Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource...
Transcript of Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource...
![Page 1: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/1.jpg)
Measuring Adoption of RPKI Route Validation and Filtering
Andreas Reuter ([email protected])
Joint work with Randy Bush, Ethan Katz-Bassett, Italo Cunha,Thomas C. Schmidt, and Matthias Wählisch
1
PEERINGThe BGP Testbed
![Page 2: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/2.jpg)
Once upon a time ... someone incorrectly announced an IP prefix.
2
![Page 3: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/3.jpg)
Once upon a time ... someone incorrectly announced an IP prefix.
3
![Page 4: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/4.jpg)
Once upon a time ... someone incorrectly announced an IP prefix.
4
![Page 5: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/5.jpg)
Prefix hijacking prevention using Resource Public Key Infrastructure
Enter RPKI
5
![Page 6: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/6.jpg)
Prefix hijacking prevention using Resource Public Key Infrastructure
Enter RPKI
ROA Data
Authorization object: Which AS is allowed to announce an IP prefix
6
![Page 7: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/7.jpg)
Prefix hijacking prevention using Resource Public Key Infrastructure
Enter RPKI
ROA Data Route Origin Validation+
Authorization object: Which AS is allowed to announce an IP prefix
Router operation to validate BGP Updates based on ROA data
Local Policy+Decide handling of invalid BGP routes (drop?)
7
![Page 8: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/8.jpg)
Prefix hijacking prevention using Resource Public Key Infrastructure
Enter RPKI
ROA Data Route Origin Validation+
Authorization object: Which AS is allowed to announce an IP prefix
Router operation to validate BGP Updates based on ROA data
Local Policy+Decide handling of invalid BGP routes (drop?)
ROA: 10.20.0.0/16-24 AS100 BGP: 10.20.0.0/16 AS100 ✔BGP: 10.20.0.0/16 AS666 ✖
AcceptReject
8
![Page 9: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/9.jpg)
Research Problem
ROA Data Route Origin Validation+
Authorization object: Which AS is allowed to announce an IP prefix
Router operation to validate BGP Updates based on ROA data
Local Policy+Decide handling of invalid BGP routes (drop?)
Measure the adoption of RPKI-based filter policies.
Public Data Private Policy
9
![Page 10: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/10.jpg)
Research Challenge
ROA Data Route Origin Validation+
Authorization object: Which AS is allowed to announce an IP prefix
Router operation to validate BGP Updates based on ROA data
Local Policy+Decide handling of invalid BGP routes (drop?)
Measure the adoption of RPKI-based filter policies.Challenge: Private policies must be inferred from measurements.
Public Data Private Policy
10
![Page 11: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/11.jpg)
Two principle approaches
Uncontrolled experiments
Analysing existing BGP data and ROAs, trying to infer who is filtering.
Controlled experiments
Actively announcing BGP Updates and dynamically creating ROAs
Analyse resulting BGP data to infer who is filtering.
11
➔ Fast➔ Easy
➔ Slow➔ Needs experimental
facilities
![Page 12: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/12.jpg)
Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and
non-invalid routes to infer if an AS is filtering
12
![Page 13: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/13.jpg)
Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and
non-invalid routes to infer if an AS is filtering
VP
AS2
AS3
AS1
P1
P2
Vantage point (VP) peers with route collector (RC), sends full or partial feed of selected routes to it.
AS1 announces prefixes: P1(valid) and P2 (invalid)
RC
Vantage point selects routes with different AS path for the prefixes
13
![Page 14: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/14.jpg)
Uncontrolled Experiments: The Basic Idea➔ Leverage divergence between AS paths of invalid and
non-invalid routes to infer if an AS is filtering
VP
AS2
AS3
AS1
P1
P2
Vantage point (VP) peers with route collector (RC), sends full or partial feed of selected routes to it.
AS1 announces prefixes: P1(valid) and P2 (invalid)
RC
Vantage point selects routes with different AS path for the prefixes
Filtering invalid routes?
14
![Page 15: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/15.jpg)
Uncontrolled Experiments: Problems
15
![Page 16: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/16.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
16
![Page 17: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/17.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
17
![Page 18: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/18.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
Vantage point chooses routes with different AS path
AS2
VP
Origin announces prefixes: P1(valid) and P2 (invalid)
Origin Policy
18
AS1
Origin
![Page 19: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/19.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
Vantage point chooses routes with different AS path
AS2
VP
Origin announces prefixes: P1(valid) and P2 (invalid)
Is AS1 using RPKI-based filtering policy?
Origin Policy
19
AS1
Origin
![Page 20: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/20.jpg)
Uncontrolled Experiments: Limited Control
10.20.0.0/22
Vantage point chooses routes with different AS path
AS2
VP
Origin announces prefixes: P1(valid) and P2 (invalid)
Origin Policy
20
AS1
Origin
10.20.0.0/24
![Page 21: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/21.jpg)
Uncontrolled Experiments: Limited Control
10.20.0.0/22
Vantage point chooses routes with different AS path
AS2
VP
Origin announces prefixes: P1(valid) and P2 (invalid)
Origin Policy
21
AS1
Origin
10.20.0.0/24
ROA:Prefix:10.20.0.0/22 - 22ASN: Origin
![Page 22: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/22.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
Vantage point chooses routes with different AS path
AS2
AS1
VP Origin
Origin announces prefixes: P1(valid) and P2 (invalid)
Is AS1 using RPKI-based filtering policy?
Origin Policy
Path divergence at first hop is more likely to be the result of traffic engineering at origin.
22
![Page 23: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/23.jpg)
Path DivergenceDivergence between AS paths of routes with the same origin
Frac
tion
of p
ath
pairs
23
AS hop at which paths diverge
![Page 24: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/24.jpg)
Path Divergence
➔ Invalid routes (probably) have different AS paths for non-RPKI reasons
Divergence between AS paths of routes with the same origin
Frac
tion
of p
ath
pairs No significant
difference between distributions indicates lack of widespread filtering
24
AS hop at which paths diverge
![Page 25: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/25.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
25
![Page 26: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/26.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
3356
Vantage point chooses routes with different AS path
1299
1239 3130VP Origin
Origin announces prefixes: P1(valid) and P2 (invalid)
Real World Example
26
![Page 27: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/27.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
3356
Vantage point chooses routes with different AS path
1299
1239 3130VP Origin
Origin announces prefixes: P1(valid) and P2 (invalid)
Is AS3356 using RPKI-based filtering policy?
Real World Example
27
![Page 28: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/28.jpg)
Uncontrolled Experiments: Limited Control
P1
P2
3356
Vantage point chooses routes with different AS path
1299
1239 3130VP Origin
Origin announces prefixes: P1(valid) and P2 (invalid)
Is AS3356 using RPKI-based filtering policy?
No!Vantage point is using route age as tie breaker.
Real World Example
28
![Page 29: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/29.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
29
![Page 30: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/30.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
➔ Limited Visibility can lead to misclassification
30
![Page 31: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/31.jpg)
Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different
classifications
31
![Page 32: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/32.jpg)
Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different
classifications
P1
P2
VP
1
AS1 announces prefixes: P1(valid) and P2 (invalid)
2
3Vantage point chooses routes with different AS path
32
![Page 33: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/33.jpg)
Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different
classifications
P1
P2
VP
1
AS1 announces prefixes: P1(valid) and P2 (invalid)
2
3Vantage point chooses routes with different AS path
Is AS2 using RPKI-based filtering policy?
33
![Page 34: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/34.jpg)
Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different
classifications
P1
P2
VP
AS1 announces prefixes: P1(valid) and P2 (invalid)
3Vantage point chooses routes with different AS path
Is AS2 using RPKI-based filtering policy? Probably not!
VP2
2
1
Another vantage point chooses routes with same AS path
34
![Page 35: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/35.jpg)
Uncontrolled Experiments: Limited Visibility➔ Analysing data from different sets of vantage points can yield different
classifications
P1
P2
VP
AS1 announces prefixes: P1(valid) and P2 (invalid)
3Vantage point chooses routes with different AS path
Is AS2 using RPKI-based filtering policy? Probably not!
VP2
2
1
Another vantage point chooses routes with same AS path
We don’t have a complete view of AS-level Internet. Inference without considering missing data can lead to
misclassification!
35
![Page 36: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/36.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
➔ Limited Visibility can lead to misclassification
36
![Page 37: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/37.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
➔ Limited Visibility can lead to misclassification
➔ Not possible to reproduce
37
![Page 38: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/38.jpg)
Uncontrolled Experiments: Problems
➔ Limited Control
◆ Do not know origin AS policy. Traffic engineering
might look like RPKI-based filtering.
◆ Cannot distinguish between filtering based on
RPKI vs. filtering based on other attributes
➔ Limited Visibility can lead to misclassification
➔ Not possible to reproduce
38
Inferring if a specific AS is using RPKI-based filtering on
the basis of uncontrolled experiments is prone to
misclassification!
![Page 39: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/39.jpg)
Controlled Experiments
39
![Page 40: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/40.jpg)
Controlled ExperimentsHand-crafted ROAs and BGP Updates
40
![Page 41: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/41.jpg)
Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates
➔ Limited Control
◆ We know the routing policy of origin AS
41
![Page 42: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/42.jpg)
Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates
➔ Limited Control
◆ We know the routing policy of origin AS
◆ Can distinguish between RPKI-based filtering vs. filtering
based on other attributes by changing ROAs/Updates
42
![Page 43: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/43.jpg)
Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates
➔ Limited Control
◆ We know the routing policy of origin AS
◆ Can distinguish between RPKI-based filtering vs. filtering
based on other attributes by changing ROAs/Updates
➔ Limited Visibility is less of an issue, we only care about
our prefixes
43
![Page 44: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/44.jpg)
Controlled Experiments: AdvantagesHand-crafted ROAs and BGP Updates
➔ Limited Control
◆ We know the routing policy of origin AS
◆ Can distinguish between RPKI-based filtering vs. filtering
based on other attributes by changing ROAs/Updates
➔ Limited Visibility is less of an issue, we only care about
our prefixes
➔ Can repeat experiments and target specific AS.
44
![Page 45: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/45.jpg)
Controlled Experiments: Our Setup
Announce prefixes PA (Anchor) and PE (Experiment)
+ Same RIR DB route object+ Same length+ Minimal bit difference+ Announced at the same time+ Announced from same origin
AS+ Announced to same peers
BGP
Issue ROAs for both prefixes
Periodically change ROA for experiment prefix
➔ Flips announcement from VALID to INVALID to VALID once a day
(Yes, we operate a grandchild RPKI CA ;))
RPKI
45
![Page 46: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/46.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly
PA
PE
VP
Vantage point chooses routes with same AS path
Origin
Origin announces prefixes: PA(valid) and PE (valid)
46
![Page 47: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/47.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly
PA
PE
VP
Vantage point chooses routes with same AS path
Origin
Origin announces prefixes: PA(valid) and PE (valid)
47
![Page 48: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/48.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly
PA
VP Origin
Origin announces prefixes: PA(valid) and PE (invalid)
Observation 1: VP has no route for PE now that it’s announcement is invalid
Conclusion: VP is using RPKI-based filtering.
48
![Page 49: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/49.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point peer directly
PA
VP
Vantage point chooses routes with different AS path
Origin announces prefixes: PA(valid) and PE (invalid)
Observation 2: VP has route via AS X for PE now that it’s announcement is invalid
Conclusion: VP uses RPKI-based filtering selectively.
AS X PE
Origin
49
![Page 50: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/50.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
PE
VP
Vantage point chooses routes with same AS path Origin announces prefixes:
PA(valid) and PE (valid)
OriginAS X
50
![Page 51: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/51.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
PE
VP
Vantage point chooses routes with same AS path Origin announces prefixes:
PA(valid) and PE (valid)
OriginAS X
51
![Page 52: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/52.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
VP
Origin announces prefixes: PA(valid) and PE (invalid)
OriginAS X
Observation 1: VP has no route for PE now that it’s announcement is invalid
Conclusion: VP or AS X (or both) are using RPKI-based filtering.
