--- 1/draft-ietf-idr-as-private-reservation-04.txt 2013-05-29 17:14:38.268343338 +0100 +++ 2/draft-ietf-idr-as-private-reservation-05.txt 2013-05-29 17:14:38.280343643 +0100 @@ -1,19 +1,19 @@ Network Working Group J. Mitchell Internet-Draft Microsoft Corporation -Updates: 1930 (if approved) April 12, 2013 +Updates: 1930 (if approved) May 29, 2013 Intended status: Best Current Practice -Expires: October 14, 2013 +Expires: November 30, 2013 Autonomous System (AS) Reservation for Private Use - draft-ietf-idr-as-private-reservation-04 + draft-ietf-idr-as-private-reservation-05 Abstract This document describes the reservation of Autonomous System numbers (ASNs) that are for Private Use only and MUST NOT be advertised to the Internet, known as Private Use ASNs. This document enlarges the total space available for Private Use ASNs by documenting the reservation of a second, larger range and updates RFC 1930 by replacing Section 10. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 14, 2013. + This Internet-Draft will expire on November 30, 2013. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -79,48 +79,45 @@ To allow the continued growth of usage of the BGP protocol in new network applications that utilize Private Use ASNs, two ranges of ASNs are reserved by this document in Section 6. The first, which was previously defined in [RFC1930] out of the original 16-bit Autonomous System range, and a second, larger range out of the higher part of the Four-Octet AS Number Space [RFC6793]. 4. Operational Considerations If Private Use ASNs are used and prefixes are originated from these - ASNs, which are destined to the Internet, Private Use ASNs MUST be - removed from the AS_PATH before being advertised to the global - Internet. Operators are cautioned to ensure any implementation + ASNs, Private Use ASNs MUST be removed from AS path attributes + (including AS4_PATH if utilizing four-octet AS number space) before + being advertised to the global Internet. Operators SHOULD ensure all + EBGP speakers support [RFC6793] and ensure any implementation specific features that recognize Private Use ASNs have been updated to recognize both ranges prior to making use of the newer, - numerically higher range of Private Use ASNs. Some existing - implementations that remove Private Use ASNs from the AS_PATH may - fail to remove Private Use ASNs if the AS_PATH contains a mixture of - Private Use and Non-Private Use ASNs. If such implementations have - not been updated to recognize the new range of ASNs in this document - and a mix of old and new range Private Use ASNs exist in the path, - these implementations may cease to remove any Private Use ASNs from - the AS_PATH. Normal AS_PATH filtering may be used to prevent + numerically higher range of Private Use ASNs in the four-octet AS + number space. Some existing implementations that remove Private Use + ASNs from the AS_PATH are known to not remove Private Use ASNs if the + AS_PATH contains a mixture of Private Use and Non-Private Use ASNs. + If such implementations have not been updated to recognize the new + range of ASNs in this document and a mix of old and new range Private + Use ASNs exist in the AS4_PATH, these implementations will likely + cease to remove any Private Use ASNs from either of the AS path + attributes. Normal AS path filtering MAY also be used to prevent prefixes originating from Private Use ASNs from being advertised to - the global Internet. Using AS_PATH filtering to filter the new range - of Private Use ASNs on a network may also mitigate the leaking of - Private Use ASNs to the global Internet in certain cases. These - cases include the case where a network is reliant on AS_PATH - manipulation features that have not been updated to recognize the new - range as described above. + the global Internet. 5. Acknowledgements The author would like to acknowledge Christopher Morrow, Jason Schiller, and John Scudder for their advice on how to pursue this change. The author would also like to thank Brian Dickson, David - Farmer, Jeffrey Haas, Nick Hilliard, Warren Kumari, and Jeff Wheeler - for their comments and suggestions. + Farmer, Jeffrey Haas, Nick Hilliard, Joel Jaeggli, Warren Kumari, and + Jeff Wheeler for their comments and suggestions. 6. IANA Considerations [Note to IANA, this paragraph to be removed upon publication: The IANA should update the "16-bit Autonomous System Numbers" registry to reference this RFC for the existing Private Use reservation. The end of the "32-bit Autonomous System Numbers" range will be reserved for Private Use, and a size of 94,967,295 (value to replace TBD1 below) corresponding to the range of 4200000000 (value to replace TBD2 below) to 4294967294 (value to replace TBD3 below). Text after this @@ -132,45 +129,56 @@ IANA has also reserved, for Private Use, a contiguous block of TBD1 Autonomous System numbers from the "32-bit Autonomous System Numbers" registry, namely TBD2 - TBD3 inclusive. These reservations have been documented in the IANA Autonomous System Numbers Registry [IANA.AS]. 7. Security Considerations - This document does not introduce any additional security concerns in - regards to Private Use ASNs. + Private Use ASNs do not raise any unique security concerns. Loss of + connectivity might result from inappropriate use of them, + specifically outside of a single organization, since they are not + globally unique. This loss of connectivity is limited to the + organization using Private Use ASNs inappropriately or without + reference to Section 4. General BGP security considerations are + discussed in [RFC4271] and [RFC4272]. Identification of the + originator of a route with a Private Use ASN in the AS path would + have to be done by tracking the route back to the neighboring + globally unique AS in the path or by inspecting other attributes. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006. [RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet Autonomous System (AS) Number Space", RFC 6793, December 2012. 8.2. Informative References - [IANA.AS] IANA, , "Autonomous System (AS) Numbers", April 2013, + [IANA.AS] IANA, "Autonomous System (AS) Numbers", May 2013, . [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, selection, and registration of an Autonomous System (AS)", BCP 6, RFC 1930, March 1996. + [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC + 4272, January 2006. + Author's Address Jon Mitchell Microsoft Corporation - 1 Microsoft Way + One Microsoft Way Redmond, WA 98052 USA Email: Jon.Mitchell@microsoft.com