arp sponge
play

ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009 AMS-IX? - PowerPoint PPT Presentation

Dec 30, 2022 •300 likes •539 views

ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009 AMS-IX? One of the largest IXP in the world by members, ports and traffic 317 Members, 580 ports, 675Gb/sec peak All in one L2 subnet. zaterdag 4 juli 2009 AMS-IX Set-up

  1. ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009

  2. AMS-IX? • One of the largest IXP in the world by members, ports and traffic • 317 Members, 580 ports, 675Gb/sec peak • All in one L2 subnet. zaterdag 4 juli 2009

  3. AMS-IX Set-up • AMS-IXv3: • Big L2 subnet • Hub/spoke with backup network • VSRP for failover • No longer scalable. zaterdag 4 juli 2009

  4. AMS-IX Set-up • AMS-IXv4 • MPLS/VPLS • One network, redundancy replaces failover • Still one big L2 subnet for customers zaterdag 4 juli 2009

  5. ARP Sponge • ARP Sponge exists to decrease amount of ARP traffic on AMS-IX • Spoofs ARP replies when necessary zaterdag 4 juli 2009

  6. Research Question What differences are there between IPv4 and IPv6 as relating to the sponge and infrastructure, and is an IPv6 implementation necessary? zaterdag 4 juli 2009

  7. ARP Problems • ARP, needed for IPv4 over Ethernet • Resolves IP addresses into MAC addresses • Broadcast: ‘who is at this IP?’ • Must be processed by everyone who receives it • Too much ARP may cause CPU overload situations. zaterdag 4 juli 2009

  8. ARP Sponge • Too much ARP happens when nodes are unavailable (down, nonexistent) • ARP requests are repeated (in case they were lost), often by multiple requestors • ARP Sponge exists to notice this and reply in downed node’s stead. • Nodes are ‘happy’, so far as their ARP caches go zaterdag 4 juli 2009

  9. ARP Sponge • Start ‘sponging’ when too many requests are received in small amount of time • Stop ‘sponging’ when traffic is received from the real host • Gratuitous ARP, ARP request for other node, anything. zaterdag 4 juli 2009

  10. ARP Sponge Benefits • Nearly ten-fold reduction of ARP traffic seen on an average day: • 1450 ARPs/min with • 13902 ARPs/min without • Additionally, allows AMS-IX to see traffic for nonexistent nodes • Notably, BGP sessions with routers that no longer exist zaterdag 4 juli 2009

  11. IPv6 • Current Sponge only deals with IPv4 • What about IPv6? • IPv6 replaces ARP with ‘Neighbour Discovery’ • Part of ICMPv6 • Multicast instead of Broadcast • Also allows router discovery zaterdag 4 juli 2009

  12. Issues for IPv6 Sponge • IPv6 subnet is 64 bits large • 18446744073709551616 (2 64 ) potential addresses • Sponge must keep state for IP addresses to determine when to sponge • ‘limited’ memory capacity not enough zaterdag 4 juli 2009

  13. Issues for IPv6 Sponge • How to solve? • Use two lists: • White list of hosts known to exist (limited amount), filled by watching for traffic, can be seeded • Ring-buffer or timed-expiry for other addresses so old addresses expire automatically zaterdag 4 juli 2009

  14. IPv6 ND • ND consists primarily of: • Neighbour Solicitations and Advertisements • Functionally equivalent to ARP • multicast on Ethernet, using solicited-node address • Router Solicitations and Advertisements. zaterdag 4 juli 2009

  15. IPv6 ND • Solicited-node address: ff02::1:FFXX:XXXX • XX:XXXX replaced with last three octets of unicast address • IPv6 Multicast address maps to ethernet multicast address: 33:33:XX:XX:XX:XX • XX’es replaced with last 32 bits of multicast address zaterdag 4 juli 2009

  16. IPv6 ND • Example: 2001:7b8:200:2202:216:cbff:fe90:fe41 • Solicited-node address: ff02::1:ff90:fe41 • Multicast Ethernet address: 33:33:ff:90:fe:41 zaterdag 4 juli 2009

  17. IPv6 ND • This allows ‘selection at the gate’, or: don’t process irrelevant solicitations • MAC chips can be programmed for this • Keeps CPU utilization down in comparison to ARP zaterdag 4 juli 2009

  18. Group overlap • Multicast group addressing scheme on AMS-IX: • addresses are structured as 2001:7f8:1::a5xx:xxxx:yyyy • AS-numbers that end in the same two digits ‘overlap’: 2001:7f8:1::a500:1200:0001 and 2001:7f8:1::a512:3400:0001 result in 33:33:ff:00:00:01 • Average of 2.21 nodes per group, maximum 6 zaterdag 4 juli 2009

  19. Comparisons • Router CPU utilization ARP/ND, 10kpps ARP ARP ND ND ND host other host other group Juniper 5% 4% 100% 0% 69% Cisco 91% 55% 90% 55% 55% Linux 2% 1% 17% 0% 8% • Notes: • Juniper: FEB/FPC CPU; Cisco: main CPU • Cisco very busy handling packets in general, but nothing extra for irrelevant ND • Linux: used e1000 ethernet adapter which has ARP-offloading zaterdag 4 juli 2009

  20. Switch comparisons ARP L2 ARP VPLS ND L2 ND VPLS 42% 63% 40% 62% • Tested 10kpps ARP/ND in L2 environment vs. VPLS • Small difference between ND/ARP: processing in switch • VPLS increases line-card processing load evenly between ARP/ND zaterdag 4 juli 2009

  21. IPv6 Sponge Issue • 64-bit subnet means potentially very large neighbour cache for routers ‣ Attacker behind router starts ping sweep of peering subnet ‣ Router starts soliciting for neighbours (that don’t exist) ‣ ARP Sponge answers ‣ Neighbour cache fills up zaterdag 4 juli 2009

  22. Recommendation • Given: • Multicasting of Neighbour Solicitations with ‘selection at the gate’ • Potential to fill up neighbour caches • We recommend not implementing IPv6 Sponge daemon (yet) • If implementing for other reasons: use small lists to prevent cache problem zaterdag 4 juli 2009

  23. Thank you. Questions? zaterdag 4 juli 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a re-operation Detection can be difficult and remote from the initial operation The sponge must be removed Primary problem is faulty OR

570 views • 26 slides
Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation

Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation

13 th IWA Specialized Conference on Small Water and Wastewater Systems, 14-16 September 2016, Athens, Greece Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation sponge media Tsutomu Okubo*, Akinori

366 views • 33 slides
Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with Peter Gai (IST Austria) wr0ng Paris, April 30, 2017 The Sponge Construction [BDP V A08] M {0,1}* M 1 M 2 M L r-bit blocks: r 0 H (M)

820 views • 42 slides
Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 , ArcticCrypt Longyearbyen July 19, 2016 1 / 30 Joan Daemen 1 , 2 Elena Andreeva 3

602 views • 33 slides
Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics Summer school on real-world crypto and privacy ibenik, Croatia, June 2019 Based on joint work with Elena Andreeva, Guido Bertoni, Joan Daemen,

907 views • 88 slides
About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge

About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge

About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge Iron, Billets, TMT Bars, Stainless Steel, Power, Coal Mining. One of the largest producers of High Carbon Ferro Chrome, Silico Manganese,

638 views • 39 slides
Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile

Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile

Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile ultrasonic-coating approach and enhanced visible-light photocatalytic activity Ye Yang 1,2 , Qian Zhang 1* , Ruiyang Zhang 1 , Tao Ran 1 , Wenchao

594 views • 4 slides
LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015

LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015

LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015 Amine Ouesla8 - Group Leader Eric Bailey - Deputy Leader Allen Chang - Treasurer

270 views • 25 slides
Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard 25th April 2018, London Graz University of Technology Motivation and Context Logical Attacks www.tugraz.at Exploit software and design bugs

616 views • 59 slides
Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge

Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge

Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge after use) Label one zip-lock bag with student ID and name (To collect the synthesized superconductors) Prepare: Plastic spatula x1 Mask

512 views • 14 slides
Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge Construction 00101 01001 01100 11001 01011 10101 0 0 0 0 f f f f f 0 0 0 0 absorbing squeezing Duplex Construction input

808 views • 60 slides
White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 ,

White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 ,

Case Report International Journal of Basic and Clinical Studies (IJBCS) 2014;3(2): 106-110 Altop MS et al. White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 , Meral Unur 3 Sule Ozturk Sar 4 , Nesimi

249 views • 5 slides
SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah

SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah

SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah Reid, Lissa Martinez, Brenden Shue, Technical Director CAAP Technical Trinity Committee University GEAA Member Intern Topics to be covered

329 views • 28 slides
The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

Introduction Generalized Sponge Serial MDS PHOTON Security Conclusion The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO 2011, 15 August 2011 Introduction Generalized Sponge Serial MDS PHOTON

839 views • 35 slides
Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] No external

730 views • 16 slides
STUDIO 2015.4.01 Abstract & Key Words ABSTRACT: The city

STUDIO 2015.4.01 Abstract & Key Words ABSTRACT: The city

Low Impact Development of City Wall-Canal System from Urban Segregator to Green Archival Linkage -----Sponge City RejuvenaEon Design

740 views • 41 slides
Minimizing ARP traffic in the AMS-IX switching platform using OpenFlow Victor Boteanu Hanieh

Minimizing ARP traffic in the AMS-IX switching platform using OpenFlow Victor Boteanu Hanieh

Minimizing ARP traffic in the AMS-IX switching platform using OpenFlow Victor Boteanu Hanieh Bagheri University of Amsterdam System and Network Engineering July 3, 2013 Victor Boteanu, Hanieh Bagheri Minimizing ARP traffic in the AMS-IX

533 views • 26 slides
Investor Presentation January 2019 Stock Code: BSE - 531010 NSE - TATASPONGE Bloomberg - TTSP:IN

Investor Presentation January 2019 Stock Code: BSE - 531010 NSE - TATASPONGE Bloomberg - TTSP:IN

Investor Presentation January 2019 Stock Code: BSE - 531010 NSE - TATASPONGE Bloomberg - TTSP:IN 1 Disclaimer Not for release, distribution or publication, whether directly or indirectly and whether in whole or part, into or in the United

554 views • 13 slides
A SYSTEM FOR SUCCESS EVERYBODY DREAMS Freedom from debts Ideal life House Car Travel

A SYSTEM FOR SUCCESS EVERYBODY DREAMS Freedom from debts Ideal life House Car Travel

DXN A SYSTEM FOR SUCCESS EVERYBODY DREAMS Freedom from debts Ideal life House Car Travel Savings Worry free retired life Just more of what you already have THATS WHY WE WORK Get good education Get a nice job Build career Save for

1.14k views • 87 slides
MOBILITY & ENERGY CONSERVATI MOBILITY & ENERGY CONSERVATION MOBILITY & ENERGY

MOBILITY & ENERGY CONSERVATI MOBILITY & ENERGY CONSERVATION MOBILITY & ENERGY

WORKING PAPER WORKIN G PAPER #3 #3 WORKIN WORKING PAPER G PAPER #3 #3 MOBILITY & ENERGY CONSERVATI MOBILITY & ENERGY CONSERVATION MOBILITY & ENERGY CONSERVATI MOBILITY & ENERGY CONSERVATION ON ON Presentation to

499 views • 25 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Texas Riparian and Stream Ecosystems Nikki Dictson Texas Water Resources Institute

Texas Riparian and Stream Ecosystems Nikki Dictson Texas Water Resources Institute

Texas Riparian and Stream Ecosystems Nikki Dictson Texas Water Resources Institute http://texasriparian.org and http://www.facebook.com/TexasRiparianAssociation 1 What is a WATERSHED? 1 WATERSHED Texas Rivers 2 Watershed A Watershed can

872 views • 49 slides
INVESTOR May 2018 PRESENTATION Company Overview 01 02 Business Overview Strategic

INVESTOR May 2018 PRESENTATION Company Overview 01 02 Business Overview Strategic

INVESTOR May 2018 PRESENTATION Company Overview 01 02 Business Overview Strategic Priorities & 03 Growth Outlook 04 Financial Results DISCUSSION 05 Annexure SUMMARY 1 COMPANY OVERVIEW Health and Safety Assets &

752 views • 35 slides
Augu gust 2019 1 Di Disclaimer This presentation and the accompanying slides (the

Augu gust 2019 1 Di Disclaimer This presentation and the accompanying slides (the

Q1 Earnings Presentation Augu gust 2019 1 Di Disclaimer This presentation and the accompanying slides (the Presentation), which have been prepared by Godawari Power and Ispat Limited (the Company) solely for the information purposes

637 views • 37 slides

More recommend