Measuring RPKI Route Origin Validation Deployment

The goal of this longitudinal study is to identify autonomous systems that filter invalid routes based on BGP Prefix Origin Validation. Our measurements apply controlled experiments in BGP and RPKI.

We announce two prefixes using the PEERING platform, a reference prefix PR and an experiment prefix PE. Both prefixes are secured by RPKI. PR is always valid, and PE changes between valid and invalid, based on a fix schedule. We use RIPE RIS and Routeviews route collectors to observe which vantage points chose the same route for both prefixes.

Initially, both routes are valid.

Once the ROA change has propagated, we check which routes for PE the vantage points export now. There are three possible observations:

Case 1: The vantage does not change its route for PE.

Case 2: The vantage point has no route for PE.

Case 3: The vantage point has a different route for PE.

In Case 1, there is no indicator that vantage point AS100 is using ROV. However, both Case 2 and Case 3 are strong indicators that AS100 is filtering invalid routes. Case 3 can be explained by selective filtering, i.e. not filtering routes learned from specific AS.

If an AS is classified as either Case 2 or Case 3, we mark it as filtering and list it in our results table. For a more detailed discussion, see our research article.

If you are writing a paper that refers to this website, please cite as follows:

          author = {Andreas Reuter and Randy Bush and {\'I}talo Cunha and Ethan Katz-Bassett and Thomas C. Schmidt and Matthias W{\"a}hlisch},
          title = {{Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering}},
          journal = {ACM SIGCOMM Computer Communication Review},
          number = {1},
          volume = {48},
          pages = {19--27},
          month = {January},
          year = {2018},

Behind this study