idnits 2.17.1 draft-ietf-idr-route-filter-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 34. -- Found old boilerplate from RFC 3978, Section 5.5 on line 434. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 405. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 412. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 418. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 542 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'BGP-4' is defined on line 444, but no explicit reference was found in the text == Unused Reference: 'BGP-MP' is defined on line 447, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2858 (ref. 'BGP-MP') (Obsoleted by RFC 4760) ** Obsolete normative reference: RFC 3392 (ref. 'BGP-CAP') (Obsoleted by RFC 5492) Summary: 5 errors (**), 0 flaws (~~), 5 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Enke Chen 3 Internet Draft Cisco Systems 4 Expiration Date: December 2006 Yakov Rekhter 5 Juniper Networks 7 Cooperative Route Filtering Capability for BGP-4 9 draft-ietf-idr-route-filter-14.txt 11 Status of this Memo 13 Internet-Drafts are working documents of the Internet Engineering 14 Task Force (IETF), its areas, and its working groups. Note that 15 other groups may also distribute working documents as Internet- 16 Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference 21 material or to cite them other than as "work in progress". 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 IPR Disclosure Acknowledgement 31 By submitting this Internet-Draft, each author represents that any 32 applicable patent or other IPR claims of which he or she is aware 33 have been or will be disclosed, and any of which he or she becomes 34 aware will be disclosed, in accordance with Section 6 of BCP 79. 36 Abstract 38 This document defines a BGP-based mechanism that allows a BGP speaker 39 to send to its BGP peer a set of route filters that the peer would 40 use to constrain/filter its outbound routing updates to the speaker. 42 1. Specification of Requirements 44 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 45 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 46 document are to be interpreted as described in RFC2119 [RFC2119]. 48 2. Introduction 50 Currently it is not uncommon for a BGP speaker to receive, and then 51 filter out some unwanted routes from its peers based on its local 52 routing policy. Since the generation and transmission of routing 53 updates by the sender, as well as the processing of routing updates 54 by the receiver consume resources, it may be beneficial if the 55 generation of such unwanted routing updates can be avoided in the 56 first place. 58 This document defines a BGP-based mechanism that allows a BGP speaker 59 to send to its BGP peer a set of Outbound Route Filters (ORFs). The 60 peer would then apply these filters, in addition to its locally 61 configured outbound filters (if any), to constrain/filter its 62 outbound routing updates to the speaker. 64 3. Outbound Route Filter (ORF) 66 Conceptually an ORF entry is a tuple of the form ; an ORF consists of one or more ORF entries 68 that have a common AFI/SAFI and ORF-Type. An ORF is identified by 69 . 71 The "AFI/SAFI" component provides a coarse granularity control by 72 limiting the ORF to only the routes whose NLRI matches the "AFI/SAFI" 73 component of the ORF. 75 The "ORF-Type" component determines the content of the ORF-value. 77 The "Action" component controls handling of the ORF Request by the 78 remote peer. Action can be one of ADD, REMOVE, REMOVE-ALL. ADD adds 79 an ORF entry to the ORF on the remote peer; REMOVE deletes a 80 previously installed ORF entry on the remote peer; REMOVE-ALL deletes 81 the previously installed entries in the specified ORF on the remote 82 peer. 84 The "Match" component is used if support matching granularity on a 85 per ORF entry basis is needed, in which case the "Match" component 86 can be one of PERMIT or DENY. The semantics of PERMIT is to ask the 87 peer to pass updates for the set of routes that match the ORF entry. 88 The semantics of DENY is to ask the peer not to pass updates for the 89 set of routes that match the ORF entry. 91 4. Carrying ORF entries in BGP 93 ORF entries are carried in the BGP ROUTE-REFRESH message [BGP-RR]. 95 A BGP speaker can distinguish an incoming ROUTE-REFRESH message that 96 carries one or more ORF entries from an incoming plain ROUTE-REFRESH 97 message by using the Message Length field in the BGP message header. 99 A single ROUTE-REFRESH message could carry multiple ORF entries, as 100 long as all these entries share the same AFI/SAFI. 102 From the encoding point of view each ORF entry consists of a common 103 part and type-specific part. 105 The common part consists of , and 106 is encoded as follows: 108 The AFI/SAFI component of an ORF entry is encoded in the AFI/SAFI 109 field of the ROUTE-REFRESH message. 111 Following the AFI/SAFI component is the one-octet When-to-refresh 112 field. The value of this field can be one of IMMEDIATE (0x01) or 113 DEFER (0x02). The semantics of IMMEDIATE and DEFER are discussed 114 in the "Operation" section of this document. 116 Following the When-to-refresh field is a collection of one or more 117 ORFs, grouped by ORF-Type. 119 The ORF-Type component is encoded as a one-octet field. 121 The Length of ORFs component is a two-octets field that contains 122 the length (in octets) of the ORF entries that follows. 124 +--------------------------------------------------+ 125 | Address Family Identifier (2 octets) | 126 +--------------------------------------------------+ 127 | Reserved (1 octet) | 128 +--------------------------------------------------+ 129 | Subsequent Address Family Identifier (1 octet) | 130 +--------------------------------------------------+ 131 | When-to-refresh (1 octet) | 132 +--------------------------------------------------+ 133 | ORF Type (1 octet) | 134 +--------------------------------------------------+ 135 | Length of ORFs (2 octets) | 136 +--------------------------------------------------+ 137 | First ORF entry (variable) | 138 +--------------------------------------------------+ 139 | Second ORF entry (variable) | 140 +--------------------------------------------------+ 141 ......... 142 +--------------------------------------------------+ 143 | N-th ORF entry (variable) | 144 +--------------------------------------------------+ 145 | ORF Type (1 octet) | 146 +--------------------------------------------------+ 147 | Length of ORFs (2 octets) | 148 +--------------------------------------------------+ 149 | First ORF entry (variable) | 150 +--------------------------------------------------+ 151 | Second ORF entry (variable) | 152 +--------------------------------------------------+ 153 ......... 154 +--------------------------------------------------+ 155 | N-th ORF entry (variable) | 156 +--------------------------------------------------+ 157 ......... 159 Fig 1. Carrying ORF entries in the ROUTE-REFRESH message 161 The rest of the components in the common part are encoded in first 162 octet of each ORF-entry as follows (from the most significant to the 163 least significant bit): 165 Action is a two-bit field. The value of this field is 0 for ADD, 1 166 for REMOVE, and 2 for REMOVE-ALL. 168 Match is a one-bit field. The value of this field is 0 for PERMIT 169 and 1 for DENY. This field is significant only when the value of 170 the Action field is either ADD or REMOVE. 172 Reserved is a 5-bit field. It is set to 0 on transmit and ignored 173 on receive. 175 +---------------------------------+ 176 | Action (2 bit) | 177 +---------------------------------+ 178 | Match (1 bit) | 179 +---------------------------------+ 180 | Reserved (5 bits) | 181 +---------------------------------+ 182 | Type specific part (variable) | 183 +---------------------------------+ 185 Fig 2. ORF entry encoding 187 When the Action component of an ORF entry specifies REMOVE-ALL, 188 the entry consists of only the common part. 190 5. Cooperative Route Filtering Capability 192 A BGP speaker that is willing to receive ORF entries from its peer, 193 or a BGP speaker that would like to send ORF entries to its peer 194 advertises this to the peer by using the Cooperative Route Filtering 195 Capability, as described below. 197 The Cooperative Route Filtering Capability is a new BGP capability 198 [BGP-CAP] defined as follows: 200 Capability code: 3 202 Capability length: variable 204 Capability value: one or more of the following entries: 206 +--------------------------------------------------+ 207 | Address Family Identifier (2 octets) | 208 +--------------------------------------------------+ 209 | Reserved (1 octet) | 210 +--------------------------------------------------+ 211 | Subsequent Address Family Identifier (1 octet) | 212 +--------------------------------------------------+ 213 | Number of ORFs (1 octet) | 214 +--------------------------------------------------+ 215 | ORF Type (1 octet) | 216 +--------------------------------------------------+ 217 | Send/Receive (1 octet) | 218 +--------------------------------------------------+ 219 | ... | 220 +--------------------------------------------------+ 221 | ORF Type (1 octet) | 222 +--------------------------------------------------+ 223 | Send/Receive (1 octet) | 224 +--------------------------------------------------+ 226 Fig 4. Capability encoding 228 The use and meaning of these fields are as follows: 230 Address Family Identifier (AFI): 232 This field carries the identity of the Network Layer protocol 233 associated with the Network Address that follows. Presently 234 defined values for this field are specified in RFC1700 (see the 235 Address Family Numbers section). 237 Subsequent Address Family Identifier (SAFI): 239 This field provides additional information about the type of 240 the Network Layer Reachability Information carried in the 241 attribute. 