Home

Welcome to the pathend wiki!

Extensive standardization and R&D efforts are dedicated to establish secure interdomain routing. These efforts focus on two complementary mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon. This is due to inherent, possibly insurmountable, obstacles, including the need to replace today’s routing infrastructure, meagre benefits in partial deployment and online cryptography. We propose path-end validation, a much easier to deploy alternative to BGPsec. Path-end validation is a modest extension to RPKI that does not require modifications to BGP message format nor online validation of cryptographic signatures. Yet we show, through extensive simulations on empirically derived datasets, that path-end validation yields significant security benefits, even with very limited, partial deployment. We present an open-source prototype implementation of pathend validation, which does not require changing today’s routers, illustrating the deployability advantage over BGPsec.

Configuration: Edit the configuration.py file: edit the list `bgp_routers' to specify the IP addresses of your AS's BGP routers and map them to the administrative password. (see example in the configuration file)

Deployment: Simply run ptyhon agent.py