The network managed by the FCCN unit(RCTS - Rede Ciência, Tecnologia e Sociedade) activated the validation of the origin of routes received from the Internet at the beginning of January 2021. This activation aims to reduce the impact of potential hijacks as well as inadvertent misconfigurations.
FCCN active validation of the origin of incoming routes
After having published the certificates for each of its routes for several years, the validation of the origin of all Internet routes, and the rejection of those classified as invalid, is the definitive step regarding the adoption of RPKI technology at RCTS.
This technology allows legitimate network owners to certify their origin to the entire Internet. At the same time, it allows a gradual adoption by other entities that have not yet started the process of validation and discarding of invalid routes.
The deployment of RPKI in Portugal is still fairly limited, but the various incidents recorded in recent years at global level, whether due to accidental configuration errors or deliberate illegitimate route announcements aimed at diverting traffic, suggest that its adoption is likely to grow in the short term.
Central to the operation of this technology are the Regional Internet Registries, which act as Certification Authorities and Trust Anchors, as they are involved in the distribution of the IP networks themselves.
There is also another fundamental piece, the software used locally in each network (autonomous system), where the network assets exchange routes through the BGP (Border Gateway Protocol ) obtaining the lists of certificates. In the RCTS, this local component was built taking redundancy into account, housing the local validators in two distinct data centres.
We therefore hope that more networks, at national and international level, will follow this example and thus reinforce the security of the Internet as a whole.