Autonomous System Provider Authorization - ASPA is a new approach for the Path Validation in BGP Information Security. Only Path Validation Standard in IETF is BGP SEC which is specified in RFC 8205. In this post, I won't explain BGPSEC, but basically it works based on encrypting the entire path and useful only if there is full adoption among the Autonomous Systems in Global Internet (Default Free Zone). Main problem though, since entire path is encrypted, resource requirements on the Routers quite significant with BGPSEC. There are two new approaches for Path Validation and both are in Draft state in IETF at the moment.
These are AS-Cones and ASPA which is the purpose of this post. I discussed ASPA (Autonomous System Provider Authorization) with the Author of the Draft, Alexander Azimov on how Internet can be made more secure with ASPA which is a new proposal. Securing Internet is Hard Challenge,Preventing Route Leaks, Hijacks, Malicious Activities are not trivial.Current approaches such as BGPSEC or SoBGP doesn't work. In this video, also, Origin Validation, Path Validation, SoBGP, BGPSEC, RPKI, ROA, RIR, LIR, Hijacks, Exact Prefix Hijacks, Sub Prefix Hijacks,Route Leaks and many other BGP Security features, techniques and protocols have been discussed.
It is over 2 hours but I think you will learn a lot about Inter-domain routing security. Sharing the video below! [embed]https://www.youtube.com/watch?v=2Kzc8k9S8Pc&t=4673s[/embed]
Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021
He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.
Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.
Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers.