datatracker.ietf.org
Sign In
Version 4.45, 2013-05-14
Report a bug

Revised Error Handling for BGP UPDATE Messages
draft-ietf-idr-error-handling-03

Active Internet-Draft (idr WG)
Document Stream: IETF
Last updated: 2012-11-21
Replaces: draft-ietf-idr-optional-transitive, draft-chen-ebgp-error-handling
Intended RFC status: (None)
Other versions: plain text, pdf, html
IETF State: WG Document (idr)
Document shepherd:(None)
Shepherd writeup
Consensus:Unknown
IESG State: I-D Exists
Responsible AD: (None)
Send notices to: No addresses provided 
Internet Engineering Task Force (IETF)                        J. Scudder
Internet Draft                                          Juniper Networks
Update: 1997, 4271, 4360, 5701 (if approved)                     E. Chen
Intended Status: Standards Track                            P. Mohapatra
Expires: May 22, 2013                                           K. Patel
                                                           Cisco Systems
                                                       November 21, 2012

             Revised Error Handling for BGP UPDATE Messages
                  draft-ietf-idr-error-handling-03.txt

Abstract

   According to the base BGP specification, a BGP speaker that receives
   an UPDATE message containing a malformed attribute is required to
   reset the session over which the offending attribute was received.
   This behavior is undesirable as a session reset would impact not only
   routes with the offending attribute, but also other valid routes
   exchanged over the session.  This document partially revises the
   error handling for UPDATE messages, and provides guidelines for the
   authors of documents defining new attributes.  Finally, it revises
   the error handling procedures for a number of existing attributes.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on May 22, 2013.

draft-ietf-idr-error-handling-03.txt                            [Page 1]

Internet Draft    draft-ietf-idr-error-handling-03.txt         Nov. 2012

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1. Introduction

   According to the base BGP specification [RFC4271], a BGP speaker that
   receives an UPDATE message containing a malformed attribute is
   required to reset the session over which the offending attribute was
   received.  This behavior is undesirable as a session reset would
   impact not only routes with the offending attribute, but also other
   valid routes exchanged over the session.  In the case of optional
   transitive attributes, the behavior is especially troublesome and may
   present a potential security vulnerability.  The reason is that such
   attributes may have been propagated without being checked by
   intermediate routers that do not recognize the attributes -- in
   effect the attribute may have been tunneled, and when they do reach a
   router that recognizes and checks them, the session that is reset may
   not be associated with the router that is at fault.

   The goal for revising the error handling for UPDATE messages is to
   minimize the impact on routing by a malformed UPDATE message, while
   maintaining protocol correctness to the extent possible.  This can be
   achieved largely by maintaining the established session and keeping
   the valid routes exchanged, but removing the routes carried in the
   malformed UPDATE from the routing system.

   This document partially revises the error handling for UPDATE
   messages, and provides guidelines for the authors of documents
   defining new attributes.  Finally, it revises the error handling
   procedures for a number of existing attributes.  Specifically, the
   error handling procedures of [RFC4271], [RFC1997], [RFC4360] and
   [RFC5701] are revised.

draft-ietf-idr-error-handling-03.txt                            [Page 2]

Internet Draft    draft-ietf-idr-error-handling-03.txt         Nov. 2012

1.1. Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",