Archive for August, 2014

Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange

August 22, 2014 at 05:36 · Filed under IETF, Routers & Routing

Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, Randy Bush. Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange Poster at HotSDN 2014.

Over a decade of work has gone into securing the BGP routing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based control plane validation. OpenFlow switches providing an exchange fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.

Comments off

RFC 7353 Security Requirements for BGP Path Validation

August 22, 2014 at 00:58 · Filed under IETF, Routers & Routing

RFC 7353

Title: Security Requirements for BGP Path
Validation
Author: S. Bellovin, R. Bush, D. Ward
Status: Informational
Stream: IETF
Date: August 2014
Mailbox: bellovin@acm.org,
randy@psg.com,
dward@cisco.com
Pages: 9
Characters: 18148
Updates/Obsoletes/SeeAlso: None

I-D Tag: draft-ietf-sidr-bgpsec-reqs-12.txt

URL: https://www.rfc-editor.org/rfc/rfc7353.txt

This document describes requirements for a BGP security protocol
design to provide cryptographic assurance that the origin Autonomous
System (AS) has the right to announce the prefix and to provide
assurance of the AS Path of the announcement.

Comments off