On the classification and false alarm of invalid prefixes in RPKI based BGP route origin validation

Abstract: BGP is the default inter-domain routing protocol in today's Internet, but has serious security vulnerabilities\cite{murphy2005bgp}. One of them is (sub)prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problems\cite{heilman2014consent}\cite{cooper2013risk}\cite{gilad2017we}\cite{gilad2017maxlength}, among which is potential false alarm. Although some previous work\cite{gilad2017we}\cite{heilman2014consent} points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.