Lightning Talk: BGP Transport Security - Do You Care?
How many of you use MD5 for BGP sessions? And for what purpose? Isnt MD5 authentication really just a longer form of peer identifier to avoid accidentally estab …
| Talk Title | Lightning Talk: BGP Transport Security - Do You Care? |
| Speakers | Ignas Bagdonas, Equinix |
| Conference | NANOG73 |
| Conf Tag | |
| Location | Denver, CO |
| Date | Jun 25 2018 - Jun 27 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | Talk Video |
How many of you use MD5 for BGP sessions? And for what purpose? Isn’t MD5 authentication really just a longer form of peer identifier – to avoid accidentally establishing a session with a wrong peer? Does MD5 help in preventing route leaks and hijacks? Does your network allow access to internal BGP speaking nodes from outside of the perimeter? How do you distribute MD5 secrets to your peers? How do you change MD5 secrets without tearing down the BGP session? TCP Authentication Option has been around for a while. Is anyone aware of TCP-AO? Do any major vendors implement it? Does anyone care? Why not to run BGP over TLS? Or BGP over IPsec? Or BGP over QUIC? Or why not invent a new secure transport for BGP? Sure, that sounds to be a lot of fun, let’s do that. Control plane security has been a special kind of security for a long time. Indeed there are speciality aspects to it as of the layers above relying significantly on the proper operation of the control plane, and often transports used for control planes are not too common ones. IETF has been working on control plane security for a noticeable period of time, there was a dedicated KARP working group and protocol-specific working groups had their individual initiatives on security aspects. However the world still uses MD5 for BGP. KARP WG got shutdown after a long struggle to produce anything. Is this the question of education, or the lack of it to be precise? Is the problem of peer authentication solved in some other way? Is there a problem at all? Do we need to spend time on spreading the word on what control plane security is and why it is important? Is there a problem at all – given sufficient network operational hygiene and proper network design, do we need control plane security as a separate entity as such? Is there a need for having inbuilt transport security mechanisms into BGP protocol itself?
