Internet-Draft Version Capability for BGP March 2020
Abraitis Expires 2 October 2020 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-abraitis-bgp-version-capability-05
Published:
Intended Status:
Informational
Expires:
Author:
D.Abraitis. Abraitis
Hostinger

Version Capability for BGP

Abstract

In this document, we introduce a new BGP capability that allows the advertisement of a BGP speaker's version.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 September 2020.

Table of Contents

1. Introduction

In modern data center designs, we tend to have conventional hosts participating in the routing process. And the fleet of hosts has different versions of routing daemon. This means that troubleshooting is a crucial part to quickly identify the root cause. This document introduces the new BGP capability to advertise the version of the routing daemon.

2. Specification of Requirements

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Version Capability

The Version Capability is a new BGP capability [RFC5492]. The implementation is specific to the vendor. The version is unstructured and can be defined in any format the vendor decides.

The length of the version SHOULD be limited to 64 bytes. This is the limit to allow other capabilities as much space as they require. The version MUST NOT be empty.

This capability is OPTIONAL. The vendor MUST implement a capability switch to enable or disable it.

In case you reached 255 bytes of capabilities, you can disable this capability. The capability is designed more to non-production environments where you need more visibility for troubleshooting purposes. It's RECOMMENDED to turn it only inside a single Autonomous System domain or Autonomous System Confederations.

Such protocols like LLDP, CDP can provide the same information as well, but in containerized environments, it's very hard and NOT RECOMMENDED run background processes. To minimize operational costs it would help having all the necessary information in place.

                +--------------------------------+
                |    Version Length (1 octet)    |
                +--------------------------------+
                |      Version (variable)        |
                +--------------------------------+
Figure 1

Version Length:

Version:

4. Operation

The Version capability MUST only be used for displaying the version of a speaker to make troubleshooting easier. You have a bunch of routers with a number of upstreams each. All of them are with a different operating system and routing daemon installed. Assuming that a specific feature is not working or a bug which is not fixed in an appropriate version, would allow us to quickly identify the pattern which versions are affected.

Enabling this capability REQUIRED bouncing all existing BGP sessions. It MUST be explicitly configured to advertise the Version capability.

Below is an example of implementation in [FRRouting] how it looks like with version advertised by a BGP sender:

:~# vtysh -c 'show ip bgp summary failed'
...
Neighbor      EstdCnt DropCnt ResetTime Reason
198.51.100.2        3       3  00:00:35 Waiting for peer OPEN (n/a)
198.51.100.3        3       3  00:01:12 Peer closed the session (FRRouting 7.2-b3ac21114g)
198.51.100.4        3       3  00:00:14 Peer closed the session (FRRouting 7.3-g4c566878f)
198.51.100.5        3       3  00:00:45 Peer closed the session (FRRouting 7.4-a25sg503g2)
...
Figure 2
:~# vtysh -c 'show ip bgp neighbors 198.51.100.1 json' \
> | jq '."198.51.100.1".neighborCapabilities.versions'
{
  "advertisedVersion": "FRRouting 7.2-dev-MyOwnFRRVersion",
  "receivedVersion": "FRRouting 7.2-dev-MyOwnFRRVersion-gc68bb14"
}
Figure 3

5. IANA Considerations

IANA maintains the "Border Gateway Protocol (BGP) Parameters" registry with a subregistry called "Capabilities Codes". IANA is requested to assign a capability number from the First Come First Served range for the Version Capability in this document as follows:

Table 1: Version Capability
Value Description Reference
TBD Version Capability [draft-abraitis-bgp-version-capability]

6. Security Considerations

The Version Capability can be treated as sensitive information, thus it would be easier for an attacker to exploit by knowing the specific version of the BGP speaker. This information can be gathered in BGP OPEN messages.

The Version Capability MUST be configurable with a vendor-specific knob to be able to enable or disable the capability. The vendor might implement to disable this capability per neighbor.

It would be safe to enable this for iBGP or inside the same tenant where you have full control and the BGP speaker is behind exit points.

The Version Capability information can be gathered in BGP OPEN messages.

Modifying the information advertised by a router might lead to attacks including bogus software upgrades and also might mask the causes of faults in the network.

Advertising which versions of code and from which vendor it comes may facilitate a number of social-engineering attacks. A lot of BGP implementations leave TCP/179 open and this could lead to sensitive information disclosure. This capability is NOT RECOMMENDED for eBGP use.

Sensitive information leaks can be minimized by using the [RFC5082] mechanism or firewalls to filter out TCP 179 port from untrusted networks. This capability can be disabled per neighbor, thus the sensitive information can't be disclosed to untrusted neighbors.

7. References

7.1. Normative References

[FRRouting]
Abraitis, D.A., "FRRouting - BGP Version Capability", , <https://github.com/ton31337/frr/commit/4c566878fd1a7df9f8c84ee03f419c0b00ae444b>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.

7.2. Informative References

[RFC3552]
Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, , <https://www.rfc-editor.org/info/rfc3552>.

Author's Address

Donatas Abraitis
Hostinger
Jonavos g. 60C
LT-44192 Kaunas
Lithuania