BCP 194

RFC 7454

BGP Operations and Security, February 2015

Canonical URL:
https://www.rfc-editor.org/bcp/bcp194.txt
File formats:
Plain TextPDF
Status:
BEST CURRENT PRACTICE
Authors:
J. Durand
I. Pepelnjak
G. Doering
Stream:
IETF
Source:
opsec (ops)

Cite this BCP: TXT

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Border Gateway Protocol (BGP) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances. This document describes measures to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System (AS) path filtering, route flap dampening, and BGP community scrubbing.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader