draft-ietf-idr-bgp4-experience-protocol-01.txt   draft-ietf-idr-bgp4-experience-protocol-02.txt 
INTERNET-DRAFT Danny McPherson INTERNET-DRAFT Danny McPherson
draft-ietf-idr-bgp4-experience-protocol-01.txtArbor Networks Arbor Networks
Keyur Patel Keyur Patel
Cisco Systems Cisco Systems
Category Informational Category Informational
Expires: February 2004 August 2003 Expires: March 2004 September 2003
Experience with the BGP-4 Protocol Experience with the BGP-4 Protocol
<draft-ietf-idr-bgp4-experience-protocol-01.txt> <draft-ietf-idr-bgp4-experience-protocol-02.txt>
Status of this Document Status of this Document
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 3, line 13 skipping to change at page 3, line 13
Standard. Standard.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. BGP-4 Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 2. BGP-4 Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. A Border Gateway Protocol . . . . . . . . . . . . . . . . . 4 2.1. A Border Gateway Protocol . . . . . . . . . . . . . . . . . 4
3. Management Information Base (MIB). . . . . . . . . . . . . . . 5 3. Management Information Base (MIB). . . . . . . . . . . . . . . 5
4. Implementations. . . . . . . . . . . . . . . . . . . . . . . . 5 4. Implementations. . . . . . . . . . . . . . . . . . . . . . . . 5
5. Operational Experience . . . . . . . . . . . . . . . . . . . . 5 5. Operational Experience . . . . . . . . . . . . . . . . . . . . 5
6. Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. TCP Awareness. . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1. MULTI_EXIT_DISC (MED) . . . . . . . . . . . . . . . . . . . 7 7. Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1.1. Sending MEDs to BGP Peers. . . . . . . . . . . . . . . . 7 7.1. MULTI_EXIT_DISC (MED) . . . . . . . . . . . . . . . . . . . 7
6.1.2. MED of Zero Versus No MED. . . . . . . . . . . . . . . . 8 7.1.1. Sending MEDs to BGP Peers. . . . . . . . . . . . . . . . 8
6.1.3. MEDs and Temporal Route Selection. . . . . . . . . . . . 8 7.1.2. MED of Zero Versus No MED. . . . . . . . . . . . . . . . 8
7. LOCAL_PREF . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7.1.3. MEDs and Temporal Route Selection. . . . . . . . . . . . 8
8. Internal BGP In Large Autonomous Systems . . . . . . . . . . . 9 8. LOCAL_PREF . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9. Internet Dynamics. . . . . . . . . . . . . . . . . . . . . . . 10 9. Internal BGP In Large Autonomous Systems . . . . . . . . . . . 10
10. BGP Routing Information Bases (RIBs). . . . . . . . . . . . . 11 10. Internet Dynamics . . . . . . . . . . . . . . . . . . . . . . 10
11. Update Packing. . . . . . . . . . . . . . . . . . . . . . . . 11 11. BGP Routing Information Bases (RIBs). . . . . . . . . . . . . 11
12. Limit Rate Updates. . . . . . . . . . . . . . . . . . . . . . 12 12. Update Packing. . . . . . . . . . . . . . . . . . . . . . . . 11
13. Ordering of Path Attributes . . . . . . . . . . . . . . . . . 12 13. Limit Rate Updates. . . . . . . . . . . . . . . . . . . . . . 12
14. AS_SET Sorting. . . . . . . . . . . . . . . . . . . . . . . . 12 14. Ordering of Path Attributes . . . . . . . . . . . . . . . . . 13
15. Control over Version Negotiation. . . . . . . . . . . . . . . 13 15. AS_SET Sorting. . . . . . . . . . . . . . . . . . . . . . . . 13
16. Security Considerations . . . . . . . . . . . . . . . . . . . 13 16. Control over Version Negotiation. . . . . . . . . . . . . . . 13
16.1. TCP MD5 Signature Option . . . . . . . . . . . . . . . . . 13 17. Security Considerations . . . . . . . . . . . . . . . . . . . 13
16.2. BGP Over IPSEC . . . . . . . . . . . . . . . . . . . . . . 13 17.1. TCP MD5 Signature Option . . . . . . . . . . . . . . . . . 14
16.3. Miscellaneous. . . . . . . . . . . . . . . . . . . . . . . 14 17.2. BGP Over IPSEC . . . . . . . . . . . . . . . . . . . . . . 14
16.4. PTOMAINE and GROW. . . . . . . . . . . . . . . . . . . . . 14 17.3. Miscellaneous. . . . . . . . . . . . . . . . . . . . . . . 14
16.5. Internet Routing Registries (IRRs) . . . . . . . . . . . . 15 17.4. PTOMAINE and GROW. . . . . . . . . . . . . . . . . . . . . 15
16.6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 15 17.5. Internet Routing Registries (IRRs) . . . . . . . . . . . . 15
17. References. . . . . . . . . . . . . . . . . . . . . . . . . . 16 17.6. Regional Internet Registries (RIRs) and IRRs,
18. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 17 A Bit of History . . . . . . . . . . . . . . . . . . . . . . . . 16
19. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 17 17.7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 17
18. References. . . . . . . . . . . . . . . . . . . . . . . . . . 18
19. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 19
20. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
The purpose of this memo is to document how the requirements for The purpose of this memo is to document how the requirements for
advancing a routing protocol from Draft Standard to full Standard advancing a routing protocol from Draft Standard to full Standard
have been satisfied by Border Gateway Protocol version 4 (BGP-4). have been satisfied by Border Gateway Protocol version 4 (BGP-4).
