Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Summary

 

We live in a network-centric society that increasingly relies on the Internet’s routing infrastructure to facilitate human communication, connect users to online services, interconnect distinct components of modern cloud computing systems, and enable devices to interact in the Internet of Things (IoT).     

Internet Routing Infrastructure

As originally designed, the Internet’s routing infrastructure has systemic vulnerabilities that expose many critical systems to theft of service, loss of privacy, and wide-scale outages.  NIST is working with industry to design, standardize, and foster deployment of technologies to improve the security and resilience of Internet Routing

 

Description

Robust Inter-Domain Routing project info graphic

Today’s global Internet is comprised of roughly 800,000 distinct destinations interconnected by 60,000 enterprise and Internet Service Provider (ISP) networks.   The Border Gateway Protocol (BGP) is the “glue” that enables the modern Internet, by exchanging reachability information about each destination among interconnected ISPs.  Each autonomous network uses BGP data, along with its own business policies, to compute the paths which user data will follow. 

As currently deployed, BGP lacks the ability to authenticate these global information exchanges and doesn’t provide means to detect and mitigate large-scale policy violations.  The result is ever-increasing occurrences of “BGP Hijacks” in which malicious parties falsely claim reachability to destinations to steal their traffic, or forge information about their paths to detour traffic along routes that facilitate other attacks on the communicating systems and the information they exchange.

BGP Hijacks steal and divert Internet traffic to attackers.
BGP Hijacks steal and divert Internet traffic to attackers.

In addition to malicious hijacks, common configuration errors often result in large-scale “BGP leaks” in which routing information is exchanged in violation of contracted business policies and engineered network capacity designs.  These leaks often result in wide-scale outages that affect entire national-scale communication infrastructures for hours.

Graph of BGP hijack and leak frequency
ISOC Analysis of frequency of BGP hijack and leak incidents in 2021.
Credit: Internet Society and BGPstream

NIST, in collaboration with the Department of Homeland Security Science and Technology Directorate (DHS S&T), is working closely with the internet industry to design, standardize and foster deployment of extensions to BGP to address these security and robustness issues.    

NIST staff are leading contributors to the development of Internet Engineering Task Force (IETF) specifications for  BGP protocol extensions to mitigate malicious attacks and route leaks.  NIST developed reference implementations, test systems, measurement tools, performance analyses and deployment guidance are serving as a catalyst for the emerging global deployment of these critical technologies.

 

Major Accomplishments

 

See list of Associated Products for a complete listing of our technical contributions.

Poster describing the problem of BGP route leaks
Detection and Mitigation of Route Leaks in the Border Gateway Protocol
Created August 14, 2016, Updated January 28, 2024