Presentation is loading. Please wait.

Presentation is loading. Please wait.

Constraints on Automated Key Management for Routing Protocols

Published byJessie McDowell Modified over 6 years ago

Similar presentations

Presentation on theme: "Constraints on Automated Key Management for Routing Protocols"— Presentation transcript:

1 Constraints on Automated Key Management for Routing Protocols
Ross Callon IETF 71 March 2008, Philadelphia

2 AKM for Routing Protocols
Link State protocol constraints Bootstrapping the routing protocol Operation over Broadcast Media Don’t take down the network Simplicity and Comprehensibility

3 Link State Protocol Constraints
OSPF & IS-IS work because every router in an area has an identical view of the topology And runs identical route computation Authentication can be used to decide whether to bring up a link Or whether two neighbors exchange IGP traffic Authentication must not effect whether I believe the advertisement from a router across the area Different routers may get different results

4 Bootstrapping the Routing Protocol
If something goes wrong with routing (or with security), there has to be a way to recover If the routing protocol depends upon AKM, then AKM can’t depend upon the routing protocol For OSPF & IS-IS, AKM **must** only operate between directly attached devices, using link layer You can’t depend on IP to an arbitrary address BGP can depend upon the IGP being up But can’t depend on a