BGPsec Considerations for Autonomous System (AS) Migration
RFC 8206
| Document | Type |
RFC - Proposed Standard
(September 2017; No errata)
Updates RFC 8205
|
|
|---|---|---|---|
| Last updated | 2017-09-27 | ||
| Replaces | draft-george-sidr-as-migration | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Chris Morrow | ||
| Shepherd write-up | Show (last changed 2016-03-28) | ||
| IESG | IESG state | RFC 8206 (Proposed Standard) | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Alvaro Retana | ||
| Send notices to | aretana@cisco.com | ||
| IANA | IANA review state | IANA OK - No Actions Needed | |
| IANA action state | No IANA Actions | ||
Internet Engineering Task Force (IETF) W. George
Request for Comments: 8206 Neustar
Updates: 8205 S. Murphy
Category: Standards Track PARSONS, Inc.
ISSN: 2070-1721 September 2017
BGPsec Considerations for Autonomous System (AS) Migration
Abstract
This document discusses considerations and methods for supporting and
securing a common method for Autonomous System (AS) migration within
the BGPsec protocol.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8206.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
George & Murphy Standards Track [Page 1]
RFC 8206 BGPsec AS Migration September 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Documentation Note . . . . . . . . . . . . . . . . . . . 3
2. General Scenario . . . . . . . . . . . . . . . . . . . . . . 3
3. RPKI Considerations . . . . . . . . . . . . . . . . . . . . . 3
3.1. Origin Validation . . . . . . . . . . . . . . . . . . . . 4
3.2. Path Validation . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. Outbound Announcements (PE-->CE) . . . . . . . . . . 5
3.2.2. Inbound Announcements (CE-->PE) . . . . . . . . . . . 6
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Outbound (PE-->CE) . . . . . . . . . . . . . . . . . . . 8
5.2. Inbound (CE-->PE) . . . . . . . . . . . . . . . . . . . . 8
5.3. Other Considerations . . . . . . . . . . . . . . . . . . 9
5.4. Example . . . . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction
A method of managing a BGP Autonomous System Number (ASN) migration
is described in RFC 7705 [RFC7705]. Since it concerns the handling
of AS_PATH attributes, it is necessary to ensure that the process and
features are properly supported in BGPsec [RFC8205] because BGPsec is
explicitly designed to protect against changes in the BGP AS_PATH,
whether by choice, by misconfiguration, or by malicious intent. It
is critical that the BGPsec protocol framework be able to support
this operationally necessary tool without creating an unacceptable
security risk or exploit in the process.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
George & Murphy Standards Track [Page 2]
RFC 8206 BGPsec AS Migration September 2017
1.2. Documentation Note
This document uses ASNs from the range reserved for documentation as
described in RFC 5398 [RFC5398]. In the examples used here, they are
intended to represent Globally Unique ASNs, not ASNs reserved for
Show full document text