IETF Logo Mail Archive

[Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 23 May 2016 12:32 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A584612D7F0 for <idr@ietfa.amsl.com>; Mon, 23 May 2016 05:32:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0Ik9Fqvqf0W for <idr@ietfa.amsl.com>; Mon, 23 May 2016 05:32:02 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0092.outbound.protection.outlook.com [23.103.201.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32AB312D617 for <idr@ietf.org>; Mon, 23 May 2016 05:32:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ID1L1Ye9Q7a1lYKxsSLLwfnRxHdZxGFqEJJYoNL9VUU=; b=0dRLl+b+I1c3hUtu4MfREiX+jQqLSDJwQNu5mYhKZdpdqbYTcinmOEonwvfLYh1XEZHJY5wNjfRKNAzp8PCV910F9iwlMWB1D49NmZk9/1jHVKaxjxj9Xrgn7ydE59Chl4D7s3j3/m7qnrbTxINs1h5H4Ena7vsQVLfTTOzQhDE=
Received: from BL2PR09MB1123.namprd09.prod.outlook.com (10.167.102.151) by BL2PR09MB1121.namprd09.prod.outlook.com (10.167.102.149) with Microsoft SMTP Server (TLS) id 15.1.497.12; Mon, 23 May 2016 12:31:59 +0000
Received: from BL2PR09MB1123.namprd09.prod.outlook.com ([10.167.102.151]) by BL2PR09MB1123.namprd09.prod.outlook.com ([10.167.102.151]) with mapi id 15.01.0497.019; Mon, 23 May 2016 12:31:59 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: IDR <idr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt
Thread-Index: AQHRtOkgZGSV5fzs80aP7Sr3qJiy25/Gc+0o
Date: Mon, 23 May 2016 12:31:59 +0000
Message-ID: <BL2PR09MB11233443AD24401EF13D43AF844E0@BL2PR09MB1123.namprd09.prod.outlook.com>
References: <20160523114912.10810.33843.idtracker@ietfa.amsl.com>
In-Reply-To: <20160523114912.10810.33843.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.218.196]
x-ms-office365-filtering-correlation-id: adbc10c4-b49d-4f10-0026-08d383063c5e
x-microsoft-exchange-diagnostics: 1; BL2PR09MB1121; 5:aUHZcsuwkMhcD/bEI/Mlo/Bnh4cPyWtEH+4J2OWRWOXrRHuq6R6mkvBxo15BjPvZ8FUGbwLhk6CwdzGKTr3lo2Hg7ep6L7vxhQCTlEqK7VQ62xFueVx0zd/Cx5zt+vd8Gz91MtWRypVW6+6SltnjXA==; 24:0jstuxhtlHg2z3Emu1pK747g+JReTZTEmrltud9uCJtniVDOokDbuil8X3jgFso9tKu3iuGAgdCGuaUgxCr6h8Xy86231PPafOa2gRZLKZE=; 7:mJn0Zkz+lkhoWlNFaAxI4C0jM++iRlxk62HmJM9K8rqkhsNKzQquOPpxcSutGag2AVOnckk2dxrdYFDrLpCn27/g0qysywrW+x2jWrLak6bE+C94wtUbRnvR8DdVCtxiSRQ11YkPxbTDE/9o7ZMgDRxIP+n132UcujDLRNGk9mSb5dwrXlWWlWoymmkK582n
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR09MB1121;
x-microsoft-antispam-prvs: <BL2PR09MB1121E4573577DAC0B0FD09C9844E0@BL2PR09MB1121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BL2PR09MB1121; BCL:0; PCL:0; RULEID:; SRVR:BL2PR09MB1121;
x-forefront-prvs: 0951AB0A30
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(377424004)(10400500002)(74316001)(230783001)(6116002)(3280700002)(99286002)(2906002)(15975445007)(5004730100002)(5008740100001)(110136002)(50986999)(81166006)(106116001)(8676002)(189998001)(77096005)(54356999)(19580395003)(586003)(122556002)(107886002)(19580405001)(76176999)(86362001)(11100500001)(450100001)(3846002)(5003600100002)(1220700001)(5002640100001)(66066001)(2950100001)(102836003)(33656002)(9686002)(8936002)(76576001)(87936001)(15650500001)(3900700001)(92566002)(2900100001)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR09MB1121; H:BL2PR09MB1123.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2016 12:31:59.0520 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR09MB1121
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/kXUktu-OtR3UwRs0cChBlNM1LT4>
Subject: [Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 12:32:06 -0000

This new version is a significant improvement both in terms of substance and clarity of presentation.
It has the following substantive additions:

1. Section 3.1.1 specifies the TLV format for a new BGP RLP attribute.
  
2. It is important that the ingress and egress routers within an AS are coordinated
for route leak prevention. The new Section 3.2 “Intra-AS Messaging for Route Leak Prevention”
talks about this, and outlines the common practice amongst large ISPs with regard to this.

3. Section 5.5 discusses the topic “Per-Hop RLP Flags or Single RLP Flag per Update?”
It is observed that the Per-Hop RLP Flags method is more robust in the presence of 
partial deployment and/or faulty implementation in some ASes along the path. 
A presentation was made at IETF-95 on this topic (slides 5-9):
https://www.ietf.org/proceedings/95/slides/slides-95-idr-13.pdf 

4. Section 3.1.2 talks about how in the future the per-hop RLP encodings will be carried 
in existing BGPsec Flags to provide cryptographic protection.  

We (the authors) thank many who have provided comments so far on this work. 
Welcome further comments and suggestions.

Sriram

________________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, May 23, 2016 7:49 AM
To: Brian Dickson; Montgomery, Douglas (Fed); Keyur Patel; Andrei Robachevsky; Sriram, Kotikalapudi (Fed)
Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt

A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-03.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the
IETF repository.

Name:           draft-ietf-idr-route-leak-detection-mitigation
Revision:       03
Title:          Methods for Detection and Mitigation of BGP Route Leaks
Document date:  2016-05-23
Group:          idr
Pages:          22
URL:            https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-03.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/
Htmlized:       https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-03

Abstract:
   [I-D.ietf-grow-route-leak-problem-definition] provides a definition
   of the route leak problem, and also enumerates several types of route
   leaks.  This document first examines which of those route-leak types
   are detected and mitigated by the existing origin validation (OV)
   [RFC 6811].  It is recognized that OV offers a limited detection and
   mitigation capability against route leaks.  This document specifies
   enhancements that significantly extend the route-leak prevention,
   detection, and mitigation capabilities of BGP.  One solution
   component involves carrying a per-hop route-leak protection (RLP)
   field in BGP updates.  The RLP field is proposed be carried in a new
   optional transitive attribute, called BGP RLP attribute.  The
   solution is meant to be initially implemented as an enhancement of
   BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol].
   However, when BGPsec is deployed in the future, the solution can be
   incorporated in BGPsec, enabling cryptographic protection for the RLP
   field.  That would be one way of implementing the proposed solution
   in a secure way.  The document also includes a stopgap method for
   detection and mitigation of route leaks for an intermediate phase
   when OV is deployed but BGP protocol on the wire is unchanged.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

v2.23.0 | Report a Bug | By Email