Donate
Rough Guide to IETF 89: Routing Resilience Thumbnail
‹ Back
Improving Technical Security 24 February 2014

Rough Guide to IETF 89: Routing Resilience

Andrei Robachevsky
By Andrei RobachevskySenior Technology Programme Manager

Security and resilience are important aspects of IETF work and there are many Working Groups (WGs) that contribute to the Internet routing infrastructure, including:

Several of these WGs – SIDR, GROW, and IDR – are meeting next week at IETF 89 in London.

The SIDR WG is focusing on securing inter-domain routing. The overall architecture is based on a Resource PKI (RPKI), which adds an authentication framework to BGP and is an important component of BGP security extensions – BGPSEC, also developed in the SIDR WG. This is a key technology for improving trust in the routing infrastructure.

Interestingly enough, it seems the focus of the mailing list discussions and the agenda of the group meeting in London is back on RPKI. This, in my opinion, is a good sign of increased interest and practical issues related to the deployment of this technology.

One of the main themes here is related to resilience and scalability of RPKI.

Originally, https://datatracker.ietf.org/doc/draft-ietf-sidr-multiple-publication-points brought up a proposal for discussion on how to achieve a more distributed and resilient architecture by allowing multiple publication points, and consequently multiple operators’ support for the trust anchor and certificate repositories. However, it became apparent that support for multiple certificate repositories requires more considerations and the work was split into two parts. The first part, related to the trust anchor, is now represented by a new draft (https://datatracker.ietf.org/doc/draft-huston-sidr-rfc6490-bis), which is an update to the Trust Anchor Locator (TAL) and has now been called for WG adoption; the second part will probably require more work.

Also related to this is a proposal to amend the validation process (RPKI Validation Reconsidered, https://datatracker.ietf.org/doc/draft-huston-rpki-validation) that will not invalidate a subordinate certificate if one of its resources is removed in the parent cert. This is a big change, but the one that can make the system more robust.

There are other interesting topics on the meeting agenda, although they haven’t got much discussion time in the group yet:

The focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

At the last IETF, the WG meeting was cancelled due to lack of agenda items. At the same time there are outstanding work items. Among them:

The IDR WG continues to work on better handling of malformed BGP attributes that may cause serious outages, and even cascading effects influencing other networks. A draft “Revised Error Handling for BGP UPDATE Messages” (https://datatracker.ietf.org/doc/draft-ietf-idr-error-handling/) being considered by the IDR WG discusses the error handling for UPDATE messages, and provides guidelines for the authors of documents defining new attributes. By the way, a broader document, aimed at defining requirements for BGP error handling (https://datatracker.ietf.org/doc/draft-ietf-grow-ops-reqs-for-bgp-error-handling), has been discussed in the GROW WG, but unfortunately expired. There might be some energy to revive the document.

In summary, there is a considerable set of work underway across a number of IETF working groups to ensure the Internet’s routing infrastructure is more secure and resilient in both the short and long runs.

Related Working Groups at IETF 89

SIDR (Secure Inter-Domain Routing)
WG Agenda: https://datatracker.ietf.org/meeting/89/agenda/sidr/
Charter: https://datatracker.ietf.org/wg/sidr/charter/

GROW (Global Routing Operations)
WG Agenda: [Not Yet Published]
Charter: https://datatracker.ietf.org/wg/grow/charter/

IDR (Inter-Domain Routing Working Group)
WG Agenda: https://datatracker.ietf.org/meeting/89/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://www.internetsociety.org/rough-guide-ietf89.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Rough Guide to IETF 88: Routing Resilience
IETF29 October 2013

Rough Guide to IETF 88: Routing Resilience

Security is an important topic for the Internet Engineering Task Force (IETF) in general and at IETF 88 next week in Vancouver in particular....

ISOC Rough Guide to IETF 90: Routing Resilience
ISOC Rough Guide to IETF 90: Routing Resilience
IETF16 July 2014

ISOC Rough Guide to IETF 90: Routing Resilience

Security and resilience are important aspects of IETF work and there are many Working Groups (WGs) that contribute to the...

3 Sessions About Securing BGP At IETF89 Next Week
Deploy36024 February 2014

3 Sessions About Securing BGP At IETF89 Next Week

Next week at IETF 89 in London there will be a good bit of discussion around the security and resilience...

Join the conversation with Internet Society members around the world