]> China Unicom

Beijing China fuy186@chinaunicom.cn

Huawei

Beijing China gengnan@huawei.com

ops sidrops Internet-Draft Simplified Local Internet Number Resource Management with the RPKI (SLURM) helps operators create a local view of the global RPKI by generating sets of filters and assertions. This document proposes to filter out RPKI data by type based on enhanced SLURM filters. Only the RPKI data types that the network or routers are interested in will appear in the Relying Party's output.

Introduction Relying Party (RP) collects signed RPKI objects from global RPKI publication points. The RPKI data passing RP's validation will appear in RP's output. Then, the RPKI-to-Router (RTR) protocol will synchronize the validated RPKI data from RP to routers. Currently, four types of RPKI data including IPv4 Prefix, IPv6 Prefix, Router Key, and ASPA are supported in the RTR protocol. However, in some cases, routers may be interested in a part of RPKI data types, instead of all . In such cases, storing unused data on the router is unreasonable, and synchronizing all types of data will induce some unnecessary transmission and storage overhead. Besides, multiple types of data can be transmitted together. The router cannot use any type of these data unless it waits for all data to complete transmission. Furthermore, there may be more types of RPKI data in the RPKI repositories and RPs, which makes the above problem more significant and worse. The followings are example types, and some of them may be possibly supported in the RPKI system in the future:

• Secured Routing Policy Specification Language (RPSL)
• Signed Prefix Lists
• Autonomous Systems Cones
• Mapping Origin Authorizations (MOAs)
• Signed SAVNET-Peering Information (SiSPI)
• Path validation with RPKI
• Signed Groupings of Autonomous System Numbers

To deal with the problem, configuring routers directly ignoring the uninterested RPKI data transmitted by RTR protocol may not be a good solution. While storage overhead is avoided, transmission delay is not optimized. Extending RTR protocol for supporting selective synchronization of RPKI data is an alternative solution . Both of the two solutions require the upgrade of router software. SLURM provides a simple way to enable an RP to establish a local and customized view of the RPKI (, ). It defines Validation Output Filters to filter out specific RPKI data items and Locally Added Assertions to add RPKI data items. Unfortunately, SLURM cannot efficiently filter out RPKI data by type, i.e., filter out all the RPKI data belonging to a specific type. This document proposes enhanced SLURM filters which can filter out RPKI data by type. With enhanced SLURM filters, operators can efficiently select which type of RPKI data need to be synchronized to routers. The proposed method requires some modifications on the SLURM-related process of RP software. Upgrades of RTR implementations and router software implementations are not involved.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Use Case One of use cases is IPv6-only network. Suppose a IPv6-only network wants to enable ROV on BGP border routers. The routers should be only interested in IPv6-related BGP validation because the routers can only receive IPv6 routes from neighbor ASes. Therefore, IPv4 Prefix data is not useful for the network. An example of IPv6-only network is New China Education and Research Network (named Future Internet Technology Infrastructure, FITI). |BGP router| |BGP router| |------> | +----------+ +----------+ | | IPv6-only | +------------------------------------+ ]]> As described in , there may be more types of RPKI data in the RPKI repositories and RPs. Thus, there will be more use cases where a network does not need all types of RPKI data in the future.

Enhanced SLURM Filters This section proposes two optional designs.

Design 1: RPKI Data Type Filters A SLURM file consists of a single JSON object containing the following members:

• A "slurmVersion" member that MUST be set to 3, encoded as a number
• A "validationOutputFilters" member whose value is an object. The object MUST contain exactly four members:
  • A "prefixFilters" member, see Section 3.3.1
  • A "bgpsecFilters" member, see section 3.3.2
  • A "aspaFilters" member, see Section 3.1
  • A "typeFilters" member
• A "locallyAddedAssertions" member whose value is an object. The object MUST contain exactly three members:
  • A "prefixAssertions" member, see Section 3.4.1
  • A "bgpsecAssertions" member, see Section 3.4.2
  • A "aspaAssertions" member, see Section 3.2

The following JSON structure with JSON members represents a SLURM file that has no filters or assertions:

RPKI Data Type Filters There are currently four types of RPKI data (which follows the RTR PDU definitions). The number of data types may increase with time.

• IPv4 Prefix
• IPv6 Prefix
• Router Key
• ASPA

The RP can configure zero or at most four RPKI Data Type Filters ("Type Filter" for short). Each Type Filter contains a single 'rpkiDataType' and optionally a single 'comment'.

• The 'rpkiDataType' member MUST be one of the values, i.e., "IPv4 Prefix", "IPv6 Prefix", "Router Key", and "ASPA".
• It is RECOMMENDED that an explanatory comment is included with each Type Filter so that it can be shown to users of the RP software.

Any RPKI data item that matches any configured Type Filter MUST be removed from the RP's output. A RPKI data item is considered to match with a Type Filter if the following condition applies: The item is considered to match if the RPKI data type of the item is equal to the "rpkiDataType" value of Type Filter. The following example JSON structure represents a "typeFilter" member with one object as described above: When a type of RPKI data is to be filtered out, the corresponding Filters and Assertions MUST be ignored. In the above JSON example, the prefixFilters with IPv4 prefixes and the prefixAssertions with IPv4 prefixes will be ignored by RP.