243 Number of ORF Types: 245 This field contains the number of Filter Types to be listed in 246 the following fields. 248 ORF Type: 250 This field contains the value of an ORF Type. 252 Send/Receive: 254 This field indicates whether the sender is (a) willing to 255 receive ORF entries from its peer (value 1), (b) would like to 256 send ORF entries to its peer (value 2), or (c) both (value 3) 257 for the ORF Type that follows. 259 6. Operation 261 A BGP speaker that is willing to receive ORF entries from its peer, 262 or would like to send ORF entries to its peer SHOULD advertise the 263 Cooperative Route Filtering Capability to the peer using BGP 264 Capabilities advertisement [BGP-CAP]. 266 A BGP speaker that implements the Cooperative Route Filtering 267 Capability must support BGP ROUTE-REFRESH message, as defined in 268 [BGP-RR]. A BGP speaker that advertises the Cooperative Route 269 Filtering Capability to a peer using BGP Capabilities advertisement 270 [BGP-CAP] doesn't have to advertise the BGP Route Refresh capability 271 to that peer. 273 Consider a BGP speaker that advertises the Cooperative Route 274 Filtering Capability indicating its willingness to receive a 275 particular set of from its peer, and that 276 receives the Cooperative Route Filtering Capability indicating the 277 desire of the peer to send a particular set to 278 the speaker. If for a given the intersection between 279 these two sets are not-empty, the speaker SHOULD NOT advertise to the 280 peer any routes with that prior to receiving from the 281 peer any ROUTE-REFRESH message carrying that , where the 282 message could be either without any ORF entries, or with one or more 283 ORF entry and When-to-refresh field set to IMMEDIATE. If, on the 284 other hand, for a given the intersection between these 285 two sets is empty, the speaker SHOULD follow normal BGP procedures. 287 A BGP speaker may send a ROUTE-REFRESH message with one or more ORF 288 entries to its peer only if the peer advertises to the speaker the 289 Cooperative Route Filtering Capability indicating its willingness to 290 receive ORF entries from the speaker, and the speaker advertises to 291 the peer the Cooperative Route Filtering Capability indicating its 292 desire to send ORF entries to the peer. The message may contain only 293 ORF entries of that the peer is willing to 294 receive, as advertised to the speaker in the Cooperative Route 295 Filtering Capability. 297 When a BGP speaker receives a ROUTE-REFRESH message with one or more 298 ORF entries from its peer, then the speaker performs the following 299 actions. If the carried by the message doesn't 300 match that the speaker is willing to receive 301 from the peer (as advertised to the peer in the Cooperative Route 302 Filtering Capability), the specified ORF is ignored. Otherwise, the 303 speaker modifies the specified ORF, as specified in the ORF entries 304 carried by the message. If any of the fields within an ORF entry 305 contain an unrecognized value, the whole specified ORF is removed. 307 If the Action component of an ORF entry is REMOVE, but the ORF 308 doesn't contain the specified entry, the entry is ignored. 310 ORF entries with either REMOVE or REMOVE-ALL can not remove locally 311 configured outbound route filters. 313 If the When-to-refresh indicates IMMEDIATE, then after processing all 314 the ORF entries carried in the message the speaker re-advertises to 315 the peer routes from the Adj-RIB-Out associated with the peer that 316 have the same AFI/SAFI as what is carried in the message, and taking 317 into account all the ORF entries for that AFI/SAFI received from the 318 peer. The speaker MUST re-advertise all the routes that have been 319 affected by the ORF entries carried in the message, but MAY also re- 320 advertise the routes that have not been affected by the ORF entries 321 carried in the message. 323 If the When-to-refresh indicates DEFER, then after processing all the 324 ORF entries carried in the message the speaker defers re- 325 advertisement to the peer routes from the Adj-RIB-Out associated with 326 the peer that have the same AFI/SAFI as what is carried in the 327 message, and taking into account all the ORF entries received from 328 the peer until the speaker receives a subsequent ROUTE-REFRESH 329 message for the same AFI/SAFI either without any ORF entries, or with 330 one or more ORF entries and When-to-refresh set to IMMEDIATE. 332 If the speaker receives from the peer a ROUTE-REFRESH message without 333 any ORF entries, then the speaker sends to the peer all routes from 334 the Adj-RIB-Out associated with the peer whose AFI/SAFI is the same 335 as what is carried in the message and taking into account the ORF 336 received from the peer. 338 The set of ORF entries that the speaker sends to the peer expresses 339 the speaker's local preference, that the peer may or may not decide 340 to honor. 