Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience

Subject: Internet2 Network Security SIG

List archive

[Security-WG] Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience


Chronological Thread 
  • From: "Montgomery, Douglas (Fed)" <>
  • To: "" <>
  • Subject: [Security-WG] Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  • Date: Tue, 27 Sep 2016 18:12:32 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:H9K/MxO7A2WZCLi8xFkl6mtUPXoX/o7sNwtQ0KIMzox0KP76rarrMEGX3/hxlliBBdydsK0UzbeN+Pm9EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760CQWUinbGUI1Y72tW92as8Pinfu/8IDJYhlZwSWySbJ0MBisqwjN7I8bjZYoYvIqxxDUuHpUaqFJyktpI06ehRDx+p328ZJ+pXd+ofUkooRlVqPmcKM9QKZJSHwKNH064MTw/VntQAfOrDNIXmILnR9gBQne8Ff1WYmn4XiyjfZ0xCTPZZ6+drszQzn3qv4zRQ==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
The slides and video from the operator’s oriented track we hosted at NANOG in June 2016.  URL to slides and video of the session is below, as is a copy-n-paste of the abstract.


Also if you would like to see a view of current RPKI deployment we run a monitor (as do many others) below.  You can explore the BGP Prefix/Origin Validation analysis to see how RPKI data compares to the current routing table, who the successful early adopters are and who’s use needs more work.   You can also look at the RPKI Repository Analysis views to see more about the raw RPKI data.


If you have questions or comments about either, just ask.

Abstract:

Malicious BGP route hi-jacks and and accidental mis-originations continue to threaten the security and robustness of the global Internet. Over the last several years the IETF, RIRs, router vendors, and researchers have developed and implemented an approach to BGP origin validation based upon a global resource public key infrastructure (RPKI) that permits operators anywhere in the Internet to detect unauthorized route announcements and implement local polices to mitigate (e.g., filter) these events. 

This track will examine the current state of RPKI Origin Validation (ROV) technologies: products, services, implementations, configurations, and tool sets that could be useful to operators in planning, deploying, and monitoring ROV use in their networks. Actual operational experiences with ROV deployment will be described as well as issues that need to be addressed to further operational deployment. 

1. RPKI Introduction 
Doug Montgomery / Sandy Murphy 
2, RPKI hosted services 
Mark Kosters, CTO ARIN 
3. RPKI Implementations 
Doug Montgomery / Sandy Murphy 
4. Router Vendor Implementations 
Cisco / Juniper / Alcatel Greg Hankins 
5. RPKI Test, Training, Monitoring, Management tools. 
Matthias Waelisch, Doug Montgomery, Sandy Murphy 
6. Deployment Experiences Panel 
JR Mayberry/Microsoft, Tony Tauber/Comcast, Thomas King/DE-CIX

— 
Doug Montgomery, Mgr Internet & Scalable Systems Research at  NIST/ITL/ANTD


  • [Security-WG] Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience, Montgomery, Douglas (Fed), 09/27/2016

Archive powered by MHonArc 2.6.19.

Top of Page