draft-ietf-idr-bgp-extended-messages-30.txt   draft-ietf-idr-bgp-extended-messages-31.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft IIJ & Arrcus
Updates: 4271 (if approved) K. Patel Updates: 4271 (if approved) K. Patel
Intended status: Standards Track Arrcus, Inc. Intended status: Standards Track Arrcus, Inc.
Expires: September 27, 2019 D. Ward Expires: January 1, 2020 D. Ward
Cisco Systems Cisco Systems
March 26, 2019 June 30, 2019
Extended Message support for BGP Extended Message support for BGP
draft-ietf-idr-bgp-extended-messages-30 draft-ietf-idr-bgp-extended-messages-31
Abstract Abstract
The BGP specification mandates a maximum BGP message size of 4096 The BGP specification mandates a maximum BGP message size of 4,096
octets. As BGP is extended to support newer AFI/SAFIs and other octets. As BGP is extended to support newer AFI/SAFIs and other
features, there is a need to extend the maximum message size beyond features, there is a need to extend the maximum message size beyond
4096 octets. This document updates the BGP specification RFC4271 by 4,096 octets. This document updates the BGP specification RFC4271 by
providing an extension to BGP to extend its current maximum message extending the maximum message size from 4,096 octets to 65,535 octets
size from 4096 octets to 65535 octets for all except the OPEN for all except the OPEN and KEEPALIVE messages.
message.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
be interpreted as described in [RFC2119] only when they appear in all "OPTIONAL" in this document are to be interpreted as described in BCP
upper case. They may also appear in lower or mixed case as English 14 [RFC2119] [RFC8174] when, and only when, they appear in all
words, without normative meaning. capitals, as shown here.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2019. This Internet-Draft will expire on January 1, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. BGP Extended Message . . . . . . . . . . . . . . . . . . . . 2 2. BGP Extended Message . . . . . . . . . . . . . . . . . . . . 2
3. Extended Message Capability for BGP . . . . . . . . . . . . . 3 3. Extended Message Capability for BGP . . . . . . . . . . . . . 3
4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 4 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 4
6. Changes to RFC4271 . . . . . . . . . . . . . . . . . . . . . 4 6. Changes to RFC4271 . . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Security Considerations . . . . . . . . . . . . . . . . . . . 5
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
10.1. Normative References . . . . . . . . . . . . . . . . . . 6 10.1. Normative References . . . . . . . . . . . . . . . . . . 6
10.2. Informative References . . . . . . . . . . . . . . . . . 6 10.2. Informative References . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The BGP specification [RFC4271] mandates a maximum BGP message size The BGP specification [RFC4271] mandates a maximum BGP message size
of 4096 octets. As BGP is extended to support newer AFI/SAFIs and of 4,096 octets. As BGP is extended to support newer AFI/SAFIs and
newer capabilities (e.g., BGPsec, [RFC8205], BGP-LS, [RFC7752]), newer capabilities (e.g., BGPsec [RFC8205] and BGP-LS [RFC7752]),
there is a need to extend the maximum message size beyond 4096 there is a need to extend the maximum message size beyond 4,096
octets. This draft provides an extension to BGP to extend its octets. This draft provides an extension to BGP to extend its
current message size limit from 4096 octets to 65535 octets for all message size limit from 4,096 octets to 65,535 octets for all except
except the OPEN message. the OPEN and KEEPALIVE messages.
2. BGP Extended Message 2. BGP Extended Message
A BGP message over 4096 octets in length is a BGP Extended Message. A BGP message over 4,096 octets in length is a BGP Extended Message.
BGP Extended Messages have maximum message size of 65535 octets. The BGP Extended Messages have a maximum message size of 65,535 octets.
smallest message that may be sent consists of a BGP header without a The smallest message that may be sent consists of a BGP KEEPALIVE
data portion (19 octets). which consists of 19 octets.
