idnits 2.17.1 draft-ietf-idr-rfc8203bis-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4486, updated by this document, for RFC5378 checks: 2001-10-18) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 14, 2020) is 1290 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 8203 (Obsoleted by RFC 9003) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IDR J. Snijders 3 Internet-Draft NTT 4 Obsoletes: 8203 (if approved) J. Heitz 5 Updates: 4486 (if approved) Cisco 6 Intended status: Standards Track J. Scudder 7 Expires: April 17, 2021 Juniper 8 A. Azimov 9 Yandex 10 October 14, 2020 12 Extended BGP Administrative Shutdown Communication 13 draft-ietf-idr-rfc8203bis-08 15 Abstract 17 This document enhances the BGP Cease NOTIFICATION message 18 "Administrative Shutdown" and "Administrative Reset" subcodes for 19 operators to transmit a short freeform message to describe why a BGP 20 session was shutdown or reset. This document updates RFC 4486 and 21 obsoletes RFC 8203 by defining an Extended BGP Administrative 22 Shutdown Communication of up to 255 octets to improve communication 23 using multibyte character sets. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 29 "OPTIONAL" in this document are to be interpreted as described in BCP 30 14 [RFC2119] [RFC8174] when, and only when, they appear in all 31 capitals, as shown here. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on April 17, 2021. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Shutdown Communication . . . . . . . . . . . . . . . . . . . 2 69 3. Operational Considerations . . . . . . . . . . . . . . . . . 3 70 4. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 4 71 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 72 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 73 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 75 7.2. Informative References . . . . . . . . . . . . . . . . . 6 76 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 77 Appendix B. Changes to RFC 8203 . . . . . . . . . . . . . . . . 6 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 80 1. Introduction 82 It can be troublesome for an operator to correlate a BGP-4 [RFC4271] 83 session teardown in the network with a notice that was transmitted 84 via offline methods such as email or telephone calls. This document 85 updates [RFC4486] by specifying a mechanism to transmit a short 86 freeform UTF-8 [RFC3629] message as part of a Cease NOTIFICATION 87 message [RFC4271] to inform the peer why the BGP session is being 88 shutdown or reset. This document obsoletes [RFC8203]; the specific 89 differences and rationale are discussed in detail in Appendix B. 91 2. Shutdown Communication 93 If a BGP speaker decides to terminate its session with a BGP 94 neighbor, and it sends a NOTIFICATION message with the Error Code 95 "Cease" and Error Subcode "Administrative Shutdown" or 96 "Administrative Reset" [RFC4486], it MAY include a UTF-8 encoded 97 string. The contents of the string are at the operator's discretion. 99 The Cease NOTIFICATION message with a Shutdown Communication is 100 encoded as below: 102 0 1 2 3 103 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 | Error Code 6 | Subcode | Length | ... \ 106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / 107 \ \ 108 / ... Shutdown Communication ... / 109 \ \ 110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 Figure 1 114 Subcode: the Error Subcode value MUST be one of the following 115 values: 2 ("Administrative Shutdown") or 4 ("Administrative 116 Reset"). 118 Length: this 8-bit field represents the length of the Shutdown 119 Communication field in octets. When the length value is zero, no 120 Shutdown Communication field follows. 122 Shutdown Communication: to support international characters, the 123 Shutdown Communication field MUST be encoded using UTF-8. A 124 receiving BGP speaker MUST NOT interpret invalid UTF-8 sequences. 125 Note that when the Shutdown Communication contains multibyte 126 characters, the number of characters will be less than the length 127 value. This field is not NUL terminated. UTF-8 "Shortest Form" 128 encoding is REQUIRED to guard against the technical issues 129 outlined in [UTR36]. 131 Mechanisms concerning the reporting of information contained in the 132 Shutdown Communication are implementation specific but SHOULD include 133 methods such as Syslog [RFC5424]. 135 3. Operational Considerations 137 Operators are encouraged to use the Shutdown Communication to inform 138 their peers of the reason for the shutdown of the BGP session and 139 include out-of-band reference materials. An example of a useful 140 Shutdown Communication would be: 142 "[TICKET-1-1438367390] software upgrade; back in 2 hours" 144 "[TICKET-1-1438367390]" is a ticket reference with significance to 145 both the sender and receiver, followed by a brief human-readable 146 message regarding the reason for the BGP session shutdown followed by 147 an indication about the length of the maintenance. The receiver can 148 now use the string 'TICKET-1-1438367390' to search in their email 149 archive to find more details. 151 If a Shutdown Communication longer than 128 octets is sent to a BGP 152 speaker that implements [RFC8203], then that speaker will treat it as 153 an error, the consequence of which should be a log message. 155 If a Shutdown Communication of any length is sent to a BGP speaker 156 that implements neither [RFC8203] nor this specification, then that 157 speaker will treat it as an error, the consequence of which should be 158 a log message. 160 In any case, a receiver of a NOTIFICATION message is unable to 161 acknowledge the receipt and correct understanding of any Shutdown 162 Communication. 164 Operators should not rely on Shutdown Communications as their sole 165 form of communication with their peer for important events. 