draft-ietf-idr-route-leak-detection-mitigation-04.txt   draft-ietf-idr-route-leak-detection-mitigation-05.txt 
IDR and SIDR K. Sriram IDR and SIDR K. Sriram
Internet-Draft D. Montgomery Internet-Draft D. Montgomery
Intended status: Standards Track US NIST Intended status: Standards Track US NIST
Expires: January 9, 2017 B. Dickson Expires: July 13, 2017 B. Dickson
K. Patel K. Patel
Cisco Arrcus
A. Robachevsky A. Robachevsky
Internet Society Internet Society
July 8, 2016 January 9, 2017
Methods for Detection and Mitigation of BGP Route Leaks Methods for Detection and Mitigation of BGP Route Leaks
draft-ietf-idr-route-leak-detection-mitigation-04 draft-ietf-idr-route-leak-detection-mitigation-05
Abstract Abstract
[I-D.ietf-grow-route-leak-problem-definition] provides a definition [I-D.ietf-grow-route-leak-problem-definition] provides a definition
of the route leak problem, and also enumerates several types of route of the route leak problem, and also enumerates several types of route
leaks. This document first examines which of those route-leak types leaks. This document first examines which of those route-leak types
are detected and mitigated by the existing origin validation (OV) are detected and mitigated by the existing origin validation (OV)
[RFC 6811]. It is recognized that OV offers a limited detection and [RFC 6811]. It is recognized that OV offers a limited detection and
mitigation capability against route leaks. This document specifies mitigation capability against route leaks. This document specifies
enhancements that significantly extend the route-leak prevention, enhancements that significantly extend the route-leak prevention,
detection, and mitigation capabilities of BGP. One solution detection, and mitigation capabilities of BGP. One solution
component involves carrying a per-hop route-leak protection (RLP) component involves carrying a per-hop route-leak protection (RLP)
field in BGP updates. The RLP field is proposed be carried in a new field in BGP updates. The RLP field is proposed to be carried in a
optional transitive attribute, called BGP RLP attribute. The new optional transitive attribute, called BGP RLP attribute. The
solution is meant to be initially implemented as an enhancement of solution is meant to be initially implemented as an enhancement of
BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol]. BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol].
However, when BGPsec is deployed in the future, the solution can be However, when BGPsec is deployed in the future, the solution can be
incorporated in BGPsec, enabling cryptographic protection for the RLP incorporated in BGPsec, enabling cryptographic protection for the RLP
field. That would be one way of implementing the proposed solution field. That would be one way of implementing the proposed solution
in a secure way. The document also includes a stopgap method for in a secure way. The document also includes a stopgap method for
detection and mitigation of route leaks for an intermediate phase detection and mitigation of route leaks for an intermediate phase
when OV is deployed but BGP protocol on the wire is unchanged. when OV is deployed but BGP protocol on the wire is unchanged.
Status of This Memo Status of This Memo
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2017. This Internet-Draft will expire on July 13, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 19, line 27 skipping to change at page 19, line 27
2014, <http://labs.apnic.net/blabs/?p=520/>. 2014, <http://labs.apnic.net/blabs/?p=520/>.
[I-D.ietf-grow-route-leak-problem-definition] [I-D.ietf-grow-route-leak-problem-definition]
Sriram, K., Montgomery, D., McPherson, D., Osterweil, E., Sriram, K., Montgomery, D., McPherson, D., Osterweil, E.,
and B. Dickson, "Problem Definition and Classification of and B. Dickson, "Problem Definition and Classification of
BGP Route Leaks", draft-ietf-grow-route-leak-problem- BGP Route Leaks", draft-ietf-grow-route-leak-problem-
definition-06 (work in progress), May 2016. definition-06 (work in progress), May 2016.
[I-D.ietf-sidr-bgpsec-protocol] [I-D.ietf-sidr-bgpsec-protocol]
Lepinski, M. and K. Sriram, "BGPsec Protocol Lepinski, M. and K. Sriram, "BGPsec Protocol
Specification", draft-ietf-sidr-bgpsec-protocol-17 (work Specification", draft-ietf-sidr-bgpsec-protocol-21 (work
in progress), June 2016. in progress), December 2016.
[Kapela-Pilosov] [Kapela-Pilosov]
Pilosov, A. and T. Kapela, "Stealing the Internet: An Pilosov, A. and T. Kapela, "Stealing the Internet: An
Internet-Scale Man in the Middle Attack", DEFCON-16 Las Internet-Scale Man in the Middle Attack", DEFCON-16 Las
Vegas, NV, USA, August 2008, Vegas, NV, USA, August 2008,
<https://www.defcon.org/images/defcon-16/dc16- <https://www.defcon.org/images/defcon-16/dc16-
presentations/defcon-16-pilosov-kapela.pdf>. presentations/defcon-16-pilosov-kapela.pdf>.
[Kephart] Kephart, N., "Route Leak Causes Amazon and AWS Outage", [Kephart] Kephart, N., "Route Leak Causes Amazon and AWS Outage",
ThousandEyes Blog, June 2015, ThousandEyes Blog, June 2015,
skipping to change at page 22, line 28 skipping to change at page 22, line 28
Doug Montgomery Doug Montgomery
US NIST US NIST
Email: dougm@nist.gov Email: dougm@nist.gov
Brian Dickson Brian Dickson
Email: brian.peter.dickson@gmail.com Email: brian.peter.dickson@gmail.com
Keyur Patel Keyur Patel
Cisco Arrcus
Email: keyupate@cisco.com Email: keyur@arrcus.com
Andrei Robachevsky Andrei Robachevsky
Internet Society Internet Society
Email: robachevsky@isoc.org Email: robachevsky@isoc.org
 End of changes. 10 change blocks. 
12 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/