- File formats:
- Status:
- BEST CURRENT PRACTICE
- Authors:
- J. Durand
I. Pepelnjak
G. Doering - Stream:
- IETF
- Source:
- opsec (ops)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7454
Discuss this RFC: Send questions or comments to the mailing list opsec@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7454
Abstract
The Border Gateway Protocol (BGP) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances.
This document describes measures to protect the BGP sessions itself such as Time to Live (TTL), the TCP Authentication Option (TCP-AO), and control-plane filtering. It also describes measures to better control the flow of routing information, using prefix filtering and automation of prefix filters, max-prefix filtering, Autonomous System (AS) path filtering, route flap dampening, and BGP community scrubbing.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.