Skip to main content

BGP Signaled Prefix-List For Dynamic Configuration
draft-moshiko-bgp-prefixlist-dynamic-config-00

Document Type Active Internet-Draft (individual)
Author Moshiko Nayman
Last updated 2024-08-10
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-moshiko-bgp-prefixlist-dynamic-config-00
Network Working Group                                     M. Nayman, Ed.
Internet-Draft                                          Juniper Networks
Intended status: Standards Track                             August 2024
Expires: 11 February 2025

           BGP Signaled Prefix-List For Dynamic Configuration
             draft-moshiko-bgp-prefixlist-dynamic-config-00

Abstract

   This document defines a new BGP extended community attribute, termed
   the "Prefix-List Community," which allows the dynamic assignment of
   prefixes to named prefix-lists via BGP signaling.  The proposed
   extension enhances the configuration and operational flexibility of
   prefix-lists in routing policies by associating them with community
   attributes directly within BGP routes.

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 2 February 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Nayman                  Expires 11 February 2025                [Page 1]
Internet-Draft          BGP Signaled Prefix-List             August 2024

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Prefix-List Community Attribute . . . . . . . . . . . . . . .   3
     2.1.  Usage and Configuration . . . . . . . . . . . . . . . . .   3
     2.2.  AFI/SAFI Support  . . . . . . . . . . . . . . . . . . . .   4
     2.3.  Operational Behavior  . . . . . . . . . . . . . . . . . .   4
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Acronyms and Abbreviations . . . . . . . . . . . . .   6
   Appendix B.  Acknowledgements . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   In modern networks, routing policies, access control lists or filters
   often utilize prefix-lists to simplify configuration by allowing a
   set of IP prefixes to be referenced by a single name or identifier.
   Prefix-lists can include multiple IPv4 or IPv6 addresses, which are
   then applied consistently across various routing policies.

   The general structure for defining a prefix-list is as follows:

                   prefix-list <name> <prefix>

   In this context, <name> represents a user-defined identifier for the
   prefix-list, and <prefix> specifies the exact IP prefix.

   To configure a prefix-list for one or more IP prefixes, the following
   configuration can be used:

                   prefix-list PREFIX-1 192.168.1.0/24
                   prefix-list PREFIX-1 192.168.2.0/24

   To match no routes, a prefix-list might be configured as:

Nayman                  Expires 11 February 2025                [Page 2]
Internet-Draft          BGP Signaled Prefix-List             August 2024

                   prefix-list PREFIX-NULL 0.0.0.0/32

   To match all routes, the configuration might be:

                   prefix-list PREFIX-ANY 0.0.0.0/0

   This document proposes a new BGP signaled mechanism to dynamically
   assign prefixes to prefix-lists using a new BGP extended community
   attribute, referred to as the "Prefix-List Community."

   In modern networks, managing prefix-lists manually can be cumbersome
   and error-prone.  The proposed BGP signaled mechanism aims to
   automate this process, enhancing operational efficiency and reducing
   configuration errors.

2.  Prefix-List Community Attribute

   The Prefix-List Community attribute is a Non-Transitive Extended
   Community that enables routers to dynamically assign received
   prefixes to preconfigured prefix-lists.  The attribute can be
   utilized in both IPv4 and IPv6 address families.

   The Prefix-List Community attribute is encoded as a Type-Length-Value
   (TLV) structure, where the Type field indicates the community type,
   the Length field specifies the length of the value, and the Value
   field contains the prefix-list identifier.

2.1.  Usage and Configuration

   When a router receives a BGP route with the Prefix-List Community
   attribute, it will automatically assign the route to the
   corresponding preconfigured prefix-list.  For example:

   - A router receives the routes "192.168.1.0/24", "192.168.2.0/24",
   and "192.168.3.0/24" with the community attribute "prefix:100:100".

   - Another route, "172.16.0.0/12", is received with the community
   attribute "prefix:200:200".

   The routes will be automatically assigned to the corresponding
   preconfigured prefix-lists as follows:

                       prefix-list PREFIX-1 prefix:100:100
                       prefix-list PREFIX-2 prefix:200:200

Nayman                  Expires 11 February 2025                [Page 3]
Internet-Draft          BGP Signaled Prefix-List             August 2024

2.2.  AFI/SAFI Support

   The Prefix-List Community attribute can be signaled in BGP updates
   within the following Address Family Identifier (AFI) and Subsequent
   Address Family Identifier (SAFI) combinations:

   - AFI=1, SAFI=1, IPv4 unicast: Used for standard IPv4 unicast routing

   - AFI=1, SAFI=128, L3VPN IPv4 unicast: Used for L3VPN IPv4 unicast
   routing

   - AFI=2, SAFI=1, IPv6 unicast: Used for standard IPv6 unicast routing

   - AFI=2, SAFI=128, L3VPN IPv6 unicast: Used for L3VPN IPv6 unicast
   routing

   - AFI=1, SAFI=4, labeled IPv4: Used for labeled IPv4 routing

   - AFI=2, SAFI=4, labeled IPv6 (6PE): Used for labeled IPv6 routing

2.3.  Operational Behavior

   The operational behavior of a router with the Prefix-List Community
   attribute is as follows:

   - *Route Processing:* A route received with only the Prefix-List
   Community attribute will be installed if there is a valid next-hop
   resolution.  If the next-hop is invalid or cannot be resolved, the
   route may be placed into a hidden table but will still be used for
   prefix-list assignment.

   - *Interaction with Other Communities:* If a route is received with
   both the Prefix-List Community attribute and other community
   attributes, the router will process it as per standard BGP processing
   rules defined in [RFC4271].

3.  Security Considerations

   The Prefix-List Community attribute is a Non-Transitive Extended
   Community and should be treated with the same security considerations
   as other BGP extended communities.  Care should be taken to ensure
   that only authorized routers and networks utilize this attribute to
   prevent unauthorized or malicious routing changes.

Nayman                  Expires 11 February 2025                [Page 4]
Internet-Draft          BGP Signaled Prefix-List             August 2024

   To prevent unauthorized use of the Prefix-List Community attribute,
   it is recommended to implement a filter or access control lists
   (ACLs) and BGP authentication mechanisms by implementing session
   protection through TTL security [RFC5082], TCP Authentication Option
   (TCP-AO) or Message Digest Algorithm 5 (MD5) and control-plane
   filtering.  [RFC7574].

4.  IANA Considerations

   This document requests the allocation of a new BGP Extended Community
   Type for the Prefix-List Community attribute from the IANA "BGP
   Extended Communities" registry.

5.  References

5.1.  Normative References

   [RFC4271]  Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
              Border Gateway Protocol 4 (BGP-4)", RFC 4271,
              DOI 10.17487/RFC4271, January 2006,
              <https://www.rfc-editor.org/info/rfc4271>.

   [RFC4360]  Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended
              Communities Attribute", RFC 4360, DOI 10.17487/RFC4360,
              February 2006, <https://www.rfc-editor.org/info/rfc4360>.

5.2.  Informative References

   [RFC7153]  Rosen, E. and Y. Rekhter, "IANA Registries for BGP
              Extended Communities", RFC 7153, DOI 10.17487/RFC7153,
              March 2014, <https://www.rfc-editor.org/info/rfc7153>.

   [RFC7574]  Bakker, A., Petrocco, R., and V. Grishchenko, "Peer-to-
              Peer Streaming Peer Protocol (PPSPP)", RFC 7574,
              DOI 10.17487/RFC7574, July 2015,
              <https://www.rfc-editor.org/info/rfc7574>.

   [RFC1321]  Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
              DOI 10.17487/RFC1321, April 1992,
              <https://www.rfc-editor.org/info/rfc1321>.

   [RFC5925]  Touch, J., Mankin, A., and R. Bonica, "The TCP
              Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
              June 2010, <https://www.rfc-editor.org/info/rfc5925>.

Nayman                  Expires 11 February 2025                [Page 5]
Internet-Draft          BGP Signaled Prefix-List             August 2024

   [RFC5082]  Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
              Pignataro, "The Generalized TTL Security Mechanism
              (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007,
              <https://www.rfc-editor.org/info/rfc5082>.

   [RFC6192]  Dugal, D., Pignataro, C., and R. Dunn, "Protecting the
              Router Control Plane", RFC 6192, DOI 10.17487/RFC6192,
              March 2011, <https://www.rfc-editor.org/info/rfc6192>.

Appendix A.  Acronyms and Abbreviations

   AFI: Address Family Identifier

   BGP: Border Gateway Protocol

   IP: Internet Protocol

   IPv4: Internet Protocol version 4

   IPv6: Internet Protocol version 6

   NLRI: Network Layer Reachability Information

   VPN: Virtual Private Network

   SAFI: Subsequent Address Family Identifier

Appendix B.  Acknowledgements

   The author would like to thank the IETF community for their valuable
   feedback and suggestions.

Author's Address

   Moshiko Nayman (editor)
   Juniper Networks
   18 Buckingham Dr
   Manalapan, NJ 07726
   United States of America
   Email: mnayman@juniper.net

Nayman                  Expires 11 February 2025                [Page 6]