The network managed by the FCCN unit (RCTS – Science, Technology and Society Network) activated the validation of the origin of routes received from the Internet in early January 2021. This activation aims to reduce the impact of potential hijacks as well as configurations with inadvertent errors.
FCCN activates validation of the origin of received routes
After having published certificates for each of its routes several years ago, validating the origin of all Internet routes, and rejecting those classified as invalid, is the definitive step towards adopting RPKI technology at RCTS.
This technology allows legitimate network owners to certify their origin to the entire internet. It also allows for gradual adoption by other entities that have not yet begun the process of validating and discarding invalid routes.
RPKI deployment in Portugal is still quite limited, but the various incidents recorded in recent years globally, whether due to accidental configuration errors or illegitimate route announcements deliberate to divert traffic, suggest that its adoption is expected to grow in the short term.
The key point of this technology's operation is Regional Internet Registries, which function as Certification Authorities and Trust Anchors, as they are involved in the distribution of the IP networks themselves.
There is also another fundamental piece, the software used locally in each network (autonomous system), where network assets exchange routes through the protocol BGP (Border Gateway Protocol) obtaining certificate lists. At RCTS, this local component was built with redundancy in mind, hosting local validators in two separate data centers.
We therefore hope that more networks, both nationally and internationally, will follow this example and thus strengthen Internet security as a whole.
