Internet Engineering Task Force (IETF) J. Haas, Ed. Request for Comments: 7674 Juniper Networks Updates: 5575 October 2015 Category: Standards Track ISSN: 2070-1721
Internet Engineering Task Force (IETF) J. Haas, Ed. Request for Comments: 7674 Juniper Networks Updates: 5575 October 2015 Category: Standards Track ISSN: 2070-1721
Clarification of the Flowspec Redirect Extended Community
Flowspec重定向扩展社区的澄清
Abstract
摘要
This document updates RFC 5575 ("Dissemination of Flow Specification Rules") to clarify the formatting of the BGP Flowspec Redirect Extended Community.
本文件更新了RFC 5575(“流程规范规则的发布”),以澄清BGP流程规范重定向扩展社区的格式。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7674.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7674.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 2.1. BGP Transitive Extended Community Types . . . . . . . . . 5 2.2. Update to BGP Generic Transitive Experimental Use Extended Community Sub-Types . . . . . . . . . . . . . . 5 2.3. Generic Transitive Experimental Use Extended Community Part 2 Sub-Types . . . . . . . . . . . . . . . . . . . . 5 2.4. Generic Transitive Experimental Use Extended Community Part 3 Sub-Types . . . . . . . . . . . . . . . . . . . . 6 3. Security Considerations . . . . . . . . . . . . . . . . . . . 6 4. Normative References . . . . . . . . . . . . . . . . . . . . 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 2.1. BGP Transitive Extended Community Types . . . . . . . . . 5 2.2. Update to BGP Generic Transitive Experimental Use Extended Community Sub-Types . . . . . . . . . . . . . . 5 2.3. Generic Transitive Experimental Use Extended Community Part 2 Sub-Types . . . . . . . . . . . . . . . . . . . . 5 2.4. Generic Transitive Experimental Use Extended Community Part 3 Sub-Types . . . . . . . . . . . . . . . . . . . . 6 3. Security Considerations . . . . . . . . . . . . . . . . . . . 6 4. Normative References . . . . . . . . . . . . . . . . . . . . 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
"Dissemination of Flow Specification Rules" [RFC5575], commonly known as BGP Flowspec, provided for a BGP Extended Community [RFC4360] that served to redirect traffic to a Virtual Routing and Forwarding (VRF) instance that matched the flow specification's Network Layer Reachability Information (NLRI). In RFC 5575, the Redirect Extended Community was documented as follows:
“流量规范规则的传播”[RFC5575],通常称为BGP Flowspec,为BGP扩展社区[RFC4360]提供,该社区用于将流量重定向到与流量规范的网络层可达性信息(NLRI)匹配的虚拟路由和转发(VRF)实例。在RFC 5575中,重定向扩展社区记录如下:
: +--------+--------------------+--------------------------+ : | type | extended community | encoding | : +--------+--------------------+--------------------------+ : | 0x8008 | redirect | 6-byte Route Target | : +--------+--------------------+--------------------------+ : : [...] : : Redirect: The redirect extended community allows the traffic to be : redirected to a VRF routing instance that lists the specified : route-target in its import policy. If several local instances : match this criteria, the choice between them is a local matter : (for example, the instance with the lowest Route Distinguisher : value can be elected). This extended community uses the same : encoding as the Route Target extended community [RFC4360]. : [...] : : 11. IANA Considerations : [...] : : The following traffic filtering flow specification rules have been : allocated by IANA from the "BGP Extended Communities Type - : Experimental Use" registry as follows: : [...] : : 0x8008 - Flow spec redirect
: +--------+--------------------+--------------------------+ : | type | extended community | encoding | : +--------+--------------------+--------------------------+ : | 0x8008 | redirect | 6-byte Route Target | : +--------+--------------------+--------------------------+ : : [...] : : Redirect: The redirect extended community allows the traffic to be : redirected to a VRF routing instance that lists the specified : route-target in its import policy. If several local instances : match this criteria, the choice between them is a local matter : (for example, the instance with the lowest Route Distinguisher : value can be elected). This extended community uses the same : encoding as the Route Target extended community [RFC4360]. : [...] : : 11. IANA Considerations : [...] : : The following traffic filtering flow specification rules have been : allocated by IANA from the "BGP Extended Communities Type - : Experimental Use" registry as follows: : [...] : : 0x8008 - Flow spec redirect
The IANA registry of BGP Extended Communities clearly identifies communities of specific formats. For example, "Two-octet AS Specific Extended Community" [RFC4360], "Four-octet AS Specific Extended Community" [RFC5668], and "IPv4 Address Specific Extended Community" [RFC4360]. Route Targets [RFC4360] identify this format in the high-order (Type) octet of the Extended Community and set the value of the low-order (Sub-Type) octet to 0x02. The Value field of the Route Target Extended Community is intended to be interpreted in the context of its format.
