Internet Engineering Task Force                                Kengo Nagahashi
INTERNET-DRAFT                                                 Keio University
Expiration Date: August, 2002                                   February, 2002



            Automatically BGP Integrity Check using IRR-DB
            draft-kengo-bgp-integrity-check-00.txt  






STATUS OF THIS MEMO

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas,  and its working groups.  Note that other
groups may also distribute working documents as Internet- Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as work in progress.

The  list  of  current  Internet-Drafts  can  be  accessed  at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow  Directories can be accessed at
http://www.ietf.org/shadow.html.


Copyright Notice

   Copyright (C) The Internet Society (2002). All Rights Reserved.


Abstract

In interdomain routing environment, it is often observed Multiple Origin 
ASes and it causes instability in interdomain routing. To work around
its problem, this draft describes the mechanism of automatically 
integrity check about origin AS. In this approach, BGP router compares
with the origin AS in BGP UPDATE and origin AS in IRR database. 
Also this draft defines messages between BGP router and IRR-DB to 
transmit query and reply packet. And by introducing the cache mechanism 
in BGP router, it can apply route flapping environment.




Kengo Nagahashi                                                            [Page 1]

INTERNET-DRAFT     Automatically BGP Integrity Check using IRR-DB      February, 2002

1. Problem Description

In interdomain routing, it is often occurred that the correct AS doesn't
announce its own prefix but invalid AS announces its prefix arbitrarily,
and at last its connectivity is lost.
Figure-1 shows  shows its example,AS-3 announces 133.27/16 prefix 
correctly however by somehow reasons AS-4 
announces 133.27/16 prefix arbitrarily.  AS-4 sends BGP UPDATE (origin AS=AS-4, 
NLRI = 133.27/16) to AS-2. AS-2 receives its BGP UPDATE and then transits 
its BGP UPDATE to AS-1.  When AS-2 or AS-1 will transmit packets which 
destination is part of 133.27/16, all packets will be delivered to AS-4.
This problem will be referred Black Hole problem or MOAS(Multiple Origin
 AS)[MOAS] and it is one of problems that causes interdomain routing
instability.



  [AS-1] <=====> [AS-2] <====== [AS-3] 
                   +              SHOULD announce 133.27/16
                   |
                   |                   
                   +
                 [AS-4] 
                    announces 133.27/16

    [Figure-1]  



To work around this problem, it can be configured filter-list not by AS-PATH 
list but by list of prefix in BGP router. But the whole routes of BGP pass
over 104,000 prefixes [CIDR REPORT], it is hard to maintain such a large number 
of prefix.























Kengo Nagahashi                                                            [Page 2]

INTERNET-DRAFT        Automatically BGP Integrity Check using IRR-DB      February, 2002


2 Automatically BGP Integrity Check

To detect invalid prefix from invalid AS automatically , this draft  describes 
the mechanism of automatically BGP integrity check.

2.1    Overview

BGP router receives BGP UPDATE which contains AS-PATH, NLRI and other attributes. 
At first, BGP router marks up origin AS in AS-PATH and prefix and prefix length
in NLRI. After marking up origin AS and prefix in BGP UPDATE, then BGP router 
queries to the remote IRR-DB (Internet Routing Registry Database) as the
key of query is prefix. 
IRR-DB searches its own Database (looking up route-object) and if the exact 
matched prefix is found ,then IRR-DB  replies its origin AS to the BGP router.
BGP router receives its reply from IRR-DB and compare between origin AS in 
BGP UPDATE and origin AS in IRR-DB. If both AS are equal then 
it regards collect AS, however if it is different AS, it regards invalid AS 
about origin AS in BGP UPDATE and suppress to inject routing table
in BGP router , nor BGP UPDATE to other BGP peers. 
And to work around BGP route flapping, it introduces cache mechanism.
Cache mechanism works as:
(1) before queuing to the IRR-DB, BGP router looks up its own cache at first,
(2) only the case of not existing cache entry , BGP router queries to the IRR-DB,
(3)BGP router inject cache as the reply of IRR-DB (origin AS and prefix).































Kengo Nagahashi                                                            [Page 3]

INTERNET-DRAFT        Automatically BGP Integrity Check using IRR-DB      February, 2002



Flow of BGP integrity check:

BGP router side:

while (1)
{
  if (bgp-update-comes) 
  {
    origin_as   = head_of_as_path(update.path_attr.as_path);
    key_prefix   = update.nlri.prefix;

     if ((db_origin_as =  is_cache_exist (key_prefix))
         == NULL) 
       {
        db_origin_as = search_irrdb (db_server, key_prefix);
        inject_cache(key_prefix, db_origin_as);
        }

    if (db_origin_as !=  origin_as) 
       goto filtered:
  }
}


IRR-DB side:
 
  if (query-from-bgprtr-comes) 
   {
     query_prefix = query_msg.prefix;
     db_origin_as = search_irr_db (query_prefix);

     reply_bgprtr (db_origin_as, bgprtr);
     
   }




















Kengo Nagahashi                                                            [Page 4]

INTERNET-DRAFT        Automatically BGP Integrity Check using IRR-DB      February, 2002



2.2   Message Format
Required messages between BGP router and IRR-DB is:
1. QUERY 2. REPLY 3. KEEPALIVE


  QUERY: QUERY message is sent by BGP router b to IRR-DB. It is contained
         a single prefix and prefix length in BGP UPDATE messages.


  REPLY: When IRR-DB receives QUERY message from BGP router, IRR-DB searches
         its own Database. If it is found existing entry, IRR-DB returns its 
         origin AS information to BGP router.

 KEEPALIVE: To keep connection between BGP router and IRR-DB, BGP router
          sends KEEPALIVE message every 30 seconds. If IRR-DB receives 
          KEEP-ALIVE message, then replies BGP router. 
          And BGP routers turns on keepalive-bit when receives KEEPALIVE message 
          from IRR-DB. BGP router never sends QUERY message if keepalivebit turns off.

2.3   Cache

To avoid so many BGP UPDATE caused by route flapping, BGP router introduces 
cache mechanism. BGP router registers prefix in BGP UPDATE and associated 
origin AS which is replied from IRR-DB in cache. Cache expires every 24 hours.


3 Possible Considerations

3.1 Impact of interdomain routing
    TBW
3.2 Utilization of IRR-DB
    TBW

4    Security Considerations

This mechanism effects no security impact for the Interdomain routing

5    References

[MOAS] X.Zhao, D.Pei,L.Wang,D.Massey,A.Mankin,S.F.Wu and L.Zhang
       An Analysis of BGP Multiple Origin AS(MOAS) Conflicts
       ACM SIGCOMM Internet Measurement Workshop, Nov. 2001

[CIDR-REPORT] The CIDR Report http://www.employees.org/~tbates/cidr-report.html











Kengo Nagahashi                                                            [Page 5]

INTERNET-DRAFT        Automatically BGP Integrity Check using IRR-DB      February, 2002




6. Authors Address
 Kengo Nagahashi
 Keio University 
 5322 Endo Fujisawa, Kangawa Pref. Japan
 Phone: +81 466-49-1394 
 Fax:   +81 466-49-1395
 Email: kenken@wide.ad.jp













































Kengo Nagahashi                                                            [Page 6]