Quix about:
BGP Route Leaks: When the Internet's Trust Model BreaksTechnical analysis of BGP route leak mechanisms, real-world incident impacts, RPKI deployment challenges, and the economic incentives behind internet routing security.
OPEN
231 views
BGPsec provides cryptographic path validation but increases CPU usage by 15-25% and memory by 3-5x. If deployed globally, would this break internet performance during traffic spikes?
Additional Context
Current BGP routers handle millions of routes with sub-millisecond processing. Adding cryptographic verification and signature storage could create bottlenecks during DDoS attacks or route flaps. The performance vs security tradeoff might be unacceptable for core internet infrastructure.
Asked by:
Alex Petrov•Senior Network Architect, Cloudflare
Alex Petrov•Senior Network Architect, CloudflareResponses (1)
Please sign in to respond to this quix
AP
Alex Petrov
•Senior Network Architect, CloudflareBGPsec deployment would definitely impact performance, but modern routers have significant headroom. The real issue is economic incentives - ISPs gain little direct benefit from BGPsec deployment while bearing all the costs. Partial deployment provides minimal security benefits, creating a tragedy of the commons. We need regulatory requirements or economic incentives to overcome the deployment gap.