Securing critical internet infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September, something exceptional happened in the small South American country of Ecuador: the entire local network operation community got together to be pioneers in securing the local Internet infrastructure by registering its networks in the RPKI system and implementing secure origin AS validation. Please visit my original blog post over on the Cisco Perspectives Blog to read more!
Tags: BGP, BGP Security, critical infrastructure, RPKI, security
Securing the Critical Internet Infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September something exceptional happened in Ecuador, a small South American country. The entire local network operation community got together to be pioneers in securing its local Internet infrastructure by registering its networks in the Resource Public Key Infrastructure (RPKI) system and implementing secure origin AS validation. This project is a great example on how a global technology change can be accelerated by maximizing its value to local communities.
The global inter-domain routing infrastructure depends on the BGP protocol that was initially developed in the early 90s. Operators know that a number of techniques are needed to improve BGP security (a good reference can be found here). Although these improvements, it is still possible to impersonate the entity with the right of use of Internet resources and produce a prefix hijack as the famous attack in 2007. The IETF, vendors and Regional Internet Registries have been working inside the SIDR working group to create technologies that allow the cryptographic validation. The initial outcomes of this effort have been the RPKI and the BGP origin AS validation; two complementary technologies that work together to improve inter-domain routing security.
Read More »
Tags: BGP, BGP Security, Inter-domain, Internet edge, internet security, IXP, LACNIC, Peering, routing, RPKI, security, Service Provider, SIDR
One of the themes of my posts is that the overall ONE strategy, including virtualisation, would create an environment for network systems development that would meet the expectations of systems developers accustomed to the “enterprise” style of software development.
An enterprise systems developer expects the required systems resources for software development to be readily available for development and test purposes. When those resources constitute web application servers and databases, this is trivial with virtualisation, and generally unremarkable in today’s enterprise environments.
When those resources constitute expensive, high-end, routing and switching platforms, though, life is not that straightforward. A major part of a network engineer’s time is spent on obtaining, connecting and configuring network equipment for demonstration and test purposes. You can’t just try an idea out when it occurs to you, as the required network platforms often can’t be available when, and in the configuration, you want.
But imagine what you could do if those network resources were available at a click of a button. What if network engineers had the same capabilities as software engineers to create virtual environments of near perfect fidelity? Well, with the technology of the Virtual Internet Routing Laboratory (VIRL), that we are demonstrating at Cisco Live in Florida, that possibility is getting closer. Read More »
Tags: BGP, cisco live, Cisco ONE, cloud, Intelligent Network, ONE, simuate your design, VIRL
Accounting Traffic in the Internet Today
[the full article can be seen at http://www.internetsociety.org/sites/default/files/BGP-for-regulators.pdf]
Business Model Changes
In the past, voice traffic was transported over a dedicated voice infrastructure, and the data network infrastructure was established in parallel so that voice and data traffic did not interfere with each other. Traditional voice accounting and performance functions are standardized within SS7 (Common Channel Signaling System No. 7), the global standard for telecommunications, defined by the ITU-T. The success of data networks led to the development of techniques to encapsulate voice traffic in IP packets, and thus Voice over IP (VoIP) was born. Read More »
Tags: BGP, IXP, netflow, QoE, SS7, telecommunications
A primary concern of any network administrator when configuring new IOS features is the potential impact the enabling of new features will have on router performance including CPU utilization and memory usage.
It is fully expected that the layering of additional features, in this case BGP security features, will undoubtedly have an adverse impact on the available memory of an IOS router. But, based on our testing, the results were not quite what we expected… Read More »
Tags: BGP, Border Gateway Protocol, router security, security