BGP Route Security - Cycling to the Future!
The BGP routing protocol was designed to control traffic at interdomain routing level, but Its scalability and extensibility made it popular in other environments: …
| Talk Title | BGP Route Security - Cycling to the Future! |
| Speakers | Alexander Azimov, Yandex |
| Conference | NANOG76 |
| Conf Tag | |
| Location | Washington DC |
| Date | Jun 10 2019 - Jun 12 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | Talk Video |
The BGP routing protocol was designed to control traffic at interdomain routing level, but Its scalability and extensibility made it popular in other environments: FlowSpec, VPN, SD-WAN, and other technologies relies on underlying BGP transport. Unfortunately, this diversity of applications haven’t changed the BGP protocol itself – the protocol communications are built on trust, trust in good intentions of all parties, and the trust doesn’t scale that much. In recent years there was a growing hacker activity in BGP with confirmed redirection to the fishing sites, lost of credentials, etc. The community has very limited technical opportunity to fight this threat: most of the filtering measurements are limited to detection of mistakes, others are hardly deployable. During this report, I will provide an overview of previous security mechanisms that were designed to detect malicious routes in BGP and present a novel approach called Autonomous System Provider Authorization (ASPA) that can fill the gap and significantly limit opportunities for attackers.
