Internet-Draft | One Administrative Domain | July 2023 |
Uttaro, et al. | Expires 11 January 2024 | [Page] |
This document defines a new External BGP (EBGP) peering type known as EBGP-OAD, which is used between two EBGP peers that belong to One Administrative Domain (OAD).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 11 January 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
At each EBGP boundary, BGP path attributes are modified as per [RFC4271], which includes stripping any IBGP-only attributes.¶
Some networks span more than one autonomous system and require more flexibility in the propagation of path attributes. It is worth noting that these multi-AS networks have a common or single administrative entity. These networks are said to belong to One Administrative Domain (OAD). It is desirable to carry IBGP-only attributes across EBGP peerings when the peers belong to an OAD.¶
This document defines a new EBGP peering type known as EBGP-OAD, which is used between two EBGP peers that belong to an OAD. This document also defines rules for route announcement and processing for EBGP-OAD peers.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Networks have traditionally been demarcated by an autonomous system/BGP border, which correlates to an administrative boundary. This paradigm no longer serves the needs of network designers or customers due to the decoupling of the Interior Gateway Protocol (IGP) from BGP, BGP-free core in the underlay (e.g., using BGP labeled unicast [RFC8277]), the use of BGP to facilitate multiple service overlays (e.g., L2VPN, L3VPN, etc.) spanning multiple regions and AS domains, and the instantiation of customer sites on multiple content service providers (CSPs).¶
For example, sites in a BGP/MPLS VPN [RFC4364] may be distributed across different AS domains. In some cases, the administrator of the VPN may prefer that some attributes are propagated to all their sites to influence the BGP decision process.¶
[RFC4271] defines two types of BGP peerings used during a BGP protocol session. As part of the extensions defined in this document, EBGP peering is divided into two types:¶
The EBGP-OAD session is a BGP connection between two external peers in different Autonomous Systems that belong to an OAD. By default, the EBGP-OAD speakers follow the EBGP route advertisement, route processing, path attribute announcement, and processing rules as defined in [RFC4271].¶
EBGP-OAD speakers are also allowed to announce and receive any IBGP-only or non-transitive attributes [RFC4271]. Unless explicitly specified, a BGP speaker can advertise any non-transitive path attribute over an EBGP-OAD session. EBGP-OAD sessions MUST comply with the behavior specified in [RFC8212]. Furthermore, the propagation of IBGP-only or non-transitive attributes MUST be explicitly allowed by an Export Policy, and their reception SHOULD be explicitly allowed by an Import Policy.¶
An EBGP-OAD speaker MUST support four-octet AS numbers and advertise the "support for four-octet AS number capability" [RFC6793].¶
This section addresses all path attributes defined at the time of this writing that are not marked as "deprecated" in the "BGP Path Attributes" registry [IANA-BGP-ATTRS]. The following subsections specify the behavior for each path attribute as related to an EBGP-OAD session. Table 1 summarizes the behavior for all session types.¶
Documents specifying new path attributes MUST indicate whether they are allowed for each session type: IBGP, EBGP, and EBGP-OAD.¶
The ORIGIN attribute is a well-known mandatory BGP path attribute [RFC4271] that MUST be present in UPDATE messages sent over EBGP-OAD sessions. Its origination and value MUST comply with the specification in [RFC4271].¶
The AS_PATH attribute is a well-known mandatory BGP path attribute [RFC4271]. It MUST be present in UPDATE messages sent over EBGP-OAD sessions unless it has been replaced by the BGPsec_PATH attribute [RFC8205]. The origination and modification of the AS_PATH attribute MUST comply with the EBGP-related specification in [RFC4271].¶
