Preventing Route Leaks using a Decentralized Approach

In the inter-domain routing infrastructure, a route leak is defined as a violation of the routing policy agreed between two Autonomous Systems (AS). Specifically, one AS leaks a route from another AS. There are many examples where route leaks have resulted in large-scale outages on the Internet, taking down several services. Although route leaks seem a simple problem, the solution is complex because: (i) ASes consider -partiallyrouting policy private, (ii) lack of a formal and standard language to express routing policy and (iii) BGP lacks adequate cryptographic-based security. In this paper, we present a novel architecture that provides a solution to route leaks by addressing these three key issues. We define a formal language to express routing policy and we design a blockchain-based architecture to securely communicate it. Our decentralized architecture allows having private policies and interfaces with the current BGP infrastructure seamlessly.

[1]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[2]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[3]  Olivier Bonaventure,et al.  On BGP communities , 2008, CCRV.

[4]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[5]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[6]  Xavier Masip-Bruin,et al.  Route leak identification: A step toward making inter-domain routing more reliable , 2014, 2014 10th International Conference on the Design of Reliable Communication Networks (DRCN).

[7]  Ljiljana Trajkovic,et al.  Classifying anomalous events in BGP datasets , 2016, 2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[8]  T. V. Lakshman,et al.  The Internet Blockchain: A Distributed, Tamper-Resistant Transaction Framework for the Internet , 2016, HotNets.

[9]  Murat Can Ganiz,et al.  An anomaly detection framework for BGP , 2011, 2011 International Symposium on Innovations in Intelligent Systems and Applications.

[10]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[11]  Jian Jin,et al.  BGP Route Leak Prevention Based on BGPsec , 2018, 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall).

[12]  Ravishanker Chandra,et al.  BGP Communities Attribute , 1996, RFC.

[13]  Olivier Bonaventure,et al.  A survey of the utilization of the BGP community attribute , 2002 .

[14]  Anja Feldmann,et al.  BGP Communities: Even more Worms in the Routing Can , 2018, Internet Measurement Conference.

[15]  Danny McPherson,et al.  Problem Definition and Classification of BGP Route Leaks , 2016, RFC.

[16]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[17]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.