Internet DRAFT - draft-hilliard-grow-no-export-via-rs

draft-hilliard-grow-no-export-via-rs







GROW                                                         N. Hilliard
Internet-Draft                                                      INEX
Updates: 1997, 7947 (if approved)                            W. Hargrave
Intended status: Standards Track                                   LONAP
Expires: April 11, 2018                                  October 8, 2017


          The BGP NO_EXPORT_VIA_RS Community for Route Servers
                draft-hilliard-grow-no-export-via-rs-00

Abstract

   This document describes a BGP Well-known Community called
   NO_EXPORT_VIA_RS.  This community allows BGP route server clients to
   instruct an Internet Exchange BGP Route Server to tag prefixes
   destined for other route server clients with the NO_EXPORT Well-Known
   Community.  This mechanism allows route server clients to
   transitively control distribution of their prefixes in other
   Autonomous Systems connected to the Internet Exchange Route Server.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 11, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Hilliard & Hargrave      Expires April 11, 2018                 [Page 1]

Internet-Draft            BGP Large Communities             October 2017


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The BGP NO_EXPORT_VIA_RS Community  . . . . . . . . . . . . .   3
   3.  Operator Implementation Recommendations . . . . . . . . . . .   4
   4.  Vendor Implementation Recommendations . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   Internet Exchange Route Servers [RFC7947] use BGP to broker network
   reachability information among their clients.  BGP operators often
   wish to control distribution of their prefixes in adjacent autonomous
   systems.  When using bilateral BGP sessions, prefix distribution
   control can be achieved using the BGP NO_EXPORT community defined in
   [RFC1997].

   [RFC1997] states that the NO_EXPORT community must not be announced
   outside a BGP confederation boundary, so all BGP speakers that
   strictly interpret this document will refuse to forward prefixes
   tagged with this community to a EBGP peer.

   Some Internet Exchange route server operators ignored the strict
   interpretation of [RFC1997] on this point because although it is
   technically more correct to interpret the NO_EXPORT community on the
   route server, the point of a route server is to act as a broker
   rather than a router.  Consequently it has been argued that it is
   more useful for route server clients if prefixes tagged with the
   NO_EXPORT community are passed unaltered through the route server
   rather than being blocked.  This approach gives route server clients
   the flexibility of being able to use the NO_EXPORT community to
   signal adjacent ASNs, even if this behaviour is not technically
   correct according to [RFC1997].



Hilliard & Hargrave      Expires April 11, 2018                 [Page 2]

Internet-Draft            BGP Large Communities             October 2017


   As there is no consensus among IXP route server operators about which
   is the more appropriate behaviour, the Internet Exchange Route Server
   [RFC7947] specification document stayed quiet on the issue, noting
   only in Section 2.2.4 that a route server may interpret, modify or
   remove specific BGP communities, as defined by local policy.  This
   formally allowed the practice of treating the NO_EXPORT community as
   a transparent transitive attribute, but did not define whether
   NO_EXPORT should be interpreted or passed through the route server.

   This allowed an operational ambiguity to continue, namely that there
   was no consistent way for a route server client to limit propagation
   of any prefixes announced to a route server.

   This document resolves this ambiguity by creating a new BGP Well-
   Known Community called NO_EXPORT_VIA_RS, which allows BGP route
   server clients to instruct an Internet Exchange BGP Route Server to
   tag prefixes destined for other route server clients with the
   NO_EXPORT Well-Known Community.  This mechanism provides an
   unambiguous and consistent way for route server clients to
   transitively control distribution of their prefixes in other
   Autonomous Systems connected to the Internet Exchange Route Server.

2.  The BGP NO_EXPORT_VIA_RS Community

   The BGP NO_EXPORT_VIA_RS Community is a community interpreted only by
   [RFC7947] Internet Exchange Route Servers.  If a route server client
   announces a prefix tagged with NO_EXPORT_VIA_RS to a route server,
   the route server MUST attach the [RFC1997] NO_EXPORT community to all
   outbound announcements of that prefix to other route server clients.
   The route server SHOULD strip the NO_EXPORT_VIA_RS community from the
   outbound prefix announcement.

   If a route server client announces a prefix tagged with both the
   NO_EXPORT and NO_EXPORT_VIA_RS communities to a route server, the
   route server MUST ignore the NO_EXPORT community, and otherwise MUST
   handle the prefix and its attributes as specified in the previous
   paragraph.

   If a BGP speaker that is not a route server receives a prefix tagged
   with NO_EXPORT_VIA_RS from a BGP peer, the BGP speaker MUST ignore
   the NO_EXPORT_VIA_RS community, MUST NOT treat the UPDATE as an error
   according to [RFC7606] and SHOULD strip the NO_EXPORT_VIA_RS
   community from the prefix.

   This document formally updates the NO_EXPORT definition in [RFC1997]
   and overrides the ambiguity in Section 2.2.4 of [RFC7947] in respect
   of this specific community.




Hilliard & Hargrave      Expires April 11, 2018                 [Page 3]

Internet-Draft            BGP Large Communities             October 2017


3.  Operator Implementation Recommendations

   It is possible to implement the semantics described above in many BGP
   implementations by using standard BGP policy language statements.

4.  Vendor Implementation Recommendations

   Route server implementations MUST provide a configuration switch to
   implement the behaviour specified in Section 2.  This configuration
   switch SHOULD be enabled by default.

5.  Security Considerations

   The purpose of the NO_EXPORT_VIA_RS BGP Community is to control the
   NO_EXPORT Community, so there are no additional security
   considerations outside those associated with the NO_EXPORT community.

   Network administrators should note the recommendations in Section 11
   of BGP Operations and Security [RFC7454].

6.  IANA Considerations

   IANA is requested to register NO_EXPORT_VIA_RS in the "BGP Well-known
   Communities" registry.

      NO_EXPORT_VIA_RS (= TBD) (IANA suggested: 0xFFFFFF05)

7.  References

7.1.  Normative References

   [RFC1997]  Chandra, R., Traina, P., and T. Li, "BGP Communities
              Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
              <https://www.rfc-editor.org/info/rfc1997>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC7606]  Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
              Patel, "Revised Error Handling for BGP UPDATE Messages",
              RFC 7606, DOI 10.17487/RFC7606, August 2015,
              <https://www.rfc-editor.org/info/rfc7606>.







Hilliard & Hargrave      Expires April 11, 2018                 [Page 4]

Internet-Draft            BGP Large Communities             October 2017


   [RFC7947]  Jasinska, E., Hilliard, N., Raszuk, R., and N. Bakker,
              "Internet Exchange BGP Route Server", RFC 7947,
              DOI 10.17487/RFC7947, September 2016,
              <https://www.rfc-editor.org/info/rfc7947>.

7.2.  Informative References

   [RFC7454]  Durand, J., Pepelnjak, I., and G. Doering, "BGP Operations
              and Security", BCP 194, RFC 7454, DOI 10.17487/RFC7454,
              February 2015, <https://www.rfc-editor.org/info/rfc7454>.

Authors' Addresses

   Nick Hilliard
   Internet Neutral Exchange Association CLG
   4027 Kingswood Road
   Dublin  24
   Ireland

   Email: nick@inex.ie


   Will Hargrave
   LONAP Ltd
   5 Fleet Place
   London  EC4M 7RD
   United Kingdom

   Email: will@lonap.net






















Hilliard & Hargrave      Expires April 11, 2018                 [Page 5]