• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • History
    • Partners
    • Testimonials
    • Governance
      • Steering Committee
      • Advisory Group
        • Description and Role
        • Members
      • Community Charter
    • Contact Us
  • Programs
    • Network Operators
      • Network Operators Program and Actions
      • Implementation Guide
      • Participants
      • Join
    • IXPs
      • IXP Program and Actions
      • Participants
      • Join
    • CDN and Cloud Providers
      • CDN and Cloud Providers Program and Actions
      • Participants
      • Join
    • Equipment Vendors
      • Equipment Vendor Program and Actions
      • Participants
      • Join
  • MANRS Ambassadors
  • Resources
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
    • How-to Videos
    • Events
  • Observatory
  • Blog
  • Join

What’s Wrong with Routing? (Part 3)

July 15, 2020 by Megan Kruse Leave a Comment

In Part 1, we discussed what routing is and how data is sent across the Internet, and in Part 2 we discussed how routers work to build maps of the Internet and direct traffic. It’s all been working mostly well for 25+ years, hasn’t it? Why are we even talking about something that just … works? In this post, we’ll look at some of the security issues with the global routing system.

At its core, the routing system is built on trust among networks. Tens of thousands of individual networks make independent decisions while also interoperating as one global Internet. The intertwined nature of these networks contributes to the Internet’s resilience, scalability, and ease of adoption. With no single point of failure, the routing system is difficult to break on a global level – if a path fails, a network can simply choose to route traffic around the problem area. Unfortunately, the same qualities that ensured the Internet’s overall success also contribute to some of its challenges.

In Part 1 we compared routing to online dating and talked about how hard it is to trust someone you meet on the Internet because there’s no way to verify your potential beloved is telling the truth. Similarly, because BGP was developed so long ago, at a time when the Internet was a small, mostly academic endeavor with a small community of folks who all knew each other, it has no built-in mechanism to validate that announcements sent by the routers are either legitimate or correct. In fact, it’s remarkably easy for any network to announce anything – whether unintentionally or deliberately. This also means it’s very easy for things to end in disappointment – much like the dating game.

In 2018 alone, there were over 12,000 routing incidents. Incidents like route leaks, route hijacks, and IP address spoofing each have the potential to slow down Internet speeds or even to make parts of the Internet unreachable, thus disrupting the ability of companies or users to access critical services or information. Packets can also get diverted through malicious networks, providing an opportunity for surveillance.

In the next post, we’ll talk about route hijacks, route leaks, and IP address spoofing in more detail. Check back tomorrow!

Category iconRouting Security Tag iconBasics,  routing

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • You’ve Got Mail—MANRS Conformance Reports and Incident Reporting
  • Majority of Announced IPv6 Address Space Now Secured by ROAs
  • RFC 7911 – What happens when routers do not speak the same language
  • The US FCC Asked About Routing Security. Here’s what MANRS Participants Had to Say.
  • Announcing 2022 MANRS Fellows
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2022