On the classification and false alarm of invalid prefixes in RPKI based BGP route origin validation

Abstract

BGP is the default inter-domain routing protocol in today's Internet, but has serious security vulnerabilitiesmurphy2005bgp. One of them is (sub)prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problemsheilman2014consentcooper2013riskgilad2017wegilad2017maxlength, among which is potential false alarm. Although some previous workgilad2017weheilman2014consent points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.