| < draft-ietf-sidr-bgpsec-protocol-06.txt | draft-ietf-sidr-bgpsec-protocol-07.txt > | |||
|---|---|---|---|---|
| Network Working Group M. Lepinski, Ed. | Network Working Group M. Lepinski, Ed. | |||
| Internet-Draft BBN | Internet-Draft BBN | |||
| Intended status: Standards Track October 22, 2012 | Intended status: Standards Track February 25, 2013 | |||
| Expires: April 25, 2013 | Expires: August 25, 2013 | |||
| BGPSEC Protocol Specification | BGPSEC Protocol Specification | |||
| draft-ietf-sidr-bgpsec-protocol-06 | draft-ietf-sidr-bgpsec-protocol-07 | |||
| Abstract | Abstract | |||
| This document describes BGPSEC, an extension to the Border Gateway | This document describes BGPSEC, an extension to the Border Gateway | |||
| Protocol (BGP) that provides security for the path of autonomous | Protocol (BGP) that provides security for the path of autonomous | |||
| systems through which a BGP update message passes. BGPSEC is | systems through which a BGP update message passes. BGPSEC is | |||
| implemented via a new optional non-transitive BGP path attribute that | implemented via a new optional non-transitive BGP path attribute that | |||
| carries a digital signature produced by each autonomous system that | carries a digital signature produced by each autonomous system that | |||
| propagates the update message. | propagates the update message. | |||
| skipping to change at page 3, line 40 ¶ | skipping to change at page 3, line 40 ¶ | |||
| the documents referenced therein.) Any BGPSEC speaker who wishes to | the documents referenced therein.) Any BGPSEC speaker who wishes to | |||
| send BGP update messages to external peers (eBGP) containing the | send BGP update messages to external peers (eBGP) containing the | |||
| BGPSEC_Path needs to have the private key associated with an RPKI | BGPSEC_Path needs to have the private key associated with an RPKI | |||
| router certificate [10] that corresponds to the BGPSEC speaker's AS | router certificate [10] that corresponds to the BGPSEC speaker's AS | |||
| number. Note, however, that a BGPSEC speaker does not need such a | number. Note, however, that a BGPSEC speaker does not need such a | |||
| certificate in order to validate update messages containing the | certificate in order to validate update messages containing the | |||
| BGPSEC_Path attribute. | BGPSEC_Path attribute. | |||
| 2. BGPSEC Negotiation | 2. BGPSEC Negotiation | |||
| This document defines two new BGP capabilities [6] that allow a BGP | This document defines a new BGP capability [6] that allows a BGP | |||
| speaker to advertise to a neighbor the ability (respectively) to send | speaker to advertise to a neighbor the ability to send or to receive | |||
| or to receive BGPSEC update messages (i.e., update messages | BGPSEC update messages (i.e., update messages containing the | |||
| containing the BGPSEC_Path attribute). | BGPSEC_Path attribute). | |||
| 2.1. BGPSEC Send Capability | 2.1. The BGPSEC Capability | |||
| This capability has capability code : TBD | This capability has capability code : TBD | |||
| The capability length for this capability MUST be set to 3. | The capability length for this capability MUST be set to 3. | |||
| The three octets of the capability value are specified as follows. | The three octets of the capability value are specified as follows. | |||
| BGPSEC Send Capability Value: | BGPSEC Send Capability Value: | |||
| 0 1 2 3 4 5 6 7 | 0 1 2 3 4 5 6 7 | |||
| +---------------------------------------+ | +---------------------------------------+ | |||
| | Version | Reserved | | | Version | Dir | Reserved | | |||
| +---------------------------------------+ | +---------------------------------------+ | |||
| | | | | | | |||
| +------ AFI -----+ | +------ AFI -----+ | |||
| | | | | | | |||
| +---------------------------------------+ | +---------------------------------------+ | |||
| The first four bits of the first octet indicate the version of BGPSEC | The first four bits of the first octet indicate the version of BGPSEC | |||
| for which the BGP speaker is advertising support. This document | for which the BGP speaker is advertising support. This document | |||
| defines only BGPSEC version 0 (all four bits set to zero). Other | defines only BGPSEC version 0 (all four bits set to zero). Other | |||
| versions of BGPSEC may be defined in future documents. A BGPSEC | versions of BGPSEC may be defined in future documents. A BGPSEC | |||
| speaker MAY advertise support for multiple versions of BGPSEC by | speaker MAY advertise support for multiple versions of BGPSEC by | |||
| including multiple versions of the BGPSEC capability in its BGP OPEN | including multiple versions of the BGPSEC capability in its BGP OPEN | |||
| message. | message. | |||
| The remaining four bits of the first octet are reserved for future | The fifth bit of the first octet is a direction bit which indicates | |||
| use. These bits are set to zero by the sender of the capability and | whether the BGP speaker is advertising the capability to send BGPSEC | |||