The NEXT_HOP attribute is a well-known mandatory BGP path attribute [RFC4271] that MUST be present in UPDATE messages sent over EBGP-OAD sessions. The origination and modification of the NEXT_HOP attribute MUST comply with the EBGP-related specification in [RFC4271].¶
It is reasonable for members of an OAD to share a common reachability domain. In such a case, the NEXT_HOP attribute MAY be left unchanged.¶
The MULTI_EXIT_DISC attribute is an optional non-transitive BGP path attribute [RFC4271] that MAY be present in UPDATE messages sent over EBGP-OAD sessions. The use of the MULTI_EXIT_DISC attribute MUST comply with the specification in [RFC4271].¶
The determination of the neighboring AS for the purpose of BGP Route Selection [RFC4271] MAY ignore the ASNs of other members of the OAD. If so, all the members of the OAD SHOULD be configured to use the same criteria. Failure to do so may result in inconsistent forwarding between members of the OAD. Care should also be taken to avoid the creation of persistent route oscillations, similar to the Type II Churn described in [RFC3345]. [RFC7964] provides solutions and recommendations to address this issue.¶
The LOCAL_PREF attribute is a well-known BGP path attribute [RFC4271] that MAY be present in UPDATE messages sent over EBGP-OAD sessions. The use of the LOCAL_PREF attribute MUST comply with the specification in [RFC4271].¶
The ATOMIC_AGGREGATE attribute is a well-known discretionary BGP path attribute [RFC4271] that MAY be present in UPDATE messages sent over EBGP-OAD sessions. The use of the ATOMIC_AGGREGATE attribute MUST comply with the specification in [RFC4271].¶
The AGGREGATOR attribute is an optional transitive BGP path attribute [RFC4271] that MAY be present in UPDATE messages sent over EBGP-OAD sessions. The use of the AGGREGATOR attribute MUST comply with the specification in [RFC4271].¶
The COMMUNITIES attribute is an optional transitive BGP path attribute [RFC1997] that MAY be present in UPDATE messages sent over EBGP-OAD sessions. The advertisement semantics MUST comply with the specification in [RFC1997].¶
Routes with a COMMUNITIES attribute containing the well-known NO_EXPORT community [RFC1997] SHOULD NOT be advertised across an EBGP-OAD session unless allowed by explicit policy configuration. If allowed, all the members of the OAD SHOULD be configured to use the same criteria. Failure to do so may result in inconsistent forwarding between members of the OAD.¶
Routes with a COMMUNITIES attribute containing the well-known NO_EXPORT_SUBCONFED community [RFC1997] MUST NOT be advertised across an EBGP-OAD session.¶
The ORIGINATOR_ID attribute is an optional non-transitive BGP path attribute [RFC4456] that MUST NOT be advertised over an EBGP-OAD session. If received from an EBGP-OAD neighbor, it SHALL be discarded using the "attribute discard" approach [RFC7606]. An implementation MAY log an error message for further analysis.¶
The CLUSTER_LIST attribute is an optional non-transitive BGP path attribute [RFC4456] that MUST NOT be advertised over an EBGP-OAD session. If received from an EBGP-OAD neighbor, it SHALL be discarded using the "attribute discard" approach [RFC7606]. An implementation MAY log an error message for further analysis.¶
The MP_REACH_NLRI attribute is an optional non-transitive BGP path attribute [RFC4760] that MAY be advertised over an EBGP-OAD session. The use of the MP_REACH_NLRI attribute MUST comply with the EBGP-related specification in [RFC4760].¶
It is reasonable for members of an OAD to share a common reachability domain. In such a case, the Next Hop in the MP_REACH_NLRI attribute MAY be left unchanged.¶
The MP_UNREACH_NLRI attribute is an optional non-transitive BGP path attribute [RFC4760] that MAY be advertised over an EBGP-OAD session. The use of the MP_UNREACH_NLRI attribute MUST comply with the specification in [RFC4760].¶
The EXTENDED COMMUNITIES attribute is a transitive optional BGP path attribute [RFC4360] that MAY be advertised over an EBGP-OAD session. In particular, non-transitive extended communities MAY be advertised over an EBGP-OAD session if allowed by explicit policy configuration. If allowed, all the members of the OAD SHOULD be configured to use the same criteria.¶
For example, the Origin Validation State Extended Community, defined as non-transitive in [RFC8097], can be advertised to peers in the same OAD.¶
The AS4_PATH attribute is an optional transitive BGP path attribute [RFC6793] that MAY be advertised over an EBGP-OAD session. The use of the AS4_PATH attribute MUST comply with the specification in [RFC6793].¶
The AS4_AGGREGATOR attribute is an optional transitive BGP path attribute [RFC6793] that MAY be advertised over an EBGP-OAD session. The use of the AS4_AGGREGATOR attribute MUST comply with the specification in [RFC6793].¶
The PMSI_TUNNEL attribute is an optional transitive BGP path attribute [RFC6514] that MAY be advertised over an EBGP-OAD session. The use of the PMSI_TUNNEL attribute MUST comply with the EBGP-related specification in [RFC6514].¶
The Tunnel Encapsulation attribute is an optional transitive BGP path attribute [RFC9012] that MAY be advertised over an EBGP-OAD session. The use of the Tunnel Encapsulation attribute MUST comply with the EBGP-related specification in [RFC9012].¶
The Traffic Engineering attribute is an optional non-transitive BGP path attribute [RFC5543] that MAY be advertised over an EBGP-OAD session. The use of the Traffic Engineering attribute MUST comply with the specification in [RFC5543].¶
The IPv6 Address Specific Extended Community attribute is an optional transitive BGP path attribute [RFC5701] that MAY be advertised over an EBGP-OAD session. In particular, non-transitive extended communities MAY be advertised over an EBGP-OAD session if allowed by explicit policy configuration. If allowed, all the members of the OAD SHOULD be configured to use the same criteria.¶
The AIGP attribute is an optional non-transitive BGP path attribute [RFC7311] that MAY be advertised over an EBGP-OAD session. The default value of AIGP_SESSION [RFC7311] MUST be "disabled" and it MAY be "enabled" by explicit policy configuration. The use of the AIGP attribute MUST comply with the specification in [RFC7311].¶
The PE Distinguisher Labels attribute is an optional transitive BGP path attribute [RFC6514] that MAY be advertised over an EBGP-OAD session. The use of the PE Distinguisher Labels attribute MUST comply with the specification in [RFC6513] and [RFC6514].¶
The BGP Link-State (BGP-LS) attribute is an optional non-transitive BGP path attribute [RFC7752bis] that MAY be advertised over an EBGP-OAD session. The use of the BGP-LS Attribute MUST comply with the specification in [RFC7752bis].¶
The LARGE_COMMUNITY attribute is an optional transitive BGP path attribute [RFC8092] that MAY be advertised over an EBGP-OAD session. The use of the LARGE_COMMUNITY attribute MUST comply with the specification in [RFC8092].¶
The BGPsec_PATH attribute is an optional non-transitive BGP path attribute [RFC8205] that MAY be advertised over an EBGP-OAD session. The use of the BGPsec_PATH attribute MUST comply with the specification in [RFC8205].¶
The BGP Community Container attribute is an optional transitive BGP path attribute [WIDE] that MAY be advertised over an EBGP-OAD session.¶
In particular, communities with the T bit [WIDE] not set MAY be advertised over an EBGP-OAD session if allowed by explicit policy configuration. Communities with the T bit set MUST be advertised over an EBGP-OAD session. Communities with the C bit [WIDE] not set MUST NOT be advertised over an EBGP-OAD session. Communities with the C bit set MAY be advertised over an EBGP-OAD session if allowed by explicit policy configuration. In all cases, all the members of the OAD SHOULD be configured to use the same criteria.¶
The Only to Customer (OTC) attribute is an optional transitive BGP path attribute [RFC9234] that MAY be advertised over an EBGP-OAD session. However, the BGP Role negotiation and OTC Attribute-based procedures specified in [RFC9234] are NOT RECOMMENDED to be used between peers using an EBGP-OAD session. If received, the OTC attribute MUST be preserved unchanged. The use and negotiation of BGP Roles between EBGP-OAD peers is outside the scope of this document.¶
The Domain Path (D-PATH) attribute is an optional transitive BGP path attribute [IPVPN] that MAY be advertised over an EBGP-OAD session. The use of the D-PATH attribute MUST comply with the specification in [IPVPN].¶
