Skip to main content

Using BMP over QUIC connection
draft-liu-grow-bmp-over-quic-00

Document Type Active Internet-Draft (individual)
Authors Yisong Liu , Changwang Lin
Last updated 2024-09-25
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-liu-grow-bmp-over-quic-00
Global Routing Operations                                        Y. Liu
Internet Draft                                             China Mobile
Intended status: Standards Track                                 C. Lin
Expires: March 26, 2025                            New H3C Technologies
                                                     September 25, 2024

                      Using BMP over QUIC connection
                      draft-liu-grow-bmp-over-quic-00

Abstract

   The BGP Monitoring Protocol (BMP) provides a convenient interface
   for obtaining route views by monitoring BGP sessions. BMP operates
   over TCP and is unidirectional (from client to server). QUIC
   provides multiple simultaneous streams to carry data in one
   direction, enabling much better efficiency and performance for both
   peers, in particular unidirectional streams can provide reverse data
   protection for the sender. QUIC also provides shorter handshake and
   includes TLS. This document describes how to use BMP over the QUIC
   transport protocol, named BMPoQUIC.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute
   working documents as Internet-Drafts. The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 26, 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with

Liu, et al.             Expire March 26, 2025                 [Page 1]
Internet-Draft      Using BMP over QUIC connection      September 2024

   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents

   1. Introduction...................................................3
   2. Terminology and Definitions....................................3
   3. Connection Management..........................................4
      3.1. Connection Establishment..................................4
      3.2. Connection Termination....................................4
         3.2.1. QUIC Connection Termination Process..................4
         3.2.2. BMPoQUIC Considerations for Connection Termination...4
   4. Stream mapping and usage.......................................4
      4.1. Multi-stream Selection....................................5
   5. Endpoint Authentication........................................6
   6. Operational Considerations.....................................6
   7. IANA Considerations............................................6
   8. Security Considerations........................................6
   9. References.....................................................7
      9.1. Normative References......................................7
      9.2. Informative References....................................7
   Authors' Addresses................................................8

Liu, et al.            Expires March 26, 2025                 [Page 2]
Internet-Draft      Using BMP over QUIC connection      September 2024

1. Introduction

   The BGP Monitoring Protocol (BMP) [RFC7854] defines a standard
   mechanisms for obtaining route views by monitoring BGP sessions. BMP
   operation uses TCP as its transport protocol to provide reliable
   communication. BMP establishes connection relationships between
   monitored router and monitoring station using a TCP session.

   In BMP message communication, in order to simplify the
   implementation, only the monitored router reports messages to the
   monitoring station, and the station does not send messages to the
   router [RFC7854]. In other words, the BMP communication is actually
   unidirectional (from router to station). As a consequence, the
   direction from the monitoring station to the monitored router may be
   used as an interface for malicious attacks on the router. As BMP
   supports more and more types of routes to be reported, the number of
   reported BMP messages is also increasing, which also brings huge
   challenges to TCP data transmission pressure.

   QUIC [RFC9000] is a UDP-based multiplexed and secure transport
   protocol that provides connection-oriented and stateful interaction
   between a client and server. It can provide low latency and
   encrypted transport with resilient connections.

   QUIC uses multiple simultaneous streams to carry data in one
   direction. Each stream is a separate unidirectional or bidirectional
   channel consisting of an ordered stream of bytes. In Addition, each
   stream has its own flow control, which limit bytes sent on a stream,
   together with flow control of the connection. Among them, the
   unidirectional stream is very consistent with the message
   transmission mechanism of BMP.

   Therefore, QUIC is a proper transport protocol for the message
   transmission mechanism of BMP. This document specifies how to use
   QUIC as the secure transport protocol for BMP.

2. Terminology and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   In this document, the terms "client" and "server" are used to refer
   to the two ends of the QUIC connection. The client actively
   initiates the QUIC connection. The terms "monitored router" and
   "monitoring station" are used to refer to the two ends of the BMP
   session. The router sends BMP messages to the station, but the
   station does not respond to the router.

Liu, et al.            Expires March 26, 2025                 [Page 3]
Internet-Draft      Using BMP over QUIC connection      September 2024

   *  Client: The endpoint that initiates a QUIC connection, the BMP
   monitored router.

   *  Server: The endpoint that accepts a QUIC connection, the BMP
   monitoring station.

3. Connection Management

3.1. Connection Establishment

   QUIC connection establishment is described in [RFC9000]. During
   establishing connection, BMPoQUIC support is indicated by selecting
   the Application-Layer Protocol Negotiation (ALPN) [RFC7301] token as
   listed in the IANA sectionSection 7 in the TLS handshake.

   The monitored router MUST also act as the client meanwhile the
   monitoring station must also act as the server.

   The monitored router should be the initiator of the QUIC connection
   to the monitoring station meanwhile the monitoring station acts as a
   connection acceptor.

3.2. Connection Termination

3.2.1. QUIC Connection Termination Process

   The typical QUIC connection termination process is described in
   [RFC9000].

3.2.2. BMPoQUIC Considerations for Connection Termination

   When a BMP session is implemented based on a QUIC connection, the
   idle timeout should be disabled or the QUIC max_idle_timeout should
   be set appropriately in order to keep the QUIC connection persistent
   even if the BMP session is idle.

   When a BMP monitoring station receives a termination message, it
   will graceful close the BMP session. The station SHOULD close the
   associated QUIC connection.

   When a BMP monitored router is detecting the interruption of the
   QUIC connection, it SHOULD send a termination message to the BMP
   monitoring station.

