• MaxLength Considered Harmful to the RPKI (CoNEXT ‘17)
  • Abstract
    • User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals.
    • Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.
  • How the RPKI secures BGP
    • Originating route: 168.122.0.0/16: AS 111
    • The ROA allows AS 111 to originate a valid route to 168.122.0.0/16, but not any of its subprefixes.
      • If AS 111 originated a route to 168.122.1.0/24, this route would be considered invalid (subprefix hijacks), unless it had its own matching ROA.
  • MaxLength
    • De-aggregation
      • Announcing subprexes of a larger prex from the same AS is known as de-aggregation, and sometimes used for trac engineering.
        • However, de-aggregation tends to bloat the size of routing tables across all routers on the Internet.
        • Interestingly, routing security is sometimes also cited as a reason for de-aggregation. By announcing a /24 route, AS 111 ensures that no hijacker can launch a subprex hijack against the route, since BGP routes for prexes longer than /24 are commonly discarded by routers.
    • Using maxLength to deal with de-aggregation.
      • ROA: 168.122.0.0/16-24, AS 111
    • Alternate solution: ROAs with sets of prefixes.
      • ROA:({168.122.0.0/16, 168.122.225.0/24}, AS 111)
    • Minimal ROAs
      • A ROA is minimal [17, §3.2] when it includes only those prefixes that the AS announces in BGP, and no other prefixes. Minimal ROAs come with less flexibility, because the AS must know exactly what prexes it plans to announce at the time the ROA is issued.
    • Compressed ROAs
  • Comment
    • IP Prefix: 管理地址资源的分配情况(AS拥有哪些地址空间)
    • MaxLength: 管理可用于BGP宣告的前缀(AS可以宣告哪些前缀)