Identificação de Políticas de Validação de Rotas no RPKI
Resumo
O BGP, protocolo de roteamento usado para interconectar redes na Internet, não suporta a autenticação de rotas, levando a vulnerabilidades como sequestros de prefixos e vazamentos de rotas. O RPKI é uma tecnologia em adoção que alivia esse problema, permitindo que os operadores especifiquem quais redes podem anunciar seus prefixos. Quantificar o impacto do RPKI na segurança de roteamento requer monitorar quais redes implementam validação de rotas usando o RPKI. Esse monitoramento é desafiador devido à visibilidade limitada sobre rotas na Internet e à opacidade de políticas de roteamento. Neste trabalho propomos um novo algoritmo que combina configurações de anúncios direcionadas para extrair informações mais detalhadas sobre decisões de roteamento com um processamento judicioso das observações para fazer inferências precisas sobre como uma rede utiliza o RPKI. Nossos experimentos na Internet revelam diferentes políticas de RPKI utilizadas na prática e apontam um aumento da adoção RPKI.Referências
Anwar, R., Niaz, H., Choffnes, D. R., Cunha, I., Gill, P., and KatzBassett, E. (2015). Investigating Interdomain Routing Policies in the Wild. In Proc. ACM IMC.
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor.
Feldmann, A., Maennel, O., Mao, Z. M., Berger, A., and Maggs, B. (2004). Locating Internet Routing Instabilities. In Proc. ACM SIGCOMM.
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., and Bush, R. (2023). RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes. In Proc. PAM.
Gilad, Y., Cohen, A., Herzberg, A., Schapira, M., and Shulman, H. (2017). Are We There Yet? On RPKI’s Deployment and Security. In Proc. ISOC NDSS.
Hlavacek, T., Herzberg, A., Shulman, H., and Waidner, M. (2018). Practical Experience: Methodologies for Measuring Route Origin Validation. In IEEE International Conf. on Dependable Systems and Networks.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022). Behind the Scenes of RPKI. In Proc. ACM SIGSAC Conf. on Computer and Communications Security.
Iamartino, D., Pelsser, C., and Bush, R. (2015). Measuring BGP Route Origin Registration and Validation. In Proc. PAM.
Li, W., Lin, Z., Ashiq, M. I., Aben, E., Fontugne, R., Phokeer, A., and Chung, T. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In Proc. ACM IMC.
Luckie, M., Huffaker, B., Claffy, K., Dhamdhere, A., and Giotsas, V. (2013). AS Relationships, Customer Cones, and Validation. In Proc. ACM IMC.
Marcos, P., Prehn, L., Leal, L., Dainotti, A., Feldmann, A., and Barcellos, M. (2020). AS-Path Prepending: There is no Rose Without a Thorn. In Proc. ACM IMC.
Quoitin, B., Pelsser, C., Swinnen, L., Bonaventure, O., and Uhlig, S. (2003). Interdomain Traffic Engineering with BGP. IEEE Communications Magazine, 41(5):122–128.
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T. C., and Wahlisch, M. (2018). Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering. SIGCOMM Comput. Commun. Rev., 48(1):19–27.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wahlisch, M. (2021). Revisiting RPKI Route Origin Validation on the Data Plane. In Proc. PAM.
Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. (2019). PEERING: Virtualizing BGP at the Edge for Research. In Proc. ACM CoNEXT.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. ACM IMC.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2020). To Filter or not to Filter: Measuring the Benefits of Registering in the RPKI Today. In Proc. PAM.
Villamizar, C., Chandra, R., and Govindan, R. (1998). RFC 2439: BGP Route Flap Damping. [link].
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor.
Feldmann, A., Maennel, O., Mao, Z. M., Berger, A., and Maggs, B. (2004). Locating Internet Routing Instabilities. In Proc. ACM SIGCOMM.
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., and Bush, R. (2023). RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes. In Proc. PAM.
Gilad, Y., Cohen, A., Herzberg, A., Schapira, M., and Shulman, H. (2017). Are We There Yet? On RPKI’s Deployment and Security. In Proc. ISOC NDSS.
Hlavacek, T., Herzberg, A., Shulman, H., and Waidner, M. (2018). Practical Experience: Methodologies for Measuring Route Origin Validation. In IEEE International Conf. on Dependable Systems and Networks.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022). Behind the Scenes of RPKI. In Proc. ACM SIGSAC Conf. on Computer and Communications Security.
Iamartino, D., Pelsser, C., and Bush, R. (2015). Measuring BGP Route Origin Registration and Validation. In Proc. PAM.
Li, W., Lin, Z., Ashiq, M. I., Aben, E., Fontugne, R., Phokeer, A., and Chung, T. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In Proc. ACM IMC.
Luckie, M., Huffaker, B., Claffy, K., Dhamdhere, A., and Giotsas, V. (2013). AS Relationships, Customer Cones, and Validation. In Proc. ACM IMC.
Marcos, P., Prehn, L., Leal, L., Dainotti, A., Feldmann, A., and Barcellos, M. (2020). AS-Path Prepending: There is no Rose Without a Thorn. In Proc. ACM IMC.
Quoitin, B., Pelsser, C., Swinnen, L., Bonaventure, O., and Uhlig, S. (2003). Interdomain Traffic Engineering with BGP. IEEE Communications Magazine, 41(5):122–128.
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T. C., and Wahlisch, M. (2018). Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering. SIGCOMM Comput. Commun. Rev., 48(1):19–27.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wahlisch, M. (2021). Revisiting RPKI Route Origin Validation on the Data Plane. In Proc. PAM.
Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. (2019). PEERING: Virtualizing BGP at the Edge for Research. In Proc. ACM CoNEXT.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. ACM IMC.
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2020). To Filter or not to Filter: Measuring the Benefits of Registering in the RPKI Today. In Proc. PAM.
Villamizar, C., Chandra, R., and Govindan, R. (1998). RFC 2439: BGP Route Flap Damping. [link].
Publicado
20/05/2024
Como Citar
MENDES, Marcel; OLIVEIRA, Leonardo; CUNHA, Ítalo; KATZ-BASSETT, Ethan.
Identificação de Políticas de Validação de Rotas no RPKI. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 910-923.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1496.