Jun 11 – 12, 2018
Orea Hotel Voronez
Europe/Prague timezone

BGP transport security – do you care?

Jun 11, 2018, 4:20 PM
Congress Hall (Orea Hotel Voronez)

Congress Hall

Orea Hotel Voronez

Krizkovskeho 47 603 73 Brno Czech Republic


MD5 is insecure. BGP uses MD5 for session authentication therefore BGP is insecure. The internet is broken. Panic!

How many of you use MD5 for BGP sessions? And for what purpose? Isn’t MD5 authentication really just a longer form of peer identifier – to avoid accidentally establishing a session with a wrong peer? Does MD5 help in preventing route leaks and hijacks? Does your network allow access to internal BGP speaking nodes from outside of the perimeter? How do you distribute MD5 secrets to your peers? How do you change MD5 secrets without tearing down the BGP session?

TCP Authentication Option has been around for a while. Is anyone aware of TCP-AO? Do any major vendors implement it? Does anyone care? Why not to run BGP over TLS? Or BGP over IPsec? Or BGP over QUIC? Or why not invent a new secure transport for BGP? Sure, that sounds to be a lot of fun, let’s do that.
Control plane security has been a special kind of security for a long time. Indeed there are specialty aspects to it as of the layers above relying significantly on the proper operation of the control plane, and often transports used for control planes are not too common ones.

IETF has been working on control plane security for a noticeable period of time, there was a dedicated KARP working group and protocol-specific working groups had their individual initiatives on security aspects. However the world still uses MD5 for BGP. KARP WG got shutdown after a long struggle to produce anything. Is this the question of education, or the lack of it to be precise? Is the problem of peer authentication solved in some other way? Is there a problem at all? Do we need to spend time on spreading the word on what control plane security is and why it is important? Is there a problem at all – given sufficient network operational hygiene and proper network design, do we need control plane security as a separate entity as such? Is there a need for having inbuilt transport security mechanisms into BGP protocol itself?

IETF would like to hear the feedback of operators’ community on these topics.

Type of Presentation

Primary author

Mr Ignas Bagdonas (Equinix)

Presentation materials