Home

Andrew Chi

RPSTIR

On December 16, Raytheon BBN Technologies made its first open-source release of the Relying Party Security Technology for Internet Routing (RPSTIR, pronounced "rip-stir"). RPSTIR helps network operators detect and reject accidental, false route origin advertisements, thus reducing the likelihood of inadvertent Internet address space hijacking. Using the global Resource Public Key Infrastructure (RPKI), RPSTIR securely generates a list of authorized prefix-origin AS pairs. This list can be used by the RTR protocol, enabling routers to detect false origin announcements due to errors by network operators, e.g., the Pakistan Telecom hijack of YouTube address space. RPSTIR also offers an RPSL output option, enabling operators to generate route filters, compatible with existing, deployed router and operations software. In addition to enabling operators to utilize RPKI data, RPSTIR also provides fine-grained diagnostic tools for those who publish RPKI data.

RPSTIR is offered under the BSD open source license model, so everyone is free to modify RPSTIR to suit individual needs or incorporate it into other products.

Features include:

  • Fine-grained ASN.1-level diagnostics for debugging RPKI repositories
  • Both RPSL and diagnostic output
  • Top-down and bottom-up certification path discovery
  • Flexible database architecture (based on MySQL)
  • Efficient parallel download of RPKI objects
  • Local Trust Anchor functionality for mitigation of CA errors
  • RTR server implementation

The Resource Public Key Infrastructure (RPKI) is being standardized in an ongoing effort at the IETF in the sidr working group.

Project Admins: