All, We just wanted to let you know that Pretty Good BGP (PGBGP) is now available for Quagga. The Internet Alert Registry (IAR) has been running it stably for a few months now and we wanted to open it up to early adopters. Overview: PGBGP is a distributed security mechanism for BGP that attempts to avoid prefix hijacks, sub-prefix hijacks, and spoofed paths. Each router individually computes its own idea of the origin ASes for each prefix based on the past few days of routing announcements. Routes for prefixes with new origin ASes are labeled as anomalous and are depreferenced for 24 hours, using the more trusted (stable) routes where possible. New links are also considered anomalous, as well as new sub-prefixes. New sub-prefixes are dealt with by choosing paths to the trusted less specific when possible for 24 hours. Opt-in emails are sent to operators to inform them of anomalies, to help them identify and fix the problem (if any) within the 24 hours. Hardware overhead: Running PGBGP requires roughly ~20MB of extra RAM. Adding additional BGP sessions does not significantly affect PGBGP memory usage. CPU requirements are minimal. Routing performance: Sometimes, PGBGP will select an inferior path in order to avoid an anomalous route. Our studies have shown that typically, anomalous routes are short lived (e.g. due to convergence churn). On the IAR, of the available 1,546,996 routes in the RIB, 5,111 of them are anomalous at the time of writing this email. There are corner cases in which PGBGP could cause loss of reachability, and they are discussed in the papers. Documentation, papers, links to NANOG presentations, and the patch itself are available at the project's webpage: http://cs.unm.edu/~karlinjf/pgbgp/ If you're interested in PGBGP or would like to help further BGP security research, please give it a try and let us know that you're running it. We'd be happy to entertain suggestions, discuss the protocol, and provide support. Thanks for your time, Josh