SP 800-189 (Draft), Resilient Interdomain Traffic Exchange

Montgomery, Douglas C. (Fed) dougm at nist.gov
Mon Oct 28 21:03:43 UTC 2019


https://csrc.nist.gov/publications/detail/sp/800-189/draft


/

This document provides technical guidance and recommendations for technologies that improve the security and robustness of interdomain traffic exchange. Technologies recommended in this document for securing the interdomain routing control traffic include Resource Public Key Infrastructure (RPKI), BGP origin validation (BGP-OV), and prefix filtering. Additionally, technologies recommended for mitigating DoS and DDoS attacks include prevention of IP address spoofing using source address validation with access control lists (ACLs) and unicast Reverse Path Forwarding (uRPF). Other technologies such as remotely triggered black hole (RTBH) filtering, flow specification (Flowspec), and response rate limiting (RRL) are also recommended as part of the overall security mechanisms.

dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191028/d3c09bbc/attachment.html>


More information about the NANOG mailing list