Internet2 Network Security SIG

["Montgomery, Douglas (Fed)" <>]

I suspect that BGPsec will be “forward looking” for a few more years.  The main industry thrust in this space right now is origin validation and improving the robustness of RPKI infrastructure.

 

If you want to kick the tires on BGPsec – there are reference implementations and test tools (e.g., that take MRT files and BGPsec sign the paths and play full DFZ tables at and implementation) here:

https://www.nist.gov/services-resources/software/bgp-secure-routing-extension-bgp-srx-prototype

 

ExaBGP and GoBGP implementations will be released on the site above soon.

 

dougm

-- 

DougM at NIST

 

 

From: <> on behalf of Brad Fleming <>
Reply-To: " List:" <>
Date: Wednesday, February 6, 2019 at 4:38 PM
To: " List:" <>
Subject: Re: [Security-WG] NIST DRAFT Guidance on BGP Robustness and DDoS Mitigation - Review and comment requested.

 

Reading through this document reminded me I’ve not heard anything from Juniper or Cisco on their timelines or plans for BGPsec / BGP Path Validation support. I just pinged our sales team but I’m wondering if anyone else has asked and received an answer recently. 

--
Brad Fleming

On Feb 6, 2019, at 11:43 AM, Michael H Lambert <> wrote:

 

Thanks, Doug.  This looks very useful.

Michael

On 6 Feb 2019, at 12:02, Montgomery, Douglas (Fed) <> wrote:

https://csrc.nist.gov/publications/detail/sp/800-189/draft

In case there are folks here who do not follow the NANOG list.

NIST solicits comments on the above draft guidance document.

Comments are requested by March 15.   

The page above provides details and the address to send your comments to.

Thanks
dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST

-----
Michael H Lambert, GigaPoP Manager             Phone: +1 412 268-4960
Pittsburgh Supercomputing Center/3ROX          FAX:   +1 412 268-5832
300 S Craig St, Pittsburgh, PA  15213 USA