idnits 2.17.1 draft-ietf-idr-rfc8203bis-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4486, updated by this document, for RFC5378 checks: 2001-10-18) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 15, 2020) is 1471 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 8203 (Obsoleted by RFC 9003) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR J. Snijders 3 Internet-Draft NTT 4 Obsoletes: 8203 (if approved) J. Heitz 5 Updates: 4486 (if approved) Cisco 6 Intended status: Standards Track J. Scudder 7 Expires: October 17, 2020 Juniper 8 A. Azimov 9 Yandex 10 April 15, 2020 12 Extended BGP Administrative Shutdown Communication 13 draft-ietf-idr-rfc8203bis-06 15 Abstract 17 This document enhances the BGP Cease NOTIFICATION message 18 "Administrative Shutdown" and "Administrative Reset" subcodes for 19 operators to transmit a short freeform message to describe why a BGP 20 session was shutdown or reset. This document updates RFC 4486 and 21 obsoletes RFC 8203 by defining an Extended BGP Administrative 22 Shutdown Communication to improve communication using multibyte 23 character sets. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 29 "OPTIONAL" in this document are to be interpreted as described in BCP 30 14 [RFC2119] [RFC8174] when, and only when, they appear in all 31 capitals, as shown here. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on October 17, 2020. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Shutdown Communication . . . . . . . . . . . . . . . . . . . 2 69 3. Operational Considerations . . . . . . . . . . . . . . . . . 3 70 4. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 4 71 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 72 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 73 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 75 7.2. Informative References . . . . . . . . . . . . . . . . . 5 76 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 77 Appendix B. Changes to RFC 8203 . . . . . . . . . . . . . . . . 6 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 80 1. Introduction 82 It can be troublesome for an operator to correlate a BGP-4 [RFC4271] 83 session teardown in the network with a notice that was transmitted 84 via offline methods such email or telephone calls. This document 85 updates [RFC4486] by specifying a mechanism to transmit a short 86 freeform UTF-8 [RFC3629] message as part of a Cease NOTIFICATION 87 message [RFC4271] to inform the peer why the BGP session is being 88 shutdown or reset. This document obsoletes [RFC8203]; the specific 89 differences and rationale are discussed in detail in Appendix B. 91 2. Shutdown Communication 93 If a BGP speaker decides to terminate its session with a BGP 94 neighbor, and it sends a NOTIFICATION message with the Error Code 95 "Cease" and Error Subcode "Administrative Shutdown" or 96 "Administrative Reset" [RFC4486], it MAY include a UTF-8 encoded 97 string. The contents of the string are at the operator's discretion. 99 The Cease NOTIFICATION message with a Shutdown Communication is 100 encoded as below: 102 0 1 2 3 103 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 | Error code 6 | Subcode | Length | ... \ 106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / 107 \ \ 108 / ... Shutdown Communication ... / 109 \ \ 110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 Figure 1 114 Subcode: the Error Subcode value MUST be one of the following 115 values: 2 ("Administrative Shutdown") or 4 ("Administrative 116 Reset"). 118 Length: this 8-bit field represents the length of the Shutdown 119 Communication field in octets. When the length value is zero, no 120 Shutdown Communication field follows. 122 Shutdown Communication: to support international characters, the 123 Shutdown Communication field MUST be encoded using UTF-8. A 124 receiving BGP speaker MUST NOT interpret invalid UTF-8 sequences. 125 Note that when the Shutdown Communication contains multibyte 126 characters, the number of characters will be less than the length 127 value. This field is not NULL terminated. 129 Mechanisms concerning the reporting of information contained in the 130 Shutdown Communication are implementation specific but SHOULD include 131 methods such as Syslog [RFC5424]. 133 3. Operational Considerations 135 Operators are encouraged to use the Shutdown Communication to inform 136 their peers of the reason for the shutdown of the BGP session and 137 include out-of-band reference materials. An example of a useful 138 Shutdown Communication would be: 140 "[TICKET-1-1438367390] software upgrade; back in 2 hours" 142 "[TICKET-1-1438367390]" is a ticket reference with significance to 143 both the sender and receiver, followed by a brief human-readable 144 message regarding the reason for the BGP session shutdown followed by 145 an indication about the length of the maintenance. The receiver can 146 now use the string 'TICKET-1-1438367390' to search in their email 147 archive to find more details. 149 If a Shutdown Communication longer than 128 octets is sent to a BGP 150 speaker that implements [RFC8203], then that speaker will treat it as 151 an error, the consequence of which is a log message. For this 152 reason, operators would be wise to keep shutdown communications to 153 less than 128 octets when feasible. 155 There is no guarantee that the receiver supports either this 156 specification or [RFC8203], so any shutdown communication might not 157 be logged in an easily-readable form at all. Therefore, operators 158 would also be wise not to rely on shutdown communications as their 159 sole form of communication with their peer for important events. 