Improved Security Thanks to New FORT Validator Features
By Jorge Cano, Senior Software Architect at LACNIC
Cybersecurity is of the utmost importance to LACNIC. In particular, we have put great efforts into packet routing security.
One of the results of such efforts is the FORT Project, through which, among other elements, we have developed the FORT Validator, an open source RPKI validator that is freely available for the entire community to use. Like others, this RPKI validator helps routers distinguish between route advertisements with fake or spoofed source addresses from those with a legitimate origin, regardless of whether these fake advertisements are due to human error or malicious actions.
We want our new version of RPKI implementation to be more resilient, more efficient, easier to maintain and update, and built on Krill, one of the best tools available on the market.
This year, we stepped up our work on the FORT Validator and we have released a new update (version 1.6) with major improvements to its internal operation, especially the implementation of the RRDP protocol and the handling of local cache elements. When we started the FORT project, RPKI was a relatively new protocol, so we have gained a lot of experience over the years. As a result, we decided to implement this optimization in the validator’s code, which allows us to introduce more frequent updates and offer even greater stability to all network and system administrators.
But our work doesn’t end here. We also have a long list of improvements that we will be adding to the validator. We will be communicating these improvements as soon as they are implemented and ready for release to the community. In the third trimester of 2024, we will release more information about the new version of the validator, which will be our largest release since the launch of the first version.