draft-ietf-sidr-bgpsec-ops-03.txt   draft-ietf-sidr-bgpsec-ops-04.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: BCP March 10, 2012 Intended status: BCP March 13, 2012
Expires: September 11, 2012 Expires: September 14, 2012
BGPsec Operational Considerations BGPsec Operational Considerations
draft-ietf-sidr-bgpsec-ops-03 draft-ietf-sidr-bgpsec-ops-04
Abstract Abstract
Deployment of the BGPsec architecture and protocols has many Deployment of the BGPsec architecture and protocols has many
operational considerations. This document attempts to collect and operational considerations. This document attempts to collect and
present them. It is expected to evolve as BGPsec is formalized and present them. It is expected to evolve as BGPsec is formalized and
initially deployed. initially deployed.
Requirements Language Requirements Language
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 11, 2012. This Internet-Draft will expire on September 14, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3
3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3 3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3
4. AS/Router Certificates . . . . . . . . . . . . . . . . . . . . 3 4. AS/Router Certificates . . . . . . . . . . . . . . . . . . . . 3
5. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 4 5. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 4
6. Considerations for Edge Sites . . . . . . . . . . . . . . . . . 4 6. Considerations for Edge Sites . . . . . . . . . . . . . . . . . 4
7. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 5
8. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 8. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
9. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 9. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
11.1. Normative References . . . . . . . . . . . . . . . . . . . 7 11.1. Normative References . . . . . . . . . . . . . . . . . . . 7
11.2. Informative References . . . . . . . . . . . . . . . . . . 8 11.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
BGPsec is a new protocol with many operational considerations. It is BGPsec is a new protocol with many operational considerations. It is
expected to be deployed incrementally over a number of years. As expected to be deployed incrementally over a number of years. As
skipping to change at page 4, line 31 skipping to change at page 4, line 31
local policy within its network, see Section 7. In deployment this local policy within its network, see Section 7. In deployment this
policy should fit into the AS's existing policy, preferences, etc. policy should fit into the AS's existing policy, preferences, etc.
This allows a network to incrementally deploy BGPsec capable border This allows a network to incrementally deploy BGPsec capable border
routers. routers.
eBGP speakers which face more critical peers or up/downstreams would eBGP speakers which face more critical peers or up/downstreams would
be candidates for the earliest deployment. Both securing one's own be candidates for the earliest deployment. Both securing one's own
announcements and validating received announcements should be announcements and validating received announcements should be
considered in partial deployment. considered in partial deployment.
On the other hand, an operator wanting to monitor router loading,
shifts in traffic, etc. will want to deploy incrementally while
watching those and similar effects.
As they are not signed, an eBGP listener SHOULD NOT strongly trust As they are not signed, an eBGP listener SHOULD NOT strongly trust
unsigned markings such as communities received across a trust unsigned markings such as communities received across a trust
boundary. boundary.
6. Considerations for Edge Sites 6. Considerations for Edge Sites
An edge site which does not provide transit and trusts its An edge site which does not provide transit and trusts its
upstream(s) SHOULD only originate a signed prefix announcement and upstream(s) SHOULD only originate a signed prefix announcement and
need not validate received announcements. need not validate received announcements.
BGPsec protocol capability negotiation provides for a speaker signing BGPsec protocol capability negotiation provides for a speaker signing
the data it sends but being unable to accept signed data. Thus a the data it sends but being unable to accept signed data. Thus a
smallish edge router may hold only its own signing key(s) and sign smallish edge router may hold only its own signing key(s) and sign
it's announcement but not receive signed announcements and therefore it's announcement but not receive signed announcements and therefore
not need to deal with the majority of the RPKI. Thus such routers not need to deal with the majority of the RPKI. Thus such routers
CPU, RAM, and crypto needs are trivial and additional hardware should CPU, RAM, and crypto needs are trivial and additional hardware should
not be needed. not be needed.
As the vast majority (84%) of ASs are stubs, and they announce the As the vast majority (84%) of ASs are stubs, and they announce the
majority of prefixes, this allows for simpler and cheaper early majority of prefixes, this allows for simpler and less expensive
incremental deployment. It may also mean that edge sites concerned incremental deployment. It may also mean that edge sites concerned
with routing security will be attracted to upstreams which support with routing security will be attracted to upstreams which support
BGPsec. BGPsec.
7. Routing Policy 7. Routing Policy
Unlike origin validation based on the RPKI, BGPsec marks a received Unlike origin validation based on the RPKI, BGPsec marks a received
announcement as Valid or Invalid, there is no NotFound state. How announcement as Valid or Invalid, there is no NotFound state. How
this is used in routing is up to the operator's local policy. See this is used in routing is up to the operator's local policy. See
[I-D.ietf-sidr-pfx-validate]. [I-D.ietf-sidr-pfx-validate].
skipping to change at page 5, line 40 skipping to change at page 5, line 44
Because of possible RPKI version skew, an AS Path which does not Because of possible RPKI version skew, an AS Path which does not
validate at router R0 might validate at R1. Therefore, signed paths validate at router R0 might validate at R1. Therefore, signed paths
that are invalid and yet propagated (because they are chosen as best that are invalid and yet propagated (because they are chosen as best
path) SHOULD have their signatures kept intact and MUST be signed if path) SHOULD have their signatures kept intact and MUST be signed if
sent to external BGPsec speakers. sent to external BGPsec speakers.
This implies that updates which a speaker judges to be invalid MAY be This implies that updates which a speaker judges to be invalid MAY be
propagated to iBGP peers. Therefore, unless local policy ensures propagated to iBGP peers. Therefore, unless local policy ensures
otherwise, a signed path learned via iBGP MAY be invalid. If needed, otherwise, a signed path learned via iBGP MAY be invalid. If needed,
the validation state SHOULD be signaled by normal local policy the validation state should be signaled by normal local policy
mechanisms such as communities or metrics. mechanisms such as communities or metrics.
On the other hand, local policy on the eBGP edge might preclude iBGP On the other hand, local policy on the eBGP edge might preclude iBGP
or eBGP announcement of signed AS Paths which are invalid. or eBGP announcement of signed AS Paths which are invalid.
A BGPsec speaker receiving a path SHOULD perform origin validation A BGPsec speaker receiving a path SHOULD perform origin validation
per [I-D.ietf-sidr-pfx-validate]. per [I-D.ietf-sidr-pfx-validate].
If it is known that a BGPsec neighbor is not a transparent route If it is known that a BGPsec neighbor is not a transparent route
server, and the router provides a knob to disallow a received pCount server, and the router provides a knob to disallow a received pCount
skipping to change at page 7, line 26 skipping to change at page 7, line 30
draft-ietf-sidr-bgpsec-protocol-01 (work in progress), draft-ietf-sidr-bgpsec-protocol-01 (work in progress),
October 2011. October 2011.
[I-D.ietf-sidr-ghostbusters] [I-D.ietf-sidr-ghostbusters]
Bush, R., "The RPKI Ghostbusters Record", Bush, R., "The RPKI Ghostbusters Record",
draft-ietf-sidr-ghostbusters-16 (work in progress), draft-ietf-sidr-ghostbusters-16 (work in progress),
December 2011. December 2011.
[I-D.ietf-sidr-origin-ops] [I-D.ietf-sidr-origin-ops]
Bush, R., "RPKI-Based Origin Validation Operation", Bush, R., "RPKI-Based Origin Validation Operation",
draft-ietf-sidr-origin-ops-13 (work in progress), draft-ietf-sidr-origin-ops-15 (work in progress),
November 2011. March 2012.
[I-D.lepinski-bgpsec-overview] [I-D.lepinski-bgpsec-overview]
Lepinski, M. and S. Turner, "An Overview of BGPSEC", Lepinski, M. and S. Turner, "An Overview of BGPSEC",
draft-lepinski-bgpsec-overview-00 (work in progress), draft-lepinski-bgpsec-overview-00 (work in progress),
March 2011. March 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support
 End of changes. 8 change blocks. 
9 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/