| draft-ietf-idr-ix-bgp-route-server-11.txt | draft-ietf-idr-ix-bgp-route-server-12.txt | |||
|---|---|---|---|---|
| IDR Working Group E. Jasinska | IDR Working Group E. Jasinska | |||
| Internet-Draft BigWave IT | Internet-Draft BigWave IT | |||
| Intended status: Standards Track N. Hilliard | Intended status: Standards Track N. Hilliard | |||
| Expires: December 12, 2016 INEX | Expires: January 1, 2017 INEX | |||
| R. Raszuk | R. Raszuk | |||
| Bloomberg LP | Bloomberg LP | |||
| N. Bakker | N. Bakker | |||
| Akamai Technologies B.V. | Akamai Technologies B.V. | |||
| June 10, 2016 | June 30, 2016 | |||
| Internet Exchange BGP Route Server | Internet Exchange BGP Route Server | |||
| draft-ietf-idr-ix-bgp-route-server-11 | draft-ietf-idr-ix-bgp-route-server-12 | |||
| Abstract | Abstract | |||
| This document outlines a specification for multilateral | This document outlines a specification for multilateral | |||
| interconnections at Internet exchange points (IXPs). Multilateral | interconnections at Internet exchange points (IXPs). Multilateral | |||
| interconnection is a method of exchanging routing information between | interconnection is a method of exchanging routing information among | |||
| three or more external BGP speakers using a single intermediate | three or more external BGP speakers using a single intermediate | |||
| broker system, referred to as a route server. Route servers are | broker system, referred to as a route server. Route servers are | |||
| typically used on shared access media networks, such as Internet | typically used on shared access media networks, such as Internet | |||
| exchange points (IXPs), to facilitate simplified interconnection | exchange points (IXPs), to facilitate simplified interconnection | |||
| between multiple Internet routers. | among multiple Internet routers. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 12, 2016. | This Internet-Draft will expire on January 1, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 24 ¶ | skipping to change at page 2, line 24 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction to Multilateral Interconnection . . . . . . . . 2 | 1. Introduction to Multilateral Interconnection . . . . . . . . 2 | |||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 | |||
| 2. Technical Considerations for Route Server Implementations . . 3 | 2. Technical Considerations for Route Server Implementations . . 3 | |||
| 2.1. Client UPDATE Messages . . . . . . . . . . . . . . . . . 4 | 2.1. Client UPDATE Messages . . . . . . . . . . . . . . . . . 4 | |||
| 2.2. Attribute Transparency . . . . . . . . . . . . . . . . . 4 | 2.2. Attribute Transparency . . . . . . . . . . . . . . . . . 4 | |||
| 2.2.1. NEXT_HOP Attribute . . . . . . . . . . . . . . . . . 4 | 2.2.1. NEXT_HOP Attribute . . . . . . . . . . . . . . . . . 4 | |||
| 2.2.2. AS_PATH Attribute . . . . . . . . . . . . . . . . . . 4 | 2.2.2. AS_PATH Attribute . . . . . . . . . . . . . . . . . . 4 | |||
| 2.2.2.1. Route Server AS_PATH management . . . . . . . . . 5 | ||||
| 2.2.2.2. Route Server client AS_PATH management . . . . . 5 | ||||
| 2.2.3. MULTI_EXIT_DISC Attribute . . . . . . . . . . . . . . 5 | 2.2.3. MULTI_EXIT_DISC Attribute . . . . . . . . . . . . . . 5 | |||
| 2.2.4. Communities Attributes . . . . . . . . . . . . . . . 5 | 2.2.4. Communities Attributes . . . . . . . . . . . . . . . 5 | |||
| 2.3. Per-Client Policy Control in Multilateral Interconnection 5 | 2.3. Per-Client Policy Control in Multilateral Interconnection 6 | |||
| 2.3.1. Path Hiding on a Route Server . . . . . . . . . . . . 6 | 2.3.1. Path Hiding on a Route Server . . . . . . . . . . . . 6 | |||
| 2.3.2. Mitigation of Path Hiding . . . . . . . . . . . . . . 7 | 2.3.2. Mitigation of Path Hiding . . . . . . . . . . . . . . 7 | |||
| 2.3.2.1. Multiple Route Server RIBs . . . . . . . . . . . 7 | 2.3.2.1. Multiple Route Server RIBs . . . . . . . . . . . 7 | |||
| 2.3.2.2. Advertising Multiple Paths . . . . . . . . . . . 7 | 2.3.2.2. Advertising Multiple Paths . . . . . . . . . . . 8 | |||
| 2.3.3. Implementation Suggestions . . . . . . . . . . . . . 8 | 2.3.3. Implementation Suggestions . . . . . . . . . . . . . 9 | |||
| 3. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 3. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 | 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 10 | 6.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction to Multilateral Interconnection | 1. Introduction to Multilateral Interconnection | |||
| Internet exchange points (IXPs) provide IP data interconnection | Internet exchange points (IXPs) provide IP data interconnection | |||
| facilities for their participants, typically using shared Layer-2 | facilities for their participants, typically using shared Layer-2 | |||
| networking media such as Ethernet. The Border Gateway Protocol (BGP) | networking media such as Ethernet. The Border Gateway Protocol (BGP) | |||
| [RFC4271], an inter-Autonomous System routing protocol, is commonly | [RFC4271], an inter-Autonomous System routing protocol, is commonly | |||
| used to facilitate exchange of network reachability information over | used to facilitate exchange of network reachability information over | |||
| such media. | such media. | |||
| While bilateral external BGP sessions between exchange participants | While bilateral external BGP sessions between exchange participants | |||
| were previously the most common means of exchanging reachability | were previously the most common means of exchanging reachability | |||
| information, the overhead associated with dense interconnection can | information, the overhead associated with dense interconnection can | |||
| cause substantial operational scaling problems for partipants of | cause substantial operational scaling problems for participants of | |||
| larger Internet exchange points. | larger Internet exchange points. | |||
| Multilateral interconnection is a method of interconnecting BGP | Multilateral interconnection is a method of interconnecting BGP | |||
| speaking routers using a third party brokering system, commonly | speaking routers using a third party brokering system, commonly | |||
| referred to as a route server and typically managed by the IXP | referred to as a route server and typically managed by the IXP | |||
| operator. Each of the multilateral interconnection participants | operator. Each multilateral interconnection participant (usually | |||
| (usually referred to as route server clients) announces network | referred to as a "route server client") announces network | |||
| reachability information to the route server using external BGP, and | reachability information to the route server using external BGP. The | |||
| the route server in turn forwards this information to each other | route server, in turn, forwards this information to each other route | |||
| route server client connected to it, according to its configuration. | server client connected to it, according to its configuration. | |||
| Although a route server uses BGP to exchange reachability information | Although a route server uses BGP to exchange reachability information | |||
| with each of its clients, it does not forward traffic itself and is | with each of its clients, it does not forward traffic itself and is | |||
| therefore not a router. | therefore not a router. | |||
| A route server can be viewed as similar in function to an [RFC4456] | A route server can be viewed as similar in function to an [RFC4456] | |||
| route reflector, except that it operates using EBGP instead of iBGP. | route reflector, except that it operates using EBGP instead of iBGP. | |||
| Certain adaptions to [RFC4271] are required to enable an EBGP router | Certain adaptions to [RFC4271] are required to enable an EBGP router | |||
| to operate as a route server; these are outlined in Section 2 of this | to operate as a route server; these are outlined in Section 2 of this | |||
| document. Route server functionality is not mandatory in BGP | document. Route server functionality is not mandatory in BGP | |||
| implementations.`` | implementations. | |||
| The term "route server" is often in a different context used to | The term "route server" is often in a different context used to | |||
| describe a BGP node whose purpose is to accept BGP feeds from | describe a BGP node whose purpose is to accept BGP feeds from | |||
| multiple clients for the purpose of operational analysis and | multiple clients for the purpose of operational analysis and | |||
| troubleshooting. A system of this form may alternatively be known as | troubleshooting. A system of this form may alternatively be known as | |||
| a "route collector" or a "route-views server". This document uses | a "route collector" or a "route-views server". This document uses | |||
