Pretty Good BGP: Improving BGP by Cautiously Adopting Routes

The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers...

Full description

Saved in:
Bibliographic Details
Main Authors: Karlin, J., Forrest, S., Rexford, J.
Format: Conference Proceeding
Language:English
Subjects:
Computer crashes
Detectors
Internet
IP networks
Iron
Protection
Public key
Routing protocols
Telecommunication traffic
Terrorism
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocol- preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large- scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.
ISSN:1092-1648
2643-3303
DOI:10.1109/ICNP.2006.320179