Dear Stephen, On Tue, Jun 25, 2019 at 07:04:12AM -0700, Stephen Satchell wrote: > On 6/25/19 2:25 AM, Katie Holly wrote: > > Disclaimer: As much as I dislike Cloudflare (I used to complain > > about them a lot on Twitter), this is something I am absolutely > > agreeing with them. Verizon failed to do the most basic of network > > security, and it will happen again, and again, and again... > > I used to be a quality control engineer in my career, so I have a > question to ask from the perspective of a QC guy: what is the Best > Practice for minimizing, if not totally preventing, this sort of > problem? Is there a "cookbook" answer to this? > > (I only run edge networks now, and don't have BGP to worry about. If > my current $dayjob goes away -- they all do -- I might have to get > back into the BGP game, so this is not an idle query.) > > Somehow "just be careful and clueful" isn't the right answer.
Here are some resources which maybe can serve as a starting point for anyone interested in the problem space: presentation: Architecting robust routing policies pdf: https://ripe77.ripe.net/presentations/59-RIPE77_Snijders_Routing_Policy_Architecture.pdf video: https://ripe77.ripe.net/archive/video/Job_Snijders-B._BGP_Policy_Update-20181017-140440.mp4 presentation: Practical Everyday BGP filtering "Peerlocking" pdf: http://instituut.net/~job/NANOG67_NTT_peerlocking_JobSnijders.pdf video: https://www.youtube.com/watch?v=CSLpWBrHy10 RFC 8212 ("EBGP default deny") and why we should ask our vendors like Cisco IOS, IOS XE, NX-OS, Juniper, Arista, Brocade, etc... to be compliant with this RFC: slides 2-14: http://largebgpcommunities.net/presentations/ITNOG3-Job_Snijders_Recent_BGP_Innovations.pdf skip to the rfc8212 part: https://youtu.be/V6Wsq66-f40?t=854 compliance tracker: http://github.com/bgp/RFC8212 The NLNOG Day in Fall 2018 has a wealth of RPKI related presentations and testimonies: https://nlnog.net/nlnog-day-2018/ Finally, there is the NLNOG BGP Filter Guide: http://bgpfilterguide.nlnog.net/ If you spot errors or have suggestions, please submit them via github https://github.com/nlnog/bgpfilterguide Please let me or the group know should you require further information, I love talking about this topic ;-) Kind regards, Job
