Packet Design this week will unveil a product designed to alleviate the security and reliability issues associated with the Border Gateway Protocol (BGP), the routing protocol used by virtually all network routers for communication between service provider and large enterprise domains.

 The company's BGP Scalable Transport (BST) protocol is intended to streamline communication of BGP routing information, thereby improving security and reliability, Packet Design says. BST works with, but requires no changes to, any router vendor's existing BGP implementation.  

Packet Design has applied for several patents on BST.

BGP security and scalability is a major concern for service providers, enterprises and the federal government. Richard Clarke, Special Advisor to the President for Cyberspace Security, says the U.S. government should fund the IETF’s work on Internet security and establish testbeds for resultant products.

“Right now, (BGP) doesn’t use authentication or encryption,” Clarke says. “That poses a potential vulnerability, which people have been aware of and talking about for years but no one has done anything to fix yet. So there are two problems, they’re related, and we’re interested in solutions that facilitate both of them.”

 Packet Design’s solution, BST, augments BGP with a new transport mechanism alongside the one it currently uses, the Transport Control Protocol (TCP).  As a point-to-point protocol, TCP sends data from one sender to one receiver.  A connection must be kept open between every pair of routers, and many copies of the same information travel across the network simultaneously, rapidly eating up router resources, Packet Design asserts.

Security is compromised, both because the routers lack the capacity to do resource-heavy authentication and encryption while managing such large numbers of connections, and because peering exposes routing services and leaves the network routers vulnerable to attacks, the company claims.  Reliability suffers as well, because the failure of even one TCP connection leads to the exchange of large routing tables, causing large-scale ripple effects across the network, Packet Design says.

The company's BGP transport alternative is BST, which transmits information using a technique known as "flooding." Instead of a message being sent from an originating router to every other router in the network, it is sent only to the first router's immediate "neighbor" routers, which in turn send it to their neighbors, and so on.