Juniper Networks

18 Buckingham Dr Manalapan 07726 NJ US mnayman@juniper.net

Routing Network Working Group This document defines a new BGP extended community attribute, termed the "Prefix-List Community," which allows the dynamic assignment of prefixes to named prefix-lists via BGP signaling. The proposed extension enhances the configuration and operational flexibility of prefix-lists in routing policies by associating them with community attributes directly within BGP routes. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

In modern networks, routing policies, access control lists or filters often utilize prefix-lists to simplify configuration by allowing a set of IP prefixes to be referenced by a single name or identifier. Prefix-lists can include multiple IPv4 or IPv6 addresses, which are then applied consistently across various routing policies. The general structure for defining a prefix-list is as follows:

In this context, <name> represents a user-defined identifier for the prefix-list, and <prefix> specifies the exact IP prefix. To configure a prefix-list for one or more IP prefixes, the following configuration can be used:

To match no routes, a prefix-list might be configured as:

To match all routes, the configuration might be:

This document proposes a new BGP signaled mechanism to dynamically assign prefixes to prefix-lists using a new BGP extended community attribute, referred to as the "Prefix-List Community." In modern networks, managing prefix-lists manually can be cumbersome and error-prone. The proposed BGP signaled mechanism aims to automate this process, enhancing operational efficiency and reducing configuration errors.

The Prefix-List Community attribute is a Non-Transitive Extended Community that enables routers to dynamically assign received prefixes to preconfigured prefix-lists. The attribute can be utilized in both IPv4 and IPv6 address families. The Prefix-List Community attribute is encoded as a Type-Length-Value (TLV) structure, where the Type field indicates the community type, the Length field specifies the length of the value, and the Value field contains the prefix-list identifier.

When a router receives a BGP route with the Prefix-List Community attribute, it will automatically assign the route to the corresponding preconfigured prefix-list. For example: - A router receives the routes "192.168.1.0/24", "192.168.2.0/24", and "192.168.3.0/24" with the community attribute "prefix:100:100". - Another route, "172.16.0.0/12", is received with the community attribute "prefix:200:200". The routes will be automatically assigned to the corresponding preconfigured prefix-lists as follows:

The Prefix-List Community attribute can be signaled in BGP updates within the following Address Family Identifier (AFI) and Subsequent Address Family Identifier (SAFI) combinations: - AFI=1, SAFI=1, IPv4 unicast: Used for standard IPv4 unicast routing - AFI=1, SAFI=128, L3VPN IPv4 unicast: Used for L3VPN IPv4 unicast routing - AFI=2, SAFI=1, IPv6 unicast: Used for standard IPv6 unicast routing - AFI=2, SAFI=128, L3VPN IPv6 unicast: Used for L3VPN IPv6 unicast routing - AFI=1, SAFI=4, labeled IPv4: Used for labeled IPv4 routing - AFI=2, SAFI=4, labeled IPv6 (6PE): Used for labeled IPv6 routing

The operational behavior of a router with the Prefix-List Community attribute is as follows: - Route Processing: A route received with only the Prefix-List Community attribute will be installed if there is a valid next-hop resolution. If the next-hop is invalid or cannot be resolved, the route may be placed into a hidden table but will still be used for prefix-list assignment. - Interaction with Other Communities: If a route is received with both the Prefix-List Community attribute and other community attributes, the router will process it as per standard BGP processing rules defined in .

The Prefix-List Community attribute is a Non-Transitive Extended Community and should be treated with the same security considerations as other BGP extended communities. Care should be taken to ensure that only authorized routers and networks utilize this attribute to prevent unauthorized or malicious routing changes. To prevent unauthorized use of the Prefix-List Community attribute, it is recommended to implement a filter or access control lists (ACLs) and BGP authentication mechanisms by implementing session protection through TTL security , TCP Authentication Option (TCP-AO) or Message Digest Algorithm 5 (MD5) and control-plane filtering. .

This document requests the allocation of a new BGP Extended Community Type for the Prefix-List Community attribute from the IANA "BGP Extended Communities" registry.

AFI: Address Family Identifier BGP: Border Gateway Protocol IP: Internet Protocol IPv4: Internet Protocol version 4 IPv6: Internet Protocol version 6 NLRI: Network Layer Reachability Information VPN: Virtual Private Network SAFI: Subsequent Address Family Identifier

The author would like to thank the IETF community for their valuable feedback and suggestions.