IETF Logo Mail Archive

Re: [Idr] New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt

"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Tue, 20 October 2015 15:08 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD871B35DA; Tue, 20 Oct 2015 08:08:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NECS21v4XCKK; Tue, 20 Oct 2015 08:08:13 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::737]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927E01B3471; Tue, 20 Oct 2015 08:01:54 -0700 (PDT)
Received: from SN1PR09MB0799.namprd09.prod.outlook.com (10.162.101.145) by SN1PR09MB0800.namprd09.prod.outlook.com (10.162.101.146) with Microsoft SMTP Server (TLS) id 15.1.300.14; Tue, 20 Oct 2015 15:01:36 +0000
Received: from SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) by SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) with mapi id 15.01.0300.010; Tue, 20 Oct 2015 15:01:36 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt
Thread-Index: AQHRCroALjIarZRc5UG7WVkGh6cKsZ50d37w
Date: Tue, 20 Oct 2015 15:01:35 +0000
Message-ID: <SN1PR09MB0799F875835DA02F5F89F39684390@SN1PR09MB0799.namprd09.prod.outlook.com>
References: <20151019220332.9222.33714.idtracker@ietfa.amsl.com>
In-Reply-To: <20151019220332.9222.33714.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.100]
x-microsoft-exchange-diagnostics: 1; SN1PR09MB0800; 5:dH/yMiDR9pd5dyp7VRp9t/teDChPca0DsO07Plj9b8aRQs8Bf++Y9iU0PvUcxD+UL7aniHtmqZB8mmmBWiYDwiJ7JnibQYoAAWyLdN7juC0oXG8NIASVezM2/vG9dJaFygit8V4StLeYx7DAoDx1kw==; 24:OoRGuOTTgrUq3zDSOeJ6y+C1KBGbrMYfualoS2OE7H39dU+uRBLbMY3OOK+ZZqiFz7XUi1rAAeeJqEyA+3LxfJe7F+R8eHQ97yrD77Btwig=; 20:2dpWjJGcw+pX/wQNaGAFjDfa1gVfXzuXmIsIZoY4dajxVQ8U84QzlgdOXiA6DwKztQOvJ6D0CPVC6o1aq/sLeg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR09MB0800;
x-microsoft-antispam-prvs: <SN1PR09MB08009F86AE9D4C39366837E684390@SN1PR09MB0800.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014)(51492898944892)(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001); SRVR:SN1PR09MB0800; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB0800;
x-forefront-prvs: 073515755F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(199003)(377454003)(377424004)(189002)(66066001)(122556002)(230783001)(76176999)(2501003)(189998001)(97736004)(81156007)(40100003)(5004730100002)(106116001)(11100500001)(5003600100002)(5007970100001)(101416001)(99286002)(106356001)(5008740100001)(2900100001)(19580395003)(92566002)(4001150100001)(19580405001)(87936001)(54356999)(64706001)(2950100001)(77096005)(74316001)(50986999)(5001920100001)(102836002)(86362001)(15975445007)(450100001)(10400500002)(110136002)(5001960100002)(46102003)(76576001)(2351001)(33656002)(105586002)(5002640100001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB0800; H:SN1PR09MB0799.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2015 15:01:35.9392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/CagBR0-LlQPKd2z_So-w7BS7rMo>
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 15:08:17 -0000

We (authors) have made a significant changes/updates in this new version-01 
of the route leaks solution draft. The changes are as follow:

1.  The route leak types are realigned with the new order that is used in the new 
version-03 of the route leaks definition draft that is in progress in the GROW WG:
https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-03  

2. Several comments, suggestions that were received on the mailing lists prior to Prague, 
at the IDR interim (webex) meeting in July, and at the SIDR meeting in Prague 
have been incorporated.

2. We provide a simpler, clearer description of the route leak detection algorithm (see Section 3).

3. In Section 5.1, we have added discussions of upgrade and downgrade
attack possibilities (in the absence of BGPsec security protection for the RLP bits).
This topic was discussed on the IDR list in July and 
was presented and discussed at the SIDR WG meeting in Prague.

4. Section 5.2 is new and discusses the topic “Are there cases 
when valley-free violations can be considered legitimate?’’
This question was discussed briefly at the SIDR WG meeting in Prague. 

6. Keyur Patel and Andrei Robachevsky have been contributing, and have joined in as authors.     

Sriram

-----Original Message-----
From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 
Sent: Monday, October 19, 2015 6:04 PM
To: Brian Dickson <brian.peter.dickson@gmail.com>; Montgomery, Douglas <dougm@nist.gov>; Keyur Patel <keyupate@cisco.com>; Andrei Robachevsky <robachevsky@isoc.org>; Sriram, Kotikalapudi <kotikalapudi.sriram@nist.gov>
Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt


A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-01.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository.

Name:		draft-ietf-idr-route-leak-detection-mitigation
Revision:	01
Title:		Methods for Detection and Mitigation of BGP Route Leaks
Document date:	2015-10-19
Group:		idr
Pages:		18
URL:            https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-01.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/
Htmlized:       https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-01
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-01

Abstract:
   In [I-D.ietf-grow-route-leak-problem-definition], the authors have
   provided a definition of the route leak problem, and also enumerated
   several types of route leaks.  In this document, we first examine
   which of those route-leak types are detected and mitigated by the
   existing origin validation (OV) [RFC 6811] and BGPSEC path validation
   [I-D.ietf-sidr-bgpsec-protocol].  Where the current OV and BGPSEC
   protocols don't offer a solution, this document suggests an
   enhancement that would extend the route-leak detection and mitigation
   capability of BGPSEC.  The solution can be implemented in BGP without
   necessarily tying it to BGPSEC.  Incorporating the solution in BGPSEC
   is one way of implementing it in a secure way.  We do not claim to
   have provided a solution for all possible types of route leaks, but
   the solution covers several, especially considering some significant
   route-leak attacks or occurrences that have been observed in recent
   years.  The document also includes a stopgap method for detection and
   mitigation of route leaks for the phase when BGPSEC (path validation)
   is not yet deployed but only origin validation is deployed.

v2.23.0 | Report a Bug | By Email