maxlength considered harmful to the rpki
play

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , - PowerPoint PPT Presentation

Dec 08, 2022 •394 likes •741 views

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University Outline Background How does BGP work? How does RPKI work? What is the maxLength? How maxLength causes problems

  1. MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University

  2. Outline Background ❖ How does BGP work? ➢ How does RPKI work? ➢ What is the “maxLength”? ➢ How maxLength causes problems ❖ How to fix the problems caused by maxLength ❖

  3. Border Gateway Protocol (BGP) Path: AS 111 168.122.0.0/16 AS 111 AS 222 168.122.0.0/16

  4. Problem: Subprefix Hijack Path: AS 111 168.122.0.0/16 AS 111 AS 222 AS 666 168.122.0.0/16

  5. Problem: Subprefix Hijack Path: AS 666 168.122.0.0/24 Path: AS 111 168.122.0.0/16 AS 111 AS 222 AS 666 168.122.0.0/16

  6. Problem: Subprefix Hijack BGP routers perform a longest-prefix match Path: AS 666 168.122.0.0/24 Path: AS 111 168.122.0.0/16 /24 destinations AS 111 AS 222 AS 666 168.122.0.0/16

  7. Solution: RPKI ROA: AS 111 RPKI 168.122.0.0/16 AS 111 AS 222 168.122.0.0/16

  8. Solution: RPKI ROA: AS 111 RPKI RPKI 168.122.0.0/16 ✓ Path: AS 111 168.122.0.0/16 RPKI VALID AS 111 AS 222 168.122.0.0/16

  9. Solution: RPKI ROA: AS 111 RPKI 168.122.0.0/16 Path: AS 666 ✓ Path: AS 111 168.122.0.0/24 168.122.0.0/16 RPKI VALID AS 111 AS 222 AS 666 168.122.0.0/16

  10. Solution: RPKI ROA: AS 111 RPKI AS 666 fails to attract traffic! 168.122.0.0/16 ✘ Path: AS 666 ✓ Path: AS 111 168.122.0.0/24 RPKI INVALID 168.122.0.0/16 RPKI VALID AS 111 AS 222 AS 666 168.122.0.0/16

  11. MaxLength in RPKI Path: AS 111 168.122.0.0/17 Path: AS 111 168.122.128.0/17 . . . . AS 111 Path: AS 111 168.122.0.0/16 168.122.255.0/24

  12. MaxLength in RPKI ROA: AS 111 Path: AS 111 168.122.0.0/17 168.122.0.0/17 ROA: AS 111 Path: AS 111 168.122.128.0/17 168.122.128.0/17 . . . . . . . . AS 111 ROA: AS 111 Path: AS 111 168.122.255.0/24 168.122.0.0/16 168.122.255.0/24

  13. MaxLength in RPKI ROA: AS 111 Path: AS 111 168.122.0.0/17 168.122.0.0/17 ROA: AS 111 Path: AS 111 168.122.128.0/17 168.122.128.0/17 ROA: AS 111 168.122.0.0/16 . . . . . . . . to maxLength 24 AS 111 AS 111 ROA: AS 111 Path: AS 111 168.122.255.0/24 168.122.0.0/16 168.122.255.0/24

  14. Outline Background ❖ How does BGP work? ➢ How does RPKI work? ➢ What is the “maxLength”? ➢ How maxLength causes problems ❖ Forged-Origin Subprefix Hijack ➢ How to fix the problems caused by maxLength ❖

  15. Forged-Origin Subprefix Hijack ROA: AS 111 RPKI 168.122.0.0/16 to maxLength 24 ✓ Path: AS 111 168.122.0.0/16 RPKI VALID AS 111 AS 222 168.122.0.0/16

  16. Forged-Origin Subprefix Hijack ROA: AS 111 RPKI 168.122.0.0/16 to maxLength 24 Path: AS 666, AS111 ✓ Path: AS 111 168.122.0.0/24 168.122.0.0/16 RPKI VALID AS 111 AS 222 AS 666 168.122.0.0/16

