New Research Challenge: Design for Resiliency. Lixia Zhang UCLA Computer Science Dept
|
|
- Alexis Andrea Norman
- 6 years ago
- Views:
Transcription
1 New Research Challenge: Design for Resiliency Lixia Zhang UCLA Computer Science Dept November, 2003
2 The Internet Continues to Grow! More users More applications Larger traffic volume Bigger routing tables 11/12/03 2
3 Growth in size also brings Higher failure frequency, higher dynamics Q: how many routing changes per min on the Internet backbone? Q: How do different protocols interact with each other? Ever increasing system complexity Q: how many protocols implemented in a router? Q: How many new protocols being added each year? Wide range of heterogeneity r 11/12/03 3
4 Wider Ranger of heterogeneity? IP was designed to handle orders of magnitude difference in BW, delay, even losses But how about various brands of vendor products? various levels of operations expertise? various communities of users crossing all walks of the society with diverse interests and conflicting 11/12/03 4
5 Various brands of vendor products One example: UWisc offers public NTP service A month later: volume continued going up! 11/12/03 5
6 Operational challenges 20~30 years ago, this was operated by BBN network Today, this network is operated by thousands of ISPs The cause for major outages so far: Operational errors If a problem has no solution, it may not be a problem, but a fact, not to be solved, but to be coped with over time 11/12/03 6
7 But the biggest challenge Diverse interest of users malicious attacks Worms spread at higher speed Code Red took ~13 hours to spread worldwide Sapphire 10 minutes (June 03 NANOG Security BOF): as of 01 June 2003 Hacked hosts 423,262 Abused proxies 19,2608 Compromised routers 5,410 DDoS attacks through compromised hosts Attacks directly against network infrastructure 11/12/03 7
8 Wasn t the Internet designed for robustness? Yes! against physical failures Great historical papers by Paul Baran 1. On Distributed Communications Networks 2. "Some Perspectives on Networks -- Past, Present and Future Growing large >> growth in magnitude (speed, # of nodes, volume of traffic) Everything else changed too 11/12/03 8
9 "On Being the Right Size" (a short essay published by Haldane in 1928, Scaling in Biological Systems consider a giant man sixty feet high... These monsters were not only ten times as high as Christian, but ten times as wide and ten times as thick, so that their total weight was a thousand times his... Unfortunately the cross sections of their bones were only a hundred times those of Christian, so that every square inch of giant bone had to support ten times the weight borne by a square inch of human bone. 11/12/03 9
10 From Small to Big in Bio Systems A typical small animal, say a microscopic worm or rotifer, has a smooth skin through which all the oxygen it requires can soak in, a straight gut with sufficient surface to absorb its food, and a single kidney. Increase its dimensions tenfold in every direction, it will need a thousand times as much food and oxygen per day... 11/12/03 10
11 Size, Weight, Strength For every type of animal there is a most convenient size, and a large change in size inevitably carries with it a change of form. Is today s Internet "bone strong enough to carry its newly gained weight? How to make the Internet go through this change of form? 11/12/03 11
12 Up until now Functionality-Oriented Protocol Design Protocol design: minimal set of bits necessary for the intended function Explicitly enumerates all possible physical failures Node failure: fail stop Link failure: disconnect Data failures: bit error, out-of-order, loss, dup. Implicitly assumes that Every component follows the rules No faults other than physical failures listed above Experience has shown that the above list is rather incomplete 11/12/03 12
13 When unexpected faults occur? Unexpected faults system-wide failure ARPANET old distance-vector routing protocol: blackhole due to router advertising distance 0 to certain destination B ARPANET new link-state routing protocol: LSA update storm due to sequence number fault In the good old days Such unexpected faults were rare Damage was limited A 0 distance to B 11/12/03 13
14 But today Unexpected faults have become the norm rather than the exception Damage: $$$$$$$$$$$$$$$$$$$$$ 11/12/03 14
15 What should we do? DDoS attack detection and push back! Limitations of Fault-Driven Enhancements The potential space of faults/attacks is unlimited After each enhancement, infinite set of unexpected faults still remain that can disable the system. 11/12/03 15
16 Add security! What should we do? (II) 11/12/03 16
17 David Cheriton, SIGCOMM 03 keynote 11/12/03 17
18 Size change design change The Internet's large change in size calls for a fundamental change in network protocol design considerations. Designing for resiliency: How to add resiliency into the Internet to make it withstand both expected and unexpected faults? 11/12/03 18
