Identification of Route Validation Policies in RPKI
Abstract
BGP, the routing protocol used to interconnect networks in the Internet, lacks the ability to authenticate routes, leading to vulnerabilities like prefix hijacks and route leaks. RPKI is a growing technology that alleviates this problem by allowing operators to specify which networks can announce their prefixes. Quantifying RPKI’s impact on routing security requires monitoring which networks deploy RPKI route validation. This monitoring is challenging due to limited route visibility and opaque routing policies. In this work we propose a new algorithm that combines targeted announcement configurations to extract more detailed information about a network’s routing decisions with careful reasoning to make precise inferences about how a network uses the RPKI. Our experiments on the Internet unveils different RPKI policies, and indicates that RPKI adoption is increasing.References
Anwar, R., Niaz, H., Choffnes, D. R., Cunha, I., Gill, P., and KatzBassett, E. (2015). Investigating Interdomain Routing Policies in the Wild. In Proc. ACM IMC.
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor.
Feldmann, A., Maennel, O., Mao, Z. M., Berger, A., and Maggs, B. (2004). Locating Internet Routing Instabilities. In Proc. ACM SIGCOMM.
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., and Bush, R. (2023). RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes. In Proc. PAM.
Gilad, Y., Cohen, A., Herzberg, A., Schapira, M., and Shulman, H. (2017). Are We There Yet? On RPKI’s Deployment and Security. In Proc. ISOC NDSS.
Hlavacek, T., Herzberg, A., Shulman, H., and Waidner, M. (2018). Practical Experience: Methodologies for Measuring Route Origin Validation. In IEEE International Conf. on Dependable Systems and Networks.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022). Behind the Scenes of RPKI. In Proc. ACM SIGSAC Conf. on Computer and Communications Security.
Iamartino, D., Pelsser, C., and Bush, R. (2015). Measuring BGP Route Origin Registration and Validation. In Proc. PAM.
Li, W., Lin, Z., Ashiq, M. I., Aben, E., Fontugne, R., Phokeer, A., and Chung, T. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In Proc. ACM IMC.
Luckie, M., Huffaker, B., Claffy, K., Dhamdhere, A., and Giotsas, V. (2013). AS Relationships, Customer Cones, and Validation. In Proc. ACM IMC.
Marcos, P., Prehn, L., Leal, L., Dainotti, A., Feldmann, A., and Barcellos, M. (2020). AS-Path Prepending: There is no Rose Without a Thorn. In Proc. ACM IMC.
Quoitin, B., Pelsser, C., Swinnen, L., Bonaventure, O., and Uhlig, S. (2003). Interdomain Traffic Engineering with BGP. IEEE Communications Magazine, 41(5):122–128.
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T. C., and Wahlisch, M. (2018). Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering. SIGCOMM Comput. Commun. Rev., 48(1):19–27.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wahlisch, M. (2021). Revisiting RPKI Route Origin Validation on the Data Plane. In Proc. PAM.
Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. (2019). PEERING: Virtualizing BGP at the Edge for Research. In Proc. ACM CoNEXT.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. ACM IMC.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2020). To Filter or not to Filter: Measuring the Benefits of Registering in the RPKI Today. In Proc. PAM.
Villamizar, C., Chandra, R., and Govindan, R. (1998). RFC 2439: BGP Route Flap Damping. [link].
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor.
Feldmann, A., Maennel, O., Mao, Z. M., Berger, A., and Maggs, B. (2004). Locating Internet Routing Instabilities. In Proc. ACM SIGCOMM.
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., and Bush, R. (2023). RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes. In Proc. PAM.
Gilad, Y., Cohen, A., Herzberg, A., Schapira, M., and Shulman, H. (2017). Are We There Yet? On RPKI’s Deployment and Security. In Proc. ISOC NDSS.
Hlavacek, T., Herzberg, A., Shulman, H., and Waidner, M. (2018). Practical Experience: Methodologies for Measuring Route Origin Validation. In IEEE International Conf. on Dependable Systems and Networks.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022). Behind the Scenes of RPKI. In Proc. ACM SIGSAC Conf. on Computer and Communications Security.
Iamartino, D., Pelsser, C., and Bush, R. (2015). Measuring BGP Route Origin Registration and Validation. In Proc. PAM.
Li, W., Lin, Z., Ashiq, M. I., Aben, E., Fontugne, R., Phokeer, A., and Chung, T. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In Proc. ACM IMC.
Luckie, M., Huffaker, B., Claffy, K., Dhamdhere, A., and Giotsas, V. (2013). AS Relationships, Customer Cones, and Validation. In Proc. ACM IMC.
Marcos, P., Prehn, L., Leal, L., Dainotti, A., Feldmann, A., and Barcellos, M. (2020). AS-Path Prepending: There is no Rose Without a Thorn. In Proc. ACM IMC.
Quoitin, B., Pelsser, C., Swinnen, L., Bonaventure, O., and Uhlig, S. (2003). Interdomain Traffic Engineering with BGP. IEEE Communications Magazine, 41(5):122–128.
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T. C., and Wahlisch, M. (2018). Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering. SIGCOMM Comput. Commun. Rev., 48(1):19–27.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wahlisch, M. (2021). Revisiting RPKI Route Origin Validation on the Data Plane. In Proc. PAM.
Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. (2019). PEERING: Virtualizing BGP at the Edge for Research. In Proc. ACM CoNEXT.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. ACM IMC.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2020). To Filter or not to Filter: Measuring the Benefits of Registering in the RPKI Today. In Proc. PAM.
Villamizar, C., Chandra, R., and Govindan, R. (1998). RFC 2439: BGP Route Flap Damping. [link].
Published
2024-05-20
How to Cite
MENDES, Marcel; OLIVEIRA, Leonardo; CUNHA, Ítalo; KATZ-BASSETT, Ethan.
Identification of Route Validation Policies in RPKI. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 910-923.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1496.
