draft-ietf-idr-ix-bgp-route-server-11.txt   draft-ietf-idr-ix-bgp-route-server-12.txt 
IDR Working Group E. Jasinska IDR Working Group E. Jasinska
Internet-Draft BigWave IT Internet-Draft BigWave IT
Intended status: Standards Track N. Hilliard Intended status: Standards Track N. Hilliard
Expires: December 12, 2016 INEX Expires: January 1, 2017 INEX
R. Raszuk R. Raszuk
Bloomberg LP Bloomberg LP
N. Bakker N. Bakker
Akamai Technologies B.V. Akamai Technologies B.V.
June 10, 2016 June 30, 2016
Internet Exchange BGP Route Server Internet Exchange BGP Route Server
draft-ietf-idr-ix-bgp-route-server-11 draft-ietf-idr-ix-bgp-route-server-12
Abstract Abstract
This document outlines a specification for multilateral This document outlines a specification for multilateral
interconnections at Internet exchange points (IXPs). Multilateral interconnections at Internet exchange points (IXPs). Multilateral
interconnection is a method of exchanging routing information between interconnection is a method of exchanging routing information among
three or more external BGP speakers using a single intermediate three or more external BGP speakers using a single intermediate
broker system, referred to as a route server. Route servers are broker system, referred to as a route server. Route servers are
typically used on shared access media networks, such as Internet typically used on shared access media networks, such as Internet
exchange points (IXPs), to facilitate simplified interconnection exchange points (IXPs), to facilitate simplified interconnection
between multiple Internet routers. among multiple Internet routers.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 12, 2016. This Internet-Draft will expire on January 1, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 24
Table of Contents Table of Contents
1. Introduction to Multilateral Interconnection . . . . . . . . 2 1. Introduction to Multilateral Interconnection . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. Technical Considerations for Route Server Implementations . . 3 2. Technical Considerations for Route Server Implementations . . 3
2.1. Client UPDATE Messages . . . . . . . . . . . . . . . . . 4 2.1. Client UPDATE Messages . . . . . . . . . . . . . . . . . 4
2.2. Attribute Transparency . . . . . . . . . . . . . . . . . 4 2.2. Attribute Transparency . . . . . . . . . . . . . . . . . 4
2.2.1. NEXT_HOP Attribute . . . . . . . . . . . . . . . . . 4 2.2.1. NEXT_HOP Attribute . . . . . . . . . . . . . . . . . 4
2.2.2. AS_PATH Attribute . . . . . . . . . . . . . . . . . . 4 2.2.2. AS_PATH Attribute . . . . . . . . . . . . . . . . . . 4
2.2.2.1. Route Server AS_PATH management . . . . . . . . . 5
2.2.2.2. Route Server client AS_PATH management . . . . . 5
2.2.3. MULTI_EXIT_DISC Attribute . . . . . . . . . . . . . . 5 2.2.3. MULTI_EXIT_DISC Attribute . . . . . . . . . . . . . . 5
2.2.4. Communities Attributes . . . . . . . . . . . . . . . 5 2.2.4. Communities Attributes . . . . . . . . . . . . . . . 5
2.3. Per-Client Policy Control in Multilateral Interconnection 5 2.3. Per-Client Policy Control in Multilateral Interconnection 6
2.3.1. Path Hiding on a Route Server . . . . . . . . . . . . 6 2.3.1. Path Hiding on a Route Server . . . . . . . . . . . . 6
2.3.2. Mitigation of Path Hiding . . . . . . . . . . . . . . 7 2.3.2. Mitigation of Path Hiding . . . . . . . . . . . . . . 7
2.3.2.1. Multiple Route Server RIBs . . . . . . . . . . . 7 2.3.2.1. Multiple Route Server RIBs . . . . . . . . . . . 7
2.3.2.2. Advertising Multiple Paths . . . . . . . . . . . 7 2.3.2.2. Advertising Multiple Paths . . . . . . . . . . . 8
2.3.3. Implementation Suggestions . . . . . . . . . . . . . 8 2.3.3. Implementation Suggestions . . . . . . . . . . . . . 9
3. Security Considerations . . . . . . . . . . . . . . . . . . . 9 3. Security Considerations . . . . . . . . . . . . . . . . . . . 9
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10
6.2. Informative References . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction to Multilateral Interconnection 1. Introduction to Multilateral Interconnection
Internet exchange points (IXPs) provide IP data interconnection Internet exchange points (IXPs) provide IP data interconnection
facilities for their participants, typically using shared Layer-2 facilities for their participants, typically using shared Layer-2
networking media such as Ethernet. The Border Gateway Protocol (BGP) networking media such as Ethernet. The Border Gateway Protocol (BGP)
[RFC4271], an inter-Autonomous System routing protocol, is commonly [RFC4271], an inter-Autonomous System routing protocol, is commonly
used to facilitate exchange of network reachability information over used to facilitate exchange of network reachability information over
such media. such media.
While bilateral external BGP sessions between exchange participants While bilateral external BGP sessions between exchange participants
were previously the most common means of exchanging reachability were previously the most common means of exchanging reachability
information, the overhead associated with dense interconnection can information, the overhead associated with dense interconnection can
cause substantial operational scaling problems for partipants of cause substantial operational scaling problems for participants of
larger Internet exchange points. larger Internet exchange points.
Multilateral interconnection is a method of interconnecting BGP Multilateral interconnection is a method of interconnecting BGP
speaking routers using a third party brokering system, commonly speaking routers using a third party brokering system, commonly
referred to as a route server and typically managed by the IXP referred to as a route server and typically managed by the IXP
operator. Each of the multilateral interconnection participants operator. Each multilateral interconnection participant (usually
(usually referred to as route server clients) announces network referred to as a "route server client") announces network
reachability information to the route server using external BGP, and reachability information to the route server using external BGP. The
the route server in turn forwards this information to each other route server, in turn, forwards this information to each other route
route server client connected to it, according to its configuration. server client connected to it, according to its configuration.
Although a route server uses BGP to exchange reachability information Although a route server uses BGP to exchange reachability information
with each of its clients, it does not forward traffic itself and is with each of its clients, it does not forward traffic itself and is
therefore not a router. therefore not a router.
A route server can be viewed as similar in function to an [RFC4456] A route server can be viewed as similar in function to an [RFC4456]
route reflector, except that it operates using EBGP instead of iBGP. route reflector, except that it operates using EBGP instead of iBGP.
Certain adaptions to [RFC4271] are required to enable an EBGP router Certain adaptions to [RFC4271] are required to enable an EBGP router
to operate as a route server; these are outlined in Section 2 of this to operate as a route server; these are outlined in Section 2 of this
document. Route server functionality is not mandatory in BGP document. Route server functionality is not mandatory in BGP
implementations.`` implementations.
The term "route server" is often in a different context used to The term "route server" is often in a different context used to
describe a BGP node whose purpose is to accept BGP feeds from describe a BGP node whose purpose is to accept BGP feeds from
multiple clients for the purpose of operational analysis and multiple clients for the purpose of operational analysis and
troubleshooting. A system of this form may alternatively be known as troubleshooting. A system of this form may alternatively be known as
a "route collector" or a "route-views server". This document uses a "route collector" or a "route-views server". This document uses
the term "route server" exclusively to describe multilateral peering the term "route server" exclusively to describe multilateral peering
brokerage systems. brokerage systems.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
[RFC2119]. [RFC2119].
2. Technical Considerations for Route Server Implementations 2. Technical Considerations for Route Server Implementations
A route server uses the [RFC4271] Border Gateway Protocol to broker A route server uses the [RFC4271] Border Gateway Protocol to broker
network reachability information between its clients. There are some network reachability information amongst its clients. There are some
differences between the behaviour of a BGP route server and a BGP differences between the behaviour of a BGP route server and a BGP
implementation which is strictly compliant with [RFC4271]. These implementation which is strictly compliant with [RFC4271]. These
differences are described as follows. differences are described as follows.
2.1. Client UPDATE Messages 2.1. Client UPDATE Messages
A route server MUST accept all UPDATE messages received from each of A route server MUST accept all UPDATE messages received from each of
its clients for inclusion in its Adj-RIB-In. These UPDATE messages its clients for inclusion in its Adj-RIB-In. These UPDATE messages
MAY be omitted from the route server's Loc-RIB or Loc-RIBs, due to MAY be omitted from the route server's Loc-RIB or Loc-RIBs, due to
filters configured for the purposes of implementing routing policy. filters configured for the purposes of implementing routing policy.
skipping to change at page 4, line 50 skipping to change at page 5, line 5
actual routing of traffic, the NEXT_HOP attribute MUST be passed actual routing of traffic, the NEXT_HOP attribute MUST be passed
unmodified to the route server clients, similar to the "third party" unmodified to the route server clients, similar to the "third party"
next hop feature described in section 5.1.3. of [RFC4271]. next hop feature described in section 5.1.3. of [RFC4271].
2.2.2. AS_PATH Attribute 2.2.2. AS_PATH Attribute
AS_PATH is a well-known mandatory attribute which identifies the AS_PATH is a well-known mandatory attribute which identifies the
autonomous systems through which routing information carried in the autonomous systems through which routing information carried in the
UPDATE message has passed. UPDATE message has passed.
2.2.2.1. Route Server AS_PATH management
As a route server does not participate in the process of forwarding As a route server does not participate in the process of forwarding
data between client routers, and because modification of the AS_PATH data between client routers, and because modification of the AS_PATH
attribute could affect route server client BGP Decision Process, the attribute could affect route server client BGP Decision Process, the
route server SHOULD NOT prepend its own AS number to the AS_PATH route server SHOULD NOT prepend its own AS number to the AS_PATH
segment nor modify the AS_PATH segment in any other way. This segment nor modify the AS_PATH segment in any other way. This
differs from the behaviour specified in section 5.1.2 of [RFC4271], differs from the behaviour specified in section 5.1.2 of [RFC4271],
which requires that the BGP speaker prepends its own AS number as the which requires that the BGP speaker prepends its own AS number as the
last element of the AS_PATH segment. last element of the AS_PATH segment. This is a recommendation rather
than a requirement solely to provide backwards compatibility with
legacy route server client implementations which do not yet support
the requirements specified in Section 2.2.2.2.
2.2.2.2. Route Server client AS_PATH management
In contrast to what is recommended in section 6.3 of [RFC4271], route In contrast to what is recommended in section 6.3 of [RFC4271], route
server clients need to be able to accept UPDATE messages where the server clients need to be able to accept UPDATE messages where the
leftmost AS in the AS_PATH attribute is not equal to the AS number of leftmost AS in the AS_PATH attribute is not equal to the AS number of
the route server that sent the UPDATE message. If the route server the route server that sent the UPDATE message. If the route server
client BGP system has implemented a check for this, the BGP client BGP system has implemented a check for this, the BGP
implementation MUST allow this check to be disabled and SHOULD allow implementation MUST allow this check to be disabled and SHOULD allow
the check to be disabled on a per-peer basis. the check to be disabled on a per-peer basis.
2.2.3. MULTI_EXIT_DISC Attribute 2.2.3. MULTI_EXIT_DISC Attribute
skipping to change at page 6, line 29 skipping to change at page 6, line 41
: / \ | : : / \ | :
: ___/____\_|_ : : ___/____\_|_ :
: / \ / \ : : / \ / \ :
..| AS3 |..| AS4 |.. ..| AS3 |..| AS4 |..
\___/ \___/ \___/ \___/
Figure 1: Per-Client Policy Controlled Interconnection at an IXP Figure 1: Per-Client Policy Controlled Interconnection at an IXP
Using the example in Figure 1, AS1 does not directly exchange prefix Using the example in Figure 1, AS1 does not directly exchange prefix
information with either AS2 or AS3 at the IXP, but only interconnects information with either AS2 or AS3 at the IXP, but only interconnects
with AS4. with AS4. The lines between AS1, AS2, AS3 and AS4 represent
interconnection relationships, whether via bilateral or multilateral
connections.
In the traditional bilateral interconnection model, per-client policy In the traditional bilateral interconnection model, per-client policy
control to a third party exchange participant is accomplished either control to a third party exchange participant is accomplished either
by not engaging in a bilateral interconnection with that participant by not engaging in a bilateral interconnection with that participant
or else by implementing outbound filtering on the BGP session towards or else by implementing outbound filtering on the BGP session towards
that participant. However, in a multilateral interconnection that participant. However, in a multilateral interconnection
environment, only the route server can perform outbound filtering in environment, only the route server can perform outbound filtering in
the direction of the route server client; route server clients depend the direction of the route server client; route server clients depend
on the route server to perform their outbound filtering for them. on the route server to perform their outbound filtering for them.
skipping to change at page 7, line 13 skipping to change at page 7, line 27
to the BGP Decision Process on the route server, but AS2's policy to the BGP Decision Process on the route server, but AS2's policy
prevented the route server from sending the path to AS1, then AS1 prevented the route server from sending the path to AS1, then AS1
would never receive a path to this prefix, even though the route would never receive a path to this prefix, even though the route
server had previously received a valid alternative path via AS4. server had previously received a valid alternative path via AS4.
