Network Working Group R. White
Request for Comments: 5123 B. Akyol
Category: Informational Cisco Systems
February 2008
Network Working Group R. White
Request for Comments: 5123 B. Akyol
Category: Informational Cisco Systems
February 2008
Considerations in Validating the Path in BGP
验证BGP中路径的注意事项
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
IESG Note
IESG注释
After consultation with the RPSEC WG, the IESG thinks that this work is related to IETF work done in WG RPSEC, but this does not prevent publishing.
在与RPSEC工作组协商后,IESG认为这项工作与工作组RPSEC中完成的IETF工作有关,但这并不妨碍发布。
This RFC is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this RFC for any purpose and in particular notes that the decision to publish is not based on IETF review for such things as security, congestion control, or inappropriate interaction with deployed protocols. The RFC Editor has chosen to publish this document at its discretion. Readers of this document should exercise caution in evaluating its value for implementation and deployment. See RFC 3932 for more information.
本RFC不适用于任何级别的互联网标准。IETF不承认本RFC适用于任何目的的任何知识,特别注意到,发布决定并非基于IETF对安全、拥塞控制或与已部署协议的不当交互等事项的审查。RFC编辑已自行决定发布本文件。本文档的读者在评估其实施和部署价值时应谨慎。有关更多信息,请参阅RFC 3932。
Abstract
摘要
This document examines the implications of hop-by-hop forwarding, route aggregation, and route filtering on the concept of validation within a BGP Autonomous System (AS) Path.
本文探讨了逐跳转发、路由聚合和路由过滤对BGP自治系统(AS)路径内验证概念的影响。
A good deal of thought has gone into, and is currently being given to, validating the path to a destination advertised by BGP. The purpose of this work is to explain the issues in validating a BGP AS Path, in the expectation that it will help in the evaluation of schemes seeking to improve path validation. The first section defines at least some of the types of questions a BGP speaker receiving an update from a peer not in the local autonomous system (AS) could ask about the information within the routing update. The following sections examine the answers to these questions in consideration of specific deployments of BGP.
大量的思考已经进入,并且目前正在考虑,验证通往BGP公布的目的地的路径。这项工作的目的是解释验证BGP作为路径的问题,期望它将有助于评估寻求改进路径验证的方案。第一部分定义从不在本地自治系统(AS)中的对等方接收更新的BGP演讲者可以询问的关于路由更新中的信息的至少一些类型的问题。以下各节将结合BGP的具体部署,探讨这些问题的答案。
The examples given in this document are intended to distill deployments down to their most critical components, making the examples easier to understand and consider. In many situations, the specific path taken in the example may not be relevant, but that does not nullify the principles considered in each example. It has been suggested that these examples are "red herrings", because they do not illustrate actual problems with specific policies. On the contrary, these examples are powerful because they are simple. Any topology in which one of these example topologies is a subtopology will exhibit the characteristics explained in this document. Rather than focusing on a specific topology, then dismissing that single topology as a "corner case", this document shows the basic issues with assertions about the AS Path attribute within BGP. These generalized issues can then be applied to more specific cases.
本文档中给出的示例旨在将部署分解为最关键的组件,使示例更容易理解和考虑。在许多情况下,示例中采用的特定路径可能不相关,但这并不意味着每个示例中考虑的原则无效。有人认为,这些例子是“红鲱鱼”,因为它们没有说明具体政策的实际问题。相反,这些例子之所以强大,是因为它们很简单。其中一个示例拓扑为子拓扑的任何拓扑将显示本文档中解释的特征。本文档并没有将重点放在特定的拓扑上,然后将单个拓扑视为“角案例”,而是展示了BGP中关于as Path属性的断言的基本问题。这些一般化问题可以应用于更具体的情况。
With the heightened interest in network security, the security of the information carried within routing systems running BGP, as described in [RFC4271], is being looked at with great interest. While there are techniques available for securing the relationship between two devices exchanging routing protocol information, such as [BGP-MD5], these techniques do not ensure various aspects of the information carried within routing protocols are valid or authorized.
随着人们对网络安全感兴趣的增强,人们对运行BGP的路由系统中携带的信息的安全性(如[RFC4271]中所述)非常感兴趣。虽然有一些技术可用于保护交换路由协议信息的两个设备之间的关系,例如[BGP-MD5],但这些技术不能确保路由协议中携带的信息的各个方面是有效的或授权的。
The following small internetwork is used to examine the concepts of validity and authorization within this document, providing definitions used through the remainder of the document.
以下小型互联网络用于检查本文件中的有效性和授权概念,提供本文件其余部分使用的定义。
10.1.1.0/24--(AS65000)---(AS65001)--(AS65002)
10.1.1.0/24--(AS65000)---(AS65001)--(AS65002)
Assume a BGP speaker in AS65002 has received an advertisement for 10.1.1.0/24 from a BGP speaker in AS65001, with an AS Path of {65000, 65001}.
假设AS65002中的BGP扬声器从AS65001中的BGP扬声器接收到10.1.1.0/24的广告,AS路径为{65000,65001}。
1.1. Is the Originating AS Authorized to Advertise Reachability to the Destination?
1.1. 发起方是否有权公布到达目的地的可达性?
The most obvious question the receiving BGP speaker can ask about this advertisement is whether or not the originating AS, in this case AS65000, is authorized to advertise the prefix contained within the advertisement, in this case 10.1.1.0/24. Whether or not a BGP speaker receiving a route to 10.1.1.0/24 originating in AS65000 can verify that AS65000 is, indeed, authorized to advertise 10.1.1.0/24 is outside the scope of this document.
接收BGP演讲者可以询问的关于此广告的最明显问题是,发起AS(在本例中为AS65000)是否有权发布广告中包含的前缀,在本例中为10.1.1.0/24。接收到从AS65000发送到10.1.1.0/24的路由的BGP扬声器是否可以验证AS65000是否确实被授权发布10.1.1.0/24不在本文件范围内。
If a BGP speaker receives an advertisement from a peer outside the local autonomous system (AS), the peer sending the update has a path to the destination prefix in the update. Specifically, are the autonomous systems within the internetwork connected in such a way that the receiver, following the AS Path listed in the BGP update itself, can reach the originating AS listed in the received AS Path? Within this document, this is called path validation.
如果BGP扬声器从本地自治系统(AS)之外的对等方接收到广告,则发送更新的对等方具有到更新中的目的地前缀的路径。具体而言,互联网络内的自治系统是否以这样的方式连接,即遵循BGP更新自身中列出的AS路径的接收器可以到达接收AS路径中列出的原始AS?在本文档中,这称为路径验证。
Path validation, in the context of this small internetwork, asserts that when a BGP speaker in AS65002 receives an advertisement from a BGP speaker in AS65001 with the AS Path {65000, 65001}, the speaker can assume that AS65001 is attached to the local AS, and that AS65001 is also attached to AS65000.
在这个小型互联网络的上下文中,路径验证断言,当AS65002中的BGP扬声器从AS65001中的BGP扬声器接收到具有AS路径{65000,65001}的广告时,扬声器可以假设AS65001连接到本地AS,并且AS65001也连接到AS65000。
There are at least three senses in which the readvertisement of a received advertisement can be authorized in BGP:
在BGP中,至少有三种方式可以授权阅读收到的广告:
o The transmitter is authorized to advertise the specific routing information contained in the route. This treats the routing information as a single, atomic unit, regardless of the information the route actually contains. A route to 10.1.1.0/24 and another route to 10.1.0.0/16 are considered completely different advertisements of routing information, so an AS may be authorized to advertise 10.1.0.0/16 without regard to its authorization to advertise 10.1.1.0/24, since these are two separate routes. This is called route authorization throughout this document.
o 发射机有权公布路由中包含的特定路由信息。这将路由信息视为单个原子单元,而不管路由实际包含的信息是什么。一条到10.1.1.0/24的路线和另一条到10.1.0.0/16的路线被视为完全不同的路线信息广告,因此AS可能被授权发布10.1.0.0/16,而不考虑其发布10.1.1.0/24的授权,因为这是两条独立的路线。在本文档中,这称为路由授权。
o The transmitter is authorized to advertise the specific reachable destination(s) contained in the route. This treats the routing information as a set of destinations. 10.1.1.0/24 is contained within 10.1.0.0/16, and authorization to advertise the latter implies authorization to advertise the former. This is called reachability authorization throughout this document.
o 发射机有权公布路由中包含的特定可到达目的地。这将路由信息视为一组目的地。10.1.1.0/24包含在10.1.0.0/16中,授权发布后者意味着授权发布前者。在本文档中,这称为可达性授权。
o The transmitter is authorized to transit traffic to the destinations contained within the route. This ties the concepts of the route to what the route is used for. If a BGP speaker is advertising reachability to 10.1.1.0/24, it is authorized to transit traffic to all reachable destinations within 10.1.1.0/24 along the path advertised. This is called transit authorization throughout this document.
o 发送器有权将通信量传输到路线中包含的目的地。这将路由的概念与路由的用途联系起来。如果BGP扬声器正在向10.1.1.0/24播发可达性,则授权其沿播发路径向10.1.1.0/24范围内的所有可达目的地传输流量。这在本文件中称为过境授权。
There is considerable tension between these three definitions of authorization; much of this document is built around exploring the relationships between these different types of authorization, and how they may, or may not, work in various internetworks. One of the conclusions reached by this document is that route authorization, reachability authorization, and transit authorization are often at odds with each other. Showing one type of authorization to be true does not show any other types of authorization to be true, and route authorization is of questionable value because of the intertwined nature of these three types of authorization in a routing system.
这三种授权定义之间存在相当大的紧张关系;本文档的大部分内容都围绕着探索这些不同类型的授权之间的关系,以及它们在各种互联网中如何工作。本文件得出的结论之一是,路线授权、可达性授权和过境授权通常相互矛盾。显示一种类型的授权为真并不表示任何其他类型的授权为真,路由授权的价值值得怀疑,因为路由系统中这三种类型的授权相互交织。
1.4. Will Traffic Forwarded to an Advertising Speaker Follow the Described AS Path?
1.4. 转发到广告演讲者的流量是否会遵循所述路径?
If a BGP speaker receives an advertisement from a peer not in the local AS, will traffic forwarded to the peer advertising the update follow the path described in the AS Path? In this document, this is called forwarding consistency.
如果BGP扬声器接收到来自非本地AS的对等方的播发,转发到播发更新的对等方的流量是否会遵循AS路径中描述的路径?在本文档中,这称为转发一致性。
In terms of the small example internetwork, if a BGP speaker in AS65002 receives an advertisement from a peer in AS65001 for the destination 10.1.1.0/24, with an AS Path {65000, 65001}, will traffic forwarded to the BGP speaker in AS65001 actually be forwarded through routers within AS65001, then AS65000, to reach its destination?
就小型示例互联网而言,如果AS65002中的BGP扬声器从AS65001中的对等方接收到目的地10.1.1.0/24的播发,其AS路径为{65000,65001},转发到AS65001中BGP扬声器的流量是否会通过AS65001中的路由器转发,然后通过AS65000到达其目的地?
1.5. Is a Withdrawing Speaker Authorized to Withdraw the Routing Information?
1.5. 退出演讲者是否有权撤回路由信息?
If an advertisement is withdrawn, the withdrawing BGP peer was originally advertising the prefix (or was authorized to advertise the prefix). This assertion is out of the scope of this document.
如果广告被撤回,则撤回的BGP对等方最初是在公布前缀(或被授权公布前缀)。此断言超出了本文档的范围。
To begin, we review some of the concepts of routing, since we need to keep these concepts fixed firmly in place while we examine these questions. After this, four examples will be undertaken with BGP to show the tension between the various types of authorization in a path vector routing system.
首先,我们回顾一些路由的概念,因为我们需要在检查这些问题时将这些概念固定在适当的位置。在此之后,将使用BGP进行四个示例,以显示路径向量路由系统中各种类型的授权之间的紧张关系。
Routing protocols are designed, in short, to discover a set of loop-free paths to each reachable destination within a network (or internetwork). The loop-free path chosen to reach a specific destination may not be the shortest path, and it may not always be
简言之,路由协议设计用于发现网络(或互联网络)中每个可到达目的地的一组无环路路径。选择用于到达特定目的地的无回路路径可能不是最短路径,也可能并非总是最短路径
the "best" path (depending on the definition of "best"), but it should always be a loop-free path, otherwise the routing protocol has failed.
“最佳”路径(取决于“最佳”的定义),但它应该始终是无循环路径,否则路由协议失败。
This sheds some light on the purpose of the path included in a path vector protocol's routing update: the path is there to prove the path is loop free, rather than to provide any other information. While Dijkstra's Sender Policy Framework (SPF) and the Diffusing Update Algorithm (DUAL) both base their loop-free path calculations on the cost of a path, path vector protocols, such as BGP, prove a path is loop free by carrying a list of nodes the advertisement itself has traversed. BGP specifically uses an AS Path-based mechanism to prove loop freeness for any given update so each AS along the path may implement local policy without risking a loop in the routing system caused by competing metrics.
这为路径向量协议的路由更新中包含的路径的用途提供了一些线索:该路径用于证明该路径是无循环的,而不是提供任何其他信息。虽然Dijkstra的发送方策略框架(SPF)和扩散更新算法(DUAL)都基于路径的成本计算无循环路径,但路径向量协议(如BGP)通过携带广告本身所经过的节点列表来证明路径是无循环的。BGP特别使用基于AS路径的机制来证明任何给定更新的无循环性,因此路径上的每个AS都可以实现本地策略,而不会使路由系统中的循环因竞争度量而产生风险。
We need to keep this principle in mind when considering the use of the path carried in a path-vector protocol, and its use by a receiving BGP speaker for setting policy or gauging the route's security level.
在考虑使用路径向量协议中承载的路径时,以及接收BGP扬声器使用该路径来设置策略或评估路由的安全级别时,我们需要牢记这一原则。
In the small network:
在小型网络中:
+---(AS65002)---+
(AS65000)--(AS65001) (AS65004)--10.1.1.0/24
+---(AS65003)---+
+---(AS65002)---+
(AS65000)--(AS65001) (AS65004)--10.1.1.0/24
+---(AS65003)---+
A BGP speaker in AS65000 may receive an advertisement from a peer that 10.1.1.0/24 is reachable along the path {65004, 65002, 65001}. Based on this information, the BGP speaker may forward packets to its peer in AS65001, expecting them to take the path described. However, within AS65001, the network administrator may have configured a static route making the next hop to 10.1.1.0/24 the edge router with AS65003.
AS65000中的BGP扬声器可能会从对等方接收到一则广告,说明10.1.1.0/24可沿路径{650046500265001}到达。基于此信息,BGP扬声器可将数据包转发至AS65001中的对等方,期望它们采用所述路径。但是,在AS65001中,网络管理员可能已经配置了一个静态路由,使下一跳到10.1.1.0/24使用AS65003的边缘路由器。
It's useful to note that while [RFC4271] states: "....we assume that
a BGP speaker advertises to its peers only those routes that it
itself uses...", the definition of the term "use" is rather loose in
all known widely deployed BGP implementations. Rather than meaning:
"A BGP speaker will only advertise destinations the BGP process on
the speaker has installed in the routing table", it generally means:
"A BGP speaker will only advertise destinations that the local
routing table has a matching route installed for, no matter what
process on the local router installed the route". A naive reaction
may be to simply change the BGP specifications and all existing
implementations so a BGP speaker will only advertise a route to a
It's useful to note that while [RFC4271] states: "....we assume that
a BGP speaker advertises to its peers only those routes that it
itself uses...", the definition of the term "use" is rather loose in
all known widely deployed BGP implementations. Rather than meaning:
"A BGP speaker will only advertise destinations the BGP process on
the speaker has installed in the routing table", it generally means:
"A BGP speaker will only advertise destinations that the local
routing table has a matching route installed for, no matter what
process on the local router installed the route". A naive reaction
may be to simply change the BGP specifications and all existing
implementations so a BGP speaker will only advertise a route to a
peer if the BGP process on the router actually installed the route in the local routing table. This, however, ignores the complex interactions between interior and exterior gateway protocols, which most often run on the same device, and the complexities of route origination.
对等路由器上的BGP进程是否在本地路由表中实际安装了路由。然而,这忽略了内部和外部网关协议(通常在同一设备上运行)之间的复杂交互,以及路由发起的复杂性。
Although this is an "extreme" example, since we can hardly claim the information within the routing protocol is actually insufficient, we still find this example instructive in light of the questions outlined in Section 1:
虽然这是一个“极端”的例子,但由于我们很难声称路由协议中的信息实际上是不够的,因此我们仍然认为,根据第1节中概述的问题,这个例子很有启发性:
o Is the AS Path valid? The AS Path the receiving BGP speaker in AS65000 receives from its peer in AS65001, {65004, 65002, 65001), does exist, and is valid.
o AS路径有效吗?AS65000中的接收BGP扬声器从AS65001中的对等方接收的AS路径{650046500265001)确实存在并且有效。
o Is the advertisement authorized? Since we have no knowledge of any autonomous system level policy within this network, we have no way of answering this question. We can assume that AS65001 has both route and reachability authorization, but it is difficult to see how transit authorization can be accomplished in this situation. Even if the BGP speaker in AS65000 could verify AS65001 is authorized to transit AS65002 to reach 10.1.1.0/24, this implies nothing about the authorization to transit traffic through the path traffic will actually take, which is through AS65003.
o 广告经批准了吗?由于我们不了解该网络中的任何自治系统级策略,因此无法回答此问题。我们可以假设AS65001同时具有路由和可达性授权,但很难看出在这种情况下如何实现过境授权。即使AS65000中的BGP扬声器可以验证AS65001是否有权传输AS65002以达到10.1.1.0/24,这也并不意味着通过AS65003的路径传输流量的授权。
o Is the AS Path consistent with the forwarding path (does forwarding consistency exist)? No, the advertised AS Path is {65004, 65002, 65001}, while the actual path is {65004, 65003, 65001}.
o AS路径是否与转发路径一致(是否存在转发一致性)?否,播发为路径为{650046500265001},而实际路径为{650046500365001}。
From this example, we can see forwarding consistency is not possible to validate in a deployed network; just because a BGP speaker advertises a specific path to reach a given destination, there is no reason to assume traffic forwarded to the speaker will actually follow the path advertised. In fact, we can reason this from the nature of packet-forwarding networks; each router along a path makes a completely separate decision about where to forward received traffic. Any router along the path could actually change the path due to network conditions without notifying, in any way, upstream routers. Therefore, at any given time, an upstream router may be forwarding traffic along a path that no longer exists, or is no longer optimal, and downstream routers could be correcting the forwarding decision by placing the traffic on another available path unknown to the upstream router.
