interdomain routing
play

Interdomain Routing Two types of Routing Intradomain routing - PowerPoint PPT Presentation

Jul 28, 2023 •143 likes •253 views

  1. �������฀฀���฀฀�������� � � �������฀���฀��������฀��������฀������ ����������฀��฀��������฀�������฀���฀����������� ������������฀�����฀�����������฀����������฀����฀฀�� ��������������฀�������� Routing redux • The Internet is broken up into Autonomous Systems • All the hosts in an AS have a single administrative control Interdomain Routing • Two types of Routing � Intradomain routing Security • Accomplished via OSPF and other protocols � Interdomain routing • Accomplished only via BGP CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 � ASes cooperatively inform each other, for each IP address, in which AS it’s located and how to get there. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 1 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 2 Routing in a nutshell Routing in a nutshell • The Internet ... • …is made up of Autonomous Systems (ASes)… CSE598K/CSE545 - Advanced Network Security - McDaniel Page 3 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 4

  2. Routing in a nutshell Routing in a nutshell • …linked at Border Routers. • The Border Gateway Protocol determines which ASes to follow from source to destination. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 5 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 6 Routing in a nutshell The BGP Protocol • Each AS is responsible for moving packets inside it. • BGP messages • Route decisions • Intra-AS routing is (mostly) independent from Inter-AS � Origin announcements: � Border routers receive many origin announcements/ route • “I own this block of addresses” routing. advertisements, one from each of Route advertisements: � their peers “To get to this address block, send • packets destined for it to me. And by They choose the “best” path and � the way, here is the path of ASes it send their selection downstream will take” • BGP Attributes � Route withdrawals: • “Remember the route to this � BGP messages have additional address block I told you about, that attributes to help routers choose path of ASes no longer works” the “best” path � AS_path (above), MED, community strings, … CIDR Block Path Attributes 192.168.28.0/24 768 4014 664 quest:bkup CSE598K/CSE545 - Advanced Network Security - McDaniel Page 7 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8

  3. Routing in a nutshell BGP announcements � Which path gets picked depends on the • Propagate throughout the network. advertised attributes. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 9 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 10 BGP Connection FSM BGP Operation: Connection Setup • A router is speak BGP with another router, generally physically connected to it, in another AS � These two routers are called BGP peers � Before coming online, the router is in the Idle state • When the router comes on line, it creates a BGP session with its peer � BGP runs over TCP, and a TCP connection is made first between the two peers (port 179) � The router is in the Connect state during this time � When the connection is established, the router moves into the Established state CSE598K/CSE545 - Advanced Network Security - McDaniel Page 11 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 12

  4. BGP Operation: Path Attributes BGP Operation: Information Exchange • Once the BGP session is active, the peers exchange • ORIGIN: shows whether prefix was learned through routing data interior or exterior routing � This information is passed through the UPDATE message • AS_PATH: the ASes that the prefix has passed through during this advertisement • Contains a list of advertised prefixes, known as network layer reachability information (NLRI), and � BGP is a path vector protocol, and the prefix with the fewest withdrawn routes ASes traversed is usually preferred � Including AS path vector prevents looping • Prefixes with different policy attributes are sent in separate UPDATE messages • NEXT -HOP: the node to send packets back to in order to get them closer to their destination • Route setup can create heavy exchanges of messages and be computationally intensive for the router CSE598K/CSE545 - Advanced Network Security - McDaniel Page 13 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 14 In class exercise Other Common Path Attributes • MULTI-EXIT DISCRIMINATOR: if two ASes connect in • Fill in the routing tables ... CIDR Block AS PATH 192.10.10.0/24 192.10.0.0/16 multiple locations, the MED can be used by a peer to 192.10.11.0/16 CIDR Block AS PATH 192.10.12.0/16 192.10.10.0/24 favour a particular link to improve routing 192.10.14.0/16 192.10.0.0/16 192.10.11.0/16 AS 4 192.10.12.0/16 Addresses: 192.10.11.0/24 • LOCAL-PREF: used by the local AS to assign a degree of 192.10.14.0/16 CIDR Block AS PATH 192.10.10.0/24 AS 1 preference of one link for a given prefix over another 192.10.0.0/16 Addresses: 192.10.10.0/24 192.10.11.0/16 192.10.12.0/16 192.10.14.0/16 • ATOMIC-AGGREGATE: lets the router know not to AS 3 AS 5 deaggregate an advertisement into more specific CIDR Block AS PATH Addresses: Addresses: 192.10.12.0/24 192.10.14.0/24 192.10.10.0/24 192.10.0.0/16 prefixes 192.10.11.0/16 192.10.12.0/16 192.10.14.0/16 • AGGREGATOR: specifies AS and router that performed aggregation of a prefix AS 2 Addresses: CIDR Block AS PATH 192.10.0.0/16 192.10.10.0/24 192.10.0.0/16 192.10.11.0/16 192.10.12.0/16 192.10.14.0/16 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 15 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 16

  5. BGP Misconfiguration Mahajan et al. • One of the largest problems with BGP is • SIGCOMM ’02 study of BGP misconfiguration misconfiguration � Those instances where configurations caused problems: � Leading cause of instability on the Internet • unintended suppression of legitimate advertisement • unintended creation of illegitimate advertisement � Causes � Human factors terminology • Stupidity • slip - inadvertent errors, e.g., typos • Poor configuration tools • mistakes - design errors, e.g., • Under-specified network requirements • Methodology: use data from RouteViews routing � Often misconfiguration can lurk for months or years before repository collected over 3 years and 23 vantage it is detected or its effects felt points located located over the globe. • Changing network topology � contacted ASes for information on causes • Unexpected network states CSE598K/CSE545 - Advanced Network Security - McDaniel Page 17 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 18 Study Results Attacks Against BGP • Errors detected • Control Plane � prefix hijacking - incorrect advertisement of addresses � Timing � improper route export - exporting routes/paths in violation of � Availability stated ISP policies • Problems are universal, pervasive, and pathological • Data Plane � 200-1200 prefixes seeing misconfiguration per day (0.2-1.0% of � Origin 2002 table size) � Path � 3 in 4 new prefix advertisements result of misconfigurations � About 15 hijacks per day (getting much worse) • Result: constant stream of incorrect information being received by routers.* • Interesting thought: how to secure in this environment? *only gets worse after 2002. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 19 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 20

  6. Origin Attacks Path Attacks • Prefix hijacking • Path modification • Prefix destabalization • Path forgery • Self-deaggregation • Policy modification • Unauthorized use • AS forgery • The most serious of the attacks, particularly because • These attacks can be used to subvert routing and bias they can happen accidentally the way packets travel through the system CSE598K/CSE545 - Advanced Network Security - McDaniel Page 21 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 22 Timing Attacks Availability Attacks • Spoofed OPEN message • In-protocol attacks during negotiation � Forged NOTIFICATION messages • TCP SYN attack � Syntax errors in BGP messages • Altering BGP timers � Forcing route flooding to occur � Forged TCP RST packet • Forged KEEPALIVE messages while peers are • Physical attacks connecting � Resetting the router by gaining control of it � Link cutting CSE598K/CSE545 - Advanced Network Security - McDaniel Page 23 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business

Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business

Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing Routing

748 views • 37 slides
IP Routing: Interdomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

IP Routing: Interdomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

IP Routing: Interdomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ Internet Routing So far, only considered routing within a domain Many issues can be ignored in this setting because

1.25k views • 75 slides
Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We present a game-theoretic model that captures many of the intricacies of interdomain routing in todays Internet. In this model, the strategic agents are

429 views • 17 slides
CSE 461 Section 7 5/18/2017 JOHN ABERCROMBIE The interdomain routing problem Each AS determines

CSE 461 Section 7 5/18/2017 JOHN ABERCROMBIE The interdomain routing problem Each AS determines

CSE 461 Section 7 5/18/2017 JOHN ABERCROMBIE The interdomain routing problem Each AS determines its own routing policies One AS only wants to send and receive packets from the internet One AS can carry transit traffic for others if you

416 views • 15 slides
Lecture 14: Interdomain Routing CSE 123: Computer Networks Chris Kanich Quiz 2 now; Prj. 2 due

Lecture 14: Interdomain Routing CSE 123: Computer Networks Chris Kanich Quiz 2 now; Prj. 2 due

Lecture 14: Interdomain Routing CSE 123: Computer Networks Chris Kanich Quiz 2 now; Prj. 2 due Monday Lecture 14 Overview Autonomous Systems Each network on the Internet has its own goals Path-vector Routing Allows scalable, informed

229 views • 12 slides
Towards a Realistic Model of Incentives in Interdomain Routing: Decoupling Forwarding from

Towards a Realistic Model of Incentives in Interdomain Routing: Decoupling Forwarding from

Static Analysis of Decoupling The Game-Theoretic Approach Towards a Realistic Model of Incentives in Interdomain Routing: Decoupling Forwarding from Signaling Aaron D. Jaggard DIMACS Rutgers University Joint work with Vijay Ramachandran

729 views • 38 slides
CIDR: Classless Interdomain Routing Surasak Sanguanpong nguan@ku.ac.th

CIDR: Classless Interdomain Routing Surasak Sanguanpong nguan@ku.ac.th

1/10 CIDR: Classless Interdomain Routing Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: July 9, 2002 Applied Network Research Group Department of Computer Engineering, Kasetsart

448 views • 6 slides
Toward Programmable Interdomain Routing Qiao Xiang 1 , J. Jensen Zhang 1, 2 , Franck Le 3 , Y.

Toward Programmable Interdomain Routing Qiao Xiang 1 , J. Jensen Zhang 1, 2 , Franck Le 3 , Y.

