Default External BGP (EBGP) Route Propagation Behavior without Policies
RFC 8212

Document Type RFC - Proposed Standard (July 2017; No errata)
Updates RFC 4271
Last updated 2017-07-05
Replaces draft-mauch-bgp-reject
Stream IETF
Formats plain text pdf html bibtex
Reviews OPSDIR will not review this version
Stream WG state Submitted to IESG for Publication
Document shepherd Christopher Morrow
Shepherd write-up Show (last changed 2017-04-18)
IESG IESG state RFC 8212 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Warren Kumari
Send notices to Christopher Morrow <christopher.morrow@gmail.com>, aretana@cisco.com
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                          J. Mauch
Request for Comments: 8212                                        Akamai
Updates: 4271                                                J. Snijders
Category: Standards Track                                            NTT
ISSN: 2070-1721                                               G. Hankins
                                                                   Nokia
                                                               July 2017

Default External BGP (EBGP) Route Propagation Behavior without Policies

Abstract

   This document updates RFC 4271 by defining the default behavior of a
   BGP speaker when there is no Import or Export Policy associated with
   an External BGP session.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8212.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Mauch, et al.                Standards Track                    [Page 1]
RFC 8212                   BGP Default Reject                  July 2017

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   3.  Changes to RFC 4271 . . . . . . . . . . . . . . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Transition Considerations for BGP Implementers . . .   6
     A.1.  "N+1 N+2" Release Strategy  . . . . . . . . . . . . . . .   6
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   6
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   BGP routing security issues need to be addressed in order to make the
   Internet more stable.  Route leaks [RFC7908] are part of the problem,
   but software defects or operator misconfiguration can also
   contribute.  This document updates [RFC4271] so that routes are
   neither imported nor exported unless specifically enabled by
   configuration.  This change reduces the consequences of these
   problems and improves the default level of Internet routing security.

   Many deployed BGP speakers send and accept any and all route
   announcements between their BGP neighbors by default.  This practice
   dates back to the early days of the Internet, where operators were
   permissive in sending routing information to allow all networks to
   reach each other.  As the Internet has become more densely
   interconnected, the risk of a misbehaving BGP speaker poses
   significant risks to Internet routing.

   This specification intends to improve this situation by requiring the
   explicit configuration of both BGP Import and Export Policies for any
   External BGP (EBGP) session such as customers, peers, or
   confederation boundaries for all enabled address families.  Through
   codification of the aforementioned requirement, operators will
   benefit from consistent behavior across different BGP
   implementations.

   BGP speakers following this specification do not use or send routes
   on EBGP sessions, unless specifically configured to do so.

Mauch, et al.                Standards Track                    [Page 2]
Show full document text