BGP Operations and Security
RFC 7454, “BGP Operations and Security”, is a Best Current Practice document published in February 2015 by J. Durand, I. Pepelnjak, G. Doering. The canonical text is published by the RFC Editor.
Abstract
The Border Gateway Protocol (BGP) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances.
This document describes measures to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System (AS) path filtering, route flap dampening, and BGP community scrubbing.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 7454 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7453 MPLS Transport Profile Traffic Engineering Management Information Base
- RFC 7455 Transparent Interconnection of Lots of Links : Fault Management
- RFC 7452 Architectural Considerations in Smart Object Networking
- RFC 7456 Loss and Delay Measurement in Transparent Interconnection of Lots of Links
- RFC 7451 Extension Registry for the Extensible Provisioning Protocol
- RFC 7457 Summarizing Known Attacks on Transport Layer Security and Datagram TLS
- RFC 7450 Automatic Multicast Tunneling
- RFC 7458 Extensible Authentication Protocol Attributes for Wi-Fi Integration with the Evolved Packet Core