]> HPE

1133 Innovation Way Sunnyvale CA 94089 USA jhaas@juniper.net

HPE

1133 Innovation Way Sunnyvale CA 94089 USA jgs@juniper.net

Routing Internet Engineering Task Force bgp Path Attributes in the BGP-4 protocol [RFC 4271] carry data associated with BGP routes. Many of the Path Attributes carried in BGP are intended for limited scope deployment. However, the extension mechanism defined by BGP that carries these attributes often carries them farther than necessary, sometimes with unfortunate results. This document defines a mechanism using BGP Capabilities [RFC 5492] that permits eBGP speakers to determine what Path Attributes should be permitted to cross external BGP routing boundaries.

Introduction A BGP Route () is a tuple consisting of a set of Path Attributes () and sets of network reachability carried as Network Layer Reachability Information (NLRI). Some of these Path Attributes are defined as part of the core BGP-4 protocol. Path Attributes are the main extension mechanism defined by BGP, and may be scoped as "transitive" or "non-transitive." Non-Transitive Path Attributes require the BGP speaker to understand the attribute in order to determine if it will be locally used and perhaps later propagated to additional BGP speakers. Unrecognized non-transitive Path Attributes are discarded by the receiving BGP speaker. Transitive Path Attributes, when not understood by the receiving BGP speaker, are required to be propagated to other BGP speakers. Some Path Attributes defined by BGP extensions are intended to be used in limited scopes, such as a single BGP Autonomous System (AS). When such attributes are distributed beyond the expected scope, this is called an "Attribute Escape". Such attribute escapes may lead to improper BGP protocol behavior when received outside of their expected scope, and may lead to incorrect forwarding, or be a serious security consideration. This document defines a mechanism exchanged through BGP Capabilities where BGP speakers can more appropriately scope both Path Attributes to prevent escape, and to limit the distribution of routes that carry escaped Path Attributes.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

BGP Path Attribute Filtering Capability The BGP Path Attribute Filtering Capability is encoded as follows:

• Capability Code of (TBD).
• Capability Length of 1..32.
• Capability Value contains a bit-string where a bit is set if the underlying BGP Path Attribute is desired to be advertised by this BGP speaker to the remote BGP speaker.

Example encoding for Capability Value: 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|1|1|1|1|0|1|1|1|0|0|0|0|0|1|1|0|1|1|0|0|0|0|0|0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Bits are set for Path Attributes: Origin (1), AS_PATH (2), NEXT_HOP (3), MULTI_EXIT_DISCR (4), ATOMIC_AGGREGATE (6), AGGREGATOR (7), COMMUNITIES (8), MP_REACH_NLRI (14), MP_UNREACH_NLRI (15), AS4_PATH (17), AS4_AGGREGATOR (18).

Bits 1, 2, 3, 6, 7, 14, 15, 17, 18 MUST be set, because support for , , and procedures are required when this specification is in use.

Operation

If both eBGP speakers exchange the Path Attribute Filtering capability The intersection of the sent and the received Path Attribute Filtering capabilies's bits represents the set of Path Attributes that the BGP speakers are willing to exchange with each other. When both bits for a given Path Attribute Type Code are 1, the Path Attribute is negotiated; otherwise it is not negotiated. Routes with Path Attributes that have been negotiated MAY be exchanged between both BGP speakers, depending on the procedures associated with those Path Attributes. When a Path Attribute has not been negotiated, a BGP speaker MUST NOT send a BGP route that contains a Path Attribute for that Path Attribute Type Code. One strategy to accomplish the above requirement is for the BGP speaker to not advertise BGP routes containing that Path Attribute in question. This might require a withdraw to be sent instead. This is similar to treat-as-withdraw as defined in . Another strategy that could be used, when appropriate for the procedure covering a given BGP Path Attribute, is for the BGP speaker to remove the not negotiated Path Attributes when it distributes the route to the remote BGP speaker. This is similar to the Attribute Discard behavior defined in . Receiving BGP speakers SHOULD filter routes or discard unwanted Path Attributes if they are incorrectly sent by the remote BGP speaker. Minimally, a receiving BGP speaker receiving a Path Attribute that was not negotiated SHOULD use treat-as-withdraw procedures. Receiving BGP speakers MAY accept the route and discard the not negotiated Path Attribute if permitted to by local configuration.

If only one peer supports the Path Attribute Filtering capability When only one BGP speaker supports or sends the Path Attribute Filtering capability that BGP implementation is demonstrating a preference to not receive Path Attributes where the bit representing the Path Attribute Type Code is zero. It is, in fact, representing a filtering policy for routes containing those Path Attributes. BGP speakers sending a Path Attribute Filtering capability but not receiving one from the remote BGP speaker SHOULD filter the routes according to their own locally set and supported bits for the capability, as described in the final paragraph of the previous subsection.

Selecting supported Path Attributes Implementations MUST, as described in Figure 1, exchange the required bits covering required core eBGP Path Attributes. Common BGP features that are defined for Internet use SHOULD be included by default between two BGP speakers. These include:

• Communities (8)
• Extended Communities (16)
• Large BGP Communities (32)
• BGPsec_Path (33)
• Only To Customer (OTC) (35)

BGP features required to support a given AFI/SAFI MUST also be included when that address family is configured. An example of this is the BGP-LS attribute (29) when the BGP-LS feature is in use. Other BGP features desiring eBGP distribution MAY include their bits in the capability when their procedures require it. It is RECOMMENDED that this require explicit configuration to prevent attribute escape.

IANA Considerations This document requests a new BGP Capability Code to be allocated from the First Come First Served range of the Capability Codes registry.

Security Considerations The motivation for this feature is to attempt to address the numerous BGP security implications where BGP Path Attributes propagate beyond their intended scope. The definition of a feature that limits the distribution of BGP Path Attributes unfortunately moves BGP's default behavior away from "distribute unknown things easily" and thus hampers incremental deployment of new features. However, operators have already begun indiscriminate filtering of Path Attributes they do not themselves require. This feature attempts to provide a more flexible negotiated mode to permit such filtering while at the same time not completely precluding incremental deployment of new features.

References Normative References Informative References

Acknowledgements TBD.

Contributors TBD.