| draft-ietf-grow-blackholing-01.txt | draft-ietf-grow-blackholing-02.txt | |||
|---|---|---|---|---|
| Network Working Group T. King | Network Working Group T. King | |||
| Internet-Draft C. Dietzel | Internet-Draft C. Dietzel | |||
| Intended status: Standards Track DE-CIX Management GmbH | Intended status: Informational DE-CIX Management GmbH | |||
| Expires: December 31, 2016 J. Snijders | Expires: January 2, 2017 J. Snijders | |||
| NTT | NTT | |||
| G. Doering | G. Doering | |||
| SpaceNet AG | SpaceNet AG | |||
| G. Hankins | G. Hankins | |||
| Nokia | Nokia | |||
| June 29, 2016 | July 1, 2016 | |||
| BLACKHOLE BGP Community for Blackholing | BLACKHOLE BGP Community for Blackholing | |||
| draft-ietf-grow-blackholing-01 | draft-ietf-grow-blackholing-02 | |||
| Abstract | Abstract | |||
| This document describes the use of a well-known Border Gateway | This document describes the use of a well-known Border Gateway | |||
| Protocol (BGP) community for blackholing in IP networks. This well- | Protocol (BGP) community for destination based blackholing in IP | |||
| known advisory transitive BGP community, namely BLACKHOLE, allows an | networks. This well-known advisory transitive BGP community, namely | |||
| origin AS to specify that a neighboring network should blackhole a | BLACKHOLE, allows an origin AS to specify that a neighboring network | |||
| specific IP prefix. | should discard any traffic destined towards the tagged IP prefix. | |||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | |||
| be interpreted as described in [RFC2119] only when they appear in all | be interpreted as described in [RFC2119] only when they appear in all | |||
| upper case. They may also appear in lower or mixed case as English | upper case. They may also appear in lower or mixed case as English | |||
| words, without normative meaning. | words, without normative meaning. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 31, 2016. | This Internet-Draft will expire on January 2, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. BLACKHOLE Attribute . . . . . . . . . . . . . . . . . . . . . 3 | 2. BLACKHOLE Attribute . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Operational Recommendations . . . . . . . . . . . . . . . . . 3 | 3. Operational Recommendations . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. IP Prefix Announcements with BLACKHOLE Community Attached 3 | 3.1. IP Prefix Announcements with BLACKHOLE Community Attached 3 | |||
| 3.2. Local Scope of Blackholes . . . . . . . . . . . . . . . . 3 | 3.2. Local Scope of Blackholes . . . . . . . . . . . . . . . . 3 | |||
| 3.3. Accepting Blackholed IP Prefixes . . . . . . . . . . . . 4 | 3.3. Accepting Blackholed IP Prefixes . . . . . . . . . . . . 4 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | 4. Vendor Implementation Recommendations . . . . . . . . . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . 5 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 5 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 5 | ||||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 1. Introduction | 1. Introduction | |||
| Network infrastructures have been increasingly hampered by DDoS | Network infrastructures have been increasingly hampered by DDoS | |||
| attacks. In order to dampen the effects of these DDoS attacks, IP | attacks. In order to dampen the effects of these DDoS attacks, IP | |||
| networks have offered BGP blackholing to neighboring networks via | networks have offered BGP blackholing to neighboring networks via | |||
| various mechanisms such as described in [RFC3882] and [RFC5635]. | various mechanisms such as described in [RFC3882] and [RFC5635]. | |||
| skipping to change at page 4, line 20 ¶ | skipping to change at page 4, line 20 ¶ | |||
| should be as small as possible in order to limit the impact of | should be as small as possible in order to limit the impact of | |||
| discarding traffic for adjacent IP space that is not under DDoS | discarding traffic for adjacent IP space that is not under DDoS | |||
| duress. Typically, the blackhole route's prefix length is as | duress. Typically, the blackhole route's prefix length is as | |||
| specific as /32 for IPv4 and /128 for IPv6. | specific as /32 for IPv4 and /128 for IPv6. | |||
| BGP speakers SHOULD only accept and honor BGP announcements carrying | BGP speakers SHOULD only accept and honor BGP announcements carrying | |||
| the BLACKHOLE community if the announced prefix is covered by a | the BLACKHOLE community if the announced prefix is covered by a | |||
| shorter prefix for which the neighboring network is authorized to | shorter prefix for which the neighboring network is authorized to | |||
| advertise. | advertise. | |||
| 4. IANA Considerations | 4. Vendor Implementation Recommendations | |||
| Without an explicit configuration directive set by the operator, | ||||
| network elements SHOULD NOT discard traffic destined towards IP | ||||
| prefixes which are tagged with the BLACKHOLE BGP community. The | ||||
| operator is expected to explicitly configure the network element to | ||||
| honor the BLACKHOLE BGP community in a way that is compliant with the | ||||
| operator's routing policy. | ||||
| Vendors MAY provide a short-hand keyword in their configuration | ||||
| language to reference the well-known BLACKHOLE BGP community | ||||
| attribute value. The suggested string to be used is "blackhole". | ||||
| 5. IANA Considerations | ||||
| The IANA is requested to register BLACKHOLE as a well-known BGP | The IANA is requested to register BLACKHOLE as a well-known BGP | |||
| community with global significance: | community with global significance: | |||
| BLACKHOLE (= 0xFFFF029A) | BLACKHOLE (= 0xFFFF029A) | |||
| The low-order two octets in decimal are 666, amongst network | The low-order two octets in decimal are 666, amongst network | |||
| operators a value commonly associated with BGP blackholing. | operators a value commonly associated with BGP blackholing. | |||
| 5. Security Considerations | 6. Security Considerations | |||
| BGP contains no specific mechanism to prevent the unauthorized | BGP contains no specific mechanism to prevent the unauthorized | |||
| modification of information by the forwarding agent. This allows | modification of information by the forwarding agent. This allows | |||
| routing information to be modified, removed, or false information to | routing information to be modified, removed, or false information to | |||
| be added by forwarding agents. Recipients of routing information are | be added by forwarding agents. Recipients of routing information are | |||
| not able to detect this modification. Also, RPKI [RFC6810] and | not able to detect this modification. Also, RPKI [RFC6810] and | |||
| BGPSec [I-D.ietf-sidr-bgpsec-overview] do not fully resolve this | BGPSec [I-D.ietf-sidr-bgpsec-overview] do not fully resolve this | |||
| situation. For instance, BGP communities can still be added or | situation. For instance, BGP communities can still be added or | |||
| altered by a forwarding agent even if RPKI and BGPSec are in place. | altered by a forwarding agent even if RPKI and BGPSec are in place. | |||
| The BLACKHOLE BGP community does not alter this situation. | ||||
| A new additional attack vector is introduced into BGP by using the | ||||
| BLACKHOLE BGP community: denial of service attacks for IP prefixes. | ||||
| The unauthorized addition of the BLACKHOLE BGP community to an IP | The unauthorized addition of the BLACKHOLE BGP community to an IP | |||
| prefix by a forwarding agent may cause a denial of service attack | prefix by an adversery may cause a denial of service attack based on | |||
| based on denial of reachability. The denial of service will happen | denial of reachability. | |||
| if a network offering blackholing is traversed. However, denial of | ||||
| service attack vectors to BGP are not new as the injection of false | ||||
| routing information is already possible. | ||||
| In order to further limit the impact of unauthorized BGP | In order to further limit the impact of unauthorized BGP | |||
| announcements carrying the BLACKHOLE BGP community, the receiving BGP | announcements carrying the BLACKHOLE BGP community, the receiving BGP | |||
| speaker SHOULD verify by applying strict filtering (see section | speaker SHOULD verify by applying strict filtering (see section | |||
| 6.2.1.1.2. [RFC7454]) that the peer announcing the prefix is | 6.2.1.1.2. [RFC7454]) that the peer announcing the prefix is | |||
| authorized to do so. If not, the BGP announcement should be filtered | authorized to do so. If not, the BGP announcement should be filtered | |||
| out. | out. | |||
| The presence of this BLACKHOLE BGP community may introduce a resource | 7. References | |||
| exhaustion attack to BGP speakers. If a BGP speaker receives many IP | ||||
| prefixes containing the BLACKHOLE BGP community, its internal | ||||
| resources such as CPU power, memory or FIB capacity might exhaust, | ||||
| especially if usual prefix sanity checks (e.g. such as IP prefix | ||||
| length or number of prefixes) are disabled (see Section 3.3). | ||||
| 6. References | ||||
| 6.1. Normative References | 7.1. Normative References | |||
| [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | |||
| Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | |||
| <http://www.rfc-editor.org/info/rfc1997>. | <http://www.rfc-editor.org/info/rfc1997>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | Requirement Levels", BCP 14, RFC 2119, | |||
| RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| 6.2. Informative References | 7.2. Informative References | |||
| [I-D.ietf-sidr-bgpsec-overview] | [I-D.ietf-sidr-bgpsec-overview] | |||
| Lepinski, M. and S. Turner, "An Overview of BGPsec", | Lepinski, M. and S. Turner, "An Overview of BGPsec", | |||
| draft-ietf-sidr-bgpsec-overview-08 (work in progress), | draft-ietf-sidr-bgpsec-overview-08 (work in progress), | |||
| June 2016. | June 2016. | |||
| [RFC3882] Turk, D., "Configuring BGP to Block Denial-of-Service | [RFC3882] Turk, D., "Configuring BGP to Block Denial-of-Service | |||
| Attacks", RFC 3882, DOI 10.17487/RFC3882, September 2004, | Attacks", RFC 3882, DOI 10.17487/RFC3882, September 2004, | |||
| <http://www.rfc-editor.org/info/rfc3882>. | <http://www.rfc-editor.org/info/rfc3882>. | |||
| [RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole | [RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole | |||
| Filtering with Unicast Reverse Path Forwarding (uRPF)", | Filtering with Unicast Reverse Path Forwarding (uRPF)", | |||
| RFC 5635, DOI 10.17487/RFC5635, August 2009, | RFC 5635, DOI 10.17487/RFC5635, August 2009, | |||
| <http://www.rfc-editor.org/info/rfc5635>. | <http://www.rfc-editor.org/info/rfc5635>. | |||
| [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | |||
| Infrastructure (RPKI) to Router Protocol", RFC 6810, DOI | Infrastructure (RPKI) to Router Protocol", RFC 6810, | |||
| 10.17487/RFC6810, January 2013, | DOI 10.17487/RFC6810, January 2013, | |||
| <http://www.rfc-editor.org/info/rfc6810>. | <http://www.rfc-editor.org/info/rfc6810>. | |||
| [RFC7454] Durand, J., Pepelnjak, I., and G. Doering, "BGP Operations | [RFC7454] Durand, J., Pepelnjak, I., and G. Doering, "BGP Operations | |||
| and Security", BCP 194, RFC 7454, DOI 10.17487/RFC7454, | and Security", BCP 194, RFC 7454, DOI 10.17487/RFC7454, | |||
| February 2015, <http://www.rfc-editor.org/info/rfc7454>. | February 2015, <http://www.rfc-editor.org/info/rfc7454>. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| The authors would like to gratefully acknowledge many people who have | The authors would like to gratefully acknowledge many people who have | |||
| contributed discussions and ideas to the making of this proposal. | contributed discussions and ideas to the making of this proposal. | |||
| They include Petr Jiran, Yordan Kritski, Christian Seitz, Nick | They include Petr Jiran, Yordan Kritski, Christian Seitz, Nick | |||
| Hilliard, Joel Jaeggli, Christopher Morrow, Thomas Mangin, Will | Hilliard, Joel Jaeggli, Christopher Morrow, Thomas Mangin, Will | |||
| Hargrave and Niels Bakker. | Hargrave, Niels Bakker and David Farmer. | |||
| Authors' Addresses | Authors' Addresses | |||
| Thomas King | Thomas King | |||
| DE-CIX Management GmbH | DE-CIX Management GmbH | |||
| Lichtstrasse 43i | Lichtstrasse 43i | |||
| Cologne 50825 | Cologne 50825 | |||
| Germany | Germany | |||
| Email: thomas.king@de-cix.net | Email: thomas.king@de-cix.net | |||
| End of changes. 16 change blocks. | ||||
| 41 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||