从这个例子中,我们可以看出,在部署的网络中,转发一致性是不可能验证的;仅仅因为BGP扬声器广播特定路径以到达给定目的地,就没有理由假设转发给扬声器的流量实际上将遵循广播的路径。事实上,我们可以从包转发网络的性质来解释这一点;一条路径上的每个路由器对转发接收到的流量的位置做出完全独立的决定。路径上的任何路由器实际上都可以根据网络状况更改路径,而无需以任何方式通知上游路由器。因此,在任何给定时间,上游路由器可以沿着不再存在或不再是最优的路径转发业务,并且下游路由器可以通过将业务放置在上游路由器未知的另一可用路径上来纠正转发决策。
As a corollary, we can see that authorizing transit through a specific AS Path is not possible, either. If the source of a
作为推论,我们可以看到,授权通过特定As路径的过境也是不可能的。如果
specific flow cannot know what path the traffic within that flow will take to reach the destination, then there is no meaningful sense in which downstream routers can authorize the source to use available paths for transiting traffic.
特定流无法知道该流中的流量将通过什么路径到达目的地,那么下游路由器可以授权源使用可用路径传输流量就没有意义了。
In this internetwork, we assume a single policy: the system administrator of AS65000 would not like the destination 10.1.1.0/24 to be reachable from any autonomous system beyond AS65001. In other words, 10.1.1.0/24 should be reachable within AS65001, but not to autonomous systems connected to AS65001, such as AS65002.
在这个互联网络中,我们假设一个策略:AS65000的系统管理员不希望从AS65001之外的任何自治系统访问目标10.1.1.0/24。换句话说,10.1.1.0/24应该可以在AS65001中访问,但不能访问连接到AS65001的自治系统,如AS65002。
10.1.1.0/24---(AS65000)---(AS65001)---(AS65002)
10.1.1.0/24---(AS65000)---(AS65001)---(AS65002)
The system administrator can implement this policy by causing BGP speakers within AS65000 to advertise 10.1.1.0/24 to peers within AS65001 with a signal that the BGP speakers in AS65001 should not readvertise the reachability of this routing information. For example, BGP speakers in AS65000 could advertise the route to 10.1.1.0/24 with the NO_ADVERTISE community attached, as described in [RFC4271]. If the BGP speakers in AS65001 are configured to respond to this community (and we assume they are for the purposes of this document) correctly, they should accept this advertisement, but not readvertise reachability to 10.1.1.0/24 into AS65002.
系统管理员可以通过使AS65000中的BGP扬声器向AS65001中的对等方播发10.1.1.0/24,并发出AS65001中的BGP扬声器不应读取此路由信息的可达性的信号来实施此策略。例如,AS65000中的BGP扬声器可以在不附加任何广告社区的情况下宣传到10.1.1.0/24的路线,如[RFC4271]中所述。如果AS65001中的BGP扬声器配置为正确响应此社区(我们假设它们是为了本文档的目的),则它们应接受此广告,但不能将10.1.1.0/24的可达性读入AS65002。
However, unknown to the system administrator of AS65000, AS65001 is actually advertising a default route to AS65002 with an AS Path of {65001}, and not a full routing table. If some host within AS65002, then, originates a packet destined to 10.1.1.1, what will happen? The packet will be routed according to the default route from AS65002 into AS65001. Routers within AS65001 will forward the packet along the 10.1.1.0/24 route, eventually forwarding the traffic into AS65000.
但是,AS65000的系统管理员不知道,AS65001实际上正在向AS65002播发一条默认路由,其AS路径为{65001},而不是完整的路由表。如果AS65002中的某个主机发起了一个目的地为10.1.1.1的数据包,会发生什么情况?数据包将根据默认路由从AS65002路由到AS65001。AS65001中的路由器将沿着10.1.1.0/24路由转发数据包,最终将流量转发到AS65000。
o Is the AS Path valid? This is a difficult question to answer, since there are actually two different advertisements in the example. From the perspective of the BGP speaker in AS65002 receiving a default route in an advertisement from a peer in AS65001, the AS Path to the default route is valid. However, there is no route to 10.1.1.0/24 for the BGP speaker in AS65002 to examine for validity, so the question appears to be out of scope for this example.
o AS路径有效吗?这是一个很难回答的问题,因为示例中实际上有两个不同的广告。从AS65002中的BGP扬声器从AS65001中的对等方接收播发中的默认路由的角度来看,默认路由的AS路径是有效的。但是,AS65002中的BGP扬声器没有通往10.1.1.0/24的途径来检查其有效性,因此该问题似乎超出了本例的范围。
o Is the AS Path consistent with the forwarding path (is there forwarding consistency)? From the perspective of a BGP speaker in AS65002, traffic forwarded to AS65001 towards a destination within 10.1.1.0/24 is going to actually terminate within AS65001, since
o AS路径是否与转发路径一致(是否存在转发一致性)?从AS65002中BGP扬声器的角度来看,在10.1.1.0/24范围内向目的地转发至AS65001的流量实际上将在AS65001内终止,因为
that is the entire AS Path for the default route. However, this traffic actually transits AS65001 towards AS65000. Therefore, forwarding consistency does not exist in this example, in which we are dealing with a case of aggregation, and as Section 9.1.4 of [RFC4271], in reference to aggregated routing information, states: "Forwarding along such a route does not guarantee that IP packets will actually traverse only ASes listed in the AS_PATH attribute of the route".
这是默认路由的整个AS路径。然而,该流量实际上是从AS65001向AS65000传输的。因此,在本例中,转发一致性不存在,在本例中,我们处理的是聚合情况,如[RFC4271]第9.1.4节所述,关于聚合路由信息,该节指出:“沿着这样的路由转发并不保证IP数据包实际上只遍历路由的AS_PATH属性中列出的ASE”。
Is the advertisement authorized? This example higlights the tension between the three different types of authorization. The three following sections discuss issues with different advertisements AS65001 may send to AS65002.
广告经批准了吗?本例显示了三种不同类型的授权之间的紧张关系。以下三节讨论AS65001可能发送给AS65002的不同广告的问题。
The first issue that comes up in this example is the case where there is no expectation of authorization for aggregation. The most common example of this is the advertising and accepting of the default route (0/0). This is a common practice typically done by agreement between the two parties. Obviously, there is not an authorization process for such an advertisement. This advertisement may extend reachability beyond the originator's intention (along the lines of the previous example). It may cause packets to take paths not known by the sender (since the path on 0/0 is simply the advertising AS). It may violate other security constraints. This places limits on the power and applicability of efforts to secure the AS path and AS policies. It does not vitiate the underlying value in such efforts.
