Hi! Protecting the control plane is a topic that is wider than this document…or even wider than “just for BGP” (as covered by rfc7454). Additional recommendations are given in both rfc7454 and rfc6192 — this document should then have a reference to them.
My 2c. Alvaro. On October 24, 2018 at 5:28:55 AM, Mirja Kühlewind ([email protected]) wrote: ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- In section 9 (security considerations): Thanks for discussing network load here! However, I find this sentence a bit unsatisfactory: „The specification of counter-measures for this problem is outside the scope of this document.“ Isn’t there any easy way to make some more recommendations for counter measures that could be discussed here? E.g. implement some rate limiting or filtering. Or only accept LIR-PF request from preconfigured hosts (given that LIR-PF support must anyway be pre-configured)? I’m not an expert on this topic and therefore don’t know if any of such recommendations make sense, however, I would quickly like to discuss if it is potentially possible to say more than what’s current said. Thanks!
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
