Support for Adj-RIB-Out in the BGP Monitoring Protocol (BMP)

Support for Adj-RIB-Out in the BGP Monitoring Protocol (BMP) Cisco Systems

2901 Third Avenue, Suite 600 Seattle WA 98121 United States of America tievens@cisco.com

Cisco Systems

3700 Cisco Way San Jose CA 95134 United States of America serpil@cisco.com

NTT Communications

Siriusdreef 70-72 Hoofddorp 2132 WT NL paolo@ntt.net

Tencent

Tengyun Building, Tower A, No. 397 Tianlin Road Shanghai 200233 China Penghui.Mi@gmail.com

Huawei

Huawei Building, No.156 Beiqing Rd. Beijing 100095 China zhuangshunwan@huawei.com

General Global Routing Operations BGP BMP adj-rib-out The BGP Monitoring Protocol (BMP) only defines access to the Adj-RIB-In Routing Information Bases (RIBs). This document updates BMP (RFC 7854) by adding access to the Adj-RIB-Out RIBs. It also adds a new flag to the peer header to distinguish between Adj-RIB-In and Adj-RIB-Out.

Introduction The BGP Monitoring Protocol (BMP) defines monitoring of the received (e.g., Adj-RIB-In) Routing Information Bases (RIBs) per peer. The pre-policy Adj-RIB-In conveys to a BMP receiver all RIB data before any policy has been applied. The post-policy Adj-RIB-In conveys to a BMP receiver all RIB data after policy filters and/or modifications have been applied. An example of pre-policy versus post-policy is when an inbound policy applies attribute modification or filters. Pre-policy would contain information prior to the inbound policy changes or filters of data. Post-policy would convey the changed data or would not contain the filtered data. Monitoring the received updates that the router received before any policy has been applied is the primary level of monitoring for most use cases. Inbound policy validation and auditing are the primary use cases for enabling post-policy monitoring. In order for a BMP receiver to receive any BGP data, the BMP sender (e.g., router) needs to have an established BGP peering session and actively be receiving updates for an Adj-RIB-In. Being able to only monitor the Adj-RIB-In puts a restriction on what data is available to BMP receivers via BMP senders (e.g., routers). This is an issue when the receiving end of the BGP peer is not enabled for BMP or when it is not accessible for administrative reasons. For example, a service provider advertises prefixes to a customer, but the service provider cannot see what it advertises via BMP. Asking the customer to enable BMP and monitoring of the Adj-RIB-In are not feasible. BMP only defines Adj-RIB-In being sent to BMP receivers. This document updates the per-peer header defined in by adding a new flag to distinguish between Adj-RIB-In and Adj-RIB-Out. BMP senders use the new flag to send either Adj-RIB-In or Adj-RIB-Out. Adding Adj-RIB-Out provides the ability for a BMP sender to send to BMP receivers what it advertises to BGP peers, which can be used for outbound policy validation and to monitor routes that were advertised.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Definitions

Adj-RIB-Out: As defined in , "The Adj-RIBs-Out contains the routes for advertisement to specific peers by means of the local speaker's UPDATE messages."
Pre-policy Adj-RIB-Out: The result before applying the outbound policy to an Adj-RIB-Out. This normally would match what is in the local RIB.
Post-policy Adj-RIB-Out: The result of applying outbound policy to an Adj-RIB-Out. This MUST convey to the BMP receiver what is actually transmitted to the peer.

Per-Peer Header The per-peer header has the same structure and flags as defined in with the addition of the O flag as shown here:

The O flag indicates Adj-RIB-In if set to 0 and Adj-RIB-Out if set to 1.

The existing flags are defined in , and the remaining bits are reserved for future use. They MUST be transmitted as 0, and their values MUST be ignored on receipt. When the O flag is set to 1, the following fields in the per-peer header are redefined:

Peer Address: The remote IP address associated with the TCP session over which the encapsulated Protocol Data Unit (PDU) is sent.
Peer AS: The Autonomous System number of the peer to which the encapsulated PDU is sent.
Peer BGP ID: The BGP Identifier of the peer to which the encapsulated PDU is sent.
Timestamp: The time when the encapsulated routes were advertised (one may also think of this as the time when they were installed in the Adj-RIB-Out), expressed in seconds and microseconds since midnight (zero hour), January 1, 1970 (UTC). If zero, the time is unavailable. Precision of the timestamp is implementation-dependent.

Adj-RIB-Out

Post-policy The primary use case in monitoring Adj-RIB-Out is to monitor the updates transmitted to a BGP peer after outbound policy has been applied. These updates reflect the result after modifications and filters have been applied (e.g., post-policy Adj-RIB-Out). Some attributes are set when the BGP message is transmitted, such as next hop. Post-policy Adj-RIB-Out MUST convey to the BMP receiver what is actually transmitted to the peer. The L flag MUST be set to 1 to indicate post-policy.

Pre-policy Similar to Adj-RIB-In policy validation, pre-policy Adj-RIB-Out can be used to validate and audit outbound policies. For example, a comparison between pre-policy and post-policy can be used to validate the outbound policy. Depending on the BGP peering session type -- Internal BGP (IBGP), IBGP route reflector client, External BGP (EBGP), BGP confederations, route server client -- the candidate routes that make up the pre-policy Adj-RIB-Out do not contain all local RIB routes. Pre-policy Adj-RIB-Out conveys only routes that are available based on the peering type. Post-policy represents the filtered/changed routes from the available routes. Some attributes are set only during transmission of the BGP message, i.e., post-policy. It is common that the next hop may be null, loopback, or similar during the pre-policy phase. All mandatory attributes, such as next hop, MUST be either zero or have an empty length if they are unknown at the pre-policy phase completion. The BMP receiver will treat zero or empty mandatory attributes as self-originated. The L flag MUST be set to 0 to indicate pre-policy.