本例中出现的第一个问题是,不需要对聚合进行授权。最常见的例子是广告和接受默认路由(0/0)。这是一种常见的做法,通常由双方协议完成。显然,此类广告没有授权流程。此广告可能会将可达性扩展到发起者的意图之外(与前一个示例相同)。它可能会导致数据包采用发送方不知道的路径(因为0/0上的路径只是作为广告的路径)。它可能违反其他安全约束。这限制了确保AS路径和AS策略的能力和适用性。它不会损害这些努力的潜在价值。
In the current instantiation of IP address allocation, an AS may receive authorization to advertise 10.1.0.0/16, for instance, and may authorize some other party to use (or own) 10.1.1.0/24, a subblock of the space authorized. This is called a suballocation.
在IP地址分配的当前实例中,AS可以接收例如播发10.1.0.0/16的授权,并且可以授权另一方使用(或拥有)授权空间的子块10.1.1.0/24。这称为子分配。
For instance, in this example, if AS65001 were authorized to originate 10.1.0.0/16, it could advertise 10.1.0.0/16 towards AS65002, rather than a default route. Assume there is some form of authorization mechanism AS65002 can consult to verify AS65001 is authorized to advertise 10.1.0.0/16. In this case, AS65002 could examine the authorization of AS65001 to originate 10.1.0.0/16, and assume that if AS65002 is authorized to advertise 10.1.0.0/16, it is also authorized to transit traffic towards every possible subblock of (every destination within) 10.1.0.0/16. To put this in more distinct terms:
例如,在本例中,如果AS65001被授权发起10.1.0.0/16,它可以向AS65002播发10.1.0.0/16,而不是默认路由。假设存在某种形式的授权机制,AS65002可以咨询以验证AS65001是否有权发布10.1.0.0/16。在这种情况下,AS65002可以检查AS65001发起10.1.0.0/16的授权,并假设如果AS65002被授权发布10.1.0.0/16,它也被授权向10.1.0.0/16中(每个目的地)的每个可能子块传输流量。更明确地说:
o AS65002 verifies route authorization by examining the authorization of AS65001 to advertise 10.1.0.0/16.
o AS65002通过检查AS65001发布10.1.0.0/16的授权来验证路由授权。
o AS65002 assumes destination authorization, that AS65001 has the authorization to advertise every possible subblock of 10.1.0.0/16, because AS65001 is authorized to advertise 10.1.0.0/16.
o AS65002假设目标授权,即AS65001有权公布10.1.0.0/16的每个可能子块,因为AS65001有权公布10.1.0.0/16。
o AS65002 assumes transit authorization, that AS65001 has the authorization to transit traffic to every possible subblock of 10.1.0.0/16, because AS65001 is authorized to advertise 10.1.0.0/16.
o AS65002假设运输授权,即AS65001有权将交通运输到10.1.0.0/16的每个可能的子区块,因为AS65001有权发布10.1.0.0/16。
From the example given, however, it is obvious route authorization does not equal destination or transit authorization. While AS65001 does have route authorization to advertise 10.1.0.0/16, it does not have destination authorization to advertise 10.1.1.0/24, nor transit authorization for destinations with 10.1.1.0/24.
然而,从给出的示例来看,显然路线授权并不等于目的地或过境授权。虽然AS65001有发布10.1.0.0/16的路线授权,但它没有发布10.1.1.0/24的目的地授权,也没有发布10.1.1.0/24的目的地过境授权。
The naive reply to this would be to simply state that destination and transit authorization should not be assumed from route authorization. However, the problem is not that simple to resolve. The assumption of destination authorization and transit authorization are not decisions AS65002 actually makes; they are embedded in the way the routing system works. The route itself, within the design of routing, carries these implications.
对这一点的简单回答是,目的地和过境授权不应假定为路由授权。然而,问题并不是那么容易解决。目的地授权和过境授权的假设不是AS65002实际做出的决定;它们嵌入到路由系统的工作方式中。在路由设计中,路由本身具有这些含义。
Why does routing intertwine these three types of authorization? Most simply, because AS65002 does not have any information about subblocks that are part of 10.1.0.0/16. There is no way for AS65002 to check for destination and transit authorization because this information is removed from the system altogether. In order to show destination and transit authorization, this information must be reinjected into the routing system in some way.
为什么路由将这三种类型的授权交织在一起?最简单的原因是,AS65002没有关于属于10.1.0.0/16的子块的任何信息。AS65002无法检查目的地和运输授权,因为此信息已从系统中完全删除。为了显示目的地和运输授权,必须以某种方式将此信息重新注入路由系统。
For instance, considering destination authorization alone, it is possible to envision a system where AS65001, when suballocating part of 10.1.0.0/16 to the originator, must also obtain permission to continue advertising the original address block as an aggregate, to attempt to resolve this problem. However, this raises some other issues:
例如,仅考虑目的地授权,可以设想一个系统,其中AS65001在将10.1.0.0/16的一部分分配给发起人时,还必须获得许可,才能继续将原始地址块作为聚合进行广告,以尝试解决此问题。然而,这引发了一些其他问题:
o If the originator did not agree to AS65001 advertising an aggregate containing 10.1.1.0/24, then AS65001 would be forced to advertise some collection of advertisements not containing the suballocated block.
o 如果发起人不同意AS65001发布包含10.1.1.0/24的聚合,则AS65001将被迫发布一些不包含子分配块的发布集合。
o If AS65001 actually does obtain permission to advertise the aggregate, we must find some way to provide AS65002 with
o 如果AS65001确实获得了发布聚合的许可,我们必须找到某种方法向AS65002提供
information about this authorization for each possible subblock of 10.1.0.0/16.
关于10.1.0.0/16的每个可能子块的此授权的信息。
In other words, either AS65002 must receive the actual routes for each suballocation of 10.1.0.0/16, or it must receive some form of authorization allowing AS65001 to advertise each suballocation of 10.1.0.0/16. This appears to defeat the purpose of aggregation, rendering routing systems much less scalable than current design allows. Further, this does not resolve the issue of how AS65002 would actually know what all the suballocations of 10.1.0.0/16 actually are. Some possible solutions could be:
换句话说,AS65002必须接收10.1.0.0/16的每个子分配的实际路线,或者必须接收某种形式的授权,允许AS65001公布10.1.0.0/16的每个子分配。这似乎违背了聚合的目的,使得路由系统的可伸缩性远不如当前设计所允许的。此外,这并不能解决AS65002如何实际知道10.1.0.0/16的所有子配置的问题。一些可能的解决办法可以是:
o The suballocator must advertise all suballocations. This could potentially expose business relationships and patterns that many large commercial providers do not want to expose, and degrades the hierarchical nature of suballocation altogether.
