BGP is the protocol that governs how routers between ASs (autonomous systems) share their routes with one another. It’s a peculiar protocol in that no network administrator necessarily trusts their counterpart, but is forced to accept what is advertised in order to see beyond their own network. That said, improper BGP messages can lead to all sorts of network mayhem – one of the most significant examples is laid out in great detail by OmniNerd’s own twabulldogg in Did China Hijack 15% of the Internet: Routers, BGP and Ignorance. Some network engineers have gotten together to come up with various solutions to solve the problem when BGP advertisements are irregular or false. One solution involves PKI certificates to vouch for authenticity but this technique involves an architectural change … and the Internet is nothing but slow to adopt change (cough IPv6 cough). The engineers are proposing an idea called ROVER (Route Origin Verification) which utilizes DNS and its myriad of available records to store route information and secure them with DNSSEC. An advantage of this approach is the architecture is already in place. A test program can be found at ROVER.
Similarly tagged OmniNerd content:
* * item2.1
# # item2.1
Welcome! OmniNerd's content is generated by nerds like you. Learn more.