NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards

NIST has released NIST BGP RPKI IO (BRIO) – an open-source test tool and data sets to facilitate testing and experimentation with emerging Border Gateway Protocol (BGP) security and resilience mechanisms that leverage the Resource Public Key Infrastructure (RPKI). This release provides researchers, developers, and network engineers with tools to test and evaluate router implementations of IETF Autonomous System Provider Authorization (ASPA) specifications.

ASPA is a set of emerging IETF standards designed to detect and mitigate BGP Route Leaks.  Route leaks are misconfigurations (typically accidental) that cause BGP routing information to be distributed  in ways that conflict with established business relationships between Internet Service Providers (ISPs).    Route leaks have caused  significant outages through out the history of the Internet .    ASPA leverages the RPKI to permit  network operators to declare which ISPs they use to provide transit services.   ASPA RPKI data enables BGP routers to detect and mitigate route leaks  and provide feasible path verification of some Internet routes.

The BRIO test framework also supports scripting test scenarios for  Route Origin Validation (ROV), and Path Validation (BGPsec) technologies in BGP routers. BRIO supports synthetic traffic generation for BGP, BGPsec, and RPKI-to-Router traffic in controlled experiments.

NIST-BRIO is a contribution from NIST’s  Robust Inter Domain Routing project in the Trustworthy Networks Program.