draft-ietf-sidr-pfx-validate-09.txt   draft-ietf-sidr-pfx-validate-10.txt 
Network Working Group P. Mohapatra Network Working Group P. Mohapatra
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track J. Scudder Intended status: Standards Track J. Scudder
Expires: March 03, 2013 Juniper Networks Expires: April 02, 2013 Juniper Networks
D. Ward D. Ward
Cisco Systems Cisco Systems
R. Bush R. Bush
Internet Initiative Japan Internet Initiative Japan
R. Austein R. Austein
Dragon Research Labs Dragon Research Labs
September 2012 October 2012
BGP Prefix Origin Validation BGP Prefix Origin Validation
draft-ietf-sidr-pfx-validate-09 draft-ietf-sidr-pfx-validate-10
Abstract Abstract
To help reduce well-known threats against BGP including prefix mis- To help reduce well-known threats against BGP including prefix mis-
announcing and monkey-in-the-middle attacks, one of the security announcing and monkey-in-the-middle attacks, one of the security
requirements is the ability to validate the origination AS of BGP requirements is the ability to validate the origination AS of BGP
routes. More specifically, one needs to validate that the AS number routes. More specifically, one needs to validate that the AS number
claiming to originate an address prefix (as derived from the AS_PATH claiming to originate an address prefix (as derived from the AS_PATH
attribute of the BGP route) is in fact authorized by the prefix attribute of the BGP route) is in fact authorized by the prefix
holder to do so. This document describes a simple validation holder to do so. This document describes a simple validation
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 03, 2013. This Internet-Draft will expire on April 02, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/ Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 7, line 23 skipping to change at page 7, line 23
each of which stores a local copy of the global RPKI database. The each of which stores a local copy of the global RPKI database. The
protocol mechanisms used to gather and validate these data and protocol mechanisms used to gather and validate these data and
present them to BGP speakers are described in [I-D.ietf-sidr-rpki- present them to BGP speakers are described in [I-D.ietf-sidr-rpki-
rtr]. rtr].
The prefix-to-AS mappings used by the BGP speaker are expected to be The prefix-to-AS mappings used by the BGP speaker are expected to be
updated over time. When a mapping is added or deleted, the updated over time. When a mapping is added or deleted, the
implementation MUST re-validate any affected prefixes and run the BGP implementation MUST re-validate any affected prefixes and run the BGP
decision process if needed. An "affected prefix" is any prefix that decision process if needed. An "affected prefix" is any prefix that
was matched by a deleted or updated mapping, or could be matched by was matched by a deleted or updated mapping, or could be matched by
an added mapping. an added or updated mapping.
5. Deployment Considerations 5. Deployment Considerations
Once a Route is selected for validation, it is categorized according Once a Route is selected for validation, it is categorized according
the procedure given in Section 2. Subsequently, routing policy as the procedure given in Section 2. Subsequently, routing policy as
discussed in Section 3 can be used to take action based on the discussed in Section 3 can be used to take action based on the
validation state. validation state.
Policies which could be implemented include filtering routes based on Policies which could be implemented include filtering routes based on
validation state (for example, rejecting all "invalid" routes) or validation state (for example, rejecting all "invalid" routes) or
 End of changes. 5 change blocks. 
5 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/