Network Working Group T. Griffin
Request for Comments: 4264 University of Cambridge
Category: Informational G. Huston
APNIC
November 2005
Network Working Group T. Griffin
Request for Comments: 4264 University of Cambridge
Category: Informational G. Huston
APNIC
November 2005
BGP Wedgies
BGP楔块
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
It has commonly been assumed that the Border Gateway Protocol (BGP) is a tool for distributing reachability information in a manner that creates forwarding paths in a deterministic manner. In this memo we will describe a class of BGP configurations for which there is more than one potential outcome, and where forwarding states other than the intended state are equally stable. Also, the stable state where BGP converges may be selected by BGP in a non-deterministic manner. These stable, but unintended, BGP states are termed here "BGP Wedgies".
通常假设边界网关协议(BGP)是一种以确定性方式创建转发路径的方式分发可达性信息的工具。在本备忘录中,我们将描述一类BGP配置,其中存在多个潜在结果,且除预期状态外的转发状态同样稳定。此外,BGP可以以非确定性方式选择BGP收敛的稳定状态。这些稳定但无意的BGP状态在这里被称为“BGP楔”。
Table of Contents
目录
1. Introduction ....................................................2
2. Describing BGP Routing Policy ...................................2
3. BGP Wedgies .....................................................3
4. Multi-Party BGP Wedgies .........................................6
5. BGP and Determinism .............................................7
6. Security Considerations .........................................8
7. References ......................................................9
7.1. Normative References .......................................9
7.2. Informative References .....................................9
1. Introduction ....................................................2
2. Describing BGP Routing Policy ...................................2
3. BGP Wedgies .....................................................3
4. Multi-Party BGP Wedgies .........................................6
5. BGP and Determinism .............................................7
6. Security Considerations .........................................8
7. References ......................................................9
7.1. Normative References .......................................9
7.2. Informative References .....................................9
It has commonly been assumed that the Border Gateway Protocol (BGP) [RFC1771] is a tool for distributing reachability information in a manner that creates forwarding paths in a deterministic manner. This is a 'problem statement' memo that describes a class of BGP configurations for which there is more than one stable forwarding state. In this class of configurations there exist multiple stable forwarding states. One of these stable forwarding states is the intended state, with other stable forwarding states being unintended. The BGP convergence process of selection of a stable forwarding state may operate in a non-deterministic manner in such cases.
通常假设边界网关协议(BGP)[RFC1771]是一种以确定性方式创建转发路径的方式分发可达性信息的工具。这是一份“问题陈述”备忘录,描述了一类具有多个稳定转发状态的BGP配置。在这类配置中,存在多个稳定的转发状态。这些稳定转发状态之一是预期状态,而其他稳定转发状态是非预期状态。在这种情况下,选择稳定转发状态的BGP收敛过程可以以非确定性方式操作。
These stable, but unintended, BGP states are termed here "BGP Wedgies".
这些稳定但无意的BGP状态在这里被称为“BGP楔”。
BGP routing policies generally reflect each network administrator's objective to optimize their position with respect to their network's cost, performance, and reliability.
BGP路由策略通常反映每个网络管理员的目标,即优化他们在网络成本、性能和可靠性方面的位置。
With respect to cost optimization, the local network's default routing policy often reflects a local preference to prefer routes learned from a customer to routes learned from some form of peering exchange. In the same vein, the local network is often configured to prefer routes learned from a peer or a customer over those learned from a directly connected upstream transit provider. These preferences may be expressed via a local preference configuration setting, where the local preference overrides the AS path length metric of the base BGP operation.
关于成本优化,本地网络的默认路由策略通常反映了一种本地偏好,即偏好从客户那里学到的路由,而不是从某种形式的对等交换中学到的路由。同样,本地网络通常被配置为更喜欢从对等方或客户那里学习的路由,而不是从直接连接的上游运输提供商那里学习的路由。这些首选项可以通过本地首选项配置设置表示,其中本地首选项覆盖基本BGP操作的AS路径长度度量。
In terms of engineering reliability in the inter-domain routing environment it is commonly the case that a service provider may enter into arrangements with two or more upstream transit providers, passing routes to all upstream providers, and receiving traffic from all sources. If the path to one upstream fails, the traffic will switch to other links. Once the path is recovered, the traffic should switch back.
