Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

When will Rogers switch to secure BGP routing?

jmellor
I've been here awhile

‎04-20-2020 03:02 PM

I've had some quirky delays lately, and noticed some odd traceroute outputs.  I know there have been some severe issues over the last 2 years with the highly-unresilient site in North York, but they tend to be in the nature of complete outages.  Taking me over the top was this test: https://isbgpsafeyet.com/ showing that Rogers routing is easily hijacked and specifying the protocol correction to fix the issue.  So, when is Rogers fixing their routing software to correct the problem?

3 REPLIES 3

Re: When will Rogers switch to secure BGP routing?

-G-
Resident Expert
Resident Expert

‎04-20-2020 04:44 PM - edited ‎04-20-2020 04:50 PM

Implementing RPKI would be a nice thing for Rogers to do but I don't think that it is (or even should be) their highest priority at the moment.  It's a rather complex undertaking, to say the least, and will involve a lot of effort and coordination.

 

I think it's great that Cloudflare is raising awareness about RPKI but their blog post is causing unnecessary panic, and there are many practical reasons why adoption has been slow.  We also won't see the benefits until EVERY ISP signs their prefixes AND until we get to the point where all BGP peers will only accept prefixes that have been signed and validated.  Then the day will come when RPKI will be a requirement and if anything goes slightly wrong at that time, we will have bigger problems then having traffic temporarily routed through China.

 

Another thing to consider is that we still right in the middle of the COVID-19 pandemic, so it's also not a great time to take on an initiative such as this.  Rogers also has more important and more pressing problems to fix in their network as well before they take this on.  I would be shocked if Rogers has not already started planning for their RPKI implementation.  I'm also not going to panic because they haven't implemented it either.

0 Likes

Re: When will Rogers switch to secure BGP routing?

gcerullo
I plan to stick around
In response to -G-

‎04-23-2020 09:02 AM - last edited on ‎04-23-2020 09:04 AM by Moderator

Hey Rogers,

 

Is there any timeline for when Border Gateway Protocol (BGP) Resource Public Key Infrastructure (RPKI) security framework will be implemented?

 

https://isbgpsafeyet.com/

 

Screen Shot 2020-04-23 at 8.53.13 AM.png

0 Likes

Re: When will Rogers switch to secure BGP routing?

ve3tej
I plan to stick around
In response to gcerullo

‎04-29-2020 01:48 PM - last edited on ‎04-29-2020 01:51 PM by Moderator

Unfortunately, my Internet provider, @Rogers (AS812), does NOT implement BGP safely. Check out https://isbgpsafeyet.com to see if your ISP implements BGP in a safe way or if it leaves the Internet vulnerable to malicious route hijacks. via @Cloudflare

0 Likes
Topic Stats
  • 3 replies
  • ‎04-20-2020 03:02 PM
  • 3751 views
  • 1 Like
  • 4 in conversation
Copyright © 2024 Khoros, LLC