52
![Page 53: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/53.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
VP
Origin announces prefixes: PA(valid) and PE (invalid)
AS X
Observation 2: VP has different route for PE now that it’s announcement is invalid
Conclusion: VP or AS X (or both) are using RPKI-based filtering.
Origin
PEAS Y
53
![Page 54: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/54.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
VP
Origin announces prefixes: PA(valid) and PE (invalid)
AS X
Observation 2: VP has different route for PE now that it’s announcement is invalid
Conclusion: VP or AS X (or both) are using RPKI-based filtering.
Origin
PEAS Y
54
Resolve ambiguity by:
➔ Establishing direct peering with VP
![Page 55: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/55.jpg)
Controlled Experiments: ObservationsSituation: Origin and vantage point do not peer directly, other AS on path
PA
VP
Origin announces prefixes: PA(valid) and PE (invalid)
AS X
Observation 2: VP has different route for PE now that it’s announcement is invalid
Conclusion: VP or AS X (or both) are using RPKI-based filtering.
Origin
PEAS Y
55
Resolve ambiguity by:
➔ Establishing direct peering with VP
➔ Checking if AS X has a vantage point
![Page 56: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/56.jpg)
Results
56
![Page 57: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/57.jpg)
ResultsWe found at least 3 AS that deployed RPKI-based filtering!
None of them are large providers ...
2 AS filtered all invalid routes
1 AS filtered selectively
Another measurement study found other results.
57
![Page 58: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/58.jpg)
ResultsWe found at least 3 AS that deployed RPKI-based filtering!
None of them are large providers ...
2 AS filtered all invalid routes
1 AS filtered selectively
Another measurement study found other results.
58
Confirmed by repeated experiments and
talking to operators.
![Page 59: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/59.jpg)
Conclusion
➔ Controlled experiments are crucial to measuring adoption of RPKI-based filtering policies
➔ There are ASes that do RPKI-based filtering. Not many, not the big ones, but at least some (>3).
Internet infrastructure requires proper monitoring.
➔ Uncontrolled experiments are unsuited to infer RPKI-based filtering policies
59
![Page 60: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/60.jpg)
➔ We will extend our measurement methodology.
➔ We will establish a live monitoring system with public access.
BGP monitoring is based on collaboration!
➔ Please, establish direct peering with PEERING testbed.◆ https://peering.usc.edu/peering/
➔ Please, peer with public route collectors.
Next Steps
60
![Page 61: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/61.jpg)
➔ We will extend our measurement methodology.
➔ We will establish a live monitoring system with public access.
BGP monitoring is based on collaboration!
➔ Please, establish direct peering with PEERING testbed.◆ https://peering.usc.edu/peering/
➔ Please, peer with public route collectors.
Next Steps
61
Have you enabled RPKI-based OV on a router today?
![Page 62: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/62.jpg)
Backup
62
![Page 63: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/63.jpg)
63
![Page 64: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/64.jpg)
64
![Page 65: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/65.jpg)
65
![Page 66: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/66.jpg)
Path Diversity
➔ Invalid routes tend to have different AS paths than non-invalid routes
Path Diversity Distribution of a single vantage point
When invalid routes are included, path diversity of some origins increases
For ~50% of origins, there is exactly one distinct AS path
66
![Page 67: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/67.jpg)
Vantage Point Visibility MattersPrefixes and their Origins
Some VP have near ‘global’ view
Some VPs see barely anything
67
![Page 68: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/68.jpg)
Vantage Point Visibility MattersPrefixes of invalid routes and their reasons for invalidity
Some VPs have very few invalid prefixes
Some none at all
68
![Page 69: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/69.jpg)
Vantage Point Visibility Matters
➔ Virtually all VPs have some origin AS they only ‘see’ incompletely. Oops!
Per-Origin Prefix Visibility
69
![Page 70: Measuring Adoption of RPKI Route Validation and …...Prefix hijacking prevention using Resource Public Key Infrastructure Enter RPKI ROA Data Route Origin Validation + Authorization](https://reader033.fdocuments.us/reader033/viewer/2022050612/5fb2d87aa87547679d65cd56/html5/thumbnails/70.jpg)
Invalid Announcements: Path Diversity
70