  17. Forged-Origin Subprefix Hijack ROA: AS 111 RPKI 168.122.0.0/16 to maxLength 24 ✓ Path: AS 666, AS111 ✓ Path: AS 111 168.122.0.0/24 RPKI VALID 168.122.0.0/16 RPKI VALID AS 111 AS 222 AS 666 168.122.0.0/16

  18. Forged-Origin Subprefix Hijack ROA: AS 111 RPKI 168.122.0.0/16 AS 666 is the ONLY path to the subprefix! to maxLength 24 ✓ Path: AS 666, AS111 ✓ Path: AS 111 168.122.0.0/24 RPKI VALID 168.122.0.0/16 RPKI VALID AS 111 AS 222 AS 666 168.122.0.0/16

  19. Maxlength almost always creates vulnerabilities! ➢ In June 2017: ▪ 12% of the prefixes in ROAs have a maxLength > prefix length. ▪ 84% of these are vulnerable to forged-origin subprefix hijacks!

  20. Outline Background ❖ How does BGP work? ➢ How does RPKI work? ➢ What is the “maxLength”? ➢ How maxLength causes problems ❖ How to fix the problems caused by maxLength ❖

  21. Minimal ROAs stop forged origin subprefix hijacks A ROA is minimal when it includes only those prefixes that the AS announces in BGP, and no other prefixes. Minimal ROA Path: AS 111 168.122.0.0/16 ROA: AS 111 Path: AS 111 168.122.0.0/16 168.122.0.0/17 168.122.0.0/17 168.122.128.0/17 Path: AS 111 168.122.0.0/18 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 111

  22. Minimal ROAs stop forged origin subprefix hijacks ROA: AS 111 RPKI 168.122.0.0/16 168.122.0.0/17 168.122.128.0/17 168.122.0.0/18 Path: AS 111 168.122.0.0/16 Path: AS 111 168.122.0.0/17 Path: AS 111 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 222 AS 111

  23. Minimal ROAs stop forged origin subprefix hijacks ROA: AS 111 RPKI 168.122.0.0/16 168.122.0.0/17 168.122.128.0/17 168.122.0.0/18 Path: AS 666, AS111 Path: AS 111 168.122.0.0/16 168.122.0.0/24 Path: AS 111 168.122.0.0/17 Path: AS 111 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 222 AS 666 AS 111

  24. Minimal ROAs stop forged origin subprefix hijacks ROA: AS 111 RPKI 168.122.0.0/16 168.122.0.0/17 168.122.128.0/17 168.122.0.0/18 ✘ Path: AS 666, AS111 Path: AS 111 168.122.0.0/16 168.122.0.0/24 RPKI INVALID Path: AS 111 168.122.0.0/17 Path: AS 111 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 222 AS 666 AS 111

  25. How minimal ROAs affect filtering rules Non-minimal ROA ROA: AS 111 168.122.0.0/16 to maxLength 24 Path: AS 111 168.122.0.0/16 Path: AS 111 insecure ✘ 168.122.0.0/17 Path: AS 111 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 111

  26. How minimal ROAs affect filtering rules Non-minimal ROA ROA: AS 111 168.122.0.0/16 to maxLength 24 Path: AS 111 168.122.0.0/16 Path: AS 111 insecure ✘ 168.122.0.0/17 Path: AS 111 1 filtering rule 168.122.128.0/17 Path: AS 111 168.122.0.0/18 (AS 111, 168.122.0.0, len: 16, maxlen: 24) AS 111

  27. How minimal ROAs affect filtering rules Non-minimal Minimal ROA ROA (no maxlen!) ROA: AS 111 ROA: AS 111 168.122.0.0/16 168.122.0.0/16 168.122.0.0/17 to maxLength 24 168.122.128.0/17 Path: AS 111 168.122.0.0/18 168.122.0.0/16 Path: AS 111 insecure ✘ 168.122.0.0/17 secure! Path: AS 111 1 filtering rule 4 filtering rules 168.122.128.0/17 Path: AS 111 168.122.0.0/18 AS 111

