Action 1: Prevent propagation of incorrect routing information
We implement prefix filters by using bgpq3, which generates filters for our networks and customers' networks.We also filtered bogon ASNs, bogon prefixes, small prefixes (smaller than 24 [IPv4] or /48 [IPv6]), long AS path (longer than 100 AS numbers), and RPKI invalid route.Our import/export routes are controlled by using the BGP (large) community.We required our self and customers to maintain valid and up-to-date IRR objects (mnt, aut-num, as-set, route, route6...) in the RIR routing registry, RADB, or a RADB-mirrored IRR. Therefore, we are able to check the legitimacy of a route announced by us or a customer by using automatic tools (bgpq3 or self-implemented tools). Besides, we required our self and encourage our customers to add ROA (RPKI) to their own prefixes.LOA (Letter of Authorization) and WHOIS (IRR) verification process are also implemented for customers' prefixes.
Action 2: Prevent traffic with spoofed source IP addresses
We validate source IP addresses by implementing iptables rpfilter, Linux Kernel rp_filter, and Juniper rpf-check.We also run anti-spoofer checks using CAIDA Spoofer Software on an ongoing basis. At least two network segments with public IP addresses blocked spoofed packets, and the results appear in the CAIDA Spoofer Database.
Action 3: Facilitate global operational communication and coordination
We maintain the up-to-date PeeringDB entry and contact information of NOC, Abuse, and Peering in PeeringDB and Whois (RIR IRR).We actively check for any incoming email and incident. And reply when any action is needed.
Action 4: Facilitate validation of routing information on a global scale
We document our routing policy by maintaining AS numbers, AS-SET, IP prefixes routes objects (aut-num, as-set, route, route6) in the RIR routing registry, RADB, or a RADB-mirrored IRR. At least one or more "as-set" IRR objects are registered to be used by automatic tools to generate prefix filters.We require all IP prefixes of our own must create a valid Route Origination Authorization (ROAs).