| ignored by the receiver of the capability. | update message or receive BGPSEC update messages. The BGP speaker | |||
| sets this bit to 0 to indicate the capability to receive BGPSEC | ||||
| The second and third octets contain the 16-bit Address Family | update messages. The BGP speaker sets this bit to 1 to indicate the | |||
| Identifier (AFI) which indicates the address family for which the | capability to send BGPSEC update messages. | |||
| BGPSEC speaker is advertising support for BGPSEC. This document only | ||||
| specifies BGPSEC for use with two address families, IPv4 and IPv6, | ||||
| AFI values 1 and 2 respectively. BGPSEC for use with other address | ||||
| families may be specified in future documents. | ||||
| 2.2. BGPSEC Receive Capability | ||||
| This capability has capability code : TBD | ||||
| The capability length for this capability MUST be set to 3. | ||||
| The three octets of the capability value are specified as follows. | ||||
| BGPSEC Receive Capability Value: | ||||
| 0 1 2 3 4 5 6 7 | ||||
| +---------------------------------------+ | ||||
| | Version | Reserved | | ||||
| +---------------------------------------+ | ||||
| | | | ||||
| | AFI | | ||||
| | | | ||||
| +---------------------------------------+ | ||||
| The first four bits of the first octet indicate the version of BGPSEC | ||||
| for which the BGP speaker is advertising support. This document | ||||
| defines only BGPSEC version 0 (all four bits set to zero). Other | ||||
| versions of BGPSEC may be defined in future documents. A BGPSEC | ||||
| speaker MAY advertise support for multiple versions of BGPSEC by | ||||
| including multiple versions of the BGPSEC capability in its BGP OPEN | ||||
| message. | ||||
| The remaining four bits of the first octet are reserved for future | The remaining three bits of the first octet are reserved for future | |||
| use. These bits are set to zero by the sender of the capability and | use. These bits are set to zero by the sender of the capability and | |||
| ignored by the receiver of the capability. | ignored by the receiver of the capability. | |||
| The second and third octets contain the 16-bit Address Family | The second and third octets contain the 16-bit Address Family | |||
| Identifier (AFI) which indicates the address family for which the | Identifier (AFI) which indicates the address family for which the | |||
| BGPSEC speaker is advertising BGPSEC support. This document only | BGPSEC speaker is advertising support for BGPSEC. This document only | |||
| specifies BGPSEC for use with two address families, IPv4 and IPv6, | specifies BGPSEC for use with two address families, IPv4 and IPv6, | |||
| AFI values 1 and 2 respectively. BGPSEC for use with other address | AFI values 1 and 2 respectively. BGPSEC for use with other address | |||
| families may be specified in future documents. | families may be specified in future documents. | |||
| 2.3. Negotiating BGPSEC Support | 2.2. Negotiating BGPSEC Support | |||
| A BGP speaker sends the BGPSEC Send Capability (see Section 2.1) in | In order to indicate that a BGP speaker is willing to send BGPSEC | |||
| order to indicate that the speaker is willing to send BGP update | update messages (for a particular address family), a BGP speaker | |||
| messages containing the BGPSEC_Path attribute (for a particular | sends the BGPSEC Capability (see Section 2.1) with the Direction bit | |||
| address family). A BGP speaker sends the BGPSEC Receive Capability | (the fifth bit of the first octet) set to 1. In order to indicate | |||
| (see Section 2.2) in order to indicate that the speaker is willing to | that the speaker is willing to receive BGP update messages containing | |||
| receive messages containing the BPGSEC_Path attribute. | the BGPSEC_Path attribute (for a particular address family), a BGP | |||
| speaker sends the BGPSEC capability with the Direction bit set to 0. | ||||
| In order to advertise the capability to both send and receive BGPSEC | ||||
| update messages, the BGP speaker sends two copies of the BGPSEC | ||||
| capability (one with the direction bit set to 0 and one with the | ||||
| direction bit set to 1). | ||||
| Note that if the BGPSEC speaker wishes to use BGPSEC with two | Similarly, if a BGP speaker wishes to use BGPSEC with two different | |||
| different address families (i.e., IPv4 and IPv6) over the same BGP | address families (i.e., IPv4 and IPv6) over the same BGP session, | |||
| session, then the speaker includes two instances of this capability | then the speaker includes two instances of this capability (one for | |||
| (one for each address family) in the BGP OPEN message. A BGPSEC | each address family) in the BGP OPEN message. A BGP speaker SHOULD | |||
| speaker SHOULD NOT advertise the capability of BGPSEC support for a | NOT advertise the capability of BGPSEC support for a particular AFI | |||
| particular AFI unless it has also advertised the multiprotocol | unless it has also advertised the multiprotocol extension capability | |||