The Service Function Path (SFP) attribute is an optional transitive BGP path attribute [RFC9015] that MAY be advertised over an EBGP-OAD session. The use of the SFP attribute MUST comply with the specification in [RFC9015].¶
The BFD Discriminator attribute is an optional transitive BGP path attribute [RFC9026] that MAY be advertised over an EBGP-OAD session. The use of the BFD Discriminator attribute MUST comply with the specification in [RFC9026].¶
The BGP Router Capabilities attribute (RCA) is an optional transitive BGP path attribute [ENTROPY] that MAY be advertised over an EBGP-OAD session. The use of the RCA attribute MUST comply with the specification in [ENTROPY].¶
The BGP Prefix-SID attribute is an optional transitive BGP path attribute [RFC8669] that MAY be advertised over an EBGP-OAD session. The use of the BGP Prefix-SID attribute MUST comply with the specification in [RFC8669].¶
The ATTR_SET attribute is an optional transitive BGP path attribute [RFC6368] that MAY be advertised over an EBGP-OAD session. The use of the ATTR_SET attribute MUST comply with the specification in [RFC6368].¶
Path Attribute | IBGP | EBGP | EBGP-OAD | Reference |
---|---|---|---|---|
ORIGIN | Mandatory | Mandatory | Mandatory | Section 3.1 |
AS_PATH | Mandatory | Mandatory | Mandatory | Section 3.2 |
NEXT_HOP | Mandatory | Mandatory | Mandatory | Section 3.3 |
MULTI_EXIT_DISC | Optional | Optional | Optional | Section 3.4 |
LOCAL_PREF | Not allowed | Mandatory | Optional | Section 3.5 |
ATOMIC_AGGREGATE | Optional | Optional | Optional | Section 3.6 |
AGGREGATOR | Optional | Optional | Optional | Section 3.7 |
COMMUNITIES | Optional | Optional | Optional | Section 3.8 |
ORIGINATOR_ID | Not Allowed | Optional | Not allowed | Section 3.9 |
CLUSTER_LIST | Not Allowed | Optional | Not allowed | Section 3.10 |
MP_REACH_NLRI | Optional | Optional | Optional | Section 3.11 |
MP_UNREACH_NLRI | Optional | Optional | Optional | Section 3.12 |
EXTENDED COMMUNITIES | Optional | Optional | Optional | Section 3.13 |
AS4_PATH | Optional | Optional | Optional | Section 3.14 |
AS4_AGGREGATOR | Optional | Optional | Optional | Section 3.15 |
PMSI_TUNNEL | Optional | Optional | Optional | Section 3.16 |
Tunnel Encapsulation | Optional | Optional | Optional | Section 3.17 |
Traffic Engineering | Not Allowed | Optional | Optional | Section 3.18 |
IPv6 Address Specific Extended Community | Optional | Optional | Optional | Section 3.19 |
AIGP | Optional | Optional | Optional | Section 3.20 |
PE Distinguisher Labels | Optional | Optional | Optional | Section 3.21 |
BGP-LS Attribute | Not Allowed | Optional | Optional | Section 3.22 |
LARGE_COMMUNITY | Optional | Optional | Optional | Section 3.23 |
BGPsec_PATH | Optional | Optional | Optional | Section 3.24 |
BGP Community Container | Optional | Optional | Optional | Section 3.25 |
Only to Customer | Optional | Optional | Optional | Section 3.26 |
D-PATH | Optional | Optional | Optional | Section 3.27 |
SFP | Optional | Optional | Optional | Section 3.28 |
BFD Discriminator | Optional | Optional | Optional | Section 3.29 |
BGP Router Capabilities | Optional | Optional | Optional | Section 3.30 |
BGP Prefix-SID | Optional | Optional | Optional | Section 3.31 |
ATTR_SET | Optional | Optional | Optional | Section 3.32 |
Section 9 of [RFC4271] describes the BGP Decision Process to select routes for local forwarding and subsequent advertisement. Section 9.1.2.2 of [RFC4271] describes tie breaking procedures in cases where a BGP speaker has several routes to the same destination. This document modifies step d) as follows:¶
The algorithm defined in [RFC5004] to avoid unnecessary path transitions between external paths MUST be used when the routes considered were received via EBGP-OAD.¶
For the Import and Export Policies to behave as expected, both EBGP-OADGP speakers must be configured with the same session type. If only one BGP speaker is configured that way, and the other uses an EBGP session, the result is that some path attributes may be ignored and others will be discarded.¶
