From Address Blocks to Authorized Prefixes - Redesigning RPKI ROV with a Hierarchical Hashing Scheme for Fast and Memory-Efficient Validation

Learn about a novel approach to improving Route Origin Validation (ROV) performance in this 15-minute conference presentation from NSDI '25. Discover how researchers from the Chinese Academy of Sciences and Southeast University address the scalability challenges facing RPKI (Resource Public Key Infrastructure) systems as they handle increasing volumes of route messages against massive ROA (Route Origin Authorization) entries. Explore the fundamental performance bottleneck in existing ROV schemes that stems from their address block-based validation model, and understand how the proposed Authorized Prefix (AP) model enables validation at the prefix granularity instead. Examine the h2ROV system design, which implements a hierarchical hashing scheme to redesign RPKI ROV based on the new AP model, achieving significant performance improvements with 1.7× to 9.8× speedup in validation and 49.3% to 86.6% reduction in memory consumption for IPv4 networks. Analyze real-world system emulation results demonstrating how h2ROV limits its impact on routing convergence to below 8.5% during update burst events while reducing ROV-induced delays by 30.4% to 64.7% compared to existing solutions, making it a practical defense mechanism against route hijackings in global interdomain routing infrastructures.