]> BGP over TLS/TCP UCLouvain & WELRI
thomas.wirtgen@uclouvain.be
UCLouvain & WELRI
olivier.bonaventure@uclouvain.be
Routing IDR tcp tls bgp tcp-ao This document specifies the use of TLS over TCP to support BGP. Status information for this document may be found at . Discussion of this document takes place on the IDR Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .
Introduction The Border Gateway Protocol (BGP) relies on the TCP protocol to establish BGP sessions between routers. A recent draft has proposed to replace TCP with the QUIC protocol . QUIC brings many features compared to TCP including security, support for multiple streams and datagrams. From a security viewpoint, an important benefit of QUIC compared to TCP is that QUIC by design prevents injection attacks that are possible when TCP is used by BGP . Several techniques can be used by BGP routers to counter these attacks . TCP-AO authenticates the packets exchanged over a BGP session, providing similar features as QUIC. However, it is notoriously difficult to configure the keys used to protect BGP sessions. The widespread deployment of TLS combined with the possibility of deriving TCP-AO keys from the TLS handshake creates an interest in using TLS to secure BGP sessions. This document describes how BGP can operate over TCP/TLS.
Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses network byte order (that is, big endian) values. Fields are placed starting from the high-order bits of each byte.
Summary of operation A BGP over TLS/TCP session is established in two phases: establish a transport layer connection using TCP establish a TLS session over the TCP connection The TCP connection SHOULD be established on port TBD1. During the establishment of the TLS session, the router that initiates the connection MUST use the "botls" token in the Application Layer Protocol Negotiation (ALPN) extension . Other ALPN tokens MUST NOT be included in the TLS handshake. Once the TLS handshake is complete, the BGP session is initiated as defined in and the protocol operates in the same way as a classic BGP over TCP session. The difference is that the BGP session is now encrypted and authenticated using the TLS layer. As in , the TLS authentication parameters used for this connection are out of the scope of this draft.
Security Considerations This document improves the security of BGP sessions since the information exchanged over the session is now protected by using TLS. If TLS encounters a payload injection attack, it will generate an alert that immediately closes the TLS session. The BGP router SHOULD then attempt to reestablish the session. However, this will cause traffic to be interrupted during the connection re-establishment. If both BGP peers support TCP-AO, the TLS stack is protected against payload injection and this attack can be avoided. When enabled, TCP-AO counters the TCP injection attacks listed in . Furthermore, if the BGP router supports TCP-AO, it is RECOMMENDED to use an opportunistic TCP-AO approach as suggested in . The router will attempt to connect using TCP-AO with a default key. When the TLS handshake is finished, the routers will derive a new TCP-AO key using the TLS key.
IANA Considerations IANA is requested to assign a TCP port (TBD1) from the "Service Name and Transport Protocol Port Number Registry" as follows: Service Name: botls Port Number: TBD1 Transport Protocol: TCP Description: BGP over TLS/TCP Assignee: IETF Contact: IDR WG Registration Data: TBD Reference: this document Unauthorized Use Reported: idr@ietf.org It is suggested to use the same port as the one selected for BGP over QUIC .
Acknowledgments The authors thank Dimitri Safonov for the TCP-AO implementation in Linux.
Change log
Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection. A Border Gateway Protocol 4 (BGP-4) This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced. BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths. This document obsoletes RFC 1771. [STANDARDS-TRACK] BGP Security Vulnerabilities Analysis Border Gateway Protocol 4 (BGP-4), along with a host of other infrastructure protocols designed before the Internet environment became perilous, was originally designed with little consideration for protection of the information it carries. There are no mechanisms internal to BGP that protect against attacks that modify, delete, forge, or replay data, any of which has the potential to disrupt overall network routing behavior. This document discusses some of the security issues with BGP routing data dissemination. This document does not discuss security issues with forwarding of packets. This memo provides information for the Internet community. The TCP Authentication Option This document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK] Opportunistic TCP-AO with TLS Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. BGP over QUIC Futurewei Technologies Futurewei Technologies Juniper Networks Huawei Technologies Nvidia This document specifies the procedures for BGP to use QUIC as a transport protocol with a mechanism to carry Network Layer protocols (AFI/SAFI) over multiple QUIC streams to achieve high resiliency. The Generalized TTL Security Mechanism (GTSM) The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to verify whether the packet was originated by an adjacent node on a connected link has been used in many recent protocols. This document generalizes this technique. This document obsoletes Experimental RFC 3682. [STANDARDS-TRACK] The Transport Layer Security (TLS) Protocol Version 1.3 This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. QUIC: A UDP-Based Multiplexed and Secure Transport This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.