RFC9234 Observed in the Wild

· Mingwei Zhang
case-study

Originally published on Hashnode.

BGP Route Leaks

Route leaks occur when BGP prefixes are propagated in a way that goes against the expected topology relationships of BGP. For example, this can happen when a route learned from one transit provider is announced to another transit provider or a lateral peer (peer-peer-peer), or when a route learned from one lateral peer is announced to another lateral peer or a transit provider (see RFC7908). These leaks often result from misconfiguration or the absence of BGP route filtering, or from inadequate coordination between autonomous systems (ASes).

Cloudflare Radar includes a public route-leak detection system. The system detects potential route leaks by first inferring inter-AS relationships on a per-prefix basis, then examining each announced AS path for valley-free violations. Detection is useful for visibility, but prevention is the stronger operational goal.

RFC9234

RFC9234 documents an active route-leak prevention approach where it defines new BGP capacities (BGP Roles) exchanged during the eBGP session open time and allows the BGP routers to understand AS relationships between local and remote ASes, and thus prevent the propagation of route leaks. RFC9234 also defines a new BGP attributes type, only-to-customer, which tells the receiving BGP routers whether some routes should never be announced to another provider.

When a pair of eBGP routers both implement RFC9234, they will first confirm the BGP role of each other.

With roles defined, it handles the only-to-customer attributes as follows.

In essence, RFC9234 uses BGP roles and OTC attributes to make sure routes received from a provider or a peer can only be propagated to customers.

Only-to-customer Attribute in the Wild

RFC9234 was published in May 2022. Public discussion of RFC9234 deployment has been limited, and public measurements of deployment on the Internet remain relatively scarce.

To measure RFC9234 deployment, RFC9234 support was added to BGPKIT Parser. The repository also includes example code demonstrating how to parse a RIB file and identify messages that contain Only-to-Customer attributes.

The following output comes from parsing a single route-views2 RIB dump (file link).

https://gist.github.com/digizeph/756bd6b4d6627bf1e2a0a4f87a1c8290

This output shows that at least four ASes (AS6939, AS15562, AS20555, AS212068) were associated with RFC9234 OTC attributes in messages that propagated to the route collector and were preserved in MRT files.

The code that generates this result iterates over parsed BGP messages and checks whether the only_to_customer attribute is present.

use bgpkit_parser::BgpkitParser;

fn main() {
    for elem in BgpkitParser::new(
        "http://archive.routeviews.org/bgpdata/2023.03/RIBS/rib.20230316.0200.bz2",
    )
    .unwrap()
    {
        if let Some(otc) = elem.only_to_customer {
            println!(
                "OTC found: {} for path {}\n{}\n",
                &otc,
                &elem.as_path.as_ref().unwrap(),
                &elem
            );
        }
    }
}

To reproduce this example, install the Rust toolchain and run:

git clone https://github.com/bgpkit/bgpkit-parser
cd bgpkit-parser
cargo run --release --example only-to-customer

Update, Mar. 16, 2023: Job Snijders provided additional context on the source of these OTC attributes: YYCIX.

https://twitter.com/JobSnijders/status/1636291640519282688