Design 2: Special ASNs A SLURM file consists of a single JSON object which has the same structure as , except that the "slurmVersion" member MUST be set to 3. The structure of ROA filters, BGPsec filters, and ASPA filters are not changed. To filter out a specific type of RPKI data, a special value (e.g., 65535. The value is TBD) can be set to the "asn" member of the above filters. The following example JSON structure represents a "prefixFilters" member with one object as described above: When a type of RPKI data is to be filtered out, the corresponding Filters and Assertions MUST be ignored. In the above JSON example, the other prefixFilters and all the prefixAssertions will be ignored by RP. To filter only IPv4 Prefixes, two special values can be used, i.e., one is for IPv4 and the other is for IPv6. The concret design is TBD.

Security Considerations The security considerations in Section 6 of are also applied to this document.

IANA Considerations This document has no IANA actions.

References Normative References The Resource Public Key Infrastructure (RPKI) is a global authorization infrastructure that allows the holder of Internet Number Resources (INRs) to make verifiable statements about those resources. Network operators, e.g., Internet Service Providers (ISPs), can use the RPKI to validate BGP route origin assertions. ISPs can also use the RPKI to validate the path of a BGP route. However, ISPs may want to establish a local view of exceptions to the RPKI data in the form of local filters and additions. The mechanisms described in this document provide a simple way to enable INR holders to establish a local, customized view of the RPKI, overriding global RPKI repository data as needed. JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data. This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance. In order to verifiably validate the origin Autonomous Systems of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. [STANDARDS-TRACK] In order to verifiably validate the origin Autonomous Systems and Autonomous System Paths of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data and router keys from a trusted cache. This document describes a protocol to deliver them. This document describes version 1 of the RPKI-Router protocol. RFC 6810 describes version 0. This document updates RFC 6810. IIJ Research, Arrcus, & DRL Dragon Research Labs In order to verifiably validate the origin Autonomous Systems and Autonomous System Paths of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data and router keys from a trusted cache. This document describes a protocol to deliver them. This document describes version 2 of the RPKI-Router protocol. RFC 6810 describes version 0, and RFC 8210 describes version 1. This document is compatible with both. Huawei Huawei Individual The RPKI-to-Router (RTR) protocol synchronizes all the verified RPKI data to routers. This document proposes to extend the existing RTR protocol to support selective data synchronization. Selective synchronization can avoid some unnecessary synchronizations. The router can obtain only the data that it really needs, and it does not need to save the data that are not needed. Fastly Port 179 Ltd ISPs may want to establish a local view of exceptions to the Resource Public Key Infrastructure (RPKI) data in the form of local filters or additional attestations. This document defines an addendum to RFC 8416 by specifying a format for local filters and local assertions for Autonomous System Provider Authorizations (ASPA) for use with the RPKI. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This document describes a method that allows parties to electronically sign Routing Policy Specification Language objects and validate such electronic signatures. This allows relying parties to detect accidental or malicious modifications of such objects. It also allows parties who run Internet Routing Registries or similar databases, but do not yet have authentication (based on Routing Policy System Security) of the maintainers of certain objects, to verify that the additions or modifications of such database objects are done by the legitimate holder(s) of the Internet resources mentioned in those objects. This document updates RFCs 2622 and 4012 to add the signature attribute to supported RPSL objects. BGPexpert.com This memo adds the capability to validate the full BGP AS path to the RPKI mechanism. NTT Ltd. Independent Juniper Networks This document describes a way to define groups of Autonomous System numbers in RPKI [RFC6480]. We call them AS-Cones. AS-Cones provide a mechanism to be used by operators for filtering BGP-4 [RFC4271] announcements. Fastly Amazon Web Services This document defines a Cryptographic Message Syntax (CMS) protected content type for use with the Resource Public Key Infrastructure (RPKI) to carry a general-purpose listing of Autonomous System Numbers (ASNs) and/or pointers to other groupings of ASNs, called an ASGroup. Additionally, the document specifies a mechanism for ASN holders to opt-out of being listed in a given ASGroup. The objective is to offer a RPKI-based successor to plain-text RFC 2622 'as-set' class objects. When validated, an ASGroup confirms that the respective ASN holder produced the ASGroup object. Fastly APNIC This document defines a "Signed Prefix List", a Cryptographic Message Syntax (CMS) protected content type for use with the Resource Public Key Infrastructure (RPKI) to carry the complete list of prefixes which an Autonomous System (the subject AS) may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the subject AS produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by the subject AS. China Telecom China Telecom CERNET Center/Tsinghua University APNIC ZDNS For the authenticity of the mapping origin of IPv4 address block in IPv6-only networks, this document defines a standard profile for Mapping Origin Authorizations (MOAs). MOA is a cryptographically signed object that provides a means of verifying that the holder of a set of IPv4 prefixes has authorized an IPv6 mapping prefix to originate mapping for those prefixes. When receiving the MOA objects from the relying parties, PE devices can verify and discard invalid address mapping announcements from unauthorized IPv6 mapping prefixes to prevent IPv4 prefix hijacking. Zhongguancun Laboratory Zhongguancun Laboratory Tsinghua University Tsinghua University This document defines a "Signed SAVNET-Peering Information" (SiSPI) object, a Cryptographic Message Syntax (CMS) protected content type included in the Resource Public Key Infrastructure (RPKI). A SiSPI object is a digitally signed object which carries the list of Autonomous Systems (ASes) deploying inter-domain SAVNET. When validated, the eContent of a SiSPI object confirms that the holder of the listed ASN produces the object and the AS has deployed inter- domain SAV and is ready to establish neighbor relationship for preventing source address spoofing.

Acknowledgements TBD