Support for Adj-RIB-Out in the BGP Monitoring Protocol (BMP)
RFC 8671
Document | Type |
RFC
- Proposed Standard
(November 2019)
Updates RFC 7854
|
|
---|---|---|---|
Authors | Tim Evens , Serpil Bayraktar , Paolo Lucente , Kevin Mi, Shunwan Zhuang | ||
Last updated | 2019-11-05 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Warren "Ace" Kumari | |
Send notices to | (None) |
RFC 8671
Internet Engineering Task Force (IETF) T. Evens Request for Comments: 8671 S. Bayraktar Updates: 7854 Cisco Systems Category: Standards Track P. Lucente ISSN: 2070-1721 NTT Communications P. Mi Tencent S. Zhuang Huawei November 2019 Support for Adj-RIB-Out in the BGP Monitoring Protocol (BMP) Abstract The BGP Monitoring Protocol (BMP) only defines access to the Adj-RIB- In Routing Information Bases (RIBs). This document updates BMP (RFC 7854) by adding access to the Adj-RIB-Out RIBs. It also adds a new flag to the peer header to distinguish between Adj-RIB-In and Adj- RIB-Out. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8671. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 2. Terminology 3. Definitions 4. Per-Peer Header 5. Adj-RIB-Out 5.1. Post-policy 5.2. Pre-policy 6. BMP Messages 6.1. Route Monitoring and Route Mirroring 6.2. Statistics Report 6.3. Peer Up and Down Notifications 6.3.1. Peer Up Information 7. Other Considerations 7.1. Peer and Update Groups 7.2. Changes to Existing BMP Session 8. Security Considerations 9. IANA Considerations 9.1. Addition to BMP Peer Flags Registry 9.2. Additions to BMP Statistics Types Registry 9.3. Addition to BMP Initiation Message TLVs Registry 10. Normative References Acknowledgements Contributors Authors' Addresses 1. Introduction The BGP Monitoring Protocol (BMP) defines monitoring of the received (e.g., Adj-RIB-In) Routing Information Bases (RIBs) per peer. The pre-policy Adj-RIB-In conveys to a BMP receiver all RIB data before any policy has been applied. The post-policy Adj-RIB-In conveys to a BMP receiver all RIB data after policy filters and/or modifications have been applied. An example of pre-policy versus post-policy is when an inbound policy applies attribute modification or filters. Pre-policy would contain information prior to the inbound policy changes or filters of data. Post-policy would convey the changed data or would not contain the filtered data. Monitoring the received updates that the router received before any policy has been applied is the primary level of monitoring for most use cases. Inbound policy validation and auditing are the primary use cases for enabling post-policy monitoring. In order for a BMP receiver to receive any BGP data, the BMP sender (e.g., router) needs to have an established BGP peering session and actively be receiving updates for an Adj-RIB-In. Being able to only monitor the Adj-RIB-In puts a restriction on what data is available to BMP receivers via BMP senders (e.g., routers). This is an issue when the receiving end of the BGP peer is not enabled for BMP or when it is not accessible for administrative reasons. For example, a service provider advertises prefixes to a customer, but the service provider cannot see what it advertises via BMP. Asking the customer to enable BMP and monitoring of the Adj- RIB-In are not feasible. BMP [RFC7854] only defines Adj-RIB-In being sent to BMP receivers. This document updates the per-peer header defined in Section 4.2 of [RFC7854] by adding a new flag to distinguish between Adj-RIB-In and Adj-RIB-Out. BMP senders use the new flag to send either Adj-RIB-In or Adj-RIB-Out. Adding Adj-RIB-Out provides the ability for a BMP sender to send to BMP receivers what it advertises to BGP peers, which can be used for outbound policy validation and to monitor routes that were advertised. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Definitions Adj-RIB-Out As defined in [RFC4271], "The Adj-RIBs-Out contains the routes for advertisement to specific peers by means of the local speaker's UPDATE messages." Pre-policy Adj-RIB-Out The result before applying the outbound policy to an Adj-RIB-Out. This normally would match what is in the local RIB. Post-policy Adj-RIB-Out The result of applying outbound policy to an Adj-RIB-Out. This MUST convey to the BMP receiver what is actually transmitted to the peer. 4. Per-Peer Header The per-peer header has the same structure and flags as defined in Section 4.2 of [RFC7854] with the addition of the O flag as shown here: 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |V|L|A|O| Resv | +-+-+-+-+-+-+-+-+ * The O flag indicates Adj-RIB-In if set to 0 and Adj-RIB-Out if set to 1. The existing flags are defined in Section 4.2 of [RFC7854], and the remaining bits are reserved for future use. They MUST be transmitted as 0, and their values MUST be ignored on receipt. When