3. Extended Message Capability for BGP 3. Extended Message Capability for BGP
To advertise the BGP Extended Message Capability to a peer, a BGP To advertise the BGP Extended Message Capability to a peer, a BGP
speaker uses BGP Capabilities Advertisement [RFC5492]. By speaker uses BGP Capabilities Advertisement [RFC5492]. By
advertising the BGP Extended Message Capability to a peer, a BGP advertising the BGP Extended Message Capability to a peer, a BGP
speaker conveys that it is able to send, receive, and properly handle speaker conveys that it is able to send, receive, and properly
BGP Extended Messages. handle, see Section 4, BGP Extended Messages.
The BGP Extended Message Capability is a new BGP Capability [RFC5492] The BGP Extended Message Capability is a new BGP Capability [RFC5492]
defined with Capability code 6 and Capability length 0. defined with Capability code 6 and Capability length 0.
A peer which does not advertise this capability MUST NOT send BGP A peer which does not advertise this capability MUST NOT send BGP
Extended Messages, and BGP Extended Messages MUST NOT be sent to it. Extended Messages, and BGP Extended Messages MUST NOT be sent to it.
4. Operation Peers that wish to use the BGP Extended Message capability must
support Error Handling for BGP UPDATE Messages per [RFC7606].
A BGP speaker that is capable of sending and receiving BGP Extended 4. Operation
Messages SHOULD advertise the BGP Extended Message Capability to the
peer using BGP Capabilities Advertisement [RFC5492]. A BGP speaker
MAY send Extended Messages to its peer only if it has fully exchanged
the Extended Message Capability with that peer.
The Extended Message Capability applies to all messages except for The Extended Message Capability applies to all messages except for
the OPEN message. This exception is made to reduce complexity of the OPEN and KEEPALIVE messages. The former exception is to reduce
providing backward compatibility the complexity of providing a backward compatibility
A BGP speaker that is capable of sending and receiving BGP Extended
Messages SHOULD advertise the BGP Extended Message Capability to its
peers using BGP Capabilities Advertisement [RFC5492]. A BGP speaker
MAY send Extended Messages to its peer only if both peers have
negotiated the Extended Message Capability with each other.
An implementation that advertises support for BGP Extended Messages An implementation that advertises support for BGP Extended Messages
MUST be capable of receiving a message with a length up to and MUST be capable of receiving a message with a Length up to and
including 65535 octets. including 65,535 octets.
Applications generating information which might be encapsulated Applications generating information which might be encapsulated
within BGP messages MUST limit the size of their payload to take the within BGP messages MUST limit the size of their payload to take the
maximum message size into account. maximum message size into account.
If a BGP update with a payload longer than 4096 octets is received by If a BGP message with a Length lgreater than 4,096 octets is received
a BGP listener who has neither advertised nor agreed to accept BGP by a BGP listener who has not advertised the Extended Message
Extended Messages, the listener MUST treat this as a malformed update Capability, the listener MUST treat this as a malformed message, and
message, and MUST raise an UPDATE Message Error (see [RFC4271] Sec MUST generate a NOTIFICATION with the Error Subcode set to Bad
6.3). Message Length (see [RFC4271] Sec 6.1).
A BGP announcement will, in the normal case, propagate throughout the
BGP speaking Internet; and there will undoubtedly be BGP speakers
which do not have the Extended Message capability. Therefore, having
an attribute set which can not be decomposed to 4096 octets or less
in an Extended Message will likely raise errors.
A BGP speaker with a mixture of peers some of which have negotiated A BGP announcement will (policy, best path, etc., allowing) propagate
BGP Extended Message capability and some which have not, MUST throughout the BGP speaking Internet; and hence to BGP speakers which
o support [RFC7606], and may not have the Extended Message capability. Therefore, an
o "treat as withdraw" (see [RFC7606]) a BGP attribute/NLRI pair announcement in an Extended Message where the size of the attribute
(defined as BGP Route) which is too large to be sent to a peer set plus the NLRI can not be decomposed to 4,096 octets or less may
which does not support BGP Extended Messages. cause lack of reachability.
The BGP speaker MAY remove some BGP attributes which are eligible to A speaker capable of BGP Extended Messages having a mixture of peers
use the Attribute discard approach in [RFC7606]. some of which have not exchanged the BGP Extended Message capability,
may receive an announcement from one of its capable peers that would
(due to the new AS on the path, new added attributes, etc.) produce
an ongoing announcement that would be over 4,096 octets. When
propagating that update onward to a neighbor with which it has not
negotiated the BGP Extended Message capability, the sender SHOULD try
to reduce the outgoing message size by downgrading BGPsec to BGP4,
decomposing a multi-NLRI update producing multiple updates with fewer
NLRI per update, removing attributes eligible under the attribute
discard approach of [RFC7606], etc. If the resulting message would
still be over the 4,096 octet limit, the sender SHOULD treat-as-
withdraw per [RFC7606].
In an iBGP mesh, all peers SHOULD support the BGP Extended Message In an iBGP mesh, all peers SHOULD support the BGP Extended Message
Capability and [RFC7606]. Only then is it consistent to deploy with Capability and [RFC7606]. Only then is it consistent to deploy with
eBGP peers. eBGP peers.
During the incremental deployment of BGP Extended Messages and During the incremental deployment of BGP Extended Messages and
[RFC7606] in an iBGP mesh, or with eBGP peers, the operator should [RFC7606] in an iBGP mesh, or with eBGP peers, the operator should
monitor any routes dropped as "treat as withdraw". monitor any routes dropped as "treat-as-withdraw".
It is RECOMMENDED that BGP protocol developers and implementers are It is RECOMMENDED that BGP protocol developers and implementers are
conservative in their application and use of Extended Messages. conservative in their application and use of Extended Messages.
Future protocol specifications will need to describe how to handle Future protocol specifications will need to describe how to handle
peers which can only accommodate 4096 octet messages. peers which can only accommodate 4,096 octet messages.
5. Error Handling 5. Error Handling
A BGP speaker that has the ability to use Extended Messages but has A BGP speaker that has the ability to use Extended Messages but has
not advertised the BGP Extended Messages capability, presumably due not advertised the BGP Extended Messages capability, presumably due
to configuration, SHOULD NOT accept an Extended Message. A speaker to configuration, SHOULD NOT accept an Extended Message. A speaker
SHOULD NOT implement a more liberal policy accepting BGP Extended SHOULD NOT implement a more liberal policy accepting BGP Extended
Messages. Messages.
A BGP speaker that does not advertise the BGP Extended Messages A BGP speaker that does not advertise the BGP Extended Messages
skipping to change at page 4, line 48 skipping to change at page 5, line 10
similarly. similarly.
The inconsistency between the local and remote BGP speakers MUST be The inconsistency between the local and remote BGP speakers MUST be
flagged to the network operator through standard operational flagged to the network operator through standard operational
interfaces. The information should include the NLRI and as much interfaces. The information should include the NLRI and as much
relevant information as reasonably possible. relevant information as reasonably possible.
6. Changes to RFC4271 6. Changes to RFC4271
[RFC4271] states "The value of the Length field MUST always be at [RFC4271] states "The value of the Length field MUST always be at
least 19 and no greater than 4096." This document changes the latter least 19 and no greater than 4,096." This document changes the
number to 65535 for all except the OPEN message. latter number to 65,535 for all except the OPEN and KEEPALIVE
messages.
[RFC4271] Sec 6.1, specifies raising an error if the length of a [RFC4271] Sec 6.1, specifies raising an error if the length of a
message is over 4096 octets. For all messages except the OPEN message is over 4,096 octets. For all messages except the OPEN
message, if the receiver has advertised the BGP Extended Messages message, if the receiver has advertised the BGP Extended Messages
Capability, this document raises that limit to 65535. Capability, this document raises that limit to 65,535.
7. IANA Considerations 7. IANA Considerations
The IANA has made an early allocation for this new BGP Extended The IANA has made an early allocation for this new BGP Extended
Message Capability referring to this document. Message Capability referring to this document.
Registry: BGP Capability Code Registry: BGP Capability Code
Value Description Document Value Description Document
----- ----------------------------------- ------------- ----- ----------------------------------- -------------
skipping to change at page 5, line 44 skipping to change at page 6, line 7
unintentional. unintentional.
As this draft requires support for [RFC7606] update error handling, As this draft requires support for [RFC7606] update error handling,
it inherits the security considerations of [RFC7606]. BGP peers may it inherits the security considerations of [RFC7606]. BGP peers may
avoid such issues by using Authenticated Encryption with additional avoid such issues by using Authenticated Encryption with additional
Data (AEAD) ciphers [RFC5116] and discard messages that do not Data (AEAD) ciphers [RFC5116] and discard messages that do not
verify. verify.
If a remote attacker is able to craft a large BGP Extended Message to If a remote attacker is able to craft a large BGP Extended Message to
send on a path where one or more peers do not support BGP Extended send on a path where one or more peers do not support BGP Extended
Messages, peers which support BGP Extended Messages may act to reduce
the outgoing message, see Section 4, and in doing so produce a
downgrade attack, e.g. convert BGPsec to BGP4.
If a remote attacker is able to craft a large BGP Extended Message to
send on a path where one or more peers do not support BGP Extended
Messages, peers which support BGP Extended Messages may incur Messages, peers which support BGP Extended Messages may incur
resource load (processing, message resizing, etc.) reformatting the resource load (processing, message resizing, etc.) reformatting the
large messages. Worse, ([RFC7606] "treat as withdraw" may large messages. Worse, ([RFC7606] "treat-as-withdraw" may
consistently withdraw announcements causing inconsistent routing. consistently withdraw announcements causing inconsistent routing.
BGP routes are filtered by policies set by the operators. BGP routes are filtered by policies set by the operators.
Implementations may provide policies to filter routes that would Implementations may provide policies to filter routes that would
cause the "treat as withdraw" from being passed by an extended cause the "treat-as-withdraw" from being passed by an extended
message speaker. message speaker.
9. Acknowledgments 9. Acknowledgments
The authors thank Alvaro Retana, Enke Chen, Susan Hares, John The authors thank Alvaro Retana for an amazing review, Enke Chen,
Scudder, John Levine, and Job Snijders for their input; and Oliver Susan Hares, John Scudder, John Levine, and Job Snijders for their
Borchert and Kyehwan Lee for their implementations and testing. input; and Oliver Borchert and Kyehwan Lee for their implementations
and testing.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<http://www.rfc-editor.org/info/rfc4271>. <http://www.rfc-editor.org/info/rfc4271>.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis",
RFC 4272, DOI 10.17487/RFC4272, January 2006, RFC 4272, DOI 10.17487/RFC4272, January 2006,
<http://www.rfc-editor.org/info/rfc4272>. <http://www.rfc-editor.org/info/rfc4272>.
[RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated
skipping to change at page 7, line 8 skipping to change at page 7, line 25
DOI 10.17487/RFC7752, March 2016, DOI 10.17487/RFC7752, March 2016,
<http://www.rfc-editor.org/info/rfc7752>. <http://www.rfc-editor.org/info/rfc7752>.
[RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol [RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol
Specification", RFC 8205, DOI 10.17487/RFC8205, September Specification", RFC 8205, DOI 10.17487/RFC8205, September
2017, <https://www.rfc-editor.org/info/rfc8205>. 2017, <https://www.rfc-editor.org/info/rfc8205>.
Authors' Addresses Authors' Addresses
Randy Bush Randy Bush
Internet Initiative Japan IIJ & Arrcus
5147 Crystal Springs 5147 Crystal Springs
Bainbridge Island, Washington 98110 Bainbridge Island, Washington 98110
United States of America US
Email: randy@psg.com Email: randy@psg.com
Keyur Patel Keyur Patel
Arrcus, Inc. Arrcus, Inc.
Email: keyur@arrcus.com Email: keyur@arrcus.com
Dave Ward Dave Ward
Cisco Systems Cisco Systems
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
United States of America US
Email: dward@cisco.com Email: dward@cisco.com
 End of changes. 35 change blocks. 
75 lines changed or deleted 85 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/