My first Internet Draft has just been published

While I was discussing the intricacies of Cisco’s IPv6 implementation with Gunter Van de Velde a while ago, he suddenly changed hats and asked me whether I would be willing to contribute to a BGP filtering best practices draft. I’m still too young to realize it’s not a good idea to say YES every time you see something interesting and immediately accepted the challenge.

Gunter put together a fantastic team including Jerome Durand and Gert Doering and the first results of our work (where Jerome did most of the heavy lifting) have been published last night … I proudly present you the BGP operations and security draft. Comments, corrections and additions are most welcome!

2012-09-21: Changed the link to point to the latest draft.

Recent posts in the same categories

20 comments:

  1. JanZorz 02 March 2012 10:23
    Congratulations :) What's the feeling? :) You met Gert yet? Is Gunter not a part of the co-authors team?
  2. Rati Jokhadze 02 March 2012 11:09
    Congratulations! :-)
  3. Calin Chiorean 02 March 2012 11:13
    Congrats!

    A well deserved gift for your amazing technical background.
  4. Shaun 02 March 2012 11:30
    In the section 4.1.1.1. IPv4

    o 172.0.0.0/8 and more specific - loopbacks
    should read
    127.0.0.0/8

    Regards,


    Shaun
  5. Anonymous 02 March 2012 11:34
    Section 4.1.1.1. third bullet says "172.0.0.0/8 and more specific - loopbacks" instead of "127. [...]".
  6. Francesco 02 March 2012 11:51
    Congratulations
  7. Anonymous 02 March 2012 12:27
    Hi,

    Could you (/someone) post templates for Cisco / Juniper for all the mentioned filters in the RFC-draft?

    Would be great.
  8. Ragnar Belial 02 March 2012 15:06
    Just a small idea. Would you think it wise, to have the document written only for IPv6, without referring to IPv4 practices as they must be covered in another document?
  9. Mirek Hankus 02 March 2012 16:15
    First of all congratulations.
    In secion 4.1.1.1. RFC3330 is mentioned, which was published in 2002, but there is RFC 5735 published in 2010, with additional not routable prefixes.
  10. Joachim Jerberg Jensen 02 March 2012 19:29
    Hi Ivan,

    Quite interesting, and nice to put this in writing. The max /24 prefix length on IPv4 will probably not keep on being "best practice", when we get closer top IPv4 Exhaustion.

    Extending the scope, could be to describe some security "best practices", when using BGP Inter-AS option B and C, and maybe CSC.
  11. bryan 02 March 2012 21:04
    first sentence in the abstract has broken english:

    Abstract

    " This documents " should be "These documents" or "This document".
  12. Tiziano 02 March 2012 22:17
    One typo:

    Section 4.1.1.1. IPv4

    Substitute " 172.0.0.0/8 and more specific - loopbacks" with " 127.0.0.0/8 and more specific - loopbacks"
  13. Dmitri Kalintsev 03 March 2012 01:17
    Excellent, well done! :)
  14. matjaz6 06 March 2012 13:06
    Great work, Ivan!
    However, I slightly disagree with the filtering of Exchange points LAN prefixes. Blocking these prefixes in combination with unicast reverse path forwarding check might lead to dropping some valuable ICMP, like 3/4 (Frag.needed), and break the PMTU discovery. I agree that is not very likely to happen, but it could be an issue.
  15. Daniel Ginsburg 07 March 2012 18:50
    You seem to be advocating bogon filtering for IPv6 in section 4.1.2.1. I have to disagree with the notion that it's somehow a "best practice". Bogon filters do not protect from any serious threat but cause lots and lots connectivity issues when a new prefix becomes allocated.

    It never worked right for IPv4, why would it work for IPv6?
  16. sameer 07 May 2012 07:01
    "This protocol does not directly include mechanisms that control that routes exchanged conform to the
    various rules defined by the Internet community."

    should be
    "This protocol does not directly include mechanisms that control the routes exchanged conform to the
    various rules defined by the Internet community."
  17. Jon 18 May 2012 02:00
    Welcome to the Dark Side Ivan ;-)
Add comment
Home
Sidebar