Abstract
BGP routing security relies on many technologies, both old and new, such as IRR-based Route Filters and RPKI Technologies like Route Origin Authorizations (ROAs) or Autonomous System Provider Authorization (ASPA-s). While these technologies are well-known, they are still used together, and accurate route filter generation remains a challenging task with significant operational implications for large-scale router filter generation at major tier-1 ISPs.
We show that AS-Set documentation in RIR databases is still critical yet systematically overlooked. We evaluate the scope and patterns of these issues - including missing documentation, AS-Set explosive expansion, and cyclic dependencies - demonstrating that accurate AS-Set documentation remains a foundational requirement for operational filtering.
We present the toolchain and technologies like Route Query Specification (RQSpec) we use for route filter generation at scale, compensating for the complexity introduced by poor documentation.
Recording
Video will be added soon.
Speakers
Fedor Vompe
Sebastian Becker
Sebastian Becker, born in 1976 in Berlin, Germany, has been working for Deutsche Telekom for over 22 years. He started in January 2002 at the 24/7 service desk and worked his way up to become the (only) peering manager for AS3320. Global routing has been his daily companion from the very beginning.
Since 2007, he has been part of the RIPE community, regularly attending NANOG meetings since 2011. He joined the GPF/EPF community in 2019 and became a part of the CoC Team of the RIPE community in 2023.
Since 2019 he is also an active member of the DENOG orga and member of the PC for the DENOG conferences.
Rate this talk
Rating will open: Monday, 18 May 2026 09:00 (+0100).