| draft-ietf-idr-bgp-open-policy-21.txt | draft-ietf-idr-bgp-open-policy-22.txt | |||
|---|---|---|---|---|
| Network Working Group A. Azimov | Network Working Group A. Azimov | |||
| Internet-Draft Qrator Labs & Yandex | Internet-Draft Qrator Labs & Yandex | |||
| Intended status: Standards Track E. Bogomazov | Intended status: Standards Track E. Bogomazov | |||
| Expires: July 26, 2022 Qrator Labs | Expires: 14 August 2022 Qrator Labs | |||
| R. Bush | R. Bush | |||
| Internet Initiative Japan & Arrcus, Inc. | Internet Initiative Japan & Arrcus, Inc. | |||
| K. Patel | K. Patel | |||
| Arrcus | Arrcus | |||
| K. Sriram | K. Sriram | |||
| USA NIST | USA NIST | |||
| January 22, 2022 | 10 February 2022 | |||
| Route Leak Prevention and Detection using Roles in UPDATE and OPEN | Route Leak Prevention and Detection using Roles in UPDATE and OPEN | |||
| Messages | Messages | |||
| draft-ietf-idr-bgp-open-policy-21 | draft-ietf-idr-bgp-open-policy-22 | |||
| Abstract | Abstract | |||
| Route leaks are the propagation of BGP prefixes that violate | Route leaks are the propagation of BGP prefixes that violate | |||
| assumptions of BGP topology relationships, e.g., announcing a route | assumptions of BGP topology relationships, e.g., announcing a route | |||
| learned from one transit provider to another transit provider or a | learned from one transit provider to another transit provider or a | |||
| lateral (i.e., non-transit) peer or announcing a route learned from | lateral (i.e., non-transit) peer or announcing a route learned from | |||
| one lateral peer to another lateral peer or a transit provider. | one lateral peer to another lateral peer or a transit provider. | |||
| These are usually the result of misconfigured or absent BGP route | These are usually the result of misconfigured or absent BGP route | |||
| filtering or lack of coordination between autonomous systems (ASes). | filtering or lack of coordination between autonomous systems (ASes). | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 15 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 26, 2022. | This Internet-Draft will expire on 14 August 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | license-info) in effect on the date of publication of this document. | |||
| publication of this document. Please review these documents | Please review these documents carefully, as they describe your rights | |||
| carefully, as they describe your rights and restrictions with respect | and restrictions with respect to this document. Code Components | |||
| to this document. Code Components extracted from this document must | extracted from this document must include Revised BSD License text as | |||
| include Simplified BSD License text as described in Section 4.e of | described in Section 4.e of the Trust Legal Provisions and are | |||
| the Trust Legal Provisions and are provided without warranty as | provided without warranty as described in the Revised BSD License. | |||
| described in the Simplified BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Peering Relationships . . . . . . . . . . . . . . . . . . 4 | 2.1. Peering Relationships . . . . . . . . . . . . . . . . . . 4 | |||
| 3. BGP Role . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3. BGP Role . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. BGP Role Capability . . . . . . . . . . . . . . . . . . . 5 | 3.1. BGP Role Capability . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. Role Correctness . . . . . . . . . . . . . . . . . . . . 6 | 3.2. Role Correctness . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. BGP Only to Customer (OTC) Attribute . . . . . . . . . . . . 7 | 4. BGP Only to Customer (OTC) Attribute . . . . . . . . . . . . 8 | |||
| 5. Additional Considerations . . . . . . . . . . . . . . . . . . 9 | 5. Additional Considerations . . . . . . . . . . . . . . . . . . 10 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 12 | 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 13 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 1. Introduction | 1. Introduction | |||
| Route leaks are the propagation of BGP prefixes that violate | Route leaks are the propagation of BGP prefixes that violate | |||
| assumptions of BGP topology relationships, e.g., announcing a route | assumptions of BGP topology relationships, e.g., announcing a route | |||
