Publication detail
-
Revisiting RPKI Route Origin Validation on the Data PlaneIn: Proc. of Network Traffic Measurement and Analysis Conference (TMA), IFIP, 2021
Abstract
The adoption of the Resource Public Key Infrastructure (RPKI) is increasing, as are measurement activities to identify RPKI-based route origin validation (ROV). Several proposals try to identify Autonomous Systems (ASes) that deploy ROV using control plane as well as data plane measurements. We show why simple end-to-end measurements may lead to incorrect identification of ROV. In this paper we evaluate data plane traceroute measurements as a mechanism to extend coverage and provide a reproducible method for ROV identification using RIPE Atlas. Moreover, we extend the current state-of-the-art by identifying ROV performed by route servers at Internet Exchange Point (IXP) and using an include list to differentiate between fully and partially ROV-enforcing ASes. Our measurements from 5494 vantage points in 3699 ASes infer ROV is deployed in 216 unique ASes: 11 with strong confidence, 18 with weak confidence, and 187 indirectly adopting ROV via filtering by IXP route servers.
Topics: Network Security, Internet Measurements and Analysis, Network Management