Constraints on Automated Key Management for Routing Protocols

Slides:



Advertisements
Similar presentations
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.
Advertisements

4a-1 CSE401: Computer Networks Hierarchical Routing & Routing in Internet S. M. Hasibul Haque Lecturer Dept. of CSE, BUET.
CSCI 4550/8556 Computer Networks Comer, Chapter 25: Internet Routing.
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
Network Layer4-1 Chapter 4 roadmap 4.1 Introduction and Network Service Models 4.2 Routing Principles 4.3 Hierarchical Routing 4.4 The Internet (IP) Protocol.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
14 – Inter/Intra-AS Routing
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
Chapter 27 Q and A Victor Norman IS333 Spring 2015.
ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.
Routing ROUTING. Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
Routing and Routing Protocols Routing Protocols Overview.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.
4: Network Layer4a-1 Hierarchical Routing r aggregate routers into regions, “autonomous systems” (AS) r routers in same AS run same routing protocol m.
Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,
1 John Magee 11 July 2013 CS 101 Lecture 11: How do you “visit” a web page, revisted Slides adapted from Kurose and Ross, Computer Networking 5/e Source.
Routing ROUTING Presented by Aditya Kumar Gupta Lecturer, Department of Computer Application SMS Varanasi.
1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.
5: Link Layer Part Link Layer r 5.1 Introduction and services r 5.2 Error detection and correction r 5.3Multiple access protocols r 5.4 Link-Layer.
1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.
Network Layer4-1 Intra-AS Routing r Also known as Interior Gateway Protocols (IGP) r Most common Intra-AS routing protocols: m RIP: Routing Information.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_a Routing Protocols: RIP, OSPF, BGP Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
Basic Routing Principles V1.2. Objectives Understand the function of router Know the basic conception in routing Know the working principle of router.
4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
TCP/IP (Routing). Content DHCP And Mobile IP Internet Routing Protocol RIP (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border.
Prof. Alfred J Bird, Ph.D., NBCT Office – Science 3rd floor – S Office Hours – Monday and Thursday.
Physical Net. Access IP TCP/UDP Application Physical Net. Access IP TCP/UDP Application Physical Net. Access Physical Net. Access IP Physical Net. Access.
1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.
Routing in the Internet
14 – Inter/Intra-AS Routing
Chapter 4: Network Layer
Virtualization of networks
A Typical Connection Scenario
CS 280: Summary: A day in the life of a web request
ICMP ICMP – Internet Control Message Protocol
Chapter 4: Network Layer
Troubleshooting IP Addressing
Routing.
CS 457 – Lecture 10 Internetworking and IP
Chapter 6 The Data Link layer
Department of Computer and IT Engineering University of Kurdistan
Dynamic Routing and OSPF
COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.
Chapter 4: Network Layer
Routing Protocols Charles Warren.
Overview The Internet (IP) Protocol Datagram format IP fragmentation
Chapter 4: Network Layer
IPsrc IPdst MACsrc MACdst
Chapters 1~5 Overview Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley Prof. Hong Liu for ECE369 Adapted from.
Chapter 4: Network Layer
Implement Inter-VLAN Routing
IP IP Net. Access Net. Access Net. Access Net. Access Physical
Synthesis A day in the life of a web request
BGP Instability Jennifer Rexford
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Chapter 4: Network Layer
CS 381: Introduction to Computer Networks
Routing.
Network Layer: Internet Inter-Domain Routing
Internet protocol stack
Presentation transcript:

Constraints on Automated Key Management for Routing Protocols Ross Callon IETF 71 March 2008, Philadelphia

AKM for Routing Protocols Link State protocol constraints Bootstrapping the routing protocol Operation over Broadcast Media Don’t take down the network Simplicity and Comprehensibility

Link State Protocol Constraints OSPF & IS-IS work because every router in an area has an identical view of the topology And runs identical route computation Authentication can be used to decide whether to bring up a link Or whether two neighbors exchange IGP traffic Authentication must not effect whether I believe the advertisement from a router across the area Different routers may get different results

Bootstrapping the Routing Protocol If something goes wrong with routing (or with security), there has to be a way to recover If the routing protocol depends upon AKM, then AKM can’t depend upon the routing protocol For OSPF & IS-IS, AKM **must** only operate between directly attached devices, using link layer You can’t depend on IP to an arbitrary address BGP can depend upon the IGP being up But can’t depend on a priori inter-domain routes For BGP, authentication probably only effects the preference of routes (in some sense)

Broadcast Media OSPF / IS-IS / RIP operate over broadcast media (eg, Ethernet) A router on a broadcast LAN uses link layer multicast to send one packet to multiple other routers on the same LAN AKM will need to operate over the LAN And provide a key that one router can use to send a single packet to multiple other routers

Don’t Break the Network The point is to keep the network up Authentication has to be more likely to keep things up, than to take the network down It has to be simple, understandable, resilient to mistakes Some configuration is allowed A router has to know which IGP to run Probably one pre-shared secret is okay also But: Keep it simple

Simplicity, Comprehensibility Many router experts are not security experts (and vice versa) This is not a complete mutual understanding Security is much more likely to be deployed if it is understood Including what it protects against, failure modes, and how to deal with problems.

Summary It has to work It (AKM for RPs) has to bootstrap It has to work over broadcast LANs It has to be simple, foolproof It has to solve a perceived problem Requirements may differ by protocol (OSPF, IS-IS, RSVP, LDP, UDP, TCP for BGP, TCP for not-BGP, …)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.