Document: draft-ietf-grow-bgpopsecupd
Title: Updated BGP Operations and Security
Reviewer: Linda Dunbar
Review result: Not Ready
I have been selected as the Routing Directorate reviewer for this draft. For
background, see the RtgDir wiki.
Summary: This draft updates BCP guidance for secure, reliable BGP
operations—replacing RFC 7454—by outlining goals and practices for session
protection, route filtering, and attribute handling in the Internet’s
Default-Free Zone.
Major:
- Section 4.1: the second bullet is not great for a standards doc:
"All ASes left of the originating AS in the AS_PATH MUST be authorized to
advertise the NLRI to the AS directly to their left,.."
Suggest the following:
"Let AS_PATH = {AS1, AS2, …, ASn}, where AS1 is the neighbor that sent the
UPDATE and ASn is the origin. For each k in 1..n−1, AS(k+1) MUST/SHOULD be
authorized to export the NLRI to ASk according to their bilateral routing
policy (e.g., provider–customer, peer, or lateral-peer)."
Minor:
- Section 3.1 lists desired properties (prevent off-path injection,
interruption, etc.) but gives no references (e.g., GTSM/TTL-security, TCP-AO,
BGP-MD5, CoPP/CP-policing, max-prefix). It would be helpful to readers to have
the informative references or a short “Examples include …”
NITS:
Section 2 Scope:
- suggest expand DFZ: “...routers in the Default-Free Zone (DFZ)"
Section 3.2:
- “External activity towards the management interface do not interfere …” ->
“does not interfere …”.
Ack: Acknowledgements list has Martin Pels twice;
Warm Regards,
Linda Dunbar
_______________________________________________
GROW mailing list -- [email protected]
To unsubscribe send an email to [email protected]
