Currently Border Gateway Protocol (BGP), the Internet’s core routing protocol, is susceptible to IP address hijacking attacks. Examples of this are when Pakistan accidentally blackholed all traffic to Youtube, and when traffic was rerouted through Belarus and Iceland in 2013. In response to these type of events, and to the continuing vulnerability in IP address hijacking, the IETF Secure Inter-Domain Routing (SIDR) working group developed the Resource Public Key Infrastructure (RPKI).
Borrowing many concepts from other Public Key Infrastructure(PKI) implementations, RPKI establishes a hierarchy of trust for BGP routes. Currently, organizations receiving BGP routing updates simply trust that the organization they received the update from is authorized to send it. This is how bad actors and misconfigurations can cause massive traffic redirections. With BGP RPKI, the receiving organization will be able verify that the sending organization is authorized to send the routing update utilizing the RPKI hierarchy of trust.
Like other PKIs, RPKI uses x.509 certificates and a hierarchy of trust rooted at a trust anchor to ‘sign’ route updates. RFC 5280 specifies the usage of X.509 certificates for RPKI, and RFC 3779 defines the extensions to X.509 for IP addresses and Autonomous Systems(AS). However, unlike other PKIs, RPKI does not use Certificate Authorities as trust anchors. Instead RPKI uses Internet Assigned Numbers Authority(IANA) as the trust anchor, and Regional Internet Registries(RIR) as immediately subordinate nodes to that anchor. This not only alleviates load on the sole trust anchor, but increases security by distributing the signing authority by region.
For a more detailed look at BGP RPKI check out Geoff Huston’s and Randy Bush’s great introduction to the subject in the IETF journal.
The main RFCs defining RPKI are RFC 6810 and RFC 6811. In addition, here are other relevant RFCs relating to RPKI.
[table id=6 /]
For more information on Securing BGP, check out some of our other Securing BGP resources.