idnits 2.17.1 draft-ietf-idr-rfc8203bis-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4486, updated by this document, for RFC5378 checks: 2001-10-18) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 18, 2020) is 1309 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 8203 (Obsoleted by RFC 9003) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR J. Snijders 3 Internet-Draft NTT 4 Obsoletes: 8203 (if approved) J. Heitz 5 Updates: 4486 (if approved) Cisco 6 Intended status: Standards Track J. Scudder 7 Expires: March 22, 2021 Juniper 8 A. Azimov 9 Yandex 10 September 18, 2020 12 Extended BGP Administrative Shutdown Communication 13 draft-ietf-idr-rfc8203bis-07 15 Abstract 17 This document enhances the BGP Cease NOTIFICATION message 18 "Administrative Shutdown" and "Administrative Reset" subcodes for 19 operators to transmit a short freeform message to describe why a BGP 20 session was shutdown or reset. This document updates RFC 4486 and 21 obsoletes RFC 8203 by defining an Extended BGP Administrative 22 Shutdown Communication of up to 255 octets to improve communication 23 using multibyte character sets. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 29 "OPTIONAL" in this document are to be interpreted as described in BCP 30 14 [RFC2119] [RFC8174] when, and only when, they appear in all 31 capitals, as shown here. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on March 22, 2021. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Shutdown Communication . . . . . . . . . . . . . . . . . . . 2 69 3. Operational Considerations . . . . . . . . . . . . . . . . . 3 70 4. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 4 71 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 72 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 73 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 75 7.2. Informative References . . . . . . . . . . . . . . . . . 5 76 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 77 Appendix B. Changes to RFC 8203 . . . . . . . . . . . . . . . . 6 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 80 1. Introduction 82 It can be troublesome for an operator to correlate a BGP-4 [RFC4271] 83 session teardown in the network with a notice that was transmitted 84 via offline methods such as email or telephone calls. This document 85 updates [RFC4486] by specifying a mechanism to transmit a short 86 freeform UTF-8 [RFC3629] message as part of a Cease NOTIFICATION 87 message [RFC4271] to inform the peer why the BGP session is being 88 shutdown or reset. This document obsoletes [RFC8203]; the specific 89 differences and rationale are discussed in detail in Appendix B. 91 2. Shutdown Communication 93 If a BGP speaker decides to terminate its session with a BGP 94 neighbor, and it sends a NOTIFICATION message with the Error Code 95 "Cease" and Error Subcode "Administrative Shutdown" or 96 "Administrative Reset" [RFC4486], it MAY include a UTF-8 encoded 97 string. The contents of the string are at the operator's discretion. 99 The Cease NOTIFICATION message with a Shutdown Communication is 100 encoded as below: 102 0 1 2 3 103 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 | Error Code 6 | Subcode | Length | ... \ 106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / 107 \ \ 108 / ... Shutdown Communication ... / 109 \ \ 110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 Figure 1 114 Subcode: the Error Subcode value MUST be one of the following 115 values: 2 ("Administrative Shutdown") or 4 ("Administrative 116 Reset"). 118 Length: this 8-bit field represents the length of the Shutdown 119 Communication field in octets. When the length value is zero, no 120 Shutdown Communication field follows. 122 Shutdown Communication: to support international characters, the 123 Shutdown Communication field MUST be encoded using UTF-8. A 124 receiving BGP speaker MUST NOT interpret invalid UTF-8 sequences. 125 Note that when the Shutdown Communication contains multibyte 126 characters, the number of characters will be less than the length 127 value. This field is not NUL terminated. UTF-8 "Shortest Form" 128 encoding is REQUIRED to guard against the technical issues 129 outlined in [UTR36]. 131 Mechanisms concerning the reporting of information contained in the 132 Shutdown Communication are implementation specific but SHOULD include 133 methods such as Syslog [RFC5424]. 135 3. Operational Considerations 137 Operators are encouraged to use the Shutdown Communication to inform 138 their peers of the reason for the shutdown of the BGP session and 139 include out-of-band reference materials. An example of a useful 140 Shutdown Communication would be: 142 "[TICKET-1-1438367390] software upgrade; back in 2 hours" 144 "[TICKET-1-1438367390]" is a ticket reference with significance to 145 both the sender and receiver, followed by a brief human-readable 146 message regarding the reason for the BGP session shutdown followed by 147 an indication about the length of the maintenance. The receiver can 148 now use the string 'TICKET-1-1438367390' to search in their email 149 archive to find more details. 151 If a Shutdown Communication longer than 128 octets is sent to a BGP 152 speaker that implements [RFC8203], then that speaker will treat it as 153 an error, the consequence of which is a log message. For this 154 reason, operators would be wise to keep shutdown communications to 155 less than 128 octets when feasible. 157 There is no guarantee that the receiver supports either this 158 specification or [RFC8203], so any shutdown communication might not 159 be logged in an easily-readable form at all. Therefore, operators 160 would also be wise not to rely on shutdown communications as their 161 sole form of communication with their peer for important events. 163 4. Error Handling 165 If a Shutdown Communication with an invalid UTF-8 sequence is 166 received, a message indicating this event SHOULD be logged for the 167 attention of the operator. An erroneous or malformed Shutdown 168 Communication itself MAY be logged in a hexdump format. 170 5. IANA Considerations 172 IANA is requested to reference this document at subcode 173 "Administrative Shutdown", and at subcode "Administrative Reset" in 174 the "BGP Cease NOTIFICATION message subcodes" registry under the 175 "Border Gateway Protocol (BGP) Parameters" group in addition to 176 [RFC4486]. 178 6. Security Considerations 180 This document uses UTF-8 encoding for the Shutdown Communication. 181 There are a number of security issues with Unicode. Implementers and 182 operators are advised to review Unicode Technical Report #36 [UTR36] 183 to learn about these issues. UTF-8 "Shortest Form" encoding is 184 REQUIRED to guard against the technical issues outlined in [UTR36]. 186 As BGP Shutdown Communications are likely to appear in syslog output, 187 there is a risk that carefully constructed Shutdown Communication 188 might be formatted by receiving systems in a way to make them appear 189 as additional syslog messages. The 255 octet length limit on the BGP 190 Shutdown Communication may help limit the ability to mount such an 191 attack. 193 Users of this mechanism should be aware that unless a transport that 194 provides integrity is used for the BGP session in question, a 195 Shutdown Communication message could be forged. Unless a transport 196 that provides confidentiality is used, a Shutdown Communication 197 message could be snooped by an attacker. These issues are common to 198 any BGP message but may be of greater interest in the context of this 199 proposal since the information carried in the message is generally 200 expected to be used for human-to-human communication. Refer to the 201 related considerations in [RFC4271] and [RFC4272]. 203 Users of this mechanism should consider applying data minimization 204 practices as outlined in Section 6.1 of [RFC6973] because a received 205 Shutdown Communication may be used at the receiver's discretion. 207 7. References 209 7.1. Normative References 211 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 212 Requirement Levels", BCP 14, RFC 2119, 213 DOI 10.17487/RFC2119, March 1997, 214 . 216 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 217 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 218 2003, . 220 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 221 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 222 DOI 10.17487/RFC4271, January 2006, 223 . 225 [RFC4486] Chen, E. and V. Gillet, "Subcodes for BGP Cease 226 Notification Message", RFC 4486, DOI 10.17487/RFC4486, 227 April 2006, . 229 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 230 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 231 May 2017, . 233 7.2. Informative References 235 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 236 RFC 4272, DOI 10.17487/RFC4272, January 2006, 237 . 239 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 240 DOI 10.17487/RFC5424, March 2009, 241 . 243 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 244 Morris, J., Hansen, M., and R. Smith, "Privacy 245 Considerations for Internet Protocols", RFC 6973, 246 DOI 10.17487/RFC6973, July 2013, 247 . 249 [RFC8203] Snijders, J., Heitz, J., and J. Scudder, "BGP 250 Administrative Shutdown Communication", RFC 8203, 251 DOI 10.17487/RFC8203, July 2017, 252 . 254 [UTR36] Davis, M. and M. Suignard, "Unicode Security 255 Considerations", Unicode Technical Report #36, August 256 2010, . 258 Appendix A. Acknowledgements 260 The authors would like to gratefully acknowledge Tom Scholl, David 261 Freedman, Jared Mauch, Jeff Haas, Peter Hessler, Bruno Decraene, John 262 Heasley, Peter van Dijk, Arjen Zonneveld, James Bensley, Susan Hares, 263 Saku Ytti, Lou Berger, Alvaro Retana, and Adam Roach. 265 The authors would like to thank Enke Chen and Vincent Gillet for 266 their work on [RFC4486] and granting the related BCP 78 rights to the 267 IETF Trust. 269 The authors would like to acknowledge Misha Grishin (MSK-IX) for 270 raising awareness that [RFC8203]'s length specification was 271 insufficient in context of multibyte character sets. 273 Appendix B. Changes to RFC 8203 275 The maximum permitted length was changed from 128 to 255. 277 Feedback from operators based in regions which predominantly use 278 multibyte character sets, showed that messages similar in meaning to 279 what can be send in other languages in using single-byte encoding, 280 failed to fit within the Length constraints as specified by 281 [RFC8203]. For example, the phrase: 'Planned work to add switch to 282 stack. Completion time - 30 minutes' has length 65 bytes. Its 283 translation in Russian has length 139 bytes. 285 If a Shutdown Communication message longer than 128 octets is sent to 286 a BGP speaker that implements [RFC8203], then that speaker will bring 287 it to the attention of an operator, but will otherwise process the 288 NOTIFICATION message as normal. 290 Authors' Addresses 292 Job Snijders 293 NTT Communications 294 Theodorus Majofskistraat 100 295 Amsterdam 1065 SZ 296 The Netherlands 298 Email: job@ntt.net 300 Jakob Heitz 301 Cisco 302 170 West Tasman Drive 303 San Jose, CA 95134 304 United States of America 306 Email: jheitz@cisco.com 308 John Scudder 309 Juniper Networks 310 1194 N. Mathilda Ave 311 Sunnyvale, CA 94089 312 United States of America 314 Email: jgs@juniper.net 316 Alexander Azimov 317 Yandex 319 Email: a.e.azimov@gmail.com