This report satisfies the requirement for "the second report", as This report satisfies the requirement for "the second report", as
described in Section 6.0 of RFC 1264. In order to fulfill the described in Section 6.0 of RFC 1264. In order to fulfill the
requirement, this report augments RFC 1773 and describes additional requirement, this report augments RFC 1773 and describes additional
skipping to change at page 4, line 39 skipping to change at page 4, line 39
The initial version of the BGP protocol was published in RFC 1105. The initial version of the BGP protocol was published in RFC 1105.
Since then BGP Versions 2, 3, and 4 have been developed and are Since then BGP Versions 2, 3, and 4 have been developed and are
specified in [RFC 1163], [RFC 1267], and [RFC 1771], respectively. specified in [RFC 1163], [RFC 1267], and [RFC 1771], respectively.
Changes since BGP-4 went to Draft Standard [RFC 1771] are listed in Changes since BGP-4 went to Draft Standard [RFC 1771] are listed in
Appendix N of [BGP4]. Appendix N of [BGP4].
2.1. A Border Gateway Protocol 2.1. A Border Gateway Protocol
The Initial Version of BGP [RFC 1105]. BGP version 2 is defined in The Initial Version of BGP [RFC 1105]. BGP version 2 is defined in
[RFC 1163]. BGP version 3 is defined in [RFC 1267]. BGP version 4 [RFC 1163]. BGP version 3 is defined in [RFC 1267]. BGP version 4
is defined in [RFC 1771] and [BGP4]. Appendices A, B, C and D of is defined in [RFC 1771] and [BGP4]. Appendices A, B, C, and D of
[BGP4] provide summaries of the changes between each iteriation of [BGP4] provide summaries of the changes between each iteration of the
the BGP specification. BGP specification.
3. Management Information Base (MIB) 3. Management Information Base (MIB)
The BGP-4 Management Information Base (MIB) has been published [BGP- The BGP-4 Management Information Base (MIB) has been published [BGP-
MIB]. The MIB was updated from previous versions documented in [RFC MIB]. The MIB was updated from previous versions documented in [RFC
1657] and [RFC 1269], respectively. 1657] and [RFC 1269], respectively.
Apart from a few system variables, the BGP MIB is broken into two Apart from a few system variables, the BGP MIB is broken into two
tables: the BGP Peer Table and the BGP Received Path Attribute Table. tables: the BGP Peer Table and the BGP Received Path Attribute Table.
skipping to change at page 5, line 44 skipping to change at page 5, line 44
5. Operational Experience 5. Operational Experience
This section discusses operational experience with BGP and BGP-4. This section discusses operational experience with BGP and BGP-4.
BGP has been used in the production environment since 1989, BGP-4 BGP has been used in the production environment since 1989, BGP-4
since 1993. Production use of BGP includes utilization of all since 1993. Production use of BGP includes utilization of all
significant features of the protocol. The present production significant features of the protocol. The present production
environment, where BGP is used as the inter-autonomous system routing environment, where BGP is used as the inter-autonomous system routing
protocol, is highly heterogeneous. In terms of the link bandwidth it protocol, is highly heterogeneous. In terms of the link bandwidth it
varies from 56 Kbps to 10 Gbps. In terms of the actual routers that varies from 56 Kbps to 10 Gbps. In terms of the actual routers that
run BGP it ranges from a relatively slow performance Pentium to a run BGP, it ranges from a relatively slow performance general purpose
very high performance RISC-based CPUs, and includes both the special CPUs to very high performance RISC network processors, and includes
purpose routers and the general purpose workstations running various both special purpose routers and the general purpose workstations
UNIX derivatives and other operating systems. running various UNIX derivatives and other operating systems.
In terms of the actual topologies it varies from very sparse to quite In terms of the actual topologies it varies from very sparse to quite
dense. The requirement for full-mesh IBGP topologies has been dense. The requirement for full-mesh IBGP topologies has been
largely remedied by BGP Route Reflection, Autonomous System largely remedied by BGP Route Reflection, Autonomous System
Confederations for BGP, and perhaps some mix of the two. BGP Route Confederations for BGP, and perhaps some mix of the two. BGP Route
Reflection was initially defined in [RFC 1966] and subsequently Reflection was initially defined in [RFC 1966] and subsequently
updated in [RFC 2796]. Autonomous System Confederations for BGP were updated in [RFC 2796]. Autonomous System Confederations for BGP were
initially defined in [RFC 1965] and subsequently updated in [RFC initially defined in [RFC 1965] and subsequently updated in [RFC
3065]. 3065].
skipping to change at page 6, line 34 skipping to change at page 6, line 34
protocol distinction between sites historically considered protocol distinction between sites historically considered
"backbones" versus "regional" or "edge" networks. "backbones" versus "regional" or "edge" networks.
The full set of exterior routes that is carried by BGP is well over The full set of exterior routes that is carried by BGP is well over
120,000 aggregate entries, representing several times that number of 120,000 aggregate entries, representing several times that number of
connected networks. The number of active paths in some service connected networks. The number of active paths in some service
provider core routers exceeds 2.5 million. Native AS_PATH lengths provider core routers exceeds 2.5 million. Native AS_PATH lengths
are as long as 10 for some routes, and "padded" path lengths of 25 or are as long as 10 for some routes, and "padded" path lengths of 25 or
more ASs exist. more ASs exist.
