Developments in Routing Security

4 June 2019 | ENOG 16

Developments in Routing Security

Oleg Muravskiy

Oleg Muravskiy | ENOG 16 | June 2019

bull We manage IP and ASN allocations in Europe the Middle East and parts of Central Asia

bull Ensure unique holdership bull Document holdership in the RIPE Database (whois) bull Enable operators to document use of their address space

Who We Are

2


bull In 1994 RIPE-181 was the first document published that used a common language to describe routing policies

bull We co-developed standards for IRR and RPKI

bull We are one of the five RPKI Trust Anchors

bull Our Validator tool was the first tool to do Origin Validation

Routing Security is in Our DNA

3

Oleg Muravskiy | ENOG 16 | June 2019 4

Routing on the Internet

A1010xx

B1020xx

B ldquoI have 1020xxrdquo

A ldquoI have 1010xxrdquo

Can I trust B

Is A correct

BGP


bull 2017 Routing Security Review by the Internet Society bull 14k incidents bull 10 of all ASes affected

bull 3k ASNs victims of at least one incident bull 15k ASNs caused at least one incident

Incidents Are Common

5


bull April 2018 bull BGP and DNS hijack targeting

Amazon and MyEtherWalletcom

bull August 2018 bull Same technique used against

several payment systems

Or Worsehellip

6


How to Secure Routing

A1010xx

B1020xx



Can I trust B

Is A correct

A announces 1010xx to BB announces 1020xx to ACD

Internet Routing Registry

BGP


bull IRRs exist for many years

bull RIPE DB NTTCOM RADB ALTDB ARIN IRR BBOI BELL LEVEL3 RGNET TC CANARIE hellip

bull But their accuracy is not great bull The RIPE Database verifies holdership for the RIPE region

resources only

bull The RADB allows paying customers to create any object

bull Many IRRs do not formally verify holdership

Internet Routing Registry (IRR)

8


Accuracy ndash RIPE DB IRR

Valid announcements covered announcements


Accuracy ndash RADB IRR



bull Ties IP addresses and ASNs to digital certificates (X509)

bull Digitally sign statements from resource holders bull AS X is authorised to announce my IP prefix Y bull Signed by the holder of Y

bull Operated since 2011 by all RIRs

bull Supported by IETF standards

Resource Public Key Infrastructure (RPKI)

11


RPKI Needs Two Actions

AS A1010xx

AS B 1020xx

AS A is authorisedto announce10100016

RPKI Repository

1 Create route authorisation record

2 Validate route

Is A correct


BGP


Creating RPKI Objects Certificate Hierarchy

RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES

END USER C RESOURCES

END USER A RESOURCES

END USER B RESOURCES

MEMBER Z RESOURCEShellip


Creating RPKI Objects Hosted vs Non-Hosted

RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA

RIPE NCCHosted System


bull Install RPKI CA software bullDragon Research Labs rpkinet RPKI toolkit bullNLnet Labs Krill

bull Enable non-hosted CA on LIR Portal

bull Setup connection with RIPE NCC CA

Creating RPKI Objects Running Non-Hosted CA

15


Enable Non-Hosted CA on the LIR Portal


Setup Connection With the RIPE NCC CA




bull Install RPKI CA software bull Dragon Research Labs rpkinet RPKI toolkit bull NLnet Labs Krill



bull Generate your resource certificate and get it signed

bull Create your ROA objects

bull Publish your resource certificate and ROA objects in your RPKI repository

bull Keep re-publishing your objects (every 24 hours) (from another AS)

Creating RPKI Objects Running non-Hosted CA

19


bull Enable Hosted CA on the LIR Portal


Creating RPKI Objects Using Hosted CA

20


Create Your ROA Objects in a Hosted CA



httpsyoutubegLwHp12wOGw


bull Enable Hosted CA on LIR Portal


bull We will publish your objects in our RPKI repository

bull We will keep your objects up-to-date


23

45 seconds (if you know your

RIPE NCC Access password)


bull By default RPKI for PI resources is managed by the sponsoring LIR

bull Your sponsoring LIR could make you a maintainer of an inetnum object for your resources in RIPE DB

bull Then you could link your RIPE NCC Access account to that maintainer

bull hellipand enable your own RPKI CA

bull Documentation

Hosted CA for PI End-Users

24


Hosted CA for PI End-UsersYour account

Your organisation

Linked maintainers

Authenticate

Routing validation


Validating Route Announcements

RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies


bull RIPE NCC RPKI Validator - Version 2

- Version 3

bull Dragon Research Labs rpkinet RPKI toolkit

bull NLnet Labs Routinator

bull Cloudflarersquos OctoRPKI

RPKI Validators

28



BGPValid ROAs

Your router Your peer

You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID


bull Prefer VALID over others

bull Prefer UNKNOWN over INVALID

bull Drop INVALID

Validating Route Announcements Policies

30


bull What breaks if you reject invalids bull ldquoMostly nothingrdquo ndash ATampT bull ldquo5 customer calls in 6 months all resolved quicklyrdquo ndash

medium Dutch ISP bull ldquoCustomers appreciate a provider who takes security

seriouslyrdquo ndash medium Dutch ISP bull ldquoThere are many invalids but very little traffic is

impactedrdquo ndash very large cloud provider

Invalid == reject

31


bull ROA-based validation covers only part of the problem

bull BGPsec could solve it but canrsquot

bull Autonomous System Provider Authorization (ASPA)

- Work in progress

bull Donrsquot wait start now

Origin Validation vs Path Validation

32


Number of Certificates

httpscertification-statsripenet


Coverage ndash RPKI (all RIRs)

httpslirportalripenetcertificationcontentstaticstatisticsworld-roashtml


Accuracy ndash RPKI (all RIRs)

IPv4 addresses in valid announcements covered announcementshttpslirportalripenetcertificationcontentstaticstatisticsworld-roashtml


RPKI in some regional countriesCountry ROA Coverage ROA Accuracy

AM 4283 100 AZ 325 100 BY 6137 100EE 192 100GE 2725 100 KG 705 100 KZ 235 100 LT 2037 100 LV 2434 9976 MD 6557 100 RU 78 9983 IR 6722 9915TR 6691 9948TM 182 100TJ 0 mdashUA 769 9959UZ 2431 100



Yesterdayrsquos ROA signing result


bull Analysis by Job Snijders Samer Abdel-Hafez Marty Strong httppeeringexposed

bull 9 out of top 10 IXPs already filtering

bull Of all analysed IXPs 68 filtering 12 not filtering 55 unknown

bull Only 3 IXPs from ENOG region

RPKI Filtering at IXPs

38


bull Create Your ROAs bull ldquomy network becomes safer if you implement both

signing and validationrdquo bull Pay attention to the Max Length

bull Download a Validator or two

bull Check validation status manually which routes are invalid

bull Set up monitoring for example pmacct

Recommendations

39


bull Is routing security on your agenda

bull Initiate the conversation with providers and colleagues

bull Are you leading by example

Making the Difference

40

Email addressTwitter handle

Questions

Tell us and you could win an iPad

wwwripenetsurvey

What can we do better for you


bull We manage IP and ASN allocations in Europe the Middle East and parts of Central Asia

bull Ensure unique holdership bull Document holdership in the RIPE Database (whois) bull Enable operators to document use of their address space

Who We Are

2







3



A1010xx

B1020xx



Can I trust B

Is A correct

BGP





5






Or Worsehellip

6



A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey








3



A1010xx

B1020xx



Can I trust B

Is A correct

BGP





5






Or Worsehellip

6



A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




A1010xx

B1020xx



Can I trust B

Is A correct

BGP





5






Or Worsehellip

6



A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey






5






Or Worsehellip

6



A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey







Or Worsehellip

6



A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




A1010xx

B1020xx



Can I trust B

Is A correct



BGP





resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey






resources only




8













11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey














11



AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




AS A1010xx

AS B 1020xx


RPKI Repository


2 Validate route

Is A correct


BGP



RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES







RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




RIPE NCC TA

RIPE NCC RESOURCES

MEMBER A RESOURCES

MEMBER B RESOURCES





Member ZCA

Member ACA

End User ACA







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey







15
















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey

















19





20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey






20












23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey













23








bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey







bull Documentation


24



Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




Your organisation

Linked maintainers

Authenticate

Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey


Routing validation



RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




RPKI Repository

X

RPKI Repository

Y

RPKI Repository

Z

BGP

Valid ROAs

RPKI-to-Router

Your router

RPKI Validator

Your peer

You

Policies



- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




- Version 3




RPKI Validators

28



BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey




BGPValid ROAs


You

Policies

PrefixOrigin AS

Prefix AS Path

VALID UNKNOWN

INVALID




bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey





bull Drop INVALID


30






Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey







Invalid == reject

31





- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey






- Work in progress



32






















38







Recommendations

39






40


Questions


wwwripenetsurvey























38







Recommendations

39






40


Questions


wwwripenetsurvey








Recommendations

39






40


Questions


wwwripenetsurvey







40


Questions


wwwripenetsurvey



Questions


wwwripenetsurvey


Developments in Routing Security

Documents

Transcript of Developments in Routing Security