Security BGP should be as easy as fastening your seat belt, right? Except no one will give you a ticket for having insecure BGP. Ivan Pepelnjak explores this idea and some others when it comes to mandatory BGP practices in a great blog post.
BGP is so important to our Internet lives. But is it the best solution? Or can it be improved. Nick Buraglio discusses some of the issues and potential fixes with BGP.
Russ White of ‘net work comments: Throughout the last several months, I’ve been building a set of posts examining securing BGP as a sort of case study around protocol and/or system design. The point of this series of posts isn’t to find a way to secure BGP specifically, but rather to look at the kinds […]
Nick Buraglio of The Forwarding Plane comments: For those that run BGP networks, BGPmon is often a tool they turn to for some really unique and hard to find information. Remember back in February 2008 when Pakistan Telecom “blocked” Youtube? That one was a really, really public example of something that BGPMon caught. BGPmon has been around for […]
Bob McCouch of Herding Packets comments: Reader Feedback! Recently, I posted about some lab verification I did during a customer setup where I had to strip private BGP AS numbers (64512-65535) before sending BGP-learned prefixes upstream to an ISP. While I used the purpose-built “remove-private-as” neighbor command, several readers commented to me via the blog […]
I have been working on a project to migrate our remote office connectivity into a private WAN. Today, many of those sites are connected via a manual mesh of site-to-site IPSEC VPN tunnels. In the process of this conversion, I have been re-working the WAN cloud itself to leverage the vendorâ€™s ability to peer with me via BGP.