Categories
Events IETF

Rough Guide to IETF 88: Routing Resilience

Security is an important topic for the Internet Engineering Task Force (IETF) in general and at IETF 88 next week in Vancouver in particular. Not for nothing, all RFCs are required to have a ‘Security Considerations’ section to encourage document authors to consider security in their designs and to inform the reader of relevant security issues (RFC3552/BCP72). Security has many facets and the specific focus of each IETF working group (WG) is different. Efforts with the common aim of making Internet infrastructure more resilient and secure are spread across several WGs.

Speaking of security and resilience of the Internet routing infrastructure, there are several WGs that contribute in this area: Secure Inter-Domain Routing (SIDR), Global Routing Operations (GROW), Inter-Domain Routing (IDR), and Operational Security (OPSEC) Working Groups, to name a few.

The SIDR WG is focusing on securing inter-domain routing. The overall architecture is based on a Resource PKI (RPKI), which adds an authentication framework to the Border Gateway Protocol (BGP) – a global routing protocol fundamental to the operation of the Internet – requiring a certificate management infrastructure. This is a key technology for improving trust in the routing infrastructure.

In its current phase, the group is working on the BGPSEC requirements and protocol (see, for instance http://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-reqs/). The work on origin validation, allowing a relying party to check if a network (or an Autonomous System, AS) is legitimately announcing a prefix, is mostly complete from a protocol development perspective. Still, discussions continue around issues like scalability of the repository system and best practices for RPKI origin validation.

For example, a draft “Multiple Repository Publication Points support in the Resource Public Key Infrastructure (RPKI)” aimed at improving scalability and resilience of the RPKI infrastructure has generated quite a bit of discussion.

Since the inception of RPKI there were concerns that the hierarchical PKI structure creates new dependencies and associated risks. For instance, a parent Certificate Authority (CA) might make inappropriate changes to the RPKI, either accidentally or deliberately (e.g., as a result of some form of “government mandate”). A new proposal referred to as “Suspenders” is intended to address this risk. This is not a WG item, but it will be discussed during the SIDR WG meeting.

The focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

For instance, using BGP to implement certain business-driven policies is quite a common practice. Draft draft-ietf-grow-filtering-threats exposes how unexpected traffic flows can emerge in autonomous systems due to the filtering of overlapping BGP prefixes by neighboring domains.

Multilateral interconnection using Internet route servers can dramatically reduce the administrative and operational overhead of IXP participation, and many IXP participants use these systems as a preferred means of exchanging routing information. Draft draft-ietf-grow-ix-bgp-route-server-operations describes operational considerations for multilateral interconnections at IXPs.

Improper handling of malformed BGP attributes may cause serious outages, and even cascading effects affecting other networks. Draft draft-ietf-idr-error-handling, being considered by the IDR WG, discusses the error handling for UPDATE messages, and provides guidelines for the authors of documents defining new attributes. The working group is also working on improving the BGP, and there are several drafts in its portfolio aimed at improving its scalability and resilience.

More immediately, the OPSEC working group, which documents operational issues and best current practices with regard to network security, has a draft in WG last call [draft-ietf-opsec-bgp-security] that summarizes best practices for the security of inter-domain routing, providing guidance for implementing the best approaches to make the system more robust and secure.

In summary, there is a considerable set of work underway across a number of IETF working groups to ensure the Internet’s routing infrastructure is even more secure in both the short and long runs.

Related Working Groups at IETF 88:

IEFT 88 Rough guide: