idnits 2.17.1 draft-ietf-idr-rfc3065bis-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 326 has weird spacing: '... system withi...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 2004) is 7285 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC 2119' on line 37 == Unused Reference: '8' is defined on line 455, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1771 (ref. '1') (Obsoleted by RFC 4271) -- Possible downref: Non-RFC (?) normative reference: ref. '2' ** Obsolete normative reference: RFC 1863 (ref. '3') (Obsoleted by RFC 4223) ** Obsolete normative reference: RFC 1965 (ref. '4') (Obsoleted by RFC 3065) ** Obsolete normative reference: RFC 3065 (ref. '5') (Obsoleted by RFC 5065) ** Obsolete normative reference: RFC 2796 (ref. '6') (Obsoleted by RFC 4456) ** Obsolete normative reference: RFC 2385 (ref. '7') (Obsoleted by RFC 5925) ** Downref: Normative reference to an Informational RFC: RFC 3345 (ref. '9') Summary: 10 errors (**), 0 flaws (~~), 5 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Paul Traina 4 Danny McPherson 5 Arbor Networks 6 John Scudder 7 Cisco Systems 8 Expires: November 2004 May 2004 10 Autonomous System Confederations for BGP 11 13 Status of this Document 15 This document is an Internet-Draft and is in full conformance with 16 all provisions of Section 10 of RFC2026. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 The key words "MUST"", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 35 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 36 document are to be interpreted as described in RFC 2119 [RFC 2119]. 38 This document is a product of the . Comments should be addressed to 39 the authors, or the mailing list at 41 Copyright Notice 43 Copyright (C) The Internet Society (2004). All Rights Reserved. 45 Abstract 47 The Border Gateway Protocol (BGP) is an inter-autonomous system 48 routing protocol designed for Transmission Control Protocol/Internet 49 Protocol (TCP/IP) networks. BGP requires that all BGP speakers 50 within a single autonomous system (AS) must be fully meshed. This 51 represents a serious scaling problem that has been well documented in 52 a number of proposals. 54 This document describes an extension to BGP which may be used to 55 create a confederation of autonomous systems that is represented as a 56 single autonomous system to BGP peers external to the confederation, 57 thereby removing the "full mesh" requirement. The intention of this 58 extension is to aid in policy administration and reduce the 59 management complexity of maintaining a large autonomous system. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 4. AS_CONFED Segement Type Extension. . . . . . . . . . . . . . . 6 67 5. Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . 6 68 5.1. AS_PATH Modification Rules. . . . . . . . . . . . . . . . . 7 69 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . . 8 70 7. Common Administration Issues . . . . . . . . . . . . . . . . . 9 71 7.1. MED and LOCAL_PREF Handling . . . . . . . . . . . . . . . . 9 72 7.2. AS_PATH and Path Selection. . . . . . . . . . . . . . . . . 9 73 8. Compatability Considerations . . . . . . . . . . . . . . . . . 10 74 9. Deployment Considerations. . . . . . . . . . . . . . . . . . . 10 75 10. Intellectual Property . . . . . . . . . . . . . . . . . . . . 11 76 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 77 12. Security Considerations . . . . . . . . . . . . . . . . . . . 12 78 13. References. . . . . . . . . . . . . . . . . . . . . . . . . . 13 79 14. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 14 80 15. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 14 82 1. Introduction 84 As currently defined, BGP requires that all BGP speakers within a 85 single AS must be fully meshed. The result is that for n BGP 86 speakers within an AS n*(n-1)/2 unique IBGP sessions are required. 87 This "full mesh" requirement clearly does not scale when there are a 88 large number of IBGP speakers within the autonomous system, as is 89 common in many networks today. 91 This scaling problem has been well documented and a number of 92 proposals have been made to alleviate this [3,6]. This document 93 presents another alternative alleviating the need for a "full mesh" 94 and is known as "Autonomous System Confederations for BGP", or 95 simply, "BGP Confederations". It has also been observed that BGP 96 Confederations may provide improvements in routing policy control. 98 This document is a revision of RFC 3065 [5], which is itself a 99 revision to RFC 1965 [4]. It includes editorial changes, terminology 100 clarifications and more explicit protocol specifications based on 101 deployment experience with BGP Confederations. These revisions are 102 summarized in Appendices A and B. 104 2. Terminology 106 AS Confederation 108 A collection of autonomous systems represented and advertised 109 as a single AS number to BGP speakers that are not members of 110 the local BGP confederation. 112 AS Confederation Identifier 114 An externally visible autonomous system number that identifies 115 a BGP confederation as a whole. 117 Member Autonomous System (Member-AS) 119 An autonomous system that is contained in a given AS 120 confederation. Note that "Member Autonomous System" and 121 "Member-AS" are used entirely interchangeably throughout 122 this document. 124 Member-AS Number 125 An autonomous system number identifier visible only within 126 a BGP confederation, and used to represent a Member-AS 127 within that confederation. 129 3. Discussion 131 It may be useful to subdivide autonomous systems with a very large 132 number of BGP speakers into smaller domains for purposes of 133 controlling routing policy via information contained in the BGP 134 AS_PATH attribute. For example, one may choose to consider all BGP 135 speakers in a geographic region as a single entity. 137 In addition to potential improvements in routing policy control, if 138 techniques such as those presented here or in [6] are not employed, 139 [1] requires BGP speakers in the same autonomous system to establish 140 a full mesh of TCP connections among all speakers for the purpose of 141 exchanging exterior routing information. In autonomous systems the 142 number of intra-domain connections that need to be maintained by each 143 border router can become significant. 145 Subdividing a large autonomous system allows a significant reduction 146 in the total number of intra-domain BGP connections, as the 147 connectivity requirements simplify to the model used for inter-domain 148 connections. 150 Unfortunately, subdividing an autonomous system may increase the 151 complexity of routing policy based on AS_PATH information for all 152 members of the Internet. Additionally, this division increases the 153 maintenance overhead of coordinating external peering when the 154 internal topology of this collection of autonomous systems is 155 modified. 157 Therefore, division of an autonomous system into separate systems may 158 adversely affect optimal routing of packets through the Internet. 160 However, there is usually no need to expose the internal topology of 161 this divided autonomous system, which means it is possible to regard 162 a collection of autonomous systems under a common administration as a 163 single entity or autonomous system, when viewed from outside the 164 confines of the confederation of autonomous systems itself. 166 4. AS_CONFED Segement Type Extension 168 Currently, BGP specifies that the AS_PATH attribute is a well-known 169 mandatory attribute that is composed of a sequence of AS path 170 segments. Each AS path segment is represented by a triple . 173 In [1], the path segment type is a 1-octet long field with the two 174 following values defined: 176 Value Segment Type 178 1 AS_SET: unordered set of autonomous systems a route in 179 the UPDATE message has traversed 181 2 AS_SEQUENCE: ordered set of autonomous systems a route 182 in the UPDATE message has traversed 184 This document specifies two additional segment types: 186 3 AS_CONFED_SEQUENCE: ordered set of Member Autonomous 187 Systems in the local confederation that the UPDATE message 188 has traversed 190 4 AS_CONFED_SET: unordered set of Member Autonomous Systems 191 in the local confederation that the UPDATE message has 192 traversed 194 5. Operation 196 A member of a BGP confederation MUST use its AS Confederation 197 Identifier in all transactions with peers that are not members of its 198 confederation. This AS confederation identifier is the "externally 199 visible" AS number and this number is used in OPEN messages and 200 advertised in the AS_PATH attribute. 202 A member of a BGP confederation MUST use its Member-AS Number in all 203 transactions with peers that are members of the same confederation as 204 the local BGP speaker. 206 A BGP speaker receiving an AS_PATH attribute containing an autonomous 207 system matching its own AS Confederation Identifier SHALL treat the 208 path in the same fashion as if it had received a path containing its 209 own AS number. 211 A BGP speaker receiving an AS_PATH attribute containing an 212 AS_CONFED_SEQUENCE or AS_CONFED_SET which contains its own Member-AS 213 Number SHALL treat the path in the same fashion as if it had received 214 a path containing its own AS number. 216 5.1. AS_PATH Modification Rules 218 When implementing BGP Confederations Section 5.1.2 of [1] is replaced 219 with the following text: 221 When a BGP speaker propagates a route which it has learned from 222 another BGP speaker's UPDATE message, it SHALL modify the route's 223 AS_PATH attribute based on the location of the BGP speaker to which 224 the route will be sent: 226 a) When a given BGP speaker advertises the route to another BGP 227 speaker located in its own autonomous system, the advertising 228 speaker SHALL modify the AS_PATH attribute associated with the 229 route. 231 b) When a given BGP speaker advertises the route to a BGP speaker 232 located in a neighboring autonomous system that is a member of 233 the local confederation, the advertising speaker SHALL update 234 the AS_PATH attribute as follows: 236 1) if the first path segment of the AS_PATH is of type 237 AS_CONFED_SEQUENCE, the local system SHALL prepend its own 238 Member-AS Number as the last element of the sequence (put 239 it in the leftmost position). 241 2) if the first path segment of the AS_PATH is not of type 242 AS_CONFED_SEQUENCE the local system SHALL prepend a new path 243 segment of type AS_CONFED_SEQUENCE to the AS_PATH, including 244 its own Member-AS Number in that segment. 246 c) When a given BGP speaker advertises the route to a BGP speaker 247 located in a neighboring autonomous system that is not a member of 248 the local confederation, the advertising speaker SHALL update the 249 AS_PATH attribute as follows: 251 1) if any path segments of the AS_PATH are of the type 252 AS_CONFED_SEQUENCE or AS_CONFED_SET, those segments MUST 253 be removed from the AS_PATH attribute, leaving the sanitized 254 AS_PATH attribute to be operated on by steps 2 or 3. 256 2) if the first path segment of the remaining AS_PATH is of type 257 AS_SEQUENCE, the local system SHALL prepend its own 258 AS Confederation Identifier as the last element of the sequence 259 (put it in the leftmost position). 261 3) if there are no path segments following the removal of the 262 first AS_CONFED_SET/AS_CONFED_SEQUENCE segments, or if the 263 first path segment of the remaining AS_PATH is not of type 264 AS_SEQUENCE the local system SHALL prepend a new path segment 265 of type AS_SEQUENCE to the AS_PATH, including its own AS 266 Confederation Identifier in that segment. 268 When a BGP speaker originates a route: 270 a) the originating speaker SHALL include an empty AS_PATH attribute 271 in all UPDATE messages sent to BGP speakers residing within the 272 same Member-AS. (An empty AS_PATH attribute is one whose length 273 field contains the value zero). 275 b) the originating speaker SHALL include its own Member-AS Number in 276 an AS_CONFED_SEQUENCE segment of the AS_PATH attribute of all 277 UPDATE messages sent to BGP speakers located in neighboring 278 Member Autonomous Systems that are members of the local 279 confederation (i.e., the originating speaker's Member-AS Number 280 will be the only entry in the AS_PATH attribute). 282 c) the originating speaker SHALL include its own AS Confederation 283 Identifier in an AS_SEQUENCE segment of the AS_PATH attribute of 284 all UPDATE messages sent to BGP speakers located in neighboring 285 autonomous systems that are not members of the local 286 confederation. (In this case, the originating speaker's AS 287 Confederation Identifier will be the only entry in the AS_PATH 288 attribute). 290 6. Error Handling 292 A BGP speaker MUST NOT transmit updates containing AS_CONFED_SET or 293 AS_CONFED_SEQUENCE attributes to peers that are not members of the 294 local confederation. 296 It is an error for a BGP speaker to receive an update message with an 297 AS_PATH attribute which contains AS_CONFED_SEQUENCE or AS_CONFED_SET 298 segments from a neighbor which is not located in the same 299 confederation. If a BGP speaker receives such an update message, it 300 SHALL treat the message as having a malformed AS_PATH according to 301 the procedures of [1] Section 6.3 ("UPDATE message error handling"). 