On Mon, 17 Mar 2008, Larry J. Blunk wrote:
RFC2827 is about source address filtering which
is not really the same as BGP route announcement
filtering. Unfortunately, I have not come across
any RFC's with a thorough discussion of route
filtering. It is mentioned briefly in RFC 3013,
but section 4.5 only suggests filtering routes for
private address space. RFC 4778 also mentions it,
but again, there is no in depth discussion. Perhaps
it is time for an RFC dedicated to route filtering
practices?
This provides half a page summary of what can be done without sweating
too much:
http://tools.ietf.org/html/draft-savola-rtgwg-backbone-attacks-03#section-3.2
Applying a (secure) IRR database to build filters for peers and
transits has not (AFAIK) been very well documented anywhere. But on
the other hand, not too many people are using it either. Unless a
better place or a new document is found for that, I can add some
verbiage to the abovementioned draft.
(Currently, however, it is not obvious to me if that draft is going to
progress, and if so which IETF WG or similar forum would be the right
place to develop it.)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
