• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • About MANRS
    • History
    • Partners
    • Advisory Group
      • Description and Role
      • Members
    • Testimonials
    • Contact Us
  • Programmes
    • Network Operators
      • Network Operators Programme and Actions
      • Implementation Guide
      • Participants
      • Join MANRS
    • IXPs
      • IXP Programme and Actions
      • Participants
      • Join IXP Programme
    • CDN and Cloud Providers
      • CDN and Cloud Providers Programme and Actions
      • Participants
      • Join the Programme
  • MANRS Ambassadors
  • Resources
    • All Resources
      • Implementation Guide
      • Papers
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
  • Observatory
  • Blog
  • Join

What’s Wrong with Routing? (Part 3)

July 15, 2020 by Megan Kruse Leave a Comment

In Part 1, we discussed what routing is and how data is sent across the Internet, and in Part 2 we discussed how routers work to build maps of the Internet and direct traffic. It’s all been working mostly well for 25+ years, hasn’t it? Why are we even talking about something that just … works? In this post, we’ll look at some of the security issues with the global routing system.

At its core, the routing system is built on trust among networks. Tens of thousands of individual networks make independent decisions while also interoperating as one global Internet. The intertwined nature of these networks contributes to the Internet’s resilience, scalability, and ease of adoption. With no single point of failure, the routing system is difficult to break on a global level – if a path fails, a network can simply choose to route traffic around the problem area. Unfortunately, the same qualities that ensured the Internet’s overall success also contribute to some of its challenges.

In Part 1 we compared routing to online dating and talked about how hard it is to trust someone you meet on the Internet because there’s no way to verify your potential beloved is telling the truth. Similarly, because BGP was developed so long ago, at a time when the Internet was a small, mostly academic endeavor with a small community of folks who all knew each other, it has no built-in mechanism to validate that announcements sent by the routers are either legitimate or correct. In fact, it’s remarkably easy for any network to announce anything – whether unintentionally or deliberately. This also means it’s very easy for things to end in disappointment – much like the dating game.

In 2018 alone, there were over 12,000 routing incidents. Incidents like route leaks, route hijacks, and IP address spoofing each have the potential to slow down Internet speeds or even to make parts of the Internet unreachable, thus disrupting the ability of companies or users to access critical services or information. Packets can also get diverted through malicious networks, providing an opportunity for surveillance.

In the next post, we’ll talk about route hijacks, route leaks, and IP address spoofing in more detail. Check back tomorrow!

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • More
  • Email
  • Print
  • Reddit
  • Tumblr

Category iconRouting Security Tag iconBasics,  routing

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • IXP peering platform: an environment to take care of
  • Partnering with NSRC on MANRS & Routing Security Training
  • Partnering with Global Cyber Alliance on Open Standards, Routing Security, and More
  • Working with CSIRTs to improve routing security
  • MANRS Welcomes 500th Network Operator
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on YouTube

MANRS Document © 2016–2021

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.