RFC Errata
RFC 4274, "BGP-4 Protocol Analysis", January 2006
Source of RFC: idr (rtg)
Errata ID: 3774
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2006-07-08
Held for Document Update by: Stewart Bryant
Date Held: 2013-10-30
(6) typos / grammar In Section 10, the second paragraph on page 13 says: | BGP uses TCP MD5 option for validating data and protecting against spoofing of TCP segments exchanged between its sessions. The usage of TCP MD5 option for BGP is described at length in [RFC2385]. The TCP MD5 Key management is discussed in [RFC3562]. BGP data | encryption is provided using the IPsec mechanism, which encrypts the | IP payload data (including TCP and BGP data). The IPsec mechanism | can be used in both the transport mode and the tunnel mode. The | IPsec mechanism is described in [RFC2406]. Both the TCP MD5 option | and the IPsec mechanism are not widely deployed security mechanisms for BGP in today's Internet. Hence, it is difficult to gauge their | real performance impact when using with BGP. However, because both | the mechanisms are TCP- and IP-based security mechanisms, the Link Bandwidth, CPU utilization and router memory consumed by BGP would be | the same as any other TCP- and IP-based protocols. It should say, correcting grammar and unclear semantics: | BGP uses the TCP MD5 option for validating data and protecting against spoofing of TCP segments exchanged between its sessions. The usage of TCP MD5 option for BGP is described at length in [RFC2385]. The TCP MD5 Key management is discussed in [RFC3562]. BGP data | encryption is provided using the IPsec ESP mechanism, which encrypts | the IP payload data (including TCP and BGP data). The IPsec ESP | mechanism can be used in both transport mode and tunnel mode. The | IPsec ESP mechanism is described in [RFC2406]. Both the TCP MD5 | option and IPsec ESP are not widely deployed security mechanisms for BGP in today's Internet. Hence, it is difficult to gauge their | real performance impact when used with BGP. However, because both | mechanisms are TCP- and IP-based security mechanisms, the Link Bandwidth, CPU utilization and router memory consumed by BGP would be the same as any for other TCP- and IP-based protocols. (I am in doubt whether the last sentence is appropriate; at least, "the same as" should better be replaced by "similar as". Preferrably, I would delete that sentence.) Finally, the 4th paragraph on page 13, v | Such flexible TCP- and IP-based security mechanisms, allow BGP to prevent insertion/deletion/modification of BGP data, any snooping of the data, session stealing, etc. [...] should say: | Such flexible TCP- and IP-based security mechanisms allow BGP to prevent insertion/deletion/modification of BGP data, any snooping of the data, session stealing, etc. [...]
Notes:
from errata 148