Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.

Published byJames Chandler Modified over 11 years ago

Similar presentations

Presentation on theme: "BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014."— Presentation transcript:

1 BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery (dougm@nist.gov) 1IETF 802/12/2014

2 BGP SRx Overview BGP Secure Routing Extension (SRx) –Software router with extensions for: RPKI Rtr cache maintenance, validation of updates, new BGP route policies. –SRx – implemented as extension for Quagga routing platform. Designed to support other platforms (e.g., XORP, etc). –Designed to support experimentation with different architectural configurations of SRx and RPKI components. Status –BGP SRx frame work with RPKI cache and ROA processing implemented. draft-ietf-sidr-rpki-rtr-11 draft-ietf-sidr-roa-validation-10.txt, draft-ietf-sidr-pfx-validate-01 –TBD draft-ietf-sidr-origin-validation-signaling-00 RPKI Validating Cache BGP SRx BGP Router RPKI Validating Cache BGP SRx BGP Router RPKI Validating Cache BGP SRx BGP Router 2IETF 802/12/2014

3 BGP SRx Implementation SRx Server –Independent process – through proxy shim in router. –Supports asynchronous validation (lazy or blocking). –Supports multiple caches …. and multiple routers. Policies –Ignore Invalid –Ignore Unknown –Modify LocPref –Tie Break 2/12/2014IETF 803

4 SRx Deployment Options AS 1 SRx Supporting Multiple Routers BGP SRx RPKI Validation Cache AS 2 BGP SRx RPKI Validation Cache BGP SRx BGP Protocol SRx Router Prot. RPKI/RTR Prot. 4IETF 802/12/2014

5 BRITE Design Overview Collector Traffic Generator IUT RPKI Validation Cache BRITE Test Controller White List Collector / Generator WEB Interface BGP Protocol RPKI/RTR Protocol RSYNC ROA RSYNC 5IETF 802/12/2014

6 BRITE Overview BGPSEC / RPKI Interoperability Test & Evaluation –Distributed test and evaluation framework for: RPKI / BGP Security implementation testing, Configuration and deployment testing. –Flexible XML based test / scenario scripting language. –Can test all components / interfaces of BGP security system. RPKI Validating Caches. Cache to Router Protocol. ROA Processing in BGP Router. Online Testing Service. –WWW interface to BRITE. –Multi-user infrastructure. –Real time test monitoring & reporting. –Other diagnostics – log files, traffic traces available for download. 6IETF 802/12/2014

7 BRITE Web Interface Test Timeline Test Progress Events: M=Multiple A =Activation B =BGP W=Whitelist Experiment Log Goal TreeFinished successful Wait to be activated Currently processing 7IETF 802/12/2014

Download ppt "BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014."

Similar presentations

What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.

Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
VoIP SEAL 2.0 Security Suite for SIP enabled networks Thilo Ewald, Nico dHeureuse, Saverio Niccolini, Jan Seedorf NEC Europe Ltd., Heidelberg, Germany.

VoIP SEAL 2.0 Security Suite for SIP enabled networks Thilo Ewald, Nico dHeureuse, Saverio Niccolini, Jan Seedorf NEC Europe Ltd., Heidelberg, Germany.
Circuit Monitoring July 16 th 2011, OGF 32: NMC-WG Jason Zurawski, Internet2 Research Liaison.

Circuit Monitoring July 16 th 2011, OGF 32: NMC-WG Jason Zurawski, Internet2 Research Liaison.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Thu 31 Mar 2011SIDR IETF 80 Prague, CZ1 SIDR Working Group IETF 79 Prague, CZ Thursday, March 31, 2011.

Thu 31 Mar 2011SIDR IETF 80 Prague, CZ1 SIDR Working Group IETF 79 Prague, CZ Thursday, March 31, 2011.
Open Extensible Proxy Services BOF Session 49th IETF, San Diego Chairs: Michael Condry, Hilarie Orman.

Open Extensible Proxy Services BOF Session 49th IETF, San Diego Chairs: Michael Condry, Hilarie Orman.
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
CERN – BT – 01/07/2003 - 1 Cern Fabric Management -Hardware and State Bill Tomlin GridPP 7 th Collaboration Meeting June/July 2003.

CERN – BT – 01/07/ Cern Fabric Management -Hardware and State Bill Tomlin GridPP 7 th Collaboration Meeting June/July 2003.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Application Server Based on SoftSwitch

Application Server Based on SoftSwitch
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.

Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.
1 The ns-2 Network Simulator H Plan: –Discuss discrete-event network simulation –Discuss ns-2 simulator in particular –Demonstration and examples: u Download,

1 The ns-2 Network Simulator H Plan: –Discuss discrete-event network simulation –Discuss ns-2 simulator in particular –Demonstration and examples: u Download,
The Impact of SDN On MPLS Networks Adrian Farrel Juniper Networks

The Impact of SDN On MPLS Networks Adrian Farrel Juniper Networks

Similar presentations

Ads by Google