It is not a question of ‘Should we’ implement RKPI Validation anymore, it is rather a question of ‘When will we’ implement it. As far as we are concerned: today! Or at least as soon as possible. So for us, 2019 will be the year of making the Internet a whole lot safer, by boosting routing security.
Slowly we are seeing that routing security is getting traction. We have been advocating it a lot already, because we have seen what happens if BGP announcements are hijacked. Fun fact – actually an alarming fact – each day there are dozens of (attempted) BGP hijacks. We have already seen what this could lead to: In April of this year, MyEtherWallet users got robbed of their cryptocurrency, because thanks to a hijacked IP address range, all traffic was rerouted to a Russian server. The wallets were emptied; the culprits got away with at least 13,000 dollars in just under two hours. And who doesn’t remember that time when ten years ago YouTube went offline, because Pakistan Telecom changed the BGP entry for YouTube to upstream providers, downing the site for a couple of hours worldwide. You might say we have been waiting and trusted each other too much for too long. So what better time to start securing Internet routing then the new year?
Giving away secrets
There are a couple of arguments I hear often when I speak about implementing RKPI Validation: it would cause too many unreachable sites, a higher latency and most people think it is very hard to implement. But actually it is not that hard at all, if you know some of the tricks. And to help people with that, together with Melchior Aelmans from Juniper Networks I am working on a booklet, basically giving away my secrets.
The booklet is part of the ‘Day One-series’, edited by Juniper. They have started this series to help people with all kinds of topics. The idea is that these booklets can be read within a day – hence the name. Juniper knows that we at Fusix are a firm believer in RKPI Validation and that we have gained a lot of expertise on the topic. So they have asked me to write down what I know and help others in making the Internet safer again. I am currently finishing the booklet and it will be available soon. Don’t worry, we will let you know.
In 2018, we started on this path of routing security and it is our New Year’s resolution to continue this throughout 2019 and further. Because I know we can do it and I know that ISP’s have a big role in it. I Also know it is needed, because our trust in each other has been broken many times already and if we do not watch out, it will going to hurt us even more.