idnits 2.17.1 draft-haberman-rpsl-reachable-test-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (May 27, 2010) is 5083 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IETF B. Haberman, Ed. 3 Internet-Draft JHU APL 4 Intended status: Standards Track May 27, 2010 5 Expires: November 28, 2010 7 A Dedicated Routing Policy Specification Language Interface Identifier 8 for Operational Testing 9 draft-haberman-rpsl-reachable-test-04 11 Abstract 13 The deployment of new IP connectivity typically results in 14 intermittent reachability for numerous reasons which are outside the 15 scope of this document. In order to aid in the debugging of these 16 persistent problems, this document proposes the creation of a new 17 Routing Policy Specification Language attribute that allows a network 18 to advertise an IP address which is reachable and can be used as a 19 target for diagnostic tests (e.g., pings). 21 Status of this Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on November 28, 2010. 38 Copyright Notice 40 Copyright (c) 2010 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. RPSL Extension for Diagnostic Address . . . . . . . . . . . . . 3 57 3. Using the RPSL Pingable Attribute . . . . . . . . . . . . . . . 4 58 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 59 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 60 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 61 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 7.1. Normative References . . . . . . . . . . . . . . . . . . . 5 63 7.2. Informative References . . . . . . . . . . . . . . . . . . 5 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 The deployment of new IP connectivity typically results in 69 intermittent reachability for numerous reasons which are outside the 70 scope of this document. In order to aid in the debugging of these 71 persistent problems, this document proposes the creation of a new 72 Routing Policy Specification Language attribute [RFC4012] that allows 73 a network to advertise an IP address which is reachable and can be 74 used as a target for diagnostic tests (e.g., pings). 76 The goal of this diagnostic address is to provide operators a means 77 to advertise selected hosts that can be targets of tests for such 78 common issues as reachability and Path MTU discovery. 80 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 81 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 82 "OPTIONAL" in this document are to be interpreted as described in 83 [RFC2119]. 85 2. RPSL Extension for Diagnostic Address 87 Network operators wishing to provide a diagnostic address for its 88 peers, customers, etc. MAY advertise its existence via the Routing 89 Policy Specification Language [RFC4012] [RFC2622]. The pingable 90 attribute is a member of the route and route6 objects in the RPSL. 91 The definition of the pingable attribute is shown in Figure 1. 93 +-----------+-------------------+--------------+ 94 | Attribute | Value | Type | 95 +-----------+-------------------+--------------+ 96 | pingable | or | optional, | 97 | | | multi-valued | 98 +-----------+-------------------+--------------+ 99 | ping-hdl | | optional, | 100 | | | multi-valued | 101 +-----------+-------------------+--------------+ 103 Figure 1: pingable attribute specification 105 The exact definitions of and can be found 106 in [RFC2622], while the definition of is in [RFC4012]. 108 The pingable attribute allows a network operator to advertise an IP 109 address of a node which should be reachable from outside networks. 110 This node can be used as a destination address for diagnostic tests. 111 The address specified MUST fall within the IP address range 112 advertised in the route/route6 object containing the pingable 113 attribute. The ping-hdl provides a link to contact information for 114 an entity capable of responding to queries concerning the specified 115 IP address. An example of using the pingable attribute is shown in 116 Figure 2. 118 route6: 2001:DB8::/32 119 origin: AS64500 120 pingable: 2001:DB8::DEAD:BEEF 121 ping-hdl: OPS4-RIPE 123 Figure 2: pingable attribute example 125 3. Using the RPSL Pingable Attribute 127 The presence of one or more pingable attributes signals to network 128 operators that the operator of the target network is providing the 129 address(es) for external diagnostic testing. Tests involving the 130 advertised address(es) SHOULD be rate limited to no more than ten 131 probes in a five minute window unless prior arrangements are made 132 with the maintainer of the attribute. 134 4. IANA Considerations 136 None. 138 5. Security Considerations 140 The use of routing registries based on RPSL requires a significant 141 level of security. In-depth discussion of the authentication and 142 authorization capabilities and weaknesses within RPSL is discussed in 143 [RFC2725]. The application of authentication in RPSL is key 144 considering the vulnerabilities that may arise from the abuse of the 145 pingable attribute by nefarious actors. Additional RPSL security 146 issues are discussed in the Security Considerations sections of 147 [RFC2622] and [RFC4012]. 149 The publication of this attribute only explicitly signals the 150 availability of an ICMP Echo Request/Echo Response service on the 151 specified IP address. The operator, at his/her discretion, MAY 152 deploy other services at the same IP address. These services may be 153 impacted by the ping service given its publicity via the RPSL. 155 While this document specifies that external users of the pingable 156 attribute rate limit their probes, there is no guarantee that they 157 will do so. Operators publicizing a pingable attribute are 158 encouraged to deploy their own rate limiting for the advertised IP 159 address in order to reduce the risk of a denial-of-service attack. 160 Services, protocols, and ports on the advertised IP address should be 161 filtered if they are not intended for external users. 163 6. Acknowledgements 165 Randy Bush and David Farmer provided the original concept for the 166 pingable attribute and useful comments on preliminary versions of 167 this draft. Joe Abley provided comments that justified moving the 168 attribute to the route/route6 object and the inclusion of a point of 169 contact. Larry Blunk, Tony Tauber, David Harrington, Nicolas 170 Williams, Sean Turner, and Peter Saint-Andre provided useful comments 171 to improve the document. 173 7. References 175 7.1. Normative References 177 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 178 Requirement Levels", BCP 14, RFC 2119, March 1997. 180 [RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., 181 Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra, 182 "Routing Policy Specification Language (RPSL)", RFC 2622, 183 June 1999. 185 [RFC2725] Villamizar, C., Alaettinoglu, C., Meyer, D., and S. 186 Murphy, "Routing Policy System Security", RFC 2725, 187 December 1999. 189 [RFC4012] Blunk, L., Damas, J., Parent, F., and A. Robachevsky, 190 "Routing Policy Specification Language next generation 191 (RPSLng)", RFC 4012, March 2005. 193 7.2. Informative References 194 Author's Address 196 Brian Haberman (editor) 197 Johns Hopkins University Applied Physics Lab 198 11100 Johns Hopkins Road 199 Laurel, MD 20723-6099 200 US 202 Phone: +1 443 778 1319 203 Email: brian@innovationslab.net