BGP Prefix Origin Validation
draft-pmohapat-sidr-pfx-validate-07

 
Document Type Replaced Internet-Draft (individual)
Last updated 2010-04-29
Replaced by draft-ietf-sidr-pfx-validate
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-sidr-pfx-validate
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-pmohapat-sidr-pfx-validate-07.txt

Abstract

A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix. To help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. More specifically, one needs to validate that the AS number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route) is in fact authorized by the prefix holder to do so. This document describes a simple validation mechanism to partially satisfy this requirement.

Authors

Pradosh Mohapatra (pmohapat@cisco.com)
John Scudder (jgs@juniper.net)
David Ward (dward@cisco.com)
Randy Bush (randy@psg.com)
Rob Austein (sra@isc.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)