Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

BGP Secure Routing Extension (BGP-SRx): Reference Implementation and Test Tools for Emerging BGP Security Standards

Published

Author(s)

Oliver Borchert, Kyehwan Lee, Kotikalapudi Sriram, Douglas Montgomery, Patrick Gleichmann

Abstract

In this paper, we first describe the problem space. Following that, we describe the design and implementation of the NIST reference implementation for RPKI-based route origin validation (BGP-OV) and BGPsec path validation (BGP-PV) within a BGP router. The system we developed is called BGP Secure Routing Extension (BGP-SRx). We describe the system design, explain the design choices, communications between all components, and present the performance measurements obtained during the implementation stages. This paper is organized so that it first explains the high-level system design with a brief explanation of all components and how they interact. We will explain why we chose this design and provide a discussion of its benefits as well as shortcomings. Furthermore, we show which open-source components we chose and how we extended them for this project. The BGP-SRx implementation is a reference implementation for RPKI-OV with all its router side components as specified in RFC 6811, RFC 6810, and RFC 8210 as well as for BGPsec path validation as specified in RFC 8205 and RFC 8608. The implementation allowed early identification of issues while the specifications were still under development, hence provided important feedback to the development of the different IETF RFCs
Citation
Technical Note (NIST TN) - 2060
Report Number
2060

Keywords

Border Gateway Protocol (BGP) security, BGP origin validation (BGP-OV), BGP path validation (BGP-PV), BGPsec, Internet infrastructure security, Resource Public Key Infrastructure (RPKI), Routing security, and robustness

Citation

Borchert, O. , Lee, K. , Sriram, K. , Montgomery, D. and Gleichmann, P. (2021), BGP Secure Routing Extension (BGP-SRx): Reference Implementation and Test Tools for Emerging BGP Security Standards, Technical Note (NIST TN), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.TN.2060, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933002 (Accessed March 29, 2024)
Created September 15, 2021, Updated November 29, 2022