Presentation is loading. Please wait.

Presentation is loading. Please wait.

Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.

Published byMyra Fedder Modified over 9 years ago

Similar presentations

Presentation on theme: "Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66."— Presentation transcript:

1 Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt miaofy@huawei.com OPSEC WG, IETF #66

2 Packet Filtering vs. Routing Filtering Packet filtering –Applied to network layer packets being forwarded –Based on IP and transport header usually –Out of scope of this document Routing filtering –Applied to routing packet being sent or received –Based on routing protocol along with other protocols –Fit in the scope of this document

3 Filters for External Routing Protocols Current implementation –Applied to both sent and received routing packets on per- interface basis –Outbound Route Filter (ORF), whether and which ORF, on per- interface basis –Limit the scope of route redistribution between different routing protocols Filtering Criteria –Specific route prefixes –Maximum length of route prefixes –Maximum number of route prefixes received –AS_PATH –BGP community and extended community

4 Filters for IGP Areas IGP requires same view of the topology within an area –Route should be flooded unchanged –Infeasible to implement filtering within an area Filtering between IGP areas –Router may provide the option to filter routing between IGP areas –Caution: the routing filtering may results in some address unreachable

5 Filters by TTL Accept packets from only immediate neighbor –TTL spoofing is supposed impossible –Most routing packets originate from immediate neighbor –TTL is 255 if the neighbor sets the default 255 Note: not applicable to Multi-hop IBGP

6 Route Flap Dampening Route flap is bad –How about route flap dampening? Configurable –Timer –Could be turned off »http://www.ripe.net/ripe/docs/ripe-378.html

7 Routing Authentication Key must be configurable on router System transition from one key to another based on system time Stronger algorithms than MD5 –Rescorla-Bellovin analysis Preferable key distribution/update mechanism Note: current routing protocol specification (standard track) on authentication is too weak to meet security requirement

8 What is the next step? Adopted as a working group document?

9 Thanks!

Download ppt "Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66."

Similar presentations

An Operational Perspective on BGP Security Geoff Huston February 2005.

An Operational Perspective on BGP Security Geoff Huston February 2005.
Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.

Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson 035-167575

1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson
CS 672 1 Summer 2003 Lecture 4. CS 672 2 Summer 2003 Route Aggregation The process of representing a group of prefixes with a single prefix is known as.

CS Summer 2003 Lecture 4. CS Summer 2003 Route Aggregation The process of representing a group of prefixes with a single prefix is known as.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.
BGP Attributes and Path Selections

BGP Attributes and Path Selections
Inter-domain Routing Don Fussell CS 395T Measuring Internet Performance.

Inter-domain Routing Don Fussell CS 395T Measuring Internet Performance.
– Chapter 4 – Secure Routing

– Chapter 4 – Secure Routing
TCOM 515 Lecture 6.

TCOM 515 Lecture 6.
Distance Vector Routing Protocols W.lilakiatsakun.

Distance Vector Routing Protocols W.lilakiatsakun.
Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.

Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.

Similar presentations

Ads by Google