[arin-ppml] Using RPKI to Construct Validated IRR Data

Danny McPherson danny at tcb.net
Wed May 7 10:01:04 EDT 2008 

Folks,
I passed this along to a few of the AC folks a month or so
back, and the belief was that it made sense but really didn't
fit as a official policy proposal, but rather, would be considerd
as a recommendation to the AC.  I figured I'd post it to the
PPML mailing list simply for documentation and discussion
purposes, and to allow folks to consider the implications of
this on your internal route filtering machinery.

Any questions or comments, post'm on the list or let Randy
or I know.  Also, note that Kurtis presented a near identical
proposal at RIPE earlier this week, with Randy as the anchor
author, and the slides are available here:

<http://www.kurtis.se/presentations/PP2008-004.pdf>

Thanks!

-danny

-----
Using the RPKI to Construct Validated IRR Data

Authors:    Randy Bush & Danny McPherson
Version:   1.0
Date:  April 7, 2008


1. Introduction
----------------
This is a proposal to introduce a new registry that augments
Internet Routing Registry (IRR) data with the formally verifiable
trust model of the Resource Public Key Infrastructure (RPKI) and
provide ISPs with the tools to generate an overlay to the IRR
which is much more strongly trustable.


2. Summary of current problem
------------------------------
The current methods for adding or updating Internet Routing
Registry (IRR) data have weak security, and lack an inherently
formally verifiable structure, resulting in a low level of trust
in IRR data. To address the problem of this low level of trust
in IRR data, there have been proposals to use Resource Public Key
Infrastructure (RPKI) to sign IRR data. The problem with most
of the proposed schemes, however, is that they are conceptually
weak and hard to implement due to the differences between the
trust structures of the IRR and the RPKI. More recently, however,
Ruediger Volk has described a very simple method of using the
RPKI that involves no change to the IRR, software that uses the
IRR, or the RPKI.  This is a proposal to implement Ruediger
Volk's idea to strengthen the operators' use of data in the
global IRR.


3. Situation in other RIRs
----------------------------

This proposal has been made in APNIC and RIPE.


4. Details of the proposal
----------------------------

It is proposed that:

4.1 ARIN publish a new IRR that contains 'route' objects generated
from Route Origin Authorizations (ROAs) in the RPKI.

  - This new IRR would accept 'route' objects generated from the
    global RPKI, and would therefore cover the entire routing space,
    in so much as the RPKI covers the global space.

  - Operators who use the IRR to generate routing filters can choose
    to put this new IRR registry logically in front of the other
    registries.  Operators can then give preference to routing origin
    information that can be formally validated, and eventually, can
    would be able to filter explicitly based on this information.

  - This new registry would be made available as an IRR publication
    point.

4.2 ARIN publish an open source tool that enables network operators
to generate their own overlay IRR publication points themselves.

  - Such generated IRR publication points should be identical to the
    one generated and made available today by ARIN.

  - Producing overlay IRR publication points allows security
    conscious operators to have a more formal trust model that prevents
    attacks on the IRR segment generated and served by ARIN.


5. Advantages and disadvantages of the proposal
-------------------------------------------------

Advantages:

  - Router filters would be more reliable as they would prefer RPKI
    validated origins, where available, rather than those not
    validated in the RPKI. ISPs would achieve this by configuring tools
    that automatically generate router filters to give priority to the
    IRR publication point of the new registry based on RPKI-signed
    objects.

  - The community will have an enhanced ability to filter BGP peer
    prefixes at no additional cost or changes to the data or tool
    bases.  This would increase the reliability and security of the
    global routing system.

  - This new IRR publication point would be much simpler than other
    current ideas about how to use RPKI in conjunction with IRR
    data.

  - This proposal requires no changes to RPSL, the IRR, IRR toolsets,
    or the RPKI.

Disadvantages:

  - None are known


6.  Effect on ARIN members
----------------------------

See 'Advantages' above.


7. Effect on NIRs
-----------------

None are known

8. Timeline to Implementation
-----------------------------

ASAP.

More information about the ARIN-PPML mailing list