19 Resiliency-Oriented Design Designing resiliency into network protocols Identify fundamental invariance in protocols & systems Add rigorous validity checking into each step of protocol operation Add additional information & verification procedures into protocol designs as needed to serve the verification purpose 11/12/03 19
20 Very Preliminary results as proof of evidence Started with routing protocol 2 examples Add fault-detection to RIP Add fault-detection to BGP routing announcement 11/12/03 20
21 Can RIP Detect False Updates? RIP provides very limited information Each node only knows the distance to its immediate neighbors Take this difficult example to test feasibility Is it possible to check update validity with such a constrained protocol design? Fault detection by assertions RIP protocol invariance: Shortest path routing triangle theorem holds true A 11/12/03 21 B C AB + BC AC
22 RIP-TP (RIP with Triangle checking and Probing) A R B When R receives update from A MinDist(A, I), Check-I: MinDist(R,I) MinDist(R, A) + MinDist(A, I) Check-II: MinDist(B,I) MinDist(A, B) + MinDist(A, I) Triangle theorem violation can be due to either transient following a topology change, or invalid update message. To verify: send probe message with TTL=Dist(A,I)+1 For more detail in Pei, et al, GLOBECOM 2003 I 11/12/03 22
23 How effective is RIP-TP? Recall that ARPANET outage from ~30 years ago: B A 0 distance to B RIP-TP checking could have easily detected that fault Why wasn t RIP designed with such detection built in? The design assumption: fail-stop 11/12/03 23
24 Another example: prevent traffic hijacking Internet routing: each AS announces its own prefixes to neighbor ASes Multiple Origin AS (MOAS): the same prefix announced by more than one origin AS 11/12/03 24
25 MOAS Conflicts Do Exist Max: (11357 from a single AS) Max: (9177 from a single AS) year Median number increase rate #BGP table entries increase rate % % % % % % 11/12/03 25
26 A simple detection of False Announcements /8 AS58 AS59 Example configuration: 18/8, PATH<58>, MOAS{58,59} 18/8, PATH<59>, MOAS{58,59} AS52 router bgp 59 neighbor remote-as 52 neighbor send-community neighbor route-map setcommunity out route-map setcommunity match ip address /8 set community 59:MOAS 58:MOAS additive 18/8, PATH<52>, MOAS{52, 58} 18/8, PATH<4>, MOAS{4,58,59} 11/12/03 26
27 What to Carry Away Scaling up the Internet has more profound implications beyond bigger numbers/tables It is time we start a proactive, systematic approach to Internet resiliency Design for resiliency Unknown road, lots challenges ahead How to identify the fundamental invariants in each protocol? How much overhead to pay? How to evaluate the effectiveness?... Our goal: building a resilient Internet infrastructure in a fault-pervasive environment 11/12/03 27
28 Thanks! Quesitons/comments Send to 11/12/03 28
BGP Routing inside an AS
Hot Potatoes Heat Up BGP Routing Renata Teixeira (UC San Diego) http://www-cse.ucsd.edu/~teixeira with Aman Shaikh (AT&T), Tim Griffin(Intel), and Jennifer Rexford(AT&T) 30 th NANOG Miami, Florida BGP
More informationListen and Whisper: Security Mechanisms for BGP
Listen and Whisper: Security Mechanisms for BGP Lakshminarayanan Subramanian UC Berkeley Joint work with: Volker Roth, Ion Stoica, Scott Shenker, Randy Katz BGP Route Verification BGP speakers blindly
More informationCS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal
CS4450 Computer Networks: Architecture and Protocols Lecture 15 BGP Spring 2018 Rachit Agarwal Autonomous System (AS) or Domain Region of a network under a single administrative entity Border Routers Interior
More informationReal-time Blackhole Analysis with Hubble
Real-time Blackhole Analysis with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, Thomas Anderson University of Washington NANOG 40, June 2007 1 Global Reachability
More informationDynamics of Hot-Potato Routing in IP Networks
Dynamics of Hot-Potato Routing in IP Networks Jennifer Rexford AT&T Labs Research http://www.research.att.com/~jrex Joint work with Renata Teixeira (UCSD), Aman Shaikh (AT&T), and Timothy Griffin (Intel)
More informationRouting, Routing Algorithms & Protocols
Routing, Routing Algorithms & Protocols Computer Networks Lecture 6 http://goo.gl/pze5o8 Circuit-Switched and Packet-Switched WANs 2 Circuit-Switched Networks Older (evolved from telephone networks), a
More informationTBGP: A more scalable and functional BGP. Paul Francis Jan. 2004
TBGP: A more scalable and functional BGP Paul Francis Jan. 2004 BGP: Border Gateway Protocol BGP is the top-level routing protocol in the Internet It holds the Internet together BGP allows routers to tell
More informationResilient IP Backbones. Debanjan Saha Tellium, Inc.
