Table of Contents

BGP Training

22:46:48 Hours
22 Lectures
Intermediate

$100

CCIE Enterprise Infrastructure

117:12:56 Hours
287 Lectures
Expert

$1000

Routing Protocols Design and Deployment Course

47:00:55 Hours
51 Lectures
Intermediate

$150

BGP Routing Security Discussion on Linkedin

After I published the Telstra's hijack effecting many networks post on Linkedin, one of my students asked couple good questions under that post. I thought sharing that post here would be beneficial for those who follow "Orhan Ergun Blog", as I explained couple important frequently asked questions about BGP Global routing security.

John Ojo sent the below question/comment:

Orhan Ergun thanks for the insights.

Hence the need for IRR & #RPKI. I attended your BGP Zero to Hero training now this makes more sense to me haven seen flowspec a few weeks ago previously from #Centurylink to this /24 prefix highjack.

But my questions are;

  1. Why do all these companies not implement these path validation controls?
  2. Is it lack of competent BGP Engineers or Peering Coordinators can BGPSec not be automated to avoid human errors? BGP Security controls seem to overwhelm a lot of companies and not all the Security approaches are full proof anyway. Should they just wait until it happens? The need for continuous training and retraining cannot be overemphasized on BGP in-depth. I recommend them to train at Orhan Ergun LLC.

My answer to his question was below:

  1. Many Tier1 ISPs started to implement, though its hard to deploy it towards customer than peer, but main reason why not all companies do that now? Because they have other priorities, securing the Internet is not the top one, even that security will save their networks as well.
  2. When it comes to BGPSEC, which is BGP's Path Validation IETF Standard technology, not because lack of competent engineers, but due to its resource consumption, people cannot deploy it at the moment.

There are two IETF drafts though, for the BGP Path Validation, Alexander Azimov's ASPA and Melchior Aelmans's AS Cones. I have videos with each of these smart guys to discuss their solutions on my Youtube channel which I am sure you are subscriber of !

By the way, here is the ASPA and AS Cones posts.

Created by
Orhan Ergun

Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

View profile