In our last post, we looked at protecting the TCP session that carries BGP information between two routers, mainly against spoofed TCP resets. However, a much more important BGP security issue is the unauthorized advertisement of prefixes. This post will look at that...
[This post launches the “BGP Security Month” on Noction blog, which will continue with other 3 posts to come till the end of April.] Back in the late 1980s and the early 1990s when BGP was developed, security was still an afterthought for protocols used on the...
Yesterday, an incident occurred where an Autonomous System (AS) advertised more than 7,000 prefixes that belong to other networks. These are “more specific” prefixes—subsets of the IP address ranges belonging to other organizations. Due to the way BGP...
As discussed in earlier posts, as networks grow larger it starts making sense to exchange traffic with other networks directly (peering) rather than pay one or more big ISPs to handle all your internet traffic (transit). When you start peering, you’ll have to...
BGP is older than IPv6. Even BGP-4, the version we still use today, predates IPv6: the first BGP-4 RFC (RFC 1654) was published in July 1994, while RFC 1883, the first IPv6 RFC, wasn’t published until December 1995. And unlike protocols like RIP and OSPF, which...