From nobody Mon Dec 1 16:37:06 2014 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D62C1A1BE5; Mon, 1 Dec 2014 16:37:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajph0B_8gy0M; Mon, 1 Dec 2014 16:37:02 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 334631AC407; Mon, 1 Dec 2014 16:37:01 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.7.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20141202003701.31484.91064.idtracker@ietfa.amsl.com> Date: Mon, 01 Dec 2014 16:37:01 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/opsec/i0W0jwdJLtgKYDmYIghgRFtn164 Cc: opsec@ietf.org Subject: [OPSEC] I-D Action: draft-ietf-opsec-bgp-security-07.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2014 00:37:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. Title : BGP operations and security Authors : Jerome Durand Ivan Pepelnjak Gert Doering Filename : draft-ietf-opsec-bgp-security-07.txt Pages : 30 Date : 2014-12-01 Abstract: BGP (Border Gateway Protocol) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances. This document describes measures to protect the BGP sessions itself (like TTL, TCP-AO, control plane filtering) and to better control the flow of routing information, using prefix filtering and automatization of prefix filters, max-prefix filtering, AS path filtering, route flap dampening and BGP community scrubbing. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-bgp-security/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-07 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-bgp-security-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Dec 5 08:51:53 2014 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 585371A1B6F; Fri, 5 Dec 2014 08:51:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sVPAxpAwYuE; Fri, 5 Dec 2014 08:51:45 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1281ACECC; Fri, 5 Dec 2014 08:51:45 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: dave@juniper.net,cpignata@cisco.com,rodunn@cisco.com X-Test-IDTracker: no X-IETF-IDTracker: 5.7.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20141205165145.27755.17608.idtracker@ietfa.amsl.com> Date: Fri, 05 Dec 2014 08:51:45 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/opsec/xRurXR1IpJNDS0RmmdTD7isRrtE Cc: opsec@ietf.org, gunter@vandevelde.cc, ipr-announce@ietf.org Subject: [OPSEC] IPR Disclosure: Cisco's Statement of IPR Related to RFC 6192 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2014 16:51:49 -0000 Dear Dave Dugal, Carlos Pignataro, Rodney Dunn: An IPR disclosure that pertains to your RFC entitled "Protecting the Router Control Plane" (RFC6192) was submitted to the IETF Secretariat on 2014-12-05 and has been posted on the "IETF Page of Intellectual Property Rights Disclosures" (https://datatracker.ietf.org/ipr/2493/). The title of the IPR disclosure is "Cisco's Statement of IPR Related to RFC 6192.""); The IETF Secretariat From nobody Mon Dec 8 09:18:15 2014 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5E571AC409; Mon, 8 Dec 2014 09:18:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3wSeS7dqEzTf; Mon, 8 Dec 2014 09:18:11 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 534581AC40F; Mon, 8 Dec 2014 09:18:06 -0800 (PST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 5.7.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20141208171806.22046.40468.idtracker@ietfa.amsl.com> Date: Mon, 08 Dec 2014 09:18:06 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/opsec/zvFfxpOByhSH1PRX8BMwiEunKPA Cc: opsec mailing list , opsec chair , RFC Editor Subject: [OPSEC] Protocol Action: 'BGP operations and security' to Best Current Practice (draft-ietf-opsec-bgp-security-07.txt) X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2014 17:18:12 -0000 The IESG has approved the following document: - 'BGP operations and security' (draft-ietf-opsec-bgp-security-07.txt) as Best Current Practice This document is the product of the Operational Security Capabilities for IP Network Infrastructure Working Group. The IESG contact persons are Joel Jaeggli and Benoit Claise. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-opsec-bgp-security/ Technical Summary BGP (Border Gateway Protocol) is the protocol almost exclusively used in the Internet to exchange routing information between network domains. Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances. This document describes measures to protect the BGP sessions itself (like TTL, TCP-AO, control plane filtering) and to better control the flow of routing information, using prefix filtering and automatization of prefix filters, max-prefix filtering, AS path filtering, route flap dampening and BGP community scrubbing. Working Group Summary Nothing particular to point out. The document and work contribution went smoothly without hiccups. Document Quality This Is an operational document describing best practices. The baseline of the document is the writing down of what successful BGP network implementations have deployed. Personnel Document Shepherd: Gunter Van de Velde Responsible Area director: Joel Jaeggli