8. Security Considerations

Procedures and protocol extensions defined in this document do not

affect the BGP security model. See the Security Considerations

section of [RFC4271] for a discussion of BGP security. Also refer to

[RFC4272] and [RFC6952] for analysis of security issues for BGP.

In the context of the BGP peerings associated with this document, a

BGP speaker MUST NOT accept updates from a consumer peer. That is, a

participating BGP speaker should be aware of the nature of its

relationships for link-state relationships and should protect itself

from peers sending updates that either represent erroneous

information feedback loops or are false input. Such protection can

be achieved by manual configuration of consumer peers at the BGP

speaker.

An operator SHOULD employ a mechanism to protect a BGP speaker

against DDoS attacks from consumers. The principal attack a consumer

may apply is to attempt to start multiple sessions either

sequentially or simultaneously. Protection can be applied by

imposing rate limits.

Additionally, it may be considered that the export of link-state and

TE information as described in this document constitutes a risk to

confidentiality of mission-critical or commercially sensitive

information about the network. BGP peerings are not automatic and

require configuration; thus, it is the responsibility of the network

operator to ensure that only trusted consumers are configured to

receive such information.

8. Security Considerations​