Route Attestation

• Indicates that the speaker or its AS authorizes the listener’s AS to use the route in the UPDATE

• Includes identification of:

  • AS’s or BGP speaker’s certificate issued by the owner of the AS
  • the address blocks and the list of ASes in the UPDATE
  • the neighbor
  • expiration date

• Digitally signed by owner of the AS (or BGP speaker) distributing the UPDATE, traceable to the IANA ...

• Used to protect BGP from erroneous UPDATEs (authenticated but misbehaving or misconfigured BGP speakers)

Previous slide

Next slide

Back to first slide

View graphic version