Secure Inter-Domain Routing Standards Evolution and Role in the Future GIG

Abstract

The security of the Border Gateway Protocol (BGP), the standard routing protocol for inter-domain routing in the Internet, has been an increasingly intent focus of concern for many years. In the last few years, the IETF (Internet Engineering Task Force) has undertaken several efforts to specify security solutions for BGP. The IETF has chartered work to analyze BGP vulnerabilities, to investigate threat models for routing protocols in general, and to specify requirements for BGP security. Most recently, the IETF has begun work on securing the origination of prefix advertisements. Unauthorized origination of prefix advertisements has been the most frequent root cause of publicly noted routing incidents for the history of the Internet. Also, authorization of origination of prefix advertisements is the common basis to almost all suggested security solutions. Because the Global Information Grid (GIG) uses BGP for inter-domain routing and VPN provisioning just as the commercial Internet, the GIG is subject to the same BGP vulnerabilities. Security solutions to the vulnerabilities of BGP should be deployed and used in the GIG, in order to protect the GIG routing system internally and at interconnection points to the Internet. It is important that the GIG be aware of standards based security solutions and be involved in the development of new standards. This paper discusses the current status of BGP security standards, how they are evolving, and how the security of BGP relates to the GIG.