CloudFlare issues?

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Stephen,


> I used to be a quality control engineer in my career, so I have a
> question to ask from the perspective of a QC guy:  what is the Best
> Practice for minimizing, if not totally preventing, this sort of
> problem?  Is there a "cookbook" answer to this?
>

As suggested by Job in the thread above,

    - deploy RPKI based BGP Origin validation (with invalid == reject)
    - apply maximum prefix limits on all EBGP sessions
    - ask your router vendor to comply with RFC 8212 ('default deny')
    - turn off your 'BGP optimizers' --> You actually don't need that at
all. I survived without any optimizer.

Aslo, read RFC7454 and join MANRS :)

Regards,
Aftab Siddiqui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190626/bcdeb364/attachment.html>

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]