Back from Nanog45
last week I came back from the Dominican republic where I visited the Nanog45 conference. It was quite an interesting conference with lots of interesting people.
I enjoyed many of the presentations and I'm happy to see that the subject of BGP security and especially hijacks are receiving more and more attention from the operators community. Some of the BGP security related presentations were about bgp hijacks of cc-tld's as well as a lightning talk about the RPKI initiative.
There was a very interesting presentation about a comparison of different BGP hijack detection techniques, Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms. After hearing that I think BGPmon.net is fairly unique in the way it detects and classifies hijacks by using a combination of user defined information, historical BGP data as well as IRR data.
During the Hijacking and Tools BOF I presented about BGPmon.net. I was very happy with the feedback I received during the presentation as well as the days after.
I talked with many people about this tool and learned about your experiences. I'm now filled with inspiration and ideas again. For those interested, the presentation, I made a screencast of the presentation, check it out here: http://bgpmon.net/screencast.php
4 comments
What do you think about Lutz Donnerhacke’s work on checking BGP-announcements by DNSSEC ?
Hi Leen,
Actually I didn’t hear about this before. I read the draft this morning and it’s interesting stuff.
I do think that if we want to do any form of route announcement verification that we probably need to offload this to some kind of specialized server/service. This can be done using DNS, SOAP or a new protocol.
It reminds me of what we see in the GMPLS world. Where multilayer path finding is getting way to complicated for the devices its’ self. They came up with something they call PCE (path computation element) which is a seperate entity doing just the (constrains based, multi layer) path finding.
I think for some kind of secure routing initiative we should probably consider an approach like that as well.
Cheers,
Andree
The good thing about DNS is, it can be cached. I guess you could do that with SOAP or whatever, but DNS means it can also be easily distributed.
__
Did you also see the BGP Monitoring Protocol while you were there ? It seems to fit so well with what you do and things like a PCE-like device.
http://www.nanog.org/meetings/nanog45/abstracts.php?pt=MTM2NiZuYW5vZzQ1&nm=nanog45
I actually asked our SE about this right after I saw the talk at nanog. Looks interesting. It seems that it’s just released in JUNOS 9.5