Cloudflare tool lets internet users to check if their ISP implements BGP protection

So far, only a limited number of ISPs have deployed BGP security feature

Cloudflare has launched a new tool to help internet user to check whether their internet service provider (ISP) has implemented security protections and filters to make Border Gateway Protocol (BGP) safer to use.

In order to use the tool, users will be required to go to "Is BGP Safe Yet" website, which was launched by Cloudflare on Friday. After a user clicks on the "test your ISP" button on the home page, a quick test will be run to determine if their ISP has started using the Resource Public Key Infrastructure (RPKI) certification system.

The test will be carried out by announcing a legitimate route, which is actually an invalid route. If the ISP accepts that invalid route to load a website, it will suggest that the ISP has not yet implemented RPKI and that it will likely accept a leaked or a hijacked route too.

So far, only a limited number of ISPs and cloud companies have implemented the RPKI security feature. Those companies include NTT, Telia Amazon, AT&T, and Cogent, according to the "BGP Safe Yet" website.

BGP, which is described as the postal service of the Internet, is used to determine the best route among various available paths for internet data. Unfortunately, this protocol is not very secure to use and provides opportunity to threat actors to hijack web traffic for data interception, spying, or other malicious purposes.

A number of major internet disruptions have occurred in recent years because of BGP issues.

In June 2019, a major 'routing leak' at a data centre in Switzerland caused the re-routing of European mobile traffic through China Telecom for more than two hours. A large number of users reported significant slowdowns in data speeds as a result.

Similarly, Facebook, Instagram and WhatsApp were taken down for 14 hours in March 2019 in a global outage caused by a BGP leak from a European ISP.

Earlier this month, a BGP disruption resulted in unexpected diversion of huge amounts of web traffic through a Russian telecom.

"With that last big route leak from a few weeks ago out of Russia it was a point at which our engineering team said enough is enough, it's time for us to start naming and shaming the companies who aren't doing this right," Cloudflare CEO Matthew Prince told Wired.

"Anything that goes wrong anywhere on the internet we get blamed for it, which is right! Our customers pay us to make sure their internet connections are fast and secure and reliable. So BGP is one of these really frustrating areas that we can't solve ourselves."

RPKI is a security framework technique that links a route with an autonomous system. It relies on cryptography method to validate the piece of information before it is passed onto the routers.

"We expect this initiative will make RPKI more accessible to everyone and ultimately will reduce the impact of route leaks," Cloudflare said.

"The last two years have shown that the Internet can become safer and we are looking forward to the day where we can call route leaks and hijacks an incident of the past," it added.