draft-ietf-grow-bmp-12.txt   draft-ietf-grow-bmp-13.txt 
Network Working Group J. Scudder, Ed. Network Working Group J. Scudder, Ed.
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Standards Track R. Fernando Intended status: Standards Track R. Fernando
Expires: January 23, 2016 Cisco Systems Expires: January 29, 2016 Cisco Systems
S. Stuart S. Stuart
Google Google
July 22, 2015 July 28, 2015
BGP Monitoring Protocol BGP Monitoring Protocol
draft-ietf-grow-bmp-12 draft-ietf-grow-bmp-13
Abstract Abstract
This document defines a protocol, BMP, that can be used to monitor This document defines a protocol, BMP, that can be used to monitor
BGP sessions. BMP is intended to provide a more convenient interface BGP sessions. BMP is intended to provide a more convenient interface
for obtaining route views for research purpose than the screen- for obtaining route views for research purpose than the screen-
scraping approach in common use today. The design goals are to keep scraping approach in common use today. The design goals are to keep
BMP simple, useful, easily implemented, and minimally service- BMP simple, useful, easily implemented, and minimally service-
affecting. BMP is not suitable for use as a routing protocol. affecting. BMP is not suitable for use as a routing protocol.
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 23, 2016. This Internet-Draft will expire on January 29, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 14 skipping to change at page 3, line 14
10.4. BMP Termination Message TLVs . . . . . . . . . . . . . . 21 10.4. BMP Termination Message TLVs . . . . . . . . . . . . . . 21
10.5. BMP Termination Message Reason Codes . . . . . . . . . . 21 10.5. BMP Termination Message Reason Codes . . . . . . . . . . 21
10.6. BMP Peer Down Reason Codes . . . . . . . . . . . . . . . 22 10.6. BMP Peer Down Reason Codes . . . . . . . . . . . . . . . 22
10.7. Route Mirroring TLVs . . . . . . . . . . . . . . . . . . 22 10.7. Route Mirroring TLVs . . . . . . . . . . . . . . . . . . 22
10.8. BMP Route Mirroring Information Codes . . . . . . . . . 22 10.8. BMP Route Mirroring Information Codes . . . . . . . . . 22
11. Security Considerations . . . . . . . . . . . . . . . . . . . 23 11. Security Considerations . . . . . . . . . . . . . . . . . . . 23
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23
13.1. Normative References . . . . . . . . . . . . . . . . . . 23 13.1. Normative References . . . . . . . . . . . . . . . . . . 23
13.2. Informative References . . . . . . . . . . . . . . . . . 24 13.2. Informative References . . . . . . . . . . . . . . . . . 24
Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 24 Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 25
Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 24 Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
Many researchers wish to have access to the contents of routers' BGP Many researchers wish to have access to the contents of routers' BGP
RIBs as well as a view of protocol updates the router is receiving. RIBs as well as a view of protocol updates the router is receiving.
This monitoring task cannot be realized by standard protocol This monitoring task cannot be realized by standard protocol
mechanisms. Prior to introduction of BMP, this data could only be mechanisms. Prior to introduction of BMP, this data could only be
obtained through screen-scraping. obtained through screen-scraping.
The BMP protocol provides access to the Adj-RIB-In of a peer on an The BMP protocol provides access to the Adj-RIB-In of a peer on an
skipping to change at page 23, line 10 skipping to change at page 23, line 10
Information type values 0 through 32767 MUST be assigned using the Information type values 0 through 32767 MUST be assigned using the
"Standards Action" policy, and values 32768 through 65530 using the "Standards Action" policy, and values 32768 through 65530 using the
"Specification Required" policy, defined in [RFC5226]. Values 65531 "Specification Required" policy, defined in [RFC5226]. Values 65531
through 65534 are "Experimental" and value 65535 is reserved. through 65534 are "Experimental" and value 65535 is reserved.
11. Security Considerations 11. Security Considerations
This document defines a mechanism to obtain a full dump or provide This document defines a mechanism to obtain a full dump or provide
continuous monitoring of a BGP speaker's local BGP table, including continuous monitoring of a BGP speaker's local BGP table, including
received BGP messages. This capability could allow an outside party received BGP messages. This capability could allow an outside party
to obtain information not otherwise obtainable. to obtain information not otherwise obtainable. For example,
although it's hard to consider the content of BGP routes in the
public Internet to be confidential, BGP is used in private contexts
as well, for example for L3VPN [RFC4364]. As another example, a
clever attacker might be able to infer the content of the monitored
router's import policy by comparing the pre-policy routes exposed by
BMP, to post-policy routes exported in BGP.
Implementations of this protocol MUST require manual configuration of Implementations of this protocol MUST require manual configuration of
the monitored and monitoring devices. the monitored and monitoring devices.
Users of this protocol MAY use some type of secure transport
mechanism, such as IPSec [RFC4303] or TCP-AO [RFC5925], in order to
provide mutual authentication, data integrity and transport
protection.
Unless a transport that provides mutual authentication is used, an Unless a transport that provides mutual authentication is used, an
attacker could masquerade as the monitored router and trick a attacker could masquerade as the monitored router and trick a
monitoring station into accepting false information. monitoring station into accepting false information, or could
masquerade as a monitoring station and gain unauthorized access to
BMP data. Unless a transport that provides confidentiality is used,
a passive attacker could gain access to BMP data in flight. However,
BGP is not commonly deployed over a transport providing
confidentiality, so it's debatable whether it's crucial to provide
confidentiality once the data is propagated into BMP.
Where the security considerations outlined above are a concern, users
of this protocol should consider using some type of transport that
provides mutual authentication, data integrity and transport
protection, such as IPsec [RFC4303] or TCP-AO [RFC5925]. If
confidentiality is considered a concern, a transport providing that
as well could be selected.
12. Acknowledgements 12. Acknowledgements
Thanks to Michael Axelrod, Tim Evens, Pierre Francois, John ji Thanks to Michael Axelrod, Tim Evens, Pierre Francois, John ji
Ioannidis, John Kemp, Mack McBride, Danny McPherson, David Meyer, Ioannidis, John Kemp, Mack McBride, Danny McPherson, David Meyer,
Dimitri Papadimitriou, Tom Petch, Robert Raszuk, Erik Romijn, and the Dimitri Papadimitriou, Tom Petch, Robert Raszuk, Erik Romijn, and the
members of the GROW working group for their comments. members of the GROW working group for their comments.
13. References 13. References
skipping to change at page 23, line 46 skipping to change at page 24, line 11
Chen, E., Scudder, J., Mohapatra, P., and K. Patel, Chen, E., Scudder, J., Mohapatra, P., and K. Patel,
"Revised Error Handling for BGP UPDATE Messages", draft- "Revised Error Handling for BGP UPDATE Messages", draft-
ietf-idr-error-handling-19 (work in progress), April 2015. ietf-idr-error-handling-19 (work in progress), April 2015.
[RFC1213] McCloghrie, K. and M. Rose, "Management Information Base [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II", for Network Management of TCP/IP-based internets: MIB-II",
STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991,
<http://www.rfc-editor.org/info/rfc1213>. <http://www.rfc-editor.org/info/rfc1213>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Protocol 4 (BGP-4)", RFC 4271, January 2006. Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006,
<http://www.rfc-editor.org/info/rfc4271>.
[RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y. [RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y.
Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724, Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724,
DOI 10.17487/RFC4724, January 2007, DOI 10.17487/RFC4724, January 2007,
<http://www.rfc-editor.org/info/rfc4724>. <http://www.rfc-editor.org/info/rfc4724>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008, DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>. <http://www.rfc-editor.org/info/rfc5226>.
skipping to change at page 24, line 36 skipping to change at page 25, line 5
[RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual [RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual
Conventions for Additional High Capacity Data Types", Conventions for Additional High Capacity Data Types",
RFC 2856, DOI 10.17487/RFC2856, June 2000, RFC 2856, DOI 10.17487/RFC2856, June 2000,
<http://www.rfc-editor.org/info/rfc2856>. <http://www.rfc-editor.org/info/rfc2856>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005, RFC 4303, DOI 10.17487/RFC4303, December 2005,
<http://www.rfc-editor.org/info/rfc4303>. <http://www.rfc-editor.org/info/rfc4303>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <http://www.rfc-editor.org/info/rfc4364>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, DOI 10.17487/RFC5925, Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <http://www.rfc-editor.org/info/rfc5925>. June 2010, <http://www.rfc-editor.org/info/rfc5925>.
Appendix A. Changes Between BMP Versions 1 and 2 Appendix A. Changes Between BMP Versions 1 and 2
o Added Peer Up Message o Added Peer Up Message
o Added L flag o Added L flag
o Editorial changes o Editorial changes
 End of changes. 11 change blocks. 
17 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/