[Idr] A proposal to add sequencing to BGP Flowspec v1
Jeffrey Haas <jhaas@pfrc.org> Tue, 27 April 2021 18:11 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95FF83A1A81 for <idr@ietfa.amsl.com>; Tue, 27 Apr 2021 11:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Bhp0A84pSdl for <idr@ietfa.amsl.com>; Tue, 27 Apr 2021 11:11:33 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 568F73A0CA2 for <idr@ietf.org>; Tue, 27 Apr 2021 11:11:33 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 5ED181E44B; Tue, 27 Apr 2021 14:34:49 -0400 (EDT)
Date: Tue, 27 Apr 2021 14:34:49 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: idr@ietf.org
Message-ID: <20210427183448.GA10541@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Wvw1mosxbT5LVY_1sK6GBNdZDjM>
Subject: [Idr] A proposal to add sequencing to BGP Flowspec v1
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 18:11:38 -0000
[Speaking as an individual contributor.] IDR, As a Working Group, we set out to finish Flowspec v1's -bis document before taking up the work for Flowspec v2. We finished the -bis work in RFC 8955. It's been several years since the conversations we had that motivated Flowspec v2. Sue had submitted a proposal that was intended to capture the thinking of the Working Group at the time. There were three high order pieces of work to be done: 1. Address parsing issues by moving to an explicit length field. (PCEP adopted this idea when they embedded Flowspec in their protocol to leverage our encodings.) 2. Provide for explicit sequencing of terms. This was motivated by there being a need for other firewall-like applications to have ordering different than those provided by the default sort function. 3. Provide for a better way to manage Flowspec actions, especially when they may have interactions based on ordering. draft-haas-flowspec-capability-bits was submitted to try to address the first issue incrementally for Flowspec v1. It's gotten good discussion. Below, please see a proposal that attempts to incrementally address the explicit sequencing problem. Why not wait to do this in Flowspec v2, you might ask? It's certainly an option. I will offer two initial points of consideration why we might want to consider this proposal: - We now have multiple BGP Flowspec features that share more history in the format of v1 (especially after the -bis work) than they do with v2. This includes extensions for nvo3, l2vpn. If those features will want to leverage explicit sequencing, they either need to wait on v2, or update after v2 has come into being. - This proposal is also compatible with those additional drafts. We look forward to your feedback. -- Jeff (for the authors) ----- Forwarded message from internet-drafts@ietf.org ----- Date: Tue, 27 Apr 2021 10:47:36 -0700 From: internet-drafts@ietf.org To: i-d-announce@ietf.org Subject: I-D Action: draft-haas-idr-flowspec-term-order-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : BGP Flowspec Explicit Term Ordering Authors : Jeffrey Haas Susan Hares Sven Maduschke Filename : draft-haas-idr-flowspec-term-order-00.txt Pages : 7 Date : 2021-04-27 Abstract: BGP Flowspec (RFC 8955) provides a mechanism for matching traffic flows. The ordering of the Flow Specifications defined by that RFC is provided by a sorting function that uses the contents of the received BGP NLRI; that NLRI does not contain an explicit ordering component. The RFC's sorting function permits for origination of Flowspec NLRI from multiple BGP Speakers and is generally appropriate for mitigating distributed denial-of-service (DDoS) attacks. There are circumstances where the implicit RFC 8955 sorting order is not appropriate. This document defines a mechanism that permits individual Flowspec NLRI to influence their sort order. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-haas-idr-flowspec-term-order/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-haas-idr-flowspec-term-order-00 https://datatracker.ietf.org/doc/html/draft-haas-idr-flowspec-term-order-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt ----- End forwarded message -----
- [Idr] A proposal to add sequencing to BGP Flowspe… Jeffrey Haas
- Re: [Idr] A proposal to add sequencing to BGP Flo… Robert Raszuk
- Re: [Idr] A proposal to add sequencing to BGP Flo… Jakob Heitz (jheitz)
- Re: [Idr] A proposal to add sequencing to BGP Flo… Robert Raszuk