Ain't How You Deploy: An Analysis of BGP Security Policies Performance Against Various Attack Scenarios with Differing Deployment Strategies
Seth Barrett, Calvin Idom, German Zavala Villafuerte, Andrew Byers, Berk Gulmezoglu
TL;DR
This work analyzes how different BGP security policies perform against multiple attack vectors under varied deployment strategies using a simulation-driven framework. It compares defenses such as ROV, ASPA, PeerROV, AS-Cones, and extended ROV++ within a BGPy-based environment, leveraging CAIDA-derived data and extensive trial runs. Key findings show ASPA with ROV as a base delivers the strongest protection, while deployment at an input clique can offer scalable benefits with limited AS involvement. The study provides practical guidance for policy design and deployment, while acknowledging simulator limitations and outlining concrete avenues for future work.
Abstract
This paper investigates the performance of various Border Gateway Protocol (BGP) security policies against multiple attack scenarios using different deployment strategies. Through extensive simulations, we evaluate the effectiveness of defensive mechanisms such as Root Origin Validation (ROV), Autonomous System Provider Authorization (ASPA), and PeerROV across distinct AS deployment types. Our findings reveal critical insights into the strengths and limitations of current BGP security measures, providing guidance for future policy development and implementation.