]> Software Version OPEN Optional Parameter Type for BGP Hostinger
Jonavos g. 60C Kaunas 44192 LT +370 614 18958 donatas.abraitis@hostinger.com
General template In this document, we introduce a new BGP OPEN Optional Parameter Type that allows the advertisement of a BGP speaker's routing daemon version.
Introduction In this document, we introduce a new BGP OPEN Optional Parameter Type that allows the advertisement of a BGP speaker's routing daemon version. In modern data center designs, we tend to have conventional routers participating in the routing process. And the fleet of routers has different versions of routing daemon. This means that knowing which versions of the routing daemons are running the various routers in the network can be a crucial factor in quickly identifying the root cause of any protocol or network problems. This new Optional Parameter Type is an optional advertisement. Implementations are not required to advertise the version nor to process received advertisements. Information about the version of the routing daemon could also be exchanged in protocols such as LLDP and CDP. However, in containerized environments, it is very hard and not recommended to exchange this information between background processes. Therefore, and to help minimize operational costs, it is helpful to exchange the routing daemon information between BGP peers directly.
Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Software Version BGP OPEN Optional Parameter Type The Optional Parameters in the BGP OPEN message are defined in the base BGP specification . This document defines a new BGP OPEN Optional Parameter Type, the Software Version, with Type TBD and value is up to 255 octets. The value field is encoded in UTF-8 . It is unstructured data and can be formatted in any way that the implementor decides. The inclusion of the Software Version Optional Parameters is OPTIONAL. If an implementation supports the inclusion of this parameter, the implementation MUST include a configuration switch to enable or disable its use, and that switch MUST be off by default. The Software Version BGP OPEN Optional Parameter is intended for environments where more visibility is needed for troubleshooting purposes. It is NOT RECOMMENDED for use outside a single Autonomous System, or a set of Autonomous Systems under a common administration. An implementation that does not recognize or support the Software Version Optional Parameter but receives one must ignore it.
Operation The Software Version BGP OPEN Optional Parameter SHOULD only be used for displaying the version of a BGP speaker's router daemon to make troubleshooting easier. Consider a group of routers each with a number of upstream nodes, and suppose that each router has a different operating system and different routing daemon at a different version installed. Assuming that a specific feature is not working or that there is a bug which has not been fixed in a particular version of the code, knowledge of the routing daemon versions would allow an operator to quickly identify the pattern of which versions are affected. Enabling (i.e., turning on) this parameter requires bouncing all existing BGP sessions and the feature MUST be explicitly configured before an implementation advertizes the Software Version Optional Parameter.
Example Usage Below is an example from the implementation showing both the received and advertised Software Version:
IANA Considerations The BGP OPEN Optional Parameter Types registry is a standalone registry. IANA is requested to assign a capability number from the First Come First Served range for the Software Version BGP OPEN Optional Parameter in this document as follows: Software Version BGP OPEN Optional Parameter
Value Description Reference
TBD Software Version [This.I-D]
Security Considerations The Software Version BGP OPEN Optional Parameter should be treated as sensitive information: it could be easier for an attacker to exploit the system if they know the specific software version and manufacturer of a BGP speaker. This information could be gathered by inspecting BGP OPEN messages that carry the Software Version BGP OPEN Optional Parameter defined in this document. Furthermore, this knowledge may facilitate a number of social-engineering attacks. Modifying the information advertised by a router might lead to attacks including bogus software upgrades and also might mask the causes of faults in the network. Users of this mechanism should be aware that unless a transport that provides integrity is used for the BGP session in question, the Software Version parameter can be forged. Unless a transport that provides confidentiality is used, the Software Version parameter could be snooped by an attacker. These issues are common to any BGP message but may be of greater interest in the context of this extension as explained above. Refer to the related considerations in and . Users of this mechanism should consider applying data minimization practices as outlined in Section 6.1 of , as appropriate within the deployment context. Sensitive information leaks can be minimized by using the mechanism or firewalls to filter out TCP 179 port from untrusted networks. This optional parameter can be disabled per neighbor, thus the sensitive information can't be disclosed to untrusted neighbors.
References Normative References Key words for use in RFCs to Indicate Requirement Levels RFC Publisher In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. UTF-8, a transformation format of ISO 10646 ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279. The Generalized TTL Security Mechanism (GTSM) The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to verify whether the packet was originated by an adjacent node on a connected link has been used in many recent protocols. This document generalizes this technique. This document obsoletes Experimental RFC 3682. [STANDARDS-TRACK] Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. BGP Security Vulnerabilities Analysis Border Gateway Protocol 4 (BGP-4), along with a host of other infrastructure protocols designed before the Internet environment became perilous, was originally designed with little consideration for protection of the information it carries. There are no mechanisms internal to BGP that protect against attacks that modify, delete, forge, or replay data, any of which has the potential to disrupt overall network routing behavior. This document discusses some of the security issues with BGP routing data dissemination. This document does not discuss security issues with forwarding of packets. This memo provides information for the Internet community. A Border Gateway Protocol 4 (BGP-4) This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced. BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths. This document obsoletes RFC 1771. [STANDARDS-TRACK] Privacy Considerations for Internet Protocols This document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content. Informative References FRRouting - BGP Software Version Capability Hostinger