o 子分配者必须公布所有子分配。这可能会暴露出许多大型商业提供商不想暴露的业务关系和模式,并会降低子分配的层次性。
o The IP address space must be reconstructed so everyone using IP address space will know, based on the construction of the IP address space, what subblocks exist. For instance, the longest allowed subblock could be set at a /24, and authorization must be available for every possible /24 in the address space, either for origination, or as part of an aggregate. This sort of solution would be an extreme burden on the routing system.
o 必须重构IP地址空间,这样每个使用IP地址空间的人都会知道,基于IP地址空间的构造,存在哪些子块。例如,允许的最长子块可以设置为a/24,并且地址空间中每个可能的/24都必须具有授权,无论是用于发起还是作为聚合的一部分。这种解决方案将给路由系统带来极大的负担。
It is also possible for AS65001 to have some form of agreement with AS65002 to aggregate blocks of address space it does not own towards AS65002. This might be done to reduce the burden on BGP speakers within AS65002. This is called proxy aggregation. While proxy aggregation is rare, it is useful to examine the result of agreed upon proxy aggregation in this situation.
AS65001也可以与AS65002达成某种形式的协议,以聚合AS65002不拥有的地址空间块。这可能是为了减轻AS65002中BGP扬声器的负担。这称为代理聚合。虽然代理聚合很少见,但在这种情况下,检查约定的代理聚合的结果很有用。
Assume AS65001 has an advertisement for 10.1.0.0/24 from some unknown source, and decides to advertise both 10.1.0.0/24 and 10.1.1.0/24 as 10.1.0.0/23 to AS65002. If there exists an agreement for AS65001 to advertise proxy aggregates to AS65002, the latter will accept the advertisement regardless of any attached authorization to advertise. This may represent a security risk for AS65002, but it might be seen as an acceptable risk considering the trade-offs, from AS65002's perspective.
假设AS65001从未知来源发布了10.1.0.0/24的广告,并决定将10.1.0.0/24和10.1.1.0/24作为10.1.0.0/23发布给AS65002。如果存在AS65001向AS65002发布代理聚合的协议,则后者将接受该广告,而不考虑任何附加的发布授权。这可能代表AS65002的安全风险,但从AS65002的角度来看,考虑到权衡,这可能被视为可接受的风险。
The problem is, however, this also impacts the policies of AS65000, which is originating one of the two routes being aggregated by AS65001. There is no way for AS65002 to know about this policy, nor to react to it, and there is actually no incentive for AS65002 to react to a security threat posed to AS65000, which it has no direct
然而,问题是,这也会影响AS65000的策略,AS65000是AS65001聚合的两条路由中的一条。AS65002无法了解该政策,也无法对其作出反应,实际上,AS65002也没有动机对AS65000面临的安全威胁作出反应,因为AS65000没有直接的安全威胁
relationship with. There doesn't appear to be any immediately available solution to this problem, other than to disallow proxy aggregation, even between two cooperating autonomous systems.
与……的关系。除了禁止代理聚合之外,似乎没有任何立即可用的解决方案,即使是在两个合作的自治系统之间。
The basic problem is that AS65002 assumes when AS65001 advertises an authorized route containing 10.1.1.0/24, either through a valid unauthorized aggregate, an owner aggregated route, or a proxy aggregation, AS65001 also has destination authorization for the subblock 10.1.1.0/24, and transit authorization for destinations within 10.1.1.0/24. These are, in fact, invalid assumptions, but they are tied to the way routing actually works. This shows the value of route authorization is questionable, unless there is some way to untie destination and transit authorization from route advertisements, which are deeply intertwined today.
基本问题是,AS65002假设当AS65001通过有效的未授权聚合、所有者聚合路由或代理聚合发布包含10.1.1.0/24的授权路由时,AS65001还具有子块10.1.1.0/24的目的地授权,以及10.1.1.0/24范围内目的地的中转授权。事实上,这些都是无效的假设,但它们与路由的实际工作方式有关。这表明,路线授权的价值是值得怀疑的,除非有某种方法可以将目的地和过境授权从路线广告中分离出来,而这些广告在今天是相互交织在一起的。
This example is slightly more complex than the last two. Given the following small network, assume that A and D have a mutually agreed upon policy of not allowing traffic to transit B to reach destinations within 10.1.1.0/25.
这个例子比前两个稍微复杂一些。鉴于以下小型网络,假设A和D有一个共同商定的政策,即不允许B的交通在10.1.1.0/25内到达目的地。
10.1.1.0/25--A---B---C---D
| | |
E-------F---G
10.1.1.0/25--A---B---C---D
| | |
E-------F---G
Assume the following:
假设如下:
o A advertises 10.1.1.0/25 to B, and 10.1.1.0/24 to E.
o A向B宣传10.1.1.0/25,向E宣传10.1.1.0/24。
o B advertises 10.1.1.0/25 {B,A} to C.
o B向C宣传10.1.1.0/25{B,A}。
o E advertises 10.1.1.0/24 {E,A} to F, filtering 10.1.1.0/25 {E,A} based on some local policy.
o E根据一些当地政策,从10.1.1.0/24{E,A}到F,过滤10.1.1.0/25{E,A}。
o F advertises 10.1.1.0/24 {F,E,A} to C and to G.
o F向C和G宣传10.1.1.0/24{F,E,A}。
o C advertises 10.1.1.0/24 {C,F,E,A} to D, filtering 10.1.1.0/25 {B,A} based on some local policy.
o C宣传10.1.1.0/24{C,F,E,A}到D,根据一些当地政策过滤10.1.1.0/25{B,A}。
o G advertises 10.1.1.0/24 {G,F,E,A} to D.
o G宣传10.1.1.0/24{G,F,E,A}至D。
o D chooses 10.1.1.0/24 {C,F,E,A} over 10.1.1.0/24 {G,F,E,A}.
o D选择10.1.1.0/24{C,F,E,A}而不是10.1.1.0/24{G,F,E,A}。
What path will traffic forwarded to C destined to hosts within 10.1.1.0/25 actually follow?
