Peerlock: Flexsealing BGP
share
BGP route leaks frequently precipitate serious disruptions to interdomain routing. These incidents have plagued the Internet for decades while deployment and usability issues cripple efforts to mitigate the problem. Peerlock, introduced in 2016, addresses route leaks with a new approach. Peerlock enables filtering agreements between transit providers to protect their own networks without the need for broad cooperation or a trust infrastructure. We outline the Peerlock system and one variant, Peerlock-lite, and conduct live Internet experiments to measure their deployment on the control plane. Our measurements find evidence for significant Peerlock protection between Tier 1 networks in the peering clique, where 48 reveal that many other networks also deploy filters against Tier 1 leaks. To guide further deployment, we also quantify Peerlock's impact on route leaks both at currently observed levels and under hypothetical future deployment scenarios via BGP simulation. These experiments reveal present Peerlock deployment restricts Tier 1 leak export to 10 simulated leaks. Strategic additional Peerlock-lite deployment at all large ISPs (fewer than 1 peering clique as deployed, completely mitigates 80 leaks.
READ FULL TEXT
