Enhancement to BGPSEC for Protection against Route Leaks
draft-sriram-route-leak-protection-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Kotikalapudi Sriram , Doug Montgomery | ||
| Last updated | 2015-01-05 (Latest revision 2014-07-04) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document enumerates different types of route leaks based on observed events on the Internet. It illustrates how BGPSEC in its current form (as described in draft-ietf-sidr-bgpsec-protocol-09) already provides protection against all but one of these route-leaks scenarios. The document further discusses a design enhancement to the BGPSEC protocol that will extend protection against this one remaining type of route-leak attack as well. With the inclusion of this enhancement, BGPSEC is expected to provide protection against all types of route-leaks. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed.
Authors
Kotikalapudi Sriram
Doug Montgomery
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)