BRITE - BGPSEC / RPKI Interoperability Test & Evaluation
BRITE is a web-based test and evaluation framework for exercising implementations, configurations and deployments of emerging BGP security technologies, including components of the Resource Public Key Infrastructure (RPKI) and BGP routers that support RPKI-based security extensions. BRITE is currently capable of testing: RPKI validation caches and BGP routers that perform origin validation based upon RPKI ROAs. Future extensions will support BGP routers that support full path validation.
BRITE currently supports the following capabilities / protocol interfaces:
- rsync of RPKI objects from BRITE test suite repositories
- RPKI/Router Protocol (draft-ietf-sidr-rpki-rtr-12 – TCP plain sockets, no SSH transport or TCP-AO)
- BGP-4 (tested interoperability with Cisco IOS, JUNOS, Quagga, OpenBGPD and BIRD)
BRITE is driven by test scripts that describe carefully crafted test scenarios (stimulus inputs from BRITE using the protocols above) and corresponding goals (expected responses from the Implementation Under Test (IUT) using the protocols above). BRITE allows users to login, select a specific test case, interactively configure and run the test case and then browse/download detailed testing reports, packet captures and log files.
An initial suite of scripts have been developed to exercise BGP routers that support Route Origin Validation. These tests only require a BGP router that supports the RPKI/Router protocol and simple route selection policies based upon origin validation state. Additional test suites are under development that focus on validation cache behavior and more advanced tests of origin validation behavior and scaling.
BRITE is provided AS IS and the results from BRITE testing should only be considered as a diagnostic tool to assist developers and potential users of these technologies. In particular, test results from BRITE for particular implementations or deployments should not be portrayed as any form of endorsement by NIST. We fully expect the set of test suites to continuously evolve over the course of this project.
The BRITE system and test suites are developed by the Advanced Network Technologies Division (ANTD) at theNational Institute of Standards and Technology (NIST) as part of the collaborative effort between NIST and The Department of Homeland Security, Science and Technology Directorate’s Secure Protocols for the Routing Infrastructure Project.
For comments, questions and support, please refer to Contact.