BCPs now cost firms real money per minute
By February 2026, the BCP series hit 245 entries. It has outgrown its original mandate. The IETF now blurs the line between recording current reality and prescribing aspirational futures. Readers need to dissect the distinct role BCPs play within the standards system, analyze the governance mechanics behind their approval, and examine the strategic shift from static records to proactive operational guidance.
Traditionally, BCP documents offered neutral, implementation-focused advice for networks ranging from home setups to global infrastructure. They carried significant normative weight similar to STD designations. APNIC data highlights a "subtle shift" where these documents now increasingly advocate for behaviors not yet widely deployed. This tension is explicitly visible in recent DNSOP Working Group debates over IPv6 provisioning. (APNIC's podcast what does bcp really mean) This evolution challenges the fundamental premise that a "best" practice must first be a "current".
The stakes extend beyond semantic quibbles. As Geoff Huston notes in the latest PING podcast, conflating advocacy with specification risks undermining the interoperability that RFC publications guarantee. When IESG approvals begin validating theoretical ideals rather than proven deployments, the IETF risks issuing mandates that function more as wish lists than engineering constraints. Understanding this divergence is critical for operators who rely on these documents for procurement and regulatory compliance. You must distinguish between what works today and what the community hopes will work tomorrow.
The Distinct Role of BCPs Within the IETF Standards System
BCP Series Origins and the RFC 1818 Designation
RFC 1818 established the Best Current Practice series in August 1995 to document stable operational consensus. This designation separates implementation guidance from general information by enforcing a rigorous review process similar to Proposed Standards. Unlike Informational RFCs, which enter the archive without peer verification, BCP candidates face submission to the Internet Engineering Steering Group and a mandatory last call announcement. The distinction matters because operators treat BCPs as de facto standards for interoperable choices across global infrastructure. While Informational RFCs serve as optional reading, BCPs undergo scrutiny that validates their neutral applicability to diverse network scales.
Codifying operational focus} for new systems like RPKI publication servers demands significant investment in hardware and personnel time without subsidized pricing. Implementation costs fall entirely on individual organizations adopting these standards. Small networks face disproportionate burdens compared to large carriers when deploying complex security infrastructure mandated by evolving BCPs. Aspirational documents may describe behaviours not yet widely deployed, creating gaps between specification and reality.
| Network Scale | Deployment Constraint | BCP Relevance |
|---|---|---|
| Home | Limited hardware resources | Basic configuration templates |
| Enterprise | Staff expertise gaps | Detailed operational procedures |
| National | Regulatory compliance needs | Mandatory interoperability clauses |
Operators must distinguish between advocating for new paths and specifying current best choices for system behaviour. The cost of misalignment includes broken interoperability and failed audits during vendor assessments. Best Current Practice documents carry procurement weight because IESG review validates interoperable choices for production networks. Informational RFCs lack this peer verification, rendering them unsuitable for binding service specifications or regulatory compliance mandates. The rigorous approval workflow distinguishes BCPs from general publications by enforcing a last call announcement that confirms operational consensus before issuance.
| Document Type | Review Rigor | Procurement Validity | Operational Intent |
|---|---|---|---|
| BCP | High (IESG + Last Call) | Binding Reference | Interoperable Deployment |
| Informational RFCs | None | Advisory Only | General Context |
| Experimental RFC | Variable | Non-Binding | Trial Implementation |
Software developers and hardware manufacturers voluntarily implement these guidelines to avoid vendor lock-in rather than following proprietary mandates. This voluntary adoption model relies on the trust established through the RFC Editor publication chain. Aspirational BCPs describing non-deployed behaviors risk diluting the trust operators place in the designation. Procurement officers referencing an aspirational BCP may inadvertently mandate unproven technologies, creating deployment friction absent in established practice documents. The distinction determines whether a specification drives market standardization or remains an academic exercise.
IESG Scrutiny and the Normative Weight of BCPs
The Internet Engineering Steering Group elevates documents through mandatory submission and a "last call" announcement before granting BCP status. This procedural gatekeeping transforms general information into normative weight, distinguishing these guidelines from Informational RFCs that lack peer review. Operators treating procurement frameworks as binding references must recognize that only BCPs survive this rigorous validation workflow. The approval path delays publication while ensuring documented practices reflect actual operational consensus rather than theoretical ideals.
| Attribute | BCP Status | Informational RFC |
|---|---|---|
| Peer Review | Mandatory | None |
| IESG Approval | Required | Not Required |
| Regulatory Use | Valid Reference | Explicitly Excluded |
| Process Significance | High | Low |
A specific limitation arises when BCPs reference lower-maturity specifications, a conflict resolved only by the note and move on procedure set in BCP 97. This exception allows normative guidance to cite evolving protocols without stalling the entire document series. However, relying on such exceptions introduces fragility if the underlying lower-level specification fails to reach stability. Network architects designing long-term infrastructure face ambiguity when documents oscillate between documenting established practice and guiding future deployment.
National procurement mandates frequently cite BCP documents while explicitly excluding Experimental RFCs from binding service specifications. Regulatory bodies treat the rigorous review process behind BCP status as a validation filter that Informational publications lack. This distinction creates a hard boundary where only vetted practices enter legal contracts or government tenders. Experimental RFCs carry disclaimers preventing such normative use, leaving operators unable to cite them for compliance.
The financial burden of adherence falls entirely on the implementing organization rather than the standards body. Deploying RPKI solutions requires purchasing hardware and licensing software tools like krill-sync without subsidized pricing from the IETF. Personnel hours spent auditing BGP configurations represent a hidden operational tax levied by these best practices. No publication fees exist for the documents themselves, yet the total cost of compliance remains significant.
| Document Class | Regulatory Suitability | Implementation Cost Model |
|---|---|---|
| BCP | Binding Reference | Operator-funded |
| Experimental RFC | Explicitly Excluded | Variable / Research |
| Informational RFC | Advisory Only | Optional |
Operators must distinguish between a documented ideal and a deployable reality when responding to such mandates. Failure to validate the normative weight of a cited RFC risks non-compliance penalties during audit phases.
Cost-Free BCP Publication Versus Fee-Based Standards Bodies
Zero publication fees distinguish IETF BCPs from proprietary bodies charging for specification access. The IETF levies no submission costs or licensing charges for document creation, relying instead on voluntary community participation. This funding model ensures immediate accessibility via HTTP or FTP without transactional barriers. Proprietary standards organizations often restrict behind paywalls, limiting adoption among smaller operators unable to afford entry fees.
| Feature | IETF BCP Model | Fee-Based Bodies |
|---|---|---|
| Access Cost | Free | Paid Subscription |
| Funding Source | Voluntary Labor | Document Sales |
| Review Rigor | IESG Scrutiny | Internal Committee |
| Enforcement | Operational Consensus | Contractual Mandate |
Implementation expenses shift entirely to the adopting organization rather than the standards body. Deploying RPKI publication servers demands capital for hardware and tools like krill-sync, with no subsidized pricing available. Personnel time constitutes the primary operational cost, consuming resources that fee-based models might partially offset through support contracts. Unlike regulatory mandates, these documents function as non-committal suggestions lacking direct enforcement capabilities.
The absence of direct revenue creates a dependency on sustained volunteer engagement for process continuity. A decline in community participation threatens the review velocity more severely than in funded entities with retained staff. Operators gain free access to high-quality guidance but assume full liability for validation and deployment risks. This trade-off favors agile networks capable of internal engineering over those requiring turnkey compliance solutions.
Aspirational BCPs Versus Established Operational Practice
A recognized subtle shift now treats BCPs as aspirational guides describing behaviors not yet widely deployed. This perspective contrasts sharply with the historical view where documents strictly recorded established, operational practice verified by extensive field use. The tension creates ambiguity for operators determining if a guideline represents current consensus or future advocacy.
| Dimension | Traditional BCP | Aspirational BCP |
|---|---|---|
| Deployment State | Widely Deployed | Rarely Deployed |
| Primary Goal | Document Stability | Shape Future Behavior |
| Risk Profile | Low (Proven) | High (Unverified) |
| Validation Source | Operator Consensus | Theoretical Design |
The cost of compliance remains indirect and operational, consuming labor hours to audit setups without direct transactional fees to the standards body php/2014/12/08/best-practices-in-operating-a-secure-routing-environment/). This financial burden falls entirely on the implementing organization rather than the IETF. Distinguishing between advocating a new path and specifying current best choices becomes critical when DNSOP or the IESG reviews draft status. Documents guiding future practice lack the stability guarantees of those reflecting mature infrastructure. Operators referencing aspirational guidelines in procurement contracts face potential interoperability failures if the described behaviors never achieve market penetration. The DNS Directorate must therefore clarify intent to prevent confusion between experimental recommendations and mandatory operational baselines.
