The Problem

• The Border Gateway Protocol (BGP) is vulnerable to attacks due to the lack of a scalable means of ensuring the authenticity and legitimacy of BGP control traffic:

  • no means of establishing the authority of an Autonomous System (AS) or BGP speaker to advertise a portion of address space (NLRI origin verification)
  • no means of establishing the authority of an Autonomous System (AS) or BGP speaker to advertise routes to a destination or destinations (AS_PATH validation)
  • need for peer authentication and ensuring of UPDATE integrity in conjunction with automated key management and anti-replay protection

Previous slide

Next slide

Back to first slide

View graphic version