IDR C. Lin Internet Draft New H3C Technologies Intended status: Standards Track H. Yao Expires: September 15, 2025 China Mobile Z. Li China Mobile March 15, 2025 BGP Flowspec for Computing-Aware Traffic Steering draft-lin-idr-cats-flowspec-ts-02 Abstract Computing-Aware Traffic Steering (CATS) is a traffic engineering approach that optimizes traffic steering to a given service instance by taking into account the dynamic nature of both computing and network resources. This document extends Version 2 of the BGP Flow Specification (BGP-FS) to enable flow classification and path selection for CATS flow categories, thus supporting the deployment of CATS traffic optimization. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 15 September 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this Lin, et al. Expires September, 2025 [Page 1] Internet-Draft BGP Flowspec for CATS March 2025 document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction...................................................2 2. Requirements Language..........................................3 3. Terminology....................................................3 4. Flow Specifications for CATS ..................................4 4.1. Scenario 1................................................4 4.2. Scenario 2................................................5 4.3. Scenario 3................................................6 5. Extension of BGP-FS............................................7 5.1. MARK CS-ID Action ........................................7 5.2. Redirect to CSCI-ID Action................................9 6. IANA Considerations...........................................10 6.1. FSv2 IP Basic TLV Components.............................10 6.2. CATS Action..............................................10 7. Security Considerations.......................................11 8. References....................................................11 8.1. Normative References.....................................11 Authors' Addresses...............................................13 1. Introduction A Flow Specification (Flow Spec) is an n-tuple consisting of several matching criteria that can be applied to IP traffic [RFC8955]. The Flow Spec conveys match conditions (each may include several components) which are encoded using MP_REACH_NLRI and MP_UNREACH_NLRI attributes [RFC4760], while the associated actions such as redirect and traffic marking are encoded in BGP Extended Communities [RFC4360][RFC5701]. The IPv4 NLRI component types and traffic filtering actions sub-types are described in [RFC8955], while the IPv6 related are described in [RFC8956]. [I-D.ietf-idr-flowspec-l2vpn] extends the flow-spec rules and actions for Ethernet Layer 2 and L2VPN. [I-D.ietf-idr-flowspec-v2] specifies BGP Flow Specification Version 2. Computing-Aware Traffic Steering (CATS) is introduced in [draft- ietf-cats-framework].In CATS network, the C-PS component performs path selection based on the CS-ID and forwards service traffic according to the selected path. Lin, et al. Expires September, 2025 [Page 2] Internet-Draft BGP Flowspec for CATS March 2025 This document specifies a new BGP Flow Spec Component Type to support CATS traffic filtering. Traffic is classified and mapped to the corresponding CS-ID using BGP Flow Spec rules, and path selection is then performed based on the CS-ID. BGP Flow Spec implements functions similar to the C-TC component. On the other hand, BGP Flow Spec can also use CS-ID as a filtering criterion. For the matched traffic, it forwards based on the actions specified by BGP Flow Spec, replacing the path selection function of C-PS. It also specifies traffic filtering actions to enable the creation of the CS-ID in the outer tunnel encapsulation when matched to the corresponding Flow Spec rules. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Terminology This document makes use of the following terms: Flow Spec: Flow Specification BGP-FS: Border Gateway Protocol (BGP) Flow Specification (FS) This document uses the following terms defined in [I-D.ietf-cats-framework]: * CATS * CS-ID * CSCI-ID * Client * Ingress CATS-Forwarder * Egress CATS-Forwarder Lin, et al. Expires September, 202 [Page 3] Internet-Draft BGP Flowspec for CATS March 2025 * C-PS * C-SMA * C-TC 4. Flow Specifications for CATS The Flow Spec for CATS is shown in Figure 1, that is, the Controller is used to set up BGP connection with the policy enforcement points in CATS network. +------------------+ /------| Controller |-----\ CS-ID 1 / +------------------+ \ CSCI-ID 1 +------+ FS / | \ FS +------+ |Client|-\ / FS FS FS \ /-|Server| +------+ \ +-/------+ +--/------|------\-----+ +--\-----+ / +------+ \-|Ingress | | | |Egress |-/ |CATS-FWD|--| CATS Network |--|CATS-FWD| CS-ID 1 /-| | | | | |-\ CSCI-ID 2 +------+ / +--------+ +----------------------+ +--------+ \ +------+ |Client|-/ \-|Server| +------+ +------+ Figure 1. Flow Spec for CATS The centralized model can be considered for the deployment of the CATS framework as described in [draft-ietf-cats-framework]. This document implements the functionalities of C-TC and C-PS under the centralized model by extending BGP-FS. 4.1. Scenario 1 Flow entries are directly pushed to redirect traffic to the CSCI-ID based on flow characteristics, enabling subsequent forwarding. Rule 1 Filter: Flow characteristics Action: Redirect to IPv4/IPv6 CSCI-ID Lin, et al. Expires September, 2025 [Page 4] Internet-Draft BGP Flowspec for CATS March 2025 +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(Match Port, etc) | Action : Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 2: Scenario 1 Examples 4.2. Scenario 2 The data layer of the traffic includes a CS-ID field. Rules are pushed to filter based on the CS-ID, redirecting traffic to the CSCI-ID for forwarding. Rule 1 Filter: IPv4/IPv6 CS-ID Action: Redirect to IPv4/IPv6 CSCI-ID Lin, et al. Expires September, 2025 [Page 5] Internet-Draft BGP Flowspec for CATS March 2025 +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(IPv4/IPv6 CS-ID) | Action : Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 3: Scenario 2 Examples 4.3. Scenario 3 Flow characteristics mapped to the CS-ID; deploy rules to filter based on the CS-ID and redirect traffic to the CSCI-ID for forwarding.. Rule 1 Filter: Flow characteristics Action: Mark IPv4/IPv6 CS-ID Rule 2 Filter: IPv4/IPv6 CS-ID Action: Redirect to IPv4/IPv6 CSCI-ID Lin, et al. Expires September, 2025 [Page 6] Internet-Draft BGP Flowspec for CATS March 2025 +------------+ | BGP FS | | Controller | +------------+ | FlowSpec route to Ingress NLRI: | Rule Condition: IP Extended Filter(Match Port, etc) | Action 1: Mark IPv4/IPv6 CS-ID | Action 2: Redirect to IPv4/IPv6 CSCI-ID | | .-----. | ( ) +------+ V .--( )--. -|Server| +-------+ ( ) +-------+ / +------+ | |_( CATS Network )_| |- |Ingress| ( ================> ) |Egress |- +-------+ ( ) +-------+ \ +------+ '--( )--' -|Server| ( ) +------+ '-----' Figure 4: Scenario 3 Examples 5. Extension of BGP-FS 5.1. MARK CS-ID Action When implementing the C-TC function, the corresponding CS-ID is assigned based on traffic characteristics, which are specified according to the FSv2 Basic IP Filters. If a rule is matched, execute the Mark CS-ID action. [draft-ietf-idr-fsv2-ip-basic] defines "FSv2 Extended Community Actions." Based on this, this document introduces a new action: "Mark CS-ID." "Mark IPv4 CS-ID" Action SubTLV has the format: Lin, et al. Expires September, 2025 [Page 7] Internet-Draft BGP Flowspec for CATS March 2025 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD1) | Length(4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 CS-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: "Mark IPv4 CS-ID" Action SubTLV "Mark IPv6 CS-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD2) | Length(16) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 CS-ID | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: "Mark IPv6 CS-ID" Action SubTLV 5.2. Filter by CS-ID [draft-ietf-idr-fsv2-ip-basic] defines the Components in the IP Basic TLV. This document proposes a new Component for defining CS-ID information from "FSv2 Components for IP Basic TLVs". When filtering using FlowSpec rules, the condition can be specified as the CS-ID. This is primarily used to achieve the C-PS function of CATS based on CS-ID for path selection. Sub-TLV Definition -------- --------------------- TBD3 - IPv4 CS-ID TBD4 - IPv6 CS-ID Lin, et al. Expires September, 2025 [Page 8] Internet-Draft BGP Flowspec for CATS March 2025 The IPv4 CS-ID Components has following format: Filter defines: a list of match criteria for IPv4 CS-ID Type: TBD3 length: variable IPv4 value: [numeric_op, value]+ Each CS-ID is 4 bytes. The IPv6 CS-ID Components has following format: Filter defines: a list of match criteria for IPv6 CS-ID Type: TBD4 length: variable IPv6 value: [numeric_op, value]+ Each CS-ID is 16 bytes. 