342 During a single BGP session the speaker may pass multiple ORF entries 343 to the peer. 345 After a BGP speaker makes changes to the ORF entries previously sent 346 to a peer, the speaker SHOULD send to the peer the updated ORF 347 entries with either (a) When-to-refresh set to IMMEDIATE, or (b) 348 When-to-refresh set to DEFER followed by a ROUTE-REFRESH message. The 349 latter SHALL be used by the speaker when there are other policy 350 changes (in addition to the ORF entries) that require the peer to re- 351 advertise all the routes. 353 The lifetime of an ORF is the duration of the BGP session during 354 which the ORF is exchanged. 356 An ORF is removed when the last ORF entry is remove (either via 357 REMOVE-ALL, or via a sequence of REMOVE). 359 If a particular route maintained by a BGP speaker doesn't match any 360 of the ORF entries of any of the (non-empty) ORFs associated with a 361 particular peer, then this route SHOULD NOT be advertised to the 362 peer. 364 If a BGP speaker maintains multiple ORFs of different ORF-Types for a 365 particular peer, then the decision by the speaker to advertise a 366 route to the peer is determined by passing the route through each 367 such ORF, and and-ing the results (and-ing of PERMIT and DENY results 368 in DENY). 370 7. IANA Considerations 372 As specified in this document, an ORF entry contains the ORF-Type 373 field for which IANA is to create and maintain a registry entitled 374 "BGP ORF Type". 376 IANA will maintain and register values for ORF-Type field as follows: 378 - ORF-Type value 0 is reserved. 380 - ORF-Type values 1 through 63 are to be assigne dby IANA using 381 either the Standards Action process defined in RFC2434, or the 382 Early IANA Allocation process defined in RFC4020. 384 - ORF-Type values 64 through 127 are to be assigned by IANA, using 385 the "First Come First Served" policy defined in RFC2434. 387 - ORF-Type values 128 through 255 are vendor-specific, and values 388 in this range are not to be assigned by IANA. 390 8. Security Considerations 392 This extension to BGP does not change the underlying security issues. 394 9. Intellectual Property Considerations 396 This section is taken from Section 5 of RFC 3668. 398 The IETF takes no position regarding the validity or scope of any 399 Intellectual Property Rights or other rights that might be claimed to 400 pertain to the implementation or use of the technology described in 401 this document or the extent to which any license under such rights 402 might or might not be available; nor does it represent that it has 403 made any independent effort to identify any such rights. Information 404 on the procedures with respect to rights in RFC documents can be 405 found in BCP 78 and BCP 79. 407 Copies of IPR disclosures made to the IETF Secretariat and any 408 assurances of licenses to be made available, or the result of an 409 attempt made to obtain a general license or permission for the use of 410 such proprietary rights by implementers or users of this 411 specification can be obtained from the IETF on-line IPR repository at 412 http://www.ietf.org/ipr. 414 The IETF invites any interested party to bring to its attention any 415 copyrights, patents or patent applications, or other proprietary 416 rights that may cover technology that may be required to implement 417 this standard. Please address the information to the IETF at ietf- 418 ipr@ietf.org. 420 10. Copyright Notice 422 Copyright (C) The Internet Society (2006). 424 This document is subject to the rights, licenses and restrictions 425 contained in BCP 78, and except as set forth therein, the authors 426 retain all their rights. 428 This document and the information contained herein are provided on an 429 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 430 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 431 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 432 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 433 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 434 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 436 11. Acknowledgements 438 Some of the material in the document is "borrowed" from a proposal 439 for selective updates by Yakov Rekhter, Kannan Varadhan, and Curtis 440 Villamizar. 442 12. Normative References 444 [BGP-4] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 445 (BGP-4)", RFC4271, January 2006. 447 [BGP-MP] Bates, T., Chandra, R., Katz, D., and Rekhter, Y., 448 "Multiprotocol Extensions for BGP-4", RFC2858, June 2000. 450 [BGP-CAP] Chandra, R., Scudder, J., "Capabilities Advertisement with 451 BGP-4", RFC3392, November 2002. 453 [BGP-RR] Chen, E., "Route Refresh Capability for BGP-4", RFC2918, 454 September 2000. 456 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 457 Requirement Levels", BCP 14, RFC 2119, March 1997. 459 13. Author Information 461 Enke Chen 462 Cisco Systems, Inc. 463 e-mail: enkechen@cisco.com 465 Yakov Rekhter 466 Juniper Networks 467 e-mail: yakov@juniper.net