| draft-ietf-grow-bmp-12.txt | draft-ietf-grow-bmp-13.txt | |||
|---|---|---|---|---|
| Network Working Group J. Scudder, Ed. | Network Working Group J. Scudder, Ed. | |||
| Internet-Draft Juniper Networks | Internet-Draft Juniper Networks | |||
| Intended status: Standards Track R. Fernando | Intended status: Standards Track R. Fernando | |||
| Expires: January 23, 2016 Cisco Systems | Expires: January 29, 2016 Cisco Systems | |||
| S. Stuart | S. Stuart | |||
| July 22, 2015 | July 28, 2015 | |||
| BGP Monitoring Protocol | BGP Monitoring Protocol | |||
| draft-ietf-grow-bmp-12 | draft-ietf-grow-bmp-13 | |||
| Abstract | Abstract | |||
| This document defines a protocol, BMP, that can be used to monitor | This document defines a protocol, BMP, that can be used to monitor | |||
| BGP sessions. BMP is intended to provide a more convenient interface | BGP sessions. BMP is intended to provide a more convenient interface | |||
| for obtaining route views for research purpose than the screen- | for obtaining route views for research purpose than the screen- | |||
| scraping approach in common use today. The design goals are to keep | scraping approach in common use today. The design goals are to keep | |||
| BMP simple, useful, easily implemented, and minimally service- | BMP simple, useful, easily implemented, and minimally service- | |||
| affecting. BMP is not suitable for use as a routing protocol. | affecting. BMP is not suitable for use as a routing protocol. | |||
| skipping to change at page 1, line 38 | skipping to change at page 1, line 38 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 23, 2016. | This Internet-Draft will expire on January 29, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 14 | skipping to change at page 3, line 14 | |||
| 10.4. BMP Termination Message TLVs . . . . . . . . . . . . . . 21 | 10.4. BMP Termination Message TLVs . . . . . . . . . . . . . . 21 | |||
| 10.5. BMP Termination Message Reason Codes . . . . . . . . . . 21 | 10.5. BMP Termination Message Reason Codes . . . . . . . . . . 21 | |||
| 10.6. BMP Peer Down Reason Codes . . . . . . . . . . . . . . . 22 | 10.6. BMP Peer Down Reason Codes . . . . . . . . . . . . . . . 22 | |||
| 10.7. Route Mirroring TLVs . . . . . . . . . . . . . . . . . . 22 | 10.7. Route Mirroring TLVs . . . . . . . . . . . . . . . . . . 22 | |||
| 10.8. BMP Route Mirroring Information Codes . . . . . . . . . 22 | 10.8. BMP Route Mirroring Information Codes . . . . . . . . . 22 | |||
| 11. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | |||
| 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 | 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 24 | 13.2. Informative References . . . . . . . . . . . . . . . . . 24 | |||
| Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 24 | Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 25 | |||
| Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 24 | Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 25 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 1. Introduction | 1. Introduction | |||
| Many researchers wish to have access to the contents of routers' BGP | Many researchers wish to have access to the contents of routers' BGP | |||
| RIBs as well as a view of protocol updates the router is receiving. | RIBs as well as a view of protocol updates the router is receiving. | |||
| This monitoring task cannot be realized by standard protocol | This monitoring task cannot be realized by standard protocol | |||
| mechanisms. Prior to introduction of BMP, this data could only be | mechanisms. Prior to introduction of BMP, this data could only be | |||
| obtained through screen-scraping. | obtained through screen-scraping. | |||
| The BMP protocol provides access to the Adj-RIB-In of a peer on an | The BMP protocol provides access to the Adj-RIB-In of a peer on an | |||
| skipping to change at page 23, line 10 | skipping to change at page 23, line 10 | |||
| Information type values 0 through 32767 MUST be assigned using the | Information type values 0 through 32767 MUST be assigned using the | |||
| "Standards Action" policy, and values 32768 through 65530 using the | "Standards Action" policy, and values 32768 through 65530 using the | |||
| "Specification Required" policy, defined in [RFC5226]. Values 65531 | "Specification Required" policy, defined in [RFC5226]. Values 65531 | |||
| through 65534 are "Experimental" and value 65535 is reserved. | through 65534 are "Experimental" and value 65535 is reserved. | |||
| 11. Security Considerations | 11. Security Considerations | |||
| This document defines a mechanism to obtain a full dump or provide | This document defines a mechanism to obtain a full dump or provide | |||
| continuous monitoring of a BGP speaker's local BGP table, including | continuous monitoring of a BGP speaker's local BGP table, including | |||
| received BGP messages. This capability could allow an outside party | received BGP messages. This capability could allow an outside party | |||
| to obtain information not otherwise obtainable. | to obtain information not otherwise obtainable. For example, | |||
| although it's hard to consider the content of BGP routes in the | ||||
| public Internet to be confidential, BGP is used in private contexts | ||||
| as well, for example for L3VPN [RFC4364]. As another example, a | ||||
| clever attacker might be able to infer the content of the monitored | ||||
| router's import policy by comparing the pre-policy routes exposed by | ||||
| BMP, to post-policy routes exported in BGP. | ||||
| Implementations of this protocol MUST require manual configuration of | Implementations of this protocol MUST require manual configuration of | |||
| the monitored and monitoring devices. | the monitored and monitoring devices. | |||
