Cadzow Knowledgebase

Welcome
Contact Us
Professional
Services
Consulting
Knowledgebase/
Site Search
Remote Support

Print Friendly

Determining Your BGP RPKI Status For Fun & Profit

BGP (Border Gateway Protocol) is how packets of data are sent around the Internet in the most efficient way. However, by itself, BGP is vulnerable to mistakes and malicious tampering which can cause traffic to go nowhere, or the wrong destination. The remedy for this is for public network owners to use RPKI (Resource Public Key Infrastructure), whereby routes are signed for authenticity. This all happens invisibly to the user.

If you wish to know if your ISP's network is using RPKI on BGP, CloudFlare publishes a website on an invalid route. If your system is able to access it, this means the ISP network is accepting an invalid route. If unable to access it, the network is correctly ignoring invalid routes.

This can be tested easily in PowerShell:

$t=New-Object Net.Sockets.TcpClient;$t.Connect('invalid.rpki.cloudflare.com',443);$t.Connected;$t.Dispose()

If the command returns True, the invalid route is accepted. If it returns False, the invalid route is correctly rejected.

See also https://isbgpsafeyet.com.

Copyright © 1996-2023 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au