Hardened Network Implementation & Simulation. Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work.

Slides:



Advertisements
Similar presentations
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
Route Optimisation RD-CSY3021.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Security Firewall Firewall design principle. Firewall Characteristics.
1 Routing Simulations – Zebra Routing Software Eric Ciocca Dimitris Zacharopoulos.
Chapter 5 – TCP/IP: Routing – Part 2 Dr. V.T. Raja Oregon State University.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Chapter 5 – TCP/IP: Part 4 Dr. V.T. Raja Oregon State University.
Chapter 5 – TCP/IP: Routing – Part 2 Dr. V.T. Raja Oregon State University.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
1 MPLS Architecture. 2 MPLS Network Model MPLS LSR = Label Switched Router LER = Label Edge Router LER LSR LER LSR IP MPLS IP Internet LSR.
Lecture 8 Modeling & Simulation of Communication Networks.
– Chapter 4 – Secure Routing
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Communications Recap Duncan Smeed. Introduction 1-2 Chapter 1: Introduction Our goal: get “feel” and terminology more depth, detail later in course.
Routing and Routing Protocols Routing Protocols Overview.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.
4: Network Layer4a-1 Hierarchical Routing r aggregate routers into regions, “autonomous systems” (AS) r routers in same AS run same routing protocol m.
Dynamic Routing Protocols Why Dynamic Routing Protocols? –Each router acts independently, based on information in its router forwarding table –Dynamic.
Inter-domain Routing Simulation by SSFNet Wang Lijun Tsinghua University Jul 3, 2006.
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
1 TCP/IP Internetting ä Subnet layer ä Links stations on same subnet ä Often IEEE LAN standards ä PPP for telephone connections ä TCP/IP specifies.
Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.
1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.
1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.
1 Week 5 Lecture 2 IP Layer. 2 Network layer functions transport packet from sending to receiving hosts transport packet from sending to receiving hosts.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Network Layer Network Fundamentals – Chapter 5.
Network Layer4-1 Datagram networks r no call setup at network layer r routers: no state about end-to-end connections m no network-level concept of “connection”
Basic Routing Principles V1.2. Objectives Understand the function of router Know the basic conception in routing Know the working principle of router.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
Transport Layer3-1 Network Layer Every man dies. Not every man really lives.
Routing Algorithms and IP Addressing Routing Algorithms must be ▪ Correctness ▪ Simplicity ▪ Robustness ▪ Stability ▪ Fairness ▪ Optimality.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
Chapter 25 Internet Routing. Static Routing manually configured routes that do not change Used by hosts whose routing table contains one static route.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—1-1 Planning Routing Services Lab 1-1 Debrief.
TCP/IP (Routing). Content DHCP And Mobile IP Internet Routing Protocol RIP (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border.
Border Gateway Protocol. Intra-AS v.s. Inter-AS Intra-AS Inter-AS.
Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.
Assignment 1  Chapter 1:  Question 11  Question 13  Question 14  Question 33  Question 34  Chapter 2:  Question 6  Question 39  Chapter 3: 
1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.
Craig Koorn Supervisors: Barry Irwin Alan Herbert
CS 457 – Lecture 12 Routing Spring 2012.
Chapter 5 The Network Layer.
Working at a Small-to-Medium Business or ISP – Chapter 6
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Introduction An introduction to the software and organization of the Internet Lab.
An introduction to the organization of the Internet Lab
CHAPTER 10.
Delivery and Routing of IP Packets
Wide Area Networks and Internet CT1403
After 3.2 Revised
ECE453 – Introduction to Computer Networks
COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.
Routing Fundamentals and Subnets
An introduction to the organization of the Internet Lab
Network Fundamentals – Chapter 5
Chapter 4: Network Layer
Figure 6.11 Configuration for Example 4
Internet protocol stack
OSPF Protocol.
Presentation transcript:

Hardened Network Implementation & Simulation

Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work

HBGP  A Protocol used to propagate Hardened Network information An extension to BGP4 Hardened AS Path Keep the last and next Hardened Network information in the routing table

Implementation of HBGP  GateD Open-source routing protocol development platform Model the operations of a human-configurable routers

Implementation of HBGP  Modifications to GateD aspath_format aspath_attr BGP_send_update BGP_receive_update rt_add rt_change if_rtup bgp_syn_rt_change

Implementation of HBGP  Status: Hardened Network information has been propagated correctly Modification to Routing table has been finished and under testing and debugging

Simulation on SSFnet  SSFnet Open-source Java/C++ Internet model and simulation Protocols: IP, TCP, UDP, BGP4, OSPF, and others network elements: hosts, routers, links, LANs

Simulation on SSFnet  Modification on SSFnet BGP package Constructing Hardened AS Path information Parsing Hardened AS Path information Routing table package Inserting last and next Hardened ASes information IP package Retrieving last Hardened AS Encrypting/decrypting Gathering information

Simulation on SSFnet Controller Analysis information Setting up the normal pattern Detecting attack Responding to abnormal behavior Restoring the traffic

Simulation Configuration

Simulated Performance (RC4) TABLE 1. HARDEN-BACKBONE-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 2 routers routers routers routers routers routers routers routers routers TABLE 4. HARDEN-END-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers routers routers routers routers routers routers routers

Simulated Performance (BLOWFISH) TABLE 2. HARDEN-BACKBONE-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time (S.) Overhead (S.) 2 routers routers routers routers routers routers routers routers routers TABLE 5. HARDEN-END-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers routers routers routers routers routers routers routers

Simulated Performance (DES) TABLE 3. HARDEN-BACKBONE-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time S.) Overhead (S.) 2 routers routers routers routers routers routers routers routers routers TABLE 6. HARDEN-END-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers routers routers routers routers routers routers routers

Comparison of Performance Figure 7. Overhead Comparison of 8-router packets Figure 8. Overhead Comparison of 10-router packets

Simulated Detection & Response  Hardened all the end routers  ICMP attack targeting the host in AS12  Attackers are distributed over the three subnets

Simulated Detection & Response Fig. 6 Traffic Pattern at Router at AS12

Simulated Detection & Response  Hardened the core routers  ICMP attack targeting the host at AS12  Attacker also are distributed over the three subnets

Simulated Detection & Response Fig. 7 Traffic Pattern at Router 1 of AS1

Future Work  Implementation Hardened AS Controller Key exchange Encryption/Decryption in IP forwarding

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.