February 28, 2020

222 words 2 mins read

BGP Route Security - Cycling to the Future!

BGP Route Security - Cycling to the Future!

The BGP routing protocol was designed to control traffic at interdomain routing level, but Its scalability and extensibility made it popular in other environments: …

Talk Title BGP Route Security - Cycling to the Future!
Speakers Alexander Azimov, Yandex
Conference NANOG76
Conf Tag
Location Washington DC
Date Jun 10 2019 - Jun 12 2019
URL Talk Page
Slides Talk Slides
Video Talk Video

The BGP routing protocol was designed to control traffic at interdomain routing level, but Its scalability and extensibility made it popular in other environments: FlowSpec, VPN, SD-WAN, and other technologies relies on underlying BGP transport. Unfortunately, this diversity of applications haven’t changed the BGP protocol itself – the protocol communications are built on trust, trust in good intentions of all parties, and the trust doesn’t scale that much. In recent years there was a growing hacker activity in BGP with confirmed redirection to the fishing sites, lost of credentials, etc. The community has very limited technical opportunity to fight this threat: most of the filtering measurements are limited to detection of mistakes, others are hardly deployable. During this report, I will provide an overview of previous security mechanisms that were designed to detect malicious routes in BGP and present a novel approach called Autonomous System Provider Authorization (ASPA) that can fill the gap and significantly limit opportunities for attackers.

comments powered by Disqus