idnits 2.17.1 draft-ietf-idr-route-filter-06.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 10 longer pages, the longest (page 2) being 61 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'BGP-4' is defined on line 427, but no explicit reference was found in the text == Unused Reference: 'BGP-MP' is defined on line 430, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1771 (ref. 'BGP-4') (Obsoleted by RFC 4271) ** Obsolete normative reference: RFC 2858 (ref. 'BGP-MP') (Obsoleted by RFC 4760) ** Obsolete normative reference: RFC 2842 (ref. 'BGP-CAP') (Obsoleted by RFC 3392) == Outdated reference: A later version (-09) exists of draft-ramachandra-bgp-ext-communities-02 -- Possible downref: Normative reference to a draft: ref. 'BGP-EXT-COMMUNITIES' Summary: 7 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Enke Chen 3 Internet Draft Redback Networks, Inc. 4 Expiration Date: November 2002 Yakov Rekhter 5 Juniper Networks 7 Cooperative Route Filtering Capability for BGP-4 9 draft-ietf-idr-route-filter-06.txt 11 1. Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC2026 except that the right to 15 produce derivative works is not granted. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as ``work in progress.'' 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 2. Abstract 35 This document defines a BGP-based mechanism that allows a BGP speaker 36 to send to its BGP peer a set of route filters that the peer would 37 use to constrain/filter its outbound routing updates to the speaker. 39 3. Introduction 41 Currently it is not uncommon for a BGP speaker to receive, and then 42 filter out some unwanted routes from its peers based on its local 43 routing policy. Since the generation and transmission of routing 44 updates by the sender, as well as the processing of routing updates 45 by the receiver consume resources, it may be beneficial if the 46 generation of such unwanted routing updates can be avoided in the 47 first place. 49 This document defines a BGP-based mechanism that allows a BGP speaker 50 to send to its BGP peer a set of Outbound Route Filters (ORFs). The 51 peer would then apply these filters, in addition to its locally 52 configured outbound filters (if any), to constrain/filter its 53 outbound routing updates to the speaker. 55 4. Outbound Route Filter (ORF) 57 Conceptually an ORF entry is a tuple of the form ; an ORF consists of one or more ORF entries 59 that have a common AFI/SAFI and ORF-Type. An ORF is identified by 60 . 62 The "AFI/SAFI" component provides a coarse granularity control by 63 limiting the ORF to only the routes whose NLRI matches the "AFI/SAFI" 64 component of the ORF. 66 The "ORF-Type" component determines the content of the ORF-value. 68 The "Action" component controls handling of the ORF Request by the 69 remote peer. Action can be one of ADD, REMOVE, REMOVE-ALL. ADD adds 70 an ORF entry to the ORF on the remote peer; REMOVE deletes a 71 previously installed ORF entry on the remote peer; REMOVE-ALL deletes 72 the previously installed entries in the specified ORF on the remote 73 peer. 75 The "Match" component can be one of PERMIT or DENY. The semantics of 76 PERMIT is to ask the peer to pass updates for the set of routes that 77 match the ORF entry. The semantics of DENY is to ask the peer not to 78 pass updates for the set of routes that match the ORF entry. 80 4.1. Communities ORF-Type 82 The Community ORF-Type allows to express ORFs in terms of BGP 83 Communities [BGP-COMMUNITIES]. That is, the Communities ORF-Type 84 provides Communities-based route filtering. 86 Conceptually the ORF-value of the Communities ORF-Type consists of 87 . "Scope" indicates the set of routes that must 88 be considered by the remote peer for the given ORF request. Scope can 89 be one of the EXACT or NORMAL. EXACT scope indicates that the remote 90 peer should consider only those routes whose Communities attribute is 91 equal to the Communities list specified in the ORF. NORMAL scope 92 indicates that the remote peer should consider only those routes 93 whose Communities attribute either is equal to the Communities list 94 specified in the ORF, or exhibit a subset relation with the 95 Communities list specified in the ORF. 97 The Communities list is a list of BGP Communities. 99 4.2. Extended Communities ORF-Type 101 The Extended Community ORF-Type allows to express ORFs in terms of 102 BGP Extended Communities [BGP-EXT-COMMUNITIES]. That is, the Extended 103 Communities ORF-Type provides Extended Communities-based route 104 filtering. 106 Conceptually the ORF-value of the Extended Communities ORF-Type 107 consists of . "Scope" indicates the set 108 of routes that must be considered by the remote peer for the given 109 ORF request. Scope can be one of the EXACT or NORMAL. EXACT scope 110 indicates that the remote peer should consider only those routes 111 whose Extended Communities attribute is equal to the Extended 112 Communities list specified in the ORF. NORMAL scope indicates that 113 the remote peer should consider only those routes whose Extended 114 Communities attribute either is equal to the Extended Communities 115 list specified in the ORF, or exhibit a subset relation with the 116 Extended Communities list specified in the ORF. 118 The Extended Communities list is a list of BGP Extended Communities. 120 5. Carrying ORF entries in BGP 122 ORF entries are carried in the BGP ROUTE-REFRESH message [BGP-RR]. 124 A BGP speaker can distinguish an incoming ROUTE-REFRESH message that 125 carries one or more ORF entries from an incoming plain ROUTE-REFRESH 126 message by using the Message Length field in the BGP message header. 128 A single ROUTE-REFRESH message could carry multiple ORF entries, as 129 long as all these entries share the same AFI/SAFI. 131 From the encoding point of view each ORF entry consists of a common 132 part and type-specific part. 134 The common part consists of , and 135 is encoded as follows: 137 The AFI/SAFI component of an ORF entry is encoded in the AFI/SAFI 138 field of the ROUTE-REFRESH message. 140 Following the AFI/SAFI component is the one-octet When-to-refresh 141 field. The value of this field can be one of IMMEDIATE (0x01) or 142 DEFER (0x02). The semantics of IMMEDIATE is to ask the peer to 143 refresh the routes for the AFI/SAFI carried in the message 144 immediately after processing the message. The semantics of DEFER 145 is to ask the peer to defer refreshing of all the routes until it 146 receives a subsequent ROUTE-REFRESH message for the same AFI/SAFI 147 either without any ORF entries, or with one or more ORF entries 148 and When-to-refresh set to IMMEDIATE. 150 Following the When-to-refresh field is a collection of one or more 151 ORFs, grouped by ORF-Type. 153 The ORF-Type component is encoded as a one-octet field. 155 The Length of ORFs component is a two-octets field that contains 156 the length (in octets) of the ORF entries that follows. 158 +--------------------------------------------------+ 159 | Address Family Identifier (2 octets) | 160 +--------------------------------------------------+ 161 | Reserved (1 octet) | 162 +--------------------------------------------------+ 163 | Subsequent Address Family Identifier (1 octet) | 164 +--------------------------------------------------+ 165 | When-to-refresh (1 octet) | 166 +--------------------------------------------------+ 167 | ORF Type (1 octet) | 168 +--------------------------------------------------+ 169 | Length of ORFs (2 octets) | 170 +--------------------------------------------------+ 171 | First ORF entry (variable) | 172 +--------------------------------------------------+ 173 | Second ORF entry (variable) | 174 +--------------------------------------------------+ 175 ......... 176 +--------------------------------------------------+ 177 | N-th ORF entry (variable) | 178 +--------------------------------------------------+ 179 | ORF Type (1 octet) | 180 +--------------------------------------------------+ 181 | Length of ORFs (2 octets) | 182 +--------------------------------------------------+ 183 | First ORF entry (variable) | 184 +--------------------------------------------------+ 185 | Second ORF entry (variable) | 186 +--------------------------------------------------+ 187 ......... 188 +--------------------------------------------------+ 189 | N-th ORF entry (variable) | 190 +--------------------------------------------------+ 191 ......... 193 Fig 1. Carrying ORF entries in the ROUTE-REFRESH message 195 The rest of the components in the common part are encoded in first 196 octet of each ORF-entry as follows (from the most significant to the 197 least significant bit): 199 Action is a two-bit field. The value of this field is 0 for ADD, 1 200 for REMOVE, and 2 for REMOVE-ALL. 202 Match is a one-bit field. The value of this field is 0 for PERMIT 203 and 1 for DENY. This field is significant only when the value of 204 the Action field is either ADD or REMOVE. 206 Reserved is a 5-bit field. It is set to 0 on transmit and ignored 207 on receive. 209 +---------------------------------+ 210 | Action (2 bit) | 211 +---------------------------------+ 212 | Match (1 bit) | 213 +---------------------------------+ 214 | Reserved (5 bits) | 215 +---------------------------------+ 216 | Type specific part (variable) | 217 +---------------------------------+ 219 Fig 2. ORF entry encoding 221 When the Action component of an ORF entry specifies REMOVE-ALL, 222 the entry consists of only the common part. 224 5.1. Type specific encoding (Communities ORF-Type) 226 The value of the ORF-Type for the Communities ORF-Type is 2. 228 The type-specific part of Communities ORF-Type consists of , and is encoded as follows: 231 Scope is a one-octet field. The EXACT Scope has the value of 1. 232 The NORMAL Scope has the value of 2. 234 Communities are encoded as a one octet Number of Communities 235 field, followed by one or more Communities, where each Community 236 is encoded as a four-octets field. 238 5.2. Type specific encoding (Extended Communities ORF-Type) 240 The value of the ORF-Type for the Extended Communities ORF-Type is 3. 242 The type-specific part of Extended Communities ORF-Type consists of 243 , and is encoded as follows: 245 Scope is a one-octet field. The EXACT Scope has the value of 1. 246 The NORMAL Scope has the value of 2. 248 Extended Communities are encoded as a one octet Number of Extended 249 Communities field, followed by one or more Extended Communities, 250 where each Extended Community is encoded as a eight-octets field. 252 6. Cooperative Route Filtering Capability 254 A BGP speaker that is willing to receive ORF entries from its peer, 255 or a BGP speaker that would like to send ORF entries to its peer 256 advertises this to the peer by using the Cooperative Route Filtering 257 Capability, as described below. 259 The Cooperative Route Filtering Capability is a new BGP capability 260 [BGP-CAP] defined as follows: 262 Capability code: 3 264 Capability length: variable 266 Capability value: one or more of the following entries: 268 +--------------------------------------------------+ 269 | Address Family Identifier (2 octets) | 270 +--------------------------------------------------+ 271 | Reserved (1 octet) | 272 +--------------------------------------------------+ 273 | Subsequent Address Family Identifier (1 octet) | 274 +--------------------------------------------------+ 275 | Number of ORFs (1 octet) | 276 +--------------------------------------------------+ 277 | ORF Type (1 octet) | 278 +--------------------------------------------------+ 279 | Send/Receive (1 octet) | 280 +--------------------------------------------------+ 281 | ... | 282 +--------------------------------------------------+ 283 | ORF Type (1 octet) | 284 +--------------------------------------------------+ 285 | Send/Receive (1 octet) | 286 +--------------------------------------------------+ 288 Fig 4. Capability encoding 290 The use and meaning of these fields are as follows: 292 Address Family Identifier (AFI): 294 This field carries the identity of the Network Layer protocol 295 associated with the Network Address that follows. Presently 296 defined values for this field are specified in RFC1700 (see the 297 Address Family Numbers section). 299 Subsequent Address Family Identifier (SAFI): 301 This field provides additional information about the type of 302 the Network Layer Reachability Information carried in the 303 attribute. 305 Number of ORF Types: 307 This field contains the number of Filter Types to be listed in 308 the following fields. 310 ORF Type: 312 This field contains the value of an ORF Type. 314 Send/Receive: 316 This field indicates whether the sender is (a) willing to 317 receive ORF entries from its peer (value 1), (b) would like to 318 send ORF entries to its peer (value 2), or (c) both (value 3) 319 for the ORF Type that follows. 321 7. Operation 323 A BGP speaker that is willing to receive ORF entries from its peer, 324 or would like to send ORF entries to its peer should advertise the 325 Cooperative Route Filtering Capability to the peer using BGP 326 Capabilities advertisement [BGP-CAP]. 328 A BGP speaker that implements the Cooperative Route Filtering 329 Capability must support BGP ROUTE-REFRESH message, as defined in 330 [BGP-RR]. A BGP speaker that advertises the Cooperative Route 331 Filtering Capability to a peer using BGP Capabilities advertisement 332 [BGP-CAP] doesn't have to advertise the BGP Route Refresh capability 333 to that peer. 335 Consider a BGP speaker that advertises the Cooperative Route 336 Filtering Capability indicating its willingness to receive a 337 particular set of from its peer, and that 338 receives the Cooperative Route Filtering Capability indicating the 339 desire of the peer to send a particular set to 340 the speaker. If for a given the intersection between 341 these two sets are not-empty, the speaker should not advertise to the 342 peer any routes with that prior to receiving from the 343 peer any ROUTE-REFRESH message carrying that , where the 344 message could be either without any ORF entries, or with one or more 345 ORF entry and When-to-refresh field set to IMMEDIATE. If, on the 346 other hand, for a given the intersection between these 347 two sets is empty, the speaker should follow normal BGP procedures. 