a hybrid system for automatic exchanges of routing
play

A hybrid system for automatic exchanges of routing information - PowerPoint PPT Presentation

Sep 06, 2022 •234 likes •486 views

A hybrid system for automatic exchanges of routing information Stamatios Maritsas University of Amsterdam Informatics Institute Master of Science in System and Network Engineering supervised by Stavros Konstantaras George Thessalonikefs

  1. A hybrid system for automatic exchanges of routing information Stamatios Maritsas University of Amsterdam Informatics Institute Master of Science in System and Network Engineering supervised by Stavros Konstantaras George Thessalonikefs s.konstantaras@uva.nl george@nlnetlabs.nl November 23, 2016 Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 1 / 25

  2. Border Gateway Protocol — BGP Definition BGP is the de facto inter-AS 1 routing protocol used on the Internet nowadays. Specified in RFC 4271 (BGP4) Peer-to-peer reachability discovery protocol Comes in two flavors, iBGP and eBGP 1 Autonomous System (AS) = a connected group of IP prefixes having a single, consistent routing policy Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 2 / 25

  3. Policies Definition Policies determine a set of rules on how routing and reachability information is exchanged between BGP routers. whom does an AS connect with which route prefixes are announced to others which route prefixes are accepted from others what are the desired preferences, etc. Categorization ◮ Transit policies ◮ Traffic engineering policies ◮ Scalability policies ◮ Security-related policies Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 3 / 25

  4. Routing Policy Specification Language — RPSL Definition RPSL is a neutral-vendor, object-oriented language used to specify a routing policy in the IRR. defines 13 classes of objects aut-num, route, as-set, route-set Three-fold purpose ◮ presentation of policies in IRR in an understandable format ◮ description of policies in a more comfortable/solid way ◮ can be converted into BGP configuration files Practical difficulties ◮ complex policy descriptions due to its flexibility ◮ level of accuracy of descriptions largely varies ◮ adds an extra high-level configuration step Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 4 / 25

  5. Internet Routing Registry — IRR Definition IRR is a distributed set of repositories used by many network operators to store their AS routing policy. Numbers ◮ 26 both public and private routing registries in total ◮ 5 Routing Internet Registries (RIRs) — 5 geographical regions ⋆ AFRINIC, ARIN, APNIC, LACNIC, RIPE NCC ⋆ Allocation of IP address space and ASNs Security considerations ◮ out-of-date information ◮ inconsistencies ◮ no proper authorization/authentication ◮ RFC 2725 (re-examine its applicability) Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 5 / 25

  6. BGP security Early ’90s ◮ first standardization of BGP in RFC 1105, NOT security-oriented ◮ small number of networks, trust in place ◮ no need for security :) Nowadays ◮ BGP4 (RFC 4271) is still NOT security-oriented ◮ huge number of networks, NO trust in place ◮ security has become mandatory Security solutions ◮ many proposals, both crypto-based and non-crypto based ◮ crypto-based difficult to be applied (excluding RPKI) ⋆ require modifications to BGP messages structure ⋆ high computational cost ◮ BGP route filtering (non crypto-based) , most effective and widely deployed technique Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 6 / 25

  7. Current state Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 7 / 25

  8. Research Questions Main research question Is it possible to design a hybrid system to automatically exchange routing policies for BGP configurations? Sub-research questions Which would be the benefits by designing a hybrid approach? What is the potential of this hybrid system in terms of scalability and efficiency? What security aspects should this hybrid system employ? Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 8 / 25

  9. Where does our project land? Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 9 / 25

  10. Methodology Literature study, theoretical knowledge ◮ articles ◮ RFCs ◮ etc. Meetings, practical knowledge ◮ supervisors ◮ a few network operators (mostly of small ISPs) Questionnaire, practical knowledge ◮ 2 questions concerning BGP update policy ◮ 19 network operators mailing lists ◮ statistical sample = 55 responses, only an indication :( ◮ more than one answer to every question Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 10 / 25

  11. Questionnaire (1/2) Q1 indicates a need for an automatic way to exchange policies Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 11 / 25

  12. Questionnaire (2/2) Q2 indicates a need for an automatic way to exchange policies Q2 slightly indicates RPSL’s difficulty to be adopted (17 / 55, 30.9%) Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 12 / 25

  13. Decision making (1/3) Requirements ◮ Decentralization of policy information ◮ Mapping between domains 2 - policy service locations ◮ Vendor-neutrality of routing policy language ◮ Security (authorization & authentication) ◮ Support for Policy Views (privacy) 2 For brevity, domain == administrative domain or AS Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 13 / 25

  14. Decision making (2/3) Hybrid system model — Inspired by [1] [UvA+TUDelft, 2015] ◮ need for both centralization & decentralization ◮ 3 components ⋆ Policy Mapper (PM) - centralized part ⋆ Policy Provider (PP) - distributed part ⋆ Policy Requester (PR) - distributed part Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 14 / 25

  15. Decision making (3/3) Security aspects ◮ PM acts as a Trusted Third Party (TTP) & accessible by both PRs and PPs ◮ One public/private key-pair per domain, used to create a self-signed certificate and share it with PM ◮ PRs & PPs communicate using their self-signed certificates over TLS (mutual authentication) Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 15 / 25

  16. Registration to Policy Mapper Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 16 / 25

  17. Policy retrieval Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 17 / 25

  18. Policy view Innovative idea Discrete piece of main policy information Different policy views for different requesters Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 18 / 25

  19. Registration to Policy Provider Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 19 / 25

  20. Policy update & notification Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 20 / 25

  21. Discussion Scalability ◮ hybrid model offers scalability ◮ innovative system proposal Implementation ideas ◮ Security ⋆ RPKI, authorization but NOT authentication (RFC 6480) ⋆ HTTPS, need for client certificates as well ◮ Policy language ⋆ only RPSL in place ⋆ need for a structure-based, human-readable language that provides one-to-one correlation between router configurations and policies Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 21 / 25

  22. Conclusion Decentralization of policies is possible! :) Simplicity of architecture Components simple and well-defined Room for extra services and extension of system capabilities Contribute to BGP security by supporting the correctness and effectiveness of BGP filters ◮ policy views preserve the confidentiality of data ◮ ISPs more motivated to keep their policy information accurate and up to date Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 22 / 25

  23. Further work Proof of concept Large scale scenario RPSL alternatives ◮ Routing Documentation Language (RDL) 3 ◮ YAML Ain’t Markup Language Correctness of policy information ◮ Comparison of the policy view received with the local policy 3 part of Extendible Next Generation Routing Information Toolkit (ENGRIT) project and kicked off on 2014 [2] Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 23 / 25

  24. References Ralph Koning, Miroslav Zivkovic, Stavros Konstantaras, Paola Grosso, Cees de Laat (UvA) and Farabi Iqbal (TUDelft) (2015) Architecture for Exchanging Topology Information in Multi-domain Environments Per Gregers Bilse and Benno Overeinder, IEPG Meeting, IETF 89, London, UK, March 2014 Presentation: ”A programmatic approach to generating router configurations” http://www.iepg.org/2014-03-02-ietf89/rdl-IEPG-89.pdf Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 24 / 25

  25. Thank you for your attention! :) Questions? Stamatios Maritsas (SNE / OS3) Master Thesis Project November 23, 2016 25 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control

Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control

Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control Laboratory, ETH Zrich www.control.ethz.ch Outline 1. Hybrid and stochastic hybrid systems 2. Reachability & randomized methods 3. DNA

682 views • 44 slides
A A HYBRID HYBRID CHC GENETIC ALGORITHM CHC GENETIC ALGORITHM FOR FOR MACRO CELL MACRO

A A HYBRID HYBRID CHC GENETIC ALGORITHM CHC GENETIC ALGORITHM FOR FOR MACRO CELL MACRO

A A HYBRID HYBRID CHC GENETIC ALGORITHM CHC GENETIC ALGORITHM FOR FOR MACRO CELL MACRO CELL GLOBAL ROUTING GLOBAL ROUTING AUTHORS G.Andal Jayalakshmi S.Sowmyalakshmi R.Rajaram 1 CONTENTS CONTENTS 1. INTRODUCTION 2. PROBLEM

261 views • 23 slides
Network layer Distributed Routing: Link State Routing Link State Routing A very frequently

Network layer Distributed Routing: Link State Routing Link State Routing A very frequently

IN2140: Introduction to Operating Systems and Data Communication Network layer Distributed Routing: Link State Routing Link State Routing A very frequently use routing protocol IS-IS (Intermediate System-Intermediate System) OSPF

239 views • 8 slides
Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on the CADTA main page before starting this tutorial. 1.1. Start Encounter Log on to a VLSI server using your EE departmental username and password.

539 views • 23 slides
The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher:

The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher:

The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary Whats a hybrid system? Definition of Hybrid Automaton Subclasses

448 views • 15 slides
A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with

A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with

A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with Stochastic Demands Michel GENDREAU Interuniversity Research Centre on Enterprise Networks, Logistics and Transportation (CIRRELT) Dpartement

653 views • 26 slides
Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 11: Recurrent

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 11: Recurrent

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 11: Recurrent Neural Network (RNN) Models for ASR Instructor: Preethi Jyothi Feb 9, 2017 Recap: Hybrid DNN-HMM Systems Triphone state labels (DNN

651 views • 20 slides
A Deep Learning Approach to Automatic Call Routing Rajiv Shah Director of Solution Architect and

A Deep Learning Approach to Automatic Call Routing Rajiv Shah Director of Solution Architect and

A Deep Learning Approach to Automatic Call Routing Rajiv Shah Director of Solution Architect and Professional Services 2019 About GigaSpaces 300+ Direct customers We deliver the fastest big data 50+ / 500+ analytics processing platform to

731 views • 48 slides
An Algorithmic Approach to Stability Verification of Hybrid Systems: A Summary Miriam Garca Soto

An Algorithmic Approach to Stability Verification of Hybrid Systems: A Summary Miriam Garca Soto

An Algorithmic Approach to Stability Verification of Hybrid Systems: A Summary Miriam Garca Soto Joint work with Pavithra Prabhakar Hybrid system A dynamical system exhibiting a mixed discrete and continuous behavior. Hybrid system A

371 views • 33 slides
Hints to improve automatic load balancing with LeWI for hybrid applications Marta Garcia, Jesus

Hints to improve automatic load balancing with LeWI for hybrid applications Marta Garcia, Jesus

Hints to improve automatic load balancing with LeWI for hybrid applications Marta Garcia, Jesus Labarta, Julita Corbalan Journal of Parallel and Distributed Computing Volume 74, Issue 9 September 2014 1 / 27 Motivation Loss of efficiency

440 views • 29 slides
1031 Exchanges & Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M.

1031 Exchanges & Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M.

1031 Exchanges & Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M. Whitaker Part 1: 1031 Exchanges Roadmap Overview of 1031 Exchanges History of 1031 Exchanges Benefits of 1031 Exchanges 1031 Exchange

775 views • 41 slides
Chapter 18: A Hybrid Model for the Routing and Wavelength Assignment Problem Helmut Simonis Cork

Chapter 18: A Hybrid Model for the Routing and Wavelength Assignment Problem Helmut Simonis Cork

Problem Model Worked Example Results Chapter 18: A Hybrid Model for the Routing and Wavelength Assignment Problem Helmut Simonis Cork Constraint Computation Centre Computer Science Department University College Cork Ireland ECLiPSe

946 views • 69 slides
MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System

MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System

MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System Juan Cao, Yong-dong Zhang, , g g g, Bai-lan Feng, Xiu-feng Hua, Lei Bao, Xu Zhang INSTITUT INS TE O E OF CO Multimedia Computing Group

525 views • 24 slides
Delay-tolerant Networking Routing Protocol Development With The One Simulator Jonathan Humphrey

Delay-tolerant Networking Routing Protocol Development With The One Simulator Jonathan Humphrey

Delay-tolerant Networking Routing Protocol Development With The One Simulator Jonathan Humphrey Introduction Routing Protocol Background Hybrid Routing ONE Simulator Test Results Further Work Routing Protocol Background

561 views • 10 slides
1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a

1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a

Presenting a live 90 minute webinar with interactive Q&A 1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a Rebounding Market Mastering Complex Tax Rules and Leveraging the New Net Investment Income

947 views • 78 slides
Hybrid Energy Storage System (HESS) Product Overview Smart Energy Storage System Complete

Hybrid Energy Storage System (HESS) Product Overview Smart Energy Storage System Complete

Hybrid Energy Storage System (HESS) Product Overview Smart Energy Storage System Complete Hybrid Solution Powered by Lithium Ion (Li-ion) batteries Compact dimensions Capable to run sustained loads Voice enabled (Google

346 views • 13 slides
IRR Operational Model IR hierarchy model / Cooperate with whois JPNIC IRR Planning Team

IRR Operational Model IR hierarchy model / Cooperate with whois JPNIC IRR Planning Team

IRR Operational Model IR hierarchy model / Cooperate with whois JPNIC IRR Planning Team Tomoya Yoshida (NTT) yoshida@ocn.ad.jp 2002/10/24 JPNIC IRR Planning Team 1 History of US (1) 2000 Jan JPNIC IRR Workshop started

466 views • 17 slides
APNIC Policy Development Process AfriNIC 15 Louise Flynn on behalf of Adam Gosling Policy SIG

APNIC Policy Development Process AfriNIC 15 Louise Flynn on behalf of Adam Gosling Policy SIG

APNIC Policy Development Process AfriNIC 15 Louise Flynn on behalf of Adam Gosling Policy SIG Charter Develop policies and procedures which relate to the management and use of Internet address resources by APNIC, NIRs and ISPs within

329 views • 11 slides
A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services

A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services

A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director 1 About APNIC Membership-based, not-for-profit, R egional I nternet R egistry (RIR) Delegates and registers IP addresses and AS numbers

450 views • 29 slides
IPv6 deployment status: Where are we now and way forward Miwa Fujii <miwa@apnic.net> APNIC

IPv6 deployment status: Where are we now and way forward Miwa Fujii <miwa@apnic.net> APNIC

IPv6 deployment status: Where are we now and way forward Miwa Fujii <miwa@apnic.net> APNIC Table of contents Dissecting IPv6 adoption IPv6 deployment status in the AP region Way forward 2 Dissecting IPv6 adoption 3

733 views • 34 slides
Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people

THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people

THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people around the globe. Our Mission To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the

299 views • 25 slides
TW LCG Network Status Update Academia Sinica Grid Computing Centre Plan for Taiwan Tier-1

TW LCG Network Status Update Academia Sinica Grid Computing Centre Plan for Taiwan Tier-1

TW LCG Network Status Update Academia Sinica Grid Computing Centre Plan for Taiwan Tier-1 Network Backup Path Backup Path to T0 to T0 Primary Path to T0 Primary Path to T0 (will install 10GE in 2006) (will install 10GE in 2006) Taiwan

148 views • 10 slides
SO YOUR IPV6 IS PUBLICNOW WHAT? BY JOE SULLIVAN JOLIET JUNIOR COLLEGE, PROFESSOR APRIL 27 TH

SO YOUR IPV6 IS PUBLICNOW WHAT? BY JOE SULLIVAN JOLIET JUNIOR COLLEGE, PROFESSOR APRIL 27 TH

SO YOUR IPV6 IS PUBLICNOW WHAT? BY JOE SULLIVAN JOLIET JUNIOR COLLEGE, PROFESSOR APRIL 27 TH 2017 CCNP, Palo Alto ACE, CCNA Video, CCNA Voice, CVNS, CVNR, CCNA Collaboratjon, H.E. IPv6 Sage, Linux Essentjals, ECSVRv1, ECSERv2, CCNA

837 views • 27 slides

More recommend