BGP扩展社区的IANA注册清楚地标识了特定格式的社区。例如,“两个八位字节作为特定扩展社区”[RFC4360]、“四个八位字节作为特定扩展社区”[RFC5668]和“IPv4地址特定扩展社区”[RFC4360]。路由目标[RFC4360]在扩展社区的高阶(类型)八位字节中标识此格式,并将低阶(子类型)八位字节的值设置为0x02。Route Target Extended Community的值字段旨在根据其格式进行解释。
Since the Redirect Extended Community only registered a single codepoint in IANA's BGP Extended Community registry, a common interpretation of the Redirect Extended Community's "6-byte Route Target" has been to look, at a receiving router, for a Route Target value that matches the Route Target value in the received Redirect Extended Community and import the advertised route to the corresponding VRF instance subject to the rules defined in [RFC5575]. However, because the Route Target format in the Redirect Extended Community is not clearly defined, the wrong match may occur.
由于重定向扩展社区仅在IANA的BGP扩展社区注册表中注册了一个代码点,因此对重定向扩展社区的“6字节路由目标”的常见解释是查看接收路由器,对于与接收的重定向扩展社区中的路由目标值匹配的路由目标值,并根据[RFC5575]中定义的规则将播发的路由导入相应的VRF实例。但是,由于重定向扩展社区中的路由目标格式没有明确定义,因此可能会发生错误匹配。
This "value wildcard" matching behavior, which does not take into account the format of the Route Target defined for a local VRF and may result in the wrong matching decision, does not match deployed implementations of BGP Flowspec. Deployed implementations of BGP Flowspec solve this problem by defining different Redirect Extended Communities that are specific to the format of the Route Target value. This document defines the following Redirect Extended Communities:
这种“值通配符”匹配行为不符合BGP Flowspec的部署实现,它不考虑为本地VRF定义的路由目标的格式,并可能导致错误的匹配决策。部署的BGP Flowspec实现通过定义不同的重定向扩展社区来解决此问题,这些社区特定于路由目标值的格式。本文档定义了以下重定向扩展社区:
+--------+--------------------+-------------------------------------+ | type | extended community | encoding | +--------+--------------------+-------------------------------------+ | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | +--------+--------------------+-------------------------------------+
+--------+--------------------+-------------------------------------+ | type | extended community | encoding | +--------+--------------------+-------------------------------------+ | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | +--------+--------------------+-------------------------------------+
It should be noted that the low-order nibble of the Redirect's Type field corresponds to the Route Target Extended Community format field (Type). (See Sections 3.1, 3.2, and 4 of [RFC4360] plus Section 2 of [RFC5668].) The low-order octet (Sub-Type) of the Redirect Extended Community remains 0x08, in contrast to 0x02 for Route Targets.
