Donate
‹ Back
Deploy360 25 February 2015

Introducing RFC 7454: BGP Operations and Security

Securing BGPToday I’m re-reading an IETF RFC that was published just this month. RFC 7454 is titled “BGP Operations and Security” and that’s exactly what it’s about. The documents’ abstract does a great job of summarizing the content:

This document describes measures to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System (AS) path filtering, route flap dampening, and BGP community scrubbing.

We often get excited about shiny new technologies or protocols. Sometimes it’s better to be well grounded in the fundamentals. This RFC is one great example of that.

As you’ve probably heard, the IETF’s Secure InterDomain Routing (SIDR) working group is engaged in increasing the security of BGP. Specifically, the group is focused on ensuring proper route origination through the development of a Resource Public Key Infrastructure (RPKI) and on ensuring AS path validity through the development of the BGPSEC protocol. These newer efforts to secure BGP, and with it the core of the Internet, are absolutely laudable, and much good will come from them. But there are some other, perhaps simpler, perhaps older techniques to secure BGP that are too often overlooked by network operators today. Things like prefix filters, max-prefix limits, and setting a TTL with your peer. Things exactly like what’s covered in RFC 7454.

If you haven’t yet taken the time, I highly recommend that you give RFC 7454 a read. Once you have, we could use your help spreading this knowledge.

Securing BGP

As I mentioned when I first wrote about this document; there are several ways that you can help us secure the core of the Internet:

1. Read through our pages and content roadmap – Please take a look through our “Securing BGP” set of pages, and also please take a look at our content roadmap for BGP.  Are the current resources listed helpful?  Is the way we have structured the information helpful?  Will the resources we list on our roadmap help you make your routers more secure?

2. Send us suggestions – If you know of a report, whitepaper, tutorial, video, case study, site or other resource we should consider adding to the site, please let us know. We have a list of many resources that we are considering, but we are always looking for more.

3. Volunteer – If you are very interested in this topic and would like to actively help us on an ongoing basis, please fill out our volunteer form and we’ll get you connected to what we are doing.

4. Help us spread the word – As we publish resources and blog posts relating to securing BGP, please help us spread those links through social networks so that more people can learn about the topic.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Rough Guide to IETF 88: Routing Resilience
IETF29 October 2013

Rough Guide to IETF 88: Routing Resilience

Security is an important topic for the Internet Engineering Task Force (IETF) in general and at IETF 88 next week in Vancouver in particular....

RFC 7908 Defines BGP Route Leaks. Now, How Do We Prevent Them?
RFC 7908 Defines BGP Route Leaks. Now, How Do We Prevent Them?
Building Trust23 June 2016

RFC 7908 Defines BGP Route Leaks. Now, How Do We Prevent Them?

RFC 7908, "Problem Definition and Classification of BGP Route Leaks," has been just published. While “route leak” was a known...

ISOC Rough Guide to IETF 90: Routing Resilience
ISOC Rough Guide to IETF 90: Routing Resilience
IETF16 July 2014

ISOC Rough Guide to IETF 90: Routing Resilience

Security and resilience are important aspects of IETF work and there are many Working Groups (WGs) that contribute to the...

Join the conversation with Internet Society members around the world