BGP Flow Specification
for SRv6Huawei156 Beiqing RoadBeijing, 100095P.R. Chinalizhenbin@huawei.comHuawei156 Beiqing RoadBeijing100095P.R. Chinalily.lilei@huawei.comFutureweiBoston, MAUSAHuaimo.chen@futurewei.comNext Layer CommunicationsMariahilfer Guertel 37/7Vienna1150ATcl@tix.atCasa SystemsUSAyfan@casa-systems.comChina Telecom109, West Zhongshan Road, Tianhe DistrictGuangzhou510000Chinazhuyq.gd@chinatelecom.cnFujitsuUSAliulei.kddi@gmail.comVolta NetworksMcLeanVAUSAxufeng.liu.ietf@gmail.comThis document proposes extensions to BGP
Flow Specification for SRv6 for
filtering SRv6 packets that match a sequence of
conditions.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in . describes in details about
a new BGP NLRI to distribute a flow specification, which is an
n-tuple comprising a sequence of matching criteria that can be applied
to IP traffic.
extends
to make it
also usable and applicable to IPv6 data packets.
extends the flow-spec rules for layer 2 Ethernet packets.Segment Routing (SR) for unicast traffic has been proposed to cope
with the usecases in traffic engineering, fast re-reroute, service
chain, etc. SR architecture can be implemented over an IPv6 data plane
using a new type of Segment Routing Header (SRH) . SRv6 Network
Programming
defines the SRv6 network programming concept and its most basic
functions. An SRv6 SID may have the form of LOC:FUNCT:ARGS::.LOC: Each operator is free to use the locator length it chooses. Most
often the LOC part of the SID is routable and leads to the node which
instantiates that SID.FUNCT: The FUNCT part of the SID is an opaque identification of a
local function bound to the SID. (e.g. End: Endpoint, End.X, End.T,
End.DX2 etc.).ARGS: A function may require additional arguments that would be
placed immediately after the FUNCT.This document specifies two new BGP Flow Specification (FS)
component types to
support Segment Routing over IPv6 data plane (SRv6) filtering. The match
field is destination address of IPv6 header, but it's a SID copy from
SRH rather than a traditional IPv6 address (refer to
).FS: Flow SpecificationBGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS)SR: Segment RoutingSRH: SR Header.SRv6: IPv6 Segment Routing, SRv6 is a method of forwarding IPv6
packets on the network based on the concept of source routing.SID: Segment IdentifierBSID: Binding SIDThe Flow Specification NLRI-type consists of several optional
components, each of which begins with a type field (1 octet) followed
by a variable length parameter. 13 component types are defined in
and
for IPv4 and IPv6.
This document defines two new component types for SRv6.Encoding: <type (1 octet), [op, value]+>Contains a list of {operator, value} pairs that are used to match the
SID/binding SID or a range of whole SID.The operator byte is encoded as:Where:e - end-of-list bit. Set in the last {op, value} pair in the
sequence.a - AND bit. If unset, the previous term is logically ORed with the
current one. If set, the operation is a logical AND. It should be unset
in the first operator byte of a sequence. The AND operator has higher
priority than OR for the purposes of evaluating logical expressions.0 - SHOULD be set to 0 on NLRI encoding,
and MUST be ignored during decoding.lt - less than comparison between data and value.gt - greater than comparison between data and value.eq - equality between data and value.The bits lt, gt, and eq can be combined to match the SID or a
range of SID (e.g. less than SID1 and greater than SID2).The value field is encoded as:The format of SID is described in and For some scenarios route policy with the whole 128 bits SID matching
is too long and not necessary. defines the
format of SID is LOC:FUNCT:ARGS::. In some scenarios, traffic packets
can just match Locator, Function ID, Argument or some combinations of these
different fields rather than whole 128 bits SID.
The new component type TBD2 defined below is for matching some bits of SID.Encoding: <type (1 octet), [op, value]+>Contains a list of {operator, value} pairs that are used to match some
bits of SID.The operator byte is encoded as:Where:e and a
are the same as defined in Section "Type TBD1 - Whole SID".field type:000 : SID's LOC bits001 : SID's FUNCT bits010 : SID's LOC:FUNCT bits011 : SID's FUNCT:ARGS bitslt - less than comparison between data' and value'.gt - greater than comparison between data' and value'.eq - equality between data' and value'.The data' and value' used in lt, gt and eq
are indicated by the field type in a operator and
its corresponding length in the value field following the operator.The value field is encoded below as the lengths in bits of
LOC, FUNCT and ARGS followed by the SID rounding up to bytes:
Where:LOC Length : 1-octet field indicating the length in bits of LOC in SID.FUNCT Length : 1-octet field indicating the length in bits of FUNCT in SID.ARGS Length : 1-octet field indicating the length in bits of ARGS in SID.SID : the SID containing LOC, FUNCT and ARGS, and rounding up to bytes.No new security issues are introduced to the BGP protocol by this
specification over the security considerations in
and
.This section complies with .Under "Flow Spec IPv6 Component Types" registry,
IANA is requested to assign the following values:The authors would like to thank
Shunwan Zhuang and Rainsword Wang
for their valuable suggestions and comments on this draft.