North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Secure BGP (Was: YouTube IP Hijacking)

  • From: Sandy Murphy
  • Date: Mon Feb 25 18:29:44 2008

>Is there some way of deploying a solution like Secure BGP without
>actually requiring that it go into the routers?

The IETF SIDR wg (shameless plug as I'm wg co-chair) is working on
a way to say with strong assurance who holds what prefixes, and
therefore who can authorize the origination of what prefixes.

This could be used in creating filter lists, answering customer
request (please announce this for me...), checking the RIB out-of-band,

Such info is also the foundation of any yet proposed mechanism for doing
in-band bgp security (S-BGP, soBGP, psBGP, SPV, etc., etc.), but the
sidr work by itself does not need to be done in the router.

Maybe some of you could take a look and comment.

Look for the drafts at