4. Stream mapping and usage

   There are six kinds of BMP main message sent from monitored router
   to monitoring station, namely route monitoring message, statistics

Liu, et al.            Expires March 26, 2025                 [Page 4]
Internet-Draft      Using BMP over QUIC connection      September 2024

   report message, peer down notification message, peer up notification
   message, initiation message, termination message and route mirroring
   message [RFC7854]. The six kinds of BMP messages need to be mapped
   into QUIC streams.

   QUIC [RFC9000] is a UDP-based multiplexed and secure transport
   protocol that provides connection-oriented and stateful interaction
   between a client and server. It can provide low latency and
   encrypted transport with resilient connections.

   QUIC uses Stream ID to identify the stream. The least significant
   bit (0x1) of the stream ID identifies the initiator of the stream.
   The second least significant bit (0x2) of the stream ID
   distinguishes between bidirectional streams (with the bit set to 0)
   and unidirectional streams.

   No BMP message is ever sent from the monitoring station to the
   monitored router. The monitored router MAY take steps to prevent the
   monitoring station from sending data or it MAY silently discard any
   data sent by the monitoring station. So BMP messages from monitored
   router SHOULD be mapped into unidirectional stream whose stream type
   is 0x2 according to the above.

4.1. Multi-stream Selection

   When a router has many peers and a large number of routes, if the
   related BMP messages are reported through an independent stream, the
   communication pressure of this stream will be very large and the
   efficiency will be very low. In order to reduce the communication
   pressure and improve the communication efficiency, multiple streams
   can be allocated according to the number of neighbors of the router,
   and each stream is used to transmit the BMP message of the specified
   peers, as shown in Figure 1. The number of streams can be configured
   as needed.

   +------------+                       +--------------+
   |   Peer 1   |                       |              |
   |            |---------------------->|   Stream 1   |
   |   Peer 2   |                       |              |
   +------------+                       +--------------+
         ~                                      ~
         ~                                      ~
   +------------+                       +--------------+
   |   Peer x   |                       |              |
   |            |---------------------->|   Stream n   |
   |   Peer y   |                       |              |
   +------------+                       +--------------+
   Figure 1: Multi-stream Selection Structure

Liu, et al.            Expires March 26, 2025                 [Page 5]
Internet-Draft      Using BMP over QUIC connection      September 2024

   When multiple streams are used to transmit BMP messages, each stream
   needs to transmit peer-insensitive BMP messages (that is, BMP
   messages that do not carry the per-peer header format) to ensure the
   order of BMP messages. Peer-insensitive BMP messages include
   Initiation Message and Termination Message [RFC7854].

5. Endpoint Authentication

   BMPoQUIC uses QUIC which uses TLS version 1.3 or greater. Therefore,
   the TLS handshake process can be used for BMPoQUIC endpoint
   authentication. A third-party authentication mechanism can also be
   applied for BMPoQUIC endpoint authentication, such as a TLS client
   certificate.

6. Operational Considerations

   The decision to use BMPoQUIC instead of the TCP-based mechanism in
   [RFC7854] is an operational decision, and an implementation MUST
   provide a configuration mechanism to enable BMPoQUIC on the BMP
   session.

   Some connectivity problems (such as blocking UDP) could result in a
   failure to establish a QUIC connection. When this happens, monitored
   router SHOULD attempt to establish a TCP-based BMP session.

7. IANA Considerations

   This document creates a new registration for the identification of
   BMPoQUIC in the "Application Layer Protocol Negotiation (ALPN)
   Protocol IDs registry established in [RFC7301].

   The "BMPoQ" string identifies BMPoQUIC:

   *  Protocol: BMPoQUIC

   *  Identification Sequence: 0x42 0x4d 0x50 0x6f 0x51 ("BMPoQ")

   *  Specification: This document

8. Security Considerations

   This document replaces the transport protocol layer of BMP from TCP
   to QUIC. The basic protocol specification of BMP is not modified,
   and therefore the new security risks are not introduced to the basic
   BMP protocol. BMPoQUIC enhances transport-layer security for BMP
   session according to [RFC9000].

Liu, et al.            Expires March 26, 2025                 [Page 6]
Internet-Draft      Using BMP over QUIC connection      September 2024

   This document does not require to support third-party authentication
   (e.g., backend Authentication) due to the fact that TLS does not
   specify this way of authentication. If third-party authentication is
   needed, TLS client certificates are recommended to be used here.

9. References

9.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, DOI
             10.17487/RFC2119, March 1997, <https://www.rfc-
             editor.org/rfc/rfc2119>.

   [RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP
             Monitoring Protocol (BMP)", RFC 7854, DOI
             10.17487/RFC7854, June 2016, <https://www.rfc-
             editor.org/info/rfc7854>.

   [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
             Multiplexed and Secure Transport", RFC 9000, DOI
             10.17487/RFC9000, May 2021, <https://www.rfc-
             editor.org/info/rfc9000>.

9.2. Informative References

   [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan,
             "Transport Layer Security (TLS) Application-Layer Protocol
             Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
             July 2014, <https://www.rfc-editor.org/info/rfc7301>.

Liu, et al.            Expires March 26, 2025                 [Page 7]
Internet-Draft      Using BMP over QUIC connection      September 2024

Authors' Addresses

   Yisong Liu
   China Mobile
   China
   Email: liuyisong@chinamobile.com

   Changwang Lin
   New H3C Technologies
   Beijing
   China

   Email: linchangwang.04414@h3c.com

Liu, et al.            Expires March 26, 2025                 [Page 8]