NIST BGP RPKI IO (BRIO) is an open-source tool designed to support test and experimentation with emerging Border Gateway Protocol (BGP) security and resilience mechanisms that leverage the Resource Public Key Infrastructure (RPKI). It is designed to help researchers, developers, and network engineers test and validate the implementation of Autonomous System Provider Authorization (ASPA), Route Origin Validation (ROV), and Path Validation (BPGsec) technologies in BGP routers. BRIO supports synthetic traffic generation for BGP, BGPsec, and RPKI-to-Router traffic in controlled experiments.
The software components in BRIO consist of tools created initially as reference implementations while developing various IETF RFCs and bundled as part of the NIST-BGP-SRx prototype and other projects.
To simplify the usage of these tools for general research and experimentation, the tools were extracted and bundled in this independent project. Over time, more experiments and tools will be added to extend the collection.
BRIO currently consists of two main components: the BRIO Traffic Generator (brio_tg) and the BRIO RPKI Cache (brio_rc). Additionally, the ASPA Test Framework Generator, which was initially developed during the IETF 112 Hackathon, is included in the experiment section of BRIO.
BRIO's intent is to provide the community with a test framework that is not reliant on specific router implementations and can be used to test and experiment with any router platform.
BRIO Traffic Generator (brio_tg): The brio_tg is a flexible tool for generating synthetic BGP updates as specified in RFC 4271 and synthetic end-to-end cryptographically signed BGPsec updates as specified in RFC 8205. The internal signing engine uses the signing algorithm specified in RFC 8208.
Furthermore, the traffic generator allows testing BGPsec validation algorithm implementations outside router platforms using the SRx Crypto API. This functionality allows debugging of crypto algorithm implementations and performance tests.
BRIO RPKI Cache Simulator (brio_rc): A synthetic RPKI cache that delivers synthetic data (ROAs, BGPsec Router Keys, and ASPA objects) to routers and validators via the RPKI-Router Protocol (RFC 8210), accurately simulating the behavior of a live RPKI validation system.
BRIO Examples: BRIO provides a set of carefully curated tests, currently focused on ASPA path verification scenarios. Existing examples testing ROV and BPV will be converted from the NIST BGP-SRx framework over time and added to the system. The BRIO examples also include the ASPA Test Generation Framework, which allows for generating large-scale ASPA experiments using CAIDA-generated topologies and RouteViews BGP traces.
Standard | Title |
---|---|
RFC 4271 | A Border Gateway Protocol 4 (BGP-4) |
RFC 8205 | BGPsec Protocol Specification |
RFC 8208 | BGPsec Algorithms, Key Formats, and Signature Formats |
RFC 8210 | The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1 |
draft-ietf-sidrops-8210bis-17 | The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 2, draft-ietf-sidrops-8210bis-17 |
draft-ietf-sidrops-aspa-verification-22 | BGP AS_PATH Verification Based on Autonomous System Provider Authorization (ASPA) Objects |
NIST-BRIO supports synthetic traffic generation for BGP, BGPsec, and RPKI-to-Router traffic in controlled experiments. BRIO's intent is to provide the community with a test framework that is not reliant on specific router implementations and can be used to test and experiment with any router platform. This package does not provide a BGP router implementation, only the tools to test a BGP router implementation that provides support for emerging security / resilience capabilities: ASPA, ROA/ROV, BGPsec.
The following scenarios and tools were developed using a previous, but similar, test tool that was part of the BGP-SRx software suite. We are in the process of updating these scenarios to use this NIST BRIO tool release.
** These examples are in the process of being transferred from the BGP-SRx archive.
NIST-developed software is provided by NIST as a public service. You may use, copy and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software. See full NIST Software Disclaimer for further details.
NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
See full NIST Software Disclaimer.