editor.org/info/rfc8092>. <https://www.rfc-editor.org/info/rfc8092>.
[RFC8195] Snijders, J., Heasley, J., and M. Schmidt, "Use of BGP [RFC8195] Snijders, J., Heasley, J., and M. Schmidt, "Use of BGP
Large Communities", RFC 8195, DOI 10.17487/RFC8195, June Large Communities", RFC 8195, DOI 10.17487/RFC8195, June
2017, <https://www.rfc-editor.org/info/rfc8195>. 2017, <https://www.rfc-editor.org/info/rfc8195>.
[Weaponizing-BGP]
Streibelt, F., Lichtblau, F., Beverly, R., and et al.,
"Weaponizing BGP Using Communities", November 2018,
<https://datatracker.ietf.org/meeting/103/materials/
slides-103-grow-bgp-communities-spread-their-wings-01>.
Appendix A. Encoding Example Appendix A. Encoding Example
In this section, we provide an example to show the encoding format In this section, we provide an example to show the encoding format
for the new introduced IEs. for the new introduced IEs.
Flow information, including BGP communities, is shown in the Flow information, including BGP communities, is shown in the
following table. In this example, all the fields are reported by following table. In this example, all the fields are reported by
IPFIX. IPFIX.
---------------------------------------------------------------------- ----------------------------------------------------------------------
 End of changes. 18 change blocks. 
52 lines changed or deleted 74 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/