Cristel Pelsser
International Conferences

Enforcing RPKI-based routing policy on the data plane at an internet exchange

Josh Bailey , Dean Pemberton , Andy Linton , Cristel Pelsser and Randy Bush

Proceedings of the third workshop on Hot topics in software defined networking, HotSDN '14 August 2014 Pages 211--212
Featured image for Enforcing RPKI-based routing policy on the data plane at an internet exchange
BGP RPKI Routing Security OpenFlow security
Download PDF Publisher Link

Abstract

Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.

Publication Details

Publication Type
Conference Paper
Publication Date
August 2014
Published In
Proceedings of the third workshop on Hot topics in software defined networking, HotSDN '14
Pages
211--212
Publisher
ACM
Location
Chicago, IL, USA
Digital Object Identifier (DOI)
10.1145/2620728.2620769

Suggested citation

Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, and Randy Bush. 2014. Enforcing RPKI-based routing policy on the data plane at an internet exchange. In Proceedings of the third workshop on Hot topics in software defined networking, HotSDN '14. ACM, Chicago, IL, USA, 211–212. https://doi.org/10.1145/2620728.2620769

BibTeX Citation

@inproceedings{Bailey2014,
	title        = {Enforcing RPKI-based routing policy on the data plane at an internet exchange},
	author       = {Josh Bailey and Dean Pemberton and Andy Linton and Cristel Pelsser and Randy Bush},
	year         = 2014,
	month        = aug,
	booktitle    = {Proceedings of the third workshop on Hot topics in software defined networking, {HotSDN} '14},
	publisher    = {ACM},
	address      = {Chicago, IL, USA},
	pages        = {211--212},
	doi          = {10.1145/2620728.2620769},
	editor       = {Aditya Akella and Albert G. Greenberg},
	abstract     = {Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.},
	bibsource    = {dblp computer science bibliography, https://dblp.org},
	biburl       = {https://dblp.org/rec/conf/sigcomm/BaileyPLPB14.bib},
	groups       = {International Conferences},
	keywords     = {BGP, RPKI, Routing Security, OpenFlow, security}
}

Related publications

Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange

Josh Bailey, Dean Pemberton, and Andy Linton, et al.

HotSDN 2014 (Poster session), 2014

BGP Communities: Even more Worms in the Routing Can

Florian Streibelt, Franziska Lichtblau, and Robert Beverly, et al.

Proceedings of the Internet Measurement Conference 2018, IMC 2018, 2018

Internet Science Moonshot: Expanding BGP Data Horizons

Thomas Alfroy, Thomas Holterbach, and Thomas Krenc, et al.

Proceedings of the 22nd ACM Workshop on Hot Topics in Networks HotNets, 2023

Revisiting Recommended BGP Route Flap Damping Configurations

Clemens Mosig, Randy Bush, and Cristel Pelsser, et al.

Proc. of Network Traffic Measurement and Analysis Conference (TMA), 2021