Presentation is loading. Please wait.

Presentation is loading. Please wait.

Migratory ASs Sandra Murphy

Published by锻充 姚 Modified over 7 years ago

Similar presentations

Presentation on theme: "Migratory ASs Sandra Murphy "— Presentation transcript:

1 Sandra Murphy sandra.murphy@sparta.com
Migratory ASs Sandra Murphy sponsored by DHS under an Interagency Agreement with AFRL 9 Nov 2012 SIDR IETF85 Atlanta, GA

2 How to Do That in BGPSEC 9 Nov 2012 SIDR IETF85 Atlanta, GA

3 Notation In the following, the notation means:
for the origin BGPSEC signature attribute: sig(originprefix, <target>, AS of signer, pcount) key for intermediate BGPSEC signature attributes: sig(<target>, AS of signer, pcount) key 9 Nov 2012 SIDR IETF85 Atlanta, GA

4 BEFORE MERGER 333 | ISP A' ISP A’
CE-1 <--- PE-1 < PE-2 <--- CE-2 Old_ASN: Old_ASN: CE-2 to PE-2: sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH=(400) length=sum(pcount)=1 PE-2 to 333: sig(<333>,200,sig1,pcount=1)K_200-PE2 [sig2] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH=(200,400) length=sum(pcount)=2 PE-2 to PE-1: sig(<300>,(200),sig1,pcount=1)K_200-PE2 [sig3] sig(origin(N),<200>,(400),pcount=1)K_400-CE2[sig1] PE-1 to CE-1: sig(<100>,300,sig3,pcount=1)K_300-PE1 [sig4] sig(<300>,200,sig1,pcount=1)K_200-PE2 [sig3] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH = 300,200,400 length=sum(pcount)=3 9 Nov 2012 SIDR IETF85 Atlanta, GA

5 MIGRATING 333 | ISP A' ISP A’ CE-1 <--- PE-1 < PE-2 <--- CE-2 Old_ASN: Old_ASN: New_ASN: New_ASN: 200 CE-2 to PE-2: sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(400) length=sum(pcount)=1 PE-2 to 333: sig(<333>,200,sig11,pcount=1,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(200,400) length=sum(pcount)=2 PE-2 to PE-1: sig11 PE-1 to CE-1: sig(<100>,300,pcount=1,sig12)K_300-PE1 [sig13] sig(<300>,200,pcount=0,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(300,400) length=sum(pcount)=2 (length is NOT 3) 9 Nov 2012 SIDR IETF85 Atlanta, GA

6 MIGRATING Note that PE-1 is adding two signatures to the list.
333 | ISP A' ISP A’ CE-1 ---> PE > PE-2 ---> CE-2 Old_ASN: Old_ASN: New_ASN: New_ASN: 200 PE-1 to CE-1: sig(<100>,300,pcount=1,sig12)K_300-PE1 [sig13] sig(<300>,200,pcount=0,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(300,400) length=sum(pcount)=2 (length is NOT 3) Note that PE-1 is adding two signatures to the list. It is as if PE-1 had an AS hop internally. NOTE: “AS IF” PE-1 adds sig12 and sig13. sig12 is added as if PE-1 is AS200 and adds the pcount=0. sig13 is added as if PE-1 is AS300. So “AS300” authorizes “AS200” to add the pcount=0. Note that the neighbor of the AS that adds pcount=0 is the one authorizing – further ASs can not check the authorization. (For original route server motivation, neighbor is authority.) 9 Nov 2012 SIDR IETF85 Atlanta, GA

7 MIGRATING in Other Direction – Alternative 1
333 | ISP A' ISP A’ CE-1 ---> PE > PE-2 ---> CE-2 Old_ASN: Old_ASN: New_ASN: New_ASN: 200 CE-1 to PE-1: sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(100) length=sum(pcount)=1 PE-1 to PE-2: sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(300,100) length=sum(pcount)=1 PE-2 to CE-2: sig(<400>,200,pcount=1,sig22)K_200-PE2 [sig23] sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(200,300,100) length=sum(pcount)=2 9 Nov 2012 SIDR IETF85 Atlanta, GA

8 MIGRATING in Other Direction – Alternative 1
333 | ISP A' ISP A’ CE-1 ---> PE > PE-2 ---> CE-2 Old_ASN: Old_ASN: New_ASN: New_ASN: 200 PE-1 to PE-2: sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(300,100) length=sum(pcount)=1 (PE-2 authorizes PE-1 to use pcount=0) PE-1 is the one doing the migration, so it makes sense that it is the one that has to take special action. but this is an ibgp session and not normal to be adding bgpsec attrb on ibgp session. Again, this is working as if there was a ebgp hop internal to PE1, at least as far as the bgpsec attributes are computed 9 Nov 2012 SIDR IETF85 Atlanta, GA

9 Discussion In BGP, this is a non-spec vendor knob
There’s work presented to idr to make a standard way to do this (make vendor knobs consistent) Presuming this proves to work Do we consider this as advice to vendors making bgpsec versions of their knobs? Do we make this part of the bgpsec protocol? (If idr makes this standard, then obviously it should be part of bgpsec protocol.) 9 Nov 2012 SIDR IETF85 Atlanta, GA

Download ppt "Migratory ASs Sandra Murphy "

Similar presentations

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.
Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?

Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?
CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.

CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.
1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
ISP 7 AS 7 ISP 5 AS 5ISP 3 AS 3 ISP 1 AS 1 peer ISP 9 AS 9 peer.

ISP 7 AS 7 ISP 5 AS 5ISP 3 AS 3 ISP 1 AS 1 peer ISP 9 AS 9 peer.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
CS 672 1 Summer 2003 Quiz 1 A1) IGP (IS-IS, OSPF) BGP A2) Stub Transit. because it is adverting AS2’s routes to AS1 and vice versa. A3) Traffic discarded.

CS Summer 2003 Quiz 1 A1) IGP (IS-IS, OSPF) BGP A2) Stub Transit. because it is adverting AS2’s routes to AS1 and vice versa. A3) Traffic discarded.
R OUTING IN THE INTERNET. A UTONOMOUS SYSTEM ( AS ) Collections of routers that has the same protocol, administative and technical control Intra-AS routing.

R OUTING IN THE INTERNET. A UTONOMOUS SYSTEM ( AS ) Collections of routers that has the same protocol, administative and technical control Intra-AS routing.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP AS AN MVPN PE-CE Protocol draft-keyupate-l3vpn-mvpn-pe-ce-00 Keyur Patel,

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP AS AN MVPN PE-CE Protocol draft-keyupate-l3vpn-mvpn-pe-ce-00 Keyur Patel,
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
© Janice Regan, CMPT 128, 2007-2012 0 CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
Scaling iBGP. BGP iBGP –Internal BGP –BGP peering between routers in same AS –Goal: get routes from a border router to another border router without losing.

Scaling iBGP. BGP iBGP –Internal BGP –BGP peering between routers in same AS –Goal: get routes from a border router to another border router without losing.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

Similar presentations

Ads by Google