Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Learning to Identify Conflicts in RPKI

Haya Schulmann, Shujie Zhao

TL;DR

This work tackles the challenge that strict RPKI Route Origin Validation can inadvertently block legitimate BGP announcements due to benign conflicts arising from ROA misconfigurations and routing dynamics. It introduces Learning Origin Validation (LOV), a three-layer framework (ML classifier, post‑analyzer, and quarantine) that generates an Internet‑scale whitelist of benign conflicts to protect legitimate traffic while preserving hijack protection. Through six months of live measurements and detailed ground-truth construction, LOV identifies and whitelists 52,846 benign conflicts with a Random Forest classifier achieving high accuracy in distinguishing benign conflicts from hijacks, supplemented by a post‑analyzer using AS visibility and a Z‑test for anomaly detection. The real‑world deployment demonstrates LOV’s practicality, revealing prevalent benign conflicts and providing a path toward broader RPKI adoption, though it also highlights data challenges, security considerations, and future refinements such as collaboration with operators and cloud BYOIP scenarios.

Abstract

The long history of misconfigurations and errors in RPKI indicates that they cannot be easily avoided and will most probably persist also in the future. These errors create conflicts between BGP announcements and their covering ROAs, causing the RPKI validation to result in status invalid. Networks that enforce RPKI filtering with Route Origin Validation (ROV) would block such conflicting BGP announcements and as a result lose traffic from the corresponding origins. Since the business incentives of networks are tightly coupled with the traffic they relay, filtering legitimate traffic leads to a loss of revenue, reducing the motivation to filter invalid announcements with ROV. In this work, we introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale. The resulting whitelist is made available to RPKI supporting ASes to avoid filtering RPKI-invalid but benign routes. Saving legitimate traffic resolves one main obstacle towards RPKI deployment. We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.

Learning to Identify Conflicts in RPKI

TL;DR

This work tackles the challenge that strict RPKI Route Origin Validation can inadvertently block legitimate BGP announcements due to benign conflicts arising from ROA misconfigurations and routing dynamics. It introduces Learning Origin Validation (LOV), a three-layer framework (ML classifier, post‑analyzer, and quarantine) that generates an Internet‑scale whitelist of benign conflicts to protect legitimate traffic while preserving hijack protection. Through six months of live measurements and detailed ground-truth construction, LOV identifies and whitelists 52,846 benign conflicts with a Random Forest classifier achieving high accuracy in distinguishing benign conflicts from hijacks, supplemented by a post‑analyzer using AS visibility and a Z‑test for anomaly detection. The real‑world deployment demonstrates LOV’s practicality, revealing prevalent benign conflicts and providing a path toward broader RPKI adoption, though it also highlights data challenges, security considerations, and future refinements such as collaboration with operators and cloud BYOIP scenarios.

Abstract

The long history of misconfigurations and errors in RPKI indicates that they cannot be easily avoided and will most probably persist also in the future. These errors create conflicts between BGP announcements and their covering ROAs, causing the RPKI validation to result in status invalid. Networks that enforce RPKI filtering with Route Origin Validation (ROV) would block such conflicting BGP announcements and as a result lose traffic from the corresponding origins. Since the business incentives of networks are tightly coupled with the traffic they relay, filtering legitimate traffic leads to a loss of revenue, reducing the motivation to filter invalid announcements with ROV. In this work, we introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale. The resulting whitelist is made available to RPKI supporting ASes to avoid filtering RPKI-invalid but benign routes. Saving legitimate traffic resolves one main obstacle towards RPKI deployment. We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.

Paper Structure

This paper contains 45 sections, 10 figures, 6 tables.

Table of Contents

  1. Introduction
  2. RPKI Overview
  3. Related Work
  4. LOV Overview
  5. ML-Classifier
  6. Features
  7. Utilization of Default Values
  8. ML Identification
  9. Implementation, Evaluation, and Analysis
  10. Data Collection
  11. Cross-validation on Ground Truth Data
  12. Evaluation on New Data
  13. Feature Importance
  14. Errors Analysis
  15. Robustness to Adversarial Attacks
  16. ...and 30 more sections

Figures (10)

  • Figure 1: The overview of LOV.
  • Figure 2: CDFs of $d$.
  • Figure 3: Feature importance.
  • Figure 4: Changes in global visibility of malicious ASes before, during and after the BGP incidents and evaluation with the post-analyzer. Red vertical lines indicate outlier detections.
  • Figure 5: The daily number of RPKI-invalid routes detected by ROV, benign conflicts, hijacks identified by the RF classifier, and hijacks unverified by the post-analyzer throughout the measurement period.
  • ...and 5 more figures