[Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 15 March 2016 11:48 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A565112D998; Tue, 15 Mar 2016 04:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGhQ1H0mXA76; Tue, 15 Mar 2016 04:48:28 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0100.outbound.protection.outlook.com [23.103.200.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 900E712D511; Tue, 15 Mar 2016 04:48:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=09//Z5yXT0Z6ln8u8S7gRHjCQmbWU/uM6QoQvVIUNAA=; b=UUVwlvjLi5pbsy+RB3eiqw7xQCni6DxFaeClVfM5KvIklRYOBAIHVrldcm2dJjMcICss/DQzpZSifO+LBFsu+HjVYb1d5CHGg8/hSK+6lRabjFgruLKUjz4IVhLnRS/CKyZoYB9DixYvuWukljntWN+H1ZrOhBCVQcJTTqNMj3g=
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0796.namprd09.prod.outlook.com (10.163.43.146) with Microsoft SMTP Server (TLS) id 15.1.434.16; Tue, 15 Mar 2016 11:48:27 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0434.016; Tue, 15 Mar 2016 11:48:27 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: IDR <idr@ietf.org>, sidr wg list <sidr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt
Thread-Index: AQHRfmq9jR1rsDByzU2rfNRIdonxmp9aYi5W
Date: Tue, 15 Mar 2016 11:48:27 +0000
Message-ID: <CY1PR09MB07930FB5C512626696AF695084890@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <20160315032823.16795.31687.idtracker@ietfa.amsl.com>
In-Reply-To: <20160315032823.16795.31687.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.222.4]
x-ms-office365-filtering-correlation-id: 0331b740-d91b-4031-5a58-08d34cc7b8f0
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0796; 5:NkM5vrAY1HhbYQz1x/AiDp2eQ8rQLZ2e3essb2/jaRKrakUec5qEfUOhNsjZ5+j0bZd/np9HEw2M033ilIX3VtfDIuPMyjZELm+oPSnOtgKalH6VrcDY2yQoDH146qb/N7A//VGpLRt1i46SIdxmsg==; 24:jBryFVIJiy+VV+gkPw96ga5yN8UTYrd0rAtuLq983or/J9jy/17j8olNTStACJXovVk0fgx3ehB5hj7RqWZ1bU1mjkUTBtsSXF//Mmo4x8U=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR09MB0796;
x-microsoft-antispam-prvs: <CY1PR09MB0796C059D01BFB370AEEBCA584890@CY1PR09MB0796.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:CY1PR09MB0796; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0796;
x-forefront-prvs: 08828D20BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(377424004)(1096002)(54356999)(5008740100001)(3846002)(2900100001)(15975445007)(74316001)(5004730100002)(11100500001)(230783001)(107886002)(50986999)(2950100001)(15650500001)(450100001)(10400500002)(102836003)(1220700001)(77096005)(6116002)(2906002)(76176999)(122556002)(586003)(81166005)(33656002)(106116001)(5001770100001)(3280700002)(76576001)(5003600100002)(87936001)(3660700001)(19580405001)(66066001)(3900700001)(5002640100001)(99286002)(92566002)(19580395003)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0796; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2016 11:48:27.2927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0796
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/HQ-EjGUxPglNtrlc6SEX3Lq0B18>
Subject: [Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 11:48:30 -0000
Cross posting this message on IDR and SIDR lists. This submission ( https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02 ) is an updated version and it reflects the following changes: 1. It is now synced up with the revised set of route-leak types in the latest definition draft [draft-ietf-grow-route-leak-problem-definition-04]. See: https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-04 2. Thought it would be useful to comment on combining the results of route-leak detection, origin validation, and BGPsec (path) validation (when BGPsec is used in the future) for path selection decision. Hence, added the new subsection 5.2 under “Design Rationale and Discussion” section. 3. Made editorial changes throughout to improve clarity/presentation. 4. Section 5 continues to capture key comments, questions and discussion. Further comments/suggestions/critique welcome. Sriram ________________________________________ From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Monday, March 14, 2016 11:28 PM To: Brian Dickson; Montgomery, Douglas (Fed); Keyur Patel; Andrei Robachevsky; Sriram, Kotikalapudi (Fed) Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-02.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-ietf-idr-route-leak-detection-mitigation Revision: 02 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2016-03-14 Group: idr Pages: 19 URL: https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-02.txt Status: https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/ Htmlized: https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-02 Abstract: In [I-D.ietf-grow-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811]. It is recognized that OV offers a limited detection and mitigation capability against route leaks. This document proposes an enhancement that significantly extends the route-leak detection and mitigation capabilities of BGP. The solution involves carrying a per-hop route-leak protection (RLP) field in BGP updates. The RLP field is proposed be carried in an optional transitive path attribute. The solution is meant to be initially implemented as an enhancement of BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol]. However, when BGPsec is deployed in the future, the solution can be incorporated in BGPsec, enabling cryptographic protection for the RLP field. That would be one way of implementing the proposed solution in a secure way. It is not claimed that the solution detects all possible types of route leaks but it detects several types, especially considering some significant route-leak occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for an intermediate phase when OV is deployed but BGP protocol on the wire is unchanged.
- [Idr] Fw: New Version Notification for draft-ietf… Sriram, Kotikalapudi (Fed)