--- 1/draft-ietf-grow-bmp-12.txt 2015-07-29 02:15:01.673801093 -0700 +++ 2/draft-ietf-grow-bmp-13.txt 2015-07-29 02:15:01.725802345 -0700 @@ -1,21 +1,21 @@ Network Working Group J. Scudder, Ed. Internet-Draft Juniper Networks Intended status: Standards Track R. Fernando -Expires: January 23, 2016 Cisco Systems +Expires: January 29, 2016 Cisco Systems S. Stuart Google - July 22, 2015 + July 28, 2015 BGP Monitoring Protocol - draft-ietf-grow-bmp-12 + draft-ietf-grow-bmp-13 Abstract This document defines a protocol, BMP, that can be used to monitor BGP sessions. BMP is intended to provide a more convenient interface for obtaining route views for research purpose than the screen- scraping approach in common use today. The design goals are to keep BMP simple, useful, easily implemented, and minimally service- affecting. BMP is not suitable for use as a routing protocol. @@ -27,21 +27,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 23, 2016. + This Internet-Draft will expire on January 29, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -97,23 +97,23 @@ 10.4. BMP Termination Message TLVs . . . . . . . . . . . . . . 21 10.5. BMP Termination Message Reason Codes . . . . . . . . . . 21 10.6. BMP Peer Down Reason Codes . . . . . . . . . . . . . . . 22 10.7. Route Mirroring TLVs . . . . . . . . . . . . . . . . . . 22 10.8. BMP Route Mirroring Information Codes . . . . . . . . . 22 11. Security Considerations . . . . . . . . . . . . . . . . . . . 23 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 13.2. Informative References . . . . . . . . . . . . . . . . . 24 - Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 24 - Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 24 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 + Appendix A. Changes Between BMP Versions 1 and 2 . . . . . . . . 25 + Appendix B. Changes Between BMP Versions 2 and 3 . . . . . . . . 25 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 1. Introduction Many researchers wish to have access to the contents of routers' BGP RIBs as well as a view of protocol updates the router is receiving. This monitoring task cannot be realized by standard protocol mechanisms. Prior to introduction of BMP, this data could only be obtained through screen-scraping. The BMP protocol provides access to the Adj-RIB-In of a peer on an @@ -1014,33 +1014,47 @@ Information type values 0 through 32767 MUST be assigned using the "Standards Action" policy, and values 32768 through 65530 using the "Specification Required" policy, defined in [RFC5226]. Values 65531 through 65534 are "Experimental" and value 65535 is reserved. 11. Security Considerations This document defines a mechanism to obtain a full dump or provide continuous monitoring of a BGP speaker's local BGP table, including received BGP messages. This capability could allow an outside party - to obtain information not otherwise obtainable. + to obtain information not otherwise obtainable. For example, + although it's hard to consider the content of BGP routes in the + public Internet to be confidential, BGP is used in private contexts + as well, for example for L3VPN [RFC4364]. As another example, a + clever attacker might be able to infer the content of the monitored + router's import policy by comparing the pre-policy routes exposed by + BMP, to post-policy routes exported in BGP. Implementations of this protocol MUST require manual configuration of the monitored and monitoring devices. - Users of this protocol MAY use some type of secure transport - mechanism, such as IPSec [RFC4303] or TCP-AO [RFC5925], in order to - provide mutual authentication, data integrity and transport - protection. - Unless a transport that provides mutual authentication is used, an attacker could masquerade as the monitored router and trick a - monitoring station into accepting false information. + monitoring station into accepting false information, or could + masquerade as a monitoring station and gain unauthorized access to + BMP data. Unless a transport that provides confidentiality is used, + a passive attacker could gain access to BMP data in flight. However, + BGP is not commonly deployed over a transport providing + confidentiality, so it's debatable whether it's crucial to provide + confidentiality once the data is propagated into BMP. + + Where the security considerations outlined above are a concern, users + of this protocol should consider using some type of transport that + provides mutual authentication, data integrity and transport + protection, such as IPsec [RFC4303] or TCP-AO [RFC5925]. If + confidentiality is considered a concern, a transport providing that + as well could be selected. 12. Acknowledgements Thanks to Michael Axelrod, Tim Evens, Pierre Francois, John ji Ioannidis, John Kemp, Mack McBride, Danny McPherson, David Meyer, Dimitri Papadimitriou, Tom Petch, Robert Raszuk, Erik Romijn, and the members of the GROW working group for their comments. 13. References @@ -1050,24 +1064,28 @@ Chen, E., Scudder, J., Mohapatra, P., and K. Patel, "Revised Error Handling for BGP UPDATE Messages", draft- ietf-idr-error-handling-19 (work in progress), April 2015. [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . - [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway - Protocol 4 (BGP-4)", RFC 4271, January 2006. + [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A + Border Gateway Protocol 4 (BGP-4)", RFC 4271, + DOI 10.17487/RFC4271, January 2006, + . [RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y. Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724, DOI 10.17487/RFC4724, January 2007, . [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, . @@ -1086,20 +1104,24 @@ [RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual Conventions for Additional High Capacity Data Types", RFC 2856, DOI 10.17487/RFC2856, June 2000, . [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, DOI 10.17487/RFC4303, December 2005, . + [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private + Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February + 2006, . + [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, . Appendix A. Changes Between BMP Versions 1 and 2 o Added Peer Up Message o Added L flag o Editorial changes