6. Metrics 6. TCP Awareness
BGP employs TCP [RFC 793] as it's Transport Layer protocol. As such,
all characteristics inherent to TCP are inherited by BGP.
For example, due to TCP's behavior, bandwidth capabilities may not be
realized due to TCP's slow start algorithms, and slow-start restarts
of connections, etc..
7. Metrics
This section discusses different metrics used within the BGP This section discusses different metrics used within the BGP
protocol. BGP has a seperate metric parameter for IBGP and EBGP. This protocol. BGP has a separate metric parameter for IBGP and EBGP. This
allows policy based metrics to overwrite the distance based metrics; allows policy based metrics to overwrite the distance based metrics;
allowing each autonomous systems to define their independent policies allowing each autonomous systems to define their independent policies
in Intra-AS as well as Inter-AS. BGP Multi Exit Discriminator (MED) in Intra-AS as well as Inter-AS. BGP Multi Exit Discriminator (MED)
is used as a metric by EBGP peers while BGP Local Preference is used is used as a metric by EBGP peers while BGP Local Preference is used
by IBGP peers. by IBGP peers.
6.1. MULTI_EXIT_DISC (MED) 7.1. MULTI_EXIT_DISC (MED)
BGP version 4 re-defined the old INTER-AS metric as a MULTI_EXIT_ BGP version 4 re-defined the old INTER-AS metric as a MULTI_EXIT_
DISC (MED). This value may be used in the tie-breaking process when DISC (MED). This value may be used in the tie-breaking process when
selecting a preferred path to a given address space, and provides BGP selecting a preferred path to a given address space, and provides BGP
speakers with the capability to convey to a peer AS the optimal entry speakers with the capability to convey to a peer AS the optimal entry
point into the local AS. point into the local AS.
Although the MED was meant to only be used when comparing paths Although the MED was meant to only be used when comparing paths
received from different external peers in the same AS, many received from different external peers in the same AS, many
implementations provide the capability to compare MEDs between implementations provide the capability to compare MEDs between
different ASs as well. different ASs as well.
Though this may seem a fine idea for some configurations, care must Though this may seem a fine idea for some configurations, care must
be taken when comparing MEDs between different autonomous systems. be taken when comparing MEDs between different autonomous systems.
BGP speakers often derive MED values by obtaining the IGP metric BGP speakers often derive MED values by obtaining the IGP metric
associated with reaching a given BGP NEXT_HOP within the local AS. associated with reaching a given BGP NEXT_HOP within the local AS.
This allows MEDs to reasonably reflect IGP topologies when This allows MEDs to reasonably reflect IGP topologies when
advertising routes to peers. While this is fine when comparing MEDs advertising routes to peers. While this is fine when comparing MEDs
between multiple paths learned from a single AS, it can result in between multiple paths learned from a single AS, it can result in
potentially bad decisions when comparing MEDs between difference potentially bad decisions when comparing MEDs between differt
automomous systems. This is most typically the case when the automomous systems. This is most typically the case when the
autonomous systems use different mechanisms to derive IGP metrics, autonomous systems use different mechanisms to derive IGP metrics,
BGP MEDs, or perhaps even use different IGP procotols with vastly BGP MEDs, or perhaps even use different IGP procotols with vastly
contrasting metric spaces. contrasting metric spaces.
Another MED deployment consideration involves the impact of Another MED deployment consideration involves the impact of
aggregation of BGP routing information on MEDs. Aggregates are often aggregation of BGP routing information on MEDs. Aggregates are often
generated from multiple locations in an AS in order to accommodate generated from multiple locations in an AS in order to accommodate
stability, redundancy and other network design goals. When MEDs are stability, redundancy and other network design goals. When MEDs are
derived from IGP metrics associated with said aggregates the MED derived from IGP metrics associated with said aggregates the MED
value advertised to peers can result in very suboptimal routing. value advertised to peers can result in very suboptimal routing.
The MED was purposely designed to be a "weak" metric that would only The MED was purposely designed to be a "weak" metric that would only
be used late in the best-path decision process. The BGP working be used late in the best-path decision process. The BGP working
group was concerned that any metric specified by a remote operator group was concerned that any metric specified by a remote operator
would only affect routing in a local AS if no other preference was would only affect routing in a local AS if no other preference was
specified. A paramount goal of the design of the MED was to ensure specified. A paramount goal of the design of the MED was to ensure
that peers could not "shed" or "absorb" traffic for networks that that peers could not "shed" or "absorb" traffic for networks that
they advertise. they advertise.
6.1.1. Sending MEDs to BGP Peers 7.1.1. Sending MEDs to BGP Peers
[BGP4] allows MEDs received from any EBGP peers by a BGP speaker to [BGP4] allows MEDs received from any EBGP peers by a BGP speaker to
be passed to its IBGP peers. Although advertising MEDs to IBGP peers be passed to its IBGP peers. Although advertising MEDs to IBGP peers
is not a required behavior, it is a common default. MEDs received is not a required behavior, it is a common default. MEDs received
from EBGP peers by a BGP speaker MUST NOT be sent to other EBGP from EBGP peers by a BGP speaker MUST NOT be sent to other EBGP
peers. peers.
Note that many implementations provide a mechanism to derive MED Note that many implementations provide a mechanism to derive MED
values from IGP metrics in order to allow BGP MED information to values from IGP metrics in order to allow BGP MED information to
reflect the IGP topologies and metrics of the network when reflect the IGP topologies and metrics of the network when
propagating information to adjacent autonomous systems. propagating information to adjacent autonomous systems.