在10.1.1.0/25范围内,转发到C并发送到主机的流量将遵循什么路径?
o D forwards this traffic to C, since its best path is through 10.1.1.0/24 {C,F,E,A}.
o D将该通信转发给C,因为它的最佳路径是通过10.1.1.0/24{C,F,E,A}。
o C forwards this traffic to B, since its best path is through 10.1.1.0/25 {B,A}.
o C将此流量转发给B,因为它的最佳路径是通过10.1.1.0/25{B,A}。
o B forwards this traffic to A, since its best path is through 10.1.1.0/25 {A}.
o B将此流量转发给A,因为它的最佳路径是通过10.1.1.0/25{A}。
Considering this result:
考虑到这一结果:
o Is the AS Path valid? Both {G, F, E, A} and {C, F, E, A} are valid AS Paths, so both AS Paths in this example are valid.
o AS路径有效吗?{G,F,E,A}和{C,F,E,A}都是有效的路径,因此在本例中这两个路径都是有效的。
o Is the advertisement authorized? Assuming A is authorized to advertise 10.1.1.0/24, and all the autonomous systems in the example are authorized to readvertise 10.1.1.0/24, the route is authorized. However, C does not have destination nor transit authorization to 10.1.1.0/25, since B is the best path from C to 10.1.1.0/25, and D and A have explicit policies not to transit this path. In effect, then C does not have destination or transit authorization for 10.1.1.0/24, because it contains 10.1.1.0/25.
o 广告经批准了吗?假设A被授权发布10.1.1.0/24,并且示例中的所有自治系统被授权读取10.1.1.0/24,则该路由被授权。但是,由于B是从C到10.1.1.0/25的最佳路径,并且D和A有明确的策略不传输该路径,因此C对10.1.1.0/25没有目的地或传输授权。实际上,C没有10.1.1.0/24的目的地或中转授权,因为它包含10.1.1.0/25。
o Is the AS Path consistent with the forwarding path (is there forwarding consistency)? While C is advertising the AS Path {C, F, E, A} to D to reach destinations within 10.1.1.0/24, it is actually forwarding along a different path to some destinations within this advertisement. Forwarding consistency does not exist within this internetwork.
o AS路径是否与转发路径一致(是否存在转发一致性)?当C在10.1.1.0/24中作为路径{C,F,E,A}到D来到达目的地时,它实际上是沿着不同的路径转发到该广告中的某些目的地。转发一致性在此互联网内不存在。
In this example, A assumes that D will receive both the advertisement for 10.1.1.0/24 and the advertisement for 10.1.1.0/25, and will be able to use the included AS Path to impose their mutually agreed on policy not to transit B. Information about 10.1.1.0/25, however, is removed from the routing system by policies outside the knowledge or control of A or D. The information remaining in the routing system implies D may correctly route to destinations within 10.1.1.0/25 through C, since 10.1.1.0/25 is contained within 10.1.1.0/24, which C is legally advertising.
在本例中,A假设D将同时收到10.1.1.0/24的广告和10.1.1.0/25的广告,并将能够使用“包含为”路径强制执行双方商定的不传输B的政策。但是,关于10.1.1.0/25的信息,由A或D不了解或控制的策略从路由系统中删除。路由系统中的剩余信息表明D可以正确路由到10.1.1.0/25到C范围内的目的地,因为10.1.1.0/25包含在10.1.1.0/24中,C是合法的广告。
The tension between route authorization, destination authorization, and transit authorization can be seen clearly in this slightly more complex example. Route authorization implies destination and transit authorization in routing, but route authorization does not include destination or prefix authorization in this example.
在这个稍微复杂的示例中,可以清楚地看到路线授权、目的地授权和过境授权之间的紧张关系。路由授权意味着路由中的目的地和中转授权,但在本例中,路由授权不包括目的地或前缀授权。
This is the most complex example we will cover in this document. It can be argued that the configuration described in this example is a misconfiguration, but we have chosen this example for its simplicity, as an illustration of the complexity of the interaction between interior and exterior gateway protocols within an autonomous system. BGP route reflectors, particularly when configured in a hierarchy, provide many examples of forwarding inconsistency, but they are much more complex than this small example.
这是我们将在本文档中介绍的最复杂的示例。可以说,本示例中描述的配置是一种错误配置,但我们选择本示例是因为其简单性,以说明自治系统内部和外部网关协议之间交互的复杂性。BGP路由反射器,特别是在层次结构中配置时,提供了许多转发不一致的示例,但它们比这个小示例复杂得多。
+-----F(9)---------------G(3)--------+
| | |
| +------+ |
| | |
| +---C(2)--+ |
| | | |
A(1)-----B(2) +----------------E(5)--10.1.1.0/24
| | | |
| +---D(2)--+ |
| |
+------------------H(6)--J(7)--K(8)--+
+-----F(9)---------------G(3)--------+
| | |
| +------+ |
| | |
| +---C(2)--+ |
| | | |
A(1)-----B(2) +----------------E(5)--10.1.1.0/24
| | | |
| +---D(2)--+ |
| |
+------------------H(6)--J(7)--K(8)--+
In this diagram, each router is labeled, with the AS in which it is contained, in parenthesis following the router label. As its best path to 10.1.1.0/24:
在这个图中,每个路由器都有标签,在路由器标签后面的括号中有它所在的AS。作为10.1.1.0/24的最佳路径:
o Router E is using its local (intra-AS) path.
o 路由器E正在使用其本地(内部AS)路径。
o Router C is using the path through AS3.
o 路由器C正在使用通过AS3的路径。
o Router D is using the path through Router E.
o 路由器D正在使用通过路由器E的路径。
o Router B is using the path through Router E.
o 路由器B正在使用通过路由器E的路径。
Examining the case of Router B more closely, however, we discover that while Router B prefers the path it has learned from Router E, that path has been advertised with a next hop of Router E itself. However, Router B's best path to this next hop (i.e., Router E), as determined by the interior routing protocol, is actually through Router C. Thus, Router B advertises the path {2, 5} to Router A, but traffic actually follows the path {2, 3, 5} when Router B receives it.
然而,更仔细地研究路由器B的情况,我们发现,虽然路由器B更喜欢它从路由器E学到的路径,但该路径已经通过路由器E本身的下一跳进行了通告。然而,路由器B到下一跳的最佳路径(即,路由器e),由内部路由协议确定,实际上是通过路由器C。因此,路由器B向路由器A播发路径{2,5},但当路由器B接收到路径{2,3,5}时,流量实际上沿着路径{2,3,5}。
The system administrator of AS1 has determined there is an attacker in AS3, and has set the policy on router A to avoid any route with AS3 in the AS Path. So, beginning with this rule, it discards the path learned from AS9. It now examines the two remaining paths,
AS1的系统管理员已确定AS3中存在攻击者,并已在路由器A上设置策略,以避免AS路径中有AS3的任何路由。因此,从这个规则开始,它放弃从AS9学习的路径。它现在检查剩下的两条路径,
learned from AS2 (B) and AS6, and determines the best path is {2, 5}, through AS2 (B). However, unknown to A, AS2 (B) is also connected to AS3, and is transiting traffic to AS5 via the path {2, 3, 5}.
