BGP Administrative Shutdown Communication
NTT CommunicationsTheodorus Majofskistraat 1001065 SZAmsterdamThe Netherlandsjob@ntt.netCisco170 West Tasman DriveSan JoseCA95054USAjheitz@cisco.comJuniper Networks1194 N. Mathilda AveSunnyvaleCA94089USAjgs@juniper.net
Routing
IDRBGPceaseshutdown
This document enhances the BGP Cease NOTIFICATION message
"Administrative Shutdown" subcode for operators to transmit a
short freeform message to describe why a BGP session was
shutdown.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in
.
It can be troublesome for an operator to correlate a
BGP-4
session teardown in the network with a notice that was
transmitted via off-line methods such email or telephone calls.
This document specifies a mechanism to transmit a short
freeform UTF-8 message as part of
a Cease NOTIFICATION message to
inform the peer why the BGP session is being shutdown.
If a BGP speaker decides to terminate its session with a BGP
neighbor, then the BGP speaker MAY send to the neighbor a
NOTIFICATION message with the Error Code "Cease" and the Error
Subcode "Administrative Shutdown" followed by a freeform UTF-8
encoded string with a REQUIRED maximum length of 128 octets.
The contents of the string are at the operator's discretion.
The Shutdown Communication Cease NOTIFICATION message is encoded as below:
The Length value can range from 0 to 128 and indicates how many
octets of Shutdown Communication follow.
To support international characters, the Shutdown Communication
field MUST be encoded using UTF-8. A receiving BGP speaker MUST
NOT interpret invalid UTF-8 sequences.
Mechanisms concerning the reporting of information contained in
the Shutdown Communication are implementation specific but
SHOULD include methods such as SYSLOG.
Operators are encouraged to use the Shutdown Communication to
inform their peers of the reason for the shutdown of the BGP
session and include out-of-band reference materials. An
example of a useful Shutdown Communication would be:
"[TICKET-1-1438367390] software upgrade, back in 2 hours"
"[TICKET-1-1438367390]" is a ticket reference with significance
to both the sender and receiver, followed by a brief human
readable message regarding the reason for the BGP session
shutdown followed by an indication about the length of the
maintenance. The receiver can now use the string
'TICKET-1-1438367390' to search in their email archive to find
more details.
Any erroneous or malformed Shutdown Communication received
SHOULD be logged for the attention of the operator and then MAY
be discarded.
Per this document, IANA is requested to reference this document
at subcode "Administrative Shutdown" in the "Cease NOTIFICATION
message subcodes" registry under the "Border Gateway Protocol
(BGP) Parameters" group.
This document uses UTF-8 encoding for the Shutdown
Communication. There are a number of security issues with
UNICODE. Implementers and operator are advised to review
UNICODE TR36 to learn about these
issues. This document guards against the technical issues
outlined in UTR36 by REQUIRING "shortest form" encoding.
However, the visual spoofing due to character confusion still
persists. This specification minimizes the effects of visual
spoofing by limiting the length of the Shutdown
Communication.
Users of this mechanism should be aware that unless a
transport that provides integrity (such as TCP-AO) is used for the BGP
session in question, a Shutdown Communication message
could be forged. Unless a transport that provides
confidentiality (such as IPSec) is used, a Shutdown
Communication message could be snooped by an attacker.
These issues are common to any BGP message but may be of
greater interest in the context of this proposal since
the information carried in the message is generally
expected to be used for human-to-human communication.
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of
this Internet-Draft, and is based on a proposal described in
RFC7942. The description of implementations in this
section is intended to assist the IETF in its decision processes in
progressing drafts to RFCs. Please note that the listing of any
individual implementation here does not imply endorsement by the
IETF. Furthermore, no effort has been spent to verify the
information presented here that was supplied by IETF contributors.
This is not intended as, and must not be construed to be, a catalog
of available implementations or their features. Readers are advised
to note that other implementations may exist.
As of today these vendors have produced an implementation of the
Shutdown Communication:
ExaBGPpmacctOpenBGPDWireshark (packet analyser)tcpdump, (alt) (packet analyser)Unicode Security Considerations
The authors would like to gratefully acknowledge Tom Scholl,
David Freedman, Jared Mauch, Jeff Haas, Peter Hessler, Bruno
Decraene, John Heasley, Peter van Dijk, and Arjen Zonneveld.