| extension capability for the same AFI combination [3]. | for the same AFI combination [3]. | |||
| In a session where BGP session, a peer is permitted to send update | In a session where BGP session, a peer is permitted to send update | |||
| messages containing the BGPSEC_Path attribute if, and only if: | messages containing the BGPSEC_Path attribute if, and only if: | |||
| o The given peer has sent the BGPSEC Send Capability for a | o The given peer has sent the BGPSEC capability for a particular | |||
| particular version of BGPSEC and a particular address family; and | version of BGPSEC and a particular address family with the | |||
| Direction bit set to 1; and | ||||
| o The other peer has sent the BGPSEC Receive Capability for the same | o The other peer has sent the BGPSEC capability for the same version | |||
| version of BGPSEC and the same address family. | of BGPSEC and the same address family with the Direction bit set | |||
| to 0. | ||||
| In such a session, we say that the use of (the particular version of) | In such a session, we say that the use of (the particular version of) | |||
| BGPSEC has been negotiated (for a particular address family). BGP | BGPSEC has been negotiated (for a particular address family). BGP | |||
| update messages without the BGPSEC_PATH attribute MAY be sent within | update messages without the BGPSEC_PATH attribute MAY be sent within | |||
| a session regardless of whether or not the use of BGPSEC is | a session regardless of whether or not the use of BGPSEC is | |||
| successfully negotiated. However, if BGPSEC is not successfully | successfully negotiated. However, if BGPSEC is not successfully | |||
| negotiated, then BGP update messages containing the BGPSEC_PATH | negotiated, then BGP update messages containing the BGPSEC_PATH | |||
| attribute MUST NOT be sent. | attribute MUST NOT be sent. | |||
| This document defines the behavior of implementations in the case | This document defines the behavior of implementations in the case | |||
| where BGPSEC version zero is the only version that has been | where BGPSEC version zero is the only version that has been | |||
| successfully negotiated. If there exist multiple versions have | successfully negotiated. If there exist multiple versions have | |||
| BGPSEC that are negotiated for a particular session, the behavior of | BGPSEC that are negotiated for a particular session, the behavior of | |||
| the peers (e.g., which version of BGPSEC shall actually be used) will | the peers (e.g., which version of BGPSEC shall actually be used) will | |||
| be specified in a future document. | be specified in a future document. | |||
| BGPSEC cannot provide meaningful security guarantees without support | BGPSEC cannot provide meaningful security guarantees without support | |||
| for four-byte AS numbers. Therefore, any BGP speaker that announces | for four-byte AS numbers. Therefore, any BGP speaker that announces | |||
| the capability to send BGPSEC messages, MUST also announce the | the BGPSEC capability, MUST also announce the capability for four- | |||
| capability for four-byte AS support [4]. If a BGP speaker sends the | byte AS support [4]. If a BGP speaker sends the BGPSEC capability | |||
| BGPSEC send capability but not the four-byte AS support capability | but not the four-byte AS support capability then BGPSEC has not been | |||
| then BGPSEC has not been successfully negotiated, and update messages | successfully negotiated, and update messages containing the | |||
| containing the BGPSEC_Path attribute MUST NOT be sent within such a | BGPSEC_Path attribute MUST NOT be sent within such a session. | |||
| session. | ||||
| Note that BGPSEC update messages can be quite large, therefore any | Note that BGPSEC update messages can be quite large, therefore any | |||
| BGPSEC speaker announcing the capability to receive BGPSEC messages | BGPSEC speaker announcing the capability to receive BGPSEC messages | |||
| SHOULD also announce support for the capability to receive BGP | SHOULD also announce support for the capability to receive BGP | |||
| extended messages [9]. | extended messages [9]. | |||
| 3. The BGPSEC_Path Attribute | 3. The BGPSEC_Path Attribute | |||
| The BGPSEC_Path attribute is a new optional non-transitive BGP path | The BGPSEC_Path attribute is a new optional non-transitive BGP path | |||
| attribute. | attribute. | |||
| skipping to change at page 35, line 25 ¶ | skipping to change at page 35, line 25 ¶ | |||
| Author's Address | Author's Address | |||
| Matthew Lepinski (editor) | Matthew Lepinski (editor) | |||
| BBN | BBN | |||
| 10 Moulton St | 10 Moulton St | |||
| Cambridge, MA 55409 | Cambridge, MA 55409 | |||
| US | US | |||
| Phone: +1 617 873 5939 | Phone: +1 617 873 5939 | |||
| Email: mlepinski@bbn.com | Email: mlepinski.ietf@gmail.com | |||
| End of changes. 16 change blocks. | ||||
| 73 lines changed or deleted | 48 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||