Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

BRITE - BGPSEC / RPKI Interoperability Test & Evaluation System

BRITE logo

BRITE - BGPSEC / RPKI Interoperability Test & Evaluation

[Go directly to the running system:  https://brite.antd.nist.gov/]

BRITE is a web-based test and evaluation framework for exercising implementations, configurations and deployments of emerging BGP security technologies, including components of the Resource Public Key Infrastructure (RPKI) and BGP routers that support RPKI-based security extensions. BRITE is currently capable of testing: RPKI validation caches and BGP routers that perform origin validation based upon RPKI ROAs. Future extensions will support BGP routers that support full path validation.

BRITE currently supports the following capabilities / protocol interfaces:

  • rsync of RPKI objects from BRITE test suite repositories
  • RPKI/Router Protocol (draft-ietf-sidr-rpki-rtr-12 – TCP plain sockets, no SSH transport or TCP-AO)
  • BGP-4 (tested interoperability with Cisco IOS, JUNOS, Quagga, OpenBGPD and BIRD)

BRITE is driven by test scripts that describe carefully crafted test scenarios (stimulus inputs from BRITE using the protocols above) and corresponding goals (expected responses from the Implementation Under Test (IUT) using the protocols above). BRITE allows users to login, select a specific test case, interactively configure and run the test case and then browse/download detailed testing reportspacket captures and log files.

An initial suite of scripts have been developed to exercise BGP routers that support Route Origin Validation. These tests only require a BGP router that supports the RPKI/Router protocol and simple route selection policies based upon origin validation state. Additional test suites are under development that focus on validation cache behavior and more advanced tests of origin validation behavior and scaling.

BRITE is provided AS IS and the results from BRITE testing should only be considered as a diagnostic tool to assist developers and potential users of these technologies. In particular, test results from BRITE for particular implementations or deployments should not be portrayed as any form of endorsement by NIST. We fully expect the set of test suites to continuously evolve over the course of this project.

The BRITE system and test suites are developed by the Advanced Network Technologies Division (ANTD) at theNational Institute of Standards and Technology (NIST) as part of the collaborative effort between NIST and The Department of Homeland SecurityScience and Technology Directorate’s Secure Protocols for the Routing Infrastructure Project.

We encourage you to explore BRITE, examine the current set of test suites, request an account and let us know, how you plan to use BRITE.

For comments, questions and support, please refer to Contact.

Uses

BRITE will be of use to the following groups:

  • Developers of RPKI validating caches
  • Developers of BGP routers that support origin and path validation extensions
  • Early adopters to explore new capabilities and components
  • Customers to evaluate / compare product offerings
  • Operators to verify test configuration settings
  • Researchers to study different behavior and stress test system configurations

Contact

BRITE Development Team

Created August 15, 2016, Updated April 5, 2022