Meanwhile, the DNS/IPv6 draft exposes a functional conflict where the DNSOP Working Group debates publishing guidance for unproven network behaviors. This tension forces the DNS Directorate to evaluate whether a document describes stable reality or advocates for a theoretical future state. The Internet Engineering Steering Group must then decide if such aspirational content warrants the normative weight of a BCP designation.
Operators relying on these documents face ambiguity when a subtle shift changes the term "best" to include non-existent practices. Procurement teams cannot mandate compliance with behaviors that lack established, operational practice. Advocacy for new paths differs fundamentally from specifying current system behavior, yet the BCP label obscures this distinction. If the IESG approves aspirational drafts as BCPs, the resulting specifications may drive fragmented deployments rather than unifying the system. The cost of this confusion is measurable in delayed vendor support and inconsistent network configurations across autonomous systems.
Traditional BCPs demand neutrality across operational contexts, yet emerging drafts now advocate for unproven behaviors. Operators historically consulted these records to verify established, operational practice before deploying changes in production environments. The new aspirational model describes protocols with minimal field exposure, forcing network engineers to guess stability levels.
Conflicts arise when the DNSOP Working Group proposes standards lacking real-world validation data. The DNS Directorate faces difficulty distinguishing between necessary evolution and premature advocacy within submitted drafts. Final approval rests with the Internet Engineering Steering Group, which must weigh normative weight against experimental uncertainty.
Blind adherence to non-deployed guidelines introduces high implementation variance that destabilizes peering sessions. The cost of this ambiguity is measurable in increased troubleshooting hours during early rollout phases. Neutrality ensures compatibility, whereas advocacy risks fragmenting the global routing table with incompatible configurations.
Practical Frameworks for Interpreting BCPs in Network Deployment Scenarios
Application: Normative Weight of BCPs in Regulatory Frameworks
Regulators cite BCPs in national mandates because the IESG review process filters out unverified proposals, creating a defensible baseline for compliance audits. Unlike Informational RFCs which lack peer scrutiny, BCPs undergo a rigorous "last call" that validates technical consensus before publication. This procedural distinction grants BCPs normative weight in procurement contracts despite having no inherent legal binding force.
Money never changes hands during document creation since no fees are levied by the IETF. Operator labor hours absorb the entire cost burden instead. Compliance demands manual configuration audits rather than purchasing proprietary specifications. An indirect operational expense emerges from this free documentation model.
Regulators treating aspirational BCPs as mandatory requirements for behaviors not yet deployed in production generate a critical tension. Network engineers must implement unproven protocols to satisfy legal checklists. Stability risks appear that traditional operational guidance normally excludes.
Procurement officers must map vendor claims to the two maturity levels set in the current BCP 9 standard to avoid purchasing Draft Standard-era technology. The original RFC 2026 process utilized three tiers, including a Draft Standard category that often confused buyers regarding deployment readiness. Eliminating this middle tier simplified the procedural simplification of the standards track, leaving only Proposed Standard and Internet Standard as valid benchmarks for production contracts. Vendors citing Draft Standard compliance reference an obsolete classification removed over two decades.
| RFC Era | Maturity Tiers | Procurement Risk |
|---|---|---|
| Pre-2011 | Proposed, Draft, Internet | High ambiguity on stability |
| Post-2011 | Proposed, Internet | Clear binary readiness signal |
Operators treating BCPs as purely aspirational guides risk deploying unproven features that lack field consensus. Voluntary adoption by hardware manufacturers does not guarantee interoperability without rigorous IESG review. The cost of compliance shifts entirely to internal labor hours when free documentation masks complex implementation requirements. Procurement teams should demand evidence of widespread deployment rather than accepting theoretical protocol support as a deliverable. Purchasing decisions require proof of stability. Theoretical support fails as a deliverable.
