Skip to content

Securing BGP: A Case Study (6)

By Russ | 4 April 2016 | Comments Off on Securing BGP: A Case Study (6)

In my last post on securing BGP, I said— Here I’m going to discuss the problem of a centralized versus distributed database to carry the information needed to secure BGP. There are actually, again, two elements to this problem—a set of pure technical issues, and a set of more business related problems. The technical problems…

Rethinking BGP path validation (part 2)

By Russ | 24 March 2016 | Comments Off on Rethinking BGP path validation (part 2)

This is the second post in the two part series on BGP path validation over on the LinkedIn Engineering blog. We left off last time after having described the eight operational requirements that must be met for any system that reduces our reliance on transitive trust in relation to the AS Path. As a reminder,…

Securing BGP: A Case Study (5)

By Russ | 18 March 2016 | Comments Off on Securing BGP: A Case Study (5)

BGP provides reachability for the global ‘net, as well as being used in many private networks. As a system, BGP (ultimately) isn’t very secure. But how do we go about securing BGP? This series investigates the questions, constraints, and solutions any proposal to secure BGP must deal with as a case study of asking the…

Reaction: BGP convergence, divergence & the ‘net

By Russ | 8 March 2016 |

Let’s have a little talk about BGP convergence. We tend to make a number of assumptions about the Internet, and sometimes these assumptions don’t always stand up to critical analysis. . . . On the Internet anyone can communicate with anyone else – right? -via APNIC Geoff Huston’s recent article on the reality of Internet…

Securing BGP: A Case Study (4)

By Russ | 22 February 2016 | Comments Off on Securing BGP: A Case Study (4)

In part 1 of this series, I looked at the general problem of securing BGP, and ended by asking three questions. In part 2 and part 3, I considered the third question: what can we actually prove in a packet switched network. For this section, I want to return to the first question: Should we…

Rethinking Path Validation

By Russ | 17 February 2016 |

This is my talk on BGP security from the latest NANOG. Some of the questions I discuss in this talk, and some of the solutions, interact with the series I currently have running on BGP security here.

Securing BGP: A Case Study (3)

By Russ | 15 February 2016 | Comments Off on Securing BGP: A Case Study (3)

To recap (or rather, as they used to say in old television shows, “last time on ‘net Work…”), this series is looking at BGP security as an exercise (or case study) in understanding how to approach engineering problems. We started this series by asking three questions, the third of which was: What is it we…

Securing BGP: A Case Study (2)

By Russ | 1 February 2016 |

In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually prove in a packet switched network? This is the first question I want dive in too—this is a deep dive,…

Securing BGP: A Case Study (1)

By Russ | 25 January 2016 |

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? In this network—in any collection of BGP autonomous systems—there are three sorts of problems that can occur at the AS level. For the purposes of this explanation, assume AS65000 is advertising 2001:db8:0:1::/64. While…

Scroll To Top