[Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 23 May 2016 12:32 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A584612D7F0 for <idr@ietfa.amsl.com>; Mon, 23 May 2016 05:32:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0Ik9Fqvqf0W for <idr@ietfa.amsl.com>; Mon, 23 May 2016 05:32:02 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0092.outbound.protection.outlook.com [23.103.201.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32AB312D617 for <idr@ietf.org>; Mon, 23 May 2016 05:32:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ID1L1Ye9Q7a1lYKxsSLLwfnRxHdZxGFqEJJYoNL9VUU=; b=0dRLl+b+I1c3hUtu4MfREiX+jQqLSDJwQNu5mYhKZdpdqbYTcinmOEonwvfLYh1XEZHJY5wNjfRKNAzp8PCV910F9iwlMWB1D49NmZk9/1jHVKaxjxj9Xrgn7ydE59Chl4D7s3j3/m7qnrbTxINs1h5H4Ena7vsQVLfTTOzQhDE=
Received: from BL2PR09MB1123.namprd09.prod.outlook.com (10.167.102.151) by BL2PR09MB1121.namprd09.prod.outlook.com (10.167.102.149) with Microsoft SMTP Server (TLS) id 15.1.497.12; Mon, 23 May 2016 12:31:59 +0000
Received: from BL2PR09MB1123.namprd09.prod.outlook.com ([10.167.102.151]) by BL2PR09MB1123.namprd09.prod.outlook.com ([10.167.102.151]) with mapi id 15.01.0497.019; Mon, 23 May 2016 12:31:59 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: IDR <idr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt
Thread-Index: AQHRtOkgZGSV5fzs80aP7Sr3qJiy25/Gc+0o
Date: Mon, 23 May 2016 12:31:59 +0000
Message-ID: <BL2PR09MB11233443AD24401EF13D43AF844E0@BL2PR09MB1123.namprd09.prod.outlook.com>
References: <20160523114912.10810.33843.idtracker@ietfa.amsl.com>
In-Reply-To: <20160523114912.10810.33843.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.218.196]
x-ms-office365-filtering-correlation-id: adbc10c4-b49d-4f10-0026-08d383063c5e
x-microsoft-exchange-diagnostics: 1; BL2PR09MB1121; 5:aUHZcsuwkMhcD/bEI/Mlo/Bnh4cPyWtEH+4J2OWRWOXrRHuq6R6mkvBxo15BjPvZ8FUGbwLhk6CwdzGKTr3lo2Hg7ep6L7vxhQCTlEqK7VQ62xFueVx0zd/Cx5zt+vd8Gz91MtWRypVW6+6SltnjXA==; 24:0jstuxhtlHg2z3Emu1pK747g+JReTZTEmrltud9uCJtniVDOokDbuil8X3jgFso9tKu3iuGAgdCGuaUgxCr6h8Xy86231PPafOa2gRZLKZE=; 7:mJn0Zkz+lkhoWlNFaAxI4C0jM++iRlxk62HmJM9K8rqkhsNKzQquOPpxcSutGag2AVOnckk2dxrdYFDrLpCn27/g0qysywrW+x2jWrLak6bE+C94wtUbRnvR8DdVCtxiSRQ11YkPxbTDE/9o7ZMgDRxIP+n132UcujDLRNGk9mSb5dwrXlWWlWoymmkK582n
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR09MB1121;
x-microsoft-antispam-prvs: <BL2PR09MB1121E4573577DAC0B0FD09C9844E0@BL2PR09MB1121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BL2PR09MB1121; BCL:0; PCL:0; RULEID:; SRVR:BL2PR09MB1121;
x-forefront-prvs: 0951AB0A30
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(377424004)(10400500002)(74316001)(230783001)(6116002)(3280700002)(99286002)(2906002)(15975445007)(5004730100002)(5008740100001)(110136002)(50986999)(81166006)(106116001)(8676002)(189998001)(77096005)(54356999)(19580395003)(586003)(122556002)(107886002)(19580405001)(76176999)(86362001)(11100500001)(450100001)(3846002)(5003600100002)(1220700001)(5002640100001)(66066001)(2950100001)(102836003)(33656002)(9686002)(8936002)(76576001)(87936001)(15650500001)(3900700001)(92566002)(2900100001)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR09MB1121; H:BL2PR09MB1123.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2016 12:31:59.0520 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR09MB1121
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/kXUktu-OtR3UwRs0cChBlNM1LT4>
Subject: [Idr] Fw: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 12:32:06 -0000
This new version is a significant improvement both in terms of substance and clarity of presentation. It has the following substantive additions: 1. Section 3.1.1 specifies the TLV format for a new BGP RLP attribute. 2. It is important that the ingress and egress routers within an AS are coordinated for route leak prevention. The new Section 3.2 “Intra-AS Messaging for Route Leak Prevention” talks about this, and outlines the common practice amongst large ISPs with regard to this. 3. Section 5.5 discusses the topic “Per-Hop RLP Flags or Single RLP Flag per Update?” It is observed that the Per-Hop RLP Flags method is more robust in the presence of partial deployment and/or faulty implementation in some ASes along the path. A presentation was made at IETF-95 on this topic (slides 5-9): https://www.ietf.org/proceedings/95/slides/slides-95-idr-13.pdf 4. Section 3.1.2 talks about how in the future the per-hop RLP encodings will be carried in existing BGPsec Flags to provide cryptographic protection. We (the authors) thank many who have provided comments so far on this work. Welcome further comments and suggestions. Sriram ________________________________________ From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Monday, May 23, 2016 7:49 AM To: Brian Dickson; Montgomery, Douglas (Fed); Keyur Patel; Andrei Robachevsky; Sriram, Kotikalapudi (Fed) Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-03.txt A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-03.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-ietf-idr-route-leak-detection-mitigation Revision: 03 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2016-05-23 Group: idr Pages: 22 URL: https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-03.txt Status: https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/ Htmlized: https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-03 Abstract: [I-D.ietf-grow-route-leak-problem-definition] provides a definition of the route leak problem, and also enumerates several types of route leaks. This document first examines which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811]. It is recognized that OV offers a limited detection and mitigation capability against route leaks. This document specifies enhancements that significantly extend the route-leak prevention, detection, and mitigation capabilities of BGP. One solution component involves carrying a per-hop route-leak protection (RLP) field in BGP updates. The RLP field is proposed be carried in a new optional transitive attribute, called BGP RLP attribute. The solution is meant to be initially implemented as an enhancement of BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol]. However, when BGPsec is deployed in the future, the solution can be incorporated in BGPsec, enabling cryptographic protection for the RLP field. That would be one way of implementing the proposed solution in a secure way. The document also includes a stopgap method for detection and mitigation of route leaks for an intermediate phase when OV is deployed but BGP protocol on the wire is unchanged. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Idr] Fw: New Version Notification for draft-ietf… Sriram, Kotikalapudi (Fed)