The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems, is an important component of the Internet's routing infrastructure. Secure BGP (S-BGP) addresses critical BGP vulnerabilities by providing a scalable means of verifying the authenticity and authorization of BGP control traffic. To facilitate widespread adoption, S-BGP must avoid introducing undue overhead (processing, bandwidth, storage)
and must be incrementally deployable, i.e., interoperable with BGP. To provide a proof of concept demonstration, we developed a prototype implementation of S-BGP and deployed it in DARPA's CAIRN testbed. Real Internet BGP traffic was fed to the testbed routers via replay of a recorded BGP peering session with an ISP's BGP router. This document describes the results of these experiments -examining interoperability, the efficacy of the S-BGP countermeasures in securing BGP control traffic, and their impact on BGP performance, and thusevaluating the feasibility of deployment in the Internet.
Border Gateway Protocol (BGP)Internet routing is implemented using a distributed system composed of many routers, grouped into administrative domains called Autonomous Systems (ASes). Routing information is exchanged between ASes using Border Gateway Protocol (BGP) [2,3] UPDATE messages. BGP has a number of vulnerabilities [1,3,5] which can be exploited to cause problems such as misdelivery or non-delivery of user traffic, misuse of network resources, network congestion and packet delays, and violation of local routing policies.Communication between BGP peers is subject to active and passive wiretapping attacks. BGP and the TCP/IP protocol used by it can be attacked. A BGP speaker can be compromised, e.g., a speaker's BGP-related software, configuration information, or routing databases may be modified or replaced illicitly via unauthorized access to a router, or to a server from which router software is downloaded, or via a spoofed distribution channel, etc. Such attacks could result in transmission of fictitious BGP messages, modification or replay of valid messages, or suppression of valid messages. If cryptographic keying material is used to secure BGP control traffic, that too may be compromised. We have developed security enhancements to BGP that address most of these vulnerabilities by providing a secure, scalable system: Secure-BGP (S-BGP) [1,3]. Better physical, procedural and basic communication security for BGP routers could address some of these attacks. However, such measures would not counter any of the many forms of attacks that compromise routers themselves. Experience with accidental misconfigurations, and the many vulnerabilities of management system components, strongly argue in favor of countering such Byzantine failures if we are to provide adequate protection for the Internet.The BGP-4 protocol, including descriptions of the UPDATE message and the route propagation algorithm, is described in [2,3]. Briefly, the numbers that identify IP networks are spec...
