{"draft":"draft-ietf-idr-bgp-flowspec-oid-15","doc_id":"RFC9117","title":"Revised Validation Procedure for BGP Flow Specifications","authors":["J. Uttaro","J. Alcaide","C. Filsfils","D. Smith","P. Mohapatra"],"format":["HTML","TEXT","PDF","XML"],"page_count":"12","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Inter-Domain Routing","abstract":"This document describes a modification to the validation procedure\r\ndefined for the dissemination of BGP Flow Specifications.  The\r\ndissemination of BGP Flow Specifications as specified in RFC 8955\r\nrequires that the originator of the Flow Specification match the\r\noriginator of the best-match unicast route for the destination prefix\r\nembedded in the Flow Specification. For an Internal Border Gateway\r\nProtocol (iBGP) received route, the originator is typically a border\r\nrouter within the same autonomous system (AS).  The objective is to\r\nallow only BGP speakers within the data forwarding path to originate\r\nBGP Flow Specifications.  Sometimes it is desirable to originate the\r\nBGP Flow Specification from any place within the autonomous system\r\nitself, for example, from a centralized BGP route controller. \r\nHowever, the validation procedure described in RFC 8955 will fail in\r\nthis scenario.  The modification proposed herein relaxes the\r\nvalidation rule to enable Flow Specifications to be originated within\r\nthe same autonomous system as the BGP speaker performing the\r\nvalidation.  Additionally, this document revises the AS_PATH\r\nvalidation rules so Flow Specifications received from an External\r\nBorder Gateway Protocol (eBGP) peer can be validated when such a peer\r\nis a BGP route server.  \r\n\r\nThis document updates the validation procedure in RFC 8955.","pub_date":"August 2021","keywords":["BGP flowspec"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC8955"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9117","errata_url":null}