| Users of this protocol MAY use some type of secure transport | ||||
| mechanism, such as IPSec [RFC4303] or TCP-AO [RFC5925], in order to | ||||
| provide mutual authentication, data integrity and transport | ||||
| protection. | ||||
| Unless a transport that provides mutual authentication is used, an | Unless a transport that provides mutual authentication is used, an | |||
| attacker could masquerade as the monitored router and trick a | attacker could masquerade as the monitored router and trick a | |||
| monitoring station into accepting false information. | monitoring station into accepting false information, or could | |||
| masquerade as a monitoring station and gain unauthorized access to | ||||
| BMP data. Unless a transport that provides confidentiality is used, | ||||
| a passive attacker could gain access to BMP data in flight. However, | ||||
| BGP is not commonly deployed over a transport providing | ||||
| confidentiality, so it's debatable whether it's crucial to provide | ||||
| confidentiality once the data is propagated into BMP. | ||||
| Where the security considerations outlined above are a concern, users | ||||
| of this protocol should consider using some type of transport that | ||||
| provides mutual authentication, data integrity and transport | ||||
| protection, such as IPsec [RFC4303] or TCP-AO [RFC5925]. If | ||||
| confidentiality is considered a concern, a transport providing that | ||||
| as well could be selected. | ||||
| 12. Acknowledgements | 12. Acknowledgements | |||
| Thanks to Michael Axelrod, Tim Evens, Pierre Francois, John ji | Thanks to Michael Axelrod, Tim Evens, Pierre Francois, John ji | |||
| Ioannidis, John Kemp, Mack McBride, Danny McPherson, David Meyer, | Ioannidis, John Kemp, Mack McBride, Danny McPherson, David Meyer, | |||
| Dimitri Papadimitriou, Tom Petch, Robert Raszuk, Erik Romijn, and the | Dimitri Papadimitriou, Tom Petch, Robert Raszuk, Erik Romijn, and the | |||
| members of the GROW working group for their comments. | members of the GROW working group for their comments. | |||
| 13. References | 13. References | |||
| skipping to change at page 23, line 46 | skipping to change at page 24, line 11 | |||
| Chen, E., Scudder, J., Mohapatra, P., and K. Patel, | Chen, E., Scudder, J., Mohapatra, P., and K. Patel, | |||
| "Revised Error Handling for BGP UPDATE Messages", draft- | "Revised Error Handling for BGP UPDATE Messages", draft- | |||
| ietf-idr-error-handling-19 (work in progress), April 2015. | ietf-idr-error-handling-19 (work in progress), April 2015. | |||
| [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base | [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base | |||
| for Network Management of TCP/IP-based internets: MIB-II", | for Network Management of TCP/IP-based internets: MIB-II", | |||
| STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, | STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, | |||
| <http://www.rfc-editor.org/info/rfc1213>. | <http://www.rfc-editor.org/info/rfc1213>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | ||||
| <http://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway | [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A | |||
| Protocol 4 (BGP-4)", RFC 4271, January 2006. | Border Gateway Protocol 4 (BGP-4)", RFC 4271, | |||
| DOI 10.17487/RFC4271, January 2006, | ||||
| <http://www.rfc-editor.org/info/rfc4271>. | ||||
| [RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y. | [RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y. | |||
| Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724, | Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724, | |||
| DOI 10.17487/RFC4724, January 2007, | DOI 10.17487/RFC4724, January 2007, | |||
| <http://www.rfc-editor.org/info/rfc4724>. | <http://www.rfc-editor.org/info/rfc4724>. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | IANA Considerations Section in RFCs", BCP 26, RFC 5226, | |||
| DOI 10.17487/RFC5226, May 2008, | DOI 10.17487/RFC5226, May 2008, | |||
| <http://www.rfc-editor.org/info/rfc5226>. | <http://www.rfc-editor.org/info/rfc5226>. | |||
| skipping to change at page 24, line 36 | skipping to change at page 25, line 5 | |||
| [RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual | [RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual | |||
| Conventions for Additional High Capacity Data Types", | Conventions for Additional High Capacity Data Types", | |||
| RFC 2856, DOI 10.17487/RFC2856, June 2000, | RFC 2856, DOI 10.17487/RFC2856, June 2000, | |||
| <http://www.rfc-editor.org/info/rfc2856>. | <http://www.rfc-editor.org/info/rfc2856>. | |||
| [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", | [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", | |||
| RFC 4303, DOI 10.17487/RFC4303, December 2005, | RFC 4303, DOI 10.17487/RFC4303, December 2005, | |||
| <http://www.rfc-editor.org/info/rfc4303>. | <http://www.rfc-editor.org/info/rfc4303>. | |||
| [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private | ||||
| Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February | ||||
| 2006, <http://www.rfc-editor.org/info/rfc4364>. | ||||
| [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | |||
| Authentication Option", RFC 5925, DOI 10.17487/RFC5925, | Authentication Option", RFC 5925, DOI 10.17487/RFC5925, | |||
| June 2010, <http://www.rfc-editor.org/info/rfc5925>. | June 2010, <http://www.rfc-editor.org/info/rfc5925>. | |||
| Appendix A. Changes Between BMP Versions 1 and 2 | Appendix A. Changes Between BMP Versions 1 and 2 | |||
| o Added Peer Up Message | o Added Peer Up Message | |||
| o Added L flag | o Added L flag | |||
| o Editorial changes | o Editorial changes | |||
| End of changes. 11 change blocks. | ||||
| 17 lines changed or deleted | 39 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||