www.internetsociety.org

Best Current Operational Practices (BCOP) –updates and status from around the world

Jan Žorž

DO Team – Internet Society

What’s a BCOP?

Best Current Operational Practice

•A living document describing the best operational practices currently agreed on by subject matter experts

•Vetted and periodically reviewed by the global network engineering community (GNEC)

The Problem

• Operational knowledge tends to be “tribal”• Presentations, hallway conversations, internal

documents, in someone’s head…

• Technology, tools, and practices change over time…

• There are hundreds of operational forums globally

• Archives stored in different formats, some searchable, rarely have speech text or video, no vetting, and state unknown.

• How do I find up-to-date, relevant information when I need it?

The BCOP Solution

Open, Transparent, Bottom-up, and Community led

§ Community driven, community written, community vetted Best Current Operational Practices from an open forum, list, and publicly searchable site.

§ Community written and approved Development Process for BCOPs

§ Everyone is welcome to participate

BCOP activity around the world:

http://www.internetsociety.org/deploy360/about/bcop/

•Africa region: A BCOP group was started under AfNOG, lead by Fiona Asonga and Douglas Onyango

•Asia: BCOP Task Force started at JANOG, co-chaired by Seiichi Kawamura and Yoshinobu Matsuzaki, NZNOG BCOP starting up, lead by Dean Pemberton

• No whole-region effort started yet

•Europe: RIPE BCOP Task Force, co-chaired by Benno Overeider and Jan Žorž

•Latin America: A BCOP Task Force was started under LACNOG, from now on lead by Ariel Weher and Luis Balbinot

•North America: BCOP Committee established, lead by Aaron Hughes and Chris Grundemann

AfNOG BCOP

AfNOG BCOP group is bootstrapping, so URLs with more info are yet to be established.

Co-chairs: Fiona Asonga and Douglas Onyango

MailingList: http://www.afnog.org/mailinglist.php

BCOP Workshop in Nairobi, 9 BCOP drafts

http://www.internetsociety.org/deploy360/blog/2016/04/afbcop-workshop-a-huge-leap-forward-for-the-african-bcop-initiative/

BCOP workshop planned for AIS2017

RIPE BCOP

Co-chairs: Benno Overreinder and Jan Žorž

Charter:

http://www.ripe.net/ripe/groups/tf/best-current-operational-practices-task-force

Mailing List:

https://www.ripe.net/mailman/listinfo/bcop

RIPE BCOP published documents: RIPE-631

“IPv6 troubleshooting for residential helpdesks”Contributors: Lee Howard, John Jason Brzozowski, David Freedman, Jason Fesler, Tim Chown, Sander Steffann, Chris Grundemann, Jen Linkova, Chris Tuska, Daniel Breuer, Jan Žorž

•Starting point for technical support staff at ISPs or enterprise IT helpdesks

•Addresses the “fear of the unknown” problem at many organizations

•Provides a solid first step for front-line support personnel.

RIPE BCOP documents in the works:

Protocol default values

+ Cryptographical considerations?+ ZSK/KSK split or CSK?+ When to rollover?+ Values for signature validities, re-sign, refresh, …+ NSEC or NSEC3?+ If NSEC3, when to resalt?

Key management

+ Generation: Number of participants?+ Delivery: Integrity checks? Audit trail?+ Storage: Online or offline? HSM or not?+ Usage: Who can use? How to (de)activate?

“DNSSEC operational practices for authoritative name servers”Contributors: Matthijs Mekking

Available software+ Standalone solutions: OpenDNSSEC, BIND, Knot, …+ Combinations: ldnsutils + NSD, …+ Closed source: Microsoft DNS, Nominum, ...

RIPE BCOP documents in the works:

Definitions:

Interconnection types• Direct interconnection• IXP Peering• IXP Route-server• Multihop

AS relationships• Transit / Customer (leaf)• Transit / Small transit• Peering

Recommendations:

AS relationship dependent• TCP-Authentication• AS-PATH filtering• Prefixes filtering (route objects)• Max-prefix• Private AS removing

General recommendations• Martians filtering• Bogons filtering• Default route filtering• Log• Graceful restart

“BGP Best Current Operational Practices”Contributors: Pierre Lorinquer, Observatory Team (G. Valadon, M. Feuillet, F. Contat) and operators Association Kazar, France-IX, Jaguar Network, Neo Telecoms, Orange, RENATER, SFR

RIPE BCOP documents in the works:

IPv6 for Enterprises

•IPv6 Best Current Operational and deployment Practices for Enterprises…

•Majority of the work is being carried on by Sander Steffann, Jan Žorž is co-author

•Continuation of RIPE-554 and RIPE-631 series of documents.

RIPE BCOP documents in the works:

IPv6 prefix assignment for end-users - static or dynamic and what size to choose.Authors: Jan Žorž <zorz@isoc.org>, Sander Steffann <sander@steffann.nl>, Primož Dražumerič <Primoz.Drazumeric@telekom.si>, Mark Townsley <townsley@cisco.com>, Andrew Alston <andrew.alston@liquidtelecom.com>, Gert Doering <gert@space.net>, Jordi Palet <jordi.palet@consulintel.es>, Jen Linkova <furry@google.com>, Luis Balbinot lbalbinot@brdigital.com.br

•Advice to operators what size of IPv6 prefixes for assigning them to customers to choos and how to delegate them – statically or dynamically.

•Continuation of RIPE-554 and RIPE-631 series of documents.

RIPE BCOP new ideas for documents:

•IPv6 deployment for small/medium ISP

•IP resources transfers

•Network complexity and correlation to troubleshooting

•MANRS BCOP

LACNOG BCOP

BCOP-LAC is bootstrapping, URLs with more info to follow.

Co-chairs: Luis Balbinot and Ariel Weher

Mailing list: https://mail.lacnic.net/mailman/listinfo/bcop

LacNOG BCOP documents in the works:“LacNOG BCOP Development Process document”Contributors: Pedro R. Torres Jr., Luis Balbinot

•A development process is important for capture the Best Current Operational Practices in documentation format that is uniform and easy to read.

•LacNOG BCOP TF decided to set the format and procedure first and then start capturing the Best Current Operational Practices into documents.

LacNOG BCOP documents in the works:• Recomendações para Notificações de Incidentes de

Segurança

• Recomendaciones de como implementar o comenzar con IPv6

• Cooperacion de operadores y CSIRT's, creacion de un template para reportar incidentes.

• Recomendaciones básicas de seguridad para operadores de red.

• Best Practices for IXP's

• Configuración básica de firewall para un host en varios sistemas operativos.

• Mitigación de DDOS

North Amercas BCOP

Co-chairs: Aaron Hughes and Chris Grundemann

Charter and Members: http://nanog.org/governance/bcop

Published BCOPs (ratified): http://bcop.nanog.org/index.php/Ratified_BCOPs

Draft BCOPs (in progress): http://bcop.nanog.org/index.php/BCOP_Drafts

Mailing List: http://mailman.nanog.org/mailman/listinfo/bcop

NA BCOP documents in the works:“Public Peering Exchange Participant”Contributors: Shawn Hsiao, Erik Muller

•This BCOP aims to update current “Public Peering Exchange" BCOP• Add IXP route handling advice

• Remove information pertaining to the operation of an exchange into a separate document, and re-focus the document toward exchange participants

• Other updates as needed

NA BCOP documents in the works:“eBGP Configuration”Contributors: Bill Armstrong, Nina Bargisen, Brian Schleeper, Umair Arshad, Mannan Venkatesan, Courtney Smith, Raghav Bhargava, Karsten Thomann

•This BCOP aims to provide a singular, consistent view of industry standard eBGP interconnection methodologies

•This BCOP will also document pre and post turn-up validation practices and IRR Etiquette

•The primary focus of this BCOP is eBGP know-how

NA BCOP documents in the works:“Ethernet OAM”Contributors: Mark Calkins, Jean-Francois Levesque, Voitek Kozack

•This BCOP aims to provide general Ethernet OAM Orientation and Guidelines that can be followed by any network operator whom wants or needs to utilize Ethernet OAM features.

•The primary focus is on a basic understanding of EOAM technologies.

NA BCOP documents in the works:“IPv6 Peering”Contributors: Zaid Ali, Bill Blackford, Chris Grundemann, Aaron Hughes, Darius Jahandarie, Jonathan Lassoff, Joe Provo, Ren Provo, Brandon Ross, Michael K. Smith

•This BCOP aims to provide general IPv6 Peering and Transit guidelines

•The primary focus is on understanding BGP peering and filtering

JANOG BCOP group

Co-chairs: Seiichi Kawamura and Matsuzaki Yoshinobu

Document in the works:

- EBGP Best Practices

http://www.janog.gr.jp/doc/janog-comment/bcop-ebgp.txt

-How to build, plan and run conference WiFi network

(URL not yet public)

Potential Topics for Additional BCOPshttp://www.internetsociety.org/deploy360/about/bcop/topics/

•How to test your network performance

•How to check your visibility from global Internet

•De-Aggregation: strict filtering /48s out of /32

•How are operators using IRR?

•IPv6 enterprise network renumbering scenarios, considerations, and methods

•DNS Policies

•Email Policies

•ICMP Filtering

•… (we need more suggestions)

Next Steps

Where are we going from here?

•Continue to bootstrap new efforts as needed

•Develop new BCOP documents• Lots of low-hanging fruit

•Review and update existing BCOP documents

•Start thinking & talking about Global coordination

BCOP Global Coordination meeting @IETF93

-First BCOP GC meeting was held in Prague during the IETF93

-First discussion started on how to globally coordinate the efforts

Get Involved Today!

Join this grass-roots effort at the ground floor!

•Contribute to an existing draft

•Offer ideas for new drafts

•Kick off a new document

•Start a local or regional BCOP effort• Email deploy360@isoc.org for more information

www.internetsociety.org

mailto:<zorz@isoc.org>

Jan ŽoržInternet Society DO

team://www.internetsociety.org/deploy360/

Thank You!