-01 with stronger reccos and seccons
This commit is contained in:
parent
f27bab03fb
commit
3d02593371
1 changed files with 26 additions and 14 deletions
|
|
@ -80,6 +80,7 @@
|
||||||
<t>
|
<t>
|
||||||
A BGP Speaker performing RPKI-based Route Origin Validation should
|
A BGP Speaker performing RPKI-based Route Origin Validation should
|
||||||
not issue Route Refresh to its neighbors when receiving new VRPs.
|
not issue Route Refresh to its neighbors when receiving new VRPs.
|
||||||
|
A method for avoiding doing so is described.
|
||||||
</t>
|
</t>
|
||||||
|
|
||||||
</abstract>
|
</abstract>
|
||||||
|
|
@ -122,17 +123,20 @@
|
||||||
|
|
||||||
<section anchor="related" title="Related Work">
|
<section anchor="related" title="Related Work">
|
||||||
|
|
||||||
<t>It is assumed that the reader understands BGP, <xref
|
<t>
|
||||||
target="RFC4271"/> and Route Refresh <xref target="RFC7313"/>, the
|
It is assumed that the reader understands BGP, <xref
|
||||||
RPKI <xref target="RFC6480"/>, Route Origin Authorizations (ROAs),
|
target="RFC4271"/> and Route Refresh <xref target="RFC7313"/>, the
|
||||||
<xref target="RFC6482"/>, The Resource Public Key Infrastructure
|
RPKI <xref target="RFC6480"/>, Route Origin Authorizations (ROAs),
|
||||||
(RPKI) to Router Protocol <xref target="I-D.ietf-sidrops-8210bis"/>,
|
<xref target="RFC6482"/>, The Resource Public Key Infrastructure
|
||||||
RPKI-based Prefix Validation, <xref target="RFC6811"/>, and Origin
|
(RPKI) to Router Protocol <xref
|
||||||
Validation Clarifications, <xref target="RFC8481"/>.</t>
|
target="I-D.ietf-sidrops-8210bis"/>, RPKI-based Prefix Validation,
|
||||||
|
<xref target="RFC6811"/>, and Origin Validation Clarifications,
|
||||||
|
<xref target="RFC8481"/>.
|
||||||
|
</t>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section anchor="ops" title="Operational Considerations">
|
<section anchor="ops" title="Operational Recommendations">
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
Routers MUST either keep the full Adj-RIB-In or implement this
|
Routers MUST either keep the full Adj-RIB-In or implement this
|
||||||
|
|
@ -155,16 +159,22 @@
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
If the router has insufficient resources to support this, it
|
If the router has insufficient resources to support this, it
|
||||||
SHOULD not be used for Route Origin Validation.
|
MUST not be used for Route Origin Validation.
|
||||||
</t>
|
</t>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section anchor="Security" title="Security Considerations">
|
<section anchor="Security" title="Security Considerations">
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
This document adds no additional security considerations to those
|
This document describes a denial of service Route Origin
|
||||||
already described by the referenced documents.
|
Validation may place on a BGP neighbor, and describes how it may
|
||||||
|
be ameliorated.
|
||||||
|
</t>
|
||||||
|
|
||||||
|
<t>
|
||||||
|
Otherwise, this document adds no additional security considerations
|
||||||
|
to those already described by the referenced documents.
|
||||||
</t>
|
</t>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
@ -196,6 +206,7 @@
|
||||||
<?rfc include="reference.RFC.6480.xml"?>
|
<?rfc include="reference.RFC.6480.xml"?>
|
||||||
</references>
|
</references>
|
||||||
|
|
||||||
|
<!--
|
||||||
<section anchor="Acknowledgements" title="Acknowledgements">
|
<section anchor="Acknowledgements" title="Acknowledgements">
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
|
|
@ -203,6 +214,7 @@
|
||||||
</t>
|
</t>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
-->
|
||||||
|
|
||||||
</back>
|
</back>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue