IETF Logo Mail Archive

[Idr] 答复: FW: New Version Notification for draft-wu-idr-flowspec-dip-community-filter-00.txt

wutianhao <wutianhao10@huawei.com> Wed, 13 March 2024 09:14 UTC

Return-Path: <wutianhao10@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3824DC14F6A8 for <idr@ietfa.amsl.com>; Wed, 13 Mar 2024 02:14:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-U9IS7aOWa3 for <idr@ietfa.amsl.com>; Wed, 13 Mar 2024 02:14:26 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 516B8C151061 for <idr@ietf.org>; Wed, 13 Mar 2024 02:14:07 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Tvl8P4WL9z6K99Z for <idr@ietf.org>; Wed, 13 Mar 2024 17:09:57 +0800 (CST)
Received: from lhrpeml100002.china.huawei.com (unknown [7.191.160.241]) by mail.maildlp.com (Postfix) with ESMTPS id 49F82140A79 for <idr@ietf.org>; Wed, 13 Mar 2024 17:14:04 +0800 (CST)
Received: from dggpemm500007.china.huawei.com (7.185.36.183) by lhrpeml100002.china.huawei.com (7.191.160.241) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 13 Mar 2024 09:14:03 +0000
Received: from dggpemm500006.china.huawei.com (7.185.36.236) by dggpemm500007.china.huawei.com (7.185.36.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 13 Mar 2024 17:14:01 +0800
Received: from dggpemm500006.china.huawei.com ([7.185.36.236]) by dggpemm500006.china.huawei.com ([7.185.36.236]) with mapi id 15.01.2507.035; Wed, 13 Mar 2024 17:14:01 +0800
From: wutianhao <wutianhao10@huawei.com>
To: Robert Raszuk <robert@raszuk.net>
CC: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] FW: New Version Notification for draft-wu-idr-flowspec-dip-community-filter-00.txt
Thread-Index: Adpt6LLvuDsGnj4fSyS0vzKV9JqlkAARGCEAAby3g2A=
Date: Wed, 13 Mar 2024 09:14:00 +0000
Message-ID: <a054a310c3514cbe9cc765f572fa3760@huawei.com>
References: <1d8a9005350548acae681108370cb22d@huawei.com> <CAOj+MMGZ7jSZPYSPj=dhw7PkkjjKdGH=cT4DqXLdbdeGLQ+oEg@mail.gmail.com>
In-Reply-To: <CAOj+MMGZ7jSZPYSPj=dhw7PkkjjKdGH=cT4DqXLdbdeGLQ+oEg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.153.48]
Content-Type: multipart/alternative; boundary="_000_a054a310c3514cbe9cc765f572fa3760huaweicom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/r0v3IraUmYQmgrDpR7cXuYf_1YQ>
Subject: [Idr] 答复: FW: New Version Notification for draft-wu-idr-flowspec-dip-community-filter-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2024 09:14:30 -0000

Hi, Robert

Thank you for your comments.

This draft is targeting both FlowSpec v1 and FlowSpec v2. We will add a section to describe FlowSpec v2 part.

This component use control plane information need to be delivered to FIB as follows:
BGP -> RIB -> FIB
FlowSpec -> ACL

In data plane, BGP communities and FlowSpec rules can be combined to redirect flow.

It is indeed departure from the original definition of FlowSpec v1. But we think that control plane information can be used to reduce ACL usage significantly and do not need to change the FlowSpec v1.

Best regards,

Tianhao Wu


发件人: Robert Raszuk <robert@raszuk.net>
发送时间: 2024年3月5日 4:11
收件人: wutianhao <wutianhao10@huawei.com>
抄送: idr@ietf.org
主题: Re: [Idr] FW: New Version Notification for draft-wu-idr-flowspec-dip-community-filter-00.txt

Hi,

I am not sure if this is targeting FlowSpec v2 ... but I would like to observe that component types as defined in RFC8955 are about data plane.

You are proposing an addition of a control plane entity - namely BGP Community Attribute.

I understand that you want to recursively result local installation into the data plane all destinations which are advertised in BGP with such community, but this is a significant departure from the definition of FlowSpec v1.

It is about signalling dynamically a BGP policy which FlowSpec v1 is not doing.  With that being said I recommend that if authors of FlowSpec v2 are still working on it allowing it to carry BGP policy - then this would be the right place to add the proposed encoding into.

As currently defined - stand alone extension - it does not seems to even fit https://www.iana.org/assignments/flow-spec/flow-spec.xhtml.

Kind regards,
Robert


On Mon, Mar 4, 2024 at 11:55 AM wutianhao <wutianhao10=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Dear all,

We've submitted a new draft: draft-wu-idr-flowspec-dip-community-filter.

This draft specifies a new BGP Flowspec component type to support community-level filtering. Flowspec rules can be reduced by using the method defining in this draft. It saves a lot of entry spaces on the control plane and forwarding plane, and it would greatly simplify the operation of the control plane, and the more destination prefixes with the same community has, the more obvious the benefit.

Review and comments are welcome.

Best regards,
Tianhao

-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: 2024年2月29日 17:26
To: Wanghaibo (Rainsword) <rainsword.wang@huawei.com<mailto:rainsword.wang@huawei.com>>; Gejun (Jack, BGP) <jack.gejun@huawei.com<mailto:jack.gejun@huawei.com>>; wutianhao <wutianhao10@huawei.com<mailto:wutianhao10@huawei.com>>; Dingxiangfeng <dingxiangfeng@huawei.com<mailto:dingxiangfeng@huawei.com>>
Subject: New Version Notification for draft-wu-idr-flowspec-dip-community-filter-00.txt

A new version of Internet-Draft
draft-wu-idr-flowspec-dip-community-filter-00.txt has been successfully submitted by Tianhao Wu and posted to the IETF repository.

Name:     draft-wu-idr-flowspec-dip-community-filter
Revision: 00
Title:    Destination-IP-Community Filter for BGP Flow Specification
Date:     2024-02-28
Group:    Individual Submission
Pages:    7
URL:      https://www.ietf.org/archive/id/draft-wu-idr-flowspec-dip-community-filter-00.txt
Status:   https://datatracker.ietf.org/doc/draft-wu-idr-flowspec-dip-community-filter/
HTMLized: https://datatracker.ietf.org/doc/html/draft-wu-idr-flowspec-dip-community-filter


Abstract:

   BGP Flowspec mechanism (BGP-FS) propagates both traffic Flow
   Specifications and Traffic Filtering Actions by making use of the BGP
   NLRI and the BGP Extended Community encoding formats.  This document
   specifies a new BGP-FS component type to support community-level
   filtering.  The match field is the community of the destination IP
   address that is encoded in the Flowspec NLRI.  This function is
   applied in a single administrative domain.



The IETF Secretariat


_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email