  28. How minimal ROAs affect filtering rules Non-minimal Minimal ROA Minimal ROA ROA (no maxlen!) (compressed!) ROA: AS 111 ROA: AS 111 ROA: AS 111 168.122.0.0/16 168.122.0.0/16 168.122.0.0/16 168.122.0.0/17 to maxLength 17 to maxLength 24 168.122.128.0/17 Path: AS 111 168.122.0.0/18 168.122.0.0/18 168.122.0.0/16 Path: AS 111 insecure ✘ secure! 168.122.0.0/17 secure! Path: AS 111 2 filtering rules 1 filtering rule 4 filtering rules 168.122.128.0/17 Path: AS 111 168.122.0.0/18 Our compress_roas software converts a minimal ROA (no maxlen) to a compressed minimal ROA! AS 111

  29. How minimal ROAs affect RPKI-validating routers more prefixes in ROAs More filtering rules

  30. How minimal ROAs affect RPKI-validating routers more prefixes in ROAs More filtering rules

  31. How minimal ROAs affect RPKI-validating routers more prefixes in ROAs Insecure case! Every IPv4 prefix has More maxLength = 32 & filtering is vulnerable to forged rules origin sub-prefix hijack!

  32. How minimal ROAs affect RPKI-validating routers more prefixes in ROAs secure! More uses our filtering compress_roas rules software!

  33. Summary ➢ Operators (and RPKI configuration interfaces) should ○ be cautious when using maxLength attribute ○ use minimal ROAs whenever possible ○ follow our recommendations in IETF draft-yossigi-rpkimaxlen ➢ In an RPKI full deployment scenario: ○ maxLength does reduce overhead at routers ○ but our compression tool gives comparable results

  34. Summary ➢ Operators (and RPKI configuration interfaces) should ○ be cautious when using maxLength attribute ○ use minimal ROAs whenever possible ○ follow our recommendations in IETF draft-yossigi-rpkimaxlen ➢ In an RPKI full deployment scenario: ○ maxLength does reduce overhead at routers ○ but our compression tool gives comparable results Thanks!

Recommend

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net 1 RPKI uses rsync RPKI uses rsync as its data publica>on protocol for wider

681 views • 47 slides
Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R.

Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R.

Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada A Commonly Cited Belief Cloning considered harmful

882 views • 30 slides
QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui

QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui

LAC2018 @ c-base Berlin LAC2018 @ c-base Berlin QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui Nuno Capela rncbc rncbc.org rncbc.org June 2018 June 2018 (1) 2003-2004 Dawn of Qstuff* Dawn of

131 views • 11 slides
Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen

Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen

Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen Park, Jiaqi Zhang, Yuanyuan Zhou and Zhiqiang Ma UC San Diego University of

530 views • 39 slides
DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful? 3 Resolvers Are Vulnerable

618 views • 34 slides
In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful draft-smith-6man-in-flight-eh-insertion-harmful IETF-106 Mark Smith markzzzsmith@gmail.com Naveen Kottapalli naveen.sarma@gmail.com Ron Bonica rbonica@juniper.net Fernando Gont

506 views • 34 slides
Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In

Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In

Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In Collaborative Ideation Joel Chan 1 , Pao Siangliulue 2 , Denisa Qori McDonald 3 , Ruixue Liu 3 , Reza Moradinezhad 3 , Safa Aman 3 , Erin T. Solovey 3 ,

468 views • 44 slides
MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm

MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm

MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm Fingerprint of data easy to synthesize (push here), hard to fake (grow this) Known since 1997 it was theoretically not so hard to create

573 views • 35 slides
A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay) Chung (https://tijay.github.io) Assistant Professor Rochester Institute of Technology 1 Outlines RPKI deployment and invalid route origins

583 views • 43 slides
Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev

Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev

CHESE @ PLATEAU @ SPLASH 2017 Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev Meet the ones responsible: Edsger W. Dijkstra Sabine Janssens Ulrik Pagh Schultz Vadim Zaytsev Computing pioneer

301 views • 12 slides
Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am..

Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am..

Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am.. (& Why this talk?) haroon@thinkst.com Some Tools Some Papers Some Books So ? Some

1.38k views • 137 slides
DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined

DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined

DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined somewhere else (another file in our project, a library, etc) In compiler-speak, we want symbols with external linkage I only really care

563 views • 39 slides
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security F. Fischer * , K. Bttinger * , H.Xiao * , C. Stransky , Y. Acar , M. Backes , S. Fahl * Fraunhofer AISEC CISPA, Saarland

739 views • 44 slides
SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 , Hyunjin Cho 2 , Sang-Won Lee 1 , Young Ik Eom 1 1 Sungkyunkwan University, Korea 2 Samsung Electronics, Korea Outline Background Design

367 views • 34 slides
Semaphores considered Edsger s perspective harmful During system conception it transpired

Semaphores considered Edsger s perspective harmful During system conception it transpired

Semaphores considered Edsger s perspective harmful During system conception it transpired that we used the semaphores in Semaphores are low-level primitives. Small two completely different ways. The difference is so marked that,

328 views • 19 slides
Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software

Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software

Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 7 November 2017 The standard WMC talk . . . Sequential consistency (SC) CPU CPU Interleaving semantics read write

514 views • 15 slides
Stored Program Considered Harmful: History & Historiography Thomas Haigh University of

Stored Program Considered Harmful: History & Historiography Thomas Haigh University of

Stored Program Considered Harmful: History & Historiography Thomas Haigh University of WisconsinMilwaukee Paper presented at CIE 2013 Special Session on History of Computing Broader Project History of ENIAC in use ENIAC built 1943

556 views • 24 slides
Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org> 2015-12-30 Introduction OpenWrt developer for >10 years Involved with Linux wireless drivers almost as long Main focus: access points and

306 views • 27 slides
Harmful Algal Blooms Harmful Algal Blooms = HABs Photo credit: Darren Brandt Foam Scum Paint

Harmful Algal Blooms Harmful Algal Blooms = HABs Photo credit: Darren Brandt Foam Scum Paint

Harmful Algal Blooms Harmful Algal Blooms = HABs Photo credit: Darren Brandt Foam Scum Paint Mats on the surface of water Anabaena Microcystis 80+ types of microcystins including microcystin L-R Microcystin LR is generally considered

468 views • 45 slides
Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing RPKI Statistics challenges IRR Status Do we have a Research solution? Opportunities Using ARINs RPKI components @

889 views • 51 slides
Technology Considered Harmful? Case Study: Facial Recognition and Bias Mar 6, 2020 Quiz Time

Technology Considered Harmful? Case Study: Facial Recognition and Bias Mar 6, 2020 Quiz Time

CMSC 20370/30370 Winter 2020 Technology Considered Harmful? Case Study: Facial Recognition and Bias Mar 6, 2020 Quiz Time (5-7 minutes). Quiz on Facial recognition and bias Principles of Good Design Administrivia GP4 video due on Monday

292 views • 28 slides
Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13 RPKI Tools The authors believe the information already contained in the RPKI has value in itself, even for operators not

305 views • 11 slides
Error Bars Considered Harmful Exploring Alternate Encodings for Mean and Error Michael Correll

Error Bars Considered Harmful Exploring Alternate Encodings for Mean and Error Michael Correll

Error Bars Considered Harmful Exploring Alternate Encodings for Mean and Error Michael Correll Michael Gleicher University of Wisconsin-Madison Dont Use Error Bars They dont work as advertised Try something else instead! Dont Use

995 views • 52 slides
AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

SECURING THE INTERNET VALIDATING ROUTING WITH RPKI AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot 2020 RPKI Feb 20 ABOUT REANNZ New Zealands NREN Engineering team of 7

662 views • 54 slides

More recommend