NIST SP800-54.pdf

Although not well known among everyday users, the Border Gateway Protocol (BGP) is one of the critical infrastructure protocols for the Internet. BGP is a routing protocol, whose purpose is to keep systems on the Internet up to date with information needed to receive and transmit traffic correctly. Sending and receiving email, viewing Web sites, and performing other Internet activities require the transmission of messages referred to as packets. Packets sent on the Internet contain source and destination addresses, much like paper mail sent in envelopes. But packets do not go directly from a user’s computer to their destination. Many intermediate systems may be involved in the transmission, and because there are many paths from one point to another, not all packets follow the same path between source and destination. The systems that packets pass through from one point to another all need to know where to forward a packet, based on the destination address and information contained in a routing table. The routing table says, for example, that packets with a destination of A can be sent to system H, which will then forward the packets to their destination, possibly through other intermediate nodes. (Note that the terms “routing table” and “forwarding table” are often used interchangeably, although technically the forwarding table is used to determine where packets will be sent. More on the distinction between these tables can be found in Section 2.1.) Because the Internet changes continuously, as systems fail or are replaced or new systems are added, routing tables must be updated constantly. BGP is the protocol that serves this purpose for the global Internet. When BGP fails, portions of the Internet may become unusable for a period of time ranging from minutes to hours. Most of the risk to BGP comes from accidental failures, but there is also a significant risk that attackers could disable parts or all of network, disrupting communications, commerce, and possibly putting lives and property in danger. This document discusses the structure and function of BGP, potential attacks, available countermeasures, and the costs and benefits related to countermeasures. The emphasis in this publication is on measures that may be applied either immediately or in a short time. A variety of proposals have been introduced in standards bodies for more comprehensive approaches to BGP security, but issues are not yet settled as to which, if any, of these proposals will be adopted by the producers and consumers of routing equipment. The aim of this document is to give decision makers a selection of measures that can be deployed rapidly, yet provide significant improvements to routing security.