167 If it is known that the peer BGP speaker supports this specification, 168 then a Shutdown Communication that is not longer than 255 octets MAY 169 be sent. Otherwise, a Shutdown Communication MAY be sent, but it 170 SHOULD NOT be longer than 128 octets. 172 4. Error Handling 174 If a Shutdown Communication with an invalid UTF-8 sequence is 175 received, a message indicating this event SHOULD be logged for the 176 attention of the operator. An erroneous or malformed Shutdown 177 Communication itself MAY be logged in a hexdump format. 179 5. IANA Considerations 181 IANA is requested to reference this document at subcode 182 "Administrative Shutdown", and at subcode "Administrative Reset" in 183 the "BGP Cease NOTIFICATION message subcodes" registry under the 184 "Border Gateway Protocol (BGP) Parameters" group in addition to 185 [RFC4486]. 187 6. Security Considerations 189 This document uses UTF-8 encoding for the Shutdown Communication. 190 There are a number of security issues with Unicode. Implementers and 191 operators are advised to review Unicode Technical Report #36 [UTR36] 192 to learn about these issues. UTF-8 "Shortest Form" encoding is 193 REQUIRED to guard against the technical issues outlined in [UTR36]. 195 As BGP Shutdown Communications are likely to appear in syslog output, 196 there is a risk that carefully constructed Shutdown Communication 197 might be formatted by receiving systems in a way to make them appear 198 as additional syslog messages. The 255 octet length limit on the BGP 199 Shutdown Communication may help limit the ability to mount such an 200 attack. 202 Users of this mechanism should be aware that unless a transport that 203 provides integrity is used for the BGP session in question, a 204 Shutdown Communication message could be forged. Unless a transport 205 that provides confidentiality is used, a Shutdown Communication 206 message could be snooped by an attacker. These issues are common to 207 any BGP message but may be of greater interest in the context of this 208 proposal since the information carried in the message is generally 209 expected to be used for human-to-human communication. Refer to the 210 related considerations in [RFC4271] and [RFC4272]. 212 Users of this mechanism should consider applying data minimization 213 practices as outlined in Section 6.1 of [RFC6973] because a received 214 Shutdown Communication may be used at the receiver's discretion. 216 7. References 218 7.1. Normative References 220 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 221 Requirement Levels", BCP 14, RFC 2119, 222 DOI 10.17487/RFC2119, March 1997, 223 . 225 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 226 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 227 2003, . 229 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 230 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 231 DOI 10.17487/RFC4271, January 2006, 232 . 234 [RFC4486] Chen, E. and V. Gillet, "Subcodes for BGP Cease 235 Notification Message", RFC 4486, DOI 10.17487/RFC4486, 236 April 2006, . 238 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 239 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 240 May 2017, . 242 7.2. Informative References 244 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 245 RFC 4272, DOI 10.17487/RFC4272, January 2006, 246 . 248 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 249 DOI 10.17487/RFC5424, March 2009, 250 . 252 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 253 Morris, J., Hansen, M., and R. Smith, "Privacy 254 Considerations for Internet Protocols", RFC 6973, 255 DOI 10.17487/RFC6973, July 2013, 256 . 258 [RFC8203] Snijders, J., Heitz, J., and J. Scudder, "BGP 259 Administrative Shutdown Communication", RFC 8203, 260 DOI 10.17487/RFC8203, July 2017, 261 . 263 [UTR36] Davis, M. and M. Suignard, "Unicode Security 264 Considerations", Unicode Technical Report #36, August 265 2010, . 267 Appendix A. Acknowledgements 269 The authors would like to gratefully acknowledge Tom Scholl, David 270 Freedman, Jared Mauch, Jeff Haas, Peter Hessler, Bruno Decraene, John 271 Heasley, Peter van Dijk, Arjen Zonneveld, James Bensley, Susan Hares, 272 Saku Ytti, Lou Berger, Alvaro Retana, and Adam Roach. 274 The authors would like to thank Enke Chen and Vincent Gillet for 275 their work on [RFC4486] and granting the related BCP 78 rights to the 276 IETF Trust. 278 The authors would like to acknowledge Misha Grishin (MSK-IX) for 279 raising awareness that [RFC8203]'s length specification was 280 insufficient in context of multibyte character sets. 282 Appendix B. Changes to RFC 8203 284 The maximum permitted length was changed from 128 to 255. 286 Feedback from operators based in regions which predominantly use 287 multibyte character sets, showed that messages similar in meaning to 288 what can be send in other languages in using single-byte encoding, 289 failed to fit within the Length constraints as specified by 291 [RFC8203]. For example, the phrase: 'Planned work to add switch to 292 stack. Completion time - 30 minutes' has length 65 bytes. Its 293 translation in Russian has length 139 bytes. 295 If a Shutdown Communication message longer than 128 octets is sent to 296 a BGP speaker that implements [RFC8203], then that speaker will bring 297 it to the attention of an operator, but will otherwise process the 298 NOTIFICATION message as normal. 300 Authors' Addresses 302 Job Snijders 303 NTT Communications 304 Theodorus Majofskistraat 100 305 Amsterdam 1065 SZ 306 The Netherlands 308 Email: job@ntt.net 310 Jakob Heitz 311 Cisco 312 170 West Tasman Drive 313 San Jose, CA 95134 314 United States of America 316 Email: jheitz@cisco.com 318 John Scudder 319 Juniper Networks 320 1194 N. Mathilda Ave 321 Sunnyvale, CA 94089 322 United States of America 324 Email: jgs@juniper.net 326 Alexander Azimov 327 Yandex 329 Email: a.e.azimov@gmail.com