Network Security: Routing security. Aapo Kalliola T Network security Aalto University, Nov-Dec 2012
|
|
- Gilbert Bruce
- 5 years ago
- Views:
Transcription
1 Network Security: Routing security Aapo Kalliola T Network security Aalto University, Nov-Dec 2012
2 Outline 1. Structure of internet 2. Routing basics 3. Security issues 4. Attack 5. Solutions (?) 6. Censorship and avoidance 7. Case studies 2
3 Couldn t routing be trivial? Explosive growth is taxing current Internet routing mechanisms. New sites continue to join the Internet In some sense, the Internet is a victim of its own success; many routing protocols are being used in environments for which they had not been designed. - Thomas Narten, Internet routing,
4 Routing basics 4
5 Internet (?) 5
6 Internet, late 1980s Hosts, networks and gateways N1 G1 N2 G3 N3 H1 G5 G2 G4 H3 N4 G6 N5 H3 6
7 Hierarchical structure Internet, 1990s National backbone Regional access providers NAP NAP Local access providers ISP Cust. IP networks 7
8 Rise of hyper giants Internet 2000s Global core National backbone Google, CDNs etc. IXP IXP IXP Regional / Tier 2 providers ISP ISP Cust. IP networks 8 8
9 Internet 2010s Rise of IXPs National backbone Google, CDNs etc. Huge traffic IXP IXP IXP ISP ISP Cust. IP networks 9 9
10 What routing where? Interior Gateway Protocols (IGP) within an Autonomous System (AS) Exterior Gateway Protocols (EGP) between AS EGP can also refer to the precursor of BGP Border Gateway Protocol (BGP) is, in practise, the only EGP in use IGP / IGP BGP IGP BGP IGP End host Customer network ISP IXP Backbone 10
11 Routing in and between Autonomous Systems (Ases) Tens of thousands of ASes Hundreds of thousands of BGP prefixes AS(path) network prefixes, basically /16 Internally motivated by efficiency Externally motivated by Link costs Transmission capacity Load Policy decisions 11
12 BGP prefix numbers increasing (Team cymru global BGP prefix count, November 2013) 12
13 Interior gateway protocols IGPs exchange routing information within an AS Link-state protocols maintain information about the whole network topology Open Shortest Path First (OSPF) Intermediate System to Intermediate System (IS-IS) Distance-vector protocols converge over time to common understanding of paths RIP / RIPv2 IGRP Hybrid protocols have features from both E-IGRP 13
14 Border gateway protocol BGP is the procol for making routing decisions between ASes Routing decisions are not made by automation but rather by commercial interests Two main types of relations: Peering exchanging traffic freely between peers Transit smaller AS buying data transit from larger AS 14
15 BGP Design goals Scalability for connecting AS on internet scale Enabling policy decisions such as filtering route announcements Must work in a distributed competitive environment (vs. early centralized internet) Two types of BGP sessions ebgp for routers from different ASes Route information exchange between ASes ibgp for routers within AS Disseminating information about learned external routes within AS 15
16 How routes are distributed AS may be in three relations to another AS: Peer Customer Provider Typical model, not always so: Routes from customers are re-distributed to customers, peers and providers Peer-learned routes are re-distributed to customers but not to other peers nor to providers Provider-learned routes are re-distributed to customers, but not to other providers, nor to any peers 16
17 BGP (cont.) Data plane in green: host to host traffic Control plane in blue: BGP route information Both BGP and data flows need to work in reverse for two-way communication Reverse path doesn t need to be the same, though AS7 AS1 AS2 AS5 H2 AS4 AS6 H1 17
18 BGP leak/hijack Another AS claims to have a better route to a certain network Reverse direction doesn t need to be hijacked unless the attacker wants to do a MitM attack AS7 AS1 AS2 AS5 H2 AS4 AS6 H1 H3 18
19 How an AS is created Apply for an AS number from local Regional Internet Registry Get a connection to an IXP Could also just use a normal ISP -> waste of AS numbers Get transit or peering from another AS -> you re on! 19
20 Security issues in routing 20
21 Attacks on BGP outside Link cutting Physical Logical DoS Attacks using data plane Clever use of data plane DDoS to cut BGP connections 21
22 CXPST CXPST is an extension of previous low-rate TCP attack work on DDoSing big routers Ingredients: medium botnet ( bots) Internet structure recoinnassance Good timing Overwhelm one router at a time Router drops its BGP connections When the router is re-establishing BGP connections, target the neighbours Could theoretically take down large parts of internet 22
