idnits 2.17.1 draft-chen-grow-enhanced-as-loop-detection-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 4, 2019) is 1634 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC7606' is mentioned on line 233, but not defined == Unused Reference: 'I-D.ietf-sidrops-aspa-verification' is defined on line 262, but no explicit reference was found in the text == Unused Reference: 'RFC4760' is defined on line 279, but no explicit reference was found in the text == Unused Reference: 'RFC7854' is defined on line 289, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-sidrops-aspa-verification-01 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Chen 3 Internet-Draft China Telecom 4 Intended status: Best Current Practice D. Ma 5 Expires: May 7, 2020 ZDNS 6 Y. Gu 7 S. Zhuang 8 H. Wang 9 Huawei 10 November 4, 2019 12 Enhanced AS Loop Detection for BGP 13 draft-chen-grow-enhanced-as-loop-detection-03 15 Abstract 17 Misconfiguration and malicious manipulation of BGP AS_Path may lead 18 to route hijack. This document proposes to enhance the BGP Inbound/ 19 Outbound route processing in the case of detecting an AS loop. Two 20 options are proposed for the enhancement, a) a local check at the 21 device; b) data collection/analysis at the remote network controller/ 22 server. Both approaches are beneficial for route hijack detection. 24 Requirements Language 26 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 27 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 28 document are to be interpreted as described in RFC 2119 [RFC2119]. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on May 7, 2020. 47 Copyright Notice 49 Copyright (c) 2019 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 3. Forged AS_PATH Examples . . . . . . . . . . . . . . . . . . . 3 67 3.1. AS Loop Detected at Inbound Processing . . . . . . . . . 3 68 3.2. AS Loop Detected at Outbound Processing . . . . . . . . . 4 69 4. Enhancement to BGP Inbound/Outbound Processing . . . . . . . 5 70 4.1. Enhancement for AS Loop Detected at Inbound Process . . . 5 71 4.2. Enhancement for AS Loop Detected at Outbound Process . . 5 72 5. BMP extension for AS Loop Detection . . . . . . . . . . . . . 6 73 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 74 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 75 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 76 9. Normative References . . . . . . . . . . . . . . . . . . . . 6 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 79 1. Introduction 81 The Border Gateway Protocol (BGP) [RFC4271], as an inter-Autonomous 82 (AS) routing protocol, is used to exchange network reachability 83 information between BGP systems. As a distance-vector based 84 protocol, special mechanism is designed for BGP to avoid routing 85 loop. As stated in Section 9.1.2. of RFC4271: 87 ... 89 If the AS_PATH attribute of a BGP route contains an AS loop, the 90 BGP route should be excluded from the Phase 2 decision function. 91 AS loop detection is done by scanning the full AS path (as 92 specified in the AS_PATH attribute), and checking that the 93 autonomous system number of the local system does not appear in 94 the AS path. Operations of a BGP speaker that is configured to 95 accept routes with its own autonomous system number in the AS path 96 are outside the scope of this document. 98 ... 100 Conventionally, upon receiving an BGP Update route with as loop 101 detection, the route is simply discarded. In the case of forged-AS- 102 type BGP hijacks, which can be generated by configuration errors or 103 malicious attacks, the simple discard action can lead to large-scale 104 network connectivity issues. 106 This document proposes enhancements to BGP inbound and outbound 107 processing when detecting AS loop in order to identify possible BGP 108 hijacks. 110 2. Terminology 112 The following terminology is used in this document. 114 AS: Autonomous System 116 BGP: Border Gateway Protocol 118 ROA: Route Origin Authorization 120 ASPA: Autonomous System Provider Authorization 122 ISP: Internet Service Provider 124 BMP: BGP Monitoring Protocol 126 3. Forged AS_PATH Examples 128 3.1. AS Loop Detected at Inbound Processing 130 o Forged Case 1: AS shown in Figure 1, an upstream AS of AS64596 131 forged a route with the ASN 64596 as the origin ASN in the AS- 132 Path. 134 o Forged Case 2: AS shown in Figure 1, an upstream AS of AS64596 135 forged a route with the ASN 64596 as the transit ASN in the AS- 136 Path. 138 AS Loop Detection enhancement point 139 | 140 | x.y.z.0/24 141 | Origin AS 64600 142 v <---------------- 143 AS64595---AS64596---AS64597---AS64598---AS64599----AS64600 144 Normal Case: 145 x.y.z.0/24, AS-Path: 64598 64599 64600 147 Forged Case 1: 148 x.y.z.0/24, AS-Path: 64598 64597 150 Forged Case 2: 151 x.y.z.0/24, AS-Path: 64598 64597 64600 153 Figure 1: BGP Inbound Route Processing 155 3.2. AS Loop Detected at Outbound Processing 157 o Forged Case 3: AS shown in Figure 2, an upstream AS of AS64597 158 forged a route with the ASN 64596 as the origin ASN in the AS- 159 Path. 161 o Forged Case 4: AS shown in Figure 2, an upstream AS of AS64597 162 forged a route with the ASN 64596 as the transit ASN in the AS- 163 Path. 165 AS Loop Detection enhancement point 166 | 167 | x.y.z.0/24 168 | Origin AS 64600 169 v <---------------- 170 AS64595---AS64596---AS64597---AS64598---AS64599----AS64600 171 Normal Case: 172 <-- x.y.z.0/24, AS-Path: 64597 64598 64599 64600 174 Forged Case 3: 175 <-- x.y.z.0/24, AS-Path: 64597 64598 64596 177 Forged Case 4: 178 <-- x.y.z.0/24, AS-Path: 64597 64596 64600 180 Figure 2: BGP Outbound Route Processing 182 4. Enhancement to BGP Inbound/Outbound Processing 184 4.1. Enhancement for AS Loop Detected at Inbound Process 186 Currently, ROV [RFC6811] and ASPA verification 187 [I-D.ietf-sidrops-aspa-verification]can be adopted for BGP leak/ 188 hijack detection. However, for the forged case 1&2, the conventional 189 BGP inbound process would simply discard the routes with AS loop 190 before any further leak/hajack detection. 