--- 1/draft-ietf-idr-as0-05.txt 2012-08-26 18:14:08.621341773 +0200 +++ 2/draft-ietf-idr-as0-06.txt 2012-08-26 18:14:08.633342823 +0200 @@ -1,45 +1,46 @@ idr W. Kumari Internet-Draft Google Updates: 4271 (if approved) R. Bush Intended status: Standards Track Internet Initiative Japan -Expires: November 23, 2012 H. Schiller +Expires: February 27, 2013 H. Schiller Verizon K. Patel Cisco Systems - May 22, 2012 + August 26, 2012 Codification of AS 0 processing. - draft-ietf-idr-as0-05 + draft-ietf-idr-as0-06 Abstract - This document updates RFC 4271 and proscribes the use of AS 0 in BGP - OPEN and AS_PATH / AS4_PATH BGP attribute. + This document updates RFC 4271 and proscribes the use of Autonomous + System (AS) 0 in the Border Gateway Protocol (BGP) OPEN and AS_PATH / + AS4_PATH BGP attribute. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 23, 2012. + This Internet-Draft will expire on February 27, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -62,31 +63,36 @@ 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction Autonomous System 0 is listed in the IANA Autonomous System Number Registry as "Reserved - May be use to identify non-routed networks" ([IANA.AS_Numbers]). - [RFC6491] specifies that AS number zero in a ROA is used to mark an - NLRI which is to be marked as Invalid. + [RFC6491] specifies that AS number zero in a Route Origin Attestation + (ROA) is used to mark a prefix and all its more specific prefixes as + not to be used in a routing context. This allows a resource holder + to signal that a prefix (and the more specifics) should not be routed + by publishing a ROA listing AS0 as the only origin. To respond to + this signal requres that BGP implementations do not accept or + propagate routes containing AS0. No clear statement that AS 0 was proscribed could be found in any BGP specification. This document corrects this omission, most importantly in the case of the AS_PATH. This represents an update to - the error handling procedures given in [RFC4271]. + the error handling procedures given in [RFC4271] Sections 6.2 and 6.3 + by specifying the behavior in the presence of AS0. - As at least two implementations discard routes containing AS 0, and - to allow approaches such as the above, this document codifies this - behavior. + At least two implementations discard routes containing AS 0, and this + document codifies this behavior. 1.1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Behavior A BGP speaker MUST NOT originate or propagate a route with an AS @@ -101,49 +107,49 @@ or AS4_AGGREGATOR attribute MUST be considered as malformed, and be handled by the procedures specified in [I-D.ietf-idr-rfc4893bis]. If a BGP speaker receives zero as the peer AS in an OPEN message, it MUST abort the connection and send a NOTIFICATION with Error Code "OPEN Message Error" and subcode "Bad Peer AS" (see [RFC4271] Section 6.2). A router MUST NOT initiate a connection claiming to be AS number zero. Authors of future protocol extensions that carry the Autonomous - System number are encouraged keep in mind that AS number zero is + System number are encouraged to keep in mind that AS number zero is reserved and to provide clear direction on how to handle AS number zero. 3. IANA Considerations The IANA is requested to update the Reference for number 0 in the "Autonomous System (AS) Numbers" registry to reference this document. 4. Security Considerations - By allowing a RPKI resource holder to issue a ROA saying that AS 0 is - the only valid origin for a route, we allow them to state that a - particular address resource is not in use. By ensuring that all - implementations that see AS 0 in a route ignore that route, we - prevent a malicious party from announcing routes containing AS 0 in - an attempt to hijack those resources. + By allowing a Resource Public Key Infrastructure (RPKI) resource + holder to issue a ROA saying that AS 0 is the only valid origin for a + route, we allow them to state that a particular address resource is + not in use. By ensuring that all implementations that see AS 0 in a + route ignore that route, we prevent a malicious party from announcing + routes containing AS 0 in an attempt to hijack those resources. In addition, by standardizing the behavior upon reception of an AS_PATH (or AS4_PATH) containing AS 0, this document makes the - behavior better defined, and security gotchas often lurk in the - undefined spaces. + behavior better defined. 5. Acknowledgements - The authors wish to thank Enke Chen, Brian Dickson, Bruno Decraene, - Robert Raszuk, Jakob Heitz, Danny McPherson, Chris Morrow, iLya, John - Scudder, Jeff Tantsura, Daniel Ginsburg and Susan Hares. Apologies - to those we may have missed, it was not intentional. + The authors wish to thank Elwyn Davies, Enke Chen, Brian Dickson, + Bruno Decraene, Robert Raszuk, Jakob Heitz, Danny McPherson, Chris + Morrow, iLya, John Scudder, Jeff Tantsura, Daniel Ginsburg and Susan + Hares. Apologies to those we may have missed, it was not + intentional. 6. References 6.1. Normative References [I-D.ietf-idr-error-handling] Scudder, J., Chen, E., Mohapatra, P., and K. Patel, "Revised Error Handling for BGP UPDATE Messages", draft-ietf-idr-error-handling-01 (work in progress), December 2011. @@ -223,29 +230,37 @@ o Editorial: I suggest dropping the parentheses in... JGS. o Added "This document updates rfc 4271" to keep IDNITs happy... o Bumped refs: draft-ietf-sidr-iana-objects has been published as RFC 6491, idr-error is now -01, 4893bis is now -06 Changes - 05 o Added something to the intro saying what we update and why. This was in the abstract, but I didn't have it in the intro. Stupid. + Changes - 06 + o Incorporated some comments / clarifications from Gen-ART review + (Elwyn Davies) + o Expaned acronyms. + o RFC 6491 fix - clarified what it actually said and what + implications are. + Authors' Addresses Warren Kumari Google 1600 Amphitheatre Parkway Mountain View, CA 94043 US Email: warren@kumari.net + Randy Bush Internet Initiative Japan 5147 Crystal Springs Bainbridge Island, WA 98110 US Email: randy@psg.com Heather Schiller Verizon