Skip to main content

BGP Prefix Origin Validation

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Prodosh Mohapatra , John Scudder , David Ward , Randy Bush , Rob Austein
Last updated 2010-04-29
Replaced by draft-ietf-sidr-pfx-validate
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-sidr-pfx-validate
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix. To help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. More specifically, one needs to validate that the AS number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route) is in fact authorized by the prefix holder to do so. This document describes a simple validation mechanism to partially satisfy this requirement.


Prodosh Mohapatra
John Scudder
David Ward
Randy Bush
Rob Austein

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)