idnits 2.17.1 draft-mcpherson-rfc3065bis-00.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1771 (ref. '1') (Obsoleted by RFC 4271) -- Possible downref: Non-RFC (?) normative reference: ref. '2' ** Obsolete normative reference: RFC 1863 (ref. '3') (Obsoleted by RFC 4223) ** Obsolete normative reference: RFC 1965 (ref. '4') (Obsoleted by RFC 3065) ** Obsolete normative reference: RFC 3065 (ref. '5') (Obsoleted by RFC 5065) ** Obsolete normative reference: RFC 2796 (ref. '6') (Obsoleted by RFC 4456) ** Obsolete normative reference: RFC 2385 (ref. '7') (Obsoleted by RFC 5925) Summary: 13 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Paul Traina 2 INTERNET DRAFT Juniper Networks, Inc. 3 Danny McPherson 4 TCB 5 John G. Scudder 6 SEPTEMBER 2002 Cisco Systems, Inc. 8 Autonomous System Confederations for BGP 9 11 1. Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC 2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 2. Abstract 34 The Border Gateway Protocol (BGP) is an inter-autonomous system 35 routing protocol designed for Transmission Control Protocol/Internet 36 Protocol (TCP/IP) networks. BGP requires that all BGP speakers 37 within a single autonomous system (AS) must be fully meshed. This 38 represents a serious scaling problem that has been well documented in 39 a number of proposals. 41 This document describes an extension to BGP which may be used to 42 create a confederation of autonomous systems that is represented as a 43 single autonomous system to BGP peers external to the confederation, 44 thereby removing the "full mesh" requirement. The intention of this 45 extension is to aid in policy administration and reduce the 46 management complexity of maintaining a large autonomous system. 48 3. Specification of Requirements 50 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 51 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 52 document are to be interpreted as described in [8]. 54 4. Introduction 56 As currently defined, BGP requires that all BGP speakers within a 57 single AS must be fully meshed. The result is that for n BGP 58 speakers within an AS n*(n-1)/2 unique IBGP sessions are required. 59 This "full mesh" requirement clearly does not scale when there are a 60 large number of IBGP speakers within the autonomous system, as is 61 common in many networks today. 63 This scaling problem has been well documented and a number of 64 proposals have been made to alleviate this [3,6]. This document 65 presents another alternative alleviating the need for a "full mesh" 66 and is known as "Autonomous System Confederations for BGP", or 67 simply, "BGP Confederations". It has also been observed that BGP 68 Confederations may provide improvements in routing policy control. 70 This document is a revision of RFC 3065 [5], which is itself a 71 revision to RFC 1965 [4]. It includes editorial changes, 72 clarifications and corrections based on deployment experience with 73 BGP Confederations. These revisions are summarized in Appendices A 74 and B. 76 5. Terms and Definitions 78 AS Confederation 80 A collection of autonomous systems advertised as a single AS number 81 to BGP speakers that are not members of the confederation. 83 AS Confederation Identifier 85 An externally visible autonomous system number that identifies the 86 confederation as a whole. 88 Member-AS 90 An autonomous system that is contained in a given AS confederation. 92 Member-AS Number 93 An autonomous system number visible only within a BGP confederation. 95 6. Discussion 97 It may be useful to subdivide autonomous systems with a very large 98 number of BGP speakers into smaller domains for purposes of 99 controlling routing policy via information contained in the BGP 100 AS_PATH attribute. For example, one may choose to consider all BGP 101 speakers in a geographic region as a single entity. 103 In addition to potential improvements in routing policy control, if 104 techniques such as those presented here or in [6] are not employed, 105 [1] requires BGP speakers in the same autonomous system to establish 106 a full mesh of TCP connections among all speakers for the purpose of 107 exchanging exterior routing information. In autonomous systems the 108 number of intra-domain connections that need to be maintained by each 109 border router can become significant. 111 Subdividing a large autonomous system allows a significant reduction 112 in the total number of intra-domain BGP connections, as the 113 connectivity requirements simplify to the model used for inter-domain 114 connections. 116 Unfortunately, subdividing an autonomous system may increase the 117 complexity of routing policy based on AS_PATH information for all 118 members of the Internet. Additionally, this division increases the 119 maintenance overhead of coordinating external peering when the 120 internal topology of this collection of autonomous systems is 121 modified. 123 Therefore, division of an autonomous system into separate systems may 124 adversely affect optimal routing of packets through the Internet. 126 However, there is usually no need to expose the internal topology of 127 this divided autonomous system, which means it is possible to regard 128 a collection of autonomous systems under a common administration as a 129 single entity or autonomous system, when viewed from outside the 130 confines of the confederation of autonomous systems itself. 132 7. AS_CONFED Segment Type Extension 134 Currently, BGP specifies that the AS_PATH attribute is a well-known 135 mandatory attribute that is composed of a sequence of AS path 136 segments. Each AS path segment is represented by a triple . 139 In [1], the path segment type is a 1-octet long field with the two 140 following values defined: 142 Value Segment Type 144 1 AS_SET: unordered set of ASs a route in the 145 UPDATE message has traversed 147 2 AS_SEQUENCE: ordered set of ASs a route in 148 the UPDATE message has traversed 150 This document specifies two additional segment types: 152 3 AS_CONFED_SEQUENCE: ordered set of Member-AS Numbers 153 in the local confederation that the UPDATE message has 154 traversed 156 4 AS_CONFED_SET: unordered set of Member-AS Numbers in 157 the local confederation that the UPDATE message has 158 traversed 160 8. Operation 162 A member of a BGP confederation will use its AS Confederation 163 Identifier in all transactions with peers that are not members of its 164 confederation. This confederation identifier is the "externally 165 visible" AS number and this number is used in OPEN messages and 166 advertised in the AS_PATH attribute. 168 A member of a BGP confederation will use its Member-AS Number in all 169 transactions with peers that are members of the same confederation as 170 the given BGP speaker. 172 A BGP speaker receiving an AS_PATH attribute containing an autonomous 173 system matching its own AS Confederation Identifier shall treat the 174 path in the same fashion as if it had received a path containing its 175 own AS number. 177 A BGP speaker receiving an AS_PATH attribute containing an 178 AS_CONFED_SEQUENCE or AS_CONFED_SET which contains its own Member-AS 179 Number shall treat the path in the same fashion as if it had received 180 a path containing its own AS number. 182 8.1. AS_PATH Modification Rules 184 When implementing BGP Confederations Section 5.1.2 of [1] is replaced 185 with the following text: 187 When a BGP speaker propagates a route which it has learned from 188 another BGP speaker's UPDATE message, it shall modify the route's 189 AS_PATH attribute based on the location of the BGP speaker to which 190 the route will be sent: 192 a) When a given BGP speaker advertises the route to another BGP 193 speaker located in its own autonomous system, the advertising 194 speaker shall not modify the AS_PATH attribute associated with the 195 route. 197 b) When a given BGP speaker advertises the route to a BGP speaker 198 located in a neighboring autonomous system that is a member of the 199 configured autonomous system confederation, the advertising 200 speaker shall update the AS_PATH attribute as follows: 202 1) if the first path segment of the AS_PATH is of type 203 AS_CONFED_SEQUENCE, the local system shall prepend its own 204 Member-AS Number as the last element of the sequence (put 205 it in the leftmost position). 207 2) if the first path segment of the AS_PATH is not of type 208 AS_CONFED_SEQUENCE the local system shall prepend a new path 209 segment of type AS_CONFED_SEQUENCE to the AS_PATH, including 210 its own Member-AS Number in that segment. 212 c) When a given BGP speaker advertises the route to a BGP speaker 213 located in a neighboring autonomous system that is not a member of 214 the configured autonomous system confederation, the advertising 215 speaker shall update the AS_PATH attribute as follows: 217 1) if any path segments of the AS_PATH are of the type 218 AS_CONFED_SEQUENCE or AS_CONFED_SET, those segments shall 219 be removed from the AS_PATH attribute, leaving the sanitized 220 AS_PATH attribute to be operated on by steps 2 or 3. 222 2) if the first path segment of the remaining AS_PATH is of type 223 AS_SEQUENCE, the local system shall prepend its own 224 AS Confederation Identifier as the last element of the sequence 225 (put it in the leftmost position). 227 3) if there are no path segments following the removal of the 228 first AS_CONFED_SET/AS_CONFED_SEQUENCE segments, or if the 229 path segment of the remaining AS_PATH is not of type 230 AS_SEQUENCE the local system shall prepend a new path segment 231 of type AS_SEQUENCE to the AS_PATH, including its own AS 232 Confederation Identifier in that segment. 234 When a BGP speaker originates a route: 236 a) the originating speaker shall include an empty AS_PATH attribute 237 in all UPDATE messages sent to BGP speakers residing within the 238 same autonomous system. (An empty AS_PATH attribute is one whose 239 length field contains the value zero). 241 b) the originating speaker shall include its own Member-AS Number in 242 an AS_CONFED_SEQUENCE segment of the AS_PATH attribute of all 243 UPDATE messages sent to BGP speakers located in neighboring 244 Member-ASs that are members of the local confederation (i.e., the 245 originating speaker's Member-AS Number will be the only entry in 246 the AS_PATH attribute). 248 c) the originating speaker shall include its own AS Confederation 249 Identifier in an AS_SEQUENCE segment of the AS_PATH attribute of 250 all UPDATE messages sent to BGP speakers located in neighboring 251 autonomous systems that are not members of the local 252 confederation. (In this case, the originating speaker's AS 253 Confederation Identifier will be the only entry in the AS_PATH 254 attribute). 256 9. Error Handling 258 It is an error for a BGP speaker to receive an update message with an 259 AS_PATH attribute which contains AS_CONFED_SEQUENCE or AS_CONFED_SET 260 segments from a neighbor which is not located in the same 261 confederation. If a BGP speaker receives such an update message, it 262 SHALL treat the message as having a malformed AS_PATH according to 263 the procedures of [1] Section 6.3 ("UPDATE message error handling"). 265 10. Common Administration Issues 267 It is reasonable for Member-ASs of a confederation to share a common 268 administration and IGP information for the entire confederation. 270 It shall be legal for a BGP speaker to advertise an unchanged 271 NEXT_HOP and MULTI_EXIT_DISCRIMINATOR (MED) attribute to peers in a 272 neighboring AS within the same confederation. 274 In addition, the restriction against sending the LOCAL_PREFERENCE 275 attribute to peers in a neighboring AS within the same confederation 276 is removed. 278 Path selection criteria for information received from members inside 279 a confederation MUST follow the same rules used for information 280 received from members inside the same autonomous system, as specified 281 in [1]. 283 11. Compatability Considerations 285 All BGP speakers participating as member of a confederation MUST 286 recognize the AS_CONFED_SET and AS_CONFED_SEQUENCE segment type 287 extensions to the AS_PATH attribute. 289 Any BGP speaker not supporting these extensions will generate a 290 NOTIFICATION message specifying an "UPDATE Message Error" and a sub- 291 code of "Malformed AS_PATH". 293 This compatibility issue implies that all BGP speakers participating 294 in a confederation MUST support BGP confederations. However, BGP 295 speakers outside the confederation need not support these extensions. 297 12. Deployment Considerations 299 BGP confederations have been widely deployed throughout the Internet 300 for a number of years and are supported by multiple vendors. 302 Improper configuration of BGP confederations can cause routing 303 information within an AS to be duplicated unnecessarily. This 304 duplication of information will waste system resources, cause 305 unnecessary route flaps, and delay convergence. 307 Care should be taken to manually filter duplicate advertisements 308 caused by reachability information being relayed through multiple 309 Member-ASs based upon the topology and redundancy requirements of the 310 confederation. 312 Additionally, confederations (as well as route reflectors), by 313 excluding different reachability information from consideration at 314 different locations in a confederation, have been shown to cause 315 permanent oscillation between candidate routes when using the tie 316 breaking rules required by BGP [1]. Care must be taken when 317 selecting MED values and tie breaking policy to avoid these 318 situations. 320 One potential way to avoid this is by configuring inter-Member-AS IGP 321 metrics higher than intra-Member-AS IGP metrics and/or using other 322 tie breaking policies to avoid BGP route selection based on 323 incomparable MEDs. 325 13. Security Considerations 327 This extension to BGP does not change the underlying security issues 328 inherent in the existing BGP, such as those defined in [7]. 330 14. Acknowledgments 332 The general concept of BGP confederations was taken from IDRP's 333 Routing Domain Confederations [2]. Some of the introductory text in 334 this document was taken from [6]. 336 The authors would like to acknowledge Bruce Cole for his 337 implementation feedback and extensive analysis of the limitations of 338 the protocol extensions described in this document and [5]. We would 339 also like to acknowledge Srihari Ramachandra, Alex Zinin, Naresh 340 Kumar Paliwal, Jeffrey Haas and Bruno Rijsman for their feedback and 341 suggestions. 343 Finally, we'd like to acknowledge Ravi Chandra and Yakov Rekhter for 344 providing constructive and valuable feedback on earlier versions of 345 this specification. 347 15. References 349 [1] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 350 1771, March 1995. 352 [2] Kunzinger, C., Editor, "Inter-Domain Routing Protocol", ISO/IEC 353 10747, October 1993. 355 [3] Haskin, D., "A BGP/IDRP Route Server alternative to a full mesh 356 routing", RFC 1863, October 1995. 358 [4] Traina, P. "Autonomous System Confederations for BGP", RFC 1965, 359 June 1996. 361 [5] Traina, P., McPherson, D. and Scudder, J., "Autonomous System 362 Confederations for BGP", RFC 3065, February 2001. 364 [6] Bates, T., Chandra, R. and E. Chen, "BGP Route Reflection An 365 Alternative to Full Mesh IBGP", RFC 2796, April 2000. 367 [7] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 368 Signature Option", RFC 2385, August 1998. 370 [8] Bradner, S., "Key words for use in RFCs to Indicate Requirement 371 Levels", RFC 2119, March 1997. 373 16. Authors' Addresses 375 Paul Traina 376 Juniper Networks, Inc. 377 1194 N. Mathilda Ave. 378 Sunnyvale, CA 94089 USA 380 Phone: +1 408 745-2000 381 EMail: pst+confed@juniper.net 383 Danny McPherson 384 TCB 386 EMail: danny@tcb.net 388 John G. Scudder 389 Cisco Systems, Inc. 390 170 West Tasman Drive 391 San Jose, CA 95134 393 Phone: +1 734.302.4128 394 EMail: jgs@cisco.com 396 17. Appendix A: Comparison with RFC 1965 398 The most notable change from [4] is that of reversing the values 399 AS_CONFED_SEQUENCE(4) and AS_CONFED_SET(3) to those defined in 400 section "AS_CONFED Segment Type Extension". The reasoning for this 401 is that in the initial implementation, which was already widely 402 deployed, they were implemented backwards from [4], and as such, 403 subsequent implementations implemented them backwards as well. In 404 order to foster interoperability and compliance with deployed 405 implementations, they've therefore been changed here as well. 407 The "Compatibility Discussion" was removed and incorporated into 408 other discussions in the document. The use of the term "Routing 409 Domain Identifier" was replaced with Member-AS Number. 411 The mention of hierarchical confederations was removed due to the 412 fact that it is not actually possible to deploy confederations 413 hierarchically. That is, a Member-AS of confederation A can only be 414 a simple autonomous system, it cannot itself be a confederation B 415 (whose internal topology is hidden from confederation A). 417 Finally, the "Deployment Considerations" section was expanded a few 418 subtle grammar changes were made and a bit more introductory text was 419 added. 421 18. Appendix B: Comparison with RFC 3065 423 Added discussion regarding inability to nest confederations. 425 Added text regarding not propagating confederation attributes beyond 426 confederation boundaries. 428 Finally, made use of "Member-AS" and "AS Confederation Identifier" 429 terminology more consistent.