349 A BGP speaker may send a ROUTE-REFRESH message with one or more ORF 350 entries to its peer only if the peer advertises to the speaker the 351 Cooperative Route Filtering Capability indicating its willingness to 352 receive ORF entries from the speaker, and the speaker advertises to 353 the peer the Cooperative Route Filtering Capability indicating its 354 desire to send ORF entries to the peer. The message may contain only 355 ORF entries of that the peer is willing to 356 receive, as advertised to the speaker in the Cooperative Route 357 Filtering Capability. 359 When a BGP speaker receives a ROUTE-REFRESH message with one or more 360 ORF entries from its peer, then the speaker performs the following 361 actions. If the carried by the message doesn't 362 match that the speaker is willing to receive 363 from the peer (as advertised to the peer in the Cooperative Route 364 Filtering Capability), the specified ORF is ignored. Otherwise, the 365 speaker modifies the specified ORF, as specified in the ORF entries 366 carried by the message. If any of the fields within an ORF entry 367 contain an unrecognized value, the whole specified ORF is removed. 369 If the Action component of an ORF entry is REMOVE, but the ORF 370 doesn't contain the specified entry, the entry is ignored. 372 ORF entries with either REMOVE or REMOVE-ALL can not remove locally 373 configured outbound route filters. 375 If the When-to-Refresh indicates IMMEDIATE, then after processing all 376 the ORF entries carried in the message the speaker should re- 377 advertise to the peer routes from the Adj-RIB-Out that have the same 378 AFI/SAFI as what is carried in the message, and taking into account 379 all the ORF entries received from the peer. 381 The set of ORF entries that the speaker sends to the peer expresses 382 the speaker's local preference, that the peer may or may not decide 383 to honor. 385 During a single BGP session the speaker may pass multiple ORF entries 386 to the peer. 388 The lifetime of an ORF is the duration of the BGP session during 389 which the ORF is exchanged. 391 An ORF is removed when the last ORF entry is remove (either via 392 REMOVE-ALL, or via a sequence of REMOVE). 394 If a particular route maintained by a BGP speaker doesn't match any 395 of the ORF entries of any of the (non-empty) ORFs associated with a 396 particular peer, then this route should not be advertised to the 397 peer. 399 If a BGP speaker maintains multiple ORFs of different ORF-Types for a 400 particular peer, then the decision by the speaker to advertise a 401 route to the peer is determined by passing the route through each 402 such ORF, and and-ing the results (and-ing of PERMIT and DENY results 403 in DENY). 405 8. IANA Considerations 407 As specified in this document, an ORF enty contains the ORF-Type 408 field. ORF-Type value 0 is reserved. ORF-Type values 1 through 63 409 are to be assigned by IANA using the "IETF Consensus" policy defined 410 in RFC2434. ORF-Type values 64 through 127 are to be assigned by 411 IANA, using the "First Come First Served" policy defined in RFC2434. 412 ORF-Type values 128 through 255 are vendor-specific, and values in 413 this range are not to be assigned by IANA. 415 9. Security Considerations 417 This extension to BGP does not change the underlying security issues. 419 10. Acknowledgements 421 Some of the material in the document is "borrowed" from a proposal 422 for selective updates by Yakov Rekhter, Kannan Varadhan, and Curtis 423 Villamizar. 425 11. References 427 [BGP-4] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 428 (BGP-4)", RFC 1771, March 1995. 430 [BGP-MP] Bates, T., Chandra, R., Katz, D., and Rekhter, Y., 431 "Multiprotocol Extensions for BGP-4", RFC 2858, June 2000 433 [BGP-CAP] Chandra, R., Scudder, J., "Capabilities Advertisement with 434 BGP-4", RFC2842, May 2000 436 [BGP-COMMUNITIES] Chandra, R., Traina, P., and Li, T., "BGP 437 Communities Attribute", RFC1997, August 1996. 439 [BGP-EXT-COMMUNITIES] Ramachandra, S., Tappan, D., "BGP Extended 440 Communities Attribute", draft-ramachandra-bgp-ext-communities-02.txt 442 [BGP-RR] Chen, E., "Route Refresh Capability for BGP-4", RFC2918, 443 September 2000 445 12. Author Information 447 Enke Chen 448 Redback Networks, Inc. 449 350 Holger Way 450 San Jose, CA 95134 451 e-mail: enke@redback.com 453 Yakov Rekhter 454 Juniper Networks 455 e-mail: yakov@juniper.net