Deployment Risks of Aspirational BCP Behaviors
Treating unproven DNS/IPv6 drafts as mandatory standards introduces high deployment variance before field consensus exists. This subtle shift changes documents from records of established, operational practice into proactive instruments that shape future infrastructure behavior. Operators deploying these aspirational guidelines face undefined failure modes because the specified behaviors lack widespread production exposure. The financial barrier to entry remains zero since no fees are levied by the IETF for creation, yet the indirect cost of compliance consumes significant engineering labor hours.
| Risk Factor | Static Record BCP | Aspirational Guide BCP |
|---|---|---|
| Evidence Base | Field-Deployed Consensus | Theoretical Models |
| Adoption Rate | Near-Universal | Minimal to Zero |
| Operational Friction | Low | High |
Regulators citing these emerging documents in national mandates create a compliance gap where vendors cannot meet specifications with stable technology. The DNSOP Working Group debates whether to document current reality or advocate for untested paths, leaving network architects without a definitive baseline. InterLIR advises auditing all procurement requirements against actual deployment data rather than accepting aspirational BCP designations as production-ready mandates. Legal checklists drive unstable implementations. Field data must override theory.
About
Alexander Timokhin, CEO of InterLIR, brings critical industry perspective to the evolving definition of Best Current Practice (BCP). As the leader of a specialized IPv4 address marketplace, Timokhin navigates the complex intersection of IETF standards and real-world resource scarcity daily. His expertise in IT infrastructure and public policy directly informs his analysis of how BCP documents impact network availability and address redistribution. While the article highlights Geoff Huston's insights on DNS provisioning and protocol standards, Timokhin connects these theoretical frameworks to the practical challenges faced by organizations securing clean IP resources. At InterLIR, ensuring security through valid BGP and route objects requires strict adherence to current operational norms. This deep engagement with global addressing policies makes Timokhin uniquely qualified to discuss the implications of shifting IETF interpretations on the broader internet system.
Conclusion
Scaling aspirational Best Current Practices inevitably fractures operational stability when theoretical models collide with the messy reality of heterogeneous networks. The hidden tax here is not financial but temporal, as engineering teams burn weeks debugging undefined failure modes in protocols that lack production-hardened consensus. Compliance driven by legal checklists rather than field data creates fragile infrastructure that buckles under real-world load, turning procurement mandates into sources of technical debt. Organizations must stop treating draft documents as immutable law and start demanding proof of widespread, stable deployment before integrating new standards into core architecture.
Adopt a strict moratorium on implementing any BCP labeled "aspirational" or lacking three years of diverse vendor adoption data until your specific use case faces a documented security crisis that only that protocol solves. Delay integration of unproven DNS or IPv6 extensions until they transition from working group debates to verified operational norms. This approach protects your service level agreements from the volatility of experimental specifications while allowing time for the community to resolve edge cases. Start by auditing your current procurement requirements this week to flag any mandates citing documents without established deployment metrics, then immediately pause those specific implementations pending a field-readiness review. Only evidence of stability should dictate your network evolution, not the theoretical elegance of a recent draft.
Frequently Asked Questions
The IETF charges zero dollars for creating or publishing Best Current Practice documents. This free process relies entirely on the voluntary participation of the global technical community rather than any submission fees.
The third-party rfc-archive.org domain lists a lease-to-own option instead of a free official archive. This commercial alternative infrastructure represents a specific cost of four thousand five hundred dollars.
The BCP series reached two hundred forty-five published entries by February 2026. This volume suggests the collection has significantly outgrown its initial goal of documenting only established operational consensus.
RFC 1818 officially established the Best Current Practice series in August 1995. This designation was created to document stable operational consensus separately from general informational publications within the ecosystem.
The Internet Engineering Steering Group manages final document review and grants status approval. This body ensures documents undergo rigorous scrutiny before becoming RFCs with significant normative weight for operators.