就域间路由环境中的工程可靠性而言,通常情况下,服务提供商可能与两个或多个上游运输提供商达成协议,将路由传递给所有上游提供商,并接收来自所有来源的流量。如果到一个上游的路径失败,流量将切换到其他链路。一旦路径恢复,通信量应切换回。
In such situations of multiple upstream providers it is also common to place a relative preference on the providers, so that one connection is regarded as a preferred, or "primary" connection, and other connections are regarded as less preferred, or "backup" connections. The intent is typically that the backup connections will be used for traffic only for the duration of a failure in the primary connection.
在多个上游提供商的这种情况下,通常对提供商施加相对偏好,以便将一个连接视为首选连接或“主”连接,而将其他连接视为不太首选连接或“备用”连接。其目的通常是备份连接仅在主连接发生故障期间用于通信。
It is possible to express this primary / backup policy using local AS path prepending, where the AS path is artificially lengthened towards the backup providers, using additional instances of the local AS. This is not a deterministic selection algorithm, as the selected primary provider may in turn be using AS path prepending to its backup upstream provider, and in certain cases the path through the backup provider may still be selected as the shortest AS path length.
可以使用本地AS路径前置来表示此主/备份策略,其中AS路径被人为地延长到备份提供程序,使用本地AS的其他实例。这不是一个确定的选择算法,因为所选的主提供程序可能反过来用作其备份上游提供程序的路径前缀,并且在某些情况下,通过备份提供程序的路径仍可能被选择为最短路径长度。
An alternative approach to routing policy specification uses BGP communities [RFC1997]. In this case, the provider publishes a set of community values that allows the client to select the provider's local preference setting. The client can use a community to mark a route as "backup only" towards the backup provider, and "primary preferred' to the primary provider, assuming both providers support community values with such semantics. In this case, the local preference overrides the AS path length metric, so that if the route is marked "backup only", the route will be selected only when there is no other source of the route.
路由策略规范的另一种方法是使用BGP社区[RFC1997]。在这种情况下,提供程序发布一组社区值,允许客户端选择提供程序的本地首选项设置。客户端可以使用社区将路由标记为“仅备份”到备份提供程序,并将路由标记为“主首选”到主提供程序,前提是两个提供程序都支持具有此类语义的社区值。在这种情况下,本地首选项将覆盖as路径长度度量,因此如果路由标记为“仅备份”“,仅当路由没有其他来源时,才会选择该路由。
The richness of local policy expression through the use of communities, when coupled with the behavior of a distance vector protocol like BGP, leads to the observation that certain configurations have more than one "solution", or more than one stable BGP state. An example of such a situation is indicated in Figure 1.
通过使用社区丰富的本地策略表达,再加上距离向量协议(如BGP)的行为,导致观察到某些配置有多个“解决方案”,或多个稳定的BGP状态。图1显示了这种情况的一个示例。
+----+peer peer+----+
|AS 3|------------------------|AS 4|
+----+ +----+
|provider provider|
| |
| |
|customer |
+----+ |
|AS 2| |
+----+ |
|provider |
| |
| |
|customer customer|
+---------------+ +----------+
backup service| |primary service
+----+
|AS 1|
+----+
+----+peer peer+----+
|AS 3|------------------------|AS 4|
+----+ +----+
|provider provider|
| |
| |
|customer |
+----+ |
|AS 2| |
+----+ |
|provider |
| |
| |
|customer customer|
+---------------+ +----------+
backup service| |primary service
+----+
|AS 1|
+----+
Figure 1
图1
In this case, AS1 has marked its advertisement of prefixes to AS2 as "backup only", and its advertisement of prefixes to AS4 as "primary". AS4 will advertise AS1's prefixes to AS3. AS3 will hear AS4's advertisement across the peering link, and select AS1's prefixes with the path "AS4, AS1". AS3 will advertise these prefixes to AS2. AS2 will hear two paths to AS1's prefixes, the first is via the direct connection to AS1, and the second is via the path "AS3, AS4, AS1". AS2 will prefer the longer path, as the directly connected routes are marked "backup only", and AS2's local preference decision will prefer the AS3 advertisement over the AS1 advertisement.