192 This document suggests further analysis of such routes. The analysis 193 may include mechanisms that apply to normal routes for hijack 194 detection, such as ROV, ASPA and so on. The detailed analyzing 195 mechanisms as well as the corresponding actions w.r.t. the analysis 196 are outside the scope of this document. 198 Two options of where the analysis of the inbound processing 199 enhancement takes place is proposed. 201 o Option 1: Analyze the routes with AS loop based on local database. 203 o Option 2: Collect the routes with AS loop with BMP and analyze 204 them at the remote controller/server. 206 4.2. Enhancement for AS Loop Detected at Outbound Process 208 Currently, the egress ROV can be adopted for BGP hijack detection. 209 However, for forged case 3&4, when eBGP Split-Horizon is enabled, the 210 routes with AS loop could possibly be discarded before any hijack 211 detection. 213 This document suggests further analysis of such routes. The analysis 214 may include mechanisms that apply to normal routes for hijack 215 detection, such as egress ROV, ASPA and so on. The detailed 216 analyzing mechanisms as well as the corresponding actions w.r.t. the 217 analysis are outside the scope of this document. 219 Two options of where the analysis of the outbound processing 220 enhancement takes place is proposed. 222 o Option 1: Analyze the routes with AS loop based on local database. 224 o Option 2: Collect the routes with AS loop with BMP and analyze 225 them at the remote controller/server. 227 5. BMP extension for AS Loop Detection 229 This document extends the BMP Route Mirroring message to mirror 230 routes with AS loop to the BMP Server. 232 Per RFC7854, Route Mirroring messages can be used to mirror the 233 messages that have been treated-as-withdraw [RFC7606], for debugging 234 purposes. This document defines a new code type for Type 1 235 Information TLV: 237 o Code = TBD: AS Loop Detected. An AS loop is detected for the BGP 238 route. A BGP Message TLV MUST also occur in the TLV list. 240 6. Acknowledgements 242 The authors would like to acknowledge the review and inputs from Gang 243 Yan, Zhenbin Li, Aijun Wang, Jeff Haas, Robert Raszuk, Chris Morrow, 244 Alexander Asimov, Ruediger Volk, Jescia Chen and the working group. 246 7. IANA Considerations 248 This document defines one type for information carried in the Route 249 Mirroring Information (Section 4.7 of RFC7854) code: 251 o Code = TBD: AS Path Looped. 253 8. Security Considerations 255 This document does not change the underlying security issues in the 256 BGP protocol. It however, does provide an additional mechanism to 257 protect against attacks based on the forged AS-Path in the BGP 258 routes. 260 9. Normative References 262 [I-D.ietf-sidrops-aspa-verification] 263 Azimov, A., Bogomazov, E., Patel, K., and J. Snijders, 264 "Verification of AS_PATH Using the Resource Certificate 265 Public Key Infrastructure and Autonomous System Provider 266 Authorization", draft-ietf-sidrops-aspa-verification-01 267 (work in progress), July 2019. 269 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 270 Requirement Levels", BCP 14, RFC 2119, 271 DOI 10.17487/RFC2119, March 1997, 272 . 274 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 275 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 276 DOI 10.17487/RFC4271, January 2006, 277 . 279 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 280 "Multiprotocol Extensions for BGP-4", RFC 4760, 281 DOI 10.17487/RFC4760, January 2007, 282 . 284 [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. 285 Austein, "BGP Prefix Origin Validation", RFC 6811, 286 DOI 10.17487/RFC6811, January 2013, 287 . 289 [RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP 290 Monitoring Protocol (BMP)", RFC 7854, 291 DOI 10.17487/RFC7854, June 2016, 292 . 294 Authors' Addresses 296 Huanan Chen 297 China Telecom 298 109, West Zhongshan Road, Tianhe District 299 Guangzhou 510000 300 China 302 Email: chenhn8.gd@chinatelecom.cn 304 Di Ma 305 ZDNS 306 4 South 4th St. Zhongguancun 307 Beijing, Haidian 308 China 310 Email: madi@zdns.cn 312 Yunan Gu 313 Huawei 314 Huawei Bld., No.156 Beiqing Rd. 315 Beijing 100095 316 China 318 Email: guyunan@huawei.com 319 Shunwan Zhuang 320 Huawei 321 Huawei Bld., No.156 Beiqing Rd. 322 Beijing 100095 323 China 325 Email: zhuangshunwan@huawei.com 327 Haibo Wang 328 Huawei 329 Huawei Bld., No.156 Beiqing Rd. 330 Beijing 100095 331 China 333 Email: rainsword.wang@huawei.com