6.1.2. MED of Zero Versus No MED 7.1.2. MED of Zero Versus No MED
An implementation MUST provide a mechanism that allows for MED to be An implementation MUST provide a mechanism that allows for MED to be
removed. Previously, implementations did not consider a missing MED removed. Previously, implementations did not consider a missing MED
value to be the same as a MED of zero. No MED value should now be value to be the same as a MED of zero. No MED value should now be
equal to a value of zero. equal to a value of zero.
Note that many implementations provide an mechanism to explicitly Note that many implementations provide an mechanism to explicitly
define a missing MED value as "worst" or less preferable than zero or define a missing MED value as "worst" or less preferable than zero or
larger values. larger values.
6.1.3. MEDs and Temporal Route Selection 7.1.3. MEDs and Temporal Route Selection
Some implementations have hooks to apply temporal behavior in MED- Some implementations have hooks to apply temporal behavior in MED-
based best path selection. That is, all other things being equal up based best path selection. That is, all other things being equal up
to MED consideration, preference would be applied to the "oldest" to MED consideration, preference would be applied to the "oldest"
path, without preferring the lower MED value. The reasoning for this path, without preferring the lower MED value. The reasoning for this
is that "older" paths are presumably more stable, and thus more is that "older" paths are presumably more stable, and thus more
preferable. However, temporal behavior in route slection results in preferable. However, temporal behavior in route selection results in
non-deterministic behavior, and as such, is often undesirable. non-deterministic behavior, and as such, is often undesirable.
7. LOCAL_PREF 8. LOCAL_PREF
The LOCAL_PREF attribute was added so a network operator could easily The LOCAL_PREF attribute was added so a network operator could easily
configure a policy that overrode the standard best path determination configure a policy that overrode the standard best path determination
mechanism without independently configuring local preference policy mechanism without independently configuring local preference policy
on each router. on each router.
One shortcoming in the BGP-4 specification was a suggestion for a One shortcoming in the BGP-4 specification was a suggestion for a
default value of LOCAL-PREF to be assumed if none was provided. default value of LOCAL-PREF to be assumed if none was provided.
Defaults of 0 or the maximum value each have range limitations, so a Defaults of 0 or the maximum value each have range limitations, so a
common default would aid in the interoperation of multi-vendor common default would aid in the interoperation of multi-vendor
skipping to change at page 9, line 39 skipping to change at page 10, line 5
possibility of carrying an optional vector corresponding to the AS- possibility of carrying an optional vector corresponding to the AS-
PATH where each transit AS may indicate a preference value for a PATH where each transit AS may indicate a preference value for a
given route. Cooperating ASs may then chose traffic based upon given route. Cooperating ASs may then chose traffic based upon
comparison of "interesting" portions of this vector according to comparison of "interesting" portions of this vector according to
routing policy. routing policy.
While protecting a given ASs routing policy is of paramount concern, While protecting a given ASs routing policy is of paramount concern,
avoiding extensive hand configuration of routing policies needs to be avoiding extensive hand configuration of routing policies needs to be
examined more carefully in future BGP-like protocols. examined more carefully in future BGP-like protocols.
8. Internal BGP In Large Autonomous Systems 9. Internal BGP In Large Autonomous Systems
While not strictly a protocol issue, one other concern has been While not strictly a protocol issue, one other concern has been
raised by network operators who need to maintain autonomous systems raised by network operators who need to maintain autonomous systems
with a large number of peers. Each speaker peering with an external with a large number of peers. Each speaker peering with an external
router is responsible for propagating reachability and path router is responsible for propagating reachability and path
information to all other transit and border routers within that AS. information to all other transit and border routers within that AS.
This is typically done by establishing internal BGP connections to This is typically done by establishing internal BGP connections to
all transit and border routers in the local AS. all transit and border routers in the local AS.
Note that the number of BGP peers that can be fully meshed depends on
a number of factors, to include number of prefixes in the routing
system, stability of the system, and perhaps most importantly,
implementation ifficiency. As a result, although it's difficult to
define "a large number of peers", there is always some practical
limit.
In a large AS, this leads to a full mesh of TCP connections (n * In a large AS, this leads to a full mesh of TCP connections (n *
(n-1)) and some method of configuring and maintaining those (n-1)) and some method of configuring and maintaining those
connections. BGP does not specify how this information is to be connections. BGP does not specify how this information is to be
propagated, so alternatives, such as injecting BGP routing propagated, so alternatives, such as injecting BGP routing
information into the local IGP have been attempted, though it turned information into the local IGP have been attempted, though it turned
out to be a non-practical alternative (to say the least). out to be a non-practical alternative (to say the least).
Several alternatives to a full mesh IBGP have been defined, to Several alternatives to a full mesh IBGP have been defined, to
include BGP Route Reflection [RFC 2796] and AS Confederations for BGP include BGP Route Reflection [RFC 2796] and AS Confederations for BGP
[RFC 2065], in order to alleviate the the need for "full mesh" IBGP. [RFC 3065], in order to alleviate the the need for "full mesh" IBGP.
9. Internet Dynamics 10. Internet Dynamics
As discussed in [BGP4-ANALYSIS], the driving force in CPU and As discussed in [BGP4-ANALYSIS], the driving force in CPU and
bandwidth utilization is the dynamic nature of routing in the bandwidth utilization is the dynamic nature of routing in the
Internet. As the net has grown, the number of route changes per Internet. As the net has grown, the number of route changes per
second has increased. second has increased.
