10-04-2017, 09:09 PM
[attachment=4514]
This article is presented by:
Zhenhai Duan, Xin Yuan
Department of Computer Science
Florida State University.
Jaideep Chandrashekar
Department of Computer Science
University of Minnesota
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates
Route based packet filtering [K. Park, SIGCOMM 2001]
One can fake the identity, but not the route.
A router can decide whether it is in the path from the source to the destination and drop packets that are not supposed to be there.
Route based packet filtering Requirement:
The router must know the route between any pair of source and destination addresses.
Global topology information
Not available in BGP.
Is it possible to build route based packet filters from BGP updates?
If it is possible, what is the performance?
BGP:
Autonomous Systems (ASes) are the basic units
The network can be modeled as an AS graph
Nodes are ASes and edges are BGP sessions
Nodes own network prefixes and exchange BGP route updates to learn the reachability of prefixes
Attributes associated with routes: AS path, prefix.
Policy based routing:
Import
Route selection
Export
BGP:
Routing policies are usually decided by the AS relation
Provider-customer
Peer-peer
Sibling-sibling
One can fake the identity, but not the route.
A router can decide whether it is in the path from the source to the destination and drop packets that are not supposed to be there.
Route based packet filtering Requirement:
The router must know the route between any pair of source and destination addresses.
Global topology information
Not available in BGP.
Is it possible to build route based packet filters from BGP updates?
If it is possible, what is the performance?
BGP:
Autonomous Systems (ASes) are the basic units
The network can be modeled as an AS graph
Nodes are ASes and edges are BGP sessions
Nodes own network prefixes and exchange BGP route updates to learn the reachability of prefixes
Attributes associated with routes: AS path, prefix.
Policy based routing:
Import
Route selection
Export
BGP:
Routing policies are usually decided by the AS relation
Provider-customer
Peer-peer
Sibling-sibling