giovedì 5 marzo 2020

BGP RPKI: instructions for use (English Version)

As announced recently, “On March 25th, 2020, NTT GIN will deploy BGP routing policies which reject RPKI Invalid BGP route announcements on all AS 2914 EBGP sessions. This change will positively impact the Internet routing system.

NTT GIN will therefore join the “reject Invalids” club which has, among its members with dimensions comparable to NTT GIN, AT&T (AS 7018), Cloudflare (AS 13335), Cogent (AS 174), KPN (AS 286), PCCW (AS 3491), Tata (AS 6453), Telia (AS 1299). Many others are doing plans to join the club (see for instance this link).

Given the positive impact that the BGP RPKI architecture is having to improve Internet Routing Security, my friend Flavio Luciani, Chief Innovation Officer of NaMeX, and I (Tiziano Tofoni, a.k.a Admiral Tofonoto), have written in this blog three posts trying to shed some light on the theoretical and practical aspects.

To spread the BGP RPKI culture and stimulate more and more ISPs to implement it in their production networks, hoping to do something useful for our loyal readers, we have decided to combine the three posts in a single article, this time in English.

The final document can be downloaded at this link.

Have a nice reading and, should you need some advise to deploy BGP RPKI in your production network, please do not hesitate to get in touch.

Flavio and Tiziano

P.S. Special thanks to the NaMeX guys Maurizio Goretti (CEO), Francesco Ferreri (CTO) and Luca Davoli (CCO) for their support to the project and Nathalie Kunneke-Trenaman for reviewing the paper and helpful suggestions.

1 commento:

  1. Thank you for this effort. Highly appreciate it. NIST (USA) has developed a security guidance document which includes recommendations for BGP security (RPKI, ROA, origin validation) amongst other topics. Some users may find it useful as an additional reference.
    “Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation”