Securing the BGP or controlling it?

Jorge Amodio jmamodio at gmail.com
Mon May 10 16:23:20 CDT 2010


> Also, while (IMHO) the much higher level of private interconnects / peering links in use today vs. 1997 makes willful route hijacking more difficult, building better security directly into the protocol is certainly in order.  A good parallel is the SS7 network that runs "routing" for traditional voice signaling: it's "secured" by using a completely separate, out of band TDM network (DS1s and DS0s) but its also an "in the clear" protocol and could be subject to willful vandalism.

Diff with SS7, we can't send a VoIP msg with every packet saying "Your
packet can not be delivered as routed, please restart your computer
and try again", ohh yes we can ICMP :-)

Cheers
Jorge




More information about the NANOG mailing list