Presentation by Daniel Karrenberg

1. Routing Security
Daniel Karrenberg
RIPE NCC
<daniel.karrenberg@ripe.net>

2. Who is talking: Daniel Karrenberg
• 1980s: helped build Internet in Europe
- EUnet, Ebone, IXes, ...
- RIPE
• 1990s: helped build RIPE NCC
- 1st CEO: 1992-2000
• 2000s: Chief Scientist & Public Service
- Trustee of the Internet Society: IETF, ...
- Interests: Internet measurements, stability,
trust & identity in the Internet, ...
2

3. Who is talking: Daniel Karrenberg
• RIPE NCC
- started in 1992
- first Regional Internet Registry (RIR)
- Association of 7000+ ISPs
- 70+ countries in “Europe & surrounding areas”
- operational coordination
- number resource distribution
- trusted source of data
- Motto: Neutrality & Expertise
- not a lobby group!
3

4. Outline
• Internet Routing
- How it works
- What makes it work in practice
- What can go wrong today
• Risk Mitigation
- Routing Hygiene
- Resource certification & checks
- Obstacles
• Discussion
4

5. The Internet
5

6. Part(s) of the Internet
6

7. “Autonomous Systems”
7

8. Packet Flow
8

9. Routing Information Flow (BGP)
9

10. Both Directions are Needed
10

11. Choice and Redundancy
11

12. Questions?

13. What makes it work
13

14. Business Relationships
14

15. Transmission Paths
15

16. Routing Engineering
16

17. Routing Engineering Methods
• Inbound Traffic
- Selectively announce routes.
- Very little control over preferences by other ASes.
• Outbound Traffic
- Decide which of the known routes to use.
• Inputs
- Cost
- Transmission Capacity
- Load
- Routing State
17

18. Routing Engineering Principles
• Autonomous Decisions by each AS
• Local tools
• Local strategies
• Local knowlege
• Business advantages
• Autonomous Decisions by each AS
• (One of the reasons for rapid growth of the
Internet)
18

19. Questions?

20. What can go wrong
• Misconfiguration
- Announcing too many routes (unitentional transit)
- Originating wrong routes
• Malicious Actions
- Originating wrong routes (hijacking)
20

21. Hijacking
21

22. Hijacking
22

23. Hijacking
23

24. Questions?

25. Examples
• YouTube & Pakistan Telecom (2008)
• A number of full table exports
• Various route leaks from China (2010)
YouTube Movie
25

26. Outline
• Internet Routing
- How it works
- What makes it work in practice
- What can go wrong today
• Risk Mitigation
- Routing Hygiene
- Resource certification & checks
- Obstacles
• Public Policy Considerations
• Discussion
26

27. Routing Hygiene
• Do not accept customer routes from peers or
upstreams
• Limit number of prefixes accepted per adjacent
AS
• Use a routing registry
- no global authoritative registry exists
• Use own knowledge about topology
- topology is constantly changing
- distruptions can cause drastic changes
27

28. Routing Hygiene
• Is applied locally / autonomously
• Has a cost
• Subservient to routing engineering
- No obstruction
- Maintain Autonomy
• Cooperation
- Trust
- Community
- Personal Relations
28

29. Resource Certification - Motivation
• Good practice:
- to register routes in an IRR
- to filter routes based on IRR data
• Problem:
- only useful if the registries are complete
- many IRRs exist, lacking standardisation
• Result:
- Less than half of all prefixes are registered in an IRR
- Real world filtering is difficult and limited
- Accidental leaks happen, route hijacking is possible
29

30. Resource Certification – Definition
“Resource certification is a reliable method
for proving the association between
resource holders and Internet resources.”
30

31. Digital Resource Certificates
• Based on open IETF standards (sidr-wg)
• Issued by the RIPE NCC
• The certificate states that an Internet number
resource has been registered by the RIPE NCC
• The certificate does not give any indication of the
identity of the holder
• All further information on the resource can be
found in the registry
31

32. What Certification offers
• Proof of holdership
• Secure Inter-Domain Routing
- Route Origin Authorisation
- Preferred certified routing
• Resource transfers
• Validation is the added value!
32

33. Proof of holdership
• Public Key
• Resources
• Signature
33

34. Route Origin Authorisation (ROA)
• IP Prefixes
• AS Numbers
• Signature
34

35. Automated Provisioning using ROAs
Please route this part
of my network:
192.0.2.0/24
Please sign a ROA
for that resource using my
AS number
OK, I signed and
published a ROA
OK, that ROA is valid.
I can trust this request
35

36. Who Controls Routing?
• Certificates do not create additional powers for
the Regional Internet Registries
• Certificates reflect the resource registration status
- no registration → no certificate
- the reverse is not true!
• Routing decisions are made by
network operators!
36

37. 4 out of 5 Regional Internet
Registries have RPKI in production
37

38. Obstacles
• Fear of loosing autonomy
• Cost
• Low threat perception
• Fear of loosing business advantage
• Fear of loosing autonomy
38

39. Questions?

40. My Messages Today
• Routing security needs to be improved
- Accidents do happen ... sometimes
- Hijackings do happen ... sometimes
• The sky is not falling
- It does not happen all the time
- It does not affect large areas of the Internet
40

41. My Messages Today
• Industryis addressing the problems
- Local measures taken autonomously
- RPKI being deployed by RIRs
- RPKI based routing tools being
developed
- RPKI based routing protocols being
studied in IETF
41

42. Outline
• Internet Routing
- How it works
- What makes it work in practice
- What can go wrong today
• Risk Mitigation
- Routing Hygiene
- Resource certification & checks
- Obstacles
• Discussion
42

43. The End! Kрай Y Diwedd
Fí
Соңы Finis
Liðugt
Ende Finvezh Kiнець
Konec Kraj Ënn Fund
Lõpp Beigas Vége Son Kpaj
An Críoch
‫הסוף‬ Endir
Fine Sfârşit Fin Τέλος
Einde
Конeц Slut Slutt
Pabaiga
Amaia Loppu Tmiem Koniec
Fim