measuring adoption of rpki route validation and …...prefix hijacking prevention using resource...

70
Measuring Adoption of RPKI Route Validation and Filtering Andreas Reuter ([email protected]) Joint work with Randy Bush, Ethan Katz-Bassett, Italo Cunha, Thomas C. Schmidt, and Matthias Wählisch 1 PEERING The BGP Testbed

Upload: others

Post on 14-Aug-2020

13 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Measuring Adoption of RPKI Route Validation and Filtering

Andreas Reuter ([email protected])

Joint work with Randy Bush, Ethan Katz-Bassett, Italo Cunha,Thomas C. Schmidt, and Matthias Wählisch

1

PEERINGThe BGP Testbed

Page 2: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Once upon a time ... someone incorrectly announced an IP prefix.

2

Page 3: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Once upon a time ... someone incorrectly announced an IP prefix.

3

Page 4: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Once upon a time ... someone incorrectly announced an IP prefix.

4

Page 5: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Prefix hijacking prevention using Resource Public Key Infrastructure

Enter RPKI

5

Page 6: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Prefix hijacking prevention using Resource Public Key Infrastructure

Enter RPKI

ROA Data

Authorization object: Which AS is allowed to announce an IP prefix

6

Page 7: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Prefix hijacking prevention using Resource Public Key Infrastructure

Enter RPKI

ROA Data Route Origin Validation+

Authorization object: Which AS is allowed to announce an IP prefix

Router operation to validate BGP Updates based on ROA data

Local Policy+Decide handling of invalid BGP routes (drop?)

7

Page 8: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Prefix hijacking prevention using Resource Public Key Infrastructure

Enter RPKI

ROA Data Route Origin Validation+

Authorization object: Which AS is allowed to announce an IP prefix

Router operation to validate BGP Updates based on ROA data

Local Policy+Decide handling of invalid BGP routes (drop?)

ROA: 10.20.0.0/16-24 AS100 BGP: 10.20.0.0/16 AS100 ✔BGP: 10.20.0.0/16 AS666 ✖

AcceptReject

8

Page 9: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Research Problem

ROA Data Route Origin Validation+

Authorization object: Which AS is allowed to announce an IP prefix

Router operation to validate BGP Updates based on ROA data

Local Policy+Decide handling of invalid BGP routes (drop?)

Measure the adoption of RPKI-based filter policies.

Public Data Private Policy

9

Page 10: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Research Challenge

ROA Data Route Origin Validation+

Authorization object: Which AS is allowed to announce an IP prefix

Router operation to validate BGP Updates based on ROA data

Local Policy+Decide handling of invalid BGP routes (drop?)

Measure the adoption of RPKI-based filter policies.Challenge: Private policies must be inferred from measurements.

Public Data Private Policy

10

Page 11: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Two principle approaches

Uncontrolled experiments

Analysing existing BGP data and ROAs, trying to infer who is filtering.

Controlled experiments

Actively announcing BGP Updates and dynamically creating ROAs

Analyse resulting BGP data to infer who is filtering.

11

➔ Fast➔ Easy

➔ Slow➔ Needs experimental

facilities

Page 12: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and

non-invalid routes to infer if an AS is filtering

12

Page 13: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and

non-invalid routes to infer if an AS is filtering

VP

AS2

AS3

AS1

P1

P2

Vantage point (VP) peers with route collector (RC), sends full or partial feed of selected routes to it.

AS1 announces prefixes: P1(valid) and P2 (invalid)

RC

Vantage point selects routes with different AS path for the prefixes

13

Page 14: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and

non-invalid routes to infer if an AS is filtering

VP

AS2

AS3

AS1

P1

P2

Vantage point (VP) peers with route collector (RC), sends full or partial feed of selected routes to it.

AS1 announces prefixes: P1(valid) and P2 (invalid)

RC

Vantage point selects routes with different AS path for the prefixes

Filtering invalid routes?

14

Page 15: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

15

Page 16: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

16

Page 17: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

17

Page 18: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

Vantage point chooses routes with different AS path

AS2

VP

Origin announces prefixes: P1(valid) and P2 (invalid)

Origin Policy

18

AS1

Origin

Page 19: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

Vantage point chooses routes with different AS path

AS2

VP

Origin announces prefixes: P1(valid) and P2 (invalid)

Is AS1 using RPKI-based filtering policy?

Origin Policy

19

AS1

Origin

Page 20: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

10.20.0.0/22

Vantage point chooses routes with different AS path

AS2

VP

Origin announces prefixes: P1(valid) and P2 (invalid)

Origin Policy

20

AS1

Origin

10.20.0.0/24

Page 21: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

10.20.0.0/22

Vantage point chooses routes with different AS path

AS2

VP

Origin announces prefixes: P1(valid) and P2 (invalid)

Origin Policy

21

AS1

Origin

10.20.0.0/24

ROA:Prefix:10.20.0.0/22 - 22ASN: Origin

Page 22: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

Vantage point chooses routes with different AS path

AS2

AS1

VP Origin

Origin announces prefixes: P1(valid) and P2 (invalid)

Is AS1 using RPKI-based filtering policy?

Origin Policy

Path divergence at first hop is more likely to be the result of traffic engineering at origin.

22

Page 23: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Path DivergenceDivergence between AS paths of routes with the same origin

Frac

tion

of p

ath

pairs

23

AS hop at which paths diverge

Page 24: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Path Divergence

➔ Invalid routes (probably) have different AS paths for non-RPKI reasons

Divergence between AS paths of routes with the same origin

Frac

tion

of p

ath

pairs No significant

difference between distributions indicates lack of widespread filtering

24

AS hop at which paths diverge

Page 25: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

25

Page 26: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

3356

Vantage point chooses routes with different AS path

1299

1239 3130VP Origin

Origin announces prefixes: P1(valid) and P2 (invalid)

Real World Example

26

Page 27: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

3356

Vantage point chooses routes with different AS path

1299

1239 3130VP Origin

Origin announces prefixes: P1(valid) and P2 (invalid)

Is AS3356 using RPKI-based filtering policy?

Real World Example

27

Page 28: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Control

P1

P2

3356

Vantage point chooses routes with different AS path

1299

1239 3130VP Origin

Origin announces prefixes: P1(valid) and P2 (invalid)

Is AS3356 using RPKI-based filtering policy?

No!Vantage point is using route age as tie breaker.

Real World Example

28

Page 29: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

29

Page 30: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

➔ Limited Visibility can lead to misclassification

30

Page 31: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different

classifications

31

Page 32: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different

classifications

P1

P2

VP

1

AS1 announces prefixes: P1(valid) and P2 (invalid)

2

3Vantage point chooses routes with different AS path

32

Page 33: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different

classifications

P1

P2

VP

1

AS1 announces prefixes: P1(valid) and P2 (invalid)

2

3Vantage point chooses routes with different AS path

Is AS2 using RPKI-based filtering policy?

33

Page 34: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different

classifications

P1

P2

VP

AS1 announces prefixes: P1(valid) and P2 (invalid)

3Vantage point chooses routes with different AS path

Is AS2 using RPKI-based filtering policy? Probably not!

VP2

2

1

Another vantage point chooses routes with same AS path

34

Page 35: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different

classifications

P1

P2

VP

AS1 announces prefixes: P1(valid) and P2 (invalid)

3Vantage point chooses routes with different AS path

Is AS2 using RPKI-based filtering policy? Probably not!

VP2

2

1

Another vantage point chooses routes with same AS path

We don’t have a complete view of AS-level Internet. Inference without considering missing data can lead to

misclassification!

35

Page 36: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

➔ Limited Visibility can lead to misclassification

36

Page 37: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

➔ Limited Visibility can lead to misclassification

➔ Not possible to reproduce

37

Page 38: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Uncontrolled Experiments: Problems

➔ Limited Control

◆ Do not know origin AS policy. Traffic engineering

might look like RPKI-based filtering.

◆ Cannot distinguish between filtering based on

RPKI vs. filtering based on other attributes

➔ Limited Visibility can lead to misclassification

➔ Not possible to reproduce

38

Inferring if a specific AS is using RPKI-based filtering on

the basis of uncontrolled experiments is prone to

misclassification!

Page 39: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments

39

Page 40: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled ExperimentsHand-crafted ROAs and BGP Updates

40

Page 41: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates

➔ Limited Control

◆ We know the routing policy of origin AS

41

Page 42: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates

➔ Limited Control

◆ We know the routing policy of origin AS

◆ Can distinguish between RPKI-based filtering vs. filtering

based on other attributes by changing ROAs/Updates

42

Page 43: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates

➔ Limited Control

◆ We know the routing policy of origin AS

◆ Can distinguish between RPKI-based filtering vs. filtering

based on other attributes by changing ROAs/Updates

➔ Limited Visibility is less of an issue, we only care about

our prefixes

43

Page 44: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates

➔ Limited Control

◆ We know the routing policy of origin AS

◆ Can distinguish between RPKI-based filtering vs. filtering

based on other attributes by changing ROAs/Updates

➔ Limited Visibility is less of an issue, we only care about

our prefixes

➔ Can repeat experiments and target specific AS.

44

Page 45: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: Our Setup

Announce prefixes PA (Anchor) and PE (Experiment)

+ Same RIR DB route object+ Same length+ Minimal bit difference+ Announced at the same time+ Announced from same origin

AS+ Announced to same peers

BGP

Issue ROAs for both prefixes

Periodically change ROA for experiment prefix

➔ Flips announcement from VALID to INVALID to VALID once a day

(Yes, we operate a grandchild RPKI CA ;))

RPKI

45

Page 46: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly

PA

PE

VP

Vantage point chooses routes with same AS path

Origin

Origin announces prefixes: PA(valid) and PE (valid)

46

Page 47: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly

PA

PE

VP

Vantage point chooses routes with same AS path

Origin

Origin announces prefixes: PA(valid) and PE (valid)

47

Page 48: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly

PA

VP Origin

Origin announces prefixes: PA(valid) and PE (invalid)

Observation 1: VP has no route for PE now that it’s announcement is invalid

Conclusion: VP is using RPKI-based filtering.

48

Page 49: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly

PA

VP

Vantage point chooses routes with different AS path

Origin announces prefixes: PA(valid) and PE (invalid)

Observation 2: VP has route via AS X for PE now that it’s announcement is invalid

Conclusion: VP uses RPKI-based filtering selectively.

AS X PE

Origin

49

Page 50: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

PE

VP

Vantage point chooses routes with same AS path Origin announces prefixes:

PA(valid) and PE (valid)

OriginAS X

50

Page 51: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

PE

VP

Vantage point chooses routes with same AS path Origin announces prefixes:

PA(valid) and PE (valid)

OriginAS X

51

Page 52: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

VP

Origin announces prefixes: PA(valid) and PE (invalid)

OriginAS X

Observation 1: VP has no route for PE now that it’s announcement is invalid

Conclusion: VP or AS X (or both) are using RPKI-based filtering.

52

Page 53: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

VP

Origin announces prefixes: PA(valid) and PE (invalid)

AS X

Observation 2: VP has different route for PE now that it’s announcement is invalid

Conclusion: VP or AS X (or both) are using RPKI-based filtering.

Origin

PEAS Y

53

Page 54: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

VP

Origin announces prefixes: PA(valid) and PE (invalid)

AS X

Observation 2: VP has different route for PE now that it’s announcement is invalid

Conclusion: VP or AS X (or both) are using RPKI-based filtering.

Origin

PEAS Y

54

Resolve ambiguity by:

➔ Establishing direct peering with VP

Page 55: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path

PA

VP

Origin announces prefixes: PA(valid) and PE (invalid)

AS X

Observation 2: VP has different route for PE now that it’s announcement is invalid

Conclusion: VP or AS X (or both) are using RPKI-based filtering.

Origin

PEAS Y

55

Resolve ambiguity by:

➔ Establishing direct peering with VP

➔ Checking if AS X has a vantage point

Page 56: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Results

56

Page 57: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

ResultsWe found at least 3 AS that deployed RPKI-based filtering!

None of them are large providers ...

2 AS filtered all invalid routes

1 AS filtered selectively

Another measurement study found other results.

57

Page 58: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

ResultsWe found at least 3 AS that deployed RPKI-based filtering!

None of them are large providers ...

2 AS filtered all invalid routes

1 AS filtered selectively

Another measurement study found other results.

58

Confirmed by repeated experiments and

talking to operators.

Page 59: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Conclusion

➔ Controlled experiments are crucial to measuring adoption of RPKI-based filtering policies

➔ There are ASes that do RPKI-based filtering. Not many, not the big ones, but at least some (>3).

Internet infrastructure requires proper monitoring.

➔ Uncontrolled experiments are unsuited to infer RPKI-based filtering policies

59

Page 60: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

➔ We will extend our measurement methodology.

➔ We will establish a live monitoring system with public access.

BGP monitoring is based on collaboration!

➔ Please, establish direct peering with PEERING testbed.◆ https://peering.usc.edu/peering/

➔ Please, peer with public route collectors.

Next Steps

60

Page 61: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

➔ We will extend our measurement methodology.

➔ We will establish a live monitoring system with public access.

BGP monitoring is based on collaboration!

➔ Please, establish direct peering with PEERING testbed.◆ https://peering.usc.edu/peering/

➔ Please, peer with public route collectors.

Next Steps

61

Have you enabled RPKI-based OV on a router today?

Page 62: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Backup

62

Page 63: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

63

Page 64: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

64

Page 65: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

65

Page 66: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Path Diversity

➔ Invalid routes tend to have different AS paths than non-invalid routes

Path Diversity Distribution of a single vantage point

When invalid routes are included, path diversity of some origins increases

For ~50% of origins, there is exactly one distinct AS path

66

Page 67: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Vantage Point Visibility MattersPrefixes and their Origins

Some VP have near ‘global’ view

Some VPs see barely anything

67

Page 68: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Vantage Point Visibility MattersPrefixes of invalid routes and their reasons for invalidity

Some VPs have very few invalid prefixes

Some none at all

68

Page 69: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Vantage Point Visibility Matters

➔ Virtually all VPs have some origin AS they only ‘see’ incompletely. Oops!

Per-Origin Prefix Visibility

69

Page 70: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization

Invalid Announcements: Path Diversity

70