Resilient IP Backbones Debanjan Saha Tellium, Inc. dsaha@tellium.com 1 Outline Industry overview IP backbone alternatives IP-over-DWDM IP-over-OTN Traffic routing & planning Network case studies Research
More informationIntelligent Routing Platform
WHITE PAPER Bring Intelligence to your Network Copyright 2018 Noction Inc. Table of Contents 1. Executive Summary...3 2. The Challenge of a Multi-Homed Environment...4 3. Network Congestion and Blackouts...4
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationMultihoming: An Overview & a brief introduction to GSE(8+8) Single Home
Multihoming: An Overview & a brief introduction to GSE(8+8) Lixia Zhang APRICOT 2006 Perth, Australia 3/2/06 IAB BOF @ APRICOT 1 Customer network 1 1.1.16.0/20 Single Home 1.1.0.0/16. Customer network
More informationSecurity in Mobile Ad-hoc Networks. Wormhole Attacks
Security in Mobile Ad-hoc Networks Wormhole Attacks What are MANETs Mobile Ad-hoc Network (MANET) is a collection of wireless mobile hosts without fixed network infrastructure and centralized administration.
More informationCS 43: Computer Networks. 24: Internet Routing November 19, 2018
CS 43: Computer Networks 24: Internet Routing November 19, 2018 Last Class Link State + Fast convergence (reacts to events quickly) + Small window of inconsistency Distance Vector + + Distributed (small
More informationCLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS
CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS A STRONG PARTNER OUR PORTFOLIO COMPANY Expand your own portfolio with an IT security expert that has redefined DDoS protection from the cloud. Link11 is
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationA Framework for Resilient Internet Routing Protocols
A Framework for Resilient Internet Routing Protocols Dan Pei and Lixia Zhang, UCLA Dan Massey, USC/ISI Abstract At a fundamental level, all Internet-based applications rely on a dependable packet delivery
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationA Measurement Study of BGP Misconfiguration
A Measurement Study of BGP Misconfiguration Ratul Mahajan, David Wetherall, and Tom Anderson University of Washington Motivation Routing protocols are robust against failures Meaning fail-stop link and
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationRequest for Comments: 1787 T.J. Watson Research Center, IBM Corp. Category: Informational April 1995
Network Working Group Y. Rekhter Request for Comments: 1787 T.J. Watson Research Center, IBM Corp. Category: Informational April 1995 Status of this Memo Routing in a Multi-provider Internet This memo
More informationRouting Protocol comparison
Routing Protocol comparison Introduction to routing Networks allow people to communicate, collaborate, and interact in many ways. Networks are used to access web pages, talk using IP telephones, participate
More informationSENSS: Software-defined Security Service
SENSS: Software-defined Security Service Minlan Yu University of Southern California Joint work with Abdulla Alwabel, Ying Zhang, Jelena Mirkovic 1 Growing DDoS Attacks Average monthly size of DDoS attacks
More informationRouting. Advanced Computer Networks: Routing 1
Routing Advanced Computer Networks: Routing 1 Gateway To internet or wide area network Metropolitan Area Network (MAN) s s Organization Servers Backbone R S R R Departmental Server s R S R s S R s s s
More informationReview for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30
Review for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30 R1. Let s review some of the terminology used in this textbook. Recall that
More informationA Framework for Resilient Internet Routing Protocols
1 A Framework for Resilient Internet Routing Protocols Dan Pei, UCLA; Daniel Massey, USC/ISI; Lixia Zhang, UCLA Technical Report TR-030052 UCLA Computer Science Department November 13th, 2003 Abstract
More informationCS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017
