Oracle Releases Tool to Help Improve Internet Routing Security

Voiced by Amazon Polly


Oracle & Internet Society

In a blog post, Oracle announced the release of IXP Filter Check, a security tool designed to monitor route filtering at internet exchange points (IXPs).

Oracle has partnered with the Internet Society in an effort to improve internet security. IXPs are what’s responsible for connections between different networks, but they also represent a vulnerable point, where connections can be routed incorrectly—either by mistake or maliciously.

According to Oracle, “implementing route filtering at IXPs offers the opportunity to make real progress in the improvement of internet routing hygiene. IXPs serve a vital role in the infrastructure of the internet by facilitating thousands of connections between the networks of telecoms, content providers and other major businesses.

“However, the implementation of route filtering can be complicated and to date there has been no way to independently and programmatically verify whether an IXP was appropriately filtering its routes. Using data graciously published by Packet Clearinghouse (PCH) and data processing supported by Oracle Cloud Infrastructure, the Oracle Internet Intelligence team developed IXP Filter Check to analyze route filtering at nearly 200 IXPs around the world.

“By monitoring the routes passed by route servers at these IXPs, and identifying those routes that should have been filtered, IXP Filter Check identifies gaps in route filtering and aims to assist in technical compliance of MANRS IXP requirements.

“In the course of its development, IXP Filter Check has identified major filtering misconfigurations at three IXPs including a month-long RPKI filter outage at one of the world’s largest IXPs. By detecting these problems, IXP Filter Check enabled cooperating route server administrators to fix their route filtering and also validated the need for third party technical review of route server filtering.”

With IXP Filter Check system admins will have one more tool in their arsenal to protect networks and improve the security of the internet.