1 / 7

BGP-SRx BGP - Secure Routing Extension BRITE

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery (dougm@nist.gov). BGP SRx Overview. BGP Secure Routing Extension (SRx)

fayt
Download Presentation

BGP-SRx BGP - Secure Routing Extension BRITE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery (dougm@nist.gov) IETF 80

  2. BGP SRx Overview • BGP Secure Routing Extension (SRx) • Software router with extensions for: RPKI Rtr cache maintenance, validation of updates, new BGP route policies. • SRx – implemented as extension for Quagga routing platform. Designed to support other platforms (e.g., XORP, etc). • Designed to support experimentation with different architectural configurations of SRx and RPKI components. • Status • BGP SRx frame work with RPKI cache and ROA processing implemented. • draft-ietf-sidr-rpki-rtr-11 • draft-ietf-sidr-roa-validation-10.txt, draft-ietf-sidr-pfx-validate-01 • TBD • draft-ietf-sidr-origin-validation-signaling-00 RPKI Validating Cache RPKI Validating Cache RPKI Validating Cache BGP SRx BGP SRx BGP SRx BGP Router BGP Router BGP Router IETF 80

  3. BGP SRx Implementation • SRx Server • Independent process – through proxy shim in router. • Supports asynchronous validation (lazy or blocking). • Supports multiple caches …. and multiple routers. • Policies • Ignore Invalid • Ignore Unknown • Modify LocPref • Tie Break IETF 80

  4. RPKI/RTR Prot. SRx Router Prot. BGP Protocol SRx Deployment Options RPKI Validation Cache RPKI Validation Cache SRx Supporting Multiple Routers AS 1 BGP SRx BGP SRx BGP SRx AS 2 IETF 80

  5. ROA RSYNC White List Collector / Generator Traffic Generator Collector RSYNC RPKI/RTR Protocol BGP Protocol BRITE Design Overview BRITE Test Controller WEB Interface IUT RPKI Validation Cache IETF 80

  6. BRITE Overview • BGPSEC / RPKI Interoperability Test & Evaluation • Distributed test and evaluation framework for: • RPKI / BGP Security implementation testing, • Configuration and deployment testing. • Flexible XML based test / scenario scripting language. • Can test all components / interfaces of BGP security system. • RPKI Validating Caches. • Cache to Router Protocol. • ROA Processing in BGP Router. • Online Testing Service. • WWW interface to BRITE. • Multi-user infrastructure. • Real time test monitoring & reporting. • Other diagnostics – log files, traffic traces available for download. IETF 80

  7. BRITE Web Interface Test Progress Test Timeline Events: M=Multiple A =Activation B =BGP W=Whitelist Experiment Log Goal Tree Wait to be activated Currently processing Finished successful IETF 80

More Related