Jump to content

Routing

From ICANNWiki

Routing is the process of selecting a path for traffic in a network or between or across multiple networks.

Internet Routing Registries

There are at least 25 IRRs registering and executing routing policies that

  • offer public descriptions of the relationship between external and internal Border Gateway Protocol peers,
  • offer Documentation,
  • provide routing security,
  • allow automatic generation of router configurations,
  • provide a debugging aid,
  • publish routing intentions,
  • construct and maintain routing filters and router configurations, and
  • share diagnostic and information service for general network management.[1]

Routing Incidents Types

Border Gateway Protocol (BGP) is a key tool for Internet connection redundancy, enabling data communications between large networks operated by different organizations. However, one bad move can lead to a major blackout.[2] Possible causes could be:

  • Misconfiguration
  • Malicious
  • Targeted Traffic Misdirection

Timeline of Major Incidents

Date Incident Outcomes
April 25, 1997 AS 7007 incident among UU/Sprint
May 7, 2005 Google Outage
February 24, 2008 Pakistan Telecommunication Authority's attempt to block YouTube access within Pakistan takes down YouTube entirely
November 11, 2008 The Brazilian ISP Companhia de Telecomunicações do Brasil Central leaked their internal table onto the global BGP table
April 8, 2010 China Telecom originated 37,000 prefixes not belonging to them in 15 minutes, temporarily causing a global outage
2011 Yandex accident
2014 to 2018 3ve’s BGP hijacker schemes

Routing Security

In June 2022, the SSAC released SAC121, which provides information on:

  • the Internet’s routing system,
  • routing security challenges for DNS infrastructure operators and their implications,
  • the role of network operators in securing the Internet's routing system, and
  • security extensions of the border gateway protocol.

Attackers can inject false routes or information into the routing system. Mistakes can occur through misconfiguration, making it difficult to determine whether a routing incident was intentional or not. Performing DNSSEC validation on signed domain names can protect against routing hijacks. The RPKI builds upon the earlier work of routing registries by associating digital signatures with some of the information found in Internet routing messages. MANRS is one of many security responses to routing issues[3]; SAC121 is for a much broader audience.[4]

References