Internet-Draft BGP RP PV & IV July 2026
Wang, et al. Expires 7 January 2027 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-wang-grow-bmp-policy-preview-00
Published:
Intended Status:
Standards Track
Expires:
Authors:
L. Wang
Huawei Technologies
N. Geng
Huawei Technologies
L. Li
Huawei Technologies
S. Zhuang
Huawei Technologies

BGP Route Policy Pre-view and Intent Verification Using BGP Monitoring Protocol

Abstract

Deploying BGP route policies in live production networks carries significant operational risks, often resulting in unintended route leaks, suboptimal routing paths, or blackholes. This document proposes an extension to the BGP Monitoring Protocol (BMP) that enables a BGP speaker to pre-view and dry-run a candidate route policy within a localized control-plane sandbox. The resulting post-policy route changes (deltas) are streamed asynchronously to a centralized controller via a new BMP message type. This architecture allows the controller to verify policy alignment with network intents, subsequently triggering either an explicit commit or a rollback before any forwarding plane changes take effect.

Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 7 January 2027.

Table of Contents

1. Introduction

BGP route policies (e.g., prefix-lists, AS-path filters, community manipulation) are the primary tool for inter-domain traffic engineering. However, modern policy structures are complex and highly error-prone. When a network operator or an automated orchestrator deploys a modified policy to a router, the resulting BGP updates instantly propagate throughout the network. If the policy contains a logical flaw, widespread traffic disruption occurs before monitoring systems can react.

Existing network validation models rely on offline simulation tools. While useful, these simulations cannot perfectly replicate the internal, real-time state machine and multi-vendor nuances of a live router's RIB processing engine.

This document defines a protocol-driven mechanism for "on-box" policy pre-viewing. By leveraging a control-plane sandbox, a router executes candidate policies against its live Adj-RIB-In without modifying its active Local-RIB or Forwarding Information Base (FIB). The simulated differences (Deltas) are asynchronously reported via an extended BGP Monitoring Protocol (BMP) [RFC7854] session, providing a reliable, zero-risk framework for closed-loop intent verification.

2. Terminology and Architectural Overview

   o  Candidate Policy: A route policy configuration that is staged but
      not yet committed or activated in the dataplane.
   o  Control-Plane Sandbox: An isolated software environment within the
      BGP routing process used exclusively for dry-running candidate policies.
   o  Shadow Local-RIB: A temporary routing information base generated inside
      the sandbox representing the simulated state of chosen routes.
   o  Policy Transaction ID: A unique identifier assigned by the controller
      to trace the lifecycle of a specific policy modification event.



3. Extension to BMP: Route Pre-view Monitoring (RPM) Message

This document introduces a new BMP message type, termed the Route Pre-view Monitoring (RPM) Message (Suggested Type Value: TBD1).

The RPM message extends the standard BMP Route Monitoring (RM) structure by appending a mandatory Policy Transaction Header to encapsulate pre-view context.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        BMP Common Header                      |
   |                           (6 octets)                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Per-Peer Header                        |
   |                          (42 octets)                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Policy Transaction ID (4 octets)              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Pre-view Flag |                   Reserved                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  BGP UPDATE PDU (Variable Length)             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4. Operational Procedures

4.1. Sandbox Initialization and Delta Computation

When a candidate policy configuration block is staged on the router with a designated Transaction ID, the router MUST NOT evaluate this policy against the active operational Local-RIB.

Instead, the router spawns a temporary Sandbox context:

  1. The router feeds the existing Adj-RIB-In routes of the targeted peer(s) through the candidate policy engine.

  2. The resulting route outputs are gathered into a temporary Shadow Local-RIB.

  3. The router performs a mathematical matrix comparison: `Delta = Shadow Local-RIB - Operational Local-RIB`.

  4. For each non-zero Delta entry, the router generates an RPM message containing the simulated route state and streams it to the BMP receiver.

4.2. The Intent Validation Loop

The centralized SDN controller listens to the RPM stream. By aggregating these messages across multiple monitored nodes, the controller can verify high-level intents (e.g., ensuring traffic does not transit a restricted Autonomous System).

4.3. Transaction Resolution: Commit or Rollback

Once verification concludes, the controller completes the transaction using the device's configuration channel (e.g., NETCONF/YANG):

5. Performance and Scalability Optimization

Executing comprehensive shadow calculations across multi-million route tables can stress device CPU and memory. Implementations MUST follow these scoping rules:

6. IANA Considerations

This document requests IANA to allocate a new message type value from the "BGP Monitoring Protocol (BMP) Message Types" sub-registry:

   o  Type: TBD1
   o  Description: Route Pre-view Monitoring (RPM) Message
   o  Reference: [This-Document]

7. Security Considerations

RPM messages expose the hypothetical routing shifts of an enterprise fabric prior to deployment. If intercepted, an attacker could deduce intended traffic engineering patterns. The BMP sessions carrying RPM messages MUST be encrypted using TCP-AO [RFC5925] or TLS profiles customized for BMP.

8. Contributors

The following people made significant contributions to this document:

To be added.

9. Acknowledgements

The authors would like to acknowledge the review and inputs from xxx.

10. References

10.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC4271]
Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, , <https://www.rfc-editor.org/info/rfc4271>.
[RFC4760]
Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, DOI 10.17487/RFC4760, , <https://www.rfc-editor.org/info/rfc4760>.
[RFC5925]
Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, , <https://www.rfc-editor.org/info/rfc5925>.
[RFC7854]
Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP Monitoring Protocol (BMP)", RFC 7854, DOI 10.17487/RFC7854, , <https://www.rfc-editor.org/info/rfc7854>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.

10.2. Informative References

Authors' Addresses

Lili Wang
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China
Nan Geng
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China
Lei Li
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China
Shunwan Zhuang
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China