An Autonomous System (AS) is a network or group of networks under common administration and with common routing policies. A typical example of an AS is a network administered and maintained by an Internet Service Provider (ISP). Customer networks, such as universities or corporations, connect to the ISP, and the ISP routes the network traffic originating from the customer networks to network destinations that may be in the same ISP or may be reachable only through other ISPs. To facilitate the routing of network traffic through one or more ASes, the network elements of the ASes need to exchange routing information to various network destinations. Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP) that is used to exchange routing information among network elements (e.g., routers) in the same or different ASes. A computer host that executes a BGP process is typically referred to as a BGP host or a BGP device. To exchange BGP routing information, two BGP hosts, or peers, first establish a transport protocol connection with one another. Initially, the BGP peers exchange messages to open a BGP session, and, after the BGP session is open, the BGP peers exchange their entire routing information. Thereafter, only updates or changes to the routing information are exchanged, or advertised, between the BGP peers. The exchanged routing information is maintained by the BGP peers during the existence of the BGP session.
To validate the trustworthiness of the exchanged routing information, various authentication or validation techniques have been used and proposed, such as the Resource Public Key Infrastructure (RPKI), which can be used by legitimate holders of the resources to control the operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is often used to secure BGP through BGPSEC (BGP Security) or Origin AS Validation, as well as Neighbor Discovery Protocol (ND) for IPv6 through the Secure Neighbor Discovery Protocol (SEND).
Notably, when booting a (new) edge router using a security protocol such as Origin AS or BGPSEC, the RPKI cache system is empty. Consequently, all paths in the edge routers are set to a “NOT FOUND” or “INVALID” state (Origin AS and BGPSEC, respectively). If the router is configured to discard/drop “NOT FOUND” or “INVALID” paths, a circular dependency is created between the RPKI validation servers and the edge routers, as the validation servers will not be able to traverse the edge router to reach external validation servers, such as domain name service (DNS) servers needed to resolve publication points' URLs (Universal Resource Locators), nor the RPKI repository system itself, nor external network time protocol (NTP) servers also required for validation. Additionally, a circular dependency could also happen through an improper design of the repository system, particularly if IP addresses for the DNS resolving servers and the publication points are all hosted in an unreachable location.