We automatically get some level of damping when more specific NLRI is We automatically get some level of damping when more specific NLRI is
aggregated into larger blocks, however, this isn't sufficient. In aggregated into larger blocks, however, this isn't sufficient. In
Appendix F of [BGP4] are descriptions of damping techniques that Appendix F of [BGP4] are descriptions of damping techniques that
should be applied to advertisements. In future specifications of should be applied to advertisements. In future specifications of
skipping to change at page 11, line 5 skipping to change at page 11, line 20
changes to be announced are inefficiently packed. As previously changes to be announced are inefficiently packed. As previously
discussed, announcing routing changes sharing common attributes in a discussed, announcing routing changes sharing common attributes in a
single BGP UPDATE message helps save considerable bandwidth and lower single BGP UPDATE message helps save considerable bandwidth and lower
processing overhead. processing overhead.
Persistent BGP errors may cause BGP peers to flap persistently if Persistent BGP errors may cause BGP peers to flap persistently if
peer dampening is not implemented. This would result in significant peer dampening is not implemented. This would result in significant
CPU utilization. Implementors may find it useful to implement peer CPU utilization. Implementors may find it useful to implement peer
dampening to avoid such persistent peer flapping [BGP4]. dampening to avoid such persistent peer flapping [BGP4].
10. BGP Routing Information Bases (RIBs) 11. BGP Routing Information Bases (RIBs)
[BGP4] states "Any local policy which results in routes being added [BGP4] states "Any local policy which results in routes being added
to an Adj-RIB-Out without also being added to the local BGP speaker's to an Adj-RIB-Out without also being added to the local BGP speaker's
forwarding table, is outside the scope of this document". forwarding table, is outside the scope of this document".
However, several well-known implementations do not confirm that Loc- However, several well-known implementations do not confirm that Loc-
RIB entries were used to populate the forwarding table before RIB entries were used to populate the forwarding table before
installing them in the Adj-RIB-Out. The most common occurrence of installing them in the Adj-RIB-Out. The most common occurrence of
this is when routes for a given prefix are presented by more than one this is when routes for a given prefix are presented by more than one
protocol and the preferences for the BGP learned route is lower than protocol and the preferences for the BGP learned route is lower than
that of another protocol. As such, the route learned via the other that of another protocol. As such, the route learned via the other
protocol is used to populate the forwarding table. protocol is used to populate the forwarding table.
It may be desirable for an implementation to provide a knob that It may be desirable for an implementation to provide a knob that
permits advertisement of "inactive" BGP routes. permits advertisement of "inactive" BGP routes.
It may be also desirable for an implementation to provide a knob that It may be also desirable for an implementation to provide a knob that
allows a BGP speaker to advertise BGP routes that were not selected allows a BGP speaker to advertise BGP routes that were not selected
by descision process. by decision process.
11. Update Packing 12. Update Packing
Multiple unfeasible routes can be advertised in a single BGP Update Multiple unfeasible routes can be advertised in a single BGP Update
message. In addition, one or more feasible routes can be advertised message. In addition, one or more feasible routes can be advertised
in a single Update message so long as all prefixes share a common in a single Update message so long as all prefixes share a common
attribute set. attribute set.
The BGP4 protocol permits advertisement of multiple prefixes with a The BGP4 protocol permits advertisement of multiple prefixes with a
common set of path attributes to be advertised in a single update common set of path attributes to be advertised in a single update
message, this is commonly referred to as "update packing". When message, this is commonly referred to as "update packing". When
possible, update packing is recommended as it provides a mechanism possible, update packing is recommended as it provides a mechanism
skipping to change at page 12, line 11 skipping to change at page 12, line 29
sets in your AS_PATH database (if you have one) less sets in your AS_PATH database (if you have one) less
frequently. Consistent ordering of the path attributes frequently. Consistent ordering of the path attributes
allows for ease of matching in the database as you don't have allows for ease of matching in the database as you don't have
different representations of the same data. different representations of the same data.
The BGP protocol suggests that withdrawal information should be The BGP protocol suggests that withdrawal information should be
packed in the begining of Update message, followed by information packed in the begining of Update message, followed by information
about more or less specific reachable routes in a single UPDATE about more or less specific reachable routes in a single UPDATE
message. This helps alleviate excessive route flapping in BGP. message. This helps alleviate excessive route flapping in BGP.
12. Limit Rate Updates 13. Limit Rate Updates
The BGP protocol defines different mechanisms to rate limit the The BGP protocol defines different mechanisms to rate limit Update
Updates. The BGP protocol defines MinRouteAdvertisementInterval advertisement. The BGP protocol defines MinRouteAdvertisementInterval
parameter that determines the minimum time that must be elsape parameter that determines the minimum time that must be elapse
between the advertisement of routes to a particular destination from between the advertisement of routes to a particular destination from
a single BGP speaker. This value is set on a per BGP peer basis. a single BGP speaker. This value is set on a per BGP peer basis.
13. Ordering of Path Attributes Due to the fact that BGP relies on TCP as the Transport protocol, TCP
can prevent transmission of data due to empty windows. As a result,
multiple Updates may be spaced closer together than orginally queued.
Although this is not a common occurrence, implementations should be
aware of this.
14. Ordering of Path Attributes
The BGP protocol suggests that BGP speakers sending multiple prefixes The BGP protocol suggests that BGP speakers sending multiple prefixes
per an UPDATE message should sort and order path attributes according per an UPDATE message should sort and order path attributes according
to Type Codes. This would help their peers to quickly identify sets to Type Codes. This would help their peers to quickly identify sets
of attributes from different update messages which are semantically of attributes from different update messages which are semantically
different. different.
Implementers may find it useful to order path attributes according to Implementers may find it useful to order path attributes according to
Type Code so that sets of attributes with identical semantics can be Type Code so that sets of attributes with identical semantics can be
more quickly identified. more quickly identified.
14. AS_SET Sorting 15. AS_SET Sorting
AS_SETs are commonly used in BGP route aggregation. They reduce the AS_SETs are commonly used in BGP route aggregation. They reduce the
size of AS_PATH information by listing AS numbers only once size of AS_PATH information by listing AS numbers only once
regardless of any number of times it might appear in process of regardless of any number of times it might appear in process of
aggregation. AS_SETs are usually sorted in increasing order to aggregation. AS_SETs are usually sorted in increasing order to
facilitate efficient lookups of AS numbers within them. This facilitate efficient lookups of AS numbers within them. This
optimization is entirely optional. optimization is entirely optional.
15. Control over Version Negotiation 16. Control over Version Negotiation
Because pre-BGP-4 route aggregation can't be supported by earlier Because pre-BGP-4 route aggregation can't be supported by earlier
version of BGP, an implementation that supports versions in addition version of BGP, an implementation that supports versions in addition
to BGP-4 should provide the version support on a per-peer basis. to BGP-4 should provide the version support on a per-peer basis.
16. Security Considerations 17. Security Considerations
BGP provides flexible and extendable mechanism for authentication and BGP a provides flexible and extendable mechanism for authentication
security. The mechanism allows to support schemes with various and security. The mechanism allows to support schemes with various
degree of complexity. BGP sessions are authenticated based on the IP degree of complexity. BGP sessions are authenticated based on the IP
address of a peer. In addition, all BGP sessions are authenticated address of a peer. In addition, all BGP sessions are authenticated
based on the autonomous system number advertised by a peer. based on the autonomous system number advertised by a peer.
Since BGP runs over TCP and IP, BGP's authentication scheme may be Since BGP runs over TCP and IP, BGP's authentication scheme may be
augmented by any authentication or security mechanism provided by augmented by any authentication or security mechanism provided by
either TCP or IP. either TCP or IP.
16.1. TCP MD5 Signature Option 17.1. TCP MD5 Signature Option
RFC 2385 defines a way in which the TCP MD5 signature option can be [RFC 2385] defines a way in which the TCP MD5 signature option can be
used to valid information transmitted between two peers. This method used to validate information transmitted between two peers. This
prevents any third party from injecting information (e.g., a TCP RST) method prevents any third party from injecting information (e.g., a
into the datastream, or modifying the routing information carried TCP Reset) into the datastream, or modifying the routing information
between two BGP peers. RFC ???? provides suggestions for choosing carried between two BGP peers.
passwords to be used with MD5.
TCP MD5 is not ubiquitously deployed at the moment, especially in TCP MD5 is not ubiquitously deployed at the moment, especially in
inter- domain scenarios, largely because of key distribution issues. inter- domain scenarios, largely because of key distribution issues.
Most key distribution mechanisms are considered to be too "heavy" at Most key distribution mechanisms are considered to be too "heavy" at
this point. this point.
16.2. BGP Over IPSEC 17.2. BGP Over IPSEC
BGP can run over IPSEC, either in a tunnel, or in transport mode, BGP can run over IPSEC, either in a tunnel, or in transport mode,
where the TCP portion of the IP packet is encrypted. This not only where the TCP portion of the IP packet is encrypted. This not only
prevents random insertion of information into the data stream between prevents random insertion of information into the data stream between
two BGP peers, it also prevents an attacker from learning the data two BGP peers, it also prevents an attacker from learning the data
which is being exchanged between the peers. which is being exchanged between the peers.
IPSEC does, however, offer several options for exchanging session IPSEC does, however, offer several options for exchanging session
keys, which may be useful on inter-domain configurations. These keys, which may be useful on inter-domain configurations. These
options are being explored in many deployments, although no options are being explored in many deployments, although no
definitive solution has been reach on the issue of key exchange for definitive solution has been reached on the issue of key exchange for
BGP in IPSEC. BGP in IPSEC.
It should be noted that since BGP runs over TCP and IP, BGP is It should be noted that since BGP runs over TCP and IP, BGP is
vulnerable to the same denial of service or authentication attacks vulnerable to the same denial of service or authentication attacks
that are present in any other TCP based protocol. that are present in any other TCP based protocol.
16.3. Miscellaneous 17.3. Miscellaneous
Another issue any routing protocol faces is providing evidence of the Another issue any routing protocol faces is providing evidence of the
validity and authority of the routing information carried within the validity and authority of the routing information carried within the
routing system. This is currently the focus of several efforts at routing system. This is currently the focus of several efforts at
the moment, including efforts to define the threats which can be used the moment, including efforts to define the threats which can be used
against this routing information in BGP [draft-murphy, attack tree], against this routing information in BGP [draft-murphy, attack tree],
and efforts at developing a means to provide validation and authority and efforts at developing a means to provide validation and authority
for routing information carried within BGP [SBGP] [soBGP]. for routing information carried within BGP [SBGP] [soBGP].
In addition, the Routing Protocol Security Requirements (RPSEC) In addition, the Routing Protocol Security Requirements (RPSEC)
working group has been chartered within the Routing Area of the IETF working group has been chartered within the Routing Area of the IETF
in order to discuss and assist in addressing issues surrounding in order to discuss and assist in addressing issues surrounding
routing protocol security. It is the intent that this work within routing protocol security. It is the intent that this work within
RPSEC will result in feedback to BGPv4 and future enhancements to the RPSEC will result in feedback to BGPv4 and future enhancements to the
protocol where appropriate. protocol where appropriate.
16.4. PTOMAINE and GROW 17.4. PTOMAINE and GROW
The Prefix Taxonomy (PTOMAINE) working group, recently replaced by The Prefix Taxonomy (PTOMAINE) working group, recently replaced by
the Global Routing Operations (GROW) working group, is chartered to the Global Routing Operations (GROW) working group, is chartered to
consider and measure the problem of routing table growth, the effects consider and measure the problem of routing table growth, the effects
of the interactions between interior and exterior routing protocols, of the interactions between interior and exterior routing protocols,
and the effect of address allocation policies and practices on the and the effect of address allocation policies and practices on the
global routing system. Finally, where appropriate, GROW will also global routing system. Finally, where appropriate, GROW will also
document the operational aspects of measurement, policy, security and document the operational aspects of measurement, policy, security and
VPN infrastructures. VPN infrastructures.
One such item GROW is currently studying is the effects of route One such item GROW is currently studying is the effects of route
aggregation and the inability to aggregate over multiple provider aggregation and the inability to aggregate over multiple provider
boundaries due to inadequate provider coordination. boundaries due to inadequate provider coordination.
It is the intent that this work within GROW will result in feedback It is the intent that this work within GROW will result in feedback
to BGPv4 and future enhancements to the protocol as necessary. to BGPv4 and future enhancements to the protocol as necessary.
16.5. Internet Routing Registries (IRRs) 17.5. Internet Routing Registries (IRRs)
Many organizations register their routing policy and prefix Many organizations register their routing policy and prefix
origination in the various distributed databases of the Internet origination in the various distributed databases of the Internet
Routing Registry. These databases provide access to the information Routing Registry. These databases provide access to the information
using the RPSL language as defined in [RFC 2622]. While registered using the RPSL language as defined in [RFC 2622]. While registered
information may be maintained and correct for certain providers, the information may be maintained and correct for certain providers, the
lack of timely or correct data in the various IRR databases has lack of timely or correct data in the various IRR databases has
prevented wide-spread use of this resource. prevented wide-spread use of this resource.
16.6. Acknowledgements 17.6. Regional Internet Registries (RIRs) and IRRs, A Bit of History
The NSFNET program used EGP and then BGP to provide external routing
information. It was the NSF policy of offering differing pricing and
providing a different level of support to the Research and Education
(RE) networks and the Commercial (CO) networks that led to BGP's
initial policy requirements. CO networks were not able to use the
NSFNET backbone to reach other CO networks, in addition to being
charged more. The rationelle was that commercial users of the NSFNET
with business with research entities should subsidize the RE
community. Recognition that the Internet was evolving away from a
hierarchical network to a mesh of peers led to changes from EGP and
BGP-1 that eliminated any assumptions of hierarchy.
Enforcement of NSF policy was accomplished through maintenance of the
NSF Policy Routing Database (PRDB). The PRDB not only contained each
networks designation as CO or RE, but also contained a list of the
preferred exit points to the NSFNET to reach each network. This was
the basis for setting what would later be called BGP LOCAL_PREF on
the NSFNET. Tools provided with the PRDB generated complete router
configurations for the NSFNET.
Use of the PRDB had the fortunate consequence of greatly improving
reliability of the NSFNET relative to peer networks of the time and
offering more optimal routing for those networks sufficiently
knowledgeable and willing to keep their entries current.
With the decommission of the NSFNET Backbone Network Service in 1995,
it was recognized that the PRDB should be made less single provider
centric and its legacy contents plus any further updates made
available to any provider willing to make use of it. The European
networking community had long seen the PRDB as too US centric.
Through Reseaux IP Europeens (RIPE) the Europeans had created an open
format in RIPE-181 and had been maintaining an open database used for
address and AS registry more than policy. The initial conversion of
the PRDB was to RIPE-181 format and tools were converted to make use
of this format. The collection of databases was termed the Internet
Routing Registry, with the RIPE database and US NSF funded Routing
Arbitrator (RA) being the inital components of the IRR.
A need to extend RIPE-181 was recognized and RIPE agreed to allow the
extensions to be defined within the IETF in the RPS WG. The result
was the RPSL language. Other work products of the RPS WG provided an
authentication framework and means to widely distribute the database
in a controlled manner and synchronize the many repositories. Freely
available tools were provided primarily by RIPE, Merit, and ISI, the
most comprehensive set from ISI. The efforts of the IRR participants
has been severely hampered by providers unwilling to keep information
in the IRR up to date. The larger of these providers have been
vocal, claiming that the database entry, simple as it may be, are an
administrative burden and some acknowledge that doing so provides a
advantage to competitors that use the IRR. The result has been an
erosion of the usefulness of the IRR and an increase in vulnerability
of the Internet to routing based attack or accidental injection of
faulty routing information.
There have been numerous cases of accidental disruption of Internet
routing which were avoided by providers using the IRR but highly
detrimental to non-users. As filters have had to be relaxed due to
the erosion of the IRR to less complete coverage, these types of
disruptions have continued to occur very infrequently, but have had
increasingly widespread impact.
