The Bgp leaks and hijacks, the Border Gateway Protocol, a routing protocol used to connect separate autonomous systems, have been accepted as an inevitable part of the Internet for too long, according to Cloudflare, a company that deals with
The Internet is too vital a infrastructure to allow this long-known problem to endure, Cloudflare says, that it is time for networks to use to prevent the impact of leaks and hijacks, making the BG
The Bgp protocol has existed, and has evolved since the 1980s, and over the years it has been equipped with security features. The main security feature added to the protocol is called Resource Public Key Infrastructure (Rpki), a framework designed to make secure the Internet routing infrastructure and prevent route hijacking and
Today, Cloudflare argues, the sector considers Rpki to be mature enough for widespread use, with a sufficient ecosystem of software and tools, including open source tools developed by Cloudflare itself, which declares that it has fully implemented Origin Val
However, continue the analysis of Cloudflare, the Internet can only be secure if the main network operators implement Rpki. The big networks have the ability to spread holes or hijacking in wide and wide, and it is therefore essential, according to Cloudflare, that they take part in the fight against the security problems of the Bgp.
According to Cloudflare, about 50% of the Internet is now more protected against route leaks, thanks to the implementation of Rpki, and is a positive but still not sufficient data.
To monitor the state of things, Cloudflare has released isBGPSafeYet.com, a website designed to track such deployments and filter invalid routes by major networks and Internet Service Provider (ISP).
This is an initiative, Cloudflare explained, designed to make Rpki more accessible to all, in order to reduce the impact of route leaks. The aim is that users share this message aimed at increasing network security with their Internet, hosting or network provider, to get to a safer Internet.
In addition, to monitor and test implementations, Cloudflare has also decided to announce two prefixes that must be considered invalid and that must not be routed by its provider if Rpki is implemented in the network:
In the published test, and that you can run, on isBGPSafeYet.com, the user browser will try to get two pages: the first, valid.rpki.cloudflare.com, is behind a valid Rpki prefix
Two results are possible: if both pages are recovered correctly, the ISP has accepted the invalid path and therefore does not implement Rpki. If you recover only valid.rpki.cloudflare.com, the user’s isp implements Rpki and that network will be less vulnerable to route leaks.