Border Gateway Protocol (BGP) helps stitch together the thousands of networks that collectively deliver what we think of as the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.
BGP has worked extremely well and continues to the be a key protocol that makes the Internet work. The problem is, BGP was created long before security was a major concern. BGP assumes that all networks are trustworthy. Technically, there are no built-in security mechanisms to validate that routes are legitimate. In addition, networks are scattered across the globe making the chain of trust difficult to trace, and even if you’re trying to validate information, there’s a lack of reliable resource data.
Every network should help secure the global routing system as a whole. The Internet Society supports Mutually Agreed Norms for Routing Security (MANRS). MANRS is a community initiative of network operators and Internet Exchange Points (IXPs) that creates a baseline of security expectations for routing security. MANRS calls for simple, but concrete actions that will reduce the most common routing threats, including BGP hijacking.
Much of our work is outlined in the Deploy360 Securing BGP Section. A few key resources to get you started:
