-01 with stronger reccos and seccons
This commit is contained in:
parent
f27bab03fb
commit
3d02593371
1 changed files with 26 additions and 14 deletions
|
|
@ -80,6 +80,7 @@
|
|||
<t>
|
||||
A BGP Speaker performing RPKI-based Route Origin Validation should
|
||||
not issue Route Refresh to its neighbors when receiving new VRPs.
|
||||
A method for avoiding doing so is described.
|
||||
</t>
|
||||
|
||||
</abstract>
|
||||
|
|
@ -122,23 +123,26 @@
|
|||
|
||||
<section anchor="related" title="Related Work">
|
||||
|
||||
<t>It is assumed that the reader understands BGP, <xref
|
||||
target="RFC4271"/> and Route Refresh <xref target="RFC7313"/>, the
|
||||
RPKI <xref target="RFC6480"/>, Route Origin Authorizations (ROAs),
|
||||
<xref target="RFC6482"/>, The Resource Public Key Infrastructure
|
||||
(RPKI) to Router Protocol <xref target="I-D.ietf-sidrops-8210bis"/>,
|
||||
RPKI-based Prefix Validation, <xref target="RFC6811"/>, and Origin
|
||||
Validation Clarifications, <xref target="RFC8481"/>.</t>
|
||||
<t>
|
||||
It is assumed that the reader understands BGP, <xref
|
||||
target="RFC4271"/> and Route Refresh <xref target="RFC7313"/>, the
|
||||
RPKI <xref target="RFC6480"/>, Route Origin Authorizations (ROAs),
|
||||
<xref target="RFC6482"/>, The Resource Public Key Infrastructure
|
||||
(RPKI) to Router Protocol <xref
|
||||
target="I-D.ietf-sidrops-8210bis"/>, RPKI-based Prefix Validation,
|
||||
<xref target="RFC6811"/>, and Origin Validation Clarifications,
|
||||
<xref target="RFC8481"/>.
|
||||
</t>
|
||||
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section anchor="ops" title="Operational Considerations">
|
||||
<section anchor="ops" title="Operational Recommendations">
|
||||
|
||||
<t>
|
||||
Routers MUST either keep the full Adj-RIB-In or implement this
|
||||
specification.
|
||||
</t>
|
||||
|
||||
|
||||
<t>
|
||||
Operators deploying ROV SHOULD ensure that the router
|
||||
implementation is not causing unnecessary Route Refresh requests
|
||||
|
|
@ -155,16 +159,22 @@
|
|||
|
||||
<t>
|
||||
If the router has insufficient resources to support this, it
|
||||
SHOULD not be used for Route Origin Validation.
|
||||
MUST not be used for Route Origin Validation.
|
||||
</t>
|
||||
|
||||
</section>
|
||||
|
||||
<section anchor="Security" title="Security Considerations">
|
||||
<section anchor="Security" title="Security Considerations">
|
||||
|
||||
<t>
|
||||
This document describes a denial of service Route Origin
|
||||
Validation may place on a BGP neighbor, and describes how it may
|
||||
be ameliorated.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
This document adds no additional security considerations to those
|
||||
already described by the referenced documents.
|
||||
Otherwise, this document adds no additional security considerations
|
||||
to those already described by the referenced documents.
|
||||
</t>
|
||||
|
||||
</section>
|
||||
|
|
@ -196,6 +206,7 @@
|
|||
<?rfc include="reference.RFC.6480.xml"?>
|
||||
</references>
|
||||
|
||||
<!--
|
||||
<section anchor="Acknowledgements" title="Acknowledgements">
|
||||
|
||||
<t>
|
||||
|
|
@ -203,6 +214,7 @@
|
|||
</t>
|
||||
|
||||
</section>
|
||||
-->
|
||||
|
||||
</back>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue