Routing Security	Daniel KarrenbergRIPE NCC<daniel.karrenberg@ripe.net>
Who is talking: Daniel Karrenberg•   1980s: helped build Internet in Europe     - EUnet, Ebone, IXes, ...     - RIPE•   19...
Who is talking: Daniel Karrenberg•   RIPE NCC    - started in 1992    - first Regional Internet Registry (RIR)    - Associa...
Outline•   Internet Routing     -   How it works     -   What makes it work in practice     -   What can go wrong today•  ...
The Internet               5
Part(s) of the Internet                          6
“Autonomous Systems”                       7
Packet Flow              8
Routing Information Flow (BGP)                                 9
Both Directions are Needed                             10
Choice and Redundancy                        11
Questions?
What makes it work                     13
Business Relationships                         14
Transmission Paths                     15
Routing Engineering                      16
Routing Engineering Methods•   Inbound Traffic     - Selectively announce routes.     - Very little control over preference...
Routing Engineering Principles•   Autonomous Decisions by each AS•   Local tools•   Local strategies•   Local knowlege•   ...
Questions?
What can go wrong•   Misconfiguration     - Announcing too many routes (unitentional transit)     - Originating wrong route...
Hijacking            21
Hijacking            22
Hijacking            23
Questions?
Examples•   YouTube & Pakistan Telecom (2008)•   A number of full table exports•   Various route leaks from China (2010)  ...
Outline•   Internet Routing     -   How it works     -   What makes it work in practice     -   What can go wrong today•  ...
Routing Hygiene•   Do not accept customer routes from peers or     upstreams•   Limit number of prefixes accepted per adjac...
Routing Hygiene•   Is applied locally / autonomously•   Has a cost•   Subservient to routing engineering     - No obstruct...
Resource Certification - Motivation•   Good practice:     - to register routes in an IRR     - to filter routes based on IRR...
Resource Certification – Definition    “Resource certification is a reliable method        for proving the association betw...
Digital Resource Certificates•   Based on open IETF standards (sidr-wg)•   Issued by the RIPE NCC•   The certificate states...
What Certification offers•   Proof of holdership•   Secure Inter-Domain Routing     - Route Origin Authorisation     - Pref...
Proof of holdership        •   Public Key        •   Resources        •   Signature                         33
Route Origin Authorisation (ROA)        •   IP Prefixes        •   AS Numbers        •   Signature                        ...
Automated Provisioning using ROAs                                 Please route this part                                  ...
Who Controls Routing?•   Certificates do not create additional powers for     the Regional Internet Registries•   Certificat...
4 out of 5 Regional InternetRegistries have RPKI in production                                     37
Obstacles•   Fear of loosing autonomy•   Cost•   Low threat perception•   Fear of loosing business advantage•   Fear of lo...
Questions?
My Messages Today• Routing    security needs to be improved  - Accidents  do happen ... sometimes  - Hijackings do happen ...
My Messages Today• Industryis addressing the problems  - Local measures taken autonomously  - RPKI being deployed by RIRs ...
Outline•   Internet Routing     -   How it works     -   What makes it work in practice     -   What can go wrong today•  ...
The End!             Kрай             Y Diwedd                                       Fí                  Соңы             ...
Upcoming SlideShare
Loading in …5
×

Secure Routing

2,397 views

Published on

Presentation given by Daniel Karenberg during NANOG 51

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,397
On SlideShare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Secure Routing

