Securing the BGP or controlling it?

Vincent J.. Bono vbono at 2nplus1.com
Mon May 10 15:02:03 CDT 2010


> this is a matter of risk analysis.  No secure routing means we'll continue
> to see the occasional high profile outage which is dealt with very quickly.

Speaking from painful experience all kinds of variable can ensure that even when a problem is identified quickly and action taken expeditiously outages can and do take much longer than "very quickly" to correct.

Also, while (IMHO) the much higher level of private interconnects / peering links in use today vs. 1997 makes willful route hijacking more difficult, building better security directly into the protocol is certainly in order.  A good parallel is the SS7 network that runs "routing" for traditional voice signaling: it's "secured" by using a completely separate, out of band TDM network (DS1s and DS0s) but its also an "in the clear" protocol and could be subject to willful vandalism.







More information about the NANOG mailing list