在这种情况下,AS1将其向AS2播发的前缀标记为“仅备份”,将其向AS4播发的前缀标记为“主”。AS4将向AS3公布AS1的前缀。AS3将通过对等链接听到AS4的广告,并选择带有路径“AS4,AS1”的AS1前缀。AS3将向AS2公布这些前缀。AS2将听到AS1前缀的两条路径,第一条是通过与AS1的直接连接,第二条是通过路径“AS3、AS4、AS1”。AS2将选择较长的路径,因为直接连接的路由标记为“仅备份”,AS2的本地首选决策将选择AS3播发而不是AS1播发。
This is the intended outcome of AS1's policy settings where, in the 'normal' state, no traffic passes from AS2 to AS1 across the backup link, and AS2 reaches AS1 via a path that transits AS3 and AS4, using the primary link to AS1.
这是AS1策略设置的预期结果,在“正常”状态下,没有流量通过备份链路从AS2传输到AS1,AS2通过AS3和AS4的路径到达AS1,使用到AS1的主链路。
This intended outcome is achieved as long as AS1 announces its routes on the primary path to AS4 before announcing its backup routes to AS2.
只要1在向AS2宣布其备份路由之前宣布其到AS4的主路径上的路由,就可以实现这一预期结果。
If the AS1 - AS4 path is broken, causing a BGP session failure between AS1 and AS4, then AS4 will withdraw its advertisement of AS1's routes to AS3, who, in turn, will send a withdrawal to AS2. AS2 will then select the backup path to AS1. AS2 will advertise this path to AS3, and AS3 will advertise this path to AS4. Again, this is part of the intended operation of the primary / backup policy setting, and all traffic to AS1 will use the backup path.
如果AS1-AS4路径中断,导致AS1和AS4之间的BGP会话失败,则AS4将撤回其向AS3发布的AS1路由广告,AS3将向AS2发送撤回通知。AS2然后将选择到AS1的备份路径。AS2将向AS3播发此路径,AS3将向AS4播发此路径。同样,这是主/备份策略设置的预期操作的一部分,到AS1的所有通信都将使用备份路径。
When connectivity between AS4 and AS1 is restored the BGP state will not revert to the original state. AS4 will learn the primary path to AS1 and re-advertise this to AS3 using the path "AS4, AS1". AS3, using a default preference of preferring customer-advertised routes over peer routes will continue to prefer the "AS2, AS1" path. AS3 will not pass any updates to AS2. After the restoration of the AS4-to-AS1 circuit, the traffic from AS3 to AS1 and from AS2 to AS1 will be presented to AS1 via the backup path, even through the primary path via AS4 is back in service.
恢复AS4和AS1之间的连接后,BGP状态将不会恢复到原始状态。AS4将学习AS1的主要路径,并使用路径“AS4,AS1”将其重新发布到AS3。AS3,使用默认首选项(优先选择客户公布的路由而不是对等路由)将继续优先选择“AS2,AS1”路径。AS3不会将任何更新传递给AS2。AS4到AS1电路恢复后,从AS3到AS1以及从AS2到AS1的通信量将通过备份路径呈现给AS1,即使通过AS4的主路径重新投入使用。
The intended forwarding state can only be restored by AS1 deliberately bringing down its eBGP session with AS2, even though it is carrying traffic. This will cause the BGP state to revert to the intended configuration.
即使AS1正在承载流量,也只能通过AS1故意关闭其与AS2的eBGP会话来恢复预期的转发状态。这将导致BGP状态恢复到预期配置。
It is often the case that an AS will attempt to balance incoming traffic across multiple providers, again using the primary / backup mechanism. For some prefixes one link is configured as the primary link, and the others as the backup link, while for other prefixes another link is selected as the primary link. An example is shown in
通常情况下,AS会尝试在多个提供商之间平衡传入流量,再次使用主/备份机制。对于某些前缀,一个链接被配置为主链接,其他链接被配置为备份链接,而对于其他前缀,另一个链接被选择为主链接。示例如所示
Figure 2.
图2。
+----+peer peer+----+
|AS 3|--------------------------|AS 4|
+----+ +----+
|provider provider|
| |
| customer|
|customer |
+----+ +----+
|AS 2| |AS 5|
+----+ +----+
|provider provider|
| |
| |
|customer customer|
+-----------------+ +----------+
| |
backup (192.0.2.0/25) | |primary service (192.0.2.0/25)
primary (192.0.2.128/25)| |backup service (192.0.2.128/25)
+----+
|AS 1|
+----+
+----+peer peer+----+
|AS 3|--------------------------|AS 4|
+----+ +----+
|provider provider|
| |
| customer|
|customer |
+----+ +----+
|AS 2| |AS 5|
+----+ +----+
|provider provider|
| |
| |
|customer customer|
+-----------------+ +----------+
| |
backup (192.0.2.0/25) | |primary service (192.0.2.0/25)
primary (192.0.2.128/25)| |backup service (192.0.2.128/25)
+----+
|AS 1|
+----+
Figure 2
图2
The intended configuration has all incoming traffic for addresses in the range 192.0.2.0/25 via the link from AS5, and all incoming traffic for addresses in the range 192.0.2.128/25 from AS2.
预期配置通过AS5的链路具有192.0.2.0/25范围内地址的所有传入流量,以及AS2的192.0.2.128/25范围内地址的所有传入流量。
In this case, if the link between AS3 and AS4 is reset, AS3 will learn both routes from AS2, and AS4 will learn both routes from AS5. As these customer routes are preferred over peer routes, when the link between AS3 and AS4 is restored, neither AS3 nor AS4 will alter their routing behavior with respect to AS1's routes. This situation is now wedged, in that there is no eBGP peering that can be reset that will flip BGP back to the intended state. This is an instance of a BGP Wedgie.
在这种情况下,如果AS3和AS4之间的链路被重置,AS3将从AS2学习两条路由,AS4将从AS5学习两条路由。由于这些客户路由优先于对等路由,因此当AS3和AS4之间的链路恢复时,AS3和AS4都不会改变其关于AS1路由的路由行为。这种情况现在被楔入,因为没有可以重置的eBGP对等将BGP翻转回预期状态。这是BGP Wedgeie的一个实例。
The restoration path here is that AS1 has to withdraw the backup advertisements on both paths and operate for an interval without backup, and then re-advertise the backup prefix advertisements. The length of the interval cannot be readily determined in advance, as it has to be sufficiently long so as to allow AS2 and AS5 to learn of an alternate path to AS1. At this stage the backup routes can be re-advertised.
这里的恢复路径是AS1必须在两条路径上撤回备份播发,并在没有备份的情况下运行一段时间间隔,然后重新播发备份前缀播发。间隔的长度无法提前确定,因为它必须足够长,以便AS2和AS5能够了解到通向AS1的备用路径。在此阶段,可以重新公布备份路由。
This situation can be more complex when three or more parties provide upstream transit services to an AS. An example is indicated in Figure 3.
当三方或多方向AS提供上游过境服务时,这种情况可能更加复杂。图3显示了一个示例。
+----+ peer peer +----+
|AS 3|------------------------|AS 4|
+----+ +----+
||provider provider|
|+----------------+ |
| | |
|customer |customer |
+----+peer peer+----+ |
|AS 2|-----------|AS 5| |
+----+ +----+ |
|provider provider| |
| | |
| | |
|customer customer| customer|
+---------------+ |+---------+
backup service| ||primary service
+----+
|AS 1|
+----+
+----+ peer peer +----+
|AS 3|------------------------|AS 4|
+----+ +----+
||provider provider|
|+----------------+ |
| | |
|customer |customer |
+----+peer peer+----+ |
|AS 2|-----------|AS 5| |
+----+ +----+ |
|provider provider| |
| | |
| | |
|customer customer| customer|
+---------------+ |+---------+
backup service| ||primary service
+----+
|AS 1|
+----+
Figure 3
图3
In this example, the intended state is that AS2 and AS5 are both backup providers to AS1, and AS4 is the primary provider. When the link between AS1 and AS4 breaks and is subsequently restored, AS3 will continue to direct traffic to AS1 via AS2 or AS5. In this case, a single reset of the link between AS2 and AS1 will not restore the original intended BGP state, as the BGP-selected best route to AS1 will switch to AS5, and AS2 and AS3 will learn a path to AS1 via AS5.
在本例中,预期的状态是AS2和AS5都是AS1的备份提供程序,AS4是主提供程序。当AS1和AS4之间的链路中断并随后恢复时,AS3将继续通过AS2或AS5将通信量定向到AS1。在这种情况下,AS2和AS1之间链路的一次重置不会恢复原始的预期BGP状态,因为BGP选择的到AS1的最佳路由将切换到AS5,AS2和AS3将通过AS5学习到到AS1的路径。
What AS1 is observing is incoming traffic on the backup link from AS2. Resetting this connection will not restore traffic back to the primary path, but instead will switch incoming traffic over to AS5. The action required to correct the situation is to simultaneously reset both the link to AS2, and also the link to AS5. This is not necessarily an intuitively obvious solution, as at any point on time only one of these links will be carrying backup traffic, yet both BGP sessions need to be brought down at the same time in order to commence restoration of the intended primary and backup state.
AS1观察到的是来自AS2的备份链路上的传入流量。重置此连接不会将流量恢复回主路径,而是将传入流量切换到AS5。纠正这种情况所需的措施是同时重置到AS2的链路和到AS5的链路。这不一定是直观上显而易见的解决方案,因为在任何时间点,只有其中一条链路将承载备份通信量,但需要同时关闭两个BGP会话,以便开始恢复预期的主状态和备份状态。
BGP does not behave deterministically in all cases, and, as a consequence, there is intended and unintended non-determinism in BGP. For example, the default final tie break in some implementations of BGP is to prefer the longest-lived route. To achieve determinism in this last step it would be necessary to use a comparison operator that has a predictable outcome, such as a comparison of router identifiers. This class of non-deterministic behavior is termed here "intended" non-determinism, in that the policy interactions are, to some extent, predictable by network administrators.
BGP并非在所有情况下都具有确定性,因此,BGP中存在有意和无意的非确定性。例如,在BGP的某些实现中,默认的最终连接中断是选择寿命最长的路由。为了在最后一步中实现确定性,有必要使用具有可预测结果的比较运算符,例如路由器标识符的比较。这类非确定性行为在这里被称为“有意的”非确定性,因为策略交互在某种程度上是可由网络管理员预测的。
BGP is also able to generate outcomes that can be described as "unintended non-determinism" that can result from unexpected policy interactions. These outcomes do not represent misconfiguration in the standard sense, since all policies may look completely rational locally, but their interaction across multiple routing entities can cause unintended outcomes, and BGP may reach a state that includes such unintended outcomes in a non-deterministic manner.
