Securing BGP: A Case Study (4)

22 February 2016 | Comments Off on Securing BGP: A Case Study (4)

In part 1 of this series, I looked at the general problem of securing BGP, and ended by asking three questions. In part 2 and part 3, I considered the third question: what can we actually prove in a packet switched network. For this section, I want to return to the first question: Should we…

Rethinking Path Validation

17 February 2016 |

This is my talk on BGP security from the latest NANOG. Some of the questions I discuss in this talk, and some of the solutions, interact with the series I currently have running on BGP security here.

Securing BGP: A Case Study (3)

15 February 2016 | Comments Off on Securing BGP: A Case Study (3)

To recap (or rather, as they used to say in old television shows, “last time on ‘net Work…”), this series is looking at BGP security as an exercise (or case study) in understanding how to approach engineering problems. We started this series by asking three questions, the third of which was: What is it we…

Securing BGP: A Case Study (2)

1 February 2016 |

In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually prove in a packet switched network? This is the first question I want dive in too—this is a deep dive,…

Securing BGP: A Case Study (1)

25 January 2016 |

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? In this network—in any collection of BGP autonomous systems—there are three sorts of problems that can occur at the AS level. For the purposes of this explanation, assume AS65000 is advertising 2001:db8:0:1::/64. While…