Group Cooperative Route Filtering Capability for BGP4 draftmuleyharesidrorforder01
Group Cooperative Route Filtering Capability for BGP-4 draft-muley-hares-idr-orf-order-01. txt Praveen Muley (Alcatel), Susan Hares (Next. Hop) , Keyur Patel (Cisco), Luyuan Fang (AT&T), Benson Schliesser (Savvis), Nabil Bitar (Verizon)
Summary • Policies are being written with multiple ORF types that you want to group, but no grouping exists – Want something like a “route-map” function – This draft adds missing functionality of relation between the ORF entries • Draft was first presented in San Diego IETF 60 – Feedback was to incorporate the deployment scenarios. – New Co-authors have joined.
Problem • Today ORFs expression does logical “AND” among the ORF types and logical “OR” among the ORF entries. • That may not provide adequate ORF filter expression of policy for processing. • Policies are being written with multiple ORF types – Want to Group and use OR/AND operators across ORF entries – Want something like a “route-map” function • Current operational procedures for filtering provides AFI/SAFI context only. – Grouping will give further context granularity in the same AFI/SAFI.
Solution • Create Groups of policies that are applied in a specific order – Apply Group policies numerical order (1, 2, 3) • Apply Group polices before Non-Group polices – Use defaults in standards or – Specify defaults (via a new Default ORFs)
Current ORF format AFI (2 octets) Reserved (1 octet) When to refresh (1 octet) SAFI (1 octet) ORF type (1 octet) Length of ORFs (2 octets) First ORF entry (variable) Second ORF entry (variable)
GROUP ORF ID format Common ORF Flag (OR) Group id (1 octet) ORF type (1 octet) Length of ORFs (2 octets) First ORF entry (variable) Second ORF entry (variable) N- ORF entry (variable) ORF type (1 octet) Length of ORFs (2 octets) First ORF entry (variable) Second ORF entry (variable)
ORF Entry within Group ID Action (2 bit) Match (1 bit) AND/OR (1 bit) Reserved (4 bits) Type specific part (variable) • • AND/OR bit (0=OR, 1 = AND) Semantics of the bits in Group ORF impact next ORF entries (last ignored) ORF-entry-1(AND), ORF-Entry-2 (OR) , ORF-Entry-3(AND) ORF-Entry-4 (I) = (ORF-Entry-1 AND ORF-Entry 2) OR (ORF-Entry-3 and ORF-Entry-4)
Process • Group identified by Group id – Groups a set of ORFs – ORF procedure same within ORF with exception of the AND/OR bit operation • Apply ORFs in order of Group ID • Non-Grouped ORFs applied later
Uses of Group ORF • Layer 3 VPN policies • Policies for Global routing that include all ORFS
Two VPN Customer Site 2, City 2 CE –A 2 Customer Site 4 (VRF) City 4 (COM) PE 4 CE-A 4 RR Customer Site 1, City 1 CE -A 1 PE 2 VRF Blue Customer Site 1, City 1 Customer Site 2, City 2 PE 1 CE-B 1 VRF Blue VRF Red PE 3 CE-A 5 Customer Site 5 City 5 AFI/SAFI = IPVPN Group 1 (implicitly Red VPN) Extended ORF Type = Target Extended Community Permit Red (AND) ORF Type = Community Permit City 1 Customer Site 3 City 3 VRFRed CE-A 5 PE 1 CE-B 2 Customer Site 3 City 3 CE-B 2 Customer Site 5 City 5 (OR) Group 2 (implicitly Blue VPN) Extended ORF Type = Target Extended Community Permit BLUE (AND)ORF Type = Community Permit City 2
Prefix and ASPATH Net X, Y, Z AS 1 AS 2 (OR) Group 2 [Deny Action] ORF Type = Prefix Match prefix( */25) or longer AS 3 AS 4 AFI/SAFI = IPV 4 Group 1 [permit action] ORF Type = Prefix match X, permit match Y, permit match Z, permit (AND) ORF Type = ASPATH match ASPATH 3, 1. *, permit (OR) Group 3 [Permit Action] ORF Type = Prefix Match prefix(*)
- Slides: 11