Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange
Josh Bailey , Dean Pemberton , Andy Linton , Cristel Pelsser and Randy Bush
This 2014 conference poster, by Josh Bailey and 4 coauthors, was presented at HotSDN 2014 (Poster session). Topics covered include bgp, rpki, routing security, openflow, and security.
Full author list: Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, and Randy Bush.
Abstract
Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.
Publication Details
- Publication Type
- poster
- Publication Date
- August 2014
- Published In
- HotSDN 2014 (Poster session)
- Location
- Chicago, IL, USA
- Digital Object Identifier (DOI)
- 10.1145/2620728.2620769
- External Link
- https://conferences.sigcomm.org/sigcomm/2014/hotsd…
Suggested citation
Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, and Randy Bush. 2014. Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange. In HotSDN 2014 (Poster session). Chicago, IL, USA. https://doi.org/10.1145/2620728.2620769
BibTeX Citation
BibTeX Citation
@poster{Bailey2014a,
title = {Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange},
author = {Josh Bailey and Dean Pemberton and Andy Linton and Cristel Pelsser and Randy Bush},
year = 2014,
month = aug,
booktitle = {{HotSDN} 2014 (Poster session)},
address = {Chicago, IL, USA},
doi = {10.1145/2620728.2620769},
url = {https://conferences.sigcomm.org/sigcomm/2014/hotsdn.php},
abstract = {Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.},
groups = {Posters},
keywords = {BGP, RPKI, Routing Security, OpenFlow, security}
}
Related publications
Enforcing RPKI-based routing policy on the data plane at an internet exchange
Josh Bailey, Dean Pemberton, and Andy Linton, et al.
Proceedings of the third workshop on Hot topics in software defined networking, HotSDN '14, 2014
BGP Communities: Even more Worms in the Routing Can
Florian Streibelt, Franziska Lichtblau, and Robert Beverly, et al.
Proceedings of the Internet Measurement Conference 2018, IMC 2018, 2018
Measuring the Impact of RPKI on the BGP Updates Volume
Samuele Quinzi, Cristel Pelsser, and Giuseppe Di Battista
Proceedings of the ACM on Networking, 2026
Internet Science Moonshot: Expanding BGP Data Horizons
Thomas Alfroy, Thomas Holterbach, and Thomas Krenc, et al.
Proceedings of the 22nd ACM Workshop on Hot Topics in Networks HotNets, 2023