Top Banner
Routing Security Daniel Karrenberg RIPE NCC <[email protected] >
43

Secure Routing

May 30, 2015

Download

Technology

RIPE NCC

Presentation given by Daniel Karenberg during NANOG 51
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Secure Routing

Routing Security

Daniel KarrenbergRIPE NCC

<[email protected]>

Page 2: Secure Routing

Who is talking: Daniel Karrenberg

• 1980s: helped build Internet in Europe- EUnet, Ebone, IXes, ...- RIPE

• 1990s: helped build RIPE NCC- 1st CEO: 1992-2000

• 2000s: Chief Scientist & Public Service- Trustee of the Internet Society: IETF, ...- Interests: Internet measurements, stability,

trust & identity in the Internet, ...

2

Page 3: Secure Routing

Who is talking: Daniel Karrenberg

• RIPE NCC- started in 1992- first Regional Internet Registry (RIR)- Association of 7000+ ISPs- 70+ countries in “Europe & surrounding areas”- operational coordination - number resource distribution- trusted source of data- Motto: Neutrality & Expertise- not a lobby group!

3

Page 4: Secure Routing

Outline

• Internet Routing- How it works- What makes it work in practice- What can go wrong today

• Risk Mitigation- Routing Hygiene- Resource certification & checks- Obstacles

• Discussion

4

Page 5: Secure Routing

The Internet

5

Page 6: Secure Routing

Part(s) of the Internet

6

Page 7: Secure Routing

“Autonomous Systems”

7

Page 8: Secure Routing

Packet Flow

8

Page 9: Secure Routing

Routing Information Flow (BGP)

9

Page 10: Secure Routing

Both Directions are Needed

10

Page 11: Secure Routing

Choice and Redundancy

11

Page 12: Secure Routing

Questions?

Page 13: Secure Routing

What makes it work

13

Page 14: Secure Routing

Business Relationships

14

Page 15: Secure Routing

Transmission Paths

15

Page 16: Secure Routing

Routing Engineering

16

Page 17: Secure Routing

Routing Engineering Methods

• Inbound Traffic- Selectively announce routes.- Very little control over preferences by other ASes.

• Outbound Traffic- Decide which of the known routes to use.

• Inputs- Cost- Transmission Capacity- Load- Routing State

17

Page 18: Secure Routing

Routing Engineering Principles

• Autonomous Decisions by each AS

• Local tools

• Local strategies

• Local knowlege

• Business advantages

• Autonomous Decisions by each AS

• (One of the reasons for rapid growth of the Internet)

18

Page 19: Secure Routing

Questions?

Page 20: Secure Routing

What can go wrong

• Misconfiguration- Announcing too many routes (unitentional transit)- Originating wrong routes

• Malicious Actions- Originating wrong routes (hijacking)

20

Page 21: Secure Routing

Hijacking

21

Page 22: Secure Routing

Hijacking

22

Page 23: Secure Routing

Hijacking

23

Page 24: Secure Routing

Questions?

Page 25: Secure Routing

Examples

• YouTube & Pakistan Telecom (2008)

• A number of full table exports

• Various route leaks from China (2010)

YouTube Movie

25

Page 26: Secure Routing

Outline

• Internet Routing- How it works- What makes it work in practice- What can go wrong today

• Risk Mitigation- Routing Hygiene- Resource certification & checks- Obstacles

• Public Policy Considerations

• Discussion

26

Page 27: Secure Routing

Routing Hygiene

• Do not accept customer routes from peers or upstreams

• Limit number of prefixes accepted per adjacent AS

• Use a routing registry- no global authoritative registry exists

• Use own knowledge about topology- topology is constantly changing- distruptions can cause drastic changes

27

Page 28: Secure Routing

Routing Hygiene

• Is applied locally / autonomously

• Has a cost

• Subservient to routing engineering- No obstruction- Maintain Autonomy

• Cooperation- Trust- Community- Personal Relations

28

Page 29: Secure Routing

Resource Certification - Motivation

• Good practice:- to register routes in an IRR- to filter routes based on IRR data

• Problem:- only useful if the registries are complete- many IRRs exist, lacking standardisation

• Result:- Less than half of all prefixes are registered in an IRR- Real world filtering is difficult and limited- Accidental leaks happen, route hijacking is possible

29

Page 30: Secure Routing

Resource Certification – Definition

30

“Resource certification is a reliable method for proving the association between

resource holders and Internet resources.”

Page 31: Secure Routing

Digital Resource Certificates

• Based on open IETF standards (sidr-wg)

• Issued by the RIPE NCC

• The certificate states that an Internet number resource has been registered by the RIPE NCC

• The certificate does not give any indication of the identity of the holder

• All further information on the resource can be found in the registry

31

Page 32: Secure Routing

• Proof of holdership

• Secure Inter-Domain Routing- Route Origin Authorisation- Preferred certified routing

• Resource transfers

• Validation is the added value!

What Certification offers

32

Page 33: Secure Routing

Proof of holdership

33

• Public Key

• Resources

• Signature

Page 34: Secure Routing

• IP Prefixes

• AS Numbers

• Signature

Route Origin Authorisation (ROA)

34

Page 35: Secure Routing

Automated Provisioning using ROAs

35

Please route this part of my network: 192.0.2.0/24

Please sign a ROA for that resource using my

AS number

OK, I signed and published a ROA

OK, that ROA is valid.I can trust this request

Page 36: Secure Routing

Who Controls Routing?

36

• Certificates do not create additional powers for the Regional Internet Registries

• Certificates reflect the resource registration status- no registration → no certificate- the reverse is not true!

• Routing decisions are made by network operators!

Page 37: Secure Routing

4 out of 5 Regional Internet Registries have RPKI in production

37

Page 38: Secure Routing

Obstacles

• Fear of loosing autonomy

• Cost

• Low threat perception

• Fear of loosing business advantage

• Fear of loosing autonomy

38

Page 39: Secure Routing

Questions?

Page 40: Secure Routing

My Messages Today

• Routing security needs to be improved- Accidents do happen ... sometimes- Hijackings do happen ... sometimes

• The sky is not falling- It does not happen all the time- It does not affect large areas of the Internet

40

Page 41: Secure Routing

My Messages Today

• Industry is addressing the problems- Local measures taken autonomously- RPKI being deployed by RIRs- RPKI based routing tools being

developed- RPKI based routing protocols being

studied in IETF

41

Page 42: Secure Routing

Outline

• Internet Routing- How it works- What makes it work in practice- What can go wrong today

• Risk Mitigation- Routing Hygiene- Resource certification & checks- Obstacles

• Discussion

42

Page 43: Secure Routing

Fin

Ende

KpajKonec

Son

Fine

Pabaiga

Einde

Fim

Finis

Koniec

Lõpp

Kрай

SfârşitКонeц

KrajVége

Kiнець

Slutt

Loppu

Τέλος

Y Diwedd

Amaia Tmiem

Соңы

Endir

Slut

Liðugt

An Críoch

Fund

הסוף

ËnnFinvezh

The End!

Beigas