Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.

Slides:



Advertisements
Similar presentations
An Operational Perspective on BGP Security Geoff Huston February 2005.
Advertisements

Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson
CS Summer 2003 Lecture 4. CS Summer 2003 Route Aggregation The process of representing a group of prefixes with a single prefix is known as.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.
BGP Attributes and Path Selections
Inter-domain Routing Don Fussell CS 395T Measuring Internet Performance.
– Chapter 4 – Secure Routing
TCOM 515 Lecture 6.
Distance Vector Routing Protocols W.lilakiatsakun.
Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.
M. Menelaou CCNA2 DYNAMIC ROUTING. M. Menelaou DYNAMIC ROUTING Dynamic routing protocols can help simplify the life of a network administrator Routing.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
Routing and Routing Protocols Routing Protocols Overview.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
10/8/2015CST Computer Networks1 IP Routing CST 415.
Chapter 9. Implementing Scalability Features in Your Internetwork.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.
Border Gateway Protocol
BGP V1.1. When is BGP Applicable Basic BGP Peer Configuration Troubleshooting BGP Connections BGP Operation and Path Attributes Route Import/Export Selected.
Distance Vector Routing Protocols Routing Protocols and Concepts Lecture Week 4.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition
Network Security1 Secure Routing Source: Ch. 4 of Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education.
OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing.
ICMPv6 Error Message Types Informational Message Types.
Semester 2v2 Chapter 8: IP Addressing. Describe how IP addressing is important in routing. IP addresses are specified in 32-bit dotted-decimal format.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Outbound Route Filtering.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Understanding BGP Path Attributes.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
BGP and ICMP. Exterior Gateway Protocol (EGP) Like RIP, but no metrics. Just if reachable. Rtr inside a domain collects reachability information and informs.
4: DataLink Layer1 Hubs r Physical Layer devices: essentially repeaters operating at bit levels: repeat received bits on one interface to all other interfaces.
BGP Basics BGP uses TCP (port 179) BGP Established unicast-based connection to each of its BGP- speaking peers. BGP allowing the TCP layer to handle such.
Route Selection Using Attributes
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
Redistribution of Cooperative Filtering Information draft-py-idr-redisfilter-01.txt Michel Py, L3T Jeroen Massar, SixXS Rob Thomas, Team Cymru William.
Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
COMPUTER NETWORKS CS610 Lecture-30 Hammad Khalid Khan.
ROUTING ON THE INTERNET COSC Jun-16. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.
RIP v1– Routing Information Protocol RIP Versions –RIP v1 (original version, Doyle ch 5) –RIP v2 (improved version, Doyle ch 7) Simple distance-vector.
RIP.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
CCNA 3 Chapter 3 Single-Area OSPF
Connecting an Enterprise Network to an ISP Network
Connecting an Enterprise Network to an ISP Network
BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.
Prepared By : Pina Chhatrala
BGP (cont) 1. BGP Peering 2. BGP Attributes
Chapter 4 Data Link Layer Switching
Network Fundamentals – Chapter 5
BGP supplement Abhigyan Sharma.
Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.
Cours BGP-MPLS-IPV6-QOS
John Scudder October 24, 2000 BGP Update John Scudder October 24, 2000.
– Chapter 4 – Secure Routing
Computer Networks Protocols
Presentation transcript:

Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66

Packet Filtering vs. Routing Filtering Packet filtering –Applied to network layer packets being forwarded –Based on IP and transport header usually –Out of scope of this document Routing filtering –Applied to routing packet being sent or received –Based on routing protocol along with other protocols –Fit in the scope of this document

Filters for External Routing Protocols Current implementation –Applied to both sent and received routing packets on per- interface basis –Outbound Route Filter (ORF), whether and which ORF, on per- interface basis –Limit the scope of route redistribution between different routing protocols Filtering Criteria –Specific route prefixes –Maximum length of route prefixes –Maximum number of route prefixes received –AS_PATH –BGP community and extended community

Filters for IGP Areas IGP requires same view of the topology within an area –Route should be flooded unchanged –Infeasible to implement filtering within an area Filtering between IGP areas –Router may provide the option to filter routing between IGP areas –Caution: the routing filtering may results in some address unreachable

Filters by TTL Accept packets from only immediate neighbor –TTL spoofing is supposed impossible –Most routing packets originate from immediate neighbor –TTL is 255 if the neighbor sets the default 255 Note: not applicable to Multi-hop IBGP

Route Flap Dampening Route flap is bad –How about route flap dampening? Configurable –Timer –Could be turned off »

Routing Authentication Key must be configurable on router System transition from one key to another based on system time Stronger algorithms than MD5 –Rescorla-Bellovin analysis Preferable key distribution/update mechanism Note: current routing protocol specification (standard track) on authentication is too weak to meet security requirement

What is the next step? Adopted as a working group document?

Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.