| the term "route server" exclusively to describe multilateral peering | the term "route server" exclusively to describe multilateral peering | |||
| brokerage systems. | brokerage systems. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 2. Technical Considerations for Route Server Implementations | 2. Technical Considerations for Route Server Implementations | |||
| A route server uses the [RFC4271] Border Gateway Protocol to broker | A route server uses the [RFC4271] Border Gateway Protocol to broker | |||
| network reachability information between its clients. There are some | network reachability information amongst its clients. There are some | |||
| differences between the behaviour of a BGP route server and a BGP | differences between the behaviour of a BGP route server and a BGP | |||
| implementation which is strictly compliant with [RFC4271]. These | implementation which is strictly compliant with [RFC4271]. These | |||
| differences are described as follows. | differences are described as follows. | |||
| 2.1. Client UPDATE Messages | 2.1. Client UPDATE Messages | |||
| A route server MUST accept all UPDATE messages received from each of | A route server MUST accept all UPDATE messages received from each of | |||
| its clients for inclusion in its Adj-RIB-In. These UPDATE messages | its clients for inclusion in its Adj-RIB-In. These UPDATE messages | |||
| MAY be omitted from the route server's Loc-RIB or Loc-RIBs, due to | MAY be omitted from the route server's Loc-RIB or Loc-RIBs, due to | |||
| filters configured for the purposes of implementing routing policy. | filters configured for the purposes of implementing routing policy. | |||
| skipping to change at page 4, line 50 ¶ | skipping to change at page 5, line 5 ¶ | |||
| actual routing of traffic, the NEXT_HOP attribute MUST be passed | actual routing of traffic, the NEXT_HOP attribute MUST be passed | |||
| unmodified to the route server clients, similar to the "third party" | unmodified to the route server clients, similar to the "third party" | |||
| next hop feature described in section 5.1.3. of [RFC4271]. | next hop feature described in section 5.1.3. of [RFC4271]. | |||
| 2.2.2. AS_PATH Attribute | 2.2.2. AS_PATH Attribute | |||
| AS_PATH is a well-known mandatory attribute which identifies the | AS_PATH is a well-known mandatory attribute which identifies the | |||
| autonomous systems through which routing information carried in the | autonomous systems through which routing information carried in the | |||
| UPDATE message has passed. | UPDATE message has passed. | |||
| 2.2.2.1. Route Server AS_PATH management | ||||
| As a route server does not participate in the process of forwarding | As a route server does not participate in the process of forwarding | |||
| data between client routers, and because modification of the AS_PATH | data between client routers, and because modification of the AS_PATH | |||
| attribute could affect route server client BGP Decision Process, the | attribute could affect route server client BGP Decision Process, the | |||
| route server SHOULD NOT prepend its own AS number to the AS_PATH | route server SHOULD NOT prepend its own AS number to the AS_PATH | |||
| segment nor modify the AS_PATH segment in any other way. This | segment nor modify the AS_PATH segment in any other way. This | |||
| differs from the behaviour specified in section 5.1.2 of [RFC4271], | differs from the behaviour specified in section 5.1.2 of [RFC4271], | |||
| which requires that the BGP speaker prepends its own AS number as the | which requires that the BGP speaker prepends its own AS number as the | |||
| last element of the AS_PATH segment. | last element of the AS_PATH segment. This is a recommendation rather | |||
| than a requirement solely to provide backwards compatibility with | ||||
| legacy route server client implementations which do not yet support | ||||
| the requirements specified in Section 2.2.2.2. | ||||
| 2.2.2.2. Route Server client AS_PATH management | ||||
| In contrast to what is recommended in section 6.3 of [RFC4271], route | In contrast to what is recommended in section 6.3 of [RFC4271], route | |||
| server clients need to be able to accept UPDATE messages where the | server clients need to be able to accept UPDATE messages where the | |||
| leftmost AS in the AS_PATH attribute is not equal to the AS number of | leftmost AS in the AS_PATH attribute is not equal to the AS number of | |||
| the route server that sent the UPDATE message. If the route server | the route server that sent the UPDATE message. If the route server | |||
| client BGP system has implemented a check for this, the BGP | client BGP system has implemented a check for this, the BGP | |||
| implementation MUST allow this check to be disabled and SHOULD allow | implementation MUST allow this check to be disabled and SHOULD allow | |||
| the check to be disabled on a per-peer basis. | the check to be disabled on a per-peer basis. | |||
| 2.2.3. MULTI_EXIT_DISC Attribute | 2.2.3. MULTI_EXIT_DISC Attribute | |||
| skipping to change at page 6, line 29 ¶ | skipping to change at page 6, line 41 ¶ | |||
| : / \ | : | : / \ | : | |||
| : ___/____\_|_ : | : ___/____\_|_ : | |||
| : / \ / \ : | : / \ / \ : | |||
| ..| AS3 |..| AS4 |.. | ..| AS3 |..| AS4 |.. | |||
| \___/ \___/ | \___/ \___/ | |||
| Figure 1: Per-Client Policy Controlled Interconnection at an IXP | Figure 1: Per-Client Policy Controlled Interconnection at an IXP | |||
| Using the example in Figure 1, AS1 does not directly exchange prefix | Using the example in Figure 1, AS1 does not directly exchange prefix | |||
| information with either AS2 or AS3 at the IXP, but only interconnects | information with either AS2 or AS3 at the IXP, but only interconnects | |||
| with AS4. | with AS4. The lines between AS1, AS2, AS3 and AS4 represent | |||
| interconnection relationships, whether via bilateral or multilateral | ||||
| connections. | ||||
| In the traditional bilateral interconnection model, per-client policy | In the traditional bilateral interconnection model, per-client policy | |||
| control to a third party exchange participant is accomplished either | control to a third party exchange participant is accomplished either | |||
| by not engaging in a bilateral interconnection with that participant | by not engaging in a bilateral interconnection with that participant | |||
| or else by implementing outbound filtering on the BGP session towards | or else by implementing outbound filtering on the BGP session towards | |||
| that participant. However, in a multilateral interconnection | that participant. However, in a multilateral interconnection | |||
| environment, only the route server can perform outbound filtering in | environment, only the route server can perform outbound filtering in | |||
| the direction of the route server client; route server clients depend | the direction of the route server client; route server clients depend | |||
| on the route server to perform their outbound filtering for them. | on the route server to perform their outbound filtering for them. | |||
| skipping to change at page 7, line 13 ¶ | skipping to change at page 7, line 27 ¶ | |||
| to the BGP Decision Process on the route server, but AS2's policy | to the BGP Decision Process on the route server, but AS2's policy | |||
| prevented the route server from sending the path to AS1, then AS1 | prevented the route server from sending the path to AS1, then AS1 | |||
| would never receive a path to this prefix, even though the route | would never receive a path to this prefix, even though the route | |||
| server had previously received a valid alternative path via AS4. | server had previously received a valid alternative path via AS4. | |||
| This happens because the BGP Decision Process is performed only once | This happens because the BGP Decision Process is performed only once | |||
| on the route server for all clients. | on the route server for all clients. | |||
| Path hiding will only occur on route servers which employ per-client | Path hiding will only occur on route servers which employ per-client | |||
| policy control; if an IXP operator deploys a route server without | policy control; if an IXP operator deploys a route server without | |||
| implementing a per-client routing policy control system, then path | implementing a per-client routing policy control system, then path | |||
| hiding does not occur as all paths are considered equally valid from | hiding does not occur, as all paths are considered equally valid from | |||
| the point of view of the route server. | the point of view of the route server. | |||
| 2.3.2. Mitigation of Path Hiding | 2.3.2. Mitigation of Path Hiding | |||
| There are several approaches which can be taken to mitigate against | There are several approaches which can be taken to mitigate against | |||
| path hiding. | path hiding. | |||
| 2.3.2.1. Multiple Route Server RIBs | 2.3.2.1. Multiple Route Server RIBs | |||
| The most portable method to allow for per-client policy control | The most portable method to allow for per-client policy control | |||
| without the occurrence of path hiding, is by using a route server BGP | without the occurrence of path hiding, is to use a route server BGP | |||
| implementation which performs the per-client best path calculation | implementation which performs the per-client best path calculation | |||
| for each set of paths to a prefix, which results after the route | for each set of paths to a prefix, which results after the route | |||
| server's client policies have been taken into consideration. This | server's client policies have been taken into consideration. This | |||
| can be implemented by using per-client Loc-RIBs, with path filtering | can be implemented by using per-client Loc-RIBs, with path filtering | |||
| implemented between the Adj-RIB-In and the per-client Loc-RIB. | implemented between the Adj-RIB-In and the per-client Loc-RIB. | |||
| Implementations can optimize this by maintaining paths not subject to | Implementations can optimize this by maintaining paths not subject to | |||
| filtering policies in a global Loc-RIB, with per-client Loc-RIBs | filtering policies in a global Loc-RIB, with per-client Loc-RIBs | |||
| stored as deltas. | stored as deltas. | |||
| This implementation is highly portable, as it makes no assumptions | This implementation is highly portable, as it makes no assumptions | |||
| skipping to change at page 9, line 20 ¶ | skipping to change at page 9, line 33 ¶ | |||
| operators should be aware that security issues may arise unless steps | operators should be aware that security issues may arise unless steps | |||
| are taken to mitigate against path hiding. | are taken to mitigate against path hiding. | |||
| The AS_PATH check described in Section 2.2.2 is normally enabled in | The AS_PATH check described in Section 2.2.2 is normally enabled in | |||
| order to check for malformed AS paths. If this check is disabled, | order to check for malformed AS paths. If this check is disabled, | |||
| the route server client loses the ability to check incoming UPDATE | the route server client loses the ability to check incoming UPDATE | |||
| messages for certain categories of problems. This could potentially | messages for certain categories of problems. This could potentially | |||
| cause corrupted BGP UPDATE messages to be propagated where they might | cause corrupted BGP UPDATE messages to be propagated where they might | |||
| not be propagated if the check were enabled. Regardless of any | not be propagated if the check were enabled. Regardless of any | |||
| problems relating to malformed UPDATE messages, this check is also | problems relating to malformed UPDATE messages, this check is also | |||
| used to detect BGP loops, so removing the check could potentially | used to detect BGP loops; removing the check could potentially cause | |||
| cause routing loops to be formed. Consequently, this check SHOULD | routing loops to be formed. Consequently, this check SHOULD NOT be | |||
| NOT be disabled by IXP participants unless it is needed to establish | disabled by IXP participants unless it is needed to establish BGP | |||
| BGP sessions with a route server, and if possible should only be | sessions with a route server, and if possible should only be disabled | |||
| disabled for peers which are route servers. | for peers which are route servers. | |||
| Route server operators should carefully consider the security | Route server operators should carefully consider the security | |||
| practices discussed in [RFC7454], "BGP Operations and Security". | practices discussed in [RFC7454], "BGP Operations and Security". | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| The new set of mechanisms for route servers does not require any new | The new set of mechanisms for route servers does not require any new | |||
| allocations from IANA. | allocations from IANA. | |||
| 5. Acknowledgments | 5. Acknowledgments | |||
| End of changes. 19 change blocks. | ||||
| 26 lines changed or deleted | 37 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||