Internet DRAFT - draft-van-beijnum-grow-controlled-deagg
draft-van-beijnum-grow-controlled-deagg
Global Routing Operations Working Group I. van Beijnum
Internet-Draft Institute IMDEA Networks
Intended status: Informational October 21, 2014
Expires: April 24, 2015
Controlled IPv6 deaggregation by large organizations
draft-van-beijnum-grow-controlled-deagg-00
Abstract
The use of IPv6 addresses by large organizations doesn't fit the
commonly used PA/PI dichotomy. Such organizations may hold a large
address block which is deaggregated into subprefixes that are
advertised by subunits of the organization. This document proposes a
set of best practices to allow this deaggregation to be controlled
through filtering so that on the one hand, the size of the IPv6
global routing table isn't unduly inflated, while on the other hand
organizations that seek to deaggregate a large IPv6 address block
don't see their reachability limited by remote filters.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 24, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
van Beijnum Expires April 24, 2015 [Page 1]
Internet-Draft Controlled IPv6 deaggregation October 2014
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The aggregate of last resort service . . . . . . . . . . . . 3
3. Geographic communities . . . . . . . . . . . . . . . . . . . 4
4. Encoding of geographic information . . . . . . . . . . . . . 4
5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Security considerations . . . . . . . . . . . . . . . . . . . 8
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
Generally, two classes of global unicast address prefixes are
recognized: provider aggregatable (PA) and provider independent (PI).
PA prefixes are the prefixes advertised into the global routing table
by ISPs, covering the addresses used by multiple customers of that
ISP. PI prefixes are the address blocks used by a single
organization.
However, there is a third class of addresses: the addresses used by
large organizations with subunites that independently connect to the
internet. An example are multinational corporations. Another are
national governments. Such organizations often desire a single IPv6
prefix so the addresses used by subunits are easily recognized as
being part of the larger organization in firewalls and router
filters. As such, many of these organizations become "enterprise
LIRs" (local internet registries) at one or more of the five regional
internet registries (RIRs) that distribute IP addresses. However,
unlike regular LIRs (ISPs), they are not in the business of moving IP
packets between locations, and as such different locations or
subunits advertise deaggregates (subprefixes) of the organization's
LIR PA prefix, often to different ISPs. This advertisement of
deaggregates would be unexpected from regular LIRs, and as such, the
deaggregates may be filtered.
Currently, the IPv6 global routing table is small and in no immediate
danger of growing beyond what today's routers can handle. However,
without some of the limitations that are present in IPv4, the IPv6
routing table could conceivably grow at a high rate for decades to
come, and would then at some point become hard to manage.
van Beijnum Expires April 24, 2015 [Page 2]
Internet-Draft Controlled IPv6 deaggregation October 2014
This document proposes two mechanisms that will allow organizations
that seek to deaggregate an enterprise LIR prefix to enjoy the same
level of connectivity as users of PI and PA space while at the same
time limiting the impact of this practice on the IPv6 global routing
table. The first mechanism is the establishment of an "aggregate of
last resort" (AoLR), the second mechanism is a set of communities
that allow deaggregates to be filtered in some parts of a network
without loss of reachability.
This document is meant to start a discussion. As such, it may be
split into several documents, and/or the venue for discussion and
eventual publication is subject to change.
2. The aggregate of last resort service
The assumption is that an enterprise LIR allocates addresses from a
single block to different organizational subunits, and that these
subunits advertise those smaller blocks to the ISPs they use to
connect to the internet, where different subunits use different ISPs.
For reasons of cost and routing efficiency it's not possible or
desired to use an internal network between the subunits or locations
to transport traffic to/from the internet from one organizational
subunit to another.
One way to run such a network would be for the enterprise to
advertise its aggregate in a small number of locations. The traffic
is then delivered to those locations, and then from there sent back
to an ISP that has a path to the subunit in question. However, this
has the downside that traffic has to pass through one of the
locations advertising the aggregate, using up additional bandwidth
and possibly incurring long detours. For instance, if an
organization advertises its prefix in Europe then a third party in
the US that sends traffic to one of the organization's offices in the
US may see its traffic cross the Atlantic twice.
The solution is to ask one or more ISPs to advertise the aggregate--
preferably ones with a large geographic footprint. By default,
networks hand over traffic to a remote network as soon as possible
("hot potato" routing), so in this case the traffic just has to flow
to the closest location where the ISP in question has a presence. If
that ISP then connects to an ISP serving the organizational subunit
in question, the traffic can be handed over between the two ISPs at
the nearest location where they interconnect.
This way, deaggregates only have to be carried by ISPs providing the
aggregate of last resort service and the ISPs connecting subunits of
the organization. Because the organization has customer - service
van Beijnum Expires April 24, 2015 [Page 3]
Internet-Draft Controlled IPv6 deaggregation October 2014
provider relationships with each, presumably those ISPs will not
filter the deaggregates.
3. Geographic communities
BGP supports a community mechanism that allows a router to tag a
prefix with additional information that may be interpreted by other
routers. This document proposes a set of communities that encode the
geographic origin of a deaggregated prefix. This allows network
operators to filter prefixes that are covered by an aggregate.
Additionally, such filtering may be applied selectively.
For instance, a network that operates in the APNIC region may want to
filter out deaggregates originated in other regions, but allow the
ones originated in the APNIC region. Or a North American network may
want to carry European deaggregates only at the US East Coast, where
it interconnects with European networks, and only carry Asian
deaggregates at the US West Coast, where it interconnects with Asian
networks.
An objection against encoding geographic information in the routing
system is that topology doesn't follow geography. Strictly speaking,
this is of course true. In theory, a user in Tokyo could connect to
the internet in Madrid. In practice, this is is exceedingly rare.
And in the case where this happens and BGP is in the position to make
decisions, having this information available is even more useful than
in in routine situations: when that user in Tokyo connects to the
internet in Madrid and Hong Kong, users outside Europe would do well
to avoid the route through Madrid. A geographic community would
allow them to do exactly that.
4. Encoding of geographic information
There are currently two types of communities defined for BGP: the
original community attribute ([RFC1997]), which encodes 32-bit
values, and extended community attribute ([RFC4360]), which supports
subtypes of various lengths. Regular communities are widely
supported and are typically displayed in the form ddddd:ddddd, where
ddddd are both 16-bit values displayed in decimal, such as 702:120.
Defining a new extended community subtype has the advantage that it
would be possible to specify a new syntax and new semantics tailored
to the needs of the new community, but the disadvantage is that it
would take a lot of time for this to be implemented by router
vendors. As such, geographical information will be encoded into a
set of communities within the numbering space of the existing
[RFC1997] system. Router vendors are encouraged to recognize these
van Beijnum Expires April 24, 2015 [Page 4]
Internet-Draft Controlled IPv6 deaggregation October 2014
communities and handle them appropriately as outlined later in this
document.
There are many ways to encode geographic information, such as the ISO
3166-1 alpha-2 two-letter country code, the ITU E.164 one-to-three-
digit international phone dialing numbers and the ISO 3166-1 three-
digit numeric code. The only one that is well-known in numeric form
are international phone dialing numbers. However, the size
difference in population/area served between the different country
codes (and area codes in the North American Numbering Plan) is very
large, and the numbers don't lend themselves to easily identifying a
geographic region bigger than a metropolitan area but smaller than a
country.
To avoid these issues, this document specifies that geographic
communities encode latitude/longitude information. This encoding
avoids interpretation and contention. By rounding to whole degrees,
a reasonable tradeoff between precision and location privacy is
achieved.
