Announcing BGP Secure Router Extension (BGP-SRx) Prototype Implementation IETF SIDR working group is developing standards for BGP origin validation and AS path validation to strengthen the inter-domain routing infrastructure. At the IETF 80 in March 2011, NIST made an introductory presentation on a prototyping effort called BGP Secure Router Extension (BGP-SRx). SRx is an open source reference implementation and research platform for investigating emerging BGP security extensions and supporting protocols. BGP-SRx has three parts: SRx Server, SRx API, and Quagga SRx (integrates SRx API into Quagga router). The current focus in the BGP-SRx prototype is on origin validation, although it is designed to be be extended to path validation in the future (some stub functionality is already included in this version). The current release implements: The RPKI/Router Protocol and a variety of BGP policies for enforcing Route Origin Authorizations (ROAs) conveyed from RPKI validating caches. Also included in the release are test client/server test harnesses for RPKI/Router and WireShark modules for debugging. For more information on BGP-SRx, and to download the prototype and tools, see: http://www-x.antd.nist.gov/bgpsrx/ For those wanting an easy way to experiment with BGP-SRx, in June we made an announcement about the BRITE system (BGPSEC/RPKI Interoperability Test & Evaluation): http://mailman.nanog.org/pipermail/nanog/2011-June/038063.html You can use BRITE (http://brite.antd.nist.gov<http://brite.antd.nist.gov/>/) to run BGP-SRx (or any other implementation) through aseries of test scripts that exercise numerous interesting scenarios for BGP ROA processing under different policy assumptions. We will make a presentation at NANOG-53 on Monday (9/10/11) in the ISP Security BoF where we will briefly explain the functionalities of both BGP-SRx and BRITE and also give demos. Please attend the BoF if you are interested to learn more. Comments and feedback about SRx and BRITE are welcome. See the project page For details. dougm -- Doug Montgomery – Mgr. Internet & Scalable Systems Research / ITL / NIST