Route Attestation

• Includes identification of:

  • AS’s or BGP speaker’s certificate issued by the AS owner
  • the address blocks and the AS Path (ASes) in the UPDATE
  • the AS number of the receiving (next) neighbor
  • expiration date/time

• Indicates that the BGP speaker or its AS authorizes the receiver’s AS to use the AS Path & NLRI in the UPDATE

• Digitally signed by owner of the BGP speaker (or its AS) distributing the UPDATE, traceable to the IANA ...

• Used to protect BGP from erroneous UPDATEs (authenticated but misbehaving or misconfigured BGP speakers)

Previous slide

Next slide

Back to first slide

View graphic version