One of the most persistent bugs in internet infrastructure, route leaks in the border gateway protocol (BGP), is in the sights of a group of 'net boffins with their new Internet-Draft.
BGP's one of the internet's persistent trouble-spots: ineradicable because it's ubiquitous, it's vulnerable because it's ancient, a relic of a collegiate Internet in which admins knew each other by name.
Because it pre-dated a global internet inhabited by bad and good actors, BGP trusts the messages it receives – making it a cinch for someone to black out slabs of the 'net either through malice, or because their thumbs are bigger than their keys.
Two big issues are flat-out incorrect route announcements, and the more subtle “route leaks”. In the latter, as finally, formally defined last year in RFC 7908, a routing announcement propagates beyond its intended scope, and can potentially direct traffic through an eavesdropping point or into a black hole.
What the five authors of this Internet Draft (including participants from Qrator Labs, Internet Initiative Japan, Arrcus, and the National Institute of Standards and Technology) propose is that neighbouring BGP speakers announce not only their routes, but also their roles, so systems receiving those route announcements better understand the scope of the advertisement.
The four roles in question are:
- Provider – sender is a transit provider to neighbour;
- Customer – sender is customer of neighbour;
- Peer – sender and neighbour are, unsurprisingly, peers;
- Internal – sender and receiver are the same organisation; and
- Complex – a catch-all special class to cover non-standard relationships.
The draft argues that by signalling these relationships in BGP, and by testing their correctness, it would enforce “appropriate configuration on both sides.” It also makes it easy to spot deliberate sending of a conflicting BGP role, making malicious BGP attacks harder. ®