1 / 8

tools.ietf/html/bcp38

http://tools.ietf.org/html/bcp38. WWW, Email, SSH, Telnet. TCP,UDP. IPv4/IPv6. Data Link. Physical. Application. Orchestration. Control. Virtualization. CLI. ON SALE SDN. LIMITED EDITION NFV. SNEAK PREVIEW NDN. Welcome to DevOps. Internet. DNS. People. BGP. IP. DNS.

mageed
Télécharger la présentation

tools.ietf/html/bcp38

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. http://tools.ietf.org/html/bcp38

  2. WWW, Email, SSH, Telnet TCP,UDP IPv4/IPv6 Data Link Physical

  3. Application Orchestration Control Virtualization CLI ON SALE SDN LIMITED EDITION NFV SNEAK PREVIEW NDN Welcome to DevOps

  4. Internet DNS People BGP IP

  5. DNS • Thou shall not run RDNS and ADNS on the same machine! • Thou shall not open the Recursive DNS to the wide world! • Thou shall not use predictable Source Ports and Query IDs! • Remember that a CPE or printer may also act as an open RDNS! • Honour and support the IETF and RIPE work on DNS. • Thou shall not use the same IP address to accept queries and to initiate recursive lookups on the Recursive DNS! • Thou shall not do lame delegations, nor endless CNAME-ing! • Thou shall use RRL (Response Rate Limit)! • Thou shall use TSIG for zone XFERs! • Thou shall not be afraid to deploy DNSSEC!

  6. BGP • Thou shall not hijack IP prefixes from others! • Thou shall avoid exporting ANY IGP routes into BGP !!! • Thou shall not announce special/private IP prefixes via BGP! • Remember to register thy route policy in an IRR (e.g. RIPE DB). • Honour and support the IETF/RIPE work on the S-BGP, psBGP etc. • Thou shall not announce prefixes longer than /24 (v4) or /48 (v6)! • Thou shall not de-aggregate! • Thou shall use prefix-lists to control thy customers! • Thou shall use maximum-prefix to control thy peers! • Thou shall sign thy routes using RPKI ASAP!

  7. http://tools.ietf.org/html/bcp38 What to do with … PEOPLE? “L’enfer, c’est les autres”(J.P.Sartre)

More Related