draft-ietf-idr-bgp-open-policy-09.txt   draft-ietf-idr-bgp-open-policy-10.txt 
Network Working Group A. Azimov Network Working Group A. Azimov
Internet-Draft E. Bogomazov Internet-Draft E. Bogomazov
Intended status: Standards Track Qrator Labs Intended status: Standards Track Qrator Labs
Expires: October 21, 2020 R. Bush Expires: November 16, 2020 R. Bush
Internet Initiative Japan & Arrcus Internet Initiative Japan & Arrcus, Inc.
K. Patel K. Patel
Arrcus, Inc. Arrcus
K. Sriram K. Sriram
US NIST USA NIST
April 19, 2020 May 15, 2020
Route Leak Prevention using Roles in Update and Open messages Route Leak Prevention using Roles in Update and Open messages
draft-ietf-idr-bgp-open-policy-09 draft-ietf-idr-bgp-open-policy-10
Abstract Abstract
Route leaks are the propagation of BGP prefixes which violate Route leaks are the propagation of BGP prefixes which violate
assumptions of BGP topology relationships; e.g. passing a route assumptions of BGP topology relationships; e.g. passing a route
learned from one peer to another peer or to a transit provider, learned from one peer to another peer or to a transit provider,
passing a route learned from one transit provider to another transit passing a route learned from one transit provider to another transit
provider or to a peer. Today, approaches to leak prevention rely on provider or to a peer. Today, approaches to leak prevention rely on
marking routes by operator configuration, with no check that the marking routes by operator configuration, with no check that the
configuration corresponds to that of the BGP neighbor, or enforcement configuration corresponds to that of the BGP neighbor, or enforcement
skipping to change at page 2, line 12 skipping to change at page 2, line 12
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 21, 2020. This Internet-Draft will expire on November 16, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 42 skipping to change at page 2, line 42
2. Peering Relationships . . . . . . . . . . . . . . . . . . . . 3 2. Peering Relationships . . . . . . . . . . . . . . . . . . . . 3
3. BGP Role . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. BGP Role . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. BGP Role Capability . . . . . . . . . . . . . . . . . . . . . 4 4. BGP Role Capability . . . . . . . . . . . . . . . . . . . . . 4
5. Role correctness . . . . . . . . . . . . . . . . . . . . . . 5 5. Role correctness . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Strict mode . . . . . . . . . . . . . . . . . . . . . . . 6 5.1. Strict mode . . . . . . . . . . . . . . . . . . . . . . . 6
6. BGP Only to Customer (OTC) Attribute . . . . . . . . . . . . 6 6. BGP Only to Customer (OTC) Attribute . . . . . . . . . . . . 6
7. Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . 7
8. Additional Considerations . . . . . . . . . . . . . . . . . . 7 8. Additional Considerations . . . . . . . . . . . . . . . . . . 7
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 11.1. Normative References . . . . . . . . . . . . . . . . . . 8
12.1. Normative References . . . . . . . . . . . . . . . . . . 8 11.2. Informative References . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . 9 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 10
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
A BGP route leak occurs when a route is learned from a transit A BGP route leak occurs when a route is learned from a transit
provider or peer and then announced to another provider or peer. See provider or peer and then announced to another provider or peer. See
[RFC7908]. These are usually the result of misconfigured or absent [RFC7908]. These are usually the result of misconfigured or absent
BGP route filtering or lack of coordination between two BGP speakers. BGP route filtering or lack of coordination between two BGP speakers.
The mechanism proposed in The mechanism proposed in
skipping to change at page 8, line 34 skipping to change at page 8, line 34
10. Security Considerations 10. Security Considerations
This document proposes a mechanism for prevention of route leaks that This document proposes a mechanism for prevention of route leaks that
are the result of BGP policy misconfiguration. are the result of BGP policy misconfiguration.
A misconfiguration in OTC setup may affect prefix propagation. But A misconfiguration in OTC setup may affect prefix propagation. But
the automation that is provided by BGP roles should make such the automation that is provided by BGP roles should make such
misconfiguration unlikely. misconfiguration unlikely.
11. Acknowledgments 11. References
The authors wish to thank Douglas Montgomery, Brian Dickson, Andrei
Robachevsky, and Daniel Ginsburg for their contributions to a variant
of this work.