Toward Programmable Interdomain Routing Qiao Xiang 1 , J. Jensen Zhang 1, 2 , Franck Le 3 , Y. Richard Yang 4, 1 1 Yale University, 2 Tongji University, 3 IBM T.J. Watson Research Center, 4 Peng Cheng Laboratory, 07/30/2020, ACM/IRTF ANRW'20

692 views • 42 slides
Models and Tools for the High-Level Simulation of a Name-Based Interdomain Routing Architecture

Models and Tools for the High-Level Simulation of a Name-Based Interdomain Routing Architecture

I NTRODUCTION P ROBLEM A PPLICATION -D RIVEN H IGH -L EVEL S IMULATION S IMULATION C OMPONENTS R ESULTS Models and Tools for the High-Level Simulation of a Name-Based Interdomain Routing Architecture Kari Visala, Andrew Keating Helsinki

236 views • 20 slides
Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 ,

Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 ,

Investigating Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 , Italo Cunha 3 , Phillipa Gill 1 , Ethan Katz-Bassett 4 1 Stony Brook University, 2 Northeastern University, 3 Universidade Federal de Minas

363 views • 11 slides
Investigating Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David

Investigating Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David

Investigating Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 , Italo Cunha 3 , Phillipa Gill 1 , Ethan Katz-Bassett 4 1 Stony Brook University, 2 Northeastern University, 3 Universidade Federal de Minas

426 views • 3 slides
External Routing External Routing BGP JeanYves Le Boudec Fall 2009 Self Organization 1 1

External Routing External Routing BGP JeanYves Le Boudec Fall 2009 Self Organization 1 1

COLE POLYTECHNIQUE FDRALE DE LAUSANNE External Routing External Routing BGP JeanYves Le Boudec Fall 2009 Self Organization 1 1 Contents A. What InterDomain Routing does 1 1. Inter Domain Routing Inter Domain Routing 2.

1.3k views • 91 slides
Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen *

Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen *

Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen * Micah Sherr + Boon Thau Loo * * University of Pennsylvania + Georgetown University 1 SIGCOMM 2012 (August 16, 2012)

647 views • 45 slides
SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group, ETH Zrich SCION: Next-generation Internet Architecture Path-aware networking: sender knows packets path Enables geo-fencing

497 views • 33 slides
The Stable Paths Problem and Interdomain Routing Rachit Agarwal Results are by others, any errors

The Stable Paths Problem and Interdomain Routing Rachit Agarwal Results are by others, any errors

Problem Formulation A Sufficient Condition for Stability Food for thought! The Stable Paths Problem and Interdomain Routing Rachit Agarwal Results are by others, any errors are by me! Rachit Agarwal The Stable Paths Problem Problem

1.08k views • 75 slides
Implementation of BGP in a Network Simulator Ljiljana Trajkovi Tony Dongliang Feng Rob

Implementation of BGP in a Network Simulator Ljiljana Trajkovi Tony Dongliang Feng Rob

Implementation of BGP in a Network Simulator Ljiljana Trajkovi Tony Dongliang Feng Rob Ballantyne Communication Networks Laboratory http://www.ensc.sfu.ca/cnl Simon Fraser University Road map Introduction Background Design and

630 views • 49 slides
Convergence Xiaoqiang Wang 1 , Olivier Bonaventure 2 , Peidong Zhu 1 1 National University of

Convergence Xiaoqiang Wang 1 , Olivier Bonaventure 2 , Peidong Zhu 1 1 National University of

Stabilizing BGP Routing without Harming Convergence Xiaoqiang Wang 1 , Olivier Bonaventure 2 , Peidong Zhu 1 1 National University of Defense Technology, China 2 University Catholique de Louvain, Belgium Outline Background Motivation

811 views • 26 slides
Overview q Review of theoretical routing algorithms v Link state & Dijkstras algorithm v

Overview q Review of theoretical routing algorithms v Link state & Dijkstras algorithm v

Smith College, CSC 249 March 8, 2017 1 Overview q Review of theoretical routing algorithms v Link state & Dijkstras algorithm v Distance vector & Bellman-Ford equation q Routing in the Internet v Implementation of Link-state and

739 views • 14 slides
Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com

Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com

Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com Danny McPherson dmcpherson@verisign.com FIRST 2011 John Kristoff & Danny McPherson 1 One of two critical systems Routing (BGP) and naming

495 views • 28 slides
... ISP Network prefix of arbitrary length Internet mesh ...... 209.185.15.0 Provides a basis

... ISP Network prefix of arbitrary length Internet mesh ...... 209.185.15.0 Provides a basis

28 May, The Lecture Outline Inter Domain Routing Motivation BGP Overview/Big Picture Border Gateway Protocol 4 The BGP4 Protocol The BGP4

647 views • 20 slides
Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug Emina Michael Arvind Zachary Weitz Woos Torlak D. Ernst Krishnamurthy Tatlock The Border Gateway Protocol The Border Gateway Protocol AS AS

645 views • 29 slides
Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF, RIP, BGP 3. Other protocols: DHCP, NAT, and Mobile IP Chapter 8 Communication Networks and Services IPv6 Fall 2012 Prof. Chung-Horng Lung 2 IPv6

552 views • 52 slides
Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan Routing Routing Rout ing prot ocol 5 Goal: det ermine good pat h (sequence of rout ers) t hru 3 B C net work f rom source t o dest .

636 views • 40 slides

More recommend