Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
This post introduces ASPA (Autonomous System Provider Authorization), a new cryptographic standard built on RPKI to validate BGP routing paths and prevent route leaks.
•ASPA extends RPKI by allowing networks to publish signed records of their authorized upstream providers, enabling path-level verification beyond origin-only ROA checks
•Validation works by checking the "up-ramp" from the origin and the "down-ramp" from the destination; if both paths fail to connect, the route is flagged as ASPA Invalid
•ASPA can detect classic route leaks caused by customers inadvertently acting as transit bridges between providers (down-and-up valley patterns)
•ASPA provides defense against forged-origin hijacks by cryptographically rejecting paths that include unauthorized intermediaries, though provider-forged peering links remain a blind spot
•Creating ASPA objects is straightforward via RIPE and ARIN RPKI dashboards by listing provider AS numbers; Cloudflare Radar has added an ASPA deployment
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Cloudflare
The Hacker News