On Mon, 17 Mar 2008, Larry J. Blunk wrote:
RFC2827 is about source address filtering which is not really the same as BGP route announcement filtering. Unfortunately, I have not come across any RFC's with a thorough discussion of route filtering. It is mentioned briefly in RFC 3013, but section 4.5 only suggests filtering routes for private address space. RFC 4778 also mentions it, but again, there is no in depth discussion. Perhaps it is time for an RFC dedicated to route filtering practices?
This provides half a page summary of what can be done without sweating too much: http://tools.ietf.org/html/draft-savola-rtgwg-backbone-attacks-03#section-3.... Applying a (secure) IRR database to build filters for peers and transits has not (AFAIK) been very well documented anywhere. But on the other hand, not too many people are using it either. Unless a better place or a new document is found for that, I can add some verbiage to the abovementioned draft. (Currently, however, it is not obvious to me if that draft is going to progress, and if so which IETF WG or similar forum would be the right place to develop it.) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings