draft-ietf-ptomaine-nopeer-00.txt   draft-ietf-ptomaine-nopeer-01.txt 
Internet Engineering Task Force Geoff. Huston Internet Engineering Task Force Geoff Huston
Internet Draft Telstra Internet Draft Telstra
Expires: October 2002 Document: draft-ietf-ptomaine-nopeer-01.txt February 2003
Status: proposed as Informational Expires: August 2003
NOPEER community for BGP route scope control NOPEER community for BGP route scope control
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 [1]. all provisions of Section 10 of RFC2026 [1].
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 5, line 34 skipping to change at page 5, line 34
inter-AS connection. inter-AS connection.
4. IANA considerations 4. IANA considerations
Adoption of this proposal would imply the request to IANA for the Adoption of this proposal would imply the request to IANA for the
registration of a new BGP well-known transitive community field from registration of a new BGP well-known transitive community field from
IANA. IANA.
5. Security considerations 5. Security considerations
This proposal has the capability to introduce additional security BGP is an instance of a relaying protocol, where route information
concerns into BGP by allowing the potential for denial of service is received, processed and forwarded. BGP contains no specific
mechanisms to prevent the unauthorized modification of the
information by a forwarding agent, allowing routing information to
be modified, deleted or false information to be inserted without the
knowledge of the originator of the routing information or any of the
recipients.
This proposed NOPEER community does not alter this overall situation
concerning the integrity of BGP as a routing system.
This proposal has the capability to introduce additional attack
mechanisms into BGP by allowing the potential for denial of service
attacks for an address prefix range being launched by a remote AS. attacks for an address prefix range being launched by a remote AS.
Unauthorized addition of this community to a route prefix by a Unauthorized addition of this community to a route prefix by a
transit provider where this is no covering aggregate route prefix transit provider where there is no covering aggregate route prefix
may cause a denial of service attack based on denial of reachability may cause a denial of service attack based on denial of reachability
to the prefix. Even in the case that there is a covering aggregate, to the prefix. Even in the case that there is a covering aggregate,
if the more specific route has a different origin AS than the if the more specific route has a different origin AS than the
aggregate, the addition of this community by a transit AS may cause aggregate, the addition of this community by a transit AS may cause
a denial of service attack on the origin AS of the more specific a denial of service attack on the origin AS of the more specific
prefix. prefix.
BGP is already vulnerable to a denial of service attack based on the BGP is already vulnerable to a denial of service attack based on the
injection of false routing information. It is possible to use this injection of false routing information. It is possible to use this
community to limit the redistribution of a false route entry such community to limit the redistribution of a false route entry such
 End of changes. 4 change blocks. 
5 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/