23 Attacks on BGP inside Attacks on control plane Route leaks Route hijacks Man-in-the-Middle Tricky but possible Possible to find attacker AS, though not trivial 23
24 How to get inside? Set up a throw-away AS Use false information and stolen credit cards Establish transit/peering No need to have many connections Advertise malicious routes Profit!! (or whatever you want to do with the traffic you get) Leave the AS untended 24
25 Route leaking / hijacking Route leaking Accidental by definition AS_x has multiple links to other Ases AS_x gets complete internet route announcement set from its provider AS_x accidentally announces the set through another AS link This wrong annoucement gets propagated -> all traffic from affected ASes goes to AS_x Route hijacking Malicious by definition AS_x announces a very good path to the target network ASes receiving the annoucement prefer this path and route directed to target to AS_x -> traffic directed to attack target from affected ASes gets intercepted by AS_x Could be indistinguishable from each other 25
26 BGP Man-in-the-Middle Traceroute & plan reply path to target Note the ASN s seen towards target from traceroute & BGP table on your router Apply as-path prepends naming each of the ASN s intended for reply path Set up static routes towards the next hop of the first AS in reply path -> done 26
27 Case from Nov
28 Attacks
29 Traffic snooping Comprehensive traffic recording? This might already be going on without need for BGP attacks Popularization of IXPs? A few people operate the SIX with a few Cisco switches in a rack. Essentially every major carrier and service provider now connects to the SIX.. Not really indicative of any real problem with IXPs, just that there are many different parties involved in getting a data packet from source to destination 29
30 MITM for all traffic Traffic spoofing Can also modify, possibly without detection Total interception Faked replies Censorship purposes Dropping / reseting / redirecting replies 30
31 Other Spamming (fly-by) Capture a network that hasn t been used for malicious activity Send spam from the network Network gets blocked Repeat DoS Capture the target network Drop the incoming traffic Target impersonation Capture the target network Reply to incoming traffic with valid responses of your own Attacking the routers themselves Default passwords 31
32 How to react? Analysis of what is happening Where the attack originates Malicious vs. Accidental Malicious attacks difficult to stop Must get several ASes to cooperate in filtering out the offending route announcements Accidents fixed by informing the origin of the erronous traffic -> fixes in minutes, usually After origin is fixed the global routing state corrects itself Complete correction might take a long time: hours/days 32
33 Solutions (?) 33
34 Sanity checks Maximum number of routes accepted from a neighbouring AS Helps against accidental all-of-internet here route leaks Not accepting too specific routes /22 probably ok, /32 suspicious Cutting BGP sessions that clearly advertise erronous routes Might cause even worse problems 34
35 Origin authentication An AS gets a crypto certificate from its RIR containing its network and AS number It s possibly to verify AS identity using Resource Public Key Infrastructure (RPKI) Additional overhead Many routers don t support RPKI 35
36 Secure Origin BGP Certificate-based system, backed by Cisco Options for transporting certificates by various means Even on data plane Tweaking routes by accepting some and denying some possible 36
37 S-BGP Certificate-based system, somewhat similar to sobgp Requires PKI Provides path verification and point-to-point security between routers (IPSec) Authorization for both advertising ownership of a network and for advertising being part of a route 37
38 Data-plane verification Requires functionality on both control and data plane In addition to doing normal BGP operation check for data plane reachability problems Works for blackholing, accidents and stale routes Does not require PKI infrastructure Overhead! 38
39 Counterpoint 1/3 Partial adoption of secured BGP may actually decrease the overall security of a network! BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?. Lychev et al., SIGCOMM gcomm/p171.pdf 39
40 P/S P/S P/S P/S P/S Counterpoint 2/3 W X offers the shorter path? Y Z X V? Shorter path! prefix D M 40
41 P/S P/S P/S P/S P/S P/S Counterpoint 3/3 Y experiences collateral damage because X is secure! W W offers the shorter path!? Y Z X V? prefix D M 41
42 Censorship and avoidance 42
