DE-CIX India are taking a completely customer-centric approach in our ongoing effort to enhance and to exceed standards. Accordingly, DE-CIX India is pleased to announce that it is India's first Internet Exchange to implement IRRDB filtering. The propagation of incorrect routing information is a major cause of Internet incidents. BGP does not verify whether an ASN is authorised to advertise IP prefixes in its routing table. Most common threats, such as Prefix Hijacking, BGP Hijacking, and Route Leaks, manipulate this flaw. Peering depends greatly on the trust network operators have in each other that they will secure their systems and not send incorrect routes.
In addition, human error in router configuration can also lead to unwanted route leaks with BGP. "Route Validation using IRRDB filtering" can be used to prevent these incidents.
First and foremost, we see this as an important step toward helping our customers improve their security.
As a first measure we implemented filtering using a manually updated list. Following on from this now we have now implemented filtering based on IRRDB information managed by our customers. As a result of this, prefixes can be allowed or filtered on an automatic basis.
“As operators of an interconnection platform, we are responsible for providing a service on which our customers can rely, and it is critical for our own and our customers' businesses to strengthen and maintain trust in the Internet. Continuous research and development, security audits and certifications, and developing and maintaining principles and practises are as essential as providing extra security services to protect an Internet Exchange (IX) from attackers and accidental damage.
Given not only growth in the number of networks and IP space connected to the Internet, and society's reliance on digital infrastructure, and but also the value of the data shared, we can expect IP hijacking—malicious or accidental—to increase. Technology such as IRR (Internet Routing Registries) filtering, which we provide on the DE-CIX route servers, can be used to mitigate the problem. IRR filtering will prevent the propagation of incorrect routing information.” – Sudhir Kunder (Country Director, DE-CIX India)
Filtering using IRRDB: - It is possible to query the Internet Routing Registry (IRR) for information about Internet number resources. Information retrieved from the IRR is used to validate and filter routing information.
The following is what we ask our connected peers to do:
- Register route and route6 objects with their RIR, detailing what routes they wish to advertise.
- Networks providing BGP transit services to other networks should maintain an AS-SET object containing their ASN and the ASNs or AS-SETs of their transit customers as members.
Update their peeringdb.com article with their AS-SET if one is in use.