Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

Published byIris Pitts Modified over 8 years ago

Similar presentations

Presentation on theme: "Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013."— Presentation transcript:

1 Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013

2 BGPSEC-Protocol Errors Noted MUST/MUST NOT in various places – Error handing mentioned in some of them Section 5.2: Validation Algorithm – “properly formed” – steps 1-5 – dealing with signatures and validity Fri 2 Aug 2013SIDR IETF 87 Berlin, German2

3 BGPSEC Protocol Error Response Section 5.2: – If any of these checks identify an error in the BGPSEC_Path attribute, then the implementation should notify the operator that an error has occurred and treat the update in a manner consistent with other BGP errors (i.e., following RFC 4271[2] or any future updates to that document). Section 4.3: – Such an error is treated in exactly the same way as receipt of a non-BGPSEC update message containing an AS_CONFED_SEQUENCE from a peer that is not a member of the same AS confederation. Fri 2 Aug 2013SIDR IETF 87 Berlin, German3

4 BGP Error Handling RFC4271 – Usually NOTIFICATION message is sent with code/subcode and the BGP connection is closed RFC5065 - error handling for confederations (AS_CONFED_SEQUENCE presence from non-confed member and vice versa) – another NOTIFICATION subcode IDR draft draft-ietf-idr-error-handling-04.txt – Three possible responses – "session reset” – "treat-as-withdraw" – "attribute discard” Fri 2 Aug 2013SIDR IETF 87 Berlin, German4

5 What to Do? Should response be more specific? Response Choice: – Follow RFC4271 (Notification with code/subcode and close session)? – Follow idr error handling draft? If so, which errors get which response? Fri 2 Aug 2013SIDR IETF 87 Berlin, German5

6 BGPSEC-Protocol Draft Error Handling “Properly formed” checks in Section 5.2 1.check syntactic correctness 2.each Signature_Block has one Signature for each Secure Path segment 3.check that AS_PATH not present 4.for non-confed-member neighbor, ensure Confed_Sequence flag is not set 5.pcount=0 but peer is not configured to use pcount=0 “treat the update in a manner consistent with other BGP errors” Fri 2 Aug 2013SIDR IETF 87 Berlin, German6

7 Fri 2 Aug 2013SIDR IETF 87 Berlin, German7 BGPSEC-Protocol Draft Error Handling Section 5.2: unable to find key – mark Signature_Block Not Valid Section 5.2: no supported signature – consider unsigned Section 5.2: no matching covering ROA for AS: mark route Not Valid Section 5.2: signature fails, mark Signature_Block Not Valid Section 5.2: no valid Signature_Block, mark route Not Valid Section 4.3 (forward ref to 5.2) – Checks if confed bit set when neighbor not in confed – No text for vice versa case: i.e., confed bit not set from confed member

8 BGPSEC-Protocol Draft Error Handling Error handling for MUST NOT? E.g., Section 4.2 If a BGPSEC router has received only a non-BGPSEC update message (without the BGPSEC_Path attribute), …. then it MUST NOT attach any BGPSEC_Path attribute to the corresponding update being propagated. If neighbor messes up and produces a BGPSEC_PATH attribute anyway, and strips the AS_PATH, will that be caught? Fri 2 Aug 2013SIDR IETF 87 Berlin, German8

Download ppt "Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013."

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.23-1 Frame-Mode MPLS Implementation on Cisco IOS Platforms Troubleshooting Frame-Mode MPLS on Cisco.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Frame-Mode MPLS Implementation on Cisco IOS Platforms Troubleshooting Frame-Mode MPLS on Cisco.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.
The Border Gateway Protocol and Classless Inter-Domain Routing

The Border Gateway Protocol and Classless Inter-Domain Routing
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 7: BGP Route Reflection.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 7: BGP Route Reflection.
Dynamic routing Routing Algorithm (Dijkstra / Bellman-Ford) – idealization –All routers are identical –Network is flat. Not true in Practice Hierarchical.

Dynamic routing Routing Algorithm (Dijkstra / Bellman-Ford) – idealization –All routers are identical –Network is flat. Not true in Practice Hierarchical.
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
CS 672 1 Summer 2003 Quiz 1 A1) IGP (IS-IS, OSPF) BGP A2) Stub Transit. because it is adverting AS2’s routes to AS1 and vice versa. A3) Traffic discarded.

CS Summer 2003 Quiz 1 A1) IGP (IS-IS, OSPF) BGP A2) Stub Transit. because it is adverting AS2’s routes to AS1 and vice versa. A3) Traffic discarded.
Delivery, Forwarding, and Routing

Delivery, Forwarding, and Routing
Draft-ni-l3vpn-bgp-ext-sd-co-lsp-00IETF 87 L3VPN1 BGP Extensions for Setup Service-Driven Co-Routed LSP in L3VPN draft-ni-l3vpn-bgp-ext-sd-co-lsp-00 Hui.

Draft-ni-l3vpn-bgp-ext-sd-co-lsp-00IETF 87 L3VPN1 BGP Extensions for Setup Service-Driven Co-Routed LSP in L3VPN draft-ni-l3vpn-bgp-ext-sd-co-lsp-00 Hui.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP AS AN MVPN PE-CE Protocol draft-keyupate-l3vpn-mvpn-pe-ce-00 Keyur Patel,

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP AS AN MVPN PE-CE Protocol draft-keyupate-l3vpn-mvpn-pe-ce-00 Keyur Patel,
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Inter-domain Routing Don Fussell CS 395T Measuring Internet Performance.

Inter-domain Routing Don Fussell CS 395T Measuring Internet Performance.
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
CS 3830 Day 29 Introduction 1-1. Announcements r Quiz 4 this Friday r Signup to demo prog4 (all group members must be present) r Written homework on chapter.

CS 3830 Day 29 Introduction 1-1. Announcements r Quiz 4 this Friday r Signup to demo prog4 (all group members must be present) r Written homework on chapter.
Border Gateway Protocol

Border Gateway Protocol
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 6 Delivery and Routing of IP Packets.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 6 Delivery and Routing of IP Packets.
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.

© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.

Similar presentations

Ads by Google