43 Does snooping filtering Great firewall of China DNS injection Also tries to prevent accessing foreign proxies for free internet access Unwittingly also affects also traffic transiting through China For instance German subnets have received censored DNS replies Hopefully fixed since published fall
44 Decoy Routing Setup routers with special functionality randomly around the internet Censored end host apparently try to access allowed content A special router is on path to allowed content The special router recognizes the end host are routes request to censored content Censored content origin is faked to look like allowed content origin Censored end host receives the censored content 44
45 Problems in previous proposal The special routers need to be on the traffic path Number of routers required already quite high.... especially if the censor has lots of connections If the censor is capable of modifying routing Interconnectivity way too high to deploy enough routers Nation-wide censorship usually is routing-capable 45
46 More case studies 46
47 AS 7007 incident, where the BGP worries started AS 7007 started leaking a large part of complete route table -> Much of traffic in internet blackholed Took priority in BGP due to chopping announced networks to /24 blocks BGP cleanup took quite a while 47
48 ICANN DNS root server L, 2008 ICANN moved root server L to a new IP address Regardless, the old IP kept responding to DNS requests 48
49 Pakistan blocking Youtube, 2008 Country-internal blocking by leaked to the whole internet 49
50 China Telecom 2010 China leaked routes and captures a significant portion of internet traffic for some minutes 50
51 30 mins Australia outage, 2012 Filtering failure leading to route leakage leading to BGP session kill due to maximum prefix limiting 51
52 Summary Logical structure of internet is a function of commercial interests and geography Internet routing is largely based on trust and correct operation Don t blindly trust internet routing Good practises help! 52
53 BGP Man-in-the-Middle Further reading presentations/defcon-16-pilosov-kapela.pdf China's 18-Minute Mystery How the Internet in Australia went down under How Secure are Secure Interdomain Routing Protocols? 53
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationRouting Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols
Routing Basics 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 Addresses are 32 bits long Range from 1.0.0.0 to 223.255.255.255 0.0.0.0
More informationCS 43: Computer Networks. 24: Internet Routing November 19, 2018
CS 43: Computer Networks 24: Internet Routing November 19, 2018 Last Class Link State + Fast convergence (reacts to events quickly) + Small window of inconsistency Distance Vector + + Distributed (small
More informationRouting Basics. ISP Workshops. Last updated 10 th December 2015
Routing Basics ISP Workshops Last updated 10 th December 2015 1 Routing Concepts p IPv4 & IPv6 p Routing p Forwarding p Some definitions p Policy options p Routing Protocols 2 IPv4 p Internet still uses
More informationInternet Routing : Fundamentals of Computer Networks Bill Nace
Internet Routing 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Looking Ahead Lab #2 just due Quiz #2
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationTop-Down Network Design
Top-Down Network Design Chapter Seven Selecting Switching and Routing Protocols Original slides by Cisco Press & Priscilla Oppenheimer Selection Criteria for Switching and Routing Protocols Network traffic
More informationRouting Basics. Campus Network Design & Operations Workshop
Routing Basics Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationCSCD 433/533 Network Programming Fall Lecture 14 Global Address Space Autonomous Systems, BGP Protocol Routing
CSCD 433/533 Network Programming Fall 2012 Lecture 14 Global Address Space Autonomous Systems, BGP Protocol Routing 1 Topics Interdomain Routing BGP Interdomain Routing Benefits vs. Link State Routing
More informationCS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017
CS 43: Computer Networks Internet Routing Kevin Webb Swarthmore College November 16, 2017 1 Hierarchical routing Our routing study thus far - idealization all routers identical network flat not true in
More informationRouting Basics. Routing Concepts. IPv4. IPv4 address format. A day in a life of a router. What does a router do? IPv4 Routing
Routing Concepts IPv4 Routing Routing Basics ISP/IXP Workshops Forwarding Some definitions Policy options Routing Protocols 1 2 IPv4 IPv4 address format Internet uses IPv4 addresses are 32 bits long range
More informationRouting Basics. ISP Workshops
Routing Basics ISP Workshops These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated 26
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationIntroduction to Computer Networks
Introduction to Computer Networks Tian Song ( 嵩天 ), Ph.D., Assoc. Prof. songtian@bit.edu.cn Introduction to Computer Networks ICMP, ARP, DHCP, OSPF, BGP Tian Song ( 嵩天 ), Ph.D., Assoc. Prof. songtian@bit.edu.cn
More informationBack to basics J. Addressing is the key! Application (HTTP, DNS, FTP) Application (HTTP, DNS, FTP) Transport. Transport (TCP/UDP) Internet (IPv4/IPv6)
Routing Basics Back to basics J Application Presentation Application (HTTP, DNS, FTP) Data Application (HTTP, DNS, FTP) Session Transport Transport (TCP/UDP) E2E connectivity (app-to-app) Port numbers
More informationTop-Down Network Design, Ch. 7: Selecting Switching and Routing Protocols. Top-Down Network Design. Selecting Switching and Routing Protocols
Top-Down Network Design Chapter Seven Selecting Switching and Routing Protocols Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Switching 2 Page 1 Objectives MAC address table Describe the features
More informationIntroduction. Keith Barker, CCIE #6783. YouTube - Keith6783.
Understanding, Implementing and troubleshooting BGP 01 Introduction http:// Instructor Introduction Keith Barker, CCIE #6783 CCIE Routing and Switching 2001 CCIE Security 2003 kbarker@ine.com YouTube -
More informationCS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal
CS4450 Computer Networks: Architecture and Protocols Lecture 15 BGP Spring 2018 Rachit Agarwal Autonomous System (AS) or Domain Region of a network under a single administrative entity Border Routers Interior
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Administrivia Midterm moved up from 3/17 to 3/15 IP
More informationInter-Domain Routing: BGP
Inter-Domain Routing: BGP Richard T. B. Ma School of Computing National University of Singapore CS 3103: Compute Networks and Protocols Inter-Domain Routing Internet is a network of networks Hierarchy
More informationCS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 14, 2013
CS 43: Computer Networks Internet Routing Kevin Webb Swarthmore College November 14, 2013 1 Reading Quiz Hierarchical routing Our routing study thus far - idealization all routers identical network flat
More informationCOMP/ELEC 429 Introduction to Computer Networks
COMP/ELEC 429 Introduction to Computer Networks Lecture 11: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at
More informationCS4700/CS5700 Fundamentals of Computer Networks
CS4700/CS5700 Fundamentals of Computer Networks Lecture 12: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang Alan Mislove amislove at ccs.neu.edu
More informationCSCI Topics: Internet Programming Fall 2008
CSCI 491-01 Topics: Internet Programming Fall 2008 Network Layer Derek Leonard Hendrix College November 17, 2008 Original slides copyright 1996-2007 J.F Kurose and K.W. Ross 1 Chapter 4: Roadmap 4.1 Introduction
More informationSmall additions by Dr. Enis Karaarslan, Purdue - Aaron Jarvis (Network Engineer)
Routing Basics 1 Small additions by Dr. Enis Karaarslan, 2014 Purdue - Aaron Jarvis (Network Engineer) Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 3 IPv4
More informationInternet Routing Protocols Lecture 01 & 02
Internet Routing Protocols Lecture 01 & 02 Advanced Systems Topics Lent Term, 2010 Timothy G. Griffin Computer Lab Cambridge UK Internet Routing Outline Lecture 1 : Inter-domain routing architecture, the
More informationUnit 3: Dynamic Routing
Unit 3: Dynamic Routing Basic Routing The term routing refers to taking a packet from one device and sending it through the network to another device on a different network. Routers don t really care about
More informationRouting Basics. SANOG July, 2017 Gurgaon, INDIA
Routing Basics SANOG 30 14-18 July, 2017 Gurgaon, INDIA Back to basics J Application Presentation Application (HTTP, DNS, FTP) Data Application (HTTP, DNS, FTP) Session Transport Transport (TCP/UDP) E2E
More informationCS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016
CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of the Internet in 1990 The Global Internet (And Now) A simple multi-provider Internet 1 The Global Internet Some
More informationLecture 19: Network Layer Routing in the Internet
Lecture 19: Network Layer Routing in the Internet COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition: 1996-2016, J.F
More informationCSE/EE 461 Lecture 11. Inter-domain Routing. This Lecture. Structure of the Internet. Focus How do we make routing scale?
CSE/EE 461 Lecture 11 Inter-domain Routing This Lecture Focus How do we make routing scale? Inter-domain routing ASes and BGP Application Presentation Session Transport Network Data Link Physical sdg //
More informationCSc 450/550 Computer Networks Internet Routing
CSc 450/550 Computer Networks Internet Routing Jianping Pan Summer 2007 7/12/07 CSc 450/550 1 Review Internet Protocol (IP) IP header addressing class-based, classless, hierarchical, NAT routing algorithms
More informationModule 10 An IPv6 Internet Exchange Point
ISP/IXP Networking Workshop Lab Module 10 An IPv6 Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 1 to 4, and the Exchange
More information6.829 BGP Recitation. Rob Beverly September 29, Addressing and Assignment
6.829 BGP Recitation Rob Beverly September 29, 2006 Addressing and Assignment 1 Area-Routing Review Why does Internet Scale? Hierarchical Addressing How are addresses assigned? Classfull
More informationWhy dynamic route? (1)
Routing Why dynamic route? (1) Static route is ok only when Network is small There is a single connection point to other network No redundant route 2 Why dynamic route? (2) Dynamic Routing Routers update
More informationLecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011
Lecture 4: Intradomain Routing CS 598: Advanced Internetworking Matthew Caesar February 1, 011 1 Robert. How can routers find paths? Robert s local DNS server 10.1.8.7 A 10.1.0.0/16 10.1.0.1 Routing Table
More informationLink State Routing & Inter-Domain Routing
Link State Routing & Inter-Domain Routing CS640, 2015-02-26 Announcements Assignment #2 is due Tuesday Overview Link state routing Internet structure Border Gateway Protocol (BGP) Path vector routing Inter
More informationInter-Domain Routing: BGP
Inter-Domain Routing: BGP Brad Karp UCL Computer Science (drawn mostly from lecture notes by Hari Balakrishnan and Nick Feamster, MIT) CS 3035/GZ01 4 th December 2014 Outline Context: Inter-Domain Routing
More informationCS 640: Introduction to Computer Networks. Intra-domain routing. Inter-domain Routing: Hierarchy. Aditya Akella
CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing - BGP (Border Gateway Protocol) Intra-domain routing The Story So Far Routing protocols generate the forwarding
More informationInternet Routing Basics
Internet Routing Basics Back to basics J Application Presentation Application (HTTP, DNS, FTP) Data Application (HTTP, DNS, FTP) Session Transport Transport (TCP/UDP) E2E connectivity (app-to-app) Port
More informationPART III. Implementing Inter-Network Relationships with BGP
PART III Implementing Inter-Network Relationships with BGP ICNP 2002 Routing Protocols Autonomous System BGP-4 BGP = Border Gateway Protocol Is a Policy-Based routing protocol Is the de facto EGP of today
More informationHierarchical Routing. Our routing study thus far - idealization all routers identical network flat not true in practice
Hierarchical Routing Our routing study thus far - idealization all routers identical network flat not true in practice scale: with 200 million destinations: can t store all destinations in routing tables!
More informationCS 268: Computer Networking
CS 268: Computer Networking L-3 BGP Outline BGP ASes, Policies BGP Attributes BGP Path Selection ibgp 2 1 Autonomous Systems (ASes) Autonomous Routing Domain Glued together by a common administration,
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department of Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Stephan Günther
More informationInter-domain Routing. Outline. Border Gateway Protocol
Inter-domain Routing Outline Border Gateway Protocol Internet Structure Original idea CS 640 2 Internet Structure Today CS 640 3 Route Propagation in the Internet Autonomous System (AS) corresponds to
More informationCS519: Computer Networks. Lecture 4, Part 5: Mar 1, 2004 Internet Routing:
: Computer Networks Lecture 4, Part 5: Mar 1, 2004 Internet Routing: AS s, igp, and BGP As we said earlier, the Internet is composed of Autonomous Systems (ASs) Where each AS is a set of routers, links,
More informationSecuring BGP. Geoff Huston November 2007
Securing BGP Geoff Huston November 2007 Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions An Introduction to BGP Background to Internet Routing The routing architecture
More informationInitial motivation: 32-bit address space soon to be completely allocated. Additional motivation:
IPv6 Initial motivation: 32-bit address space soon to be completely allocated. Additional motivation: header format helps speed processing/forwarding header changes to facilitate QoS IPv6 datagram format:
More informationModule 16 An Internet Exchange Point
ISP Workshop Lab Module 16 An Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 12 and 13, and the Exchange Points Presentation
More informationRouting(2) Inter-domain Routing
Routing(2) Inter-domain Routing Information Network I Youki Kadobayashi 1 Outline! Distance vector routing! Link state routing! IGP and EGP Intra-domain routing protocol, inter-domain routing protocol!
More informationAccurate Real-time Identification of IP Hijacking. Presented by Jacky Mak
Accurate Real-time Identification of IP Hijacking Presented by Jacky Mak Outline Problem and Objectives Interdomain Routing and BGP Basics Attack Model of IP Hijacking Real-time Detection Techniques Implementation
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Jannotti Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationNetwork Layer (Routing)
Network Layer (Routing) Border Gateway Protocol Structure of the Internet Networks (ISPs, CDNs, etc.) group with IP prefixes Networks are richly interconnected, often using IXPs Prefix E1 Net E IXP Prefix
More informationRouting Security We can do better!
Routing Security We can do better! And how MANRS can help Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 90 60 Hijack Leak 30 0 1/5/17 1/16/17 1/27/17
More informationInternet Infrastructure
Internet Infrastructure Internet Infrastructure Local and inter-domain routing TCP/IP for routing and messaging BGP for routing announcements Domain Name System Find IP address from symbolic name (www.cc.gatech.edu)
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationConfiguring BGP. Cisco s BGP Implementation
Configuring BGP This chapter describes how to configure Border Gateway Protocol (BGP). For a complete description of the BGP commands in this chapter, refer to the BGP s chapter of the Network Protocols
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology internet technologies and standards Piotr Gajowniczek BGP (Border Gateway Protocol) structure of the Internet Tier 1 ISP Tier 1 ISP Google
More informationInter-AS routing and BGP. Network Layer 4-1
Inter-AS routing and BGP Network Layer 4-1 Review: intra-as routing v Also known as interior gateway protocols (IGP) v Most common intra-as routing protocols: RIP: Routing Information Protocol, distance
More informationExamination. ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491
Examination ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491 Date: October 21st 2008 10:00 13:00 a) No help material is allowed
More information! Distance vector routing! Link state routing.! Path vector routing! BGP: Border Gateway Protocol! Route aggregation
! Distance vector routing! Link state routing Information Network I Youki Kadobayashi! IGP and EGP Intra-domain routing protocol, inter-domain routing protocol! Path vector routing! BGP: Border Gateway
More informationInter-Domain Routing: BGP
Inter-Domain Routing: BGP Stefano Vissicchio UCL Computer Science CS 3035/GZ01 Agenda We study how to route over the Internet 1. Context The Internet, a network of networks Relationships between ASes 2.