BMP Messages Many BMP messages have a per-peer header, but some are not applicable to Adj-RIB-In or Adj-RIB-Out monitoring, such as Peer Up and Down Notifications. Unless otherwise defined, the O flag should be set to 0 in the per-peer header in BMP messages.

Route Monitoring and Route Mirroring The O flag MUST be set accordingly to indicate if the route monitor or route mirroring message conveys Adj-RIB-In or Adj-RIB-Out.

Statistics Report The Statistics Report message has a Stat Type field to indicate the statistic carried in the Stat Data field. Statistics report messages are not specific to Adj-RIB-In or Adj-RIB-Out and MUST have the O flag set to zero. The O flag SHOULD be ignored by the BMP receiver. This document defines the following new statistics types:

Stat Type = 14: Number of routes in pre-policy Adj-RIB-Out. This statistics type is 64-bit Gauge.
Stat Type = 15: Number of routes in post-policy Adj-RIB-Out. This statistics type is 64-bit Gauge.
Stat Type = 16: Number of routes in per-AFI/SAFI pre-policy Adj-RIB-Out. The value is structured as: 2-byte Address Family Identifier (AFI), 1-byte Subsequent Address Family Identifier (SAFI), followed by a 64-bit Gauge.
Stat Type = 17: Number of routes in per-AFI/SAFI post-policy Adj-RIB-Out. The value is structured as: 2-byte Address Family Identifier (AFI), 1-byte Subsequent Address Family Identifier (SAFI), followed by a 64-bit Gauge.

Peer Up and Down Notifications Peer Up and Down Notifications convey BGP peering session state to BMP receivers. The state is independent of whether or not route monitoring or route mirroring messages will be sent for Adj-RIB-In, Adj-RIB-Out, or both. BMP receiver implementations SHOULD ignore the O flag in Peer Up and Down Notifications.

Peer Up Information This document defines the following Peer Up Information TLV type:

Type = 4: Admin Label. The Information field contains a free-form UTF-8 string whose byte length is given by the Information Length field. The value is administratively assigned. There is no requirement to terminate the string with null or any other character. Multiple Admin Labels can be included in the Peer Up Notification. When multiple Admin Labels are included, the BMP receiver MUST preserve their order. The Admin Label is optional.

Other Considerations

Peer and Update Groups Peer and update groups are used to group updates shared by many peers. This is a level of efficiency in implementations, not a true representation of what is conveyed to a peer in either pre-policy or post-policy. One of the use cases to monitor post-policy Adj-RIB-Out is to validate and continually ensure the egress updates match what is expected. For example, wholesale peers should never have routes with community X:Y sent to them. In this use case, there may be hundreds of wholesale peers, but a single peer could have represented the group. From a BMP perspective, it should be simple to include a group name in the Peer Up, but it is more complex than that. BGP implementations have evolved to provide comprehensive and structured policy grouping, such as session, AFI/SAFI, and template-based group policy inheritances. This level of structure and inheritance of polices does not provide a simple peer group name or ID, such as wholesale peer. This document defines a new Admin Label type for Peer Up Information TLVs () that can be used instead of requiring a group name. These labels have administrative scope relevance. For example, labels "type=wholesale" and "region=west" could be used to monitor expected policies. Configuration and assignment of labels to peers are BGP implementation-specific.

Changes to Existing BMP Session In case of any change that results in the alteration of behavior of an existing BMP session (i.e., changes to filtering and table names), the session MUST be bounced with a Peer Down/Peer Up sequence.

Security Considerations The considerations in apply to this document. Implementations of this protocol SHOULD require establishing sessions with authorized and trusted monitoring devices. It is also believed that this document does not add any additional security considerations.

IANA Considerations IANA has assigned the following new parameters to the "BGP Monitoring Protocol (BMP) Parameters" registry.

Addition to BMP Peer Flags Registry IANA has made the following assignment for the per-peer header flag defined in of this document: Addition to the "BMP Peer Flags" Registry

Flag	Description	Reference
3	O flag	RFC 8671

Additions to BMP Statistics Types Registry IANA has made the following assignment for the four statistics types defined in of this document: Additions to the "BMP Statistics Types" Registry

Stat Type	Description	Reference
14	Number of routes in pre-policy Adj-RIB-Out	RFC 8671
15	Number of routes in post-policy Adj-RIB-Out	RFC 8671
16	Number of routes in per-AFI/SAFI pre-policy Adj-RIB-Out	RFC 8671
17	Number of routes in per-AFI/SAFI post-policy Adj-RIB-Out	RFC 8671

Addition to BMP Initiation Message TLVs Registry IANA has made the following assignment per of this document: Addition to the "BMP Initiation Message TLVs" Registry

Type	Description	Reference
4	Admin Label	RFC 8671

Normative References

Acknowledgements The authors would like to thank John Scudder and Mukul Srivastava for their valuable input.

Contributors The following individuals contributed to this document:

Manish Bhardwaj, Cisco Systems
Xianyu Zheng, Tencent
Wei Guo, Tencent
Shugang Cheng, H3C