lswcap
The Internet consists of a set of IP networks or routers called autonomous systems. Routing that determines communication paths between autonomous systems uses a protocol called Border Gateway Protocol (BGP). However, BGP has a problem in that the communication path is taken away by an attack called BGP hijacking. Cloudflare has released a website (Is BGP safe yet?) where you can check if your internet provider ISP can handle these issues.
BGP is a protocol in charge of routing between autonomous systems, such as Internet providers, established in 1989. The safety of BGP cannot be said to be high, so network hijacking by BGP hijacking has occurred in the past.
To solve this problem, RPKI was developed as a BGP security function. RPKI detects IP address misuse and BGP hijacking by comparing the AS number, which is a unique number assigned to each autonomous system, and ROA, which indicates the correct combination of IP address, and route information of the router.
To provide a secure Internet through RPKI, IPS must support RPKI. You can find out whether your ISP supports RPKI by using the website Cloudflare has published. Press the button (Test your ISP) and the results will be displayed immediately.
If you look at the IP address space of the RPKI response status disclosed by Cloudflare, yellow indicates the RPKI compatible IP address space, and blue indicates the unsupported location. There are many more that are not yet supported.
The operation of this site is simple and can be accessed regardless of its RPKI counterpart. Try accessing both (valid.rpki.cloudflare.com) and, if applicable, accessible (invalid.rpki.cloudflare.com) sites with or without a response, and if both respond, the RPKI judged to be responsive to Cloudflare said it expects the day to come when it will be said that the leakage of route information or network hijacking due to the BGP problem is a thing of the past. Related information can be found here.
Add comment