[menog] Massive route leak impacts major parts of the Internet, including Cloudflare
job at ntt.net
Tue Jun 25 15:23:00 UTC 2019
I've compiled a list of study resource references that can perhaps be
a starting point for anyone interested to improve the security of
their BGP perimeter:
presentation: Architecting robust routing policies
presentation: Practical Everyday BGP filtering "Peerlocking"
RFC 8212 ("EBGP default deny") and why we should ask our vendors like
Cisco IOS, IOS XE, NX-OS, Juniper, Arista, Brocade, etc... to be
compliant with this RFC:
slides 2-14: http://largebgpcommunities.net/presentations/ITNOG3-Job_Snijders_Recent_BGP_Innovations.pdf
skip to the rfc8212 part: https://youtu.be/V6Wsq66-f40?t=854
compliance tracker: http://github.com/bgp/RFC8212
The NLNOG Day in Fall 2018 has a wealth of RPKI related presentations
and testimonies: https://nlnog.net/nlnog-day-2018/
Finally, there is the NLNOG BGP Filter Guide: http://bgpfilterguide.nlnog.net/
If you spot errors or have suggestions, please submit them via github
Please let me or the group know should you require further information,
I love talking about this topic ;-)
On Tue, Jun 25, 2019 at 5:17 PM Hisham Ibrahim <hmi at ripe.net> wrote:
> Dear all,
> Yesterday a small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider.
> The details of this of the outage can be read here.
> Cloudflare, one of those effected, also published more on the issue and how it impacted their operations.
> Solution: if you have not already considered RPKI then you probably should.
> If you are interested in understanding more about hot to deploy RPKI please let us know.
> Menog mailing list
> Menog at lists.menog.org
More information about the Menog