Simplified Local internet nUmber Resource Management with the RPKI
draft-ietf-sidr-slurm-01

The information below is for an old version of the document
Document Type Active Internet-Draft (sidr WG)
Last updated 2016-04-13
Replaces draft-dseomn-sidr-slurm
Stream IETF
Intended RFC status (None)
Formats pdf htmlized bibtex
Reviews
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Secure Inter-Domain Routing                                D. Mandelberg
Internet-Draft                                          BBN Technologies
Intended status: Standards Track                          April 13, 2016
Expires: October 15, 2016

   Simplified Local internet nUmber Resource Management with the RPKI
                        draft-ietf-sidr-slurm-01

Abstract

   The Resource Public Key Infrastructure (RPKI) is a global
   authorization infrastructure that allows the holder of Internet
   Number Resources (INRs) to make verifiable statements about those
   resources.  Network operators, e.g., Internet Service Providers
   (ISPs), can use the RPKI to validate BGP route origination
   assertions.  In the future, ISPs also will be able to use the RPKI to
   validate the path of a BGP route.  Some ISPs locally use BGP with
   private address space or private AS numbers (see RFC6890).  These
   local BGP routes cannot be verified by the global RPKI, and SHOULD be
   considered invalid based on the global RPKI (see RFC6491).  The
   mechanisms described below provide ISPs with a way to make local
   assertions about private (reserved) INRs while using the RPKI's
   assertions about all other INRs.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 15, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Mandelberg              Expires October 15, 2016                [Page 1]
Internet-Draft                    SLURM                       April 2016

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Validation Output Filtering . . . . . . . . . . . . . . . . .   4
   3.  Locally Adding Assertions . . . . . . . . . . . . . . . . . .   4
   4.  Configuring SLURM . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Combining Mechanisms  . . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     9.1.  Informative References  . . . . . . . . . . . . . . . . .   8
     9.2.  Normative References  . . . . . . . . . . . . . . . . . .   9
   Appendix A.  Example SLURM File . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   The Resource Public Key Infrastructure (RPKI) is a global
   authorization infrastructure that allows the holder of Internet
   Number Resources (INRs) to make verifiable statements about those
   resources.  For example, the holder of a block of IP(v4 or v6)
   addresses can issue a Route Origination Authorization (ROA) [RFC6482]
   to authorize an Autonomous System (AS) to originate routes for that
   block.

   Internet Service Providers (ISPs) can then use the RPKI to validate
   BGP routes.  (Validation of the origin of a route is described in
   [RFC6483], and validation of the path of a route is described in
   [I-D.ietf-sidr-bgpsec-overview].)  However, some ISPs locally use BGP
   with private address space ([RFC1918], [RFC4193], [RFC6598]) or
   private AS numbers ([RFC1930], [RFC6996]).  These local BGP routes
   cannot be verified by the global RPKI, and SHOULD be considered
   invalid when using the RPKI.  For example, [RFC6491] recommends the
   creation of ROAs that would invalidate routes for reserved and
   unallocated address space.

Mandelberg              Expires October 15, 2016                [Page 2]
Show full document text