The contribution of industry to Resource Certification

25/04/2011

At Cisco Systems we believe that the Resource Public Key Infrastructure (RPKI) is a key element for a new generation of security enhancements to inter-domain routing. Cisco Systems has supported the standardization efforts currently under way at the SIDR working group in the IETF and the outreach activities taken by Regional Internet Registries by both, authoring several standard documents and participating in several regional and international forums, including LACNIC and LACNOG. Security concerns related to the over-claiming of Internet resources, such as IP addresses and Autonomous Systems Numbers (ASN), are well founded as these activities can cause important financial damage to service providers and enterprises. Thanks to the generation of RPKI-signed materials (i.e. certificates and ROAs), networks will be able to deploy cryptographic-based filtering strategies and to validate the origin AS and the ASPATH attribute of BGP updates. The generation and publication of signed objects are essential steps that all LACNIC members should consider in order to allow organizations around the globe to use these resources to improve the overall security of the Internet.

In 2009, Cisco Systems took the lead as the first router manufacturing company to announce field trials of RPKI enhancements for BGP in the IOS and IOS-XR operational systems. The goal is to start releasing these capabilities within our main product lines by the end of 2011. When using these RPKI enhancements, operators will be able to perform automatic origin validation of BGP updates based on RPKI cryptographic information and to generate local policies, such as the setting of BGP attributes (i.e. LOCAL PREF or MED) based on origin validation states. At Cisco, we are committed to continuing leading the way towards a more secure Internet and to supporting the effort from various international organizations such as LACNIC.

Finally, if your organization would like to participate in our RPKI trials, please contact Roque Gagliano at rogaglia@cisco.com

Would you like to contribute an article?
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments