03.control.plane.md

Control plane

RFCs

• RFC 3882: Configuring BGP to Block Denial-of-Service Attacks
• RFC 5635: Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding
• RFC 6192: Protecting the Router Control Plane
• RFC 6666: BGP blackholing discard prefix for IPv6
• RFC 7454: BGP Operations and Security
• RFC 7999: BGP BLACKHOLE community
• RFC 8212: Default external BGP Route Propagation Behavior without Policies

BGP

• Cisco: Deploying BGP FlowSpec on IOS XR
• Cisco: BGP FlowSpec on NCS 5500 implementation notes
• Juniper: Deploying Secure BGP
• Juniper: Deploying BGP FlowSpec

BGP RFCs

• RFC 1997 - BGP Community
• RFC 4360 - BGP Extended Community
• RFC 8092 - BGP Large Community

Hardening guides and whitepapers

• Cisco: Security Control Plane
• Cisco: IOS/IOS-XE hardening guide
• Cisco: IOS XR hardening guide
• Cisco: IOS XR LPTS on ASR 9000
• Cisco: IOS XR NCS 5500
• Cisco: NX-OS hardening guide
• Cisco: 6500/6800 Supervisor 2T Control Plane configuration
• Juniper: Protecting Routing Engine Day One
• Juniper: Hardening JunOS devices

Device architecture resources

• Juniper: MX 3D Packet Walkthrough book
• Juniper: M, MX and T series Packet Walkthrough book