< draft-ietf-sidr-bgpsec-overview-00.txt   draft-ietf-sidr-bgpsec-overview-01.txt >
Network Working Group M. Lepinski Network Working Group M. Lepinski
Internet Draft BBN Technologies Internet Draft BBN Technologies
Intended status: Informational S. Turner Intended status: Informational S. Turner
Expires: December 14, 2011 IECA Expires: April 30, 2012 IECA
June 15, 2011 October 31, 2011
An Overview of BGPSEC An Overview of BGPSEC
draft-ietf-sidr-bgpsec-overview-00.txt draft-ietf-sidr-bgpsec-overview-01.txt
Abstract Abstract
This document provides an overview of a security extension to the This document provides an overview of a security extension to the
Border Gateway Protocol (BGP) referred to as BGPSEC. BGPSEC improves Border Gateway Protocol (BGP) referred to as BGPSEC. BGPSEC improves
security for BGP routing. security for BGP routing.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on December 15, 2011. This Internet-Draft will expire on April 30, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 24
1. Introduction...................................................2 1. Introduction...................................................2
2. Background.....................................................3 2. Background.....................................................3
3. BGPSEC Operation...............................................4 3. BGPSEC Operation...............................................4
3.1. Negotiation of BGPSEC.....................................4 3.1. Negotiation of BGPSEC.....................................4
3.2. Update signing and validation.............................5 3.2. Update signing and validation.............................5
4. Design and Deployment Considerations...........................7 4. Design and Deployment Considerations...........................7
4.1. Disclosure of topology information........................7 4.1. Disclosure of topology information........................7
4.2. BGPSEC router assumptions.................................7 4.2. BGPSEC router assumptions.................................7
4.3. BGPSEC and consistency of externally visible data.........8 4.3. BGPSEC and consistency of externally visible data.........8
5. Security Considerations........................................8 5. Security Considerations........................................8
6. IANA Considerations............................................8 6. IANA Considerations............................................9
7. References.....................................................9 7. References.....................................................9
7.1. Normative References......................................9 7.1. Normative References......................................9
7.2. Informative References....................................9 7.2. Informative References...................................10
1. Introduction 1. Introduction
BGPSEC (Border Gateway Protocol Security) is an extension to the BGPSEC (Border Gateway Protocol Security) is an extension to the
Border Gateway Protocol (BGP) that provides improved security for BGP Border Gateway Protocol (BGP) that provides improved security for BGP
routing [RFC 4271]. routing [RFC 4271].
A comprehensive discussion of BGPSEC is provided in the following set A comprehensive discussion of BGPSEC is provided in the following set
of documents: of documents:
. [I-D.kent-bgpsec-threats]: . [I-D.sidr-bgpsec-threats]:
A threat model describing the security context in which BGPSEC A threat model describing the security context in which BGPSEC
is intended to operate. is intended to operate.
. [I-D.sidr-bgpsec-protocol]: . [I-D.sidr-bgpsec-protocol]:
A standards track document specifying the BGPSEC extension to A standards track document specifying the BGPSEC extension to
BGP. BGP.
. [I-D.ymbk-bgpsec-ops]: . [I-D.sidr-bgpsec-ops]:
An informational document describing operational considerations An informational document describing operational considerations
for BGPSEC deployment. for BGPSEC deployment.
. Certificate Profile Document (TBD) . [I-D.turner-sidr-bgpsec-pki-profiles]
A standards track document specifying a profile for X.509 A standards track document specifying a profile for X.509
certificates that bind keys used in BGPSEC to Autonomous System certificates that bind keys used in BGPSEC to Autonomous System
numbers as well as Certificate Revocation Lists (CRLs), numbers as well as Certificate Revocation Lists (CRLs),
certificate requests. certificate requests.
. Algorithms Document (TBD) . [I-D.turner-sidr-bgpsec-algs]
A standards track document specifying suites of signature and A standards track document specifying suites of signature and
digest algorithms for use in BGPSEC. digest algorithms for use in BGPSEC.
. Design Choices Document (TBD) . [I-D.sriram-bgpsec-design-choices]
An informational document describing the choices that were made An informational document describing the choices that were made
in designing BGPSEC and the reasoning behind these choices. by the author team prior to the publication of the -00 version
of draft-ietf-sidr-bgpsec-protocol. Discussion of design choices
made since the publication of the -00 can be found in the
archives of the SIDR working group mailing list.
The remainder of this document contains a brief overview of BGPSEC The remainder of this document contains a brief overview of BGPSEC
and envisioned usage. and its envisioned usage.
