Recommendation: BGP Ingress & Egress Filtering BCPs

The core BGP Security recommendation is for all BGP Ingress & Egress Filtering to follow BCPs. These BGP Best Common Practices (BCPs) are not confidential. Your peers would be open to share what they do and help you deploy better policies. It is recommended that you inspect your network’s practices and procedures. Review the BCP Read More

Principle: BGP Hijacking Risk Reduction is a Layered Solution

  Reducing the BGP Hijacking risk reduction is a layered solution. Organizations cannot jump into RPKI BGP Security if they have not established the basics for BGP Security.  It must be remembered that projecting against BGP Hijacks is not a “one tool” approach.  All the BGP Security techniques work together. Organizations should view this as Read More

Recommendation: Deploy Peerlock

Operators who deploy Peerlock will many of the of the route leaking and BGP Hijacking risk. Peer-Lock is an optimized AS-Path Filtering technique. The foundation is not new. We have been using AS Path Filtering for decades. What is new is the approach, using the AS-Path filter together with a written peering agreement.  Does it work? Read More

Recommendation: All prefixes will have one BGP Community

We have learned in the community that it is safer to have all prefixes with one BGP Community. That means a BGP community will be required for the route to get advertised to a peer. Granted, each prefix might have multiple BGP Communities, but the requirement that each must have at least one BGP community Read More

Recommendation: Use Maximum Prefix Filters on all BGP Sessions

Maximum Prefix Filters are often overlooked in BGP configurations. Don’t overlook BGP Maximum Prefix Filters. They can save your network in a route table explosion crisis. Why? Exploding BGP tables is one of the huge risks to Internet stability. We have had and will have routers which de-aggregate, rapidly increasing the size of the BGP RIB Read More

Tools for BGP Peering, Analysis, Troubleshooting & Monitoring

Tools to troubleshoot routing issues, monitor for BGP Hijacking, and alert when there are major routing issues are critical for any organization who connects to the Internet. This is a guide to help organizations pick tools that are useful.    BGP Stream by BGPMON BGP Stream is a free resource for receiving alerts about hijacks, Read More

BGP Hijack Presentations, Talks, & Tutorials

Fortunately, we will have a huge library of BGP Hijacking presentations, talks, & tutorials. Many of these talk about the routing risk and how to mitigate the risk from human mistakes.  BGP Hijacking overview. Routing incidents prevention and defense mechanisms. (Updated) from NOCTION provides a good summary of all the materials list below from the various Read More

BGP Hijacking News, Blogs, and References Articles

Why Review BGP Hijacking News?  There is a lot of BGP Hijacking and routing mistakes covered by in the press. It is one of those “controversial” and “exciting” news items. BGP routing incidents (intentional and unintentional) are great press because they have risk imposed on all telecommunications which at times is outside of the control Read More

BGP Hijacking Risks Research Papers and Projects

Research Papers and Projects Exploring BGP Hijacking & Routing Mistakes Risk The BGP Hijacking Risks profile attracts a wide academic interest. This interest attracts government and private research funding to explore new anti-BGP Hijacking tools, techniques, and resiliency approaches. This work is always worth reading, tracking, and exploring to see apply to real-world operations. Monitor, Read More

Master Class in Internet Networking …. Free

Nick Feamster Provides Operators, Engineers, and Students with the Tools to Understand How the Internet is Glued Together Who is Nick Feamster? Dr. Nick Feamster is known in the Internet Operations community as one of our primary source of great talent, research that pushes the Industry forward, a deep-dive investigation into security issues on the Read More