  1. 1. Routing Security Daniel KarrenbergRIPE NCC<daniel.karrenberg@ripe.net>
  2. 2. Who is talking: Daniel Karrenberg• 1980s: helped build Internet in Europe - EUnet, Ebone, IXes, ... - RIPE• 1990s: helped build RIPE NCC - 1st CEO: 1992-2000• 2000s: Chief Scientist & Public Service - Trustee of the Internet Society: IETF, ... - Interests: Internet measurements, stability, trust & identity in the Internet, ... 2
  3. 3. Who is talking: Daniel Karrenberg• RIPE NCC - started in 1992 - first Regional Internet Registry (RIR) - Association of 7000+ ISPs - 70+ countries in “Europe & surrounding areas” - operational coordination - number resource distribution - trusted source of data - Motto: Neutrality & Expertise - not a lobby group! 3
  4. 4. Outline• Internet Routing - How it works - What makes it work in practice - What can go wrong today• Risk Mitigation - Routing Hygiene - Resource certification & checks - Obstacles• Discussion 4
  5. 5. The Internet 5
  6. 6. Part(s) of the Internet 6
  7. 7. “Autonomous Systems” 7
  8. 8. Packet Flow 8
  9. 9. Routing Information Flow (BGP) 9
  10. 10. Both Directions are Needed 10
  11. 11. Choice and Redundancy 11
  12. 12. Questions?
  13. 13. What makes it work 13
  14. 14. Business Relationships 14
  15. 15. Transmission Paths 15
  16. 16. Routing Engineering 16
  17. 17. Routing Engineering Methods• Inbound Traffic - Selectively announce routes. - Very little control over preferences by other ASes.• Outbound Traffic - Decide which of the known routes to use.• Inputs - Cost - Transmission Capacity - Load - Routing State 17
  18. 18. Routing Engineering Principles• Autonomous Decisions by each AS• Local tools• Local strategies• Local knowlege• Business advantages• Autonomous Decisions by each AS• (One of the reasons for rapid growth of the Internet) 18
  19. 19. Questions?
  20. 20. What can go wrong• Misconfiguration - Announcing too many routes (unitentional transit) - Originating wrong routes• Malicious Actions - Originating wrong routes (hijacking) 20
  21. 21. Hijacking 21
  22. 22. Hijacking 22
  23. 23. Hijacking 23
  24. 24. Questions?
  25. 25. Examples• YouTube & Pakistan Telecom (2008)• A number of full table exports• Various route leaks from China (2010) YouTube Movie 25
  26. 26. Outline• Internet Routing - How it works - What makes it work in practice - What can go wrong today• Risk Mitigation - Routing Hygiene - Resource certification & checks - Obstacles• Public Policy Considerations• Discussion 26
  27. 27. Routing Hygiene• Do not accept customer routes from peers or upstreams• Limit number of prefixes accepted per adjacent AS• Use a routing registry - no global authoritative registry exists• Use own knowledge about topology - topology is constantly changing - distruptions can cause drastic changes 27
  28. 28. Routing Hygiene• Is applied locally / autonomously• Has a cost• Subservient to routing engineering - No obstruction - Maintain Autonomy• Cooperation - Trust - Community - Personal Relations 28
  29. 29. Resource Certification - Motivation• Good practice: - to register routes in an IRR - to filter routes based on IRR data• Problem: - only useful if the registries are complete - many IRRs exist, lacking standardisation• Result: - Less than half of all prefixes are registered in an IRR - Real world filtering is difficult and limited - Accidental leaks happen, route hijacking is possible 29
  30. 30. Resource Certification – Definition “Resource certification is a reliable method for proving the association between resource holders and Internet resources.” 30
  31. 31. Digital Resource Certificates• Based on open IETF standards (sidr-wg)• Issued by the RIPE NCC• The certificate states that an Internet number resource has been registered by the RIPE NCC• The certificate does not give any indication of the identity of the holder• All further information on the resource can be found in the registry 31
  32. 32. What Certification offers• Proof of holdership• Secure Inter-Domain Routing - Route Origin Authorisation - Preferred certified routing• Resource transfers• Validation is the added value! 32
  33. 33. Proof of holdership • Public Key • Resources • Signature 33
  34. 34. Route Origin Authorisation (ROA) • IP Prefixes • AS Numbers • Signature 34
  35. 35. Automated Provisioning using ROAs Please route this part of my network: 192.0.2.0/24 Please sign a ROA for that resource using my AS number OK, I signed and published a ROA OK, that ROA is valid. I can trust this request 35
  36. 36. Who Controls Routing?• Certificates do not create additional powers for the Regional Internet Registries• Certificates reflect the resource registration status - no registration → no certificate - the reverse is not true!• Routing decisions are made by network operators! 36
  37. 37. 4 out of 5 Regional InternetRegistries have RPKI in production 37
  38. 38. Obstacles• Fear of loosing autonomy• Cost• Low threat perception• Fear of loosing business advantage• Fear of loosing autonomy 38
  39. 39. Questions?
  40. 40. My Messages Today• Routing security needs to be improved - Accidents do happen ... sometimes - Hijackings do happen ... sometimes• The sky is not falling - It does not happen all the time - It does not affect large areas of the Internet 40
  41. 41. My Messages Today• Industryis addressing the problems - Local measures taken autonomously - RPKI being deployed by RIRs - RPKI based routing tools being developed - RPKI based routing protocols being studied in IETF 41
  42. 42. Outline• Internet Routing - How it works - What makes it work in practice - What can go wrong today• Risk Mitigation - Routing Hygiene - Resource certification & checks - Obstacles• Discussion 42
  43. 43. The End! Kрай Y Diwedd Fí Соңы Finis Liðugt Ende Finvezh KiнецьKonec Kraj Ënn FundLõpp Beigas Vége Son Kpaj An Críoch ‫הסוף‬ EndirFine Sfârşit Fin Τέλος Einde Конeц Slut Slutt Pabaiga Amaia Loppu Tmiem Koniec Fim

×