Analysis of the security vulnerability of BGP functioning and the reasons for complexity of dealing with them.
Abstract
This article investigates and analyzes the vulnerabilities of BGP from its algorithmic behavior and from the mechanics of debugging autonomous systems according to the requirements of this protocol. It also provides a systematic analysis of the issue of the introduction of approved IETF extensions to this protocol, the issues of testing new solutions, as well as the reasons for the total or partial rejection of their final public use. Based on the analysis, possible options for further action to address the described vulnerabilities are described.
References
Rekhter, Y., Sangli, S. R. & Tappan, S. (2006). RFC 4360: BGP Extended Communities Attribute.
Lepinski, M. & Sriram, K. (2017). RFC 8205: BGPsec Protocol Specification.
White, R. (2003). Securing BGP Through Secure Origin BGP. The Internet Protocol Journal, 2003, vol. 6, № 3.
McPherson, D. & Scudder, J. G. (2007). RFC 5065: Autonomous System Confederations for BGP.
Chandra, R., Chen, E. & Bates, T. (2000). RFC 2796: BGP Route Reflection – An Alternative to Full Mesh IBGP.
Snijders, J., Bagdonas, I., Patel, K., Heitz, J. & Hilliard, N. (2017). RFC 8092: BGP Large Communities Attribute.
Chen, E. (2000) RFC 2918: Route Refresh Capability for BGP-4.
Chandra, R. & Scudder, J. G. (2000). RFC 2842: Capabilities Advertisement with BGP-4.
Fernando, R., Sangli, S. R., Rekhter, Y., Chen, E. & Scudder, J. G. (2007). RFC 4724: Graceful Restart Mechanism for BGP.
Villamizar, C., Govindan, R. & Chandra, R. (1998). RFC 2439: BGP Route Flap Damping.
Heffernan, A. (1998). RFC 2385: Protection of BGP Sessions via the TCP MD5 Signature Option.
Touch, J., Mankin, A. & Bonica, R. P. (2010). RFC 5925: The TCP Authentication Option.
Savola, P., Gill, V., Pignataro, C., Meyer, D. & Heasley, J. (2007). RFC 5082: The Generalized TTL Security Mechanism (GTSM).
Subramanian, L., Roth, V., Stoica, I., Shenker, S. & Katz, R. H. (2004). Listen and Whisper: Security Mechanisms for BGP. 1st Symposium Networked System Design and Implementation, pp. 14-16.
Abstract views: 0 PDF Downloads: 0