BGP Community-based Attacks and Community Origin Authentication
draft-liu-sidrops-community-authentication-01
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Yunhao Liu , Jessie Hui Wang , Yangyang Wang , Mingwei Xu | ||
| Last updated | 2024-09-25 (Latest revision 2024-03-24) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
BGP community usage has continued to increase during the past decade. Unfortunately, while BGP community is a seemingly innocuous feature, it can be used to influence routing in unintended ways. Existing defense mechanisms are insufficient to prevent community-based attacks. This document describes some of the scenarios that may be used to launch these attacks and make recommendations on practices that may defend them. In particular, this document proposes SecCommunity, an extension to the Border Gateway Protocol (BGP) that can authenticate the ASes who added action community values on the announcements.
Authors
Yunhao Liu
Jessie Hui Wang
Yangyang Wang
Mingwei Xu
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)