IDR C. Lin Internet Draft New H3C Technologies Intended status: Standards Track H. Yao Expires: December 30, 2025 China Mobile Z. Li China Mobile Q. Xiong ZTE Corporation June 30, 2025 BGP Flowspec for Computing-Aware Traffic Steering draft-lin-idr-cats-flowspec-ts-03 Abstract A BGP Flow Specification is an n-tuple consisting of several matching criteria that can be applied to IP traffic. Computing-Aware Traffic Steering (CATS) is a framework which optimizes traffic steering to a given service instance by taking into account the dynamic nature of both computing and network resources. This document specifies a new BGP Flow Spec Component Type in order to support CATS traffic forwarding. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 30 December 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Lin, et al. Expires December 30, 2025 [Page 1] Internet-Draft BGP Flowspec for CATS July 2025 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction...................................................2 2. Requirements Language..........................................3 3. Terminology....................................................3 4. Flow Specifications for CATS...................................3 4.1. Scenario 1................................................4 4.2. Scenario 2................................................5 4.3. Scenario 3................................................5 5. Extend of BGP-FS...............................................6 5.1. Match by CS-ID............................................6 5.2. MARK CS-ID Action ........................................8 5.3. Redirect to CSCI-ID Action...............................9 6. Error Handling................................................10 7. Security Considerations.......................................10 8. IANA Considerations...........................................10 8.1. FSv2 Component types.....................................10 8.2. CATS Action..............................................10 9. References....................................................11 9.1. Normative References.....................................11 9.2. Informative References...................................11 Authors' Addresses...............................................12 1. Introduction A Flow Specification (Flow Spec) is an n-tuple consisting of several matching criteria that can be applied to IP traffic [RFC8955]. The Flow Spec conveys match conditions (each may include several components) which are encoded using MP_REACH_NLRI and MP_UNREACH_NLRI attributes [RFC4760], while the associated actions such as redirect and traffic marking are encoded in BGP Extended Communities [RFC4360][RFC5701]. The IPv4 NLRI component types and traffic filtering actions sub-types are described in [RFC8955], while the IPv6 related are described in [RFC8956]. [I-D.ietf-idr- flowspec-v2] specifies BGP Flow Specification Version 2.[draft-ietf- idr-fsv2-ip-basic] defines FSv2 Extended Community Actions in the IP Basic TLV. Computing-Aware Traffic Steering (CATS) is introduced in [I-D.ietf- cats-framework]. The CS-ID is a globally unique object in the network, which can be a server's IP address, an SR label, or a simple unsigned numerical value. In CATS network, the C-PS component Lin, et al. Expires December 30, 2025 [Page 2] Internet-Draft BGP Flowspec for CATS July 2025 performs path selection based on the CS-ID and forwards service traffic according to the selected path. This document specifies a new BGP Flow Spec Component Type to support CATS traffic filtering. Traffic is classified and mapped to the corresponding CS-ID using BGP Flow Spec rules, and path selection is then performed based on the CS-ID. BGP Flow Spec implements functions similar to the C-TC component. On the other hand, BGP Flow Spec can also use CS-ID as a filtering criterion. For the matched traffic, it forwards based on the actions specified by BGP Flow Spec, replacing the path selection function of C-PS. It also specifies traffic filtering actions to enable the creation of the CS-ID in the outer tunnel encapsulation when matched to the corresponding Flow Spec rules. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Terminology This document makes use of the terms as defined in [I-D. draft-ietf- cats-framework]. Flow Spec: Flow Specification BGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS) 4. Flow Specifications for CATS The Flow Spec for CATS is shown in Figure 1, that is, the Controller is used to set up BGP connection with the policy enforcement points in CATS network. Lin, et al. Expires December 30, 2025 [Page 3] Internet-Draft BGP Flowspec for CATS July 2025 +------------------+ /------| Controller |-----\ CS-ID 1 / +------------------+ \ CSCI-ID 1 +------+ FS FS +------+ |Client|-\ / \ /-|Server| +------+ \ +-/------+ +----------------------+ +--\-----+ / +------+ \-|Ingress | | | |Egress |-/ |CATS-FWD|--| CATS Network |--|CATS-FWD| CS-ID 1 /-| | | | | |-\ CSCI-ID 2 +------+ / +--------+ +----------------------+ +--------+ \ +------+ |Client|-/ \-|Server| +------+ +------+ Figure 1. Flow Spec for CATS CATS Framework Workflow is referenced in [I-D.ietf-cats-framework]. This document describes the main applications of BGP-FS in the CATS framework as follows: 4.1. Scenario 1 Flow entries are directly pushed to redirect traffic to the CSCI-ID based on flow characteristics, enabling subsequent forwarding. Rule 1 Filter: Flow characteristics Action: Redirect to IPv4/IPv6 CSCI-ID +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(Match Port, etc) | Action : Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 2: Scenario 1 Examples Lin, et al. Expires December 30, 2025 [Page 4] Internet-Draft BGP Flowspec for CATS July 2025 4.2. Scenario 2 The data layer of the traffic includes a CS-ID field. Rules are pushed to filter based on the CS-ID, redirecting traffic to the CSCI-ID for forwarding. Rule 1 Filter: IPv4/IPv6 CS-ID Action: Redirect to IPv4/IPv6 CSCI-ID +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(IPv4/IPv6 CS-ID) | Action : Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 3: Scenario 2 Examples 4.3. Scenario 3 Flow characteristics mapped to the CS-ID; deploy rules to filter based on the CS- ID and redirect traffic to the CSCI-ID for forwarding.. Rule 1 Filter: Flow characteristics Action: Mark IPv4/IPv6 CS-ID Rule 2 Filter: IPv4/IPv6 CS-ID Lin, et al. Expires December 30, 2025 [Page 5] Internet-Draft BGP Flowspec for CATS July 2025 Action: Redirect to IPv4/IPv6 CSCI-ID +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(Match Port, etc) | Action 1: Mark IPv4/IPv6 CS-ID | Action 2: Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 4: Scenario 3 Examples 5. Extend of BGP-FS This document elaborates on the protocol enhancements grounded in the BGP Flowspec v2 format[I-D.ietf-idr-flowspec-v2]. It introduces one matching: matching CS-ID. Furthermore, it enriches the action repertoire with two actions: Mark CS-ID action, and Redirect to CSCI-ID action. In scenario 4.1, the Redirect to CS-ID action is leveraged. In scenario 4.2, matching CS-ID is deployed in tandem with the Redirect to CS-ID action. In scenario 4.3, the Mark CS-ID action is implemented in conjunction with the Redirect to CS-ID action. 5.1. Match by CS-ID The format of the FSv2 NLRI field for IP Filters is defined in [I- D.draft-ietf-idr-flowspec-v2]. This format includes a common header Lin, et al. Expires December 30, 2025 [Page 6] Internet-Draft BGP Flowspec for CATS July 2025 with fields for user specified order, dependency filter chain, and a TLV for filter components (type, length, value). This document proposes a new Component for defining CS-ID information from the Extended IP Filters Components for for IP Extended Filters version 2. When filtering using FlowSpec rules, the condition can be specified as the CS-ID. This is primarily used to achieve the C-PS function of CATS based on CS-ID for path selection. The IPv4 CS-ID Components has following format: +-------------------------------+ | SubTLV type = TBD1 (1 octet) | +-------------------------------+ | length (1 octet) | + ------------------------------+ | value (variable) | +-------------------------------+ Filter defines: a list of match criteria for IPv4 CS-ID Type: TBD1 length: variable IPv4 value: [numeric_op, value]+ Each IPv4 CS-ID value is 4 octets. The IPv6 CS-ID Components has following format: +-------------------------------+ | SubTLV type = TBD2 (1 octet) | +-------------------------------+ | length (1 octet) | + ------------------------------+ Lin, et al. Expires December 30, 2025 [Page 7] Internet-Draft BGP Flowspec for CATS July 2025 | value (variable) | +-------------------------------+ Filter defines: a list of match criteria for IPv6 CS-ID Type: TBD2 length: variable IPv6 value: [numeric_op, value]+ Each IPv6 CS-ID value is 16 octets. 