[Idr] New draft-khare-idr-bgp-flowspec-payload-match-07
"Bergeon, Philippe (Nokia - CA/Ottawa)" <philippe.bergeon@nokia.com> Fri, 30 October 2020 14:11 UTC
Return-Path: <philippe.bergeon@nokia.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A0A3A0ED7 for <idr@ietfa.amsl.com>; Fri, 30 Oct 2020 07:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9UCmW60CEe3 for <idr@ietfa.amsl.com>; Fri, 30 Oct 2020 07:11:16 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2136.outbound.protection.outlook.com [40.107.237.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08A1E3A0ED5 for <idr@ietf.org>; Fri, 30 Oct 2020 07:11:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R2IVsI2+/7qKw4/cUK4DPWlmLrzMjPbNXUgMuzusy2VCXIC2au+Buj1O41KzyECft9jZm8zq6pguSXJ9HgiIeZaea2AWnIYJR4ku0IWSUHMA/JMLY7+2CdKPurKThcdbrWCL+HWcSCoYNiPIMVMBD1NzhQ7sLKvhuTBQfbo8g1eFGS5kkzrkt5UTqBnxkDyj1NKNdUM733SoLX1QbDJUYuZx5cx6ddZg3Q0nQq0U3I/BOqdCEDujSRKlZRewrwvG6UGq79Ku2L8oJfFmEIHJrnoyEyIOVUGFX+95ji8Jsn9EL098Nzmtut4ky0Eq1eo2Zwyr1l9iRMS9Du43OylJQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uiA9K11fe71GrPfm4qEeI6Y8SY+IB32Nyq4BkXlr0eM=; b=I+OPnJLSnAxhLeXDvPK6uoyf4oytJtYc8sKAc/qOE08ioK7qBGBUq2INNkdNTO1OV/XMNQie4j2t2EEuIp7ObmEoQx0HC7Jrk3SBD6kNNJJ6WaP8Pb055Uco0NN1OFRzDJl4aGgdq97tUkIbN70F8gDGxmmGAs7//d7ur1y4DG53HOPjP9nXla5KtiH61gNiFXL4yAXVFOs2kICpAe16dYSkrafxmrl6mXYbsl93X93wZSmLf1ZZklxr4CzhG5/MCq8Ygu8qp7fR3AZ84hG8EXpyWTknJhtsvhLG/6pxzqKqNounPRXhdH6hqHjivVE2Qxv3UXKNGmucak9wUmTGlg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uiA9K11fe71GrPfm4qEeI6Y8SY+IB32Nyq4BkXlr0eM=; b=JHn6ag4PPMDS4RdhZVKL0g01obHLx7+zUUfpF4QjAV3RujfLc+h3KM5KTeqaNLCQaWcIhPcVz5ylP7mwshWkHyWdsxvq+u0k3fLeFUzOrPnO8sOcL66J3x9YZ/RshyOjV1A0I4Qbd8os6pRm5o65O/BJljMI4oACDmF2oJbEV4g=
Received: from CO1PR08MB6482.namprd08.prod.outlook.com (2603:10b6:303:9e::16) by CO1PR08MB6769.namprd08.prod.outlook.com (2603:10b6:303:9e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Fri, 30 Oct 2020 14:11:09 +0000
Received: from CO1PR08MB6482.namprd08.prod.outlook.com ([fe80::25e5:af7d:587f:2ad]) by CO1PR08MB6482.namprd08.prod.outlook.com ([fe80::25e5:af7d:587f:2ad%5]) with mapi id 15.20.3499.027; Fri, 30 Oct 2020 14:11:09 +0000
From: "Bergeon, Philippe (Nokia - CA/Ottawa)" <philippe.bergeon@nokia.com>
To: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] New draft-khare-idr-bgp-flowspec-payload-match-07
Thread-Index: AdauxoP1mQEWaxYDQcS5jWbUC4xCvA==
Date: Fri, 30 Oct 2020 14:11:09 +0000
Message-ID: <CO1PR08MB6482B509197CE4CE8AC716819E150@CO1PR08MB6482.namprd08.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nokia.com;
x-originating-ip: [72.53.208.183]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 84e55260-66cc-47cf-f33c-08d87cdda679
x-ms-traffictypediagnostic: CO1PR08MB6769:
x-microsoft-antispam-prvs: <CO1PR08MB67696DFC892671CAD6599BB39E150@CO1PR08MB6769.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wPBmiYrJytrsfsuQhzow3hvJ4Myii8m75TpqaSuNR26taspMjDoDVxLlgeroqJsWnejwo5Z4/rz/PXOosZfctFHeJrvVdIRW06zNkZYogY7MqkfsddQ29C7nzd9n7CfQByH4L9qh9Btpl2Tc07BWkeBcbpl64w52Q/TnYbuwjkJ1pJL0CbCnLEsK09CXYaD6B2b7DuDY6v8aG9QwTJ80Ae0bQkQucAGMlAWXMubCpiBrqxGKptbX3/KKnBN1fqzsI8EEgo10OZdeLz4xPVubFqKB5SJzLWOVIdimL5WglKC80MsCLJau3NRkVlWoHd3KK15UjBhJlxB8mjoF0yo2mN5nVdrJ6vAsmBPGtGiGCbYDCVbHR83A5Onz+sin8IF6lmqT6zEgKJFYwj2i3f7ghw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR08MB6482.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(136003)(376002)(396003)(346002)(83380400001)(7696005)(52536014)(71200400001)(966005)(6506007)(86362001)(9686003)(8936002)(33656002)(6916009)(478600001)(5660300002)(186003)(26005)(66574015)(316002)(66476007)(64756008)(66446008)(66556008)(55016002)(2906002)(66946007)(8676002)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: qkObxQIP8GLrhDtczKRpiUQaleZ0vhDTobJvxH3TBYKXqliY+9/9tTmPCKbDZEY16fHeROX+z14lMGCl4MsEzJJTPC1fEcXqgPnboNEuOprHgTjNOYV7XUNYti7IM/+ZlzI26VYbnsrVC3EzJGqTLnL0YSeh/tpB4Vig3fbppeqZVj8CWnaAeuLjhmcT8zkmvnwYT3K9rGx3uqeMSS2ZE063pfhvK+5ZwxBOjdOuWyA6Mo7knr8rWNj8McM/xokty0ZZB0HXpJlGXyzydKiPh8hmTFx9qqJ7ZnkHZzej6xGeQsmAqw6bZ25HRVPT2b4MwyGZ9WrT14gtm1kpDpkQF/QCIG75eaPGxQn4jqfbP2WM8W6EE/z4/CCJTevFlmZmjNTrjhFwMkCtWGOMwOYmbMKQAwi/9/57o3npqoSUVNQdmZlSckhcTDyamNrrGTFuap9Zue9U3DOwBo7Ut4wroPZN41vwbCwH6IeXyeSvHtUbiuAxQr5BjlokTxq8h7P1NjKH/LsSzsXnnV2vRHqzeTmqk5wUgqlhLp+6uDc3qLv7gHQtmlAQ4l6tIgCiwUyr77kM359+Q5Li94OKG6fy8ZFG/WYY1HdJVQDxGaFpwwIBDNRMiaFZfXmEuUZqmtsUxZfx96Ur3LVvCSP9chisaw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR08MB6482.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 84e55260-66cc-47cf-f33c-08d87cdda679
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2020 14:11:09.4058 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L5ER+1FbFO7/1QN4DdSzSgAj6c6ClLQTsPKZP9yXHTAChGBfDTvm+E8yXMxQmgvEaO1XqiHeX9v+d+lQjHRuGBVZTlaLQbJVPh89G7VYOPQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR08MB6769
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/1gqBq1N7YDfUUsfqTajwDUVO6lM>
Subject: [Idr] New draft-khare-idr-bgp-flowspec-payload-match-07
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 14:11:18 -0000
All, We published a new draft with draft-khare-idr-bgp-flowspec-payload-match version 07. This new draft specifies a new Flowspec component, the "Flexible Match Conditions", which is used to define a pattern value and offset within a packet. One of the main goal of this new component is to further help mitigate DDoS attacks. We would appreciate your review and comments. Thanks, Philippe. -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> A new version of I-D, draft-khare-idr-bgp-flowspec-payload-match-07.txt has been successfully submitted by Anurag Khare and posted to the IETF repository. Name: draft-khare-idr-bgp-flowspec-payload-match Revision: 07 Title: BGP FlowSpec Payload Matching Document date: 2020-08-31 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/internet-drafts/draft-khare-idr-bgp-flowspec-payload-match-07.txt Status: https://datatracker.ietf.org/doc/draft-khare-idr-bgp-flowspec-payload-match/ Htmlized: https://tools.ietf.org/html/draft-khare-idr-bgp-flowspec-payload-match-07 Htmlized: https://datatracker.ietf.org/doc/html/draft-khare-idr-bgp-flowspec-payload-match Diff: https://www.ietf.org/rfcdiff?url2=draft-khare-idr-bgp-flowspec-payload-match-07 Abstract: The rise in frequency, volume, and pernicious effects of DDoS attacks has elevated them from fare for the specialist to generalist press. Numerous reports detail the taxonomy of DDoS attacks, the varying motivations of their attackers, as well as the resulting impact for their targets ranging from internet or business services to network infrastrutures. BGP FlowSpec (RFC 5575, "Dissemination of Flow Specification Rules") can be used to rapidly disseminate filtering rules to mitigate (distributed) denial-of-service (DoS) attacks. Operators can use existing FlowSpec components to match typical n-tuple criteria in pre-defined packet header fields such as IP protocol, IP prefix or port number. Recent enhancements to IP Router forwarding plane filter implementations also allow matches at arbitrary locations within the packet header or payload. This capability can be used to essentially match a signature for the attack traffic and can be combined with traditional n-tuple filter criteria to mitigate volumetric DDoS attacks and reduce false positive to a minimum. To support this new filtering capability we define a new FlowSpec component, "Flexible Match Conditions", with similar matching semantics to those of existing components. This component will allow the operator to define a new match condition using a combination of offset and pattern values. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Idr] New draft-khare-idr-bgp-flowspec-payload-ma… Bergeon, Philippe (Nokia - CA/Ottawa)