| learned from one transit provider to another transit provider or a | learned from one transit provider to another transit provider or a | |||
| lateral (i.e., non-transit) peer or announcing a route learned from | lateral (i.e., non-transit) peer or announcing a route learned from | |||
| one lateral peer to another lateral peer or a transit provider | one lateral peer to another lateral peer or a transit provider | |||
| [RFC7908]. These are usually the result of misconfigured or absent | [RFC7908]. These are usually the result of misconfigured or absent | |||
| BGP route filtering or lack of coordination between autonomous | BGP route filtering or lack of coordination between autonomous | |||
| skipping to change at page 4, line 9 ¶ | skipping to change at page 4, line 7 ¶ | |||
| action being described is to be performed, and "remote AS" is the AS | action being described is to be performed, and "remote AS" is the AS | |||
| at the other end of the eBGP session in consideration. | at the other end of the eBGP session in consideration. | |||
| The use of the term "route is ineligible" in this document has the | The use of the term "route is ineligible" in this document has the | |||
| same meaning as in [RFC4271], i.e., "route is ineligible to be | same meaning as in [RFC4271], i.e., "route is ineligible to be | |||
| installed in Loc-RIB and will be excluded from the next phase of | installed in Loc-RIB and will be excluded from the next phase of | |||
| route selection." | route selection." | |||
| 2.1. Peering Relationships | 2.1. Peering Relationships | |||
| The terms defined and used in this document (see below) do not | The terms for peering relationships defined and used in this document | |||
| necessarily represent business relationships based on payment | (see below) do not necessarily represent business relationships based | |||
| agreements. These terms are used to represent restrictions on BGP | on payment agreements. These terms are used to represent | |||
| route propagation, sometimes known as the Gao-Rexford model [Gao]. | restrictions on BGP route propagation, sometimes known as the Gao- | |||
| The terms Provider, Customer, and Peer used here are synonymous to | Rexford model [Gao]. The terms Provider, Customer, and Peer used | |||
| the terms "transit provider", "customer", and "lateral (i.e., non- | here are synonymous to the terms "transit provider", "customer", and | |||
| transit) peer", respectively, used in [RFC7908]. | "lateral (i.e., non-transit) peer", respectively, used in [RFC7908]. | |||
| The following is a list of BGP Roles for eBGP peering and the | The following is a list of BGP Roles for eBGP peering and the | |||
| corresponding rules for route propagation: | corresponding rules for route propagation: | |||
| Provider: MAY propagate any available route to a Customer. | Provider: MAY propagate any available route to a Customer. | |||
| Customer: MAY propagate any route learned from a Customer, or | Customer: MAY propagate any route learned from a Customer, or | |||
| locally originated, to a Provider. All other routes MUST NOT be | locally originated, to a Provider. All other routes MUST NOT be | |||
| propagated. | propagated. | |||
| skipping to change at page 5, line 23 ¶ | skipping to change at page 5, line 21 ¶ | |||
| The BGP Role characterizes the relationship between the eBGP speakers | The BGP Role characterizes the relationship between the eBGP speakers | |||
| forming a session. One of the Roles described below SHOULD be | forming a session. One of the Roles described below SHOULD be | |||
| configured at the local AS for each eBGP session (see definitions in | configured at the local AS for each eBGP session (see definitions in | |||
| Section 2) based on the local AS's knowledge of its Role. The only | Section 2) based on the local AS's knowledge of its Role. The only | |||
| exception is when the eBGP connection is Complex (see Section 5). | exception is when the eBGP connection is Complex (see Section 5). | |||
| BGP Roles are mutually confirmed using the BGP Role Capability | BGP Roles are mutually confirmed using the BGP Role Capability | |||
| (described in Section 3.1) on each eBGP session. | (described in Section 3.1) on each eBGP session. | |||
| Allowed Roles for eBGP sessions are: | Allowed Roles for eBGP sessions are: | |||
| o Provider - the local AS is a transit Provider of the remote AS; | * Provider - the local AS is a transit Provider of the remote AS; | |||
| o Customer - the local AS is a transit Customer of the remote AS; | * Customer - the local AS is a transit Customer of the remote AS; | |||
| o RS - the local AS is a Route Server (usually at an Internet | * RS - the local AS is a Route Server (usually at an Internet | |||
| exchange point) and the remote AS is its RS-Client; | exchange point) and the remote AS is its RS-Client; | |||
| o RS-Client - the local AS is a client of an RS and the RS is the | * RS-Client - the local AS is a client of an RS and the RS is the | |||
| remote AS; | remote AS; | |||
| o Peer - the local and remote ASes are Peers (i.e., have a lateral | * Peer - the local and remote ASes are Peers (i.e., have a lateral | |||
| peering relationship). | peering relationship). | |||
| 3.1. BGP Role Capability | 3.1. BGP Role Capability | |||
| The BGP Role Capability is defined as follows: | The BGP Role Capability is defined as follows: | |||
| o Code - 9 | * Code - 9 | |||
| o Length - 1 (octet) | * Length - 1 (octet) | |||
| o Value - integer corresponding to speaker's BGP Role (see Table 1). | * Value - integer corresponding to speaker's BGP Role (see Table 1). | |||
| +-------+------------------------------+ | +=======+==============================+ | |||
| | Value | Role name (for the local AS) | | | Value | Role name (for the local AS) | | |||
| +-------+------------------------------+ | +=======+==============================+ | |||
| | 0 | Provider | | | 0 | Provider | | |||
| +-------+------------------------------+ | ||||
| | 1 | RS | | | 1 | RS | | |||
| +-------+------------------------------+ | ||||
| | 2 | RS-Client | | | 2 | RS-Client | | |||
| +-------+------------------------------+ | ||||
| | 3 | Customer | | | 3 | Customer | | |||
| | 4 | Peer (Lateral Peer) | | +-------+------------------------------+ | |||
| | 4 | Peer (i.e., Lateral Peer) | | ||||
| +-------+------------------------------+ | ||||
| | 5-255 | Unassigned | | | 5-255 | Unassigned | | |||
| +-------+------------------------------+ | +-------+------------------------------+ | |||
| Table 1: Predefined BGP Role Values | Table 1: Predefined BGP Role Values | |||
| If BGP Role is locally configured, the eBGP speaker MUST advertise | If BGP Role is locally configured, the eBGP speaker MUST advertise | |||
| BGP Role Capability in the BGP OPEN message. An eBGP speaker MUST | BGP Role Capability in the BGP OPEN message. An eBGP speaker MUST | |||
| NOT advertise multiple versions of the BGP Role Capability. The | NOT advertise multiple versions of the BGP Role Capability. The | |||
| error handling when multiple BGP Role Capabilities are received is | error handling when multiple BGP Role Capabilities are received is | |||
| described in Section 3.2. | described in Section 3.2. | |||
| 3.2. Role Correctness | 3.2. Role Correctness | |||
| Section 3.1 described how BGP Role encodes the relationship on each | Section 3.1 described how BGP Role encodes the relationship on each | |||
| eBGP session between autonomous systems (ASes). | eBGP session between autonomous systems (ASes). | |||
| The mere receipt of BGP Role Capability does not automatically | The mere receipt of BGP Role Capability does not automatically | |||
| guarantee the Role agreement between two eBGP neighbors. If the BGP | guarantee the Role agreement between two eBGP neighbors. If the BGP | |||
| Role Capability is advertised, and one is also received from the | Role Capability is advertised, and one is also received from the | |||
| peer, the Roles MUST correspond to the relationships in Table 2. If | peer, the Roles MUST correspond to the relationships in Table 2. If | |||
| the Roles do not correspond, the BGP speaker MUST reject the | the Roles do not correspond, the BGP speaker MUST reject the | |||
| connection using the Role Mismatch Notification (code 2, subcode | connection using the Role Mismatch Notification (code 2, subcode | |||
| TBD). | TBD). | |||
| +---------------+----------------+ | +===============+================+ | |||
| | Local AS Role | Remote AS Role | | | Local AS Role | Remote AS Role | | |||
| +---------------+----------------+ | +===============+================+ | |||
| | Provider | Customer | | | Provider | Customer | | |||
| +---------------+----------------+ | ||||
| | Customer | Provider | | | Customer | Provider | | |||
| +---------------+----------------+ | ||||
| | RS | RS-Client | | | RS | RS-Client | | |||
| +---------------+----------------+ | ||||
| | RS-Client | RS | | | RS-Client | RS | | |||
| +---------------+----------------+ | ||||
| | Peer | Peer | | | Peer | Peer | | |||
| +---------------+----------------+ | +---------------+----------------+ | |||
| Table 2: Allowed Pairs of Role Capabilities | Table 2: Allowed Pairs of Role | |||
| Capabilities | ||||
| For backward compatibility, if the BGP Role Capability is sent but | For backward compatibility, if the BGP Role Capability is sent but | |||
| one is not received, the BGP Speaker SHOULD ignore the absence of the | one is not received, the BGP Speaker SHOULD ignore the absence of the | |||
| BGP Role Capability and proceed with session establishment. The | BGP Role Capability and proceed with session establishment. The | |||
| locally configured BGP Role is used for the procedures described in | locally configured BGP Role is used for the procedures described in | |||
| Section 4. | Section 4. | |||
| An operator may choose to apply a "strict mode" in which the receipt | An operator may choose to apply a "strict mode" in which the receipt | |||
| of a BGP Role Capability from the remote AS is required. When | of a BGP Role Capability from the remote AS is required. When | |||
| operating in the "strict mode", if the BGP Role Capability is sent, | operating in the "strict mode", if the BGP Role Capability is sent, | |||
| but one is not received, then the connection is rejected using the | but one is not received, then the connection is rejected using the | |||
| Role Mismatch Notification (code 2, subcode TBD). See comments in | Role Mismatch Notification (code 2, subcode TBD). See comments in | |||
| Section 7. | Section 7. | |||
| If an eBGP speaker receives multiple but identical BGP Role | If an eBGP speaker receives multiple but identical BGP Role | |||
| Capabilities with the same value in each, then the speaker must | Capabilities with the same value in each, then the speaker considers | |||
| consider it to be a single BGP Role Capability and proceed [RFC5492]. | them to be a single BGP Role Capability and proceeds [RFC5492]. If | |||
| If multiple BGP Role Capabilities are received and not all of them | multiple BGP Role Capabilities are received and not all of them have | |||
| have the same value, then the BGP speaker MUST reject the connection | the same value, then the BGP speaker MUST reject the connection using | |||
| using the Role Mismatch Notification (code 2, subcode TBD). | the Role Mismatch Notification (code 2, subcode TBD). | |||
| The BGP Role value for the local AS (in conjunction with the OTC | The BGP Role value for the local AS (in conjunction with the OTC | |||
| Attribute in the received UPDATE message) is used in the route leak | Attribute in the received UPDATE message) is used in the route leak | |||
| prevention and detection procedures described in Section 4. | prevention and detection procedures described in Section 4. | |||
| 4. BGP Only to Customer (OTC) Attribute | 4. BGP Only to Customer (OTC) Attribute | |||
| The Only to Customer (OTC) Attribute is an optional transitive path | The Only to Customer (OTC) Attribute is an optional transitive path | |||
| attribute of the UPDATE message with Attribute Type Code 35 and a | attribute of the UPDATE message with Attribute Type Code 35 and a | |||
| length of 4 octets. The purpose of this attribute is to enforce that | length of 4 octets. The purpose of this attribute is to enforce that | |||
| once a route is sent to a Customer, Peer, or RS-Client, it will | once a route is sent to a Customer, Peer, or RS-Client (see | |||
| subsequently go only to Customers. The attribute value is an AS | definitions in Section 2.1), it will subsequently go only to | |||
| number (ASN) determined by the procedures described below. | Customers. The attribute value is an AS number (ASN) determined by | |||
| the procedures described below. | ||||
| The following ingress procedure applies to the processing of the OTC | The following ingress procedure applies to the processing of the OTC | |||
| Attribute on route receipt: | Attribute on route receipt: | |||
| 1. If a route with the OTC Attribute is received from a Customer or | 1. If a route with the OTC Attribute is received from a Customer or | |||
| RS-Client, then it is a route leak and MUST be considered | RS-Client, then it is a route leak and MUST be considered | |||
| ineligible (see Section 2). | ineligible (see Section 2). | |||
| 2. If a route with the OTC Attribute is received from a Peer and the | 2. If a route with the OTC Attribute is received from a Peer (i.e., | |||
| Attribute has a value that is not equal to the remote (i.e., | remote AS with a Peer Role) and the Attribute has a value that is | |||
| Peer's) AS number, then it is a route leak and MUST be considered | not equal to the remote (i.e., Peer's) AS number, then it is a | |||
| ineligible. | route leak and MUST be considered ineligible. | |||
| 3. If a route is received from a Provider, Peer, or RS, and the OTC | 3. If a route is received from a Provider, Peer, or RS, and the OTC | |||
| Attribute is not present, then it MUST be added with a value | Attribute is not present, then it MUST be added with a value | |||
| equal to the AS number of the remote AS. | equal to the AS number of the remote AS. | |||
| The following egress procedure applies to the processing of the OTC | The following egress procedure applies to the processing of the OTC | |||
| Attribute on route advertisement: | Attribute on route advertisement: | |||
| 1. If a route is to be advertised to a Customer, Peer, or RS-Client | 1. If a route is to be advertised to a Customer, Peer, or RS-Client | |||
| (when the sender is an RS), and the OTC Attribute is not present, | (when the sender is an RS), and the OTC Attribute is not present, | |||
| then an OTC Attribute MUST be added with a value equal to the AS | then when advertising the route, an OTC Attribute MUST be added | |||
| number of the local AS. | with a value equal to the AS number of the local AS. | |||
| 2. If a route already contains the OTC Attribute, it MUST NOT be | 2. If a route already contains the OTC Attribute, it MUST NOT be | |||
| propagated to Providers, Peers, or RS(s). | propagated to Providers, Peers, or RS(s). | |||
| The above-described procedures provide both leak prevention for the | The above-described procedures provide both leak prevention for the | |||
| local AS and leak detection and mitigation multiple hops away. In | local AS and leak detection and mitigation multiple hops away. In | |||
| the case of prevention at the local AS, the presence of an OTC | the case of prevention at the local AS, the presence of an OTC | |||
| Attribute indicates to the egress router that the route was learned | Attribute indicates to the egress router that the route was learned | |||
| from a Peer, Provider, or RS, and it can be advertised only to the | from a Peer, Provider, or RS, and it can be advertised only to the | |||
| customers. The same OTC Attribute which is set locally also provides | customers. The same OTC Attribute which is set locally also provides | |||
| skipping to change at page 8, line 33 ¶ | skipping to change at page 9, line 25 ¶ | |||
| receiving AS detects (based on the presence of the OTC Attribute) | receiving AS detects (based on the presence of the OTC Attribute) | |||
| that the route is a leak. | that the route is a leak. | |||
| The OTC Attribute might be set at the egress of the remote AS or at | The OTC Attribute might be set at the egress of the remote AS or at | |||
| the ingress of the local AS, i.e., if the remote AS is non-compliant | the ingress of the local AS, i.e., if the remote AS is non-compliant | |||
| with this specification, then the local AS will have to set the OTC | with this specification, then the local AS will have to set the OTC | |||
| Attribute if it is absent. In both scenarios, the OTC value will be | Attribute if it is absent. In both scenarios, the OTC value will be | |||
| the same. This makes the scheme more robust and benefits early | the same. This makes the scheme more robust and benefits early | |||
| adopters. | adopters. | |||
| If an UPDATE is received with an OTC Attribute with a length | If an eBGP speaker receives an UPDATE with an OTC Attribute with a | |||
| different from 4 octets, then the UPDATE SHALL be considered | length different from 4 octets, then the UPDATE SHALL be considered | |||
| malformed. If malformed, the UPDATE message SHALL be handled using | malformed. If malformed, the UPDATE message SHALL be handled using | |||
| the approach of "treat-as-withdraw" [RFC7606]. | the approach of treat-as-withdraw [RFC7606]. | |||
| The procedures specified in this document are NOT RECOMMENDED to be | If an UPDATE with an OTC Attribute is received in iBGP, then the | |||
| used between autonomous systems in an AS Confederation [RFC5065]. If | Attribute or UPDATE SHALL NOT be considered malformed based on the | |||
| an OTC Attribute is added on egress from the AS Confederation, its | specified length. This avoids treat-as-withdraw error handling and | |||
| value MUST equal the AS Confederation Identifier. Also, on egress | prevents the possibility of long-lived forwarding loops in iBGP | |||
| from the AS Confederation, an UPDATE MUST NOT contain an OTC | (Section 6 in [RFC7606]). It also avoids Attribute-discard error | |||
| Attribute with a value corresponding to any Member-AS Number other | handling [RFC7606] and hence route leak detection capability is not | |||
| than the AS Confederation Identifier. | compromised in case the route is propagated to eBGP neighbors. | |||
| The BGP Role negotiation and OTC Attribute based procedures specified | ||||
| in this document are NOT RECOMMENDED to be used between autonomous | ||||
| systems in an AS Confederation [RFC5065]. If an OTC Attribute is | ||||
| added on egress from the AS Confederation, its value MUST equal the | ||||
| AS Confederation Identifier. Also, on egress from the AS | ||||
| Confederation, an UPDATE MUST NOT contain an OTC Attribute with a | ||||
| value corresponding to any Member-AS Number other than the AS | ||||
| Confederation Identifier. | ||||
| The procedures specified in this document in scenarios that use | The procedures specified in this document in scenarios that use | |||
| private AS numbers behind an Internet-facing ASN (e.g., a data center | private AS numbers behind an Internet-facing ASN (e.g., a data center | |||
| network [RFC7938] or stub customer) may be used, but any details are | network [RFC7938] or stub customer) may be used, but any details are | |||
| outside the scope of this document. On egress from the Internet- | outside the scope of this document. On egress from the Internet- | |||
| facing AS, the OTC Attribute MUST NOT contain a value other than the | facing AS, the OTC Attribute MUST NOT contain a value other than the | |||
| Internet-facing ASN. | Internet-facing ASN. | |||
| Once the OTC Attribute has been set, it MUST be preserved unchanged | Once the OTC Attribute has been set, it MUST be preserved unchanged | |||
| (this also applies to an AS Confederation). | (this also applies to an AS Confederation). | |||
| The described ingress and egress procedures are applicable only for | The described ingress and egress procedures are applicable only for | |||
| unicast IPv4 and IPv6 address families and MUST NOT be applied to | the address families AFI 1 (IPv4) and AFI 2 (IPv6) with SAFI 1 | |||
| other address families by default. The operator MUST NOT have the | (unicast) in both cases and MUST NOT be applied to other address | |||
| ability to modify the procedures defined in this section. | families by default. The operator MUST NOT have the ability to | |||
| modify the procedures defined in this section. | ||||
| 5. Additional Considerations | 5. Additional Considerations | |||
| Roles MUST NOT be configured on an eBGP session with a Complex | Roles MUST NOT be configured on an eBGP session with a Complex | |||
| peering relationship. If multiple eBGP sessions can segregate the | peering relationship. If multiple eBGP sessions can segregate the | |||
| Complex peering relationship into eBGP sessions with normal peering | Complex peering relationship into eBGP sessions with normal peering | |||
| relationships, BGP Roles SHOULD be used on each of the resulting eBGP | relationships, BGP Roles SHOULD be used on each of the resulting eBGP | |||
| sessions. | sessions. | |||
| An operator may want to achieve an equivalent outcome by configuring | An operator may want to achieve an equivalent outcome by configuring | |||
| policies on a per-prefix basis to follow the definitions of peering | policies on a per-prefix basis to follow the definitions of peering | |||
| relations as described in Section 2.1. However, in this case, there | relations as described in Section 2.1. However, in this case, there | |||
| are no in-band measures to check the correctness of the per-prefix | are no in-band measures to check the correctness of the per-prefix | |||
