• Who am I?
  • Creativity
  • IPv6
  • SDN
  • Security

Creative|Technologist

[email protected]
Login

Login
don't panic don't panic don't panic don't panic
  • Who am I?
  • Creativity
  • IPv6
  • SDN
  • Security

Introducing RFC 7454: BGP Operations and Security

Introducing RFC 7454: BGP Operations and Security

Feb 25, 2015 | Posted by ~Chris | IETF, Internet, ISOC, Security, Technology |

Securing BGPToday I’m re-reading an IETF RFC that was published just this month. RFC 7454 is titled “BGP Operations and Security” and that’s exactly what it’s about. The documents’ abstract does a great job of summarizing the content:

This document describes measures to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System (AS) path filtering, route flap dampening, and BGP community scrubbing.

We often get excited about shiny new technologies or protocols. Sometimes it’s better to be well grounded in the fundamentals. This RFC is one great example of that.

As you’ve probably heard, the IETF’s Secure InterDomain Routing (SIDR) working group is engaged in increasing the security of BGP. Specifically, the group is focused on ensuring proper route origination through the development of a Resource Public Key Infrastructure (RPKI) and on ensuring AS path validity through the development of the BGPSEC protocol. These newer efforts to secure BGP, and with it the core of the Internet, are absolutely laudable, and much good will come from them. But there are some other, perhaps simpler, perhaps older techniques to secure BGP that are too often overlooked by network operators today. Things like prefix filters, max-prefix limits, and setting a TTL with your peer. Things exactly like what’s covered in RFC 7454.

If you haven’t yet taken the time, I highly recommend that you give RFC 7454 a read. Once you have, we could use your help spreading this knowledge.

Securing BGP

As I mentioned when I first wrote about this document; there are several ways that you can help us secure the core of the Internet:

1. Read through our pages and content roadmap – Please take a look through our “Securing BPG” set of pages, and also please take a look at our content roadmap for BGP. Are the current resources listed helpful? Is the way we have structured the information helpful? Will the resources we list on our roadmap help you make your routers more secure?

2. Send us suggestions – If you know of a report, whitepaper, tutorial, video, case study, site or other resource we should consider adding to the site, please let us know. We have a list of many resources that we are considering, but we are always looking for more.

3. Volunteer – If you are very interested in this topic and would like to actively help us on an ongoing basis, please fill out our volunteer form and we’ll get you connected to what we are doing.

4. Help us spread the word – As we publish resources and blog posts relating to securing BGP, please help us spread those links through social networks so that more people can learn about the topic.

This post also appears on the Deploy360 blog.

Sharing is Caring!

  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • More
  • Click to email this to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Skype (Opens in new window)

Related

Share

About ~Chris

Creative|Technologist. Curious. Boisterous. Autotelic Autodidact. Heretic. Hacker. Rider of Boards. Writer of Words. ...Traveler of Time... Client Success VP @ Myriad360.

Leave a Reply

Thanks for reaching out!
Cancel Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reach Out

Hi! I'd love to hear from you. Send me an email and I'll get back to you, asap.

Send Message

Search this site!

ARIN Learning CircleID TechFieldDay Policy SDN IPv6 Security Myths Tech Policy Internet Philosophy Happiness IPv6 Security Colorado Travel Juniper ISOC IETF Miscellaneous Update Networking Creativity Technology Politics

Popular Posts:

  • 100.64.0.0/10 - Shared Transition Space
  • NAT444 (CGN/LSN) and What it Breaks
  • Introducing IPv6 | Understanding IPv6 Addresses
  • How Much IPv6 is There?

Recent Posts:

  • 2021: Setting My Intention
  • 2020 in the Rear View
  • General McChrystal is Wrong
  • 2020: Six Down, Six To Go

Let’s Connect!

© 2021 · Chris Grundemann.

Prev Next
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.