Announcing BRITE - BGPSEC / RPKI Interoperability Test & Evaluation system
dougm at nist.gov
Tue Jun 28 15:06:44 UTC 2011
BRITE is a web-based test and evaluation framework for exercising
implementations, configurations and deployments of emerging IETF BGP
security technologies, including some components of the Resource Public
Key Infrastructure (RPKI) and routers that support BGP security extensions.
BRITE is currently capable of testing: RPKI validation caches and BGP
routers that perform origin validation based upon RPKI ROAs. Future
extensions will support BGP routers that support full path validation.
BRITE currently supports the following capabilities / protocol
* rsync of RPKI objects from BRITE test suite repositories,
* RPKI/Router Protocol (draft-ietf-sidr-rpki-rtr-12 - TCP plain sockets,
no SSH transport or TCP-AO)
* BGP-4 (tested interoperability with Cisco IOS, JUNOS, Quagga, OpenBGPD
BRITE is driven by test scripts that describe carefully crafted
Test Scenarios (stimulus inputs from BRITE using the protocols above) and
corresponding goals (expected responses from the Implementation Under Test
(IUT) using the protocols above). BRITE allows users to login, select a
specific test case, interactively configure and run the test case and then
browse/download detailed test reports, packet captures and log files.
Current test scripts & data sets are available for:
* BGP routers that implement the rpki-rtr protocol and simple BGP origin
validation route policies.
Additional test suites & data sets are in development and will be
announced when available.
To get additional information, browse existing test suites, or use the
BRITE system, goto:
Questions or comments can be directed to brite-dev at nist.gov.
Doug Montgomery Mgr. Internet & Scalable Systems Research / ITL / NIST
More information about the NANOG