On 16/06/2013, at 17.19, Jan Zorz - ISOC <zorz@isoc.org> wrote:
Hi all,
Finally we have a mailing list (thnx to staff @RIPE-NCC) that we identified as one of the first next steps at BOF in Dublin RIPE meeting.
Please send emails to: bcop@ripe.net
This is the place, where we can discuss how to move forward with the Best Current Operational Practices work, how to maybe move it forward towards more official status, who is willing to participate and start the documents - but first of all - we agreed that we need to identify the topics of discussion.
First few that I heard were:
- source addr antispoofing operational practices - peering good practices - how to implement IPv6 at ISP (different network types and flavors) - DNSsec how-to and practices ...
I would like to invite all to send suggestions so we can identify the topics - and then we can see later where we can start some effort and form a groups that would start producing a documentation.
In no particular order, and based on stuff I do myself. *) DNS in auth and recursive, I always suggest keeping them in too separate "servers" (might be VMs) to ensure not opening up auth server for recursion etc. *) Perhaps best current practice documents that even present BGP policies in general, like the old book "Cisco ISP Essentials (Cisco Press Networking Technology)[Paperback]" from 2002 available in free and open format would be great for getting more secure and robust networking. Having examples in some popular variants would be great Juniper, Cisco, BIRD, OpenBGPD - I also myself used the cymru web site a lot for similar stuff, http://www.team-cymru.org/ReadingRoom/Templates/ *) a small subject I would like see also is ICMP filtering. We want people to know that blocking all of ICMP is bad for them and the internet. It prevents PMTU from working and is required for a lot of testing. So maybe some re-iteration of the ICMP and presenting also the pingable attribute in whois? (I dont use pingable myself yet, but perhaps receiving a nice BCOP doc would make me add some) I wonder if testing is also part of this? *) How to test your network performance, recommending some starting point for common testing inside networks, in my end of the world it seems to be iperf and smokeping that rules the land. I was pretty inspired by Jen Linkova at the RIPE65 meeting talking about creating stacked packet for testing MPLS Best regards Henrik -- Henrik Lund Kramshøj, Follower of the Great Way of Unix internet samurai cand.scient CISSP hlk@kramse.org hlk@solidonetworks.com +45 2026 6000 http://solidonetworks.com/ Network Security is a business enabler