Politics and Interoperability Standards

You might be surprised that this alarmingly simple way of crashing all the Internet was not dealt with properly for a long time — in fact, until late in the 1990s, a single misbehaving router could indeed bring a considerable part of the Internet down. And yes, that actually happened.

The trouble with this system was that it operated on a trust base, and on security through obscurity. Configuring BGP is not rocket science but comes pretty close to it. And in those days, the number of people actually knowing how to do it were few. It was a close-knitted group of insanely specialised network engineers. And, well, they knew each other, if not by name, at least by reputation. You simply “didn’t do bad things”. But, alas, mistakes certainly happened…

Quickly the BGP protocol was changed to encompass trust. What this meant was that you’d exchange a set of cryptographic keys and would only accept BGP information from trusted routers. A trusted router is a router operated by a network that adheres to the same policies as your own network — like, for instance, refusing to acknowledge route poisoning from downstream routers. Put into another words: you would only exchange BGP information if you could trust your peer that they would comply to a set of policies, and that the person behind the router would sign an agreement with you accepting responsibility for their network (meaning that if they’d sign agreements with third parties, they’d have to agree to the same policies).

So a peering agreement became two things: a binding contract establishing policy, and an exchange of cryptographic keys between the two partners, so that, from a technical point of view, you would know that the origin of the BGP data would come only from routers belonging to operators that adhered to your policies. This became pretty much standardised. And although definitely mistakes happens once in a while, the Internet, ten years later, has not suffered major crashes, thanks to this approach.

Print Friendly, PDF & Email