12. References
12.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>. <https://www.rfc-editor.org/info/rfc4271>.
skipping to change at page 9, line 22 skipping to change at page 9, line 13
April 2006, <https://www.rfc-editor.org/info/rfc4486>. April 2006, <https://www.rfc-editor.org/info/rfc4486>.
[RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement
with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February
2009, <https://www.rfc-editor.org/info/rfc5492>. 2009, <https://www.rfc-editor.org/info/rfc5492>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
12.2. Informative References 11.2. Informative References
[Gao] Gao, L. and J. Rexford, "Stable Internet routing without [Gao] Gao, L. and J. Rexford, "Stable Internet routing without
global coordination", IEEE/ACM Transactions on global coordination", IEEE/ACM Transactions on
Networking, Volume 9, Issue 6, pp 689-692, DOI Networking, Volume 9, Issue 6, pp 689-692, DOI
10.1109/90.974523, December 2001, 10.1109/90.974523, December 2001,
<https://ieeexplore.ieee.org/document/974523>. <https://ieeexplore.ieee.org/document/974523>.
[I-D.ietf-grow-route-leak-detection-mitigation] [I-D.ietf-grow-route-leak-detection-mitigation]
Sriram, K. and A. Azimov, "Methods for Detection and Sriram, K. and A. Azimov, "Methods for Detection and
Mitigation of BGP Route Leaks", draft-ietf-grow-route- Mitigation of BGP Route Leaks", draft-ietf-grow-route-
skipping to change at page 10, line 12 skipping to change at page 10, line 5
RFC 8212, DOI 10.17487/RFC8212, July 2017, RFC 8212, DOI 10.17487/RFC8212, July 2017,
<https://www.rfc-editor.org/info/rfc8212>. <https://www.rfc-editor.org/info/rfc8212>.
[Streibelt] [Streibelt]
Streibelt, F., Lichtblau, F., Beverly, R., Feldmann, A., Streibelt, F., Lichtblau, F., Beverly, R., Feldmann, A.,
Cristel, C., Smaragdakis, G., and R. Bush, "BGP Cristel, C., Smaragdakis, G., and R. Bush, "BGP
Communities: Even more Worms in the Routing Can", Communities: Even more Worms in the Routing Can",
<https://people.mpi-inf.mpg.de/~fstreibelt/preprint/ <https://people.mpi-inf.mpg.de/~fstreibelt/preprint/
communities-imc2018.pdf>. communities-imc2018.pdf>.
Acknowledgements
The authors wish to thank Andrei Robachevsky, Daniel Ginsburg, Jeff
Haas, Ruediger Volk, Sue Hares, and John Scudder for comments,
suggestions, and critique.
Contributors
Brian Dickson
Independent
Email: brian.peter.dickson@gmail.com
Doug Montgomery
USA National Institute of Standards and Technology
Email: dougm@nist.gov
Authors' Addresses Authors' Addresses
Alexander Azimov Alexander Azimov
Qrator Labs Qrator Labs
1-y Magistralnyy tupik 5A
Moscow 123290
Russian Federation
Email: a.e.azimov@gmail.com Email: a.e.azimov@gmail.com
Eugene Bogomazov Eugene Bogomazov
Qrator Labs Qrator Labs
1-y Magistralnyy tupik 5A
Moscow 123290
Russian Federation
Email: eb@qrator.net Email: eb@qrator.net
Randy Bush Randy Bush
Internet Initiative Japan & Arrcus Internet Initiative Japan & Arrcus, Inc.
5147 Crystal Springs
Bainbridge Island, Washington 98110
United States of America
Email: randy@psg.com Email: randy@psg.com
Keyur Patel Keyur Patel
Arrcus, Inc. Arrcus
2077 Gateway Place, Suite #400
San Jose, CA 95119
US
Email: keyur@arrcus.com Email: keyur@arrcus.com
Kotikalapudi Sriram Kotikalapudi Sriram
US NIST USA National Institute of Standards and Technology
100 Bureau Drive
Gaithersburg, MD 20899
United States of America
Email: ksriram@nist.gov Email: ksriram@nist.gov
 End of changes. 16 change blocks. 
24 lines changed or deleted 49 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/