The Border Gateway Protocol (BGP) is the glue that holds the Internet together, enabling data communications between large networks operated by different organizations. BGP makes Internet communications global by setting up routes for traffic between organizations—for example, from Boston University's network, through larger ISPs such as Level3, Pakistan Telecom, and China Telecom; then on to residential networks such as Comcast or enterprise networks such as Bank of America.
While BGP plays a crucial role in Internet communications, it remains surprisingly vulnerable to attack. The past few years have seen a range of routing incidents that highlight the fragility of routing with BGP. They range from a simple misconfiguration at a small Indonesian ISP that took Google offline in parts of Asia,32 to a case of BGP-based censorship that leaked out of Pakistan Telecom and took YouTube offline for most of the Internet,2 to a routing error that caused a large fraction of the world's Internet traffic to be routed through China Telecom,6 to highly targeted traffic interception by networks in Iceland and Belarus.34
While the RPKI is useful, BGPSEC itself is undeployable, will ossify BGP, and most likely end up causing more problems than it solves in terms of attack surfaces, etc. Unfortunately, politics within the IETF have not allowed any alternatives to be considered. So part of the reason the BGP ecosystem has been so slow to be secured is because no solutions have been put forward that will actually meet any sort of real cost/benefit tradeoff.
When a system is proposed that will actually provide a real cost/benefit tradeoff, then security will move forward.
Displaying 1 comment