idnits 2.17.1 draft-ietf-grow-bmp-adj-rib-out-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC7854, but the abstract doesn't seem to directly say this. It does mention RFC7854 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (June 23, 2019) is 1769 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 393 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Global Routing Operations T. Evens 3 Internet-Draft S. Bayraktar 4 Updates: 7854 (if approved) Cisco Systems 5 Intended status: Standards Track P. Lucente 6 Expires: December 25, 2019 NTT Communications 7 P. Mi 8 Tencent 9 S. Zhuang 10 Huawei 11 June 23, 2019 13 Support for Adj-RIB-Out in BGP Monitoring Protocol (BMP) 14 draft-ietf-grow-bmp-adj-rib-out-06 16 Abstract 18 The BGP Monitoring Protocol (BMP) defines access to only the Adj-RIB- 19 In Routing Information Bases (RIBs). This document updates the BGP 20 Monitoring Protocol (BMP) RFC 7854 by adding access to the Adj-RIB- 21 Out RIBs. It adds a new flag to the peer header to distinguish Adj- 22 RIB-In and Adj-RIB-Out. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on December 25, 2019. 41 Copyright Notice 43 Copyright (c) 2019 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 4. Per-Peer Header . . . . . . . . . . . . . . . . . . . . . . . 4 62 5. Adj-RIB-Out . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 5.1. Post-Policy . . . . . . . . . . . . . . . . . . . . . . . 4 64 5.2. Pre-Policy . . . . . . . . . . . . . . . . . . . . . . . 5 65 6. BMP Messages . . . . . . . . . . . . . . . . . . . . . . . . 5 66 6.1. Route Monitoring and Route Mirroring . . . . . . . . . . 5 67 6.2. Statistics Report . . . . . . . . . . . . . . . . . . . . 5 68 6.3. Peer Down and Up Notifications . . . . . . . . . . . . . 6 69 6.3.1. Peer Up Information . . . . . . . . . . . . . . . . . 6 70 7. Other Considerations . . . . . . . . . . . . . . . . . . . . 6 71 7.1. Peer and Update Groups . . . . . . . . . . . . . . . . . 7 72 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 73 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 74 9.1. BMP Peer Flags . . . . . . . . . . . . . . . . . . . . . 7 75 9.2. BMP Statistics Types . . . . . . . . . . . . . . . . . . 8 76 9.3. Peer Up Information TLV . . . . . . . . . . . . . . . . . 8 77 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 78 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 79 10.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 9 80 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9 81 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 9 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 84 1. Introduction 86 BGP Monitoring Protocol (BMP) defines monitoring of the received 87 (e.g., Adj-RIB-In) Routing Information Bases (RIBs) per peer. The 88 Adj-RIB-In pre-policy conveys to a BMP receiver all RIB data before 89 any policy has been applied. The Adj-RIB-In post-policy conveys to a 90 BMP receiver all RIB data after policy filters and/or modifications 91 have been applied. An example of pre-policy verses post-policy is 92 when an inbound policy applies attribute modification or filters. 93 Pre-policy would contain information prior to the inbound policy 94 changes or filters of data. Post policy would convey the changed 95 data or would not contain the filtered data. 97 Monitoring the received updates that the router received before any 98 policy has been applied is the primary level of monitoring for most 99 use-cases. Inbound policy validation and auditing is the primary 100 use-case for enabling post-policy monitoring. 102 In order for a BMP receiver to receive any BGP data, the BMP sender 103 (e.g., router) needs to have an established BGP peering session and 104 actively be receiving updates for an Adj-RIB-In. 106 Being able to only monitor the Adj-RIB-In puts a restriction on what 107 data is available to BMP receivers via BMP senders (e.g., routers). 108 This is an issue when the receiving end of the BGP peer is not 109 enabled for BMP or when it is not accessible for administrative 110 reasons. For example, a service provider advertises prefixes to a 111 customer, but the service provider cannot see what it advertises via 112 BMP. Asking the customer to enable BMP and monitoring of the Adj- 113 RIB-In is not feasible. 115 BGP Monitoring Protocol (BMP) RFC 7854 [RFC7854] only defines Adj- 116 RIB-In being sent to BMP receivers. This document updates section 117 4.2 [RFC7854] per-peer header by adding a new flag to distinguish 118 Adj-RIB-In verses Adj-RIB-Out. BMP senders use the new flag to send 119 either Adj-RIB-In or Adj-RIB-Out. 121 Adding Adj-RIB-Out provides the ability for a BMP sender to send to 122 BMP receivers what it advertises to BGP peers, which can be used for 123 outbound policy validation and to monitor routes that were 124 advertised. 126 2. Terminology 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 130 "OPTIONAL" in this document are to be interpreted as described in BCP 131 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when, they 132 appear in all capitals, as shown here. 134 3. Definitions 136 o Adj-RIB-Out: As defined in [RFC4271], "The Adj-RIBs-Out contains 137 the routes for advertisement to specific peers by means of the 138 local speaker's UPDATE messages." 140 o Pre-Policy Adj-RIB-Out: The result before applying the outbound 141 policy to an Adj-RIB-Out. This normally would match what is in the 142 local RIB. 144 o Post-Policy Adj-RIB-Out: The result of applying outbound policy to 145 an Adj-RIB-Out. This MUST be what is actually sent to the peer. 147 4. Per-Peer Header 149 The per-peer header has the same structure and flags as defined in 150 section 4.2 [RFC7854] with the following O flag addition: 152 0 1 2 3 4 5 6 7 153 +-+-+-+-+-+-+-+-+ 154 |V|L|A|O| Resv | 155 +-+-+-+-+-+-+-+-+ 157 o The O flag indicates Adj-RIB-In if set to 0 and Adj-RIB-Out if set 158 to 1. 160 The existing flags are defined in section 4.2 [RFC7854] and the 161 remaining bits are reserved for future use. They SHOULD be 162 transmitted as 0 and their values MUST be ignored on receipt. 164 The following fields in the Per-Peer Header are redefined: 166 o Peer Address: The remote IP address associated with the TCP 167 session over which the encapsulated PDU is sent. 169 o Peer AS: The Autonomous System number of the peer from which the 170 encapsulated PDU was sent. 172 o Peer BGP ID: The BGP Identifier of the peer from which the 173 encapsulated PDU was sent. 175 o Timestamp: The time when the encapsulated routes were advertised 176 (one may also think of this as the time when they were installed 177 in the Adj-RIB-Out), expressed in seconds and microseconds since 178 midnight (zero hour), January 1, 1970 (UTC). If zero, the time is 179 unavailable. Precision of the timestamp is implementation- 180 dependent. 182 5. Adj-RIB-Out 184 5.1. Post-Policy 186 The primary use-case in monitoring Adj-RIB-Out is to monitor the 187 updates transmitted to a BGP peer after outbound policy has been 188 applied. These updates reflect the result after modifications and 189 filters have been applied (e.g., Adj-RIB-Out Post-Policy). Some 190 attributes are set when the BGP message is transmitted, such as next- 191 hop. Adj-RIB-Out Post-Policy MUST convey what is actually 192 transmitted to the peer, next-hop and any attributes set during 193 transmission should also be set and transmitted to the BMP receiver. 195 The L flag MUST be set to 1 to indicate post-policy. 197 5.2. Pre-Policy 199 Similarly to Adj-RIB-In policy validation, pre-policy Adj-RIB-Out can 200 be used to validate and audit outbound policies. For example, a 201 comparison between pre-policy and post-policy can be used to validate 202 the outbound policy. 204 Depending on BGP peering session type (IBGP, IBGP route reflector 205 client, EBGP, BGP confederations, Route Server Client) the candidate 206 routes that make up the Pre-Policy Adj-RIB-Out do not contain all 207 local-rib routes. Pre-Policy Adj-RIB-Out conveys only routes that 208 are available based on the peering type. Post-Policy represents the 209 filtered/changed routes from the available routes. 211 Some attributes are set only during transmission of the BGP message, 212 i.e., Post-Policy. It is common that next-hop may be null, loopback, 213 or similar during this phase. All mandatory attributes, such as 214 next-hop, MUST be either ZERO or have an empty length if they are 215 unknown at the Pre-Policy phase completion. The BMP receiver will 216 treat zero or empty mandatory attributes as self-originated. 218 The L flag MUST be set to 0 to indicate pre-policy. 220 6. BMP Messages 222 Many BMP messages have a per-peer header but some are not applicable 223 to Adj-RIB-In or Adj-RIB-Out monitoring, such as peer up and down 224 notifications. Unless otherwise defined, the O flag should be set to 225 0 in the per-peer header in BMP messages. 227 6.1. Route Monitoring and Route Mirroring 229 The O flag MUST be set accordingly to indicate if the route monitor 230 or route mirroring message conveys Adj-RIB-In or Adj-RIB-Out. 232 6.2. Statistics Report 234 The Statistics report message has a Stat Type field to indicate the 235 statistic carried in the Stat Data field. Statistics report messages 236 are not specific to Adj-RIB-In or Adj-RIB-Out and MUST have the O 237 flag set to zero. The O flag SHOULD be ignored by the BMP receiver. 239 The following new statistic types are added: 241 o Stat Type = 14: (64-bit Gauge) Number of routes in Adj-RIBs-Out 242 Pre-Policy. 244 o Stat Type = 15: (64-bit Gauge) Number of routes in Adj-RIBs-Out 245 Post-Policy. 247 o Stat Type = 16: Number of routes in per-AFI/SAFI Adj-RIB-Out Pre- 248 Policy. The value is structured as: 2-byte Address Family 249 Identifier (AFI), 1-byte Subsequent Address Family Identifier 250 (SAFI), followed by a 64-bit Gauge. 252 o Stat Type = 17: Number of routes in per-AFI/SAFI Adj-RIB-Out Post- 253 Policy. The value is structured as: 2-byte Address Family 254 Identifier (AFI), 1-byte Subsequent Address Family Identifier 255 (SAFI), followed by a 64-bit Gauge. 257 6.3. Peer Down and Up Notifications 259 Peer Up and Down notifications convey BGP peering session state to 260 BMP receivers. The state is independent of whether or not route 261 monitoring or route mirroring messages will be sent for Adj-RIB-In, 262 Adj-RIB-Out, or both. BMP receiver implementations SHOULD ignore the 263 O flag in Peer Up and Down notifications. BMP receiver 264 implementations MUST use the per-peer header O flag in route 265 monitoring and mirroring messages to identify if the message is for 266 Adj-RIB-In or Adj-RIB-Out. 268 6.3.1. Peer Up Information 270 The following Peer Up message Information TLV type is added: 272 o Type = 4: Admin Label. The Information field contains a free-form 273 UTF-8 string whose length is given by the Information Length 274 field. The value is administratively assigned. There is no 275 requirement to terminate the string with null or any other 276 character. 278 Multiple admin labels can be included in the Peer Up notification. 279 When multiple admin labels are included the BMP receiver MUST 280 preserve their order. 282 The TLV is optional. 284 7. Other Considerations 285 7.1. Peer and Update Groups 287 Peer and update groups are used to group updates shared by many 288 peers. This is a level of efficiency in implementations, not a true 289 representation of what is conveyed to a peer in either Pre-Policy or 290 Post-Policy. 292 One of the use-cases to monitor Adj-RIB-Out Post-Policy is to 293 validate and continually ensure the egress updates match what is 294 expected. For example, wholesale peers should never have routes with 295 community X:Y sent to them. In this use-case, there may be hundreds 296 of wholesale peers but a single peer could have represented the 297 group. 299 From a BMP perspective, this should be simple to include a group name 300 in the Peer Up, but it is more complex than that. BGP 301 implementations have evolved to provide comprehensive and structured 302 policy grouping, such as session, AFI/SAFI, and template-based based 303 group policy inheritances. 