Computing networks can include multiple network devices including network devices such as routers, switches, hubs, and computing devices such as servers, desktop PCs, laptops, workstations, mobile devices and peripheral devices, e.g., printers, facsimile devices, and scanners, networked together across wired and/or wireless local and/or wide area network (LANs/WANs).
For next generation networks, Border Gateway Protocol (BGP) Security (BGPsec) has been proposed (by the Internet Engineering Task Force (IETF)) which assumes additional capabilities in routers. The current design of BPGsec requests that each BGP update be forward signed as the update traverses the Internet. In particular, BGPsec draft standards, currently under development, propose adding digital signatures to BGP update messages. As such, an Autonomous System (AS) that wishes to receive BGPsec update messages will involve providing additional memory in its routers, e.g., in Adjacent Router Information Bases (ADJ-RIBs), to store the data conveyed in these large update messages.
Additionally, the design of BGPsec assumes that an AS that elects to receive BGPsec update messages will do some cryptographic signature verification at its edge router, e.g., BGP router. This is one example that would involve additional capability on the edge router. Unfortunately, such additional capabilities involve cost and time to update legacy hardware in existing networks.