Moin, after just importing the adopted draft last week, I now added all feedback I received since 117 to the document and submitted -01.
I would appreciate additional feedback on the new iteration of the draft either on the list, or directly as a ticket here: https://github.com/ichdasich/draft-ietf-grow-bgpopsecupd/issues Changes from -00 include: # Changes: - Clarified scope (excl. DC BGP) - Addressed comments on TCP-AO - Addressed comments on VRF confinement/OOB/IB for Controllplane Protection - Contextualized iBGP TCP Auth - Added note on using a VRF for IXP peerings - Expanded on AS_PATH filtering/manipulation - Added extended communities to scrubbing, added in/out scrubbing - Expand attribute scrubbing, add attribute healing - Included note on not using communities to signal validation state - Clarified connection between ASPA and OTC - Added note on filter Idempotency - Added section on behavior at IXPs, incl. not using LOCAL_PREF and honoring GSHUT - Explicitly reference issues with MED induced route oscilation - Shortened abstract - Fixed a logic-error in the reference to ASPA - Set the document to obsolete RFC7545, if approved # Nits: - Fixed reference to workinggroup - Aligned some terms The full diff can be found here: https://github.com/ichdasich/draft-ietf-grow-bgpopsecupd/compare/draft-ietf-grow-bgpopsecupd-00...draft-ietf-grow-bgpopsecupd-01 With best regards, Tobias On Fri, 2024-01-26 at 02:51 -0800, [email protected] wrote: > Internet-Draft draft-ietf-grow-bgpopsecupd-01.txt is now available. > It is a > work item of the Global Routing Operations (GROW) WG of the IETF. > > Title: Updated BGP Operations and Security > Author: Tobias Fiebig > Name: draft-ietf-grow-bgpopsecupd-01.txt > Pages: 55 > Dates: 2024-01-26 > > Abstract: > > The Border Gateway Protocol (BGP) is the protocol almost > exclusively > used in the Internet to exchange routing information between > network > domains. Due to this central nature, it is important to > understand > the security and reliability measures that can and should be > deployed > to prevent accidental or intentional routing disturbances. > > Previously, security considerations for BGP have been described in > RFC7454 / BCP194. Since the publications of RFC7454 / BCP194, > several developments and changes in operational practice took > place > that warrant an update of these best current practices. This > document replaces RFC7454 / BCP194, reiterating the best practices > for BGP security from that document and adding new practices and > recommendations that emerged since its publication. > > This document provides a comprehensive list of Internet specific > BGP > security and reliability related best practices as of the time of > publication. It specifically does not cover other uses of BGP, > e.g., > in a datacenter context. > > While the recommendations in this document are, in general, best > practices, operators still need to carefully weigh individual > measures vs. their local network requirements before implementing > them. Also, as with BCP194, best practices outlined in this > document > may have changed since its publication. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-grow-bgpopsecupd/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-grow-bgpopsecupd-01.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-grow-bgpopsecupd-01 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > GROW mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/grow -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M [email protected] _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
