Cross posting this message on IDR and SIDR lists. This submission ( https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02 ) is an updated version and it reflects the following changes:
1. It is now synced up with the revised set of route-leak types in the latest definition draft [draft-ietf-grow-route-leak-problem-definition-04]. See: https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-04 2. Thought it would be useful to comment on combining the results of route-leak detection, origin validation, and BGPsec (path) validation (when BGPsec is used in the future) for path selection decision. Hence, added the new subsection 5.2 under “Design Rationale and Discussion” section. 3. Made editorial changes throughout to improve clarity/presentation. 4. Section 5 continues to capture key comments, questions and discussion. Further comments/suggestions/critique welcome. Sriram ________________________________________ From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Monday, March 14, 2016 11:28 PM To: Brian Dickson; Montgomery, Douglas (Fed); Keyur Patel; Andrei Robachevsky; Sriram, Kotikalapudi (Fed) Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-02.txt A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-02.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-ietf-idr-route-leak-detection-mitigation Revision: 02 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2016-03-14 Group: idr Pages: 19 URL: https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-02.txt Status: https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/ Htmlized: https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-02 Abstract: In [I-D.ietf-grow-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811]. It is recognized that OV offers a limited detection and mitigation capability against route leaks. This document proposes an enhancement that significantly extends the route-leak detection and mitigation capabilities of BGP. The solution involves carrying a per-hop route-leak protection (RLP) field in BGP updates. The RLP field is proposed be carried in an optional transitive path attribute. The solution is meant to be initially implemented as an enhancement of BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol]. However, when BGPsec is deployed in the future, the solution can be incorporated in BGPsec, enabling cryptographic protection for the RLP field. That would be one way of implementing the proposed solution in a secure way. It is not claimed that the solution detects all possible types of route leaks but it detects several types, especially considering some significant route-leak occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for an intermediate phase when OV is deployed but BGP protocol on the wire is unchanged. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr