This talk examines the security and resilience of two fundamental infrastructure protocols; the BGP routing system that provides global reachability and (briefly) the Domain Name System (DNS) that provides essential naming information. Despite the Internet’s tremendous growth and fundamental change in form, these critical network infrastructure protocols remain tied to a simple fault model. In today’s complex large-scale system, the core Internet protocols face frequent operational errors, incorrect protocol implementations (or protocol under specifications), unexpected complex interactions between elements, and intentional attacks. This talk fist examine some BGP routing problems observed in the Internet, such as the complex interactions between routing and events such as the recent worm attacks. While one could argue that the current problems call for restarting with a complete redesign, it is important to note the core Internet protocols have clearly succeeded to achieve their original aims and their deployed base in measured in millions of systems and billions of dollars. Rather than restarting from scratch, the challenge lies in both advancing the system in fundamental ways while still respecting operational constraints and deployed system bases. To address these challenges, the talk presents enhancements that can be deployed to enhance resilience through techniques such as consistency checking and enhancing protocols with diagnosis information. Using these techniques, the talks show how path vector algorithms can be enhanced to improve convergence by orders of magnitude, exploit existing data for enhanced protection against human error, and ultimately provide better data delivery. In DNS, the talk shows how cryptographic solutions can be added to the system for authentication.
In the broader sense, the results suggest that a multi-fence framework for building a truly resilient Internet infrastructure is both achievable and effective.