BGP Security: A Gentle Reminder that Networking is Business

24 September 2018 | 1 Comment

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security—specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for… 20 years? … at this…

Research: Are We There Yet? RPKI Deployment Considered

13 August 2018 | Comments Off on Research: Are We There Yet? RPKI Deployment Considered

The Resource Public Key Infrastructure (RPKI) system is designed to prevent hijacking of routes at their origin AS. If you don’t know how this system works (and it is likely you don’t, because there are only a few deployments in the world), you can review the way the system works by reading through this post…

History of Networking: BGP Security

15 May 2018 | Comments Off on History of Networking: BGP Security

RIPE NCC: The Future of BGP Security

8 May 2018 | Comments Off on RIPE NCC: The Future of BGP Security

I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.

Network Collective: Securing BGP

27 February 2018 | Comments Off on Network Collective: Securing BGP

Yet another protocol episode over at the Network Collective. This time, Nick, Jordan, Eyvonne and I talk about BGP security.

BGPsec and Reality

23 October 2017 | 2 Comments

From time to time, someone publishes a new blog post lauding the wonderfulness of BGPsec, such as this one over at the Internet Society. In return, I sometimes feel like I am a broken record discussing the problems with the basic idea of BGPsec—while it can solve some problems, it creates a lot of new…

On the ‘net: BGP Security, LACNOG 26

29 November 2016 | Comments Off on On the ‘net: BGP Security, LACNOG 26

BGP security: where we are now, where we are going, as presented at LACNOG 26 in November of 2016.

Securing BGP: A Case Study

13 May 2016 | Comments Off on Securing BGP: A Case Study

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? This series of posts walks through a wide range of technical and business problems to create a solid set of requirements against which to measure proposed solutions for securing BGP in the global…

Securing BGP: A Case Study (10)

9 May 2016 | 1 Comment

The next proposed (and actually already partially operational) system on our list is the Router Public Key Infrastructure (RPKI) system, which is described in RFC7115 (and a host of additional drafts and RFCs). The RPKI systems is focused on solving a single solution: validating that the originating AS is authorized to originate a particular prefix.…

Securing BGP: A Case Study (9)

2 May 2016 | Comments Off on Securing BGP: A Case Study (9)

There are a number of systems that have been proposed to validate (or secure) the path in BGP. To finish off this series on BGP as a case study, I only want to look at three of them. At some point in the future, I will probably write a couple of posts on what actually…