1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
|
Internet Engineering Task Force (IETF) J. Haas, Ed.
Request for Comments: 7674 Juniper Networks
Updates: 5575 October 2015
Category: Standards Track
ISSN: 2070-1721
Clarification of the Flowspec Redirect Extended Community
Abstract
This document updates RFC 5575 ("Dissemination of Flow Specification
Rules") to clarify the formatting of the BGP Flowspec Redirect
Extended Community.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7674.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Haas Standards Track [Page 1]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
2.1. BGP Transitive Extended Community Types . . . . . . . . . 5
2.2. Update to BGP Generic Transitive Experimental Use
Extended Community Sub-Types . . . . . . . . . . . . . . 5
2.3. Generic Transitive Experimental Use Extended Community
Part 2 Sub-Types . . . . . . . . . . . . . . . . . . . . 5
2.4. Generic Transitive Experimental Use Extended Community
Part 3 Sub-Types . . . . . . . . . . . . . . . . . . . . 6
3. Security Considerations . . . . . . . . . . . . . . . . . . . 6
4. Normative References . . . . . . . . . . . . . . . . . . . . 7
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
Haas Standards Track [Page 2]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
1. Introduction
"Dissemination of Flow Specification Rules" [RFC5575], commonly known
as BGP Flowspec, provided for a BGP Extended Community [RFC4360] that
served to redirect traffic to a Virtual Routing and Forwarding (VRF)
instance that matched the flow specification's Network Layer
Reachability Information (NLRI). In RFC 5575, the Redirect Extended
Community was documented as follows:
: +--------+--------------------+--------------------------+
: | type | extended community | encoding |
: +--------+--------------------+--------------------------+
: | 0x8008 | redirect | 6-byte Route Target |
: +--------+--------------------+--------------------------+
:
: [...]
:
: Redirect: The redirect extended community allows the traffic to be
: redirected to a VRF routing instance that lists the specified
: route-target in its import policy. If several local instances
: match this criteria, the choice between them is a local matter
: (for example, the instance with the lowest Route Distinguisher
: value can be elected). This extended community uses the same
: encoding as the Route Target extended community [RFC4360].
: [...]
:
: 11. IANA Considerations
: [...]
:
: The following traffic filtering flow specification rules have been
: allocated by IANA from the "BGP Extended Communities Type -
: Experimental Use" registry as follows:
: [...]
:
: 0x8008 - Flow spec redirect
The IANA registry of BGP Extended Communities clearly identifies
communities of specific formats. For example, "Two-octet AS Specific
Extended Community" [RFC4360], "Four-octet AS Specific Extended
Community" [RFC5668], and "IPv4 Address Specific Extended Community"
[RFC4360]. Route Targets [RFC4360] identify this format in the high-
order (Type) octet of the Extended Community and set the value of the
low-order (Sub-Type) octet to 0x02. The Value field of the Route
Target Extended Community is intended to be interpreted in the
context of its format.
Haas Standards Track [Page 3]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
Since the Redirect Extended Community only registered a single
codepoint in IANA's BGP Extended Community registry, a common
interpretation of the Redirect Extended Community's "6-byte Route
Target" has been to look, at a receiving router, for a Route Target
value that matches the Route Target value in the received Redirect
Extended Community and import the advertised route to the
corresponding VRF instance subject to the rules defined in [RFC5575].
However, because the Route Target format in the Redirect Extended
Community is not clearly defined, the wrong match may occur.
This "value wildcard" matching behavior, which does not take into
account the format of the Route Target defined for a local VRF and
may result in the wrong matching decision, does not match deployed
implementations of BGP Flowspec. Deployed implementations of BGP
Flowspec solve this problem by defining different Redirect Extended
Communities that are specific to the format of the Route Target
value. This document defines the following Redirect Extended
Communities:
+--------+--------------------+-------------------------------------+
| type | extended community | encoding |
+--------+--------------------+-------------------------------------+
| 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value |
| 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value |
| 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value |
+--------+--------------------+-------------------------------------+
It should be noted that the low-order nibble of the Redirect's Type
field corresponds to the Route Target Extended Community format field
(Type). (See Sections 3.1, 3.2, and 4 of [RFC4360] plus Section 2 of
[RFC5668].) The low-order octet (Sub-Type) of the Redirect Extended
Community remains 0x08, in contrast to 0x02 for Route Targets.
The IANA registries for the BGP Extended Communities document
[RFC7153] was written to update the previously mentioned IANA
registries to better document BGP Extended Community formats. The
IANA Considerations section below further amends those registry
updates in order to properly document the Flowspec redirect
communities.
Haas Standards Track [Page 4]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
2. IANA Considerations
2.1. BGP Transitive Extended Community Types
IANA has updated the "BGP Transitive Extended Community Types"
registry as follows:
0x81 - Generic Transitive Experimental Use Extended Community Part 2
(Sub-Types are defined in the "Generic Transitive
Experimental Extended Community Part 2 Sub-Types" Registry)
0x82 - Generic Transitive Experimental Use Extended Community Part 3
(Sub-Types are defined in the "Generic Transitive
Experimental Use Extended Community Part 3 Sub-Types"
Registry)
2.2. Update to BGP Generic Transitive Experimental Use Extended
Community Sub-Types
IANA has updated the "BGP Generic Transitive Experimental Use
Extended Community Sub-Types" registry as follows:
0x08 - Flow spec redirect AS-2byte format [RFC5575] [RFC7674]
2.3. Generic Transitive Experimental Use Extended Community Part 2
Sub-Types
IANA has created the "Generic Transitive Experimental Use Extended
Community Part 2 Sub-Types" registry. This has been created under
the "Border Gateway Protocol (BGP) Extended Communities" registry and
contains the following note:
This registry contains values of the second octet (the "Sub-Type"
field) of an extended community when the value of the first octet
(the "Type" field) is 0x81.
Registry Name: Generic Transitive Experimental Use Extended Community
Part 2 Sub-Types
RANGE REGISTRATION PROCEDURE
0x00-0xbf First Come First Served
0xc0-0xff IETF Review
SUB-TYPE VALUE NAME REFERENCE
0x00-0x07 Unassigned
0x08 Flow spec redirect IPv4 format [RFC7674]
0x09-0xff Unassigned
Haas Standards Track [Page 5]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
2.4. Generic Transitive Experimental Use Extended Community Part 3
Sub-Types
IANA has created the "Generic Transitive Experimental Use Extended
Community Part 3 Sub-Types" registry. This registry has been created
under the "Border Gateway Protocol (BGP) Extended Communities"
registry and contains the following note:
This registry contains values of the second octet (the "Sub-Type"
field) of an extended community when the value of the first octet
(the "Type" field) is 0x82.
Registry Name: Generic Transitive Experimental Use Extended Community
Part 2 Sub-Types
RANGE REGISTRATION PROCEDURE
0x00-0xbf First Come First Served
0xc0-0xff IETF Review
SUB-TYPE VALUE NAME REFERENCE
0x00-0x07 Unassigned
0x08 Flow spec redirect AS-4byte format [RFC7674]
0x09-0xff Unassigned
3. Security Considerations
This document introduces no additional security considerations than
those already covered in [RFC5575]. It should be noted that if the
wildcard behavior were actually implemented, this ambiguity may lead
to the installation of Flowspec rules in an incorrect VRF and may
lead to traffic to be incorrectly delivered.
Haas Standards Track [Page 6]
^L
RFC 7674 Flowspec Redirect Extended Community October 2015
4. Normative References
[RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended
Communities Attribute", RFC 4360, DOI 10.17487/RFC4360,
February 2006, <http://www.rfc-editor.org/info/rfc4360>.
[RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J.,
and D. McPherson, "Dissemination of Flow Specification
Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009,
<http://www.rfc-editor.org/info/rfc5575>.
[RFC5668] Rekhter, Y., Sangli, S., and D. Tappan, "4-Octet AS
Specific BGP Extended Community", RFC 5668,
DOI 10.17487/RFC5668, October 2009,
<http://www.rfc-editor.org/info/rfc5668>.
[RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP
Extended Communities", RFC 7153, DOI 10.17487/RFC7153,
March 2014, <http://www.rfc-editor.org/info/rfc7153>.
Acknowledgements
The content of this document was raised as part of implementation
discussions of the BGP Flowspec with the following individuals:
Andrew Karch (Cisco)
Robert Raszuk
Adam Simpson (Alcatel-Lucent)
Matthieu Texier (Arbor Networks)
Kaliraj Vairavakkalai (Juniper)
Author's Address
Jeffrey Haas (editor)
Juniper Networks
Email: jhaas@juniper.net
Haas Standards Track [Page 7]
^L
|