Packet Design Inc. this week will unveil a product designed to alleviate the security and reliability issues associated with the Border Gateway Protocol (BGP), the routing protocol used by virtually all network routers for communication between service provider and large enterprise domains.
The company's BGP Scalable Transport (BST) protocol is intended to streamline communication of BGP routing information, thereby improving security and reliability, Packet Design says. BST works with, but requires no changes to, any router vendor's existing BGP implementation.
Packet Design has applied for several patents on BST.
BGP security and scalability is a major concern for service providers, enterprises and the federal government. Richard Clarke, Special Advisor to the President for Cyberspace Security, says the U.S. government should fund the IETF's work on Internet security and establish testbeds for resultant products.
"Right now, (BGP) doesn't use authentication or encryption," Clarke says. "That poses a potential vulnerability, which people have been aware of and talking about for years but no one has done anything to fix yet. So there are two problems, they're related, and we're interested in solutions that facilitate both of them."
Packet Design's solution, BST, augments BGP with a new transport mechanism alongside the one it currently uses, the Transport Control Protocol (TCP). As a point-to-point protocol, TCP sends data from one sender to one receiver. A connection must be kept open between every pair of routers, and many copies of the same information travel across the network simultaneously, rapidly eating up router resources, Packet Design asserts.
Security is compromised, both because the routers lack the capacity to do resource-heavy authentication and encryption while managing such large numbers of connections, and because peering exposes routing services and leaves the network routers vulnerable to attacks, the company claims. Reliability suffers as well, because the failure of even one TCP connection leads to the exchange of large routing tables, causing large-scale ripple effects across the network, Packet Design says.
The company's BGP transport alternative is BST, which transmits information using a technique known as "flooding." Instead of a message being sent from an originating router to every other router in the network, it is sent only to the first router's immediate "neighbor" routers, which in turn send it to their neighbors, and so on.
BST requires significantly fewer connections than TCP, so a network can scale to a much greater size with minimal concern for connection loss, security breaches, slow convergence times and configuration complexity, Packet Design claims.
"It makes BGP more resilient and the management of BGP more secure," says John McConnell, president of McConnell Consulting. "BST can also be used to move other metrics around, such as costs."
Other analysts are less "sold" on the actual technique, though encouraged by the attempt.
"It's healthy that some one is taking a look at TCP and saying, Is this the right protocol for us to build our routing protocols on top,'" says Mark Seery of RHK. "Their suspicion about flooding being better than stateful sessions is probably accurate, although I wouldn't say it's a slam-dunk argument. Some technical due diligence does have to occur by the community. But the bottom line is I think it's a fresh approach and it could spur a lot of important ideas going forward."
And McConnell sounds a familiar refrain regrading start-up companies: "Packet Design's real challenge is to get attention of service providers."
BST can be used between route processors in a single router, between routers in a point of presence (POP), between POPs in an autonomous network, or between autonomous networks.
Packet Design's BST reference implementation will be available in December. Pricing includes an initial license fee starting at US$100,000 plus a per-device royalty dependent on volume.