the O flag is set to 1, the following fields in the per-peer header are redefined: * Peer Address: The remote IP address associated with the TCP session over which the encapsulated Protocol Data Unit (PDU) is sent. * Peer AS: The Autonomous System number of the peer to which the encapsulated PDU is sent. * Peer BGP ID: The BGP Identifier of the peer to which the encapsulated PDU is sent. * Timestamp: The time when the encapsulated routes were advertised (one may also think of this as the time when they were installed in the Adj-RIB-Out), expressed in seconds and microseconds since midnight (zero hour), January 1, 1970 (UTC). If zero, the time is unavailable. Precision of the timestamp is implementation- dependent. 5. Adj-RIB-Out 5.1. Post-policy The primary use case in monitoring Adj-RIB-Out is to monitor the updates transmitted to a BGP peer after outbound policy has been applied. These updates reflect the result after modifications and filters have been applied (e.g., post-policy Adj-RIB-Out). Some attributes are set when the BGP message is transmitted, such as next hop. Post-policy Adj-RIB-Out MUST convey to the BMP receiver what is actually transmitted to the peer. The L flag MUST be set to 1 to indicate post-policy. 5.2. Pre-policy Similar to Adj-RIB-In policy validation, pre-policy Adj-RIB-Out can be used to validate and audit outbound policies. For example, a comparison between pre-policy and post-policy can be used to validate the outbound policy. Depending on the BGP peering session type -- Internal BGP (IBGP), IBGP route reflector client, External BGP (EBGP), BGP confederations, route server client -- the candidate routes that make up the pre- policy Adj-RIB-Out do not contain all local RIB routes. Pre-policy Adj-RIB-Out conveys only routes that are available based on the peering type. Post-policy represents the filtered/changed routes from the available routes. Some attributes are set only during transmission of the BGP message, i.e., post-policy. It is common that the next hop may be null, loopback, or similar during the pre-policy phase. All mandatory attributes, such as next hop, MUST be either zero or have an empty length if they are unknown at the pre-policy phase completion. The BMP receiver will treat zero or empty mandatory attributes as self- originated. The L flag MUST be set to 0 to indicate pre-policy. 6. BMP Messages Many BMP messages have a per-peer header, but some are not applicable to Adj-RIB-In or Adj-RIB-Out monitoring, such as Peer Up and Down Notifications. Unless otherwise defined, the O flag should be set to 0 in the per-peer header in BMP messages. 6.1. Route Monitoring and Route Mirroring The O flag MUST be set accordingly to indicate if the route monitor or route mirroring message conveys Adj-RIB-In or Adj-RIB-Out. 6.2. Statistics Report The Statistics Report message has a Stat Type field to indicate the statistic carried in the Stat Data field. Statistics report messages are not specific to Adj-RIB-In or Adj-RIB-Out and MUST have the O flag set to zero. The O flag SHOULD be ignored by the BMP receiver. This document defines the following new statistics types: * Stat Type = 14: Number of routes in pre-policy Adj-RIB-Out. This statistics type is 64-bit Gauge. * Stat Type = 15: Number of routes in post-policy Adj-RIB-Out. This statistics type is 64-bit Gauge. * Stat Type = 16: Number of routes in per-AFI/SAFI pre-policy Adj- RIB-Out. The value is structured as: 2-byte Address Family Identifier (AFI), 1-byte Subsequent Address Family Identifier (SAFI), followed by a 64-bit Gauge. * Stat Type = 17: Number of routes in per-AFI/SAFI post-policy Adj- RIB-Out. The value is structured as: 2-byte Address Family Identifier (AFI), 1-byte Subsequent Address Family Identifier (SAFI), followed by a 64-bit Gauge. 6.3. Peer Up and Down Notifications Peer Up and Down Notifications convey BGP peering session state to BMP receivers. The state is independent of whether or not route monitoring or route mirroring messages will be sent for Adj-RIB-In, Adj-RIB-Out, or both. BMP receiver implementations SHOULD ignore the O flag in Peer Up and Down Notifications. 6.3.1. Peer Up Information This document defines the following Peer Up Information TLV type: * Type = 4: Admin Label. The Information field contains a free-form UTF-8 string whose byte length is given by the Information Length field. The value is administratively assigned. There is no requirement to terminate the string with null or any other character. Multiple Admin Labels can be included in the Peer Up Notification. When multiple Admin Labels are included, the BMP receiver MUST preserve their order. The Admin Label is optional. 