Bgp Problems & Solutions
1
A Survey of BGP Security Issues and Solutions
Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford
Abstract The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security. Index Terms authentication, authorization, BGP, border gatewa protocol, integrity, interdomain routing, network security, networks, routing
I. I NTRODUCTION The Internet is a global, decentralized network comprised of many smaller interconnected networks. Networks are largely comprised of end systems, referred to as hosts, and intermediate systems, called routers. Information travels through a network on one of many paths, which are selected through a routing process. Routing protocols communicate reachability information (how to locate other hosts and routers) and ultimately perform path selection. A network under the administrative control of a single organization is called an autonomous system (AS) [1]. The process of routing within an AS is
A Survey of BGP Security Issues and Solutions
Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford
Abstract The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security. Index Terms authentication, authorization, BGP, border gatewa protocol, integrity, interdomain routing, network security, networks, routing
I. I NTRODUCTION The Internet is a global, decentralized network comprised of many smaller interconnected networks. Networks are largely comprised of end systems, referred to as hosts, and intermediate systems, called routers. Information travels through a network on one of many paths, which are selected through a routing process. Routing protocols communicate reachability information (how to locate other hosts and routers) and ultimately perform path selection. A network under the administrative control of a single organization is called an autonomous system (AS) [1]. The process of routing within an AS is