ION Cape Town, 8 September 2015 - The Internet Engineering Task Force (IETF) standardizes the protocols and services that vendors implement and network operators are supposed to deploy and use. We believe there is an opportunity to better identify, capture, and promote best current operational practices emerging from various regional network operators’ groups. We believe sharing these documents across the globe would benefit the wider Internet community and help more operators deploy new technologies like IPv6 and DNSSEC faster and easier. Deploy360’s Jan Zorz will give an update on this progress, discuss the status of BCOP efforts across the world, and give an overview of some of the documents in the process so far.

1. www.internetsociety.org
Best Current Operational Practices (BCOP) –
updates and status from around the world
Jan Žorž
DO Team – Internet Society

2. BCOP | February 2013
What’s a BCOP?
Best Current Operational Practice
•A living document describing the best
operational practices currently agreed on by
subject matter experts
•Vetted and periodically reviewed by the global
network engineering community (GNEC)

3. BCOP | February 2013
The Problem
• Operational knowledge tends to be “tribal”
• Presentations, hallway conversations, internal
documents, in someone’s head…
• Technology, tools, and practices change over time…
• There are hundreds of operational forums
globally
• Archives stored in different formats, some searchable,
rarely have speech text or video, no vetting, and state
unknown.
• How do I find up-to-date, relevant
information when I need it?

4. BCOP | February 2013
The BCOP Solution
Open, Transparent, Bottom-up, and Community led
 Community driven, community written, community vetted Best
Current Operational Practices from an open forum, list, and
publicly searchable site.
 Community written and approved Development Process for
BCOPs
 Everyone is welcome to participate
80/20 model

5. BCOP | February 2013
BCOP activity around the world:
http://www.internetsociety.org/deploy360/about/bcop/
•Africa region: A BCOP group was started under AfNOG,
lead by Fiona Asonga and Douglas Onyango
•Asia: BCOP Task Force started at JANOG, co-chaired by
Seiichi Kawamura and Yoshinobu Matsuzaki, NZNOG
BCOP starting up, lead by Dean Pemberton
• No whole-region effort started yet
•Europe: RIPE BCOP Task Force, co-chaired by Benno
Overeider and Jan Žorž
•Latin America: A BCOP Task Force was started under
LACNOG, lead by Luis Balbinot and Pedro R Torres Jr.
•North America: NANOG BCOP Committee established,
lead by Aaron Hughes and Chris Grundemann

6. BCOP | February 2013
AfNOG BCOP
AfNOG BCOP group is bootstrapping, so URLs with
more info are yet to be established.
Co-chairs: Fiona Asonga and Douglas Onyango
MailingList: http://www.afnog.org/mailinglist.php
Proposed AfBCOP workshop – 7th
December 2015 –
Nairobi (Kenya)

7. BCOP | February 2013
AfBCOP documents in the works:
“IPv6 questions/answers cheat sheet specific to
Africa”
Contributors: Alfred Arouna
•Aims to consolidate common questions and best
answers in a kind of IPv6 questions/answers cheat
sheet specific to Africa.

8. BCOP | February 2013
RIPE BCOP
Co-chairs: Benno Overreinder and Jan Žorž
Charter:
http://www.ripe.net/ripe/groups/tf/best-current-operational-p
Mailing List:
https://www.ripe.net/mailman/listinfo/bcop

9. BCOP | February 2013
RIPE BCOP published documents: RIPE-631
“IPv6 troubleshooting for residential helpdesks”
Contributors: Lee Howard, John Jason Brzozowski, David Freedman, Jason
Fesler, Tim Chown, Sander Steffann, Chris Grundemann, Jen Linkova, Chris
Tuska, Daniel Breuer, Jan Žorž
•Starting point for technical support staff at ISPs or
enterprise IT helpdesks
•Addresses the “fear of the unknown” problem at
many organizations
•Provides a solid first step for front-line support
personnel.

10. BCOP | February 2013
RIPE BCOP documents in the works:
Protocol default values
+ Cryptographical
considerations?
+ ZSK/KSK split or CSK?
+ When to rollover?
+ Values for signature validities,
re-sign, refresh, …
+ NSEC or NSEC3?
+ If NSEC3, when to resalt?
Key management
+ Generation: Number of
participants?
+ Delivery: Integrity checks?
Audit trail?
+ Storage: Online or offline? HSM
or not?
+ Usage: Who can use? How to
(de)activate?
“DNSSEC operational practices for authoritative
name servers”
Contributors: Matthijs Mekking
Available software
+ Standalone solutions: OpenDNSSEC, BIND, Knot, …
+ Combinations: ldnsutils + NSD, …
+ Closed source: Microsoft DNS, Nominum, ...

11. BCOP | February 2013
RIPE BCOP documents in the works:
Definitions:
Interconnection types
• Direct interconnection
• IXP Peering
• IXP Route-server
• Multihop
AS relationships
• Transit / Customer (leaf)
• Transit / Small transit
• Peering
Recommendations:
AS relationship dependent
• TCP-Authentication
• AS-PATH filtering
• Prefixes filtering (route objects)
• Max-prefix
• Private AS removing
General recommendations
• Martians filtering
• Bogons filtering
• Default route filtering
• Log
• Graceful restart
“BGP Best Current Operational Practices”
Contributors: Pierre Lorinquer, Observatory Team (G. Valadon, M. Feuillet, F.
Contat) and operators Association Kazar, France-IX, Jaguar Network, Neo
Telecoms, Orange, RENATER, SFR

12. BCOP | February 2013
RIPE BCOP documents in the works:
“Euro-IX IXP BCOP”
•https://www.euro-ix.net/euro-ix-bcp
•The Euro-IX IXP community has collaborated to
produce the following Best Current Operational
Practices (BCOP) for those looking to either start or
further develop their IXP.

13. BCOP | February 2013
RIPE BCOP documents in the works:
“Controlled IPv6 deaggregation by large
organizations”
•Submitted as I-D to IETF by Iljitsch van Beijnum.
•Talks about ways and reasons to aggregate or de-
aggregate IPv6 space
•Still under discussion if the right place for this
document is IETF or BCOP

14. BCOP | February 2013
RIPE BCOP new ideas for documents:
•IPv6 deployment for small/medium ISP
•IP resources transfers
•Network complexity and correlation to
troubleshooting

15. BCOP | February 2013
LACNOG BCOP
BCOP-LAC is bootstrapping, URLs with more info to
follow.
Co-chairs: Luis Balbinot and Pedro Torres
Mailing list: https://mail.lacnic.net/mailman/listinfo/bcop

16. BCOP | February 2013
LacNOG BCOP documents in the works:
“LacNOG BCOP Development Process
document”
Contributors: Pedro R. Torres Jr., Luis Balbinot
•A development process is important for capture the
Best Current Operational Practices in
documentation format that is uniform and easy to
read.
•LacNOG BCOP TF decided to set the format and
procedure first and then start capturing the Best
Current Operational Practices into documents.

17. BCOP | February 2013
NANOG BCOP
Co-chairs: Aaron Hughes and Chris Grundemann
Charter and Members:
http://nanog.org/governance/bcop
Published BCOPs (ratified):
http://bcop.nanog.org/index.php/Ratified_BCOPs
Draft BCOPs (in progress):
http://bcop.nanog.org/index.php/BCOP_Drafts
Mailing List:
http://mailman.nanog.org/mailman/listinfo/bcop

18. BCOP | February 2013
NANOG BCOP documents in the works:
“Public Peering Exchange Participant”
Contributors: Shawn Hsiao, Erik Muller
•This BCOP aims to update current “Public Peering
Exchange" BCOP
• Add IXP route handling advice
• Remove information pertaining to the operation of an exchange into a
separate document, and re-focus the document toward exchange
participants
• Other updates as needed

19. BCOP | February 2013
NANOG BCOP documents in the works:
“eBGP Configuration”
Contributors: Bill Armstrong, Nina Bargisen, Brian Schleeper, Umair Arshad,
Mannan Venkatesan, Courtney Smith, Raghav Bhargava, Karsten Thomann
•This BCOP aims to provide a singular, consistent
view of industry standard eBGP interconnection
methodologies
•This BCOP will also document pre and post turn-up
validation practices and IRR Etiquette
•The primary focus of this BCOP is eBGP know-how

20. BCOP | February 2013
NANOG BCOP documents in the works:
“Ethernet OAM”
Contributors: Mark Calkins, Jean-Francois Levesque, Voitek Kozack
•This BCOP aims to provide general Ethernet OAM
Orientation and Guidelines that can be followed by
any network operator whom wants or needs to
utilize Ethernet OAM features.
•The primary focus is on a basic understanding of
EOAM technologies.

21. BCOP | February 2013
NANOG BCOP documents in the works:
“Anti-DDoS”
Contributors: Yardiel Fuentes
•Waiting on details…

22. BCOP | February 2013
NANOG BCOP documents in the works:
“BCP 38”
Contributors: Aaron Hughes
•Waiting on details…

23. BCOP | February 2013
NANOG BCOP documents in the works:
“IPv6 Peering”
Contributors: Zaid Ali, Bill Blackford, Chris Grundemann, Aaron Hughes, Darius
Jahandarie, Jonathan Lassoff, Joe Provo, Ren Provo, Brandon Ross, Michael K.
Smith
•This BCOP aims to provide general IPv6 Peering
and Transit guidelines
•The primary focus is on understanding BGP
peering and filtering

24. BCOP | February 2013
JANOG BCOP group
Co-chairs: Seiichi Kawamura and Matsuzaki Yoshinobu
Document in the works:
- EBGP Best Practices
http://www.janog.gr.jp/doc/janog-comment/bcop-
ebgp.txt
-How to build, plan and run conference WiFi network
(URL not yet public)

25. BCOP | February 2013
Potential Topics for Additional BCOPs
http://www.internetsociety.org/deploy360/about/bcop/topics/
•How to test your network performance
•How to check your visibility from global Internet
•De-Aggregation: strict filtering /48s out of /32
•How are operators using IRR?
•IPv6 enterprise network renumbering scenarios,
considerations, and methods
•DNS Policies
•Email Policies
•ICMP Filtering
•… (we need more suggestions)

26. BCOP | February 2013
Next Steps
Where are we going from here?
•Continue to bootstrap new efforts as needed
•Develop new BCOP documents
• Lots of low-hanging fruit
•Review and update existing BCOP documents
•Start thinking & talking about Global coordination

27. BCOP | February 2013
Get Involved Today!
Join this grass-roots effort at the ground floor!
•Contribute to an existing draft
•Offer ideas for new drafts
•Kick off a new document
•Start a local or regional BCOP effort
• Email deploy360@isoc.org for more information

28. www.internetsociety.org
mailto:<zorz@isoc.org>
Jan Žorž
Internet Society DO
team://www.internetsociety.org/deploy360/
Thank
You!