Belnet recently implemented RPKI as one of the first Belgian ISPs. In doing so, we contribute to the security of BGP routing and the internet in general. Invalid BGP routes (without certificate, or ROA) are now rejected, which means that Belnet helps thwarting BGP Hijacking.
Cloudflare launched in March 2020 the campaign "Is BGP Safe Yet?" with the aim of increasing the overall security of the BGP routing protocol. A weakness of BGP is the so-called “BGP hijacking”: stealing or redirecting internet traffic. This can cause end users to land on a malicious website instead of the intended website.
Image: Cloudflare
In June 2020, Belnet decided to contribute and also to implement RPKI. Thanks to our networks and services team, the following is now in effect since October 1st:
- All Belnet BGP prefixes (IPv4 and IPv6) have a certificate proving that they belong to Belnet (this is the case for already a few years);
- Belnet no longer accepts BGP routes from the internet that do not have a valid certificate. In other words, illegal routes are banned and this makes the internet safer. Hackers can no longer redirect traffic to a malicious site.
If you are on the Belnet network and take the test (Is BGP Safe Yet?), you will now see the following message.
The more ISPs or internet organisations do this, the safer BGP routing and therefore the internet becomes.
Belnet is today one of the first Belgian ISPs to have implemented this. Also see our page with more information about the implementation.
As a next step, we want to encourage and help Belnet customers who have their own prefix (Provider Independent IP range) to take the same steps to certify those prefixes.