IDR Working Group G. Van de Velde Internet-Draft Nokia Intended status: Standards Track K. Patel Expires: 10 January 2024 Arrcus Z. Li Huawei Technologies H. Chen Futurewei 9 July 2023 Flowspec Indirection-id Redirect for SRv6 draft-ietf0-idr-srv6-flowspec-path-redirect-10 Abstract This document defines extensions to "FlowSpec Redirect to indirection-id Extended Community" for SRv6. This extended community can trigger advanced redirection capabilities to flowspec clients for SRv6. When activated, this flowspec extended community is used by a flowspec client to retrieve the corresponding next-hop and encoding information within a localised indirection-id mapping table. The functionality detailed in this document allows a network controller to decouple the BGP flowspec redirection instruction from the operation of the available paths. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [2]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Van de Velde, et al. Expires 10 January 2024 [Page 1] Internet-Draft Indirection-id Redirect for SRv6 July 2023 This Internet-Draft will expire on 10 January 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Redirect to indirection-id Community . . . . . . . . . . . . 2 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 5. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction "FlowSpec Redirect to indirection-id Extended Community" for IPv4 is defined in ietf-idr-flowspec-path-redirect [1]. This draft specifies extensions to this community for SRv6. 2. Redirect to indirection-id Community This document defines a new sub-type value for SRv6 in "FlowSpec Redirect to indirection-id Extended Community". The format of this extended community with the new sub-type value is show below: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type |Sub-Type (TBD) | Flags(1 octet)| ID-Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Generalized indirection_id (16 octets) | ~ ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Van de Velde, et al. Expires 10 January 2024 [Page 2] Internet-Draft Indirection-id Redirect for SRv6 July 2023 Where Type: 1 octet, defined in ietf-idr-flowspec-path-redirect [1]. Sub-Type: 1 octet, its value (TBD) will be assigned by IANA. Flags: Same as that defined in ietf-idr-flowspec-path-redirect [1]. ID-Type: 1 octet value. This draft defines following Context Types: * 0 - Localised ID (The flowspec client uses the received indirection-id to lookup forwarding information within the localised indirection-id table. The allocation and programming of the localised indirection-id table is outside scope of the document) * 1 - Node ID with SID/index in MPLS-based Segment Routing (This means the indirection-id is mapped to an MPLS label using the index as a global offset in the SID/label space) * 2 - Node ID with SID/label in MPLS-based Segment Routing (This means the indirection-id is mapped to an MPLS label using the indirection-id as global label) * 3 - Binding Segment ID with SID/index in MPLS-based Segment Routing (This means the indirection-id is mapped to an MPLS binding label using the indirection-id as index for global offset in the SID/label space). * 4 - Binding Segment ID with SID/label in MPLS-based Segment Routing (This means indirection-id is mapped to an MPLS binding label using the indirection-id as global label). * 5 - Tunnel ID (Tunnel ID is within a single administrative domain a globally unique tunnel identifier. The allocation and programming of the Tunnel ID within the localised indirection-id table is outside scope of the document) * 6 - Node ID with SID/index in SRv6 (This means the indirection-id is mapped to an SRv6 SID using the indirection-id as global SRv6 SID or index) * 7 - Binding Segment ID with SID/index in SRv6 (This means the indirection-id is mapped to an SRv6 binding SID using the indirection-id as index for global offset in the SID space). Van de Velde, et al. Expires 10 January 2024 [Page 3] Internet-Draft Indirection-id Redirect for SRv6 July 2023 * 8 - Binding Segment ID with SID/index in SRv6 (This means indirection-id is mapped to an SRv6 binding SID using the indirection-id as global SRv6 SID). Generalized indirection_id: 128-bit identifier used as indirection_id 3. Security Considerations A system using "Redirect to indirection-id" extended community can cause during the redirect mitigation of a DDoS attack overflow of traffic received by the mitigation infrastructure. 4. Acknowledgements This document received valuable comments and input from IDR working group including Adam Simpson, Mustapha Aissaoui, Jan Mertens, Robert Raszuk, Jeff Haas, Susan Hares and Lucy Yong. 5. Contributor Addresses Below is a list of other contributing authors in alphabetical order: Arjun Sreekantiah Cisco Systems 170 W. Tasman Drive San Jose, CA 95134 USA Email: asreekan@cisco.com Nan Wu Huawei Technologies Huawei Bld., No. 156 Beiquing Rd Beijing 100095 China Email: eric.wu@huawei.com Shunwan Zhuang Huawei Technologies Huawei Bld., No. 156 Beiquing Rd Beijing 100095 China Email: zhuangshunwan@huawei.com Van de Velde, et al. Expires 10 January 2024 [Page 4] Internet-Draft Indirection-id Redirect for SRv6 July 2023 Wim Henderickx Nokia Antwerp BE Email: wim.henderickx@nokia.com 6. IANA Considerations This document requests a new sub-type value under "FlowSpec Redirect to indirection-id Extended Community Sub-Type" registery. Value Code Reference 0x01 Flowspec Redirect to 128-bit Path-id for SRv6 [RFC-To-Be] 7. References 7.1. Normative References [1] Van de Velde, G., Patel, K., and Z. Li, "Flowspec Indirection-id Redirect", Work in Progress, Internet- Draft, draft-ietf-idr-flowspec-path-redirect-12, 24 November 2022, . [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, . [3] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., and D. McPherson, "Dissemination of Flow Specification Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, . 7.2. Informative References [4] Uttaro, J., Filsfils, C., Alcaide, J., and P. Mohapatra, "Revised Validation Procedure for BGP Flow Specifications", January 2014. [5] Filsfils, C., Previdi, S., Aries, E., Ginsburg, D., and D. Afanasiev, "Segment Routing Centralized Egress Peer Engineering", October 2015. Van de Velde, et al. Expires 10 January 2024 [Page 5] Internet-Draft Indirection-id Redirect for SRv6 July 2023 [6] Sreekantiah, A., Filsfils, C., Previdi, S., Sivabalan, S., Mattes, P., and S. Lin, "Segment Routing Traffic Engineering Policy using BGP", October 2015. [7] Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., Shakir, R., Bashandy, A., Horneffer, M., Henderickx, W., Tantsura, J., Crabbe, E., Milojevic, I., and S. Ytti, "Segment Routing Architecture", December 2015. [8] Sivabalan, S., Medved, M., Filsfils, C., Litkowski, S., Raszuk, R., Bashandy, A., Lopez, V., Tantsura, J., Henderickx, W., Hardwick, J., Milojevic, I., and S. Ytti, "PCEP Extensions for Segment Routing", December 2015. Authors' Addresses Gunter Van de Velde Nokia Antwerp Belgium Email: gunter.van_de_velde@nokia.com Keyur Patel Arrcus United States of America Email: keyur@arrcus.com Zhenbin Li Huawei Technologies Huawei Bld., No. 156 Beiquing Rd Beijing 100095 China Email: lizhenbin@huawei.com Huaimo Chen Futurewei Boston, MA, United States of America Email: Huaimo.chen@futurewei.com Van de Velde, et al. Expires 10 January 2024 [Page 6]