Job also enjoys having his ID checked. Can we get a best practices link added to the list for that?
On Tue, Jun 25, 2019 at 10:27 AM Job Snijders <j...@ntt.net> wrote: > Dear Stephen, > > On Tue, Jun 25, 2019 at 07:04:12AM -0700, Stephen Satchell wrote: > > On 6/25/19 2:25 AM, Katie Holly wrote: > > > Disclaimer: As much as I dislike Cloudflare (I used to complain > > > about them a lot on Twitter), this is something I am absolutely > > > agreeing with them. Verizon failed to do the most basic of network > > > security, and it will happen again, and again, and again... > > > > I used to be a quality control engineer in my career, so I have a > > question to ask from the perspective of a QC guy: what is the Best > > Practice for minimizing, if not totally preventing, this sort of > > problem? Is there a "cookbook" answer to this? > > > > (I only run edge networks now, and don't have BGP to worry about. If > > my current $dayjob goes away -- they all do -- I might have to get > > back into the BGP game, so this is not an idle query.) > > > > Somehow "just be careful and clueful" isn't the right answer. > > Here are some resources which maybe can serve as a starting point for > anyone interested in the problem space: > > presentation: Architecting robust routing policies > pdf: > https://ripe77.ripe.net/presentations/59-RIPE77_Snijders_Routing_Policy_Architecture.pdf > video: > https://ripe77.ripe.net/archive/video/Job_Snijders-B._BGP_Policy_Update-20181017-140440.mp4 > > presentation: Practical Everyday BGP filtering "Peerlocking" > pdf: http://instituut.net/~job/NANOG67_NTT_peerlocking_JobSnijders.pdf > video: https://www.youtube.com/watch?v=CSLpWBrHy10 > > RFC 8212 ("EBGP default deny") and why we should ask our vendors like > Cisco IOS, IOS XE, NX-OS, Juniper, Arista, Brocade, etc... to be > compliant with this RFC: > slides 2-14: > http://largebgpcommunities.net/presentations/ITNOG3-Job_Snijders_Recent_BGP_Innovations.pdf > skip to the rfc8212 part: https://youtu.be/V6Wsq66-f40?t=854 > compliance tracker: http://github.com/bgp/RFC8212 > > The NLNOG Day in Fall 2018 has a wealth of RPKI related presentations > and testimonies: https://nlnog.net/nlnog-day-2018/ > > Finally, there is the NLNOG BGP Filter Guide: > http://bgpfilterguide.nlnog.net/ > If you spot errors or have suggestions, please submit them via github > https://github.com/nlnog/bgpfilterguide > > Please let me or the group know should you require further information, > I love talking about this topic ;-) > > Kind regards, > > Job >