5.2. Redirect to CSCI-ID Action While specifying the path, C-PS designates the CSCI-ID information. "Redirect to IPv4 CSCI-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD5) | Length(4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CSCI-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: "Redirect to IPv4 CSCI-ID" Action SubTLV Lin, et al. Expires September, 2025 [Page 9] Internet-Draft BGP Flowspec for CATS March 2025 "Redirect to IPv6 CSCI-ID" Action SubTLV has the format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Action type(TBD6) | Length(4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 CSCI-ID | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: "Redirect to IPv6 CSCI-ID" Action SubTLV 6. IANA Considerations 6.1. FSv2 IP Basic TLV Components [draft-ietf-idr-fsv2-ip-basic] defines the Components in the IP Basic TLV. This document requested to assign a new type code point from "FSv2 IP Basic TLV Components" registry for CS-ID. Sub-TLV Definition -------- --------------------- TBD1 - IPv4 CS-ID This document TBD2 - IPv6 CS-ID This document 6.2. CATS Action New action Types are requested from "FSv2 Community Path Attribute Actions": TBD3: MARK IPv4 CS-ID Action TBD4: MARK IPv6 CS-ID Action TBD5: Redirect to CSCI-ID Action Lin, et al. Expires September, 2025 [Page 10] Internet-Draft BGP Flowspec for CATS March 2025 TBD6: Redirect to CSCI-ID Action 7. Security Considerations TBD 8. References 8.1. Normative References [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended Communities Attribute", RFC 4360, DOI 10.17487/RFC4360, February 2006, . [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, DOI 10.17487/RFC4760, January 2007, . [RFC5701] Rekhter, Y., "IPv6 Address Specific BGP Extended Community Attribute", RFC 5701, DOI 10.17487/RFC5701, November 2009, . [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. Bacher, "Dissemination of Flow Specification Rules", RFC 8955, DOI 10.17487/RFC8955, December 2020, . [RFC8956] Loibl, C., Ed., Raszuk, R., Ed., and S. Hares, Ed., "Dissemination of Flow Specification Rules for IPv6", RFC 8956, DOI 10.17487/RFC8956, December 2020, . [I-D.ietf-idr-flowspec-l2vpn] Weiguo, H., Eastlake, D. E., Litkowski, S., and S. Zhuang, "BGP Dissemination of L2 Flow Specification Rules", Work in Progress, Internet- Draft, draft-ietf-idr-flowspec-l2vpn-23, 15 April 2024, . Lin, et al. Expires September, 2025 [Page 11] Internet-Draft BGP Flowspec for CATS March 2025 [I-D.ietf-idr-flowspec-v2]Hares, S., Eastlake, D. E., Yadlapalli, C., and S. Maduschke, "BGP Flow Specification Version 2", Work in Progress, Internet-Draft, draft-ietf-idr-flowspec- v2-04, 28 April 2024, . [I-D.ietf-cats-framework] Li, C., Du, Z., Boucadair, M., Contreras, L. M., and J.Drake, "A Framework for Computing-Aware Traffic Steering (CATS)", Work in Progress, Internet- Draft, draft-ietf-cats-framework-05, 10 February 2025, . [I-D.ietf-cats-usecases-requirements]Yao, K., Trossen, D., Boucadair, M., Contreras, L. M., Shi, H., Li, Y., and S. Zhang, "Computing-Aware Traffic Steering (CATS) Problem Statement, Use Cases, and Requirements", Work in Progress, Internet-Draft, draft-ietf-cats-usecases-requirements-01, 23 October 2023,. Lin, et al. Expires September, 2025 [Page 12] Internet-Draft BGP Flowspec for CATS March 2025 Authors' Addresses Changwang Lin New H3C Technologies China Email: linchangwang.04414@h3c.com Huijuan Yao China Mobile No.32 XuanWuMen West Street Beijing 100053 China Email: yaohuijuan@chinamobile.com Zhenqiang Li China Mobile China Email: lizhenqiang@chinamobile.com Lin, et al. Expires September, 2025 [Page 13]