The Internet may be viewed as a collection of Autonomous Systems, where an “Autonomous System” (AS) typically refers to a set of network elements, such as e.g. routers, switches, and controllers, under a single technical administration. The term “network elements” may refer to network elements which could include not only actual physical devices and systems but also devices and systems implemented entirely in software and/or could also include virtual devices and systems components. An AS may also be considered to include hosts connected to the network. Segregation into different AS's allows defining administrative authorities and routing policies of different organizations.
Each AS is “autonomous” (i.e., relatively independent from the other AS's) in the sense that is runs its own independent routing policies and unique Interior Gateway Protocols (IGPs). Exterior routing protocols were created, the current Internet standard EGP being the Border Gateway Protocol (BGP), to exchange routing information between different AS's, a process often referred to as “route advertisement.” For example, the BGP defines an inter-AS routing protocol, where one of the primary functions is to exchange network reachability information (NLRI) using a so-called “BGP speaking system” (also often referred to as a “BGP speaker”) by means of sending so-called “update messages.”
BGPSEC is a relatively recent extension to the BGP, providing cryptographic assurance to a BGP speaker who receives a valid BGPSEC route advertisement in that the advertised route has the property that every AS on the path of AS's listed in the advertisement has explicitly authorized the advertisement of the route to the subsequent AS in the path. While BGPSEC is a very promising candidate for ensuring path security for BGP route advertisements, deployment of this protocol in practice has been challenging due to the fact that techniques currently used for sending route advertisements and processing the received advertisements, especially validation of the cryptographic assurance included in each BGPSEC update message, are highly resource-intensive. Therefore, a need exists for improved techniques for sending and receiving BGP update messages, in particular those that can be used in BGPSEC.