BGP Flow Specification
for SRv6Huawei156 Beiqing RoadBeijing, 100095P.R. Chinalizhenbin@huawei.comHuawei156 Beiqing RoadBeijing100095P.R. Chinalily.lilei@huawei.comThis draft proposes BGP flow specification rules that are used to
filter SRv6 packets.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .BGP Flow Specification (BGP-FS) defines a new
BGP NLRI to distribute traffic flow specification rules via BGP (). BGP-FS policies have a match condition that may be
n-tuple match in a policy, and an action that modifies the packet and
forwards/drops the packet. Via BGP, new filter rules can be sent to all
BGP peers simultaneously without changing router configuration, and the
BGP peer can install these routes in the forwarding table. BGP-FS
defines Network Layer Reachability Information (NLRI) format used to
distribute traffic flow specification rules. NLRI (AFI=1, SAFI=133) is
for IPv4 unicast filtering. NLRI (AFI=1, SAFI=134)is for BGP/MPLS VPN
filtering.[I-D.ietf-idr-flowspec-l2vpn]
extends the flow-spec rules for layer 2 Ethernet packets.Segment Routing (SR) for unicast traffic has been proposed to cope
with the usecases in traffic engineering, fast re-reroute, service
chain, etc. SR architecture can be implemented over an IPv6 data plane
using a new type of Segment Routing Header (SRH) . SRv6 Network
Programming
defined the SRv6 network programming concept and its most basic
functions. SRv6 SID will have the form LOC:FUNCT:ARGS::.LOC: Each operator is free to use the locator length it chooses. Most
often the LOC part of the SID is routable and leads to the node which
instantiates that SIDFUNCT: The FUNCT part of the SID is an opaque identification of a
local function bound to the SID. (e.g. End: Endpoint, End.X, End.T,
End.DX2 etc.)ARGS: A function may require additional arguments that would be
placed immediately after the FUNCTThis document specifies a new subset of BGP-FS component types to
support Segment Routing over IPv6 data plane (SRv6) filtering.FS: Flow SpecificationSR: Segment RoutingSRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6
packets on the network based on the concept of source routing.SID: Segment IdentifierBSID: Binding SIDThis document proposes new flow specifications rules that is encoded
in NLRI. The following new component types are definedWhole SIDType TBD1 - Whole SIDEncoding: <type (1 octet), length(1 octet), [op, value]+>Contains a set of {operator, value} pairs that are used to match the
SID/binding SID or a range of whole SID.The operator byte is encoded as:Where:e - end-of-list bit. Set in the last {op, value} pair in the
list.a - AND bit. If unset, the previous term is logically ORed with the
current one. If set, the operation is a logical AND. It should be unset
in the first operator byte of a sequence. The AND operator has higher
priority than OR for the purposes of evaluating logical expressions.lt - less than comparison between data and value.gt - greater than comparison between data and value.eq - equality between data and value.The bits lt, gt, and eq can be combined to produce match the SID or a
range of SID(e.g. less than SID1 and greater than SID2).The value field is encoded as:The format of SID is described in and Some bits of SID to matchFor some scenarios route policy with the whole128 bits SID matching
is too long and not necessary. defined the
format of SID is LOC:FUNCT:ARGS::. In some scenarios, traffic packets
can just match Locator, Function ID, Argument or combine of these
different fields rather than whole 128 bits SID. This document defines a
set of new component type TBD2 to reduce the length of matching.Type TBD2 - Some bits of SIDEncoding: <type (1 octet), length(1 octet), [op, value]+>Contains a set of {operator, value} pairs that are used to match some
bits of SID.The operator byte is encoded as:Where:e - end-of-list bit. Set in the last {op, value} pair in the
list.a - AND bit. If unset, the previous term is logically ORed with the
current one. If set, the operation is a logical AND. It should be unset
in the first operator byte of a sequence. The AND operator has higher
priority than OR for the purposes of evaluating logical expressions.type:0000 : SID's LOC bits0001 : SID's FUNCT bits0010 : SID's LOC:FUNCT bits0011 : SID's FUNCT:ARGS bitsThe value field is encoded as SID with mask to match bits as type
defined:No new security issues are introduced to the BGP protocol by this
specification.IANA is requested to a new entry in "Flow Spec component types
registry" with the following values:TBDTBD