Inter-Domain Routing D. Abraitis Internet-Draft Hostinger Intended status: Informational 24 May 2024 Expires: 25 November 2024 Software Version Capability for BGP draft-abraitis-bgp-version-capability-15 Abstract In this document, we introduce a new BGP capability that allows the advertisement of a BGP speaker's routing daemon version. This BGP capability is an optional advertisement. Implementations are not required to advertise the version nor to process received advertisements. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 25 November 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Abraitis Expires 25 November 2024 [Page 1] Internet-Draft Software Version Capability for BGP May 2024 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Specification of Requirements . . . . . . . . . . . . . . . . 2 3. Software Version Capability . . . . . . . . . . . . . . . . . 2 3.1. Capabilities Length Overflow . . . . . . . . . . . . . . 4 4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Normative References . . . . . . . . . . . . . . . . . . . . . 6 Appendix A. Implementation Report . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction In modern data center designs, we tend to have conventional routers participating in the routing process. And the fleet of routers has different versions of routing daemon. This means that knowing which versions of the routing daemons are running the various routers in the network can be a crucial factor in quickly identifying the root cause of any protocol or network problems. This BGP capability is an optional advertisement. Implementations are not required to advertise the version nor to process received advertisements. Information about the version of the routing daemon could also be exchanged in protocols such as LLDP and CDP. However, in containerized environments, it is very hard and not recommended to exchange this information between background processes. Therefore, and to help minimize operational costs, it is helpful to exchange the routing daemon information between BGP peers directly. 2. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Software Version Capability Although this document is not an IETF Standards Track document, it makes use of the terminology from BCP 14 in order to clearly state the implementation behaviors. Abraitis Expires 25 November 2024 [Page 2] Internet-Draft Software Version Capability for BGP May 2024 Capabilities advertisements with BGP are defined in [RFC5492]. They utilize the BGP Capabilities Optional Parameter that contains one or more triples . This document defines a new BGP capability, the Software Version Capability, with Capability Code 75 and Capability Length and Capability Value as described below. The inclusion of the Software Version Capability is OPTIONAL. If an implementation supports the inclusion of the capability, the implementation MUST include a configuration switch to enable or disable its use, and that switch MUST be off by default. The Software Version Capability is intended for environments where more visibility is needed for troubleshooting purposes. It is NOT RECOMMENDED for use outside a single Autonomous System, or a set of Autonomous Systems under a common administration. An implementation that does not recognize or support the Software Version Capability but receives one must ignore it, as described in [RFC5492]. The triple for the Software Version Capability is as follows: Capability Code 75 Capability Length The Capability Length for the Software Version Capability MUST be greater than zero. A value of zero SHALL be treated as an encoding error and the Capability MUST be ignored. The Capability Length SHOULD be no greater than 64. This is the limit to allow other capabilities as much space as they require. Capability Length is a one-octet unsigned binary integer that contains the length of the Capability Value field in octets. Capability Value The Capability Value field is encoded in UTF-8 [RFC3629]. It is unstructured data and can be formatted in any way that the implementor decides. The string is not null-terminated. Version: Abraitis Expires 25 November 2024 [Page 3] Internet-Draft Software Version Capability for BGP May 2024 The Version field MUST be encoded using UTF-8. A receiving BGP speaker MUST NOT interpret invalid UTF-8 sequences. The value of consists of one identifier, which identifies the software and its significant version. Software version identifier consists of a product and optional product version. identifier = product ["/" product-version] A sender SHOULD limit generated product identifiers to what is necessary to identify the product; a sender MUST NOT generate advertising or other nonessential information within the product identifier. A sender SHOULD NOT generate information in product- version that is not a version identifier (i.e., successive versions of the same product name ought to differ only in the product-version portion of the product identifier). Example: frrouting/8.4.2, ios/12.5.1, junos/12.1 3.1. Capabilities Length Overflow As defined in [RFC5492] the total length of capabilities that can be carried by the BGP Capabilities Optional Parameter is 255 bytes. If an implementation is constructing a BGP Capabilities Optional Parameter and its length exceeds 255 bytes, there is not enough space for other more important capabilities. An implementation is REQUIRED Extended Optional Parameters Length for BGP OPEN Message support as defined in [RFC9072]. A rogue node can prevent