BGP best path selection modifications: Various validation systems, how they work and how they should work
As we look to the future of prefix validation we see two sets of useful information: Prefix set to AS validation and Path validation, however, both are somewhat ch …
Talk Title | BGP best path selection modifications: Various validation systems, how they work and how they should work |
Speakers | Aaron Hughes (6connect) |
Conference | NANOG69 |
Conf Tag | |
Location | Washington, D.C. |
Date | Feb 6 2017 - Feb 8 2017 |
URL | Talk Page |
Slides | Talk Slides |
Video | Talk Video |
As we look to the future of prefix validation we see two sets of useful information: Prefix set to AS validation and Path validation, however, both are somewhat challenging to implement. This talk proposes adding a third, far more simplified level of attesting your prefixes in BGP. Validation array v(v,v) -> v(v,v,v) With two points, we can say either PATH or ROA validation are good, but both are better. I would propose that something like, but not necessarily, POC validation via clicking a link (or something like that) could become the new bronze level. There are 3 massive benefits gained by implementing something like this. 1 - Prevents hijacking without the hassle of RPKI implementation. 2 - Makes the unknown lists of prefixes easy to identify in the BGP table. 3 - Creates a valid, known contact for all who participate in very basic attestation. There are two basic questions we need to answer as a community:
- Do we want something like this, a low level, easy to implement validation system?
- If so, where does it live? (RIRs, IANA, something entirely different)