In this paper, we first describe the problem space. Following that, we describe the design and implementation of the NIST reference implementation for RPKI-based route origin validation (BGP-OV) and BGPsec path validation (BGP-PV) within a BGP router. The system we developed is called BGP Secure Routing Extension (BGP-SRx).
We describe the system design, explain the design choices, describe communications between all components, and present the performance measurements obtained during the implementation stages. This paper is organized so that it first explains the high-level system design with a brief explanation of all components and how they interact. We will explain why we chose this design and provide a discussion of its benefits as well as shortcomings. Furthermore, we show which open-source components we chose and how we extended them for this project.
The BGP-SRx implementation is a reference implementation for BGP-OV with all its router side components as specified in RFC 6811, RFC 6810, and RFC 8210 as well as for BGPsec path validation as specified in RFC 8205 and RFC 8608. The implementation allowed early identification of issues while the specifications were still under development, hence provided important feedback to the development of the different IETF RFCs.
In this paper, we first describe the problem space. Following that, we describe the design and implementation of the NIST reference implementation for RPKI-based route origin validation (BGP-OV) and BGPsec path validation (BGP-PV) within a BGP router. The system we developed is called BGP Secure...
See full abstract
In this paper, we first describe the problem space. Following that, we describe the design and implementation of the NIST reference implementation for RPKI-based route origin validation (BGP-OV) and BGPsec path validation (BGP-PV) within a BGP router. The system we developed is called BGP Secure Routing Extension (BGP-SRx).
We describe the system design, explain the design choices, describe communications between all components, and present the performance measurements obtained during the implementation stages. This paper is organized so that it first explains the high-level system design with a brief explanation of all components and how they interact. We will explain why we chose this design and provide a discussion of its benefits as well as shortcomings. Furthermore, we show which open-source components we chose and how we extended them for this project.
The BGP-SRx implementation is a reference implementation for BGP-OV with all its router side components as specified in RFC 6811, RFC 6810, and RFC 8210 as well as for BGPsec path validation as specified in RFC 8205 and RFC 8608. The implementation allowed early identification of issues while the specifications were still under development, hence provided important feedback to the development of the different IETF RFCs.
Hide full abstract
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