应该注意,重定向类型字段的低阶半字节对应于路由目标扩展社区格式字段(类型)。(参见[RFC4360]的第3.1、3.2和4节以及[RFC5668]的第2节)重定向扩展社区的低阶八位组(子类型)保持0x08,而路由目标保持0x02。
The IANA registries for the BGP Extended Communities document [RFC7153] was written to update the previously mentioned IANA registries to better document BGP Extended Community formats. The IANA Considerations section below further amends those registry updates in order to properly document the Flowspec redirect communities.
编写BGP扩展社区文件[RFC7153]的IANA注册表是为了更新前面提到的IANA注册表,以更好地记录BGP扩展社区格式。下面的IANA注意事项部分进一步修改了这些注册表更新,以便正确记录Flowspec重定向社区。
IANA has updated the "BGP Transitive Extended Community Types" registry as follows:
IANA已将“BGP可传递扩展社区类型”注册表更新如下:
0x81 - Generic Transitive Experimental Use Extended Community Part 2 (Sub-Types are defined in the "Generic Transitive Experimental Extended Community Part 2 Sub-Types" Registry)
0x81-通用传递性实验使用扩展社区第2部分(子类型在“通用传递性实验扩展社区第2部分子类型”注册表中定义)
0x82 - Generic Transitive Experimental Use Extended Community Part 3 (Sub-Types are defined in the "Generic Transitive Experimental Use Extended Community Part 3 Sub-Types" Registry)
0x82-通用过渡实验使用扩展社区第3部分(子类型在“通用过渡实验使用扩展社区第3部分子类型”注册表中定义)
2.2. Update to BGP Generic Transitive Experimental Use Extended Community Sub-Types
2.2. 更新到BGP通用传递实验使用扩展社区子类型
IANA has updated the "BGP Generic Transitive Experimental Use Extended Community Sub-Types" registry as follows:
IANA更新了“BGP通用过渡实验使用扩展社区子类型”注册表,如下所示:
0x08 - Flow spec redirect AS-2byte format [RFC5575] [RFC7674]
0x08-流规范重定向为-2字节格式[RFC5575][RFC7674]
2.3. Generic Transitive Experimental Use Extended Community Part 2 Sub-Types
2.3. 通用传递性实验使用扩展社区第2部分子类型
IANA has created the "Generic Transitive Experimental Use Extended Community Part 2 Sub-Types" registry. This has been created under the "Border Gateway Protocol (BGP) Extended Communities" registry and contains the following note:
IANA创建了“通用传递实验使用扩展社区第2部分子类型”注册表。这是在“边界网关协议(BGP)扩展社区”注册表下创建的,包含以下注释:
This registry contains values of the second octet (the "Sub-Type" field) of an extended community when the value of the first octet (the "Type" field) is 0x81.
当第一个八位字节(“类型”字段)的值为0x81时,此注册表包含扩展社区的第二个八位字节(“子类型”字段)的值。
Registry Name: Generic Transitive Experimental Use Extended Community Part 2 Sub-Types
注册表名称:通用传递实验使用扩展社区第2部分子类型
RANGE REGISTRATION PROCEDURE 0x00-0xbf First Come First Served 0xc0-0xff IETF Review
范围注册程序0x00-0xbf先到先得0xc0-0xff IETF审查
SUB-TYPE VALUE NAME REFERENCE 0x00-0x07 Unassigned 0x08 Flow spec redirect IPv4 format [RFC7674] 0x09-0xff Unassigned
子类型值名称引用0x00-0x07未分配0x08流规范重定向IPv4格式[RFC7674]0x09-0xff未分配
2.4. Generic Transitive Experimental Use Extended Community Part 3 Sub-Types
2.4. 通用传递性实验使用扩展社区第3部分子类型
IANA has created the "Generic Transitive Experimental Use Extended Community Part 3 Sub-Types" registry. This registry has been created under the "Border Gateway Protocol (BGP) Extended Communities" registry and contains the following note:
IANA创建了“通用传递实验使用扩展社区第3部分子类型”注册表。此注册表是在“边界网关协议(BGP)扩展社区”注册表下创建的,包含以下注释:
This registry contains values of the second octet (the "Sub-Type" field) of an extended community when the value of the first octet (the "Type" field) is 0x82.
当第一个八位字节(“类型”字段)的值为0x82时,此注册表包含扩展社区的第二个八位字节(“子类型”字段)的值。
Registry Name: Generic Transitive Experimental Use Extended Community Part 2 Sub-Types
注册表名称:通用传递实验使用扩展社区第2部分子类型
RANGE REGISTRATION PROCEDURE 0x00-0xbf First Come First Served 0xc0-0xff IETF Review
范围注册程序0x00-0xbf先到先得0xc0-0xff IETF审查
SUB-TYPE VALUE NAME REFERENCE 0x00-0x07 Unassigned 0x08 Flow spec redirect AS-4byte format [RFC7674] 0x09-0xff Unassigned
子类型值名称参考0x00-0x07未分配0x08流规范重定向为-4字节格式[RFC7674]0x09-0xff未分配
This document introduces no additional security considerations than those already covered in [RFC5575]. It should be noted that if the wildcard behavior were actually implemented, this ambiguity may lead to the installation of Flowspec rules in an incorrect VRF and may lead to traffic to be incorrectly delivered.
除了[RFC5575]中已经介绍的安全注意事项外,本文档没有介绍其他安全注意事项。应该注意的是,如果实际实现了通配符行为,这种模糊性可能会导致在不正确的VRF中安装Flowspec规则,并可能导致错误交付流量。
[RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, February 2006, <http://www.rfc-editor.org/info/rfc4360>.
[RFC4360]Sangli,S.,Tappan,D.和Y.Rekhter,“BGP扩展社区属性”,RFC 4360,DOI 10.17487/RFC4360,2006年2月<http://www.rfc-editor.org/info/rfc4360>.
[RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., and D. McPherson, "Dissemination of Flow Specification Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, <http://www.rfc-editor.org/info/rfc5575>.
[RFC5575]Marques,P.,Sheth,N.,Raszuk,R.,Greene,B.,Mauch,J.,和D.McPherson,“流量规范规则的传播”,RFC 5575,DOI 10.17487/RFC5575,2009年8月<http://www.rfc-editor.org/info/rfc5575>.
[RFC5668] Rekhter, Y., Sangli, S., and D. Tappan, "4-Octet AS Specific BGP Extended Community", RFC 5668, DOI 10.17487/RFC5668, October 2009, <http://www.rfc-editor.org/info/rfc5668>.
[RFC5668]Rekhter,Y.,Sangli,S.,和D.Tappan,“4-八位字节作为特定的BGP扩展社区”,RFC 5668,DOI 10.17487/RFC5668,2009年10月<http://www.rfc-editor.org/info/rfc5668>.
[RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP Extended Communities", RFC 7153, DOI 10.17487/RFC7153, March 2014, <http://www.rfc-editor.org/info/rfc7153>.
[RFC7153]Rosen,E.和Y.Rekhter,“BGP扩展社区的IANA注册”,RFC 7153,DOI 10.17487/RFC7153,2014年3月<http://www.rfc-editor.org/info/rfc7153>.
Acknowledgements
致谢
The content of this document was raised as part of implementation discussions of the BGP Flowspec with the following individuals:
本文件的内容是作为BGP Flowspec实施讨论的一部分与以下人员提出的:
Andrew Karch (Cisco)
安德鲁·卡奇(思科)
Robert Raszuk
罗伯特·拉祖克
Adam Simpson (Alcatel-Lucent)
亚当·辛普森(阿尔卡特-朗讯)
Matthieu Texier (Arbor Networks)
Matthieu Texier(Arbor Networks)
Kaliraj Vairavakkalai (Juniper)
Kaliraj Vairavakkalai(杜松)
Author's Address
作者地址
Jeffrey Haas (editor) Juniper Networks
Jeffrey Haas(编辑)Juniper Networks
Email: jhaas@juniper.net
Email: jhaas@juniper.net