usenix conference policies
You are here
RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation
Matthias Wählisch, Freie Universität Berlin; Fabian Holler and Thomas C. Schmidt, Hamburg University of Applied Sciences; Jochen H. Schiller, Freie Universität Berlin
A major step towards secure Internet backbone routing started with the deployment of the Resource Public Key Infrastructure (RPKI). It allows for the cryptographic strong binding of an IP prefix and autonomous systems that are legitimate to originate this prefix. A fundamental design choice of RPKI-based prefix origin validation is the avoidance of cryptographic load at BGP routers. Cryptographic verifications will be performed only by cache servers, which deliver valid AS/prefix mappings to the RPKI-enabled BGP router using the RPKI/RTR protocol.
In this paper, we give first insights into the additional system load introduced by RPKI at BGP routers. For this purpose, we design and implement a highly efficient C library of the RPKI/RTR router part and the prefix origin validation scheme. It fetches and stores validated prefix origin data from an RTR-cache and performs origin verification of prefixes as obtained from BGP updates. We measure a relatively small overhead of origin validation on commodity hardware (5% more RAM than required for full BGP table support, 0.41% load in case of ≈ 92,000 prefix updates per minute), which meets real-world requirements of today.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Matthias W{\"a}hlisch and Fabian Holler and Thomas C. Schmidt and Jochen H. Schiller},
title = {{RTRlib}: An {Open-Source} Library in C for {RPKI-based} Prefix Origin Validation},
booktitle = {6th Workshop on Cyber Security Experimentation and Test (CSET 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/cset13/workshop-program/presentation/w{\"a}hlisch},
publisher = {USENIX Association},
month = aug
}
connect with us