A geographic community consists of two 16-bit values in decimal
notation. In the first value, the least significant bits indicate
north or south and east or west, respectively. In the second value,
the upper two digits indicate the latitude and the lower three digits
indicate the longitude, each rounded to the nearest degree. For
example:
Berlin, DE; 52 deg 31 min N, 13 deg 23 min E:
xxxx1:53013
Chicago, US; 41 deg 50 min N, 87 deg 41 min W:
xxxx0:42088
Mumbai, IN; 18 deg 58 min N, 72 deg 49 min E:
xxxx1:19073
Rio de Janeiro, BR; 22 deg 54 min S, 43 deg 11 min W:
xxxx2:23043
Saint Petersburg, RU; 59 deg 57 min N, 30 deg 18 min E:
xxxx1:60030
Locations further than 64 degrees north or south are encoded
differently: the upper two digits of the second community value
encode the upper two digits of the longitude, the next two digits
encode the latitude, and the last digit encodes the lower digit of
the longitude:
van Beijnum Expires April 24, 2015 [Page 5]
Internet-Draft Controlled IPv6 deaggregation October 2014
Spitsbergen, NO; 78 deg 45 min N, 16 deg 00 min E:
xxxx1:00790
McMurdo Station, Antarctica; 77 deg 51 min S 166 deg 40 min E:
xxxx3:16787
This format is somewhat human-readable. However, router vendors are
encouraged to recognize these communities and display the values as
follows:
xxxx1:53013
53N13E
xxxx0:42088
42N88W
xxxx1:19073
19N73E
xxxx2:23043
23S43W
xxxx1:60030
60N30E
xxxx1:790
79N0E
xxxx3:16787
78S167E
Furthermore, it would be helpful if filters could specify areas in
the form 53N3E-50NE8. (This encompasses the Netherlands in its
entirety, although it also covers parts of the neighboring
countries.)
Although they don't immediately serve the purpose of this draft, two
additional forms of geographic communities are specified. This makes
for three different sets of geographic communities:
Covered:
The presence of a geographic community of this type indicates
that the prefix is covered by an aggregate and can therefore
safely be filtered without loss of reachability. The location
encoded in the community is the location of the ISP side of
circuit that connects the site using the prefix to the internet.
If an indication that the prefix is covered by an aggregate is
van Beijnum Expires April 24, 2015 [Page 6]
Internet-Draft Controlled IPv6 deaggregation October 2014
desired, but not the encoding of a location, then the community
xxxx0:999 may be used.
Uncovered:
The presence of a geographic community of this type DOES NOT
indicate that a covering aggregate is present. The location
encoded in the community is the location of the ISP side of
circuit that connects the site using the prefix to the internet
and may be presented in order to facilitate best path selection.
Seen-at:
The presence of a geographic community of this type DOES NOT
indicate that a covering aggregate is present. The location
encoded in the community is a location where the prefix was seen.
For instance, the location where a network learned the prefix
over EBGP. Multiple instances of this type of geographical
community may be present.
5. IANA considerations
IANA is requested to register the following 16-bit ranges of
community values out of the subset of community value space that maps
to private AS numbers:
Covered origin NW
Covered origin NE
Covered origin SW
Covered origin NE
Uncovered origin NW
Uncovered origin NE
Uncovered origin SW
Uncovered origin NE
Seen-at NW
Seen-at NE
Seen-at SW
Seen-at NE
van Beijnum Expires April 24, 2015 [Page 7]
Internet-Draft Controlled IPv6 deaggregation October 2014
6. Security considerations
It would be possible for any router along the AS path to rewrite a
geographic community and claim a false geographic origin and/or
falsely claim that a prefix is covered by an aggregate.
7. Contributors
None at this time.
8. Acknowledgements
None at this time.
9. References
[RFC1997] Chandrasekeran, R., Traina, P., and T. Li, "BGP
Communities Attribute", RFC 1997, August 1996.
[RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended
Communities Attribute", RFC 4360, February 2006.
Author's Address
Iljitsch van Beijnum
Institute IMDEA Networks
Avda. del Mar Mediterraneo, 22
Leganes, Madrid 28918
Spain
Email: iljitsch@muada.com
van Beijnum Expires April 24, 2015 [Page 8]