We (authors) have made a significant changes/updates in this new version-01 of the route leaks solution draft. The changes are as follow:
1. The route leak types are realigned with the new order that is used in the new version-03 of the route leaks definition draft that is in progress in the GROW WG: https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-03 2. Several comments, suggestions that were received on the mailing lists prior to Prague, at the IDR interim (webex) meeting in July, and at the SIDR meeting in Prague have been incorporated. 2. We provide a simpler, clearer description of the route leak detection algorithm (see Section 3). 3. In Section 5.1, we have added discussions of upgrade and downgrade attack possibilities (in the absence of BGPsec security protection for the RLP bits). This topic was discussed on the IDR list in July and was presented and discussed at the SIDR WG meeting in Prague. 4. Section 5.2 is new and discusses the topic “Are there cases when valley-free violations can be considered legitimate?’’ This question was discussed briefly at the SIDR WG meeting in Prague. 6. Keyur Patel and Andrei Robachevsky have been contributing, and have joined in as authors. Sriram -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, October 19, 2015 6:04 PM To: Brian Dickson <[email protected]>; Montgomery, Douglas <[email protected]>; Keyur Patel <[email protected]>; Andrei Robachevsky <[email protected]>; Sriram, Kotikalapudi <[email protected]> Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-01.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-ietf-idr-route-leak-detection-mitigation Revision: 01 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2015-10-19 Group: idr Pages: 18 URL: https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/ Htmlized: https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-01 Abstract: In [I-D.ietf-grow-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811] and BGPSEC path validation [I-D.ietf-sidr-bgpsec-protocol]. Where the current OV and BGPSEC protocols don't offer a solution, this document suggests an enhancement that would extend the route-leak detection and mitigation capability of BGPSEC. The solution can be implemented in BGP without necessarily tying it to BGPSEC. Incorporating the solution in BGPSEC is one way of implementing it in a secure way. We do not claim to have provided a solution for all possible types of route leaks, but the solution covers several, especially considering some significant route-leak attacks or occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