5.2. MARK CS-ID Action When implementing the C-TC function, the corresponding CS-ID is assigned based on traffic characteristics, which are specified according to the FSv2 IP Extend Filters. If a rule is matched, execute the Mark CS-ID action. This document defines a new traffic filtering action: "Mark CS-ID" Action. It is specifically encapsulated and carried through the BGP Community Container Attribute (also known as BGP Wide Communities) defined in [I-D.ietf-idr-wide-bgp-communities]. "Mark IPv4 CS-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD3) | Length(4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 CS-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: "Mark IPv4 CS-ID" Action SubTLV "Mark IPv6 CS-ID" Action SubTLV has the format: Lin, et al. Expires December 30, 2025 [Page 8] Internet-Draft BGP Flowspec for CATS July 2025 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD4) | Length(16) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 CS-ID | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: "Mark IPv6 CS-ID" Action SubTLV 5.3. Redirect to CSCI-ID Action While specifying the path, C-PS designates the CSCI-ID information. "Redirect to IPv4 CSCI-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD5) | Length(4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CSCI-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 7: "Redirect to IPv4 CSCI-ID" Action SubTLV "Redirect to IPv6 CSCI-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD6) | Length(16) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 CSCI-ID | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 8: "Redirect to IPv6 CSCI-ID" Action SubTLV Lin, et al. Expires December 30, 2025 [Page 9] Internet-Draft BGP Flowspec for CATS July 2025 6. Error Handling The error handling and validation of BGP FSv2 follows section 4 of [I-D.ietf-idr-flowspec-v2]. When the Mark CS-ID Action and Redirect to CSCI-ID Action SubTLVs are missing at the same time, the FlowSpec steering falls back to the FSv2 IP Basic actions in [I-D.ietf-idr- fsv2-ip-basic]. 7. Security Considerations Security considerations for BGP FSv2 are covered in the [draft-ietf- idr-fsv2-ip-basic].The security of CATS information distributed has been discussed in [draft-ietf-cats-framework]. They are also applicable to the extensions described in this document. 8. IANA Considerations 8.1. FSv2 Component types This document requested to assign new type code point from FSv2 Component types for CS-ID. Table 3 Non-IP Types for IP Filters[I-D.ietf-idr-flowspec-v2] SubTLV -type Definition ====== ============ TBD1 - CATS Match 1: IPv4 CS-ID TBD2 - CATS Match 1: IPv6 CS-ID 8.2. CATS Action IANA is requested to assign the following code points from the "BGP FSv2 Action types" Registry: TBD3: MARK IPv4 CS-ID Action TBD4: MARK IPv6 CS-ID Action TBD5: Redirect to IPv4 CSCI-ID Action Lin, et al. Expires December 30, 2025 [Page 10] Internet-Draft BGP Flowspec for CATS July 2025 TBD6: Redirect to IPv6 CSCI-ID Action 9. References 9.1. Normative References [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, February 2006, . [RFC4760] Bates, T., Chandra, R., Katz, D., and Y.Rekhter, "Multiprotocol Extensions for BGP-4", RFC4760, DOI 10.17487/RFC4760, January 2007, . [RFC5701] Rekhter, Y., "IPv6 Address Specific BGP Extended Community Attribute", RFC 5701, DOI 10.17487/RFC5701, November 2009, . [I-D.ietf-idr-flowspec-v2]Hares, S., Eastlake, D. E., Yadlapalli, C., and S. Maduschke, "BGP Flow Specification Version 2", Work in Progress, Internet-Draft, draft-ietf-idr-flowspec- v2-04, 28 April 2024, . 9.2. Informative References [I-D.ietf-cats-framework] C. Li.,Z. Du.,M. Boucadair.,L. M. Contreras., J. Drake., " A Framework for Computing-Aware Traffic Steering (CATS)", draft-ietf-cats-framework- 10(work in progress), June 2025. Lin, et al. Expires December 30, 2025 [Page 11] Internet-Draft BGP Flowspec for CATS July 2025 Authors' Addresses Changwang Lin New H3C Technologies China Email: linchangwang.04414@h3c.com Huijuan Yao China Mobile No.32 XuanWuMen West Street Beijing 100053 China Email: yaohuijuan@chinamobile.com Zhenqiang Li China Mobile China Email: lizhenqiang@chinamobile.com Quan Xiong ZTE Corporation Email: xiong.quan@zte.com.cn Lin, et al. Expires December 30, 2025 [Page 12]