More informationIPv6 Module 16 An IPv6 Internet Exchange Point
IPv6 Module 16 An IPv6 Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 12, 14 and 15, and the Exchange Points Presentation
More informationRouting Protocols of IGP. Koji OKAMURA Kyushu University, Japan
Routing Protocols of IGP Koji OKAMURA Kyushu University, Japan Routing Protocol AS (Autonomous System) Is operated autonomous in the organization. 6bit IGP (Interior Gateway Protocol) Routing Control inside
More informationIntroducción al RPKI (Resource Public Key Infrastructure)
Introducción al RPKI (Resource Public Key Infrastructure) Roque Gagliano rogaglia@cisco.com 4 Septiembre 2013 Quito, Equator 2011 Cisco and/or its affiliates. All rights reserved. 1 Review of problem to
More informationTELE 301 Network Management
TELE 301 Network Management Lecture 24: Exterior Routing and BGP Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus How routing between different
More informationInterdomain Routing Reading: Sections P&D 4.3.{3,4}
Interdomain Routing Reading: Sections P&D 4.3.{3,4} EE122: Intro to Communication Networks Fall 2006 (MW 4:00-5:30 in Donner 155) Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim http://inst.eecs.berkeley.edu/~ee122/
More informationCMSC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala October 9, 2018 (a) October 18 October 9,
CMSC 417 Computer Networks Prof. Ashok K Agrawala 2018 Ashok Agrawala October 9, 2018 (a) October 18 October 9, 2018 1 host Message, Segment, Packet, and Frame host HTTP HTTP message HTTP TCP TCP segment
More informationInternet inter-as routing: BGP
Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Obtain subnet reachability information from neighboring ASs. 2. Propagate the reachability
More informationNetwork Security - ISA 656 Routing Security
Network Security - ISA 656 Angelos Stavrou December 4, 2007 What is? What is Routing Security? History of Routing Security Why So Little Work? How is it Different? The Enemy s Goal? Bad guys play games
More informationPlanning for Information Network
Planning for Information Network Lecture 8: Network Routing Protocols Assistant Teacher Samraa Adnan Al-Asadi 1 Routing protocol features There are many ways to characterize routing protocols, including
More informationIPv6 Module 6x ibgp and Basic ebgp
IPv6 Module 6x ibgp and Basic ebgp Objective: Using IPv6, simulate four different interconnected ISP backbones using a combination of IS-IS, internal BGP, and external BGP. Topology : Figure 1 BGP AS Numbers
More informationBorder Gateway Protocol - BGP
BGP Fundamentals Border Gateway Protocol - BGP Runs over TCP (port 179) TCP connection required before BGP session Need to be reachable! Path vector routing protocol Best path selection based on path attributes
More informationRouting on the Internet. Routing on the Internet. Hierarchical Routing. Computer Networks. Lecture 17: Inter-domain Routing and BGP
Routing on the Internet Computer Networks Lecture 17: Inter-domain Routing and BGP In the beginning there was the ARPANET: route using GGP (Gateway-to-Gateway Protocol), a distance vector routing protocol
More informationOutline Computer Networking. Inter and Intra-Domain Routing. Internet s Area Hierarchy Routing hierarchy. Internet structure
Outline 15-441 15-441 Computer Networking 15-641 Lecture 10: Inter-Domain outing Border Gateway Protocol -BGP Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 outing hierarchy Internet structure
More informationChapter IV: Network Layer
Chapter IV: Network Layer UG3 Computer Communications & Networks (COMN) Myungjin Lee myungjin.lee@ed.ac.uk Slides copyright of Kurose and Ross Hierarchical routing our routing study thus far - idealization
More informationInter-Autonomous-System Routing: Border Gateway Protocol
Inter-Autonomous-System Routing: Border Gateway Protocol Antonio Carzaniga Faculty of Informatics University of Lugano June 14, 2005 Outline Hierarchical routing BGP Routing Routing Goal: each router u
More informationMutually Agreed Norms for Routing Security NAME
Mutually Agreed Norms for Routing Security NAME EMAIL The Problem A Routing Security Overview 2 Routing Incidents are Increasing In 2017 alone, 14,000 routing outages or attacks such as hijacking, leaks,
More informationLast time. Transitioning to IPv6. Routing. Tunneling. Gateways. Graph abstraction. Link-state routing. Distance-vector routing. Dijkstra's Algorithm
Last time Transitioning to IPv6 Tunneling Gateways Routing Graph abstraction Link-state routing Dijkstra's Algorithm Distance-vector routing Bellman-Ford Equation 10-1 This time Distance vector link cost
More informationCOMP211 Chapter 5 Network Layer: The Control Plane
COMP211 Chapter 5 Network Layer: The Control Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith
More informationThis appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics:
Appendix C BGP Supplement This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics: BGP Route Summarization Redistribution with IGPs Communities Route
More informationCSE 461 Interdomain routing. David Wetherall
CSE 461 Interdomain routing David Wetherall djw@cs.washington.edu Interdomain routing Focus: Routing across internetworks made up of different parties Route scaling Application Route policy Transport The
More informationRouting(2) Inter-domain Routing
Routing(2) Inter-domain Routing Information Network I Youki Kadobayashi 1 Outline Continued from previous lecture on: Distance vector routing Link state routing IGP and EGP Interior gateway protocol, Exterior
More informationICS 351: Today's plan. OSPF BGP Routing in general routing protocol comparison encapsulation network dynamics
ICS 351: Today's plan OSPF BGP Routing in general routing protocol comparison encapsulation network dynamics OSPF OSPF generally used within a single Autonomous System (AS), i.e. within an organization
More informationProfessor Yashar Ganjali Department of Computer Science University of Toronto.
Professor Yashar Ganjali Department of Computer Science University of Toronto yganjali@cs.toronto.edu http://www.cs.toronto.edu/~yganjali Announcements Don t forget the programming assignment Due: Friday
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationInternet Architecture and Experimentation
Internet Architecture and Experimentation Today l Internet architecture l Principles l Experimentation A packet switched network Modern comm. networks are packet switched Data broken into packets, packet
More informationChapter 4: outline. Network Layer 4-1
Chapter 4: outline 4.1 introduction 4.2 virtual circuit and datagram networks 4.3 what s inside a router 4.4 IP: Internet Protocol datagram format IPv4 addressing ICMP IPv6 4.5 routing algorithms link
More informationInter-Autonomous-System Routing: Border Gateway Protocol
Inter-Autonomous-System Routing: Border Gateway Protocol Antonio Carzaniga Faculty of Informatics University of Lugano December 10, 2014 Outline Hierarchical routing BGP Routing 2005 2007 Antonio Carzaniga
More informationBGP Route Hijacking - What Can Be Done Today?
BGP Route Hijacking - What Can Be Done Today? Version 1.2 Barry Raveendran Greene Principle Architect Carrier, Enterprise & Security bgreene@akamai.com @Akamai BGP - the Core Protocol that Glues all of
More informationService Provider Multihoming
BGP Traffic Engineering Previous examples dealt with loadsharing inbound traffic Of primary concern at Internet edge What about outbound traffic? Transit ISPs strive to balance traffic flows in both directions
More informationBorder Gateway Protocol
39 CHAPTER Chapter Goals Understand the purpose of the. Explain BGP attributes and their use in route selection. Examine the BGP route selection process. Introduction The (BGP) is an interautonomous system
More informationInternet Routing Protocols Lecture 03 Inter-domain Routing
Internet Routing Protocols Lecture 03 Inter-domain Routing Advanced Systems Topics Lent Term, 2008 Timothy G. Griffin Computer Lab Cambridge UK Autonomous Routing Domains A collection of physical networks
More informationCSC 4900 Computer Networks: Routing Protocols
CSC 4900 Computer Networks: Routing Protocols Professor Henry Carter Fall 2017 Last Time Link State (LS) versus Distance Vector (DV) algorithms: What are some of the differences? What is an AS? Why do
More informationInter-Domain Routing: BGP II
Inter-Domain Routing: BGP II Mark Handley UCL Computer Science CS 3035/GZ01 BGP Protocol (cont d) BGP doesn t chiefly aim to compute shortest paths (or minimize other metric, as do DV, LS) Chief purpose
More informationIP Addressing & Interdomain Routing. Next Topic
IP Addressing & Interdomain Routing Next Topic IP Addressing Hierarchy (prefixes, class A, B, C, subnets) Interdomain routing Application Presentation Session Transport Network Data Link Physical Scalability
More informationInternet Routing Protocols Tuba Saltürk
Internet Routing Protocols 15505068 Tuba Saltürk Outline Internet Routers Routing Protocol Interior Gateway Protocol (IGP) Distance- Vector Routing Protocol Routing Information Protocol (RIP) Interior
More informationLecture 16: Interdomain Routing. CSE 123: Computer Networks Stefan Savage
Lecture 16: Interdomain Routing CSE 123: Computer Networks Stefan Savage Overview Autonomous Systems Each network on the Internet has its own goals Path-vector Routing Allows scalable, informed route selection
More information