On the classification and false alarm of invalid prefixes in RPKI based BGP route origin validation

TL;DR

This paper systematically classifies and analyzes invalid prefixes in RPKI-based BGP validation, revealing most are due to benign reasons like traffic engineering and IP transfer rather than malicious hijacking.

Contribution

It introduces a classification of invalid prefixes into six types and provides a detailed analysis of their stability and causes, highlighting the prevalence of false alarms.

Findings

Most invalid prefixes are caused by traffic engineering and IP transfer.

Invalid prefixes are generally stable over time.

False alarms are more common than actual hijackings.

Abstract

BGP is the default inter-domain routing protocol in today's Internet, but has serious security vulnerabilities\cite{murphy2005bgp}. One of them is (sub)prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problems\cite{heilman2014consent}\cite{cooper2013risk}\cite{gilad2017we}\cite{gilad2017maxlength}, among which is potential false alarm. Although some previous work\cite{gilad2017we}\cite{heilman2014consent} points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.