nanog mailing list archives

SP 800-189 (Draft), Resilient Interdomain Traffic Exchange

From: "Montgomery, Douglas C. \(Fed\) via NANOG" <nanog () nanog org>
Date: Mon, 28 Oct 2019 21:03:43 +0000

https://csrc.nist.gov/publications/detail/sp/800-189/draft


/

This document provides technical guidance and recommendations for technologies that improve the security and robustness 
of interdomain traffic exchange. Technologies recommended in this document for securing the interdomain routing control 
traffic include Resource Public Key Infrastructure (RPKI), BGP origin validation (BGP-OV), and prefix filtering. 
Additionally, technologies recommended for mitigating DoS and DDoS attacks include prevention of IP address spoofing 
using source address validation with access control lists (ACLs) and unicast Reverse Path Forwarding (uRPF). Other 
technologies such as remotely triggered black hole (RTBH) filtering, flow specification (Flowspec), and response rate 
limiting (RRL) are also recommended as part of the overall security mechanisms.

dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST

Current thread:

SP 800-189 (Draft), Resilient Interdomain Traffic Exchange Montgomery, Douglas C. (Fed) via NANOG (Oct 31)
- Re: SP 800-189 (Draft), Resilient Interdomain Traffic Exchange Job Snijders (Oct 31)
- Re: SP 800-189 (Draft), Resilient Interdomain Traffic Exchange Montgomery, Douglas C. (Fed) via NANOG (Oct 31)
- <Possible follow-ups>
- Re: SP 800-189 (Draft), Resilient Interdomain Traffic Exchange Sriram, Kotikalapudi (Fed) via NANOG (Oct 31)