We keep receiving the suggestions for topics from around the world:
- INHIBIT ADDRESS SPOOFING
- BCP 38 (rfc 2827) with BCP 84 (rfc 3704) Ingress Filtering Implemented at every access router and switch as appropriate for:
- Single host
- Non-Transit subnet
- Registered sub-network transit (tell ISP of additional address spaces)
- Open Transit (restrict to BGP?)
- ……
- BCP 38 (rfc 2827) with BCP 84 (rfc 3704) Ingress Filtering Implemented at every access router and switch as appropriate for:
- BGP policies in general
- Having examples in some popular variants would be great Juniper, Cisco, BIRD, OpenBGPD
- Something like “Cisco ISP Essentials”, but revised and shorter.
- Community controlled policies/route-maps for BGP
- POLICIES FOR PEERING
- Register External Routing Policy in RIPE Db. Ask Peers to comply with this doc (? Inter-RIR ?) ? Apply route filtering
- DNS POLICIES
- rfc 2870 (BCP 40)
- rfc 2219 BCP 17
- rfc 2182 BCP 16
- DNS auth and recursive, separate “servers” to ensure not opening up auth server for recursion.
- POLICIES FOR EMAIL
- rfc 2505 (BCP 30)
- rfc 2505 (BCP 30)
- ICMP filtering
- Blocking all of ICMP is bad for users and the internet. It prevents PMTU from working and is required for a lot of testing.
- Pingable attribute in whois
- CoPP (Control Plane Policing)
- in general
- for IPv6
- How to test your network performance
- Recommending some starting point for common testing inside networks, examples and tools like iperf and smokeping
- How to check your visibility from global Internet (few starting suggestions):
- https://stat.ripe.net/ – with all the nice widgets for embedding etc.
- Cyclops BGP – http://cyclops.cs.ucla.edu/
- BGPmon.net
- http://routeviews.org/ and http://bgplay.routeviews.org/
- traceroute.org
- http://RING.nlnog.org
- pingdom
- http://www.v6sonar.com/