^ Top

NANOG Meeting Presentation Abstract

High Performance BGP Security: Algorithms and Architectures
Meeting: NANOG69
Date / Time: 2017-02-08 1:30pm - 2:00pm
This item is webcast
Room: Independence Ballroom A (5B Level)
Presenters: Speakers:

Mehmet Adalier, Antara Teknik LLC

Mehmet Adalier is the Founder and CEO of Antara Teknik LLC and leads the innovation and development of interoperable, efficient, and secure communications solutions. Previously, during his 22-year career with Intel Corporation, he held senior leadership positions in Research and Development of disruptive technologies; in Corporate Development setting strategy and establishing alliances with global software and hardware companies to mature ecosystem readiness; and in defining and delivering Consulting Services to Federal Agencies and Commercial Enterprises to enhance their computing infrastructure with improved TCO.

KOTIKALAPUDI SRIRAM, National Institute of Standards and Technology

Kotikalapudi Sriram holds a Ph.D. degree in electrical engineering from Syracuse University. He is currently a senior researcher in the Advanced Networking Technologies Division at the National Institute of Standards and Technology (NIST). Previously he held various positions at Bell Laboratories. His current interests are in Internet routing security and scalability, DDoS prevention, and SDN. He is a Fellow of the IEEE.
Abstract: The BGPsec protocol addresses several vulnerabilities associated with BGP. In particular, it provides cryptographic protection against prefix mis-originations and AS path attacks. However, the required cryptographic processing imposes additional workload on the route processor in edge routers. In this talk, we first provide an insight into the nature of computational complexities associated with BGPsec update processing. We then propose and evaluate optimizations for BGPsec update processing, including algorithmic, field level, and group level optimizations. We quantify the impact of these optimizations on BGPsec processing at the core cryptographic operations level as well as at the update message processing level. ECDSA signing and verification speeds with the proposed enhancements are compared against the fastest available OpenSSL implementation for the same. Further, we also report results on the speed of BGPsec update processing including the essential BGPsec functions such as data assembly, packet parsing, sorting AS path segments, fetching public keys, and executing ECDSA P256 signing and verification. Finally, we make use of reasonable projections for IPv4 and IPv6 growth rates, BGPsec adoption rate, and processor speedup, and present a model for BGPsec routing convergence time. This model considers BGPsec processing as incremental to the basic BGP processing, which includes best path selection, route filtering, applying policy filters, etc. A relative comparison is provided for convergence time projections for the BGP only scenario vs. mixed (BGP + BGPsec) scenario, which assumes that BGPsec adoption takes about two decades to go from zero to nearly complete global adoption.
Files: pdfHigh Performance BGP Security: Algorithms and Architectures(PDF)
youtubeHigh Performance BGP Security: Algorithms and Architectures
Sponsors: None.

Back to NANOG69 agenda.

NANOG69 Abstracts

  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Security Track
    Speakers:
    Jesse Sowell.
    Krassimir Tzvetanov, Fastly; Allan Friedman.
    Tim April.
    Paul Ebersman, Comcast; Christian Dawson, i2Coalition; Ron Winward, Radware;
  • Are We There Yet?
    Speakers:
    Yossi Gilad, Boston University and MIT; Avichai Cohen.
    Amir Herzberg.
    Michael Schapira.
    Haya Shulman.
  • Are We There Yet?
    Speakers:
    Yossi Gilad, Boston University and MIT; Avichai Cohen.
    Amir Herzberg.
    Michael Schapira.
    Haya Shulman.
  • Are We There Yet?
    Speakers:
    Yossi Gilad, Boston University and MIT; Avichai Cohen.
    Amir Herzberg.
    Michael Schapira.
    Haya Shulman.
  • Are We There Yet?
    Speakers:
    Yossi Gilad, Boston University and MIT; Avichai Cohen.
    Amir Herzberg.
    Michael Schapira.
    Haya Shulman.
  • Are We There Yet?
    Speakers:
    Yossi Gilad, Boston University and MIT; Avichai Cohen.
    Amir Herzberg.
    Michael Schapira.
    Haya Shulman.
  • Why Go?
    Speakers:
    James BoswellCharter Communications; .

 

^ Back to Top