BGP还能够产生可被描述为“意外非决定论”的结果,这可能是意外政策互动的结果。这些结果并不代表标准意义上的错误配置,因为所有策略可能在本地看起来完全合理,但它们在多个路由实体之间的交互可能会导致意外结果,并且BGP可能会以不确定的方式达到包含此类意外结果的状态。
Unintended non-determinism in BGP would not be as critical an issue if all stable routings were guaranteed to be consistent with the policy writer's intent. However, this is not always the case. The above examples indicate that the operation of BGP allows multiple stable states to exist from a single configuration state, where some of these states are not consistent with the policy writer's intent. These particular examples can be described as a form of "route pinning", where the route is pinned to a non-preferred path.
如果保证所有稳定的路由与政策制定者的意图一致,那么BGP中的非预期不确定性就不会是一个关键问题。然而,情况并非总是如此。上述示例表明,BGP的操作允许从单个配置状态存在多个稳定状态,其中一些状态与策略编写器的意图不一致。这些特定示例可以描述为“路由钉扎”的形式,其中路由被钉扎到非优选路径。
The challenge for the network administrator is to ensure that an intended state is maintained. Under certain circumstances this can only be achieved by deliberate service disruption, involving the withdrawal of routes being used to forward traffic, and re-advertising routes in a certain sequence in order to induce an intended BGP state. However, the knowledge that is required by any single network operator administrator in order to understand the reason why BGP has stabilized to an unintended state requires BGP policy configuration knowledge of remote networks. In effect, there is insufficient local information for any single network administrator to correctly identify the root cause of the unintended BGP state, nor is there sufficient information to allow any single network administrator to undertake a sequence of steps to rectify the situation back to the intended routing state.
网络管理员面临的挑战是确保维持预期状态。在某些情况下,这只能通过故意中断服务来实现,包括撤回用于转发流量的路由,并按特定顺序重新公布路由,以诱导预期的BGP状态。但是,任何单一网络运营商管理员都需要了解BGP稳定到非预期状态的原因,这需要了解远程网络的BGP策略配置知识。实际上,没有足够的本地信息供任何单个网络管理员正确识别意外BGP状态的根本原因,也没有足够的信息供任何单个网络管理员执行一系列步骤以将情况纠正回预期路由状态。
It is reasonable to anticipate that the density of interconnection will continue to increase, and the capability for policy-based preference settings of learned and re-advertised routes will become more expressive. Therefore, it is reasonable to anticipate that the
可以合理预期,互联密度将继续增加,并且基于策略的偏好设置的学习和重新宣传路线的能力将变得更具表现力。因此,有理由预计
number of unintended but stable BGP states will increase, and the ability to define the necessary sequence of route withdrawals and re-advertisements will become more challenging for network operators to determine in advance.
意外但稳定的BGP状态数量将增加,网络运营商提前确定路由撤回和重新公布的必要顺序的能力将变得更具挑战性。
Whether this could lead to a BGP routing system reaching a point where each network consistently cannot direct traffic in a deterministic manner is, at this stage, a matter of speculation. BGP Wedgies illustrate that a sufficiently complex interconnection topology, coupled with a sufficiently expressive set of policy constructs, can lead to a number of stable BGP states, rather than a single intended state. As the topology complexity increases, it is not possible to deterministically predict which state the BGP routing system may converge to. Paradoxically, the demands of inter-domain traffic engineering appear to require greater levels of expressive capability in policy-based routing directives, operating across denser interconnectivity topologies in a deterministic manner. This may not be a sustainable outcome in BGP-based routing systems.
在现阶段,这是否会导致BGP路由系统达到每个网络始终无法以确定性方式引导流量的点,是一个推测问题。BGP楔形图表明,一个足够复杂的互连拓扑,再加上一组充分表达的策略结构,可以导致许多稳定的BGP状态,而不是单一的预期状态。随着拓扑复杂性的增加,无法确定地预测BGP路由系统可能会收敛到哪个状态。自相矛盾的是,域间流量工程的需求似乎要求在基于策略的路由指令中具有更高级别的表达能力,以确定性的方式跨更密集的互连拓扑进行操作。在基于BGP的路由系统中,这可能不是一个可持续的结果。
BGP is a relaying protocol, where route information is received, processed, and forwarded. BGP contains no specific mechanisms to prevent the unauthorized modification of the information by a forwarding agent, allowing routing information to be modified or deleted, or for false information to be inserted without the knowledge of the originator of the routing information or any of the recipients.
BGP是一种中继协议,在其中接收、处理和转发路由信息。BGP不包含防止转发代理未经授权修改信息的特定机制,允许修改或删除路由信息,或在路由信息的发起人或任何收件人不知情的情况下插入虚假信息。
This memo proposes no modifications to the BGP protocol, nor does it propose any changes to the manner of deployment of BGP, and therefore introduces no new factors in terms of the security and integrity of inter-domain routing.
本备忘录不建议对BGP协议进行任何修改,也不建议对BGP的部署方式进行任何更改,因此不会在域间路由的安全性和完整性方面引入任何新因素。
This memo illustrates that, in attempting to create policy-based outcomes relating to path selection for incoming traffic, it is possible to generate BGP configurations where there are multiple stable outcomes, rather than a single outcome. Furthermore, of these instances of multiple outcomes, there are cases where the BGP selection of a particular outcome is not a deterministic selection.
此备忘录说明,在尝试创建与传入流量路径选择相关的基于策略的结果时,可以在存在多个稳定结果而不是单个结果的情况下生成BGP配置。此外,在这些多个结果的实例中,存在特定结果的BGP选择不是确定性选择的情况。
This class of behaviour may be exploitable by a hostile third party. A common theme of BGP Wedgies is that starting from an intended or desired forwarding state, the loss and subsequent restoration of an eBGP peering connection can flip the network's forwarding configuration into an unintended and potentially undesired state. Significant administrative effort, based on BGP state and configuration knowledge that may not be locally available, may be
这类行为可能会被敌对的第三方利用。BGP楔子的一个共同主题是,从预期或期望的转发状态开始,eBGP对等连接的丢失和随后的恢复可能会将网络的转发配置翻转到非预期和潜在的非期望状态。基于BGP状态和配置知识(本地可能不可用)的重大管理工作可能会
required to shift the BGP forwarding configuration back to the intended or desired forwarding state. If a hostile third party can deliberately cause the BGP session to reset, thereby producing the initial conditions that lead to an unintended forwarding state, the network impacts of the resulting unintended or undesired forwarding state may be long-lived, far outliving the temporary interruption of connectivity that triggered the condition. If these impacts, including potential issues of increased cost, reduction of available bandwidth, increases in overall latency or degradation of service reliability, are significant, then disrupting a BGP session could represent an attractive attack vector to a hostile party.
需要将BGP转发配置移回预期或所需的转发状态。如果恶意第三方可以故意导致BGP会话重置,从而产生导致非预期转发状态的初始条件,则由此产生的非预期或非预期转发状态对网络的影响可能是长期的,远远超过触发该条件的连接临时中断。如果这些影响,包括潜在的成本增加的问题,可用带宽的减少,总延迟或服务可靠性的降低的增加,是重要的,那么破坏BGP会话可以代表敌方的吸引攻击向量。
[RFC1771] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 1771, March 1995.
[RFC1771]Rekhter,Y.和T.Li,“边境网关协议4(BGP-4)”,RFC 17711995年3月。
[RFC1997] Chandrasekeran, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, August 1996.
[RFC1997]Chandrasekeran,R.,Traina,P.,和T.Li,“BGP社区属性”,RFC 1997,1996年8月。
Authors' Addresses
作者地址
Tim G. Griffin Computer Laboratory University of Cambridge
剑桥大学Tim G. Griffin计算机实验室
EMail: Timothy.Griffin@cl.cam.ac.uk
EMail: Timothy.Griffin@cl.cam.ac.uk
Geoff Huston Asia Pacific Network Information Centre
杰夫休斯顿亚太网络信息中心
EMail: gih@apnic.net
EMail: gih@apnic.net
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。