[50904] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Best Current Practices for Routing Protocol Security

daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Aug 14 13:23:34 2002

Date: Wed, 14 Aug 2002 13:23:01 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <5B671CEC7A3CDA40BA4A8B081D7B046C03270702@antiproton.jnpr.net>
Errors-To: owner-nanog-outgoing@merit.edu

What are the best current practices ISPs use to maintain routing protocol
security?

1. None - May be acceptable in some environments
2. I don't tell anyone about my routing protocols
3. Firewalls protect me
4. Don't exchange routing information with external parties
5. Explicit routing neighbor assocations - passive-interface default
6. Address validation on all edge devices
7. Signed routing messages - MD5 or something else
8. Non-routed routing infrastructure - RFC1918 for core
9. Non-IP routing protocols - ISIS
10. Out-of-band route servers - SS7 here we come


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[50904] in North American Network Operators' Group

Best Current Practices for Routing Protocol Security

daemon@ATHENA.MIT.EDU (Sean Donelan)Wed Aug 14 13:23:34 2002

daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Aug 14 13:23:34 2002