| peering configuration. | peering configuration. | |||
| The incorrect setting of BGP Roles and/or OTC Attributes may affect | The incorrect setting of BGP Roles and/or OTC Attributes may affect | |||
| prefix propagation. Further, this document does not specify any | prefix propagation. Further, this document does not specify any | |||
| special handling of incorrect AS numbers in the OTC Attribute. | special handling of an incorrect AS number in the OTC Attribute. | |||
| In AS migration scenarios [RFC7705], a given router may represent | In AS migration scenarios [RFC7705], a given router may represent | |||
| itself as any one of several different ASes. This should not be a | itself as any one of several different ASes. This should not be a | |||
| problem since the egress procedures in Section 4 specify that the OTC | problem since the egress procedures in Section 4 specify that the OTC | |||
| Attribute is to be attached as part of route transmission. | Attribute is to be attached as part of route transmission. | |||
| Therefore, a router is expected to set the OTC value equal to the ASN | Therefore, a router is expected to set the OTC value equal to the ASN | |||
| it is currently representing itself as. | it is currently representing itself as. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| skipping to change at page 10, line 4 ¶ | skipping to change at page 11, line 10 ¶ | |||
| description for the new capability is "BGP Role". IANA has assigned | description for the new capability is "BGP Role". IANA has assigned | |||
| the value 9 [to be removed upon publication: | the value 9 [to be removed upon publication: | |||
| https://www.iana.org/assignments/capability-codes/capability- | https://www.iana.org/assignments/capability-codes/capability- | |||
| codes.xhtml]. This document is the reference for the new capability. | codes.xhtml]. This document is the reference for the new capability. | |||
| The BGP Role capability includes a Value field, for which IANA is | The BGP Role capability includes a Value field, for which IANA is | |||
| requested to create and maintain a new sub-registry called "BGP Role | requested to create and maintain a new sub-registry called "BGP Role | |||
| Value" in the Capability Codes registry. Assignments consist of a | Value" in the Capability Codes registry. Assignments consist of a | |||
| Value and a corresponding Role name. Initially, this registry is to | Value and a corresponding Role name. Initially, this registry is to | |||
| be populated with the data contained in Table 1 found in Section 3.1. | be populated with the data contained in Table 1 found in Section 3.1. | |||
| Future assignments may be made by the "IETF Review" policy as defined | Future assignments may be made by the "IETF Review" policy as defined | |||
| in [RFC8126]. The registry is as shown in Table 3. | in [RFC8126]. The registry is as shown in Table 3. | |||
| +-------+--------------------------------+---------------+ | +=======+===============================+===============+ | |||
| | Value | Role name (for the local AS) | Reference | | | Value | Role name (for the local AS) | Reference | | |||
| +-------+--------------------------------+---------------+ | +=======+===============================+===============+ | |||
| | 0 | Provider | This document | | | 0 | Provider | This document | | |||
| | 1 | RS | This document | | +-------+-------------------------------+---------------+ | |||
| | 2 | RS-Client | This document | | | 1 | RS | This document | | |||
| | 3 | Customer | This document | | +-------+-------------------------------+---------------+ | |||
| | 4 | Peer (i.e., Lateral Peer) | This document | | | 2 | RS-Client | This document | | |||
| | 5-255 | To be assigned by IETF Review | | +-------+-------------------------------+---------------+ | |||
| +-------+--------------------------------+---------------+ | | 3 | Customer | This document | | |||
| +-------+-------------------------------+---------------+ | ||||
| | 4 | Peer (i.e., Lateral Peer) | This document | | ||||
| +-------+-------------------------------+---------------+ | ||||
| | 5-255 | To be assigned by IETF Review | | | ||||
| +-------+-------------------------------+---------------+ | ||||
| Table 3: IANA Registry for BGP Role | Table 3: IANA Registry for BGP Role | |||
| IANA has registered a new OPEN Message Error subcode named the "Role | IANA has registered a new OPEN Message Error subcode named the "Role | |||
| Mismatch" (see Section 3.2) in the OPEN Message Error subcodes | Mismatch" (see Section 3.2) in the OPEN Message Error subcodes | |||
| registry. IANA has assigned the value TBD [to be removed upon | registry. IANA has assigned the value TBD [to be removed upon | |||
| publication: https://www.iana.org/assignments/bgp-parameters/bgp- | publication: https://www.iana.org/assignments/bgp-parameters/bgp- | |||
| parameters.xhtml#bgp-parameters-6]. This document is the reference | parameters.xhtml#bgp-parameters-6]. This document is the reference | |||
| for the new subcode. | for the new subcode. | |||
| skipping to change at page 13, line 7 ¶ | skipping to change at page 14, line 16 ¶ | |||
| BGP for Routing in Large-Scale Data Centers", RFC 7938, | BGP for Routing in Large-Scale Data Centers", RFC 7938, | |||
| DOI 10.17487/RFC7938, August 2016, | DOI 10.17487/RFC7938, August 2016, | |||
| <https://www.rfc-editor.org/info/rfc7938>. | <https://www.rfc-editor.org/info/rfc7938>. | |||
| [RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol | [RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol | |||
| Specification", RFC 8205, DOI 10.17487/RFC8205, September | Specification", RFC 8205, DOI 10.17487/RFC8205, September | |||
| 2017, <https://www.rfc-editor.org/info/rfc8205>. | 2017, <https://www.rfc-editor.org/info/rfc8205>. | |||
| Acknowledgments | Acknowledgments | |||
| The authors wish to thank Alvaro Retana, Andrei Robachevsky, Daniel | The authors wish to thank Alvaro Retana, Bruno Decraene, Ben | |||
| Ginsburg, Jeff Haas, Ruediger Volk, Pavel Lunin, Gyan Mishra, Ignas | Maddison, Andrei Robachevsky, Daniel Ginsburg, Jeff Haas, Ruediger | |||
| Bagdonas, Sue Hares, and John Scudder for comments, suggestions, and | Volk, Pavel Lunin, Gyan Mishra, Ignas Bagdonas, Sue Hares, and John | |||
| critique. | Scudder for review, comments, and suggestions during the course of | |||
| this work. Thanks are also due to many IESG reviewers whose comments | ||||
| greatly helped improve the clarity, accuracy, and presentation in the | ||||
| document. | ||||
| Contributors | Contributors | |||
| Brian Dickson | Brian Dickson | |||
| Independent | Independent | |||
| Email: brian.peter.dickson@gmail.com | Email: brian.peter.dickson@gmail.com | |||
| Doug Montgomery | Doug Montgomery | |||
| USA National Institute of Standards and Technology | USA National Institute of Standards and Technology | |||
| Email: dougm@nist.gov | Email: dougm@nist.gov | |||
| Authors' Addresses | Authors' Addresses | |||
| Alexander Azimov | Alexander Azimov | |||
| Qrator Labs & Yandex | Qrator Labs & Yandex | |||
| Ulitsa Lva Tolstogo 16 | Ulitsa Lva Tolstogo 16 | |||
| Moscow 119021 | Moscow | |||
| 119021 | ||||
| Russian Federation | Russian Federation | |||
| Email: a.e.azimov@gmail.com | Email: a.e.azimov@gmail.com | |||
| Eugene Bogomazov | Eugene Bogomazov | |||
| Qrator Labs | Qrator Labs | |||
| 1-y Magistralnyy tupik 5A | 1-y Magistralnyy tupik 5A | |||
| Moscow 123290 | Moscow | |||
| 123290 | ||||
| Russian Federation | Russian Federation | |||
| Email: eb@qrator.net | Email: eb@qrator.net | |||
| Randy Bush | Randy Bush | |||
| Internet Initiative Japan & Arrcus, Inc. | Internet Initiative Japan & Arrcus, Inc. | |||
| 5147 Crystal Springs | 5147 Crystal Springs | |||
| Bainbridge Island, Washington 98110 | Bainbridge Island, Washington 98110 | |||
| United States of America | United States of America | |||
| Email: randy@psg.com | Email: randy@psg.com | |||
| Keyur Patel | Keyur Patel | |||
| Arrcus | Arrcus | |||
| 2077 Gateway Place, Suite #400 | 2077 Gateway Place, Suite #400 | |||
| San Jose, CA 95119 | San Jose, CA 95119 | |||
| US | United States of America | |||
| Email: keyur@arrcus.com | Email: keyur@arrcus.com | |||
| Kotikalapudi Sriram | Kotikalapudi Sriram | |||
| USA National Institute of Standards and Technology | USA National Institute of Standards and Technology | |||
| 100 Bureau Drive | 100 Bureau Drive | |||
| Gaithersburg, MD 20899 | Gaithersburg, MD 20899 | |||
| United States of America | United States of America | |||
| Email: ksriram@nist.gov | Email: ksriram@nist.gov | |||
| End of changes. 48 change blocks. | ||||
| 94 lines changed or deleted | 123 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||