303 It is a error for a BGP speaker to receive an update message from a 304 confederation peer which does not have AS_CONFED_SEQUENCE as the 305 first segment. If a BGP speaker receives such an update message, it 306 SHALL treat the message as having a malformed AS_PATH according to 307 the procedures of [1] Section 6.3 ("Update message error handling"). 309 7. Common Administration Issues 311 It is reasonable for Member Autonomous Systems of a confederation to 312 share a common administration and IGP information for the entire 313 confederation. 315 7.1. MED and LOCAL_PREF Handling 317 It SHALL be legal for a BGP speaker to advertise an unchanged 318 NEXT_HOP and MULTI_EXIT_DISC (MED) attribute to peers in a 319 neighboring Member-AS of the local confederation. 321 An implementation MAY compare MEDs received from a Member-AS via 322 multiple paths. An implementation MAY compare MEDs from different 323 Member Autonomous Systems of the same confederation. 325 In addition, the restriction against sending the LOCAL_PREF attribute 326 to peers in a neighboring autonomous system within the same 327 confederation is removed. 329 7.2. AS_PATH and Path Selection 331 Path selection criteria for information received from members inside 332 a confederation MUST follow the same rules used for information 333 received from members inside the same autonomous system, as specified 334 in [1]. 336 In addition, the following rules SHALL be applied: 338 1) If the AS_PATH is internal to the local confederation (i.e., there 339 are only AS_CONFED_* segments) consider the neighbor AS to be the 340 local AS. 342 2) Otherwise, if the first segment in the path which is not an 343 AS_CONFED_SEQUENCE or AS_CONFED_SET is an AS_SEQUENCE, consider 344 the neighbor AS to be the leftmost AS_SEQUENCE AS. 346 8. Compatability Considerations 348 All BGP speakers participating as member of a confederation MUST 349 recognize the AS_CONFED_SET and AS_CONFED_SEQUENCE segment type 350 extensions to the AS_PATH attribute. 352 Any BGP speaker not supporting these extensions will generate a 353 NOTIFICATION message specifying an "UPDATE Message Error" and a sub- 354 code of "Malformed AS_PATH". 356 This compatibility issue implies that all BGP speakers participating 357 in a confederation MUST support BGP confederations. However, BGP 358 speakers outside the confederation need not support these extensions. 360 9. Deployment Considerations 362 BGP confederations have been widely deployed throughout the Internet 363 for a number of years and are supported by multiple vendors. 365 Improper configuration of BGP confederations can cause routing 366 information within an AS to be duplicated unnecessarily. This 367 duplication of information will waste system resources, cause 368 unnecessary route flaps, and delay convergence. 370 Care should be taken to manually filter duplicate advertisements 371 caused by reachability information being relayed through multiple 372 Member Autonomous Systems based upon the topology and redundancy 373 requirements of the confederation. 375 Additionally, confederations (as well as route reflectors), by 376 excluding different reachability information from consideration at 377 different locations in a confederation, have been shown [9] to cause 378 permanent oscillation between candidate routes when using the tie 379 breaking rules required by BGP [1]. Care must be taken when 380 selecting MED values and tie breaking policy to avoid these 381 situations. 383 One potential way to avoid this is by configuring inter-Member-AS IGP 384 metrics higher than intra-Member-AS IGP metrics and/or using other 385 tie breaking policies to avoid BGP route selection based on 386 incomparable MEDs. 388 10. Intellectual Property 390 The IETF takes no position regarding the validity or scope of any 391 intellectual property or other rights that might be claimed to 392 pertain to the implementation or use of the technology described in 393 this document or the extent to which any license under such rights 394 might or might not be available; neither does it represent that it 395 has made any effort to identify any such rights. Information on the 396 IETF's procedures with respect to rights in standards-track and 397 standards-related documentation can be found in BCP-11. Copies of 398 claims of rights made available for publication and any assurances of 399 licenses to be made available, or the result of an attempt made to 400 obtain a general license or permission for the use of such 401 proprietary rights by implementors or users of this specification can 402 be obtained from the IETF Secretariat. 404 The IETF invites any interested party to bring to its attention any 405 copyrights, patents or patent applications, or other proprietary 406 rights which may cover technology that may be required to practice 407 this standard. Please address the information to the IETF Executive 408 Director. 410 11. Acknowledgments 412 The general concept of BGP confederations was taken from IDRP's 413 Routing Domain Confederations [2]. Some of the introductory text in 414 this document was taken from [6]. 416 The authors would like to acknowledge Bruce Cole for his 417 implementation feedback and extensive analysis of the limitations of 418 the protocol extensions described in this document and [5]. We would 419 also like to acknowledge Srihari Ramachandra, Alex Zinin, Naresh 420 Kumar Paliwal, Jeffrey Haas and Bruno Rijsman for their feedback and 421 suggestions. 423 Finally, we'd like to acknowledge Ravi Chandra and Yakov Rekhter for 424 providing constructive and valuable feedback on earlier versions of 425 this specification. 427 12. Security Considerations 429 This extension to BGP does not change the underlying security issues 430 inherent in the existing BGP, such as those defined in [7]. 432 13. References 434 [1] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 435 1771, March 1995. 437 [2] Kunzinger, C., Editor, "Inter-Domain Routing Protocol", ISO/IEC 438 10747, October 1993. 440 [3] Haskin, D., "A BGP/IDRP Route Server alternative to a full mesh 441 routing", RFC 1863, October 1995. 443 [4] Traina, P. "Autonomous System Confederations for BGP", RFC 1965, 444 June 1996. 446 [5] Traina, P., McPherson, D. and Scudder, J., "Autonomous System 447 Confederations for BGP", RFC 3065, February 2001. 449 [6] Bates, T., Chandra, R. and E. Chen, "BGP Route Reflection An 450 Alternative to Full Mesh IBGP", RFC 2796, April 2000. 452 [7] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 453 Signature Option", RFC 2385, August 1998. 455 [8] Bradner, S., "Key words for use in RFCs to Indicate Requirement 456 Levels", RFC 2119, March 1997. 458 [9] McPherson, D., Gill, V., Walton, D., Retana, A., "Border Gateway 459 Protocol (BGP) Persistent Route Oscillation Condition", RFC 3345, 460 August 2002. 462 14. Authors' Addresses 464 Paul Traina 465 EMail: pst+confed@spamcatcher.bogus.com 467 Danny McPherson 468 Arbor Networks 469 EMail: danny@arbor.net 471 John G. Scudder 472 Cisco Systems, Inc. 473 170 West Tasman Drive 474 San Jose, CA 95134 475 Phone: +1 734.302.4128 476 EMail: jgs@cisco.com 478 15. Full Copyright Statement 480 Copyright (C) The Internet Society (2004). All Rights Reserved. 482 This document and translations of it may be copied and furnished to 483 others, and derivative works that comment on or otherwise explain it 484 or assist in its implementation may be prepared, copied, published 485 and distributed, in whole or in part, without restriction of any 486 kind, provided that the above copyright notice and this paragraph are 487 included on all such copies and derivative works. However, this 488 document itself may not be modified in any way, such as by removing 489 the copyright notice or references to the Internet Society or other 490 Internet organizations, except as needed for the purpose of 491 developing Internet standards in which case the procedures for 492 copyrights defined in the Internet Standards process must be 493 followed, or as required to translate it into languages other than 494 English. 496 The limited permissions granted above are perpetual and will not be 497 revoked by the Internet Society or its successors or assigns. 499 This document and the information contained herein is provided on an 500 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 501 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 502 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 503 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 504 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.