Presentation by Jan Zorz and Aftab Siddiqui at APRICOT 2017 on Monday, 27 February 2017.

1. www.internetsociety.org
Best Current Operational Practices (BCOP) –
updates and status from around the world
Jan Žorž
DO Team – Internet Society

2. What’s a BCOP?
Best Current Operational Practice
•A living document describing the best
operational practices currently agreed on by
subject matter experts
•Vetted and periodically reviewed by the global
network engineering community (GNEC)

3. The Problem
• Operational knowledge tends to be “tribal”
• Presentations, hallway conversations, internal
documents, in someone’s head…
• Technology, tools, and practices change over time…
• There are hundreds of operational forums
globally
• Archives stored in different formats, some searchable,
rarely have speech text or video, no vetting, and state
unknown.
• How do I find up-to-date, relevant
information when I need it?

4. The BCOP Solution
Open, Transparent, Bottom-up, and Community led
§ Community driven, community written, community vetted Best
Current Operational Practices from an open forum, list, and
publicly searchable site.
§ Community written and approved Development Process for
BCOPs
§ Everyone is welcome to participate

5. BCOP activity around the world:
http://www.internetsociety.org/deploy360/about/bcop/
•Africa region: A BCOP group was started under AfNOG, lead
by Fiona Asonga and Douglas Onyango
•Asia: BCOP Task Force started at JANOG, co-chaired by
Seiichi Kawamura and Yoshinobu Matsuzaki, NZNOG BCOP
starting up, lead by Dean Pemberton
• No whole-region effort started yet
•Europe: RIPE BCOP Task Force, co-chaired by Benno
Overeider and Jan Žorž
•Latin America: A BCOP Task Force was started under
LACNOG, from now on lead by Ariel Weher and Luis Balbinot
•North America: BCOP Committee established, lead by Aaron
Hughes and Chris Grundemann

6. AfNOG BCOP
AfNOG BCOP group is bootstrapping, so URLs with
more info are yet to be established.
Co-chairs: Fiona Asonga and Douglas Onyango
MailingList: http://www.afnog.org/mailinglist.php
BCOP Workshop in Nairobi, 9 BCOP drafts
http://www.internetsociety.org/deploy360/blog/2016/04/af
bcop-workshop-a-huge-leap-forward-for-the-african-
bcop-initiative/
BCOP workshop planned for AIS2017

7. RIPE BCOP
Co-chairs: Benno Overreinder and Jan Žorž
Charter:
http://www.ripe.net/ripe/groups/tf/best-current-
operational-practices-task-force
Mailing List:
https://www.ripe.net/mailman/listinfo/bcop

8. RIPE BCOP published documents: RIPE-631
“IPv6 troubleshooting for residential helpdesks”
Contributors: Lee Howard, John Jason Brzozowski, David Freedman, Jason
Fesler, Tim Chown, Sander Steffann, Chris Grundemann, Jen Linkova, Chris
Tuska, Daniel Breuer, Jan Žorž
•Starting point for technical support staff at ISPs or
enterprise IT helpdesks
•Addresses the “fear of the unknown” problem at
many organizations
•Provides a solid first step for front-line support
personnel.

9. RIPE BCOP documents in the works:
Protocol default values
+ Cryptographical
considerations?
+ ZSK/KSK split or CSK?
+ When to rollover?
+ Values for signature validities,
re-sign, refresh, …
+ NSEC or NSEC3?
+ If NSEC3, when to resalt?
Key management
+ Generation: Number of
participants?
+ Delivery: Integrity checks?
Audit trail?
+ Storage: Online or offline? HSM
or not?
+ Usage: Who can use? How to
(de)activate?
“DNSSEC operational practices for authoritative
name servers”
Contributors: Matthijs Mekking
Available software
+ Standalone solutions: OpenDNSSEC, BIND, Knot, …
+ Combinations: ldnsutils + NSD, …
+ Closed source: Microsoft DNS, Nominum, ...

10. RIPE BCOP documents in the works:
Definitions:
Interconnection types
• Direct interconnection
• IXP Peering
• IXP Route-server
• Multihop
AS relationships
• Transit / Customer (leaf)
• Transit / Small transit
• Peering
Recommendations:
AS relationship dependent
• TCP-Authentication
• AS-PATH filtering
• Prefixes filtering (route objects)
• Max-prefix
• Private AS removing
General recommendations
• Martians filtering
• Bogons filtering
• Default route filtering
• Log
• Graceful restart
“BGP Best Current Operational Practices”
Contributors: Pierre Lorinquer, Observatory Team (G. Valadon, M. Feuillet, F.
Contat) and operators Association Kazar, France-IX, Jaguar Network, Neo
Telecoms, Orange, RENATER, SFR

11. RIPE BCOP documents in the works:
IPv6 for Enterprises
•IPv6 Best Current Operational and deployment
Practices for Enterprises…
•Majority of the work is being carried on by Sander
Steffann, Jan Žorž is co-author
•Continuation of RIPE-554 and RIPE-631 series of
documents.

12. RIPE BCOP documents in the works:
IPv6 prefix assignment for end-users - static or
dynamic and what size to choose.
Authors: Jan Žorž <zorz@isoc.org>, Sander Steffann <sander@steffann.nl>, Primož
Dražumerič <Primoz.Drazumeric@telekom.si>, Mark Townsley <townsley@cisco.com>,
Andrew Alston <andrew.alston@liquidtelecom.com>, Gert Doering <gert@space.net>,
Jordi Palet <jordi.palet@consulintel.es>, Jen Linkova <furry@google.com>, Luis Balbinot
lbalbinot@brdigital.com.br
•Advice to operators what size of IPv6 prefixes for
assigning them to customers to choos and how to
delegate them – statically or dynamically.
•Continuation of RIPE-554 and RIPE-631 series of
documents.

13. RIPE BCOP new ideas for documents:
•IPv6 deployment for small/medium ISP
•IP resources transfers
•Network complexity and correlation to
troubleshooting
•MANRS BCOP

14. LACNOG BCOP
BCOP-LAC is bootstrapping, URLs with more info to
follow.
Co-chairs: Luis Balbinot and Ariel Weher
Mailing list: https://mail.lacnic.net/mailman/listinfo/bcop

15. LacNOG BCOP documents in the works:
“LacNOG BCOP Development Process
document”
Contributors: Pedro R. Torres Jr., Luis Balbinot
•A development process is important for capture the
Best Current Operational Practices in
documentation format that is uniform and easy to
read.
•LacNOG BCOP TF decided to set the format and
procedure first and then start capturing the Best
Current Operational Practices into documents.

16. LacNOG BCOP documents in the works:
• Recomendações para Notificações de Incidentes de
Segurança
• Recomendaciones de como implementar o comenzar con
IPv6
• Cooperacion de operadores y CSIRT's, creacion de un
template para reportar incidentes.
• Recomendaciones básicas de seguridad para operadores de
red.
• Best Practices for IXP's
• Configuración básica de firewall para un host en varios
sistemas operativos.
• Mitigación de DDOS

17. North Amercas BCOP
Co-chairs: Aaron Hughes and Chris Grundemann
Charter and Members:
http://nanog.org/governance/bcop
Published BCOPs (ratified):
http://bcop.nanog.org/index.php/Ratified_BCOPs
Draft BCOPs (in progress):
http://bcop.nanog.org/index.php/BCOP_Drafts
Mailing List:
http://mailman.nanog.org/mailman/listinfo/bcop

18. NA BCOP documents in the works:
“Public Peering Exchange Participant”
Contributors: Shawn Hsiao, Erik Muller
•This BCOP aims to update current “Public Peering
Exchange" BCOP
• Add IXP route handling advice
• Remove information pertaining to the operation of an exchange into a
separate document, and re-focus the document toward exchange
participants
• Other updates as needed

19. NA BCOP documents in the works:
“eBGP Configuration”
Contributors: Bill Armstrong, Nina Bargisen, Brian Schleeper, Umair Arshad,
Mannan Venkatesan, Courtney Smith, Raghav Bhargava, Karsten Thomann
•This BCOP aims to provide a singular, consistent
view of industry standard eBGP interconnection
methodologies
•This BCOP will also document pre and post turn-up
validation practices and IRR Etiquette
•The primary focus of this BCOP is eBGP know-how

20. NA BCOP documents in the works:
“Ethernet OAM”
Contributors: Mark Calkins, Jean-Francois Levesque, Voitek Kozack
•This BCOP aims to provide general Ethernet OAM
Orientation and Guidelines that can be followed by
any network operator whom wants or needs to
utilize Ethernet OAM features.
•The primary focus is on a basic understanding of
EOAM technologies.

21. NA BCOP documents in the works:
“IPv6 Peering”
Contributors: Zaid Ali, Bill Blackford, Chris Grundemann, Aaron Hughes, Darius
Jahandarie, Jonathan Lassoff, Joe Provo, Ren Provo, Brandon Ross, Michael K.
Smith
•This BCOP aims to provide general IPv6 Peering
and Transit guidelines
•The primary focus is on understanding BGP
peering and filtering

22. JANOG BCOP group
Co-chairs: Seiichi Kawamura and Matsuzaki Yoshinobu
Document in the works:
- EBGP Best Practices
http://www.janog.gr.jp/doc/janog-comment/bcop-
ebgp.txt
-How to build, plan and run conference WiFi network
(URL not yet public)

23. Potential Topics for Additional BCOPs
http://www.internetsociety.org/deploy360/about/bcop/topics/
•How to test your network performance
•How to check your visibility from global Internet
•De-Aggregation: strict filtering /48s out of /32
•How are operators using IRR?
•IPv6 enterprise network renumbering scenarios,
considerations, and methods
•DNS Policies
•Email Policies
•ICMP Filtering
•… (we need more suggestions)

24. Next Steps
Where are we going from here?
•Continue to bootstrap new efforts as needed
•Develop new BCOP documents
• Lots of low-hanging fruit
•Review and update existing BCOP documents
•Start thinking & talking about Global coordination

25. BCOP Global Coordination meeting @IETF93
-First BCOP GC meeting was held in Prague during the
IETF93
-First discussion started on how to globally coordinate the
efforts

26. Get Involved Today!
Join this grass-roots effort at the ground floor!
•Contribute to an existing draft
•Offer ideas for new drafts
•Kick off a new document
•Start a local or regional BCOP effort
• Email deploy360@isoc.org for more information

27. www.internetsociety.org
mailto:<zorz@isoc.org>
Jan Žorž
Internet Society DO
team://www.internetsociety.org/deploy360/
Thank You!