Software Version OPEN Optional Parameter Type for BGP
draft-abraitis-bgp-version-capability-09
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Author | Donatas Abraitis | ||
| Last updated | 2023-01-10 | ||
| RFC stream | (None) | ||
| Formats | |||
| IETF conflict review | conflict-review-abraitis-bgp-version-capability, conflict-review-abraitis-bgp-version-capability, conflict-review-abraitis-bgp-version-capability | ||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
| IANA | IANA review state | Version Changed - Review Needed |
draft-abraitis-bgp-version-capability-09
Network Working Group D. Abraitis
Internet-Draft Hostinger
Intended status: Standards Track 10 January 2023
Expires: 14 July 2023
Software Version OPEN Optional Parameter Type for BGP
draft-abraitis-bgp-version-capability-09
Abstract
In this document, we introduce a new BGP OPEN Optional Parameter Type
that allows the advertisement of a BGP speaker's routing daemon
version.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 14 July 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Abraitis Expires 14 July 2023 [Page 1]
Internet-Draft Software Version Optional Parameter January 2023
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Specification of Requirements . . . . . . . . . . . . . . . . 2
3. Software Version BGP OPEN Optional Parameter Type . . . . . . 3
4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4.1. Example Usage . . . . . . . . . . . . . . . . . . . . . . 3
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . 4
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
In this document, we introduce a new BGP OPEN Optional Parameter Type
that allows the advertisement of a BGP speaker's routing daemon
version.
In modern data center designs, we tend to have conventional routers
participating in the routing process. And the fleet of routers has
different versions of routing daemon. This means that knowing which
versions of the routing daemons are running the various routers in
the network can be a crucial factor in quickly identifying the root
cause of any protocol or network problems.
This new Optional Parameter Type is an optional advertisement.
Implementations are not required to advertise the version nor to
process received advertisements.
Information about the version of the routing daemon could also be
exchanged in protocols such as LLDP and CDP. However, in
containerized environments, it is very hard and not recommended to
exchange this information between background processes. Therefore,
and to help minimize operational costs, it is helpful to exchange the
routing daemon information between BGP peers directly.
2. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Abraitis Expires 14 July 2023 [Page 2]
Internet-Draft Software Version Optional Parameter January 2023
3. Software Version BGP OPEN Optional Parameter Type
The Optional Parameters in the BGP OPEN message are defined in the
base BGP specification [RFC4271]. This document defines a new BGP
OPEN Optional Parameter Type, the Software Version, with Type TBD and
value is up to 255 octets. The value field is encoded in UTF-8
[RFC3629]. It is unstructured data and can be formatted in any way
that the implementor decides.
The inclusion of the Software Version Optional Parameters is
OPTIONAL. If an implementation supports the inclusion of this
parameter, the implementation MUST include a configuration switch to
enable or disable its use, and that switch MUST be off by default.
The Software Version BGP OPEN Optional Parameter is intended for
environments where more visibility is needed for troubleshooting
purposes. It is NOT RECOMMENDED for use outside a single Autonomous
System, or a set of Autonomous Systems under a common administration.
An implementation that does not recognize or support the Software
Version Optional Parameter but receives one must ignore it.
4. Operation
The Software Version BGP OPEN Optional Parameter SHOULD only be used
for displaying the version of a BGP speaker's router daemon to make
troubleshooting easier.
Consider a group of routers each with a number of upstream nodes, and
suppose that each router has a different operating system and
different routing daemon at a different version installed. Assuming
that a specific feature is not working or that there is a bug which
has not been fixed in a particular version of the code, knowledge of
the routing daemon versions would allow an operator to quickly
identify the pattern of which versions are affected.
Enabling (i.e., turning on) this parameter requires bouncing all
existing BGP sessions and the feature MUST be explicitly configured
before an implementation advertizes the Software Version Optional
Parameter.
4.1. Example Usage
Below is an example from the [FRRouting] implementation showing both
the received and advertised Software Version:
Abraitis Expires 14 July 2023 [Page 3]
Internet-Draft Software Version Optional Parameter January 2023
:~# vtysh -c 'show ip bgp summary failed'
...
Neighbor EstdCnt DropCnt ResetTime Reason
ens192 3 3 00:00:35 Waiting for peer OPEN (n/a)
ens224 3 3 00:01:12 Waiting for NHT (FRRouting 7.2)
eth0 3 3 00:00:14 Neighbor deleted (FRRouting 7.3)
...
Figure 1
5. IANA Considerations
The BGP OPEN Optional Parameter Types registry is a standalone
registry. IANA is requested to assign a capability number from the
First Come First Served range for the Software Version BGP OPEN
Optional Parameter in this document as follows:
+=======+==================+============+
| Value | Description | Reference |
+=======+==================+============+
| TBD | Software Version | [This.I-D] |
+-------+------------------+------------+
Table 1: Software Version BGP OPEN
Optional Parameter
6. Security Considerations
The Software Version BGP OPEN Optional Parameter should be treated as
sensitive information: it could be easier for an attacker to exploit
the system if they know the specific software version and
manufacturer of a BGP speaker. This information could be gathered by
inspecting BGP OPEN messages that carry the Software Version BGP OPEN
Optional Parameter defined in this document. Furthermore, this
knowledge may facilitate a number of social-engineering attacks.
Modifying the information advertised by a router might lead to
attacks including bogus software upgrades and also might mask the
causes of faults in the network.
Users of this mechanism should be aware that unless a transport that
provides integrity is used for the BGP session in question, the
Software Version parameter can be forged. Unless a transport that
provides confidentiality is used, the Software Version parameter
could be snooped by an attacker. These issues are common to any BGP
message but may be of greater interest in the context of this
extension as explained above. Refer to the related considerations in
[RFC4271] and [RFC4272].
Abraitis Expires 14 July 2023 [Page 4]
Internet-Draft Software Version Optional Parameter January 2023
Users of this mechanism should consider applying data minimization
practices as outlined in Section 6.1 of [RFC6973], as appropriate
within the deployment context.
Sensitive information leaks can be minimized by using the [RFC5082]
mechanism or firewalls to filter out TCP 179 port from untrusted
networks. This optional parameter can be disabled per neighbor, thus
the sensitive information can't be disclosed to untrusted neighbors.
7. References
7.1. Normative References
[RFC2119] Bradner, S. and RFC Publisher, "Key words for use in RFCs
to Indicate Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis",
RFC 4272, DOI 10.17487/RFC4272, January 2006,
<https://www.rfc-editor.org/info/rfc4272>.
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007,
<https://www.rfc-editor.org/info/rfc5082>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973,
DOI 10.17487/RFC6973, July 2013,
<https://www.rfc-editor.org/info/rfc6973>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References
Abraitis Expires 14 July 2023 [Page 5]
Internet-Draft Software Version Optional Parameter January 2023
[FRRouting]
Abraitis, D.A., "FRRouting - BGP Software Version
Capability", 2019, <https://github.com/ton31337/frr/
commit/4c566878fd1a7df9f8c84ee03f419c0b00ae444b>.
Author's Address
Donatas Abraitis
Hostinger
Jonavos g. 60C
LT-44192 Kaunas
Lithuania
Phone: +370 614 18958
Email: donatas.abraitis@hostinger.com
Abraitis Expires 14 July 2023 [Page 6]