7. Other Considerations 7.1. Peer and Update Groups Peer and update groups are used to group updates shared by many peers. This is a level of efficiency in implementations, not a true representation of what is conveyed to a peer in either pre-policy or post-policy. One of the use cases to monitor post-policy Adj-RIB-Out is to validate and continually ensure the egress updates match what is expected. For example, wholesale peers should never have routes with community X:Y sent to them. In this use case, there may be hundreds of wholesale peers, but a single peer could have represented the group. From a BMP perspective, it should be simple to include a group name in the Peer Up, but it is more complex than that. BGP implementations have evolved to provide comprehensive and structured policy grouping, such as session, AFI/SAFI, and template-based group policy inheritances. This level of structure and inheritance of polices does not provide a simple peer group name or ID, such as wholesale peer. This document defines a new Admin Label type for Peer Up Information TLVs (Section 6.3.1) that can be used instead of requiring a group name. These labels have administrative scope relevance. For example, labels "type=wholesale" and "region=west" could be used to monitor expected policies. Configuration and assignment of labels to peers are BGP implementation-specific. 7.2. Changes to Existing BMP Session In case of any change that results in the alteration of behavior of an existing BMP session (i.e., changes to filtering and table names), the session MUST be bounced with a Peer Down/Peer Up sequence. 8. Security Considerations The considerations in Section 11 of [RFC7854] apply to this document. Implementations of this protocol SHOULD require establishing sessions with authorized and trusted monitoring devices. It is also believed that this document does not add any additional security considerations. 9. IANA Considerations IANA has assigned the following new parameters to the "BGP Monitoring Protocol (BMP) Parameters" registry (https://www.iana.org/assignments/bmp-parameters/). 9.1. Addition to BMP Peer Flags Registry IANA has made the following assignment for the per-peer header flag defined in Section 4 of this document: +------+-------------+-----------+ | Flag | Description | Reference | +======+=============+===========+ | 3 | O flag | RFC 8671 | +------+-------------+-----------+ Table 1: Addition to the "BMP Peer Flags" Registry 9.2. Additions to BMP Statistics Types Registry IANA has made the following assignment for the four statistics types defined in Section 6.2 of this document: +-----------+------------------------------+-----------+ | Stat Type | Description | Reference | +===========+==============================+===========+ | 14 | Number of routes in pre- | RFC 8671 | | | policy Adj-RIB-Out | | +-----------+------------------------------+-----------+ | 15 | Number of routes in post- | RFC 8671 | | | policy Adj-RIB-Out | | +-----------+------------------------------+-----------+ | 16 | Number of routes in per-AFI/ | RFC 8671 | | | SAFI pre-policy Adj-RIB-Out | | +-----------+------------------------------+-----------+ | 17 | Number of routes in per-AFI/ | RFC 8671 | | | SAFI post-policy Adj-RIB-Out | | +-----------+------------------------------+-----------+ Table 2: Additions to the "BMP Statistics Types" Registry 9.3. Addition to BMP Initiation Message TLVs Registry IANA has made the following assignment per Section 6.3.1 of this document: +------+-------------+-----------+ | Type | Description | Reference | +======+=============+===========+ | 4 | Admin Label | RFC 8671 | +------+-------------+-----------+ Table 3: Addition to the "BMP Initiation Message TLVs" Registry 10. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006, <https://www.rfc-editor.org/info/rfc4271>. [RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP Monitoring Protocol (BMP)", RFC 7854, DOI 10.17487/RFC7854, June 2016, <https://www.rfc-editor.org/info/rfc7854>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. Acknowledgements The authors would like to thank John Scudder and Mukul Srivastava for their valuable input. Contributors The following individuals contributed to this document: * Manish Bhardwaj, Cisco Systems * Xianyu Zheng, Tencent * Wei Guo, Tencent * Shugang Cheng, H3C Authors' Addresses Tim Evens Cisco Systems 2901 Third Avenue, Suite 600 Seattle, WA 98121 United States of America Email: tievens@cisco.com Serpil Bayraktar Cisco Systems 3700 Cisco Way San Jose, CA 95134 United States of America Email: serpil@cisco.com Paolo Lucente NTT Communications Siriusdreef 70-72 2132 Hoofddorp Netherlands Email: paolo@ntt.net Penghui Mi China 200233 Shanghai Tengyun Building, Tower A, No. 397 Tianlin Road Tencent Email: Penghui.Mi@gmail.com Shunwan Zhuang China 100095 Beijing Huawei Building, No.156 Beiqing Rd. Huawei Email: zhuangshunwan@huawei.com