[New-wg-docs] I-D Action: draft-ietf-grow-bgpopsecupd-00.txt
internet-drafts@ietf.org Mon, 22 January 2024 14:58 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: new-wg-docs@ietf.org
Delivered-To: new-wg-docs@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C7EC14CF1E for <new-wg-docs@ietf.org>; Mon, 22 Jan 2024 06:58:19 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: new-wg-docs@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.3.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170593549960.42645.13798257837344021887@ietfa.amsl.com>
Date: Mon, 22 Jan 2024 06:58:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-wg-docs/SyqC0bz-u79xq_gvEcHLX6_T2as>
Subject: [New-wg-docs] I-D Action: draft-ietf-grow-bgpopsecupd-00.txt
X-BeenThere: new-wg-docs@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "New \(-00\) Working Group Documents" <new-wg-docs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/new-wg-docs>, <mailto:new-wg-docs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/new-wg-docs/>
List-Post: <mailto:new-wg-docs@ietf.org>
List-Help: <mailto:new-wg-docs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/new-wg-docs>, <mailto:new-wg-docs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2024 14:58:19 -0000
Internet-Draft draft-ietf-grow-bgpopsecupd-00.txt is now available. It is a work item of the Global Routing Operations (GROW) WG of the IETF. Title: Updated BGP Operations and Security Author: Tobias Fiebig Name: draft-ietf-grow-bgpopsecupd-00.txt Pages: 46 Dates: 2024-01-22 Abstract: The Border Gateway Protocol (BGP) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security and reliability measures that can and should be deployed to prevent accidental or intentional routing disturbances. Previously, security considerations for BGP have been described in [RFC7454]. Since the publications of [RFC7454], several developments and changes in operational practice took place that warrant an update of these best current practices. This document updates [RFC7454], reiterating the best practices for BGP security from that document and adding new practices and recommendations that emerged since the publication of [RFC7454]. In the current version, this document covers practices to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System(AS) path filtering, route flap dampening, and BGP community scrubbing. Newly added information and improvements include a unification of terminology, orienting it in [RFC9234], changing recommendations regarding IXP LAN prefixes to align with operational practice, discussing ASPA and BGP roles, expanding on community scrubbing, filter generation and evaluation practices to limit performance overhead, expanding on outbound and internal filtering for defense in depth, global prefix limits, and community based filtering for downstream prefixes. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-grow-bgpopsecupd/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-grow-bgpopsecupd-00.html Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
- [New-wg-docs] I-D Action: draft-ietf-grow-bgpopse… internet-drafts