Breaking Down FCC's Proposal To Strengthen BGP Security
HelpNet Security, Wednesday, August 7th, 2024
In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC's proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation (ROV), and addresses concerns about the impact on smaller ISPs and the global implications of U.S.-mandated changes.
The FCC's proposal requires nine major U.S. ISPs to deploy RPKI Route Origin Validation (ROV). What are the main benefits and potential challenges of implementing RPKI on such a large scale, especially considering the varying levels of RPKI deployment among these providers? RPKI ROV is the best mechanism we have to reduce the risk of disruption due to BGP routing mishaps.
To deploy RPKI ROV, a network must do two things. First, it must create Route Origin Authorizations (ROAs), which are records asserting the proper AS origin for each route. Secondly, it must configure its routers to evaluate incoming BGP announcements and reject those that don't match published ROAs.