LACNIC

Routing

FORT Monitoring: Real-Time Mapping of Routing Incidents in the LAC Region

19/05/2020

An analysis of the data obtained during the past month by FORT Monitoring shows that approximately 2% of the IPv4 prefixes announced in Latin America and the Caribbean might represent potential route hijacks, that anomalies have been detected in 11% of these prefixes, and that an additional 11.5% of these prefixes are unprotected. In the case of IPv6,  2% of the prefixes represent route hijacks, 3.6% have some type of anomaly, and 15.5% are un protected.

According to FORT Monitoring, a project that shows real-time routing security status data for the region and its impact on end users, 76.6% of IPv4 prefixes and 78.9%  of IPv6 prefixes originate in a trusted and/or authoritative source.

FORT Monitoring has been developed and designed to provide information to technical staff, decision makers and activists working in the region. It is part of FORT, a project led by LACNIC and NIC Mexico that seeks to increase Internet routing system security through resource certification. As part of the FORT project, LACNIC and NIC Mexico have developed an RPKI validator and a diagnostic report which analyzes routing incidents and route hijacks that have occurred in the LAC region over the past three years.

FORT Monitoring. The FORT Monitoring tool includes a section containing basic information for decision makers, activists and a non-technical audience. FORT Monitoring also offers users with a technical profile more advanced tools that allow them to access detailed information by prefix and autonomous system. It also includes monthly reports with the most relevant information, to which users can subscribe.

The goal of FORT Monitoring is to provide real-time information on routing security in the region, noted Carolina Caeiro, Development Project Coordinator at LACNIC.

Considered to be one of the pillars of the Internet, the global routing system is under constant pressure and vulnerable to attack. Whether deliberate or accidental, a failure in this system may affect the ability of users and organizations to interconnect.

For years, LACNIC has been working together with other organizations on the deployment of technologies to protect the routing system.

RPKI Deployment. This technology, which is currently in the process of being deployed worldwide and across the region, allows protecting the routing system against a large number of attacks. In order for the routing system to be protected, coverage should continue to increase and be as close to 100% as possible.

According to FORT Monitoring, last month, RPKI deployment for IPv4 prefixes reached 22.3% in the region, while for IPv6 prefixes it totaled 23%. Further details and the evolution of these figures over the past few months are available on the website.

La imagen tiene un atributo ALT vacío; su nombre de archivo es Despliegue-de-RPKI-ipv4-1.png

RPKI Validator. BGP origin validation allows verifying the routing announcements made by other operators and is a form of protection against potential alterations in the path followed by Internet traffic. As can be seen in the FORT Monitoring graph that shows the status of prefixes announced via BGP originating in organizations of Latin America and the Caribbean, 20.3.7% of IPv4 prefixes are valid, 77.7% are unprotected and 2% are incorrect or malicious. In the case IPv6 announcements, 21% of prefixes are valid, 77% are unprotected and 2% are incorrect or malicious.

As RPKI deployment advances, it will allow reducing the number of unprotected prefixes and will provide operators with a tool to determine which prefixes on the global routing tables are valid and which are not.