CS 43: Computer Networks Internet Routing Kevin Webb Swarthmore College November 16, 2017 1 Hierarchical routing Our routing study thus far - idealization all routers identical network flat not true in
More informationGrowing DDoS attacks what have we learned (29. June 2015)
Growing DDoS attacks what have we learned (29. June 2015) Miloš Kukoleča AMRES milos.kukoleca@amres.ac.rs financed by the European Union from the START Danube Region Network protection Strict network policy
More informationAbstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School
Abstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School xie@nps.edu It started in 2004 A sabbatical at CMU Joined a collaborative project with AT&T
More informationInternet Routing : Fundamentals of Computer Networks Bill Nace
Internet Routing 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Looking Ahead Lab #2 just due Quiz #2
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationFINAL EXAM - SLOT 2 TCP/IP NETWORKING Duration: 90 min. With Solutions
First name: Family name: FINAL EXAM - SLOT 2 TCP/IP NETWORKING Duration: 90 min. With Solutions Jean-Yves Le Boudec, Patrick Thiran 2011 January 15 INSTRUCTIONS 1. The exam is in two time slots. Slot 1
More informationNetwork Security: Routing security. Aapo Kalliola T Network security Aalto University, Nov-Dec 2012
Network Security: Routing security Aapo Kalliola T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Structure of internet 2. Routing basics 3. Security issues 4. Attack 5. Solutions
More informationHot Potatoes Heat Up BGP Routing
Hot Potatoes Heat Up BGP Routing Renata Teixeira Laboratoire d Informatique de Paris 6 Université Pierre et Marie Curie Amsterdam Internet Routing Architecture Verio AT&T AOL Web Server UCSD Sprint User
More informationRouting Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols
Routing Basics 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 Addresses are 32 bits long Range from 1.0.0.0 to 223.255.255.255 0.0.0.0
More informationAPT: A Practical Transit-Mapping Service Overview and Comparisons
APT: A Practical Transit-Mapping Service Overview and Comparisons draft-jen-apt Dan Jen, Michael Meisel, Dan Massey, Lan Wang, Beichuan Zhang, and Lixia Zhang The Big Picture APT is similar to LISP at
More informationInternet Architecture and Experimentation
Internet Architecture and Experimentation Today l Internet architecture l Principles l Experimentation A packet switched network Modern comm. networks are packet switched Data broken into packets, packet
More information! Distance vector routing! Link state routing.! Path vector routing! BGP: Border Gateway Protocol! Route aggregation
! Distance vector routing! Link state routing Information Network I Youki Kadobayashi! IGP and EGP Intra-domain routing protocol, inter-domain routing protocol! Path vector routing! BGP: Border Gateway
More informationRouting Protocols of IGP. Koji OKAMURA Kyushu University, Japan
Routing Protocols of IGP Koji OKAMURA Kyushu University, Japan Routing Protocol AS (Autonomous System) Is operated autonomous in the organization. 6bit IGP (Interior Gateway Protocol) Routing Control inside
More informationIntroduction to IP Routing. Geoff Huston
Introduction to IP Routing Geoff Huston Routing How do packets get from A to B in the Internet? A Internet B Connectionless Forwarding Each router (switch) makes a LOCAL decision to forward the packet
More informationSCION: PKI Overview. Adrian Perrig Network Security Group, ETH Zürich
SCION: PKI Overview Adrian Perrig Network Security Group, ETH Zürich PKI Concepts: Brief Introduction PKI: Public-Key Infrastructure Purpose of PKI: enable authentication of an entity Various types of
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationCOM-208: Computer Networks - Homework 6
COM-208: Computer Networks - Homework 6. (P22) Suppose you are interested in detecting the number of hosts behind a NAT. You observe that the IP layer stamps an identification number sequentially on each
More informationBGP Route Hijacking - What Can Be Done Today?
BGP Route Hijacking - What Can Be Done Today? Version 1.2 Barry Raveendran Greene Principle Architect Carrier, Enterprise & Security bgreene@akamai.com @Akamai BGP - the Core Protocol that Glues all of
More informationInterdomain Routing and Connectivity
Interdomain Routing and Connectivity Brighten Godfrey CS 538 February 28 2018 slides 2010-2018 by Brighten Godfrey unless otherwise noted Routing Choosing paths along which messages will travel from source
More information(Refer Slide Time: 01:08 to 01:25min)
COMPUTER NETWORKS Prof. Sujoy Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture-27 RIP- Distance Vector Routing We have seen basic routing. Now we will
More informationLecture 19: Network Layer Routing in the Internet
Lecture 19: Network Layer Routing in the Internet COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition: 1996-2016, J.F
More informationLecture 13: Traffic Engineering
Lecture 13: Traffic Engineering CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Mike Freedman, Nick Feamster Lecture 13 Overview Evolution of routing in the ARPAnet Today s TE: Adjusting
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationCSCD 433/533 Network Programming Fall Lecture 14 Global Address Space Autonomous Systems, BGP Protocol Routing
CSCD 433/533 Network Programming Fall 2012 Lecture 14 Global Address Space Autonomous Systems, BGP Protocol Routing 1 Topics Interdomain Routing BGP Interdomain Routing Benefits vs. Link State Routing
More informationRouting(2) Inter-domain Routing
Routing(2) Inter-domain Routing Information Network I Youki Kadobayashi 1 Outline! Distance vector routing! Link state routing! IGP and EGP Intra-domain routing protocol, inter-domain routing protocol!
More informationReducing FIB Size with Virtual Aggregation (VA)
Reducing FIB Size with Virtual Aggregation (VA) Paul Francis, MPI-SWS Xiaohu Xu, Huawei, Hitesh Ballani, Cornell Dan Jen, UCLA Robert Raszuk, Cisco Lixia Zhang, UCLA ISPs often want to extend the life
More informationBGP Made Easy. John van Oppen NANOG PTC January 15th 2017
BGP Made Easy John van Oppen NANOG OTR @ PTC January 15th 2017 What is BGP Snarky answer: RFC-4271 BGP is an Exterior gateway protocol, the only one used on the public Internet and is used for inter-autonomous
More informationInterdomain Routing Reading: Sections P&D 4.3.{3,4}
Interdomain Routing Reading: Sections P&D 4.3.{3,4} EE122: Intro to Communication Networks Fall 2006 (MW 4:00-5:30 in Donner 155) Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim http://inst.eecs.berkeley.edu/~ee122/
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationA Day in the Life of an Address. Bill Fenner AT&T Labs - Research IETF Routing Area Director
A Day in the Life of an Address Bill Fenner AT&T Labs - Research fenner@research.att.com IETF Routing Area Director 1 Overview Addressing Routing Policy Data 2 Overview Addressing Routing Policy Data 3
More informationPartitioning the Internet
Partitioning the Internet Matthias Wachs Christian Grothoff 1 Ramakrishna Thurimella 2 Technische Universität München 1 University of Denver 2 CRiSIS 2012, Cork, Ireland FSNSG (TUM) Partitioning the Internet
More informationNetwork Security - ISA 656 Routing Security
Network Security - ISA 656 Angelos Stavrou December 4, 2007 What is? What is Routing Security? History of Routing Security Why So Little Work? How is it Different? The Enemy s Goal? Bad guys play games
More informationJ. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering
Auburn Information Assurance Laboratory J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering 107 Dunstan Hall Auburn
More informationSteven M. Bellovin AT&T Labs Research Florham Park, NJ 07932
Steven M. Bellovin! " $#"##%& '( ) * 973-360-8656 AT&T Labs Research Florham Park, NJ 07932 Steven M. Bellovin June 13, 2003 1 What is? Bad guys play games with routing protocols. Traffic is diverted.
