What are the best BGP best practices? (posted 2022-10-03)
I've been telling people how to run BGP in their networks for many years, so it's high time I checked whether what I tell people gels with published best practices. So I typed "BGP best practices" in a Google search box... and got many pages with results. It took me two days to work through that.
But it turns out most of the search results are limited in some way: they only focus on one vendor, only on one small aspect of BGP, are outdated, or just not very good. However, there are four documents that I think deserve qualified recommendations, and one honorable mention:
- ANSSI BGP configuration best practices.
This is a relatively long document, but it gets very to the point while also explaining why each practice is necessary or useful, and how to implement it.
- Philip Smith's BGP Best Current Practices
Philip Smith has given this presentation around the world since at least 2005. So make sure you find a recent version of these slides. The slides have a ton of practices, but very little in the way of explanation why they're necessary or useful. I'm sure he covers that in the presentation, it's just not on these slides.
- NSA's A Guide to Border Gateway Protocol (BGP) Best Practices
Unsurprisingly, this covers just BGP security practices.
- The Mutually Agreed Norms for Routing Security (MANRS) Network Operator Actions.
This MANRS guide is not exactly a best practices guide. Rather, it goes into the four MANRS principles of network operation:
- Prevent propagation of incorrect routing information (filters)
- Prevent traffic with spoofed source addresses
- Facilitate communication between network operators
- Facilitate validation of routing information (RPKI)
It does have extensive guidance and examples on how to set everything up to accomplish these goals.
- Honorable mention: NIST's Border Gateway Protocol Security recommendations.
This has some good background information, but as the document was published in 2007 and not updated, it's not a good source of current best practices.