2. Background 2. Background
The motivation for developing BGPSEC is that BGP does not include The motivation for developing BGPSEC is that BGP does not include
mechanisms that allow an Autonomous System (AS) to verify the mechanisms that allow an Autonomous System (AS) to verify the
legitimacy and authenticity of BGP route advertisements (see for legitimacy and authenticity of BGP route advertisements (see for
example, [RFC 4272]). example, [RFC 4272]).
The Resource Public Key Infrastructure (RPKI), described in [I- The Resource Public Key Infrastructure (RPKI), described in [I-
D.sidr-arch], provides a first step towards addressing the validation D.sidr-arch], provides a first step towards addressing the validation
skipping to change at page 7, line 35 skipping to change at page 7, line 35
digital signatures to BGP update messages, which will significantly digital signatures to BGP update messages, which will significantly
increase the size of these messages. Therefore, an AS that wishes to increase the size of these messages. Therefore, an AS that wishes to
receive BGPSEC update messages will require additional memory in its receive BGPSEC update messages will require additional memory in its
routers to store (e.g., in ADJ RIBs) the data conveyed in these large routers to store (e.g., in ADJ RIBs) the data conveyed in these large
update messages. Additionally, the design of BGPSEC assumes that an update messages. Additionally, the design of BGPSEC assumes that an
AS that elects to receive BGPSEC update messages will do some AS that elects to receive BGPSEC update messages will do some
cryptographic signature verification at its edge router. This cryptographic signature verification at its edge router. This
verification will likely require additional capability in these edge verification will likely require additional capability in these edge
routers. routers.
Additionally, BGPSEC requires that all BGPSEC speakers will support
4-byte AS Numbers [RFC4893]. This is because the co-existence
strategy for 4-byte AS numbers and legacy 2-byte AS speakers that
gives special meaning to AS 23456 is incompatible with the security
the security properties that BGPSEC seeks to provide.
For this initial version of BGPSEC, optimizations to minimize the For this initial version of BGPSEC, optimizations to minimize the
size of BGPSEC updates or the processing required in edge routers size of BGPSEC updates or the processing required in edge routers
were NOT considered. Such optimizations may be considered in the were NOT considered. Such optimizations may be considered in the
future. future.
Note also that the design of BGPSEC allows an AS to send BGPSEC Note also that the design of BGPSEC allows an AS to send BGPSEC
update messages (thus obtaining protection for routes it originates) update messages (thus obtaining protection for routes it originates)
without receiving BGPSEC update messages. An AS that only sends, and without receiving BGPSEC update messages. An AS that only sends, and
does not receive, BGPSEC update messages will require much less does not receive, BGPSEC update messages will require much less
capability in its edge routers to deploy BGPSEC. In particular, a capability in its edge routers to deploy BGPSEC. In particular, a
router that only sends BGPSEC update messages does not need router that only sends BGPSEC update messages does not need
additional memory to store large updates and requires only minimal additional memory to store large updates and requires only minimal
cryptographic capability (as generating one signature per outgoing cryptographic capability (as generating one signature per outgoing
update requires less computation than verifying multiple signatures update requires less computation than verifying multiple signatures
on each incoming update message). See [I-D.ymbk-bgpsec-ops] for on each incoming update message). See [I-D.sidr-bgpsec-ops] for
further discussion related to Edge ASes that do not provide transit.) further discussion related to Edge ASes that do not provide transit.)
4.3. BGPSEC and consistency of externally visible data 4.3. BGPSEC and consistency of externally visible data
Finally note that, by design, BGPSEC prevents parties that propagate Finally note that, by design, BGPSEC prevents parties that propagate
route advertisements from including inconsistent or erroneous route advertisements from including inconsistent or erroneous
information within the AS-Path (without detection). In particular, information within the AS-Path (without detection). In particular,
this means that any deployed scenarios in which a BGP speaker this means that any deployed scenarios in which a BGP speaker
constructs such an inconsistent or erroneous AS Path attribute will constructs such an inconsistent or erroneous AS Path attribute will
break when BGPSEC is used. break when BGPSEC is used.
skipping to change at page 8, line 42 skipping to change at page 8, line 47
either need to assert a consistent AS number in all external peering either need to assert a consistent AS number in all external peering
sessions, or else it would need to add both AS 111 and AS 222 to the sessions, or else it would need to add both AS 111 and AS 222 to the
AS-Path (along with appropriate signatures) for route advertisements AS-Path (along with appropriate signatures) for route advertisements
that it receives from the first peering session and propagates within that it receives from the first peering session and propagates within
the second peering session. the second peering session.