More informationDetection of Invalid Routing Announcement in the Internet Λ
Detection of Invalid Routing Announcement in the Internet Λ Xiaoliang Zhao, Dan Pei, Lan Wang, Dan Massey, Allison Mankin, S. Felix Wu,Lixia Zhang y Abstract Network measurement has shown that a specific
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Jannotti Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationEXAM TCP/IP NETWORKING Duration: 3 hours
SCIPER: First name: Family name: EXAM TCP/IP NETWORKING Duration: 3 hours Jean-Yves Le Boudec January 2018 INSTRUCTIONS 1. Write your solution into this document and return it to us (you do not need to
More informationA Formal Specification for RIP Protocol
A Formal Specification for RIP Protocol 1 Dan Pei 1, Dan Massey 2 and Lixia Zhang 1 UCLA 1 Colorado State University 2 {peidan, lixia}@cs.ucla.edu massey@cs.colostate.edu UCLA CSD Technical Report TR040046
More informationMaking your information system simple again
Making your information system simple again Critical applications: the key to your business success Bringing together an organization s core expertise, its most sensitive data, and critical applications
More informationRouting(2) Inter-domain Routing
Routing(2) Inter-domain Routing Information Network I Youki Kadobayashi 1 Outline Continued from previous lecture on: Distance vector routing Link state routing IGP and EGP Interior gateway protocol, Exterior
More informationPHAS: A Prefix Hijack Alert System
PHAS: A Prefix Hijack Alert System Mohit Lad mohit@cs.ucla.edu Yiguo Wu yiguowu@cs.ucla.edu Dan Massey massey@cs.colostate.edu Beichuan Zhang bzhang@cs.arizona.edu Dan Pei peidan@research.att.com Lixia
More informationRouting Basics. ISP Workshops. Last updated 10 th December 2015
Routing Basics ISP Workshops Last updated 10 th December 2015 1 Routing Concepts p IPv4 & IPv6 p Routing p Forwarding p Some definitions p Policy options p Routing Protocols 2 IPv4 p Internet still uses
More informationOSSIR. 8 Novembre 2005
OSSIR 8 Novembre 2005 Arbor Networks: Security Industry Leader Arbor s Peakflow products ensure the security and operational integrity of the world s most critical networks Solid Financial Base Sales have
More informationA Scalable Routing System Design for the Future Internet
A Scalable Routing System Design for the Future Internet Dan Massey (Colorado State University) Lan Wang (University of Memphis) Beichuan Zhang (University of Arizona) Lixia Zhang (UCLA) 1 Where We Are
More informationQuestion: 3 Which LSA type describes the router ID of ASBR routers located in remote areas?
Volume: 65 Questions Question: 1 Which two statements describe aggregate routes? (Choose two.) A. Invalid routing prefixes are not advertised to external peers. B. Internal routing instabilities can be
More informationMobilityFirst GSTAR: Generalized Storage Aware Routing
MobilityFirst GSTAR: Generalized Storage Aware Routing Samuel Nelson MobilityFirst Design Goals Design a future internet architecture that supports: Host and network mobility Diverse communication devices/entities/paradigms
More informationProtecting DNS from Routing Attacks -Two Alternative Anycast Implementations
Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations Boran Qian StudentID 317715 Abstract The Domain Names System (DNS) is an important role of internet infrastructure and supporting
More informationNetwork Layer: Routing
Network Layer: Routing The Problem A B R 1 R 2 R 4 R 3 Goal: for each destination, compute next hop 1 Lecture 9 2 Basic Assumptions Trivial solution: Flooding Dynamic environment: links and routers unreliable:
More informationShim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI
Shim6: Network Operator Concerns Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI Not Currently Supporting IPv6? Many parties are going forward with IPv6 Japan
More informationL11 : Inter-domain Routing with BGP Lecture14 Michaelmas, 2016
7//06 L : Inter-domain Routing with BGP Lecture4 Michaelmas, 06 Timothy G. Griffin Computer Lab Cambridge UK 7//06 How many ASNs today (7 November, 06)? http://bgp.potaroo.net/ 7//06 How many prefixes
More informationLecture 16: Interdomain Routing. CSE 123: Computer Networks Stefan Savage
Lecture 16: Interdomain Routing CSE 123: Computer Networks Stefan Savage Overview Autonomous Systems Each network on the Internet has its own goals Path-vector Routing Allows scalable, informed route selection
More informationNetwork Working Group Request for Comments: Cisco Systems, Inc. June 2006
Network Working Group Request for Comments: 4576 Category: Standards Track E. Rosen P. Psenak P. Pillay-Esnault Cisco Systems, Inc. June 2006 Using a Link State Advertisement (LSA) Options Bit to Prevent
