Methods for Detection and Mitigation of BGP Route Leaks
draft-ietf-idr-route-leak-detection-mitigation-04

The information below is for an old version of the document
Document Type Expired Internet-Draft (idr WG)
Last updated 2017-01-09 (latest revision 2016-07-08)
Replaces draft-sriram-idr-route-leak-detection-mitigation
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Additional URLs
- Mailing list discussion
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-idr-route-leak-detection-mitigation-04.txt

Abstract

[I-D.ietf-grow-route-leak-problem-definition] provides a definition of the route leak problem, and also enumerates several types of route leaks. This document first examines which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811]. It is recognized that OV offers a limited detection and mitigation capability against route leaks. This document specifies enhancements that significantly extend the route-leak prevention, detection, and mitigation capabilities of BGP. One solution component involves carrying a per-hop route-leak protection (RLP) field in BGP updates. The RLP field is proposed be carried in a new optional transitive attribute, called BGP RLP attribute. The solution is meant to be initially implemented as an enhancement of BGP without requiring BGPsec [I-D.ietf-sidr-bgpsec-protocol]. However, when BGPsec is deployed in the future, the solution can be incorporated in BGPsec, enabling cryptographic protection for the RLP field. That would be one way of implementing the proposed solution in a secure way. The document also includes a stopgap method for detection and mitigation of route leaks for an intermediate phase when OV is deployed but BGP protocol on the wire is unchanged.

Authors

Kotikalapudi Sriram (ksriram@nist.gov)
Doug Montgomery (dougm@nist.gov)
Brian Dickson (brian.peter.dickson@gmail.com)
Keyur Patel (keyupate@cisco.com)
Andrei Robachevsky (robachevsky@isoc.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)