RFC7674

From RFC-Wiki

Internet Engineering Task Force (IETF) J. Haas, Ed. Request for Comments: 7674 Juniper Networks Updates: 5575 October 2015 Category: Standards Track ISSN: 2070-1721 

   Clarification of the Flowspec Redirect Extended Community

Abstract

This document updates RFC 5575 ("Dissemination of Flow Specification Rules") to clarify the formatting of the BGP Flowspec Redirect Extended Community.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7674.

Copyright Notice

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. 

 2.2.  Update to BGP Generic Transitive Experimental Use

 2.3.  Generic Transitive Experimental Use Extended Community

 2.4.  Generic Transitive Experimental Use Extended Community

Introduction

"Dissemination of Flow Specification Rules" RFC5575, commonly known as BGP Flowspec, provided for a BGP Extended Community RFC4360 that served to redirect traffic to a Virtual Routing and Forwarding (VRF) instance that matched the flow specification's Network Layer Reachability Information (NLRI). In RFC 5575, the Redirect Extended Community was documented as follows:

+--------+--------------------+--------------------------+
| type | extended community | encoding |
+--------+--------------------+--------------------------+
| 0x8008 | redirect | 6-byte Route Target |
+--------+--------------------+--------------------------+
[...]
Redirect: The redirect extended community allows the traffic to be
redirected to a VRF routing instance that lists the specified
route-target in its import policy. If several local instances
match this criteria, the choice between them is a local matter
(for example, the instance with the lowest Route Distinguisher
value can be elected). This extended community uses the same
encoding as the Route Target extended community RFC4360.
[...]
11. IANA Considerations
[...]
The following traffic filtering flow specification rules have been
allocated by IANA from the "BGP Extended Communities Type -
Experimental Use" registry as follows:
[...]
0x8008 - Flow spec redirect

The IANA registry of BGP Extended Communities clearly identifies communities of specific formats. For example, "Two-octet AS Specific Extended Community" RFC4360, "Four-octet AS Specific Extended Community" RFC5668, and "IPv4 Address Specific Extended Community" RFC4360. Route Targets RFC4360 identify this format in the high- order (Type) octet of the Extended Community and set the value of the low-order (Sub-Type) octet to 0x02. The Value field of the Route Target Extended Community is intended to be interpreted in the context of its format.

Since the Redirect Extended Community only registered a single codepoint in IANA's BGP Extended Community registry, a common interpretation of the Redirect Extended Community's "6-byte Route Target" has been to look, at a receiving router, for a Route Target value that matches the Route Target value in the received Redirect Extended Community and import the advertised route to the corresponding VRF instance subject to the rules defined in RFC5575. However, because the Route Target format in the Redirect Extended Community is not clearly defined, the wrong match may occur.

This "value wildcard" matching behavior, which does not take into account the format of the Route Target defined for a local VRF and may result in the wrong matching decision, does not match deployed implementations of BGP Flowspec. Deployed implementations of BGP Flowspec solve this problem by defining different Redirect Extended Communities that are specific to the format of the Route Target value. This document defines the following Redirect Extended Communities:

+--------+--------------------+-------------------------------------+ | type | extended community | encoding | +--------+--------------------+-------------------------------------+ | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | +--------+--------------------+-------------------------------------+

It should be noted that the low-order nibble of the Redirect's Type field corresponds to the Route Target Extended Community format field (Type). (See Sections 3.1, 3.2, and 4 of RFC4360 plus Section 2 of RFC5668.) The low-order octet (Sub-Type) of the Redirect Extended Community remains 0x08, in contrast to 0x02 for Route Targets.

The IANA registries for the BGP Extended Communities document RFC7153 was written to update the previously mentioned IANA registries to better document BGP Extended Community formats. The IANA Considerations section below further amends those registry updates in order to properly document the Flowspec redirect communities.

IANA Considerations

BGP Transitive Extended Community Types

IANA has updated the "BGP Transitive Extended Community Types" registry as follows:

0x81 - Generic Transitive Experimental Use Extended Community Part 2 

       (Sub-Types are defined in the "Generic Transitive
       Experimental Extended Community Part 2 Sub-Types" Registry)

0x82 - Generic Transitive Experimental Use Extended Community Part 3 

       (Sub-Types are defined in the "Generic Transitive
       Experimental Use Extended Community Part 3 Sub-Types"
       Registry)

Update to BGP Generic Transitive Experimental Use Extended

  Community Sub-Types

IANA has updated the "BGP Generic Transitive Experimental Use Extended Community Sub-Types" registry as follows: 

 0x08 - Flow spec redirect AS-2byte format   RFC5575 RFC7674

Generic Transitive Experimental Use Extended Community Part 2

  Sub-Types

IANA has created the "Generic Transitive Experimental Use Extended Community Part 2 Sub-Types" registry. This has been created under the "Border Gateway Protocol (BGP) Extended Communities" registry and contains the following note: 

  This registry contains values of the second octet (the "Sub-Type"
  field) of an extended community when the value of the first octet
  (the "Type" field) is 0x81.

Registry Name: Generic Transitive Experimental Use Extended Community Part 2 Sub-Types 

 RANGE              REGISTRATION PROCEDURE
 0x00-0xbf          First Come First Served
 0xc0-0xff          IETF Review

 SUB-TYPE VALUE     NAME                             REFERENCE
 0x00-0x07          Unassigned
 0x08               Flow spec redirect IPv4 format   RFC7674
 0x09-0xff          Unassigned

Generic Transitive Experimental Use Extended Community Part 3

  Sub-Types

IANA has created the "Generic Transitive Experimental Use Extended Community Part 3 Sub-Types" registry. This registry has been created under the "Border Gateway Protocol (BGP) Extended Communities" registry and contains the following note: 

  This registry contains values of the second octet (the "Sub-Type"
  field) of an extended community when the value of the first octet
  (the "Type" field) is 0x82.

Registry Name: Generic Transitive Experimental Use Extended Community Part 2 Sub-Types 

 RANGE              REGISTRATION PROCEDURE
 0x00-0xbf          First Come First Served
 0xc0-0xff          IETF Review

 SUB-TYPE VALUE     NAME                                 REFERENCE
 0x00-0x07          Unassigned
 0x08               Flow spec redirect AS-4byte format   RFC7674
 0x09-0xff          Unassigned

Security Considerations

This document introduces no additional security considerations than those already covered in RFC5575. It should be noted that if the wildcard behavior were actually implemented, this ambiguity may lead to the installation of Flowspec rules in an incorrect VRF and may lead to traffic to be incorrectly delivered.

Normative References

RFC4360 Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended 

          Communities Attribute", RFC 4360, DOI 10.17487/RFC4360,
          February 2006, <http://www.rfc-editor.org/info/rfc4360>.

RFC5575 Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 

          and D. McPherson, "Dissemination of Flow Specification
          Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009,
          <http://www.rfc-editor.org/info/rfc5575>.

RFC5668 Rekhter, Y., Sangli, S., and D. Tappan, "4-Octet AS 

          Specific BGP Extended Community", RFC 5668,
          DOI 10.17487/RFC5668, October 2009,
          <http://www.rfc-editor.org/info/rfc5668>.

RFC7153 Rosen, E. and Y. Rekhter, "IANA Registries for BGP 

          Extended Communities", RFC 7153, DOI 10.17487/RFC7153,
          March 2014, <http://www.rfc-editor.org/info/rfc7153>.

Acknowledgements

The content of this document was raised as part of implementation discussions of the BGP Flowspec with the following individuals: 

  Andrew Karch (Cisco)

  Robert Raszuk

  Adam Simpson (Alcatel-Lucent)

  Matthieu Texier (Arbor Networks)

  Kaliraj Vairavakkalai (Juniper)

Author's Address

Jeffrey Haas (editor) Juniper Networks

Email: [email protected]

Retrieved from "https://rfc-wiki.org/index.php?title=RFC7674&oldid=15758"