HN
Today

Is BGP Safe Yet? No. Test Your ISP

This Cloudflare-hosted page provides a real-time report on the BGP security posture of numerous global ISPs and transit providers. It explicitly checks for Route Origin Authorizations (ROA) signing and BGP filtering, categorizing providers from "signed + filtering safe" to "unsafe." The story appeals to HN's technical audience by highlighting critical internet infrastructure security and offering a transparent, actionable assessment.

10
Score
0
Comments
#1
Highest Rank
6h
on Front Page
First Seen
Apr 1, 1:00 PM
Last Seen
Apr 1, 7:00 PM
Rank Over Time
31371014

The Lowdown

The "Is BGP safe yet?" page, hosted by Cloudflare, serves as a public audit of the Border Gateway Protocol (BGP) security implementations across a wide array of internet service providers, transit networks, and cloud providers globally. It aims to shed light on the adoption of key security measures like Route Origin Authorizations (ROA) signing and BGP filtering, which are crucial for preventing routing hijacks and ensuring internet stability. The site acts as a practical benchmark, categorizing providers based on their current BGP security readiness.

  • The page lists hundreds of network providers, including major global transits, regional ISPs, and cloud services.
  • Each provider is assessed for its BGP security status, indicating whether their routes are "signed" (via RPKI ROAs) and if they perform "filtering" of invalid routes.
  • Statuses range from "signed + filtering safe" for best practices to "unsafe" for those lacking adequate protection.
  • Intermediate statuses like "partially signed," "filtering peers only partially safe," or "signed unsafe" are also present, indicating various levels of incomplete adoption or potential vulnerabilities.
  • The explicit goal, though not directly stated on the page but implied by Cloudflare's involvement and the title, is to encourage more robust BGP security practices across the internet.

By openly listing the BGP security status of so many entities, this resource provides a valuable, albeit stark, overview of the current state of internet routing security, implicitly urging providers to enhance their defenses against common BGP-related vulnerabilities.