[sidr] Announcing BGP Secure Router Extension (BGP-SRx) Prototype Implementation
"Montgomery, Douglas" <dougm@nist.gov> Sun, 09 October 2011 16:19 UTC
Return-Path: <dougm@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F70F21F8AA9 for <sidr@ietfa.amsl.com>; Sun, 9 Oct 2011 09:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.998
X-Spam-Level:
X-Spam-Status: No, score=-3.998 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpkGuOWMW74E for <sidr@ietfa.amsl.com>; Sun, 9 Oct 2011 09:19:53 -0700 (PDT)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) by ietfa.amsl.com (Postfix) with ESMTP id 2A7E621F8A69 for <sidr@ietf.org>; Sun, 9 Oct 2011 09:19:52 -0700 (PDT)
Received: from WSXGHUB2.xchange.nist.gov (129.6.18.19) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.1.323.3; Sun, 9 Oct 2011 12:19:50 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::41df:f63f:c718:e08]) by WSXGHUB2.xchange.nist.gov ([129.6.18.19]) with mapi; Sun, 9 Oct 2011 12:19:16 -0400
From: "Montgomery, Douglas" <dougm@nist.gov>
To: LIST NANOG <nanog@nanog.org>
Date: Sun, 09 Oct 2011 12:19:48 -0400
Thread-Topic: Announcing BGP Secure Router Extension (BGP-SRx) Prototype Implementation
Thread-Index: AcyGnzBP/PWui+wPSXOwOmL3Rv4RrQ==
Message-ID: <CAB741E4.68CB7%dougm@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.10.0.110310
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CAB741E468CB7dougmnistgov_"
MIME-Version: 1.0
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: [sidr] Announcing BGP Secure Router Extension (BGP-SRx) Prototype Implementation
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2011 16:19:54 -0000
Announcing BGP Secure Router Extension (BGP-SRx) Prototype Implementation IETF SIDR working group is developing standards for BGP origin validation and AS path validation to strengthen the inter-domain routing infrastructure. At the IETF 80 in March 2011, NIST made an introductory presentation on a prototyping effort called BGP Secure Router Extension (BGP-SRx). SRx is an open source reference implementation and research platform for investigating emerging BGP security extensions and supporting protocols. BGP-SRx has three parts: SRx Server, SRx API, and Quagga SRx (integrates SRx API into Quagga router). The current focus in the BGP-SRx prototype is on origin validation, although it is designed to be be extended to path validation in the future (some stub functionality is already included in this version). The current release implements: The RPKI/Router Protocol and a variety of BGP policies for enforcing Route Origin Authorizations (ROAs) conveyed from RPKI validating caches. Also included in the release are test client/server test harnesses for RPKI/Router and WireShark modules for debugging. For more information on BGP-SRx, and to download the prototype and tools, see: http://www-x.antd.nist.gov/bgpsrx/ For those wanting an easy way to experiment with BGP-SRx, in June we made an announcement about the BRITE system (BGPSEC/RPKI Interoperability Test & Evaluation): http://mailman.nanog.org/pipermail/nanog/2011-June/038063.html You can use BRITE (http://brite.antd.nist.gov<http://brite.antd.nist.gov/>/) to run BGP-SRx (or any other implementation) through aseries of test scripts that exercise numerous interesting scenarios for BGP ROA processing under different policy assumptions. We will make a presentation at NANOG-53 on Monday (9/10/11) in the ISP Security BoF where we will briefly explain the functionalities of both BGP-SRx and BRITE and also give demos. Please attend the BoF if you are interested to learn more. Comments and feedback about SRx and BRITE are welcome. See the project page For details. dougm -- Doug Montgomery – Mgr. Internet & Scalable Systems Research / ITL / NIST
- [sidr] Announcing BGP Secure Router Extension (BG… Montgomery, Douglas