More informationRouting Basics. Campus Network Design & Operations Workshop
Routing Basics Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationRouting Basics. ISP Workshops
Routing Basics ISP Workshops These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated 26
More informationMutually Agreed Norms for Routing Security NAME
Mutually Agreed Norms for Routing Security NAME EMAIL The Problem A Routing Security Overview 2 Routing Incidents are Increasing In 2017 alone, 14,000 routing outages or attacks such as hijacking, leaks,
More informationCS4700/CS5700 Fundamentals of Computer Networks
CS4700/CS5700 Fundamentals of Computer Networks Lecture 12: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang Alan Mislove amislove at ccs.neu.edu
More informationCS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 14, 2013
CS 43: Computer Networks Internet Routing Kevin Webb Swarthmore College November 14, 2013 1 Reading Quiz Hierarchical routing Our routing study thus far - idealization all routers identical network flat
More informationGLOBAL INTERNET ROUTING FORENSICS Validation of BGP Paths using ICMP Traceback
Chapter 14 GLOBAL INTERNET ROUTING FORENSICS Validation of BGP Paths using ICMP Traceback Eunjong Kim, Dan Massey and Indrajit Ray Abstract The Border Gateway Protocol (BGP), the Internet's global routing
More informationNetwork Security - ISA 656 Routing Security
What is? Network Security - ISA 656 Angelos Stavrou What is Routing Security? History of Routing Security Why So Little Work? How is it Different? Bad guys play games with routing protocols. Traffic is
More informationChange of Address Jim Cowie, Doug Madory
Change of Address Routing Issues of Transferred IPv4 Addresses RIPE 70, Amsterdam Jim Cowie, Doug Madory May 11, 2015 Increased rate of IPv4 transfer The pace has greatly accelerated RIPE's table of IPv4
More informationUnit 3: Dynamic Routing
Unit 3: Dynamic Routing Basic Routing The term routing refers to taking a packet from one device and sending it through the network to another device on a different network. Routers don t really care about
More informationBGP Configuration for a Transit ISP
BGP Configuration for a Transit ISP ISP Workshops Last updated 24 April 2013 1 Definitions p Transit carrying traffic across a network, usually for a fee n traffic and prefixes originating from one AS
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationMaking Friends with Broadcast. Administrivia
Making Friends with Broadcast CMU 15-744 David Andersen Administrivia Midterm Mean 66.5, Median 70, Stddev 13.7 Histo: 35-39 37 38 40-44 45-49 50-54 54 54 54 55-59 56 57 60-64 61 64 64 65-69 69 70-74 71
More informationCollective responsibility for security and resilience of the global routing system
Collective responsibility for security and resilience of the global routing system Phil Roberts roberts@isoc.org Andrei Robachevsky www.internetsociety.org Let us look at the problem
More informationTimer Interaction in Route Flap Damping
Timer Interaction in Route Flap Damping Beichuan Zhang, Dan Pei, Lixia Zhang #UCLA$ Daniel Massey #Colorado State$ June, 2005 1 This Talk Route Flap Damping is a key mechanism in BGP to maintain global
More informationRouting and router security in an operator environment
DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from
More informationCSC 4900 Computer Networks: Routing Protocols
CSC 4900 Computer Networks: Routing Protocols Professor Henry Carter Fall 2017 Last Time Link State (LS) versus Distance Vector (DV) algorithms: What are some of the differences? What is an AS? Why do
More informationService Provider Multihoming
BGP Traffic Engineering Previous examples dealt with loadsharing inbound traffic Of primary concern at Internet edge What about outbound traffic? Transit ISPs strive to balance traffic flows in both directions
More informationBackbone Networks. Networking Case Studies. Backbone Networks. Backbone Topology. Mike Freedman COS 461: Computer Networks.
Networking Case Studies Datacenter Backbone Networks Enterprise Backbone Mike Freedman COS 6: Computer Networks Cellular h>p://www.cs.princeton.edu/courses/archive/spr/cos6/ Wireless Backbone Networks
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Administrivia Midterm moved up from 3/17 to 3/15 IP
More informationInterdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)
Interdomain Routing Reading: Sections K&R 4.6.3 EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277) Guest Lecture by Brighten Godfrey Instructor: Vern Paxson TAs: Lisa Fowler, Daniel
More information