Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two mechanisms: origin authentication with RPKI,and path validation with BGPsec.
However, while RPKI is finally gaining traction, the adoption of BGPsec seems not
even on the horizon due to inherent, possibly insurmountable,
obstacles, including the need to replace today’s routing
infrastructure and meagre benefits in partial deployment.
Consequently, secure interdomain routing remains a distant
dream. We propose an easily deployable, modest extension
to RPKI, called “path-end validation”, which does not entail
replacing/upgrading today’s BGP routers. We show, through
rigorous security analyses and extensive simulations on empirically
derived datasets, that path-end validation yields significant
benefits even in very limited partial adoption. We
present an open-source, readily deployable prototype implementation
of path-end validation.
Go to original article