5. Security Considerations 5. Security Considerations
This document provides an overview of BPSEC; it does not define the This document provides an overview of BPSEC; it does not define the
BGPSEC extension to BGP. The BGPSEC extension is defined in [I- BGPSEC extension to BGP. The BGPSEC extension is defined in [I-
D.lepinski-bgpsec-protocol]. The threat model for the BGPSEC is D.sidr-bgpsec-protocol]. The threat model for the BGPSEC is
described in [I-D.kent-bgpsec-threats]. described in [I-D.sidr-bgpsec-threats].
6. IANA Considerations 6. IANA Considerations
None. None.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC4271] Rekhter, Y., Li, T., and S. Hares, Eds., "A Border Gateway [RFC4271] Rekhter, Y., Li, T., and S. Hares, Eds., "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006. Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4893] Vohra, Q. and E. Chen, "BGP Support for Four-octet AS
Numbers", RFC 4893, May 2007.
[RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement
with BGP-4", RFC 5492, February 2009. with BGP-4", RFC 5492, February 2009.
[I-D.sidr-arch] Lepinski, M. and S. Kent, "An Infrastructure to [I-D.sidr-arch] Lepinski, M. and S. Kent, "An Infrastructure to
Support Secure Internet Routing", draft-ietf-sidr-arch, work-in- Support Secure Internet Routing", draft-ietf-sidr-arch, work-in-
progress. progress.
[I-D.sidr-roa-validation] Huston, G., and G. Michaelson, "Validation [I-D.sidr-roa-validation] Huston, G., and G. Michaelson, "Validation
of Route Origination using the Resource Certificate PKI and ROAs", of Route Origination using the Resource Certificate PKI and ROAs",
draft-ietf-sidr-roa-validation, work-in-progress. draft-ietf-sidr-roa-validation, work-in-progress.
[I-D.sidr-origin-ops] Bush, R., "RPKI-Based Origin Validation [I-D.sidr-origin-ops] Bush, R., "RPKI-Based Origin Validation
Operation", draft-ietf-sidr-origin-ops, work-in-progress. Operation", draft-ietf-sidr-origin-ops, work-in-progress.
[I-D.kent-bgpsec-threats] Kent, S., "Threat Model for BGP Path [I-D.sidr-bgpsec-threats] Kent, S., "Threat Model for BGP Path
Security", draft-kent-bgpsec-threats, work-in-progress. Security", draft-ietf-sidr-bgpsec-threats, work-in-progress.
[I-D.sidr-bgpsec-protocol] Lepinski, M., Ed., "BPSEC Protocol [I-D.sidr-bgpsec-protocol] Lepinski, M., Ed., "BPSEC Protocol
Specification", draft-ietf-sidr-bgpsec-protocol, work-in-progress. Specification", draft-ietf-sidr-bgpsec-protocol, work-in-progress.
[I-D.ymbk-bgpsec-ops] Bush, R., "BGPSEC Operational Considerations", [I-D.sidr-bgpsec-ops] Bush, R., "BGPSEC Operational Considerations",
draft-ymbk-bgpsec-ops, work-in-progress. draft-ietf-sidr-bgpsec-ops, work-in-progress.
[I-D.turner-sidr-bgpsec-algs] Turner, S., "BGP Algorithms, Key
Formats, & Signature Formats", draft-turner-sidr-bgpsec-algs, work-
in-progress.
[I-D.turner-sidr-bgpsec-pki-profiles] Reynolds, M. and S. Turner, S.,
"A Profile for BGPSEC Router Certificates, Certificate Revocation
Lists, and Certification Requests", draft-turner-sidr-bgpsec-pki-
profiles, work-in-progress.
7.2. Informative References 7.2. Informative References
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC
4272, January 2006 4272, January 2006
Author's' Addresses [I-D.sriram-bgpsec-design-choices] Sriram, K., "BGPSEC Design Choices
and Summary of Supporting Discussions", draft-sriram-bgpsec-design-
choices, work-in-progress.
Authors' Addresses
Matt Lepinski Matt Lepinski
BBN Technologies BBN Technologies
10 Moulton Street 10 Moulton Street
Cambridge MA 02138 Cambridge MA 02138
Email: mlepinski@bbn.com Email: mlepinski@bbn.com
Sean Turner Sean Turner
IECA, Inc. IECA, Inc.
 End of changes. 19 change blocks. 
21 lines changed or deleted 46 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/