]> UCLouvain & WELRI

thomas.wirtgen@uclouvain.be

UCLouvain & WELRI

olivier.bonaventure@uclouvain.be

Routing IDR tcp tls bgp tcp-ao This document specifies the utilization of TCP/TLS to support BGP. About This Document Status information for this document may be found at . Discussion of this document takes place on the IDR Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction The Border Gateway Protocol (BGP) relies on the TCP protocol to establish BGP sessions between routers. A recent draft has proposed to replace TCP with the QUIC protocol . QUIC brings many features compared to TCP including security, the support of multiple streams or datagrams. From a security viewpoint, an important benefit of QUIC compared to TCP is that QUIC by design prevents injection attacks that are possible when TCP is used by BGP . Several techniques can be used by BGP routers to counter this attacks . TCP-AO authenticates the packets exchanged over a BGP session provides similar features as QUIC. However, it is notoriously difficult to configure the keys used to protect BGP sessions. The widespread deployment of TLS combined with the possibility of deriving TCP-AO keys from the TLS handshake creates an interest in using TLS to secure BGP sessions. This document describes how BGP can operate over TCP/TLS.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses network byte order (that is, big endian) values. Fields are placed starting from the high-order bits of each byte.

Summary of operation A BGP over TLS/TCP session is established in two phases:

• establish a transport layer connection using TCP
• establish a TLS session over the TCP connection

The TCP connection SHOULD be established on port TBD1. During the establishment of the TLS session, the router that initiates the connection MUST use the "botls" token in the Application Layer Protocol Negotiation (ALPN) extension . The support for other ALPN MUST NOT be proposed during the TLS handshake. Once the TLS handshake is established and finished, the BGP session is initiated as defined in and the protocol operates in the same way as a classic BGP over TCP session. The difference is that the BGP session is now encrypted and authenticated using the TLS layer. As in , the TLS authentication parameters used for this connection are out of the scope of this draft.

Security Considerations This document improves the security of BGP sessions since the information exchanged over the session is now protected by using TLS. If TLS encounters a payload injection attack, it will generate an alert that immediately closes the TLS session. The BGP router SHOULD then attempt to reestablish the session. However, this will cause traffic to be interrupted during the connection re-establishement. If both BGP peer supports TCP-AO, the TLS stack is protected against payload injection and this attack can be avoided. When enabled, TCP-AO counters TCP injection attacks listed in . Furthermore, if the BGP router supports TCP-AO, we recommend an opportunistic TCP-AO approach as suggested in . The router will attempt to connect using TCP-AO with a default key. When the TLS handshake is finished, the routers will derive a new TCP-AO key using the TLS key. TCP-MD5 MAY be used to protect the TLS session if TCP-AO is not available on the BGP router.

IANA Considerations IANA is requested to assign a TCP port (TBD1) from the "Service Name and Transport Protocol Port Number Registry" as follows:

• Service Name: botls
• Port Number: TBD1
• Transport Protocol: TCP
• Description: BGP over TLS/TCP
• Assignee: IETF
• Contact: IDR WG
• Registration Data: TBD
• Reference: this document
• Unauthorized Use Reported: idr@ietf.org

It is suggested to use the same port as the one selected for BGP over QUIC .

Acknowledgments The authors thank Dimitri Safonov for the TCP-AO implementation in Linux.

Change log

References Normative References This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection. This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced. BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths. This document obsoletes RFC 1771. [STANDARDS-TRACK] Border Gateway Protocol 4 (BGP-4), along with a host of other infrastructure protocols designed before the Internet environment became perilous, was originally designed with little consideration for protection of the information it carries. There are no mechanisms internal to BGP that protect against attacks that modify, delete, forge, or replay data, any of which has the potential to disrupt overall network routing behavior. This document discusses some of the security issues with BGP routing data dissemination. This document does not discuss security issues with forwarding of packets. This memo provides information for the Internet community. This document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK] This memo describes a TCP extension to enhance security for BGP. [STANDARDS-TRACK] UCLouvain & WELRI UCLouvain & WELRI UCLouvain & WELRI This document specifies an opportunistic mode for TCP-AO. In this mode, the TCP connection starts with a well-known authentication key which is later replaced by a secure key derived from the TLS handshake. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Futurewei Technologies Futurewei Technologies Juniper Networks Huawei Technologies Nvidia This document specifies the use of QUIC Streams to support multiple BGP sessions over one connection in order to achieve high resiliency. The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to verify whether the packet was originated by an adjacent node on a connected link has been used in many recent protocols. This document generalizes this technique. This document obsoletes Experimental RFC 3682. [STANDARDS-TRACK] This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.