The default BGP peering type for a session that is across autonomous systems SHOULD be EBGP. A BGP implementation SHOULD provide a configuration-time option to enable the EBGP-OAD session type. The session type may be changed once the BGP connection has been established.¶
If multiple peerings exist between autonomous systems that belong to an OAD, all SHOULD be configured consistently. Improper configuration may result in inconsistent or unexpected forwarding. The inconsistent use of EBGP-OAD sessions is out of scope of this document.¶
BGP Confederations [RFC5065] provide similar behavior, on a session by session basis, as what is specified in this document. The use of confederations with an EBGP-OAD peering is out of scope of this document.¶
IANA is requested to update the BGP Path Attributes registry as shown in Table 2. Also, IANA is requested to add [this document] as a reference in the registry.¶
Value | Code | IBGP | EBGP | EBGP-OAD | Reference |
---|---|---|---|---|---|
1 | ORIGIN | Mandatory | Mandatory | Mandatory | [RFC4271] |
2 | AS_PATH | Mandatory | Mandatory | Mandatory | [RFC4271] |
3 | NEXT_HOP | Mandatory | Mandatory | Mandatory | [RFC4271] |
4 | MULTI_EXIT_DISC | Optional | Optional | Optional | [RFC4271] |
5 | LOCAL_PREF | Not allowed | Mandatory | Optional | [RFC4271] |
6 | ATOMIC_AGGREGATE | Optional | Optional | Optional | [RFC4271] |
7 | AGGREGATOR | Optional | Optional | Optional | [RFC4271] |
8 | COMMUNITIES | Optional | Optional | Optional | [RFC1997] |
9 | ORIGINATOR_ID | Not Allowed | Optional | Not allowed | [RFC4456] |
10 | CLUSTER_LIST | Not Allowed | Optional | Not allowed | [RFC4456] |
14 | MP_REACH_NLRI | Optional | Optional | Optional | [RFC4760] |
15 | MP_UNREACH_NLRI | Optional | Optional | Optional | [RFC4760] |
16 | EXTENDED COMMUNITIES | Optional | Optional | Optional | [RFC4360] |
17 | AS4_PATH | Optional | Optional | Optional | [RFC6793] |
18 | AS4_AGGREGATOR | Optional | Optional | Optional | [RFC6793] |
22 | PMSI_TUNNEL | Optional | Optional | Optional | [RFC6514] |
23 | Tunnel Encapsulation | Optional | Optional | Optional | [RFC9012] |
24 | Traffic Engineering | Not Allowed | Optional | Optional | [RFC5543] |
25 | IPv6 Address Specific Extended Community | Optional | Optional | Optional | [RFC5701] |
26 | AIGP | Optional | Optional | Optional | [RFC7311] |
27 | PE Distinguisher Labels | Optional | Optional | Optional | [RFC6514] |
29 | BGP-LS Attribute | Not Allowed | Optional | Optional | [RFC7752bis] |
32 | LARGE_COMMUNITY | Optional | Optional | Optional | [RFC8092] |
33 | BGPsec_PATH | Optional | Optional | Optional | [RFC8205] |
34 | BGP Community Container | Optional | Optional | Optional | [WIDE] |
35 | Only to Customer | Optional | Optional | Optional | [RFC9234] |
36 | D-PATH | Optional | Optional | Optional | [IPVPN] |
37 | SFP | Optional | Optional | Optional | [RFC9015] |
38 | BFD Discriminator | Optional | Optional | Optional | [RFC9026] |
39 | BGP Router Capabilities | Optional | Optional | Optional | [ENTROPY] |
40 | BGP Prefix-SID | Optional | Optional | Optional | [RFC8669] |
128 | ATTR_SET | Optional | Optional | Optional | [RFC6368] |
Table 2 only includes the path attributes referenced in this document. Any Reserved, Deprecated, or Unassigned values should contain empty IBGP, EBGP, and EBGP-OAD columns.¶
EBGP-OAD peering does not change the underlying security issues inherent in the existing BGP protocol, such as those described in [RFC4271] and [RFC4272]. Any security considerations related to existing path attributes apply to EBGP-OAD sessions.¶
IBGP-only or non-transitive attributes may now be propagated to another autonomous system. However, it is expected that the new session type will only be enabled when peering with a router that also belongs to the OAD. If misconfigured, the impact is minimal due to the fact that both [RFC4271] and [RFC7606] define mechanisms to deal with unexpected path attributes.¶
The authors would like to thank everyone who has commented on this work, including (in alphabetical order) Donatas Abraitis, Randy Bush, Gert Doering, Jeff Haas, Jakob Heitz, Nick Hilliard, Igor Malyushkin, Gyan Mishra, Robert Raszuk, John Scudder, and Shyam Sethuram.¶
The following people have made significant contributions to the content of this document.¶