161 4. Error Handling 163 If a Shutdown Communication with an invalid UTF-8 sequence is 164 received, a message indicating this event SHOULD be logged for the 165 attention of the operator. An erroneous or malformed Shutdown 166 Communication itself MAY be logged in a hexdump format. 168 5. IANA Considerations 170 Per this document, IANA is requested to reference this document at 171 subcode "Administrative Shutdown", and at subcode "Administrative 172 Reset" in the "BGP Cease NOTIFICATION message subcodes" registry 173 under the "Border Gateway Protocol (BGP) Parameters" group in 174 addition to [RFC4486] and [RFC8203]. 176 6. Security Considerations 178 This document uses UTF-8 encoding for the Shutdown Communication. 179 There are a number of security issues with Unicode. Implementers and 180 operators are advised to review Unicode Technical Report #36 [UTR36] 181 to learn about these issues. UTF-8 "Shortest Form" encoding is 182 REQUIRED to guard against the technical issues outlined in [UTR36]. 184 As BGP Shutdown Communications are likely to appear in syslog output, 185 there is a risk that carefully constructed Shutdown Communication 186 might be formatted by receiving systems in a way to make them appear 187 as additional syslog messages. The 255 octet length limit on the BGP 188 Shutdown Communication may help limit the ability to mount such an 189 attack. 191 Users of this mechanism should be aware that unless a transport that 192 provides integrity is used for the BGP session in question, a 193 Shutdown Communication message could be forged. Unless a transport 194 that provides confidentiality is used, a Shutdown Communication 195 message could be snooped by an attacker. These issues are common to 196 any BGP message but may be of greater interest in the context of this 197 proposal since the information carried in the message is generally 198 expected to be used for human-to-human communication. Refer to the 199 related considerations in [RFC4271] and [RFC4272]. 201 Users of this mechanism should consider applying data minimization 202 practices as outlined in Section 6.1 of [RFC6973] because a received 203 Shutdown Communication may be used at the receiver's discretion. 205 7. References 207 7.1. Normative References 209 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 210 Requirement Levels", BCP 14, RFC 2119, 211 DOI 10.17487/RFC2119, March 1997, 212 . 214 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 215 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 216 2003, . 218 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 219 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 220 DOI 10.17487/RFC4271, January 2006, 221 . 223 [RFC4486] Chen, E. and V. Gillet, "Subcodes for BGP Cease 224 Notification Message", RFC 4486, DOI 10.17487/RFC4486, 225 April 2006, . 227 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 228 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 229 May 2017, . 231 [RFC8203] Snijders, J., Heitz, J., and J. Scudder, "BGP 232 Administrative Shutdown Communication", RFC 8203, 233 DOI 10.17487/RFC8203, July 2017, 234 . 236 7.2. Informative References 238 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 239 RFC 4272, DOI 10.17487/RFC4272, January 2006, 240 . 242 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 243 DOI 10.17487/RFC5424, March 2009, 244 . 246 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 247 Morris, J., Hansen, M., and R. Smith, "Privacy 248 Considerations for Internet Protocols", RFC 6973, 249 DOI 10.17487/RFC6973, July 2013, 250 . 252 [UTR36] Davis, M. and M. Suignard, "Unicode Security 253 Considerations", Unicode Technical Report #36, August 254 2010, . 256 Appendix A. Acknowledgements 258 The authors would like to gratefully acknowledge Tom Scholl, David 259 Freedman, Jared Mauch, Jeff Haas, Peter Hessler, Bruno Decraene, John 260 Heasley, Peter van Dijk, Arjen Zonneveld, James Bensley, Susan Hares, 261 Saku Ytti, Lou Berger, Alvaro Retana, and Adam Roach. 263 The authors would like to thank Enke Chen and Vincent Gillet for 264 their work on [RFC4486] and granting the related BCP 78 rights to the 265 IETF Trust. 267 The authors would like to acknowledge Misha Grishin (MSK-IX) for 268 raising awareness that [RFC8203]'s length specification was 269 insufficient in context of multibyte character sets. 271 Appendix B. Changes to RFC 8203 273 The maximum permitted length was changed from 128 to 255. 275 Feedback from operators based in regions which predominantly use 276 multibyte character sets, showed that messages similar in meaning to 277 what can be send in other languages in using single-byte encoding, 278 failed to fit within the Length constraints as specified by 279 [RFC8203]. For example, the phrase: 'Planned work to add switch to 280 stack. Completion time - 30 minutes' has length 65 bytes. Its 281 translation in Russian 282 'Плановые 283 работы по д 284 86;бавлению к&# 285 1086;ммутатора& 286 #1074; 287 стек.Время 288 79;авершения - 289 30минут' (See PDF for non-ASCII 290 character string) has length 139 bytes. 292 Authors' Addresses 294 Job Snijders 295 NTT Communications 296 Theodorus Majofskistraat 100 297 Amsterdam 1065 SZ 298 The Netherlands 300 Email: job@ntt.net 302 Jakob Heitz 303 Cisco 304 170 West Tasman Drive 305 San Jose, CA 95134 306 United States of America 308 Email: jheitz@cisco.com 310 John Scudder 311 Juniper Networks 312 1194 N. Mathilda Ave 313 Sunnyvale, CA 94089 314 United States of America 316 Email: jgs@juniper.net 318 Alexander Azimov 319 Yandex 321 Email: a.e.azimov@gmail.com