intra-AS messaging for route leak prevention

Sriram, Kotikalapudi (Fed) kotikalapudi.sriram at nist.gov
Mon Jun 6 11:41:52 UTC 2016 

I am a co-author on a route-leak detection/mitigation/prevention draft 
in the IDR WG in the IETF:
https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-03  

Based on private conversations with a few major ISPs, the following
common practice for intra-AS messaging (using Community tagging in iBGP)  
for prevention of route leaks is described in Section 3.2 of the draft:

<begin quote>
“Routes are tagged on ingress to an AS with communities for origin,
   including the type of eBGP peer it was learned from (customer,
   transit-provider or peer), geographic location, etc.  The community
   attributes are carried across the AS with the routes.  Routes that
   the AS originates directly are tagged with similar origin communities
   when they are redistributed into BGP from static, IGP, etc.  These
   communities are used along with additional logic in route policies to
   determine which routes are to be announced to which eBGP peers and
   which are to be dropped.  Route policy is applied to eBGP sessions
   based on what set of routes they should receive (transit, full
   routes, internal-only, default-only, etc.).  In this process, the
   ISP's AS also ensures that routes learned from a transit-provider or
   a lateral peer (i.e. non-transit) at an ingress router are not leaked
   at an egress router to another transit-provider or peer.

   Additionally, in many cases, ISP network operators' outbound policies
   require explicit matches for expected communities before passing
   routes.  This helps ensure that that if an update has made it into
   the routing table (i.e.  RIB) but has missed its ingress community
   tagging (due to a missing/misapplied ingress policy), it will not be
   inadvertently leaked.”
<end quote>

Question: Are there other means of conveying this information 
in common use today (i.e. for prevention of route leaks)?  

Also, the following publicly available references can be 
possibly cited in support of the above:
https://www.nanog.org/meetings/nanog40/presentations/BGPcommunities.pdf  
http://showipbgp.com/bgp-tools/bgp-community-list/91-level3-as3356.html  
Pointers to any other relevant references would be very welcome as well.
Thank you.

Sriram

More information about the NANOG mailing list