17.7. Acknowledgements
We would like to thank Paul Traina and Yakov Rekhter for authoring We would like to thank Paul Traina and Yakov Rekhter for authoring
previous versions of this document. We would also like to previous versions of this document and providing valuable input on
acknowledge Russ White, Jeffrey Haas and Curtis Villamizar for this update as well. We would also like to explicitly acknowledge
valuable feedback on this document. Curtis Villamizar for providing both text and thorough reviews.
Thanks to Russ White, Jeffrey Haas, Sean Mentzer, Mitchell Erblich
and Jude Ballard for supplying their usual keen eye.
17. References Finally, we'd like to think the IDR WG for general and specific input
that contributed to this document.
18. References
[RFC 793] Postel, J., "Transmission Control Protocol", RFC 793,
September 1981.
[RFC 1105] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol [RFC 1105] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol
BGP", RFC 1105, June 1989. BGP", RFC 1105, June 1989.
[RFC 1163] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol [RFC 1163] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol
BGP", RFC 1105, June 1990. BGP", RFC 1105, June 1990.
[RFC 1264] Hinden, R., "Internet Routing Protocol Standardization [RFC 1264] Hinden, R., "Internet Routing Protocol Standardization
Criteria", RFC 1264, October 1991. Criteria", RFC 1264, October 1991.
[RFC 1267] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol 3 [RFC 1267] Lougheed, K., and Rekhter, Y, "Border Gateway Protocol 3
(BGP-3)", RFC 1105, October 1991. (BGP-3)", RFC 1105, October 1991.
[RFC 1269] Willis, S., and Burruss, J., "Definitions of Managed
Objects for the Border Gateway Protocol (Version 3)",
RFC 1269, October 1991.
[RFC 1519] Fuller, V., Li. T., Yu J., and K. Varadhan, "Classless [RFC 1519] Fuller, V., Li. T., Yu J., and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): an Address Assignment and Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", RFC 1519, September 1993. Aggregation Strategy", RFC 1519, September 1993.
[RFC 1656] Traina, P., "BGP-4 Protocol Document Roadmap and [RFC 1656] Traina, P., "BGP-4 Protocol Document Roadmap and
Implementation Experience", RFC 1656, July 1994. Implementation Experience", RFC 1656, July 1994.
[RFC 1657] Willis, S., Burruss, J., Chu, J., " Definitions of
Managed Objects for the Fourth Version of the Border
Gateway Protocol (BGP-4) using SMIv2", RFC 1657, July
1994.
[RFC 1771] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 [RFC 1771] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4
(BGP-4)", RFC 1771, March 1995. (BGP-4)", RFC 1771, March 1995.
[RFC 1772] Rekhter, Y., and P. Gross, Editors, "Application of the [RFC 1772] Rekhter, Y., and P. Gross, Editors, "Application of the
Border Gateway Protocol in the Internet", RFC 1772, March Border Gateway Protocol in the Internet", RFC 1772, March
1995. 1995.
[RFC 1773] Traina, P., "Experience with the BGP-4 protocol", RFC [RFC 1773] Traina, P., "Experience with the BGP-4 protocol", RFC
1773, March 1995. 1773, March 1995.
[RFC 1966] Bates, T., Chandra, R., "BGP Route Reflection: An
alternative to full mesh IBGP", RFC 1966, June 1996.
[RFC 2385] Heffernan, A., "Protection of BGP Sessions via the TCP
MD5 Signature Option", RFC 2385, August 1998.
[RFC 2439] Villamizar, C. and Chandra, R., "BGP Route Flap Damping", [RFC 2439] Villamizar, C. and Chandra, R., "BGP Route Flap Damping",
RFC 2439, November 1998. RFC 2439, November 1998.
[RFC 2622] C. Alaettinoglu et al., "Routing Policy Specification [RFC 2622] C. Alaettinoglu et al., "Routing Policy Specification
Language", RFC 2622, June 1999. Language", RFC 2622, June 1999.
[RFC 2796] Bates, T., Chandra, R., and Chen, E, "Route Reflection - [RFC 2796] Bates, T., Chandra, R., and Chen, E, "Route Reflection -
An Alternative to Full Mesh IBGP", RFC 2796, April 2000. An Alternative to Full Mesh IBGP", RFC 2796, April 2000.
[RFC 3065] Traina, P., McPherson, D., and Scudder, J, "Autonomous [RFC 3065] Traina, P., McPherson, D., and Scudder, J, "Autonomous
skipping to change at page 17, line 12 skipping to change at page 19, line 29
Persistent Route Oscillation Condition", RFC 3345, Persistent Route Oscillation Condition", RFC 3345,
August 2002. August 2002.
[BGP4-ANALYSIS] Work in Progress. [BGP4-ANALYSIS] Work in Progress.
[BGP4-IMPL] Work in Progress. [BGP4-IMPL] Work in Progress.
[BGP4] Rekhter, Y., T. Li., and Hares. S, Editors, "A Border [BGP4] Rekhter, Y., T. Li., and Hares. S, Editors, "A Border
Gateway Protocol 4 (BGP-4)", BGP Draft, Work in Progress. Gateway Protocol 4 (BGP-4)", BGP Draft, Work in Progress.
18. Authors' Addresses [SBGP]
[soBGP]
19. Authors' Addresses
Danny McPherson Danny McPherson
Arbor Networks Arbor Networks
Email: danny@arbor.net Email: danny@arbor.net
Keyur Patel Keyur Patel
Cisco Systems Cisco Systems
Email: keyupate@cisco.com Email: keyupate@cisco.com
19. Full Copyright Statement 20. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/