This happens because the BGP Decision Process is performed only once This happens because the BGP Decision Process is performed only once
on the route server for all clients. on the route server for all clients.
Path hiding will only occur on route servers which employ per-client Path hiding will only occur on route servers which employ per-client
policy control; if an IXP operator deploys a route server without policy control; if an IXP operator deploys a route server without
implementing a per-client routing policy control system, then path implementing a per-client routing policy control system, then path
hiding does not occur as all paths are considered equally valid from hiding does not occur, as all paths are considered equally valid from
the point of view of the route server. the point of view of the route server.
2.3.2. Mitigation of Path Hiding 2.3.2. Mitigation of Path Hiding
There are several approaches which can be taken to mitigate against There are several approaches which can be taken to mitigate against
path hiding. path hiding.
2.3.2.1. Multiple Route Server RIBs 2.3.2.1. Multiple Route Server RIBs
The most portable method to allow for per-client policy control The most portable method to allow for per-client policy control
without the occurrence of path hiding, is by using a route server BGP without the occurrence of path hiding, is to use a route server BGP
implementation which performs the per-client best path calculation implementation which performs the per-client best path calculation
for each set of paths to a prefix, which results after the route for each set of paths to a prefix, which results after the route
server's client policies have been taken into consideration. This server's client policies have been taken into consideration. This
can be implemented by using per-client Loc-RIBs, with path filtering can be implemented by using per-client Loc-RIBs, with path filtering
implemented between the Adj-RIB-In and the per-client Loc-RIB. implemented between the Adj-RIB-In and the per-client Loc-RIB.
Implementations can optimize this by maintaining paths not subject to Implementations can optimize this by maintaining paths not subject to
filtering policies in a global Loc-RIB, with per-client Loc-RIBs filtering policies in a global Loc-RIB, with per-client Loc-RIBs
stored as deltas. stored as deltas.
This implementation is highly portable, as it makes no assumptions This implementation is highly portable, as it makes no assumptions
skipping to change at page 9, line 20 skipping to change at page 9, line 33
operators should be aware that security issues may arise unless steps operators should be aware that security issues may arise unless steps
are taken to mitigate against path hiding. are taken to mitigate against path hiding.
The AS_PATH check described in Section 2.2.2 is normally enabled in The AS_PATH check described in Section 2.2.2 is normally enabled in
order to check for malformed AS paths. If this check is disabled, order to check for malformed AS paths. If this check is disabled,
the route server client loses the ability to check incoming UPDATE the route server client loses the ability to check incoming UPDATE
messages for certain categories of problems. This could potentially messages for certain categories of problems. This could potentially
cause corrupted BGP UPDATE messages to be propagated where they might cause corrupted BGP UPDATE messages to be propagated where they might
not be propagated if the check were enabled. Regardless of any not be propagated if the check were enabled. Regardless of any
problems relating to malformed UPDATE messages, this check is also problems relating to malformed UPDATE messages, this check is also
used to detect BGP loops, so removing the check could potentially used to detect BGP loops; removing the check could potentially cause
cause routing loops to be formed. Consequently, this check SHOULD routing loops to be formed. Consequently, this check SHOULD NOT be
NOT be disabled by IXP participants unless it is needed to establish disabled by IXP participants unless it is needed to establish BGP
BGP sessions with a route server, and if possible should only be sessions with a route server, and if possible should only be disabled
disabled for peers which are route servers. for peers which are route servers.
Route server operators should carefully consider the security Route server operators should carefully consider the security
practices discussed in [RFC7454], "BGP Operations and Security". practices discussed in [RFC7454], "BGP Operations and Security".
4. IANA Considerations 4. IANA Considerations
The new set of mechanisms for route servers does not require any new The new set of mechanisms for route servers does not require any new
allocations from IANA. allocations from IANA.
5. Acknowledgments 5. Acknowledgments
 End of changes. 19 change blocks. 
26 lines changed or deleted 37 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/