305 This level of structure and inheritance of polices does not provide a 306 simple peer group name or ID, such as wholesale peer. 308 Instead of requiring a group name to be used, a new administrative 309 label informational TLV (Section 6.3.1) is added to the Peer Up 310 message. These labels have administrative scope relevance. For 311 example, labels "type=wholesale" and "region=west" could be used to 312 monitor expected policies. 314 Configuration and assignment of labels to peers is BGP implementation 315 specific. 317 8. Security Considerations 319 It is not believed that this document adds any additional security 320 considerations. 322 9. IANA Considerations 324 This document requests that IANA assign the following new parameters 325 to the BMP parameters name space [1]. 327 9.1. BMP Peer Flags 329 This document defines the following per-peer header flags 330 (Section 4): 332 o Flag 3 as O flag: The O flag indicates Adj-RIB-In if set to 0 and 333 Adj-RIB-Out if set to 1. 335 9.2. BMP Statistics Types 337 This document defines four statistic types for statistics reporting 338 (Section 6.2): 340 o Stat Type = 14: (64-bit Gauge) Number of routes in Adj-RIBs-Out 341 Pre-Policy. 343 o Stat Type = 15: (64-bit Gauge) Number of routes in Adj-RIBs-Out 344 Post-Policy. 346 o Stat Type = 16: Number of routes in per-AFI/SAFI Adj-RIB-Out Pre- 347 Policy. The value is structured as: 2-byte Address Family 348 Identifier (AFI), 1-byte Subsequent Address Family Identifier 349 (SAFI), followed by a 64-bit Gauge. 351 o Stat Type = 17: Number of routes in per-AFI/SAFI Adj-RIB-Out Post- 352 Policy. The value is structured as: 2-byte Address Family 353 Identifier (AFI), 1-byte Subsequent Address Family Identifier 354 (SAFI), followed by a 64-bit Gauge. 356 9.3. Peer Up Information TLV 358 This document defines the following BMP Peer Up Information TLV types 359 (Section 6.3.1): 361 o Type = 4: Admin Label. The Information field contains a free-form 362 UTF-8 string whose length is given by the Information Length 363 field. The value is administratively given by the Information 364 Length field. The value is administratively assigned. There is 365 no requirement to terminate the string with null or any other 366 character. 368 10. References 370 10.1. Normative References 372 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 373 Requirement Levels", BCP 14, RFC 2119, 374 DOI 10.17487/RFC2119, March 1997, 375 . 377 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 378 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 379 DOI 10.17487/RFC4271, January 2006, 380 . 382 [RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP 383 Monitoring Protocol (BMP)", RFC 7854, 384 DOI 10.17487/RFC7854, June 2016, 385 . 387 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 388 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 389 May 2017, . 391 10.2. URIs 393 [1] https://www.iana.org/assignments/bmp-parameters/bmp- 394 parameters.xhtml 396 Acknowledgements 398 The authors would like to thank John Scudder and Mukul Srivastava for 399 their valuable input. 401 Contributors 403 Manish Bhardwaj 404 Cisco Systems 405 3700 Cisco Way 406 San Jose, CA 95134 407 USA 409 Email: manbhard@cisco.com 411 Xianyuzheng 412 Tencent 413 Tencent Building, Kejizhongyi Avenue, 414 Hi-techPark, Nanshan District,Shenzhen 518057, P.R.China 416 Weiguo 417 Tencent 418 Tencent Building, Kejizhongyi Avenue, 419 Hi-techPark, Nanshan District,Shenzhen 518057, P.R.China 421 Shugang cheng 422 H3C 424 Authors' Addresses 426 Tim Evens 427 Cisco Systems 428 2901 Third Avenue, Suite 600 429 Seattle, WA 98121 430 USA 432 Email: tievens@cisco.com 434 Serpil Bayraktar 435 Cisco Systems 436 3700 Cisco Way 437 San Jose, CA 95134 438 USA 440 Email: serpil@cisco.com 442 Paolo Lucente 443 NTT Communications 444 Siriusdreef 70-72 445 Hoofddorp, WT 2132 446 NL 448 Email: paolo@ntt.net 450 Penghui Mi 451 Tencent 452 Tengyun Building,Tower A ,No. 397 Tianlin Road 453 Shanghai 200233 454 China 456 Email: kevinmi@tencent.com 458 Shunwan Zhuang 459 Huawei 460 Huawei Bld., No.156 Beiqing Rd. 461 Beijing 100095 462 China 464 Email: zhuangshunwan@huawei.com