Impact of BGP Filtering on Inter-Domain Routing Policies
draft-ietf-grow-filtering-threats-08

[Ballot comment]
Please add in the proposed text from the SecDir review to address his questions:
https://www.ietf.org/mail-archive/web/secdir/current/msg05855.html

Additionally, I'd like to see the Security Considerations mention a point brought up earlier in the draft, namely that the filtering could cause traffic to be routed back through a path that doesn't have information for that more specific AS.  As such, this essentially could cause a DoS on that traffic until the BGP route allows for the new path for the more specific AS.  The importance of mentioning this int he security considerations section is to more explicitly call this out as a potential DoS attack method.  The time for BGP to repropagate might be short(ish), but that could be a critical amount of time during an event and maybe the more specific AS is a web server farm or some other critical resource.

[Ballot comment]

- intro 1st sentence confuses me at least. The 2nd paragraph
does explain it nicely though when I get to page 3. Maybe try
re-word that opener? Or just delete para 1?

- Figure 4 is mentioned in 2.2.1, and includes AS65404, but
that ASN is not mentioned in the text in that section which is
confusing, or is there a typo? I also didn't quite follow the
description in 2.2.1 either which may be related or
independent;-)

- I'm guessing, but didn't check in detail that -07 includes
changes from the secdir review [1] (which raised some nits).
If so, thanks!

  [1] https://www.ietf.org/mail-archive/web/secdir/current/msg05853.html

[Ballot comment]
I have a non-blocking comment related to the characterization of the unexpected traffic flows (and a nit).

Section 6. (Security Considerations)  Throughout the document the unexpected traffic flows were characterized as potential policy violations, not as routing security issues as is done here.  I know that the text has gone around the point of malicious intent (or not) before, but I think that if you’re going to mention that it could be a "potential routing security issue”, then you should say something more about it (even if it is the result of non-malicious intent) — or just leave it at policy violations.


Nit:

The example in Section 2.2.1. (Unexpected traffic flows caused by remotely triggered filtering of more specific prefixes) didn’t look good to me at first..then I re-read the text until I discovered that the other ASes (including 64505) are peering with both 64502 and 64503.  Because of how Figure 4 is drawn, it looks like 64505 is only connected to 64502.  Maybe centering that AS will avoid confusion.

[Ballot comment]
I have no issues with the publication of this document.  The following are simply voiced for your consideration...

1. I think the comment in 3.2 about how difficult it is to get routing policies from external entities is undersold.  Most organizations won't share that information since it might reveal business arrangements they consider proprietary.  I would suggest being explicit in the cause for the difficulty in obtaining such information.

2. Section 4.2.1 seems to be hinting at a UI deficiency in routing platforms in that a route filter installed in the control plane should automatically result in an ACL installed in the forwarding plane.  That sounds like an intriguing capability.

3. All of the approaches described in section 4 seem littered with caveats on their effectiveness. Is there any definitive data on the effectiveness of these techniques?

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-grow-filtering-threats-06, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any IANA actions.

While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object.

If this assessment is not accurate, please respond as soon as possible.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Impact of BGP filtering on Inter-Domain Routing Policies) to Informational RFC


The IESG has received a request from the Global Routing Operations WG
(grow) to consider the following document:
- 'Impact of BGP filtering on Inter-Domain Routing Policies'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-07-02. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes how unexpected traffic flows can emerge
  across an autonomous system, as the result of other autonomous
  systems filtering, or restricting the propagation of more specific
  prefixes.  We provide a review of the techniques to detect the
  occurrence of this issue and defend against it.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-grow-filtering-threats/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-grow-filtering-threats/ballot/


No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

Informational.  The RFC provides information about routing policy bahavior.  Header indicates Informational.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

  This document describes how unexpected traffic flows can emerge
  across an autonomous system, as the result of other autonomous
  systems filtering, or restricting the propagation of more specific
  prefixes.  We provide a review of the techniques to detect the
  occurrence of this issue and defend against it.

Working Group Summary:

The document went through a number of revisions to clairfy the message delivered.  The technical content has been stable through the life.

Document Quality:

The document has gone through a number of detailed reviews and revisions based on the feedback from the working group members.

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

Document Shepherd, Peter Schoenmaker, Responsible AD Joel Jaeggli

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

I have reviewed the document, and feel it is ready for publication.  In addition I have followed the revisions and reviews from others.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No concerns.  A number of thorough review have been done.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No specific concerns.  Careful consideration has been made to the vocabulary
of the document, in an effert to convey the technical message without applying
preconceptions to the terms.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

No.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

In the end consensus was complete.  Most issues revolved around vocabulary
which the authors worked out.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

No Nits.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

None.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

N/A

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

N/A

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

No IANA considerations.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

None.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

None.