Routing Operations Observational Technology: Building to Enable Education and Research

Find the original proposal and more details on the ROOTBEER Funding page.

Project Overview

Research and Education (R&E) networks offer specialized capacity to their member institutions that is not available through commodity (commercial) networks, enabling data-intensive collaborative research across scientific disciplines. To support seamless workflows for domain scientists, R&E networks typically prioritize R&E routes ahead of commodity Internet routes. Although optimal for scientific collaboration, this approach introduces vulnerabilities to the integrity of the underlying routing infrastructure for two related reasons.

First, prioritizing R&E paths increases the importance of ensuring correctness in all R&E router configurations. Even minor misconfigurations have resulted in significant route leaks, inadvertently transmitting sensitive U.S. scientific traffic through unintended international routes. Second, academic networks operate under constrained budgets with limited operational staffing. Consequently, many of these networks have yet to implement routing security innovations recommended as best practices for over a decade. Furthermore, as with many security measures, new routing innovations can introduce unforeseen vulnerabilities, creating additional barriers to their adoption.

Proposed configuration for a security-focused routing observatory and operational support system

To address these critical issues, we propose developing a security-focused routing observatory and operational support system designed to ensure that routing policies align with the security and integrity goals of the U.S. science ecosystem. The outcomes of our project will establish a foundational routing security auditing framework coordinated and sustained by Internet2. Our project is structured into three tasks, executed in close collaboration with Internet2 to ensure maximum effectiveness:

Measurement and Analysis: We will adapt and integrate recently developed measurement and analysis capabilities to detect route leaks between R&E and commodity (non-R&E) networks. Such leaks, whether due to accidental misconfigurations or malicious activities, threaten the availability and integrity of critical R&E network services.
Operational Dashboard: We will develop a user-friendly dashboard to operationalize measurement findings. This dashboard will enable a broader set of R&E community stakeholders to identify vulnerabilities, quantify gaps in infrastructure resilience, and implement security best practices effectively, reducing the risk of misconfigurations.
Community Engagement: We will engage actively with the community to disseminate the innovations developed through this project, encourage widespread adoption, and quantitatively assess impact based on deployment metrics.

Publications

Papers

R&E Routing Policy: Inference and Implication, Matthew Luckie, Steven Wallace, Karl Newell, Jeff Bartig, Sadi Koçak, Niels Den Otter, Kaj Koole, James Deaton, kc claffy. IMC 2025.
Active Internet measurement to support policy research, kc claffy, Shivani Hariprasad, Matthew Luckie, David Clark. IMC PRIME 2025.

Presentations

Investigating R&E Routing Policies in the Wild, Matthew Luckie, TechEX, 2025.
R&E Routing Policy: Inference and Implication, Matthew Luckie, IMC, 2025.
Internet2 & CAIDA RPKI-ROA Planner (video, 2025).
Inferring Relative Route Preference of R&E Enterprises, Matthew Luckie, TechEX, 2024.

Data

R&E Routing Policy dataset

Project leads, key team members

kc claffy (CAIDA/SDSC/UCSD)
Steve Wallace (Internet2)
Matthew Luckie (CAIDA/SDSC/UCSD)

Funding Support

This material is based on research sponsored by the National Science Foundation (NSF) grant OAC-2530871. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF.