IETF Logo Mail Archive

[Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 15 March 2016 11:48 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A565112D998; Tue, 15 Mar 2016 04:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGhQ1H0mXA76; Tue, 15 Mar 2016 04:48:28 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0100.outbound.protection.outlook.com [23.103.200.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 900E712D511; Tue, 15 Mar 2016 04:48:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=09//Z5yXT0Z6ln8u8S7gRHjCQmbWU/uM6QoQvVIUNAA=; b=UUVwlvjLi5pbsy+RB3eiqw7xQCni6DxFaeClVfM5KvIklRYOBAIHVrldcm2dJjMcICss/DQzpZSifO+LBFsu+HjVYb1d5CHGg8/hSK+6lRabjFgruLKUjz4IVhLnRS/CKyZoYB9DixYvuWukljntWN+H1ZrOhBCVQcJTTqNMj3g=
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0796.namprd09.prod.outlook.com (10.163.43.146) with Microsoft SMTP Server (TLS) id 15.1.434.16; Tue, 15 Mar 2016 11:48:27 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0434.016; Tue, 15 Mar 2016 11:48:27 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: IDR <idr@ietf.org>, sidr wg list <sidr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt
Thread-Index: AQHRfmq9jR1rsDByzU2rfNRIdonxmp9aYi5W
Date: Tue, 15 Mar 2016 11:48:27 +0000
Message-ID: <CY1PR09MB07930FB5C512626696AF695084890@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <20160315032823.16795.31687.idtracker@ietfa.amsl.com>
In-Reply-To: <20160315032823.16795.31687.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.222.4]
x-ms-office365-filtering-correlation-id: 0331b740-d91b-4031-5a58-08d34cc7b8f0
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0796; 5:NkM5vrAY1HhbYQz1x/AiDp2eQ8rQLZ2e3essb2/jaRKrakUec5qEfUOhNsjZ5+j0bZd/np9HEw2M033ilIX3VtfDIuPMyjZELm+oPSnOtgKalH6VrcDY2yQoDH146qb/N7A//VGpLRt1i46SIdxmsg==; 24:jBryFVIJiy+VV+gkPw96ga5yN8UTYrd0rAtuLq983or/J9jy/17j8olNTStACJXovVk0fgx3ehB5hj7RqWZ1bU1mjkUTBtsSXF//Mmo4x8U=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR09MB0796;
x-microsoft-antispam-prvs: <CY1PR09MB0796C059D01BFB370AEEBCA584890@CY1PR09MB0796.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:CY1PR09MB0796; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0796;
x-forefront-prvs: 08828D20BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(377424004)(1096002)(54356999)(5008740100001)(3846002)(2900100001)(15975445007)(74316001)(5004730100002)(11100500001)(230783001)(107886002)(50986999)(2950100001)(15650500001)(450100001)(10400500002)(102836003)(1220700001)(77096005)(6116002)(2906002)(76176999)(122556002)(586003)(81166005)(33656002)(106116001)(5001770100001)(3280700002)(76576001)(5003600100002)(87936001)(3660700001)(19580405001)(66066001)(3900700001)(5002640100001)(99286002)(92566002)(19580395003)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0796; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2016 11:48:27.2927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0796
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/HQ-EjGUxPglNtrlc6SEX3Lq0B18>
Subject: [Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 11:48:30 -0000

Cross posting this message on IDR and SIDR lists.

This submission ( https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02  )
is an updated version and it reflects the following changes:

1.  It is now synced up with the revised set of route-leak types in the latest definition draft
[draft-ietf-grow-route-leak-problem-definition-04].
See: https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-04  

2. Thought it would be useful to comment on combining
the results of route-leak detection, origin validation, and BGPsec (path) validation
 (when BGPsec is used in the future) for path selection decision.
Hence, added the new subsection 5.2 under “Design Rationale and Discussion” section.

3. Made editorial changes throughout to improve clarity/presentation.

4. Section 5 continues to capture key comments, questions and discussion.

Further comments/suggestions/critique welcome.

Sriram
 
________________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, March 14, 2016 11:28 PM
To: Brian Dickson; Montgomery, Douglas (Fed); Keyur Patel; Andrei Robachevsky; Sriram, Kotikalapudi (Fed)
Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt

A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-02.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the
IETF repository.

Name:           draft-ietf-idr-route-leak-detection-mitigation
Revision:       02
Title:          Methods for Detection and Mitigation of BGP Route Leaks
Document date:  2016-03-14
Group:          idr
Pages:          19
URL:            https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-02.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/
Htmlized:       https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-02

Abstract:
   In [I-D.ietf-grow-route-leak-problem-definition], the authors have
   provided a definition of the route leak problem, and also enumerated
   several types of route leaks.  In this document, we first examine
   which of those route-leak types are detected and mitigated by the
   existing origin validation (OV) [RFC 6811].  It is recognized that OV
   offers a limited detection and mitigation capability against route
   leaks.  This document proposes an enhancement that significantly
   extends the route-leak detection and mitigation capabilities of BGP.
   The solution involves carrying a per-hop route-leak protection (RLP)
   field in BGP updates.  The RLP field is proposed be carried in an
   optional transitive path attribute.  The solution is meant to be
   initially implemented as an enhancement of BGP without requiring
   BGPsec [I-D.ietf-sidr-bgpsec-protocol].  However, when BGPsec is
   deployed in the future, the solution can be incorporated in BGPsec,
   enabling cryptographic protection for the RLP field.  That would be
   one way of implementing the proposed solution in a secure way.  It is
   not claimed that the solution detects all possible types of route
   leaks but it detects several types, especially considering some
   significant route-leak occurrences that have been observed in recent
   years.  The document also includes a stopgap method for detection and
   mitigation of route leaks for an intermediate phase when OV is
   deployed but BGP protocol on the wire is unchanged.

v2.23.0 | Report a Bug | By Email