Posted by: Tom Nolle
BGP, Border Gateway Protocol, china, Internet routing, Internet security
There’s been a recent flap about a report that China rerouted a bunch of U.S. traffic through China, capturing and potentially (so they say) examining both government and corporate information. China denies the story, and the real issue here, in my view, is the lack of any discipline in the way the Internet operates as a global network.
There has always been an issue with route advertising in IP networks. Someone can advertise a route falsely and thus capture traffic. Making the Internet into a “real” global public network means making it relatively immune to this kind of hijacking. And whether the China allegations are true or not, there is potential for harm because of either accidents or malice, and both have surely happened before.
Border Gateway Protocol (BGP) security and management of domains isn’t an easy process, but we certainly have the components to make the Internet more bulletproof, and it’s time we tried to do that. A key requirement is some overall enforcement of reasonable practices, though, and the only way that will happen is if the ISPs themselves say they won’t peer with anyone who doesn’t follow the rules, nor accept routes/traffic from or through them.