Cloudflare launched Is BGP safe yet recently that provides Internet users with a test to find out whether their Internet Service Provider (ISP) has implemented a certification system to make BGP safer to use.
All it takes is to open the website and click on the “test your ISP” button to run a quick test that determines whether the ISP has implemented the certification system RPKI.
Border Gateway Protocol (BGP) is a core Internet protocol that is used to determine the route that data takes on the Internet. One of the issues associated with the protocol is that the possibility of hijacking exists. A basic example would be that traffic from a user in the United States would go through servers in Asia to access the New York Times website.
While that is usually caused by server misconfigurations, it is sometimes used on purpose to redirect traffic for malicious or privacy-invading purposes, e.g. to record data.
Cloudflare’s test checks if the ISP has implemented Resource Public Key Infrastructure (RPKI) by announcing a legitimate route and making sure the route is invalid. If the site is loaded, the invalid route was accepted by the ISP which in turn means that the ISP has not implemented RPKI.
Only a few ISPs, transite or cloud companies have implemented the security feature already. Cloudflare lists Telia and NTT on the test page, and several more, e.g. Amazon, AT&T or Cogent, that have started the implementation or implemented it partially already.
Internet users cannot really do much about it other than share the results of the test on Twitter (implemented on the test site) or elsewhere. An email, letter, or message to the ISP in question might also help get the ball rolling. Those who use different ISPs, e.g. one for the Internet connection at home and another for mobile, may find that one provider supports the safer standard already while another does not.
Now You: Has your ISP implemented RPKI already?