the proper operation of a BGP session, or the advertisement of other Capabilities, by not excluding the Software Version Capability as required in Section 3.1. This risk is equivalent to a rogue node simply not advertising a specific Capability and is not new to BGP. 4. Operation The Software Version Capability MUST only be used for displaying the version of a BGP speaker's router daemon to make troubleshooting easier. Abraitis Expires 25 November 2024 [Page 4] Internet-Draft Software Version Capability for BGP May 2024 Consider a group of routers each with a number of upstream nodes, and suppose that each router has a different operating system and different routing daemon at a different version installed. Assuming that a specific feature is not working or that there is a bug which has not been fixed in a particular version of the code, knowledge of the routing daemon versions would allow an operator to quickly identify the pattern of which versions are affected. Enabling (i.e., turning on) this capability requires bouncing all existing BGP sessions and the feature MUST be explicitly configured before an implementation advertizes the Software Version Capability. 5. IANA Considerations IANA has assigned capability number 75 for the Software Version Capability described in this document. This registration is in the BGP Capability Codes registry. +=======+=============================+ | Value | Description | +=======+=============================+ | 75 | Software Version Capability | +-------+-----------------------------+ Table 1: Software Version Capability 6. Security Considerations The Software Version Capability should be treated as sensitive information: it could be easier for an attacker to exploit the system if they know the specific software version and manufacturer of a BGP speaker. This information could be gathered by inspecting BGP OPEN messages that carry the Software Version Capability defined in this document. Furthermore, this knowledge may facilitate a number of social-engineering attacks. Modifying the information advertised by a router might lead to attacks including bogus software upgrades and also might mask the causes of faults in the network. Users of this mechanism should be aware that unless a transport that provides integrity is used for the BGP session in question, the Software Version Capability can be forged. Unless a transport that provides confidentiality is used, the Version Capability could be snooped by an attacker. These issues are common to any BGP message but may be of greater interest in the context of this extension as explained above. Refer to the related considerations in [RFC4271] and [RFC4272]. Abraitis Expires 25 November 2024 [Page 5] Internet-Draft Software Version Capability for BGP May 2024 Users of this mechanism should consider applying data minimization practices as outlined in Section 6.1 of [RFC6973], as appropriate within the deployment context. Sensitive information leaks can be minimized by using the [RFC5082] mechanism or firewalls to filter out TCP 179 port from untrusted networks. This capability can be disabled per neighbor, thus the sensitive information can't be disclosed to untrusted neighbors. Acknowledgements Thanks to Alvaro Retana, Jakob Heitz, Robert Raszuk, Adrian Farrel, John Scudder, Jeffrey Haas, Enke Chen for the review, discussions and input to the draft. References Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, . [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006, . [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC 4272, DOI 10.17487/RFC4272, January 2006, . [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. Pignataro, "The Generalized TTL Security Mechanism (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, . [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . Abraitis Expires 25 November 2024 [Page 6] Internet-Draft Software Version Capability for BGP May 2024 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9072] Chen, E. and J. Scudder, "Extended Optional Parameters Length for BGP OPEN Message", RFC 9072, DOI 10.17487/RFC9072, July 2021, . Appendix A. Implementation Report According to RFC 7942, "This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature". FRRouting (https://github.com/FRRouting/frr/commit/ c4257900c4ca320117bcd1f88b7f036e0c8f7fcb) implementation. GoBGP (https://github.com/osrg/gobgp/pull/2622/ commits/15f9d5c64c98d1db273cc45e95fcc11843fba4b5) implementation. freeRouter (https://github.com/mc36/freeRtr/commit/ eb5d3490aec220ad8bfcbf1f439669bd27845199) implementation. Below is an example from the FRRouting and GoBGP implementations showing both the received and advertised Software Version Capability: :~# vtysh -c 'show ip bgp summary failed' ... Neighbor EstdCnt DropCnt ResetTime Reason ens192 3 3 00:00:35 Waiting for peer OPEN (n/a) ens224 3 3 00:01:12 Waiting for NHT (frrouting/7.2) eth0 3 3 00:00:14 Neighbor deleted (frrouting/7.3) ... Figure 1 software-version: advertised and received Local: GoBGP/3.10.0 Remote: FRRouting/8.5-dev-MyOwnFRRVersion-gdc92f44a4 Figure 2 Abraitis Expires 25 November 2024 [Page 7] Internet-Draft Software Version Capability for BGP May 2024 :~# vtysh -c 'show ip bgp neighbors 198.51.100.1 json' \ > | jq '."198.51.100.1".neighborCapabilities.versions' { "advertisedVersion": "frrouting/7.2", "receivedVersion": "frrouting/7.3" } Figure 3 Author's Address Donatas Abraitis Hostinger Email: donatas.abraitis@hostinger.com Abraitis Expires 25 November 2024 [Page 8]