从AS2(B)和AS6学习,并确定通过AS2(B)的最佳路径为{2,5}。但是,A不知道,AS2(B)也连接到AS3,并通过路径{2,3,5}将流量传输到AS5。
Returning to our questions:
回到我们的问题:
o Is the AS Path valid? The AS Path {2, 3, 5} is a valid AS Path.
o AS路径有效吗?AS路径{2,3,5}是有效的AS路径。
o Is the route authorized? Assuming each AS along the path is authorized to originate, or readvertise, 10.1.1.0/24, the route is authorized. Destination authorization is also clear in this situation, since 10.1.1.0/24 is the single destination throughout the example. Transit authorization is a little more difficult to determine, since the traffic doesn't actually flow along the AS Path contained in the routing advertisement. It's impossible to claim the AS Path {2,3,5} is a valid path from either the route originator or the traffic originator, since that AS Path is not the AS Path advertised. Essentially, Router E assumes transit authorization from route authorization, when there is no way to determine that AS3 is actually authorized to transit traffic to 10.1.1.0/24.
o 这条路线被批准了吗?假设路径上的每个AS都有权发起10.1.1.0/24或readvertise,则该路由已被授权。在这种情况下,目的地授权也很明确,因为在整个示例中,10.1.1.0/24是单一目的地。传输授权更难确定,因为流量实际上并不沿着路由公告中包含的AS路径流动。不可能声称AS路径{2,3,5}是来自路由发起者或流量发起者的有效路径,因为AS路径不是公布的AS路径。本质上,当无法确定AS3实际被授权将流量传输到10.1.1.0/24时,路由器E从路由授权中假定传输授权。
o Is the AS Path consistent with the forwarding path (is there forwarding consistency)? The advertised AS Path is {2, 5}, while the traffic forwarded to the destination actually transits {2, 3, 5}. Forwarding is not consistent in this example.
o AS路径是否与转发路径一致(是否存在转发一致性)?广告AS路径是{2,5},而转发到目的地的流量实际上是{2,3,5}。在本例中,转发不一致。
The examples given in this document are not the only possible examples of forwarding that is inconsistent with the advertised AS Path; [ROUTINGLOGIC] also provides some examples, as well. [ASTRACEROUTE] provides some interesting background on the practical impact of forwarding that is inconsistent with the advertised AS Path, in the context of attempting to trace the actual path of packets through a large internetwork, running BGP as an exterior gateway protocol.
本文件中给出的示例并非与广告AS路径不一致的唯一可能的转发示例;[ROUTINGLOGIC]还提供了一些示例。[ASTRACEROUTE]提供了一些有趣的背景信息,说明在试图通过大型互联网络跟踪数据包的实际路径、将BGP作为外部网关协议运行的情况下,转发与广告AS路径不一致的实际影响。
Routing strongly intertwines the concepts of route authorization, destination authorization, and transit authorization. If a BGP speaker is authorized to advertise a specific route, routing assumes that it is also authorized to advertise every possible subblock within the destination prefix, and the advertiser is authorized to transit packets to every destination within the route. By surveying these examples, we see that route authorization does not, in fact, equal destination authorization or transit authorization, calling into question the value of route authorization.
路由将路由授权、目的地授权和中转授权的概念紧密地结合在一起。如果授权BGP演讲者播发特定路由,则路由假设其也被授权播发目的地前缀内的每个可能子块,并且授权播发者将数据包传输到路由内的每个目的地。通过考察这些例子,我们发现路线授权实际上并不等于目的地授权或过境授权,这就对路线授权的价值提出了质疑。
There are no easy or obviously scalable solutions to this problem.
对于这个问题,没有简单或明显可扩展的解决方案。
We would like to thank Steve Kent for his contributions and comments on this document. We would also like to thank Joel Halpern for his work in clarifying many sections of the document, including additional text in critical sections.
我们要感谢Steve Kent对本文件的贡献和评论。我们还要感谢Joel Halpern为澄清文件的许多章节所做的工作,包括关键章节中的补充文本。
This document does not propose any new extensions or additions to existing or proposed protocols, and so does not impact the security of any protocol.
本文件不建议对现有或拟议协议进行任何新的扩展或添加,因此不会影响任何协议的安全性。
[ASTRACEROUTE] Feamster, N. and H. Balakrishnan, "Towards an Accurate ASLevel Traceroute Tool", SIGCOMM ACM SIGCOMM, 2003.
[ASTRACEROUTE]Feamster,N.和H.Balakrishnan,“实现精确的ASLevel跟踪路由工具”,SIGCOMACM SIGCOMM,2003年。
[BGP-MD5] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 Signature Option", RFC 2385, August 1998.
[BGP-MD5]Heffernan,A.,“通过TCP MD5签名选项保护BGP会话”,RFC 2385,1998年8月。
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4271]Rekhter,Y.,Ed.,Li,T.,Ed.,和S.Hares,Ed.,“边境网关协议4(BGP-4)”,RFC 42712006年1月。
[ROUTINGLOGIC] Feamster, N. and H. Balakrishnan, "Towards a Logic for Wide Area Routing", SIGCOMM ACM SIGCOMM Worshop on Future Directions in Network Architecture, Germany, August 2003.
[ROUTINGLOGIC]Feamster,N.和H.Balakrishnan,“走向广域路由的逻辑”,SIGCOMACM SIGCOMWORSHOP《网络架构的未来方向》,德国,2003年8月。
[SOBGP] White, R., "Architecture and Deployment Considerations for Secure Origin BGP (soBGP)", Work in Progress.
[SOBGP]White,R.,“安全源BGP(SOBGP)的体系结构和部署注意事项”,正在进行中。
Authors' Addresses
作者地址
Russ White Cisco Systems
思科系统公司
EMail: riw@cisco.com
EMail: riw@cisco.com
Bora Akyol Cisco Systems
博拉阿克约尔思科系统公司
EMail: bora@cisco.com
EMail: bora@cisco.com
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2008).
版权所有(C)IETF信托基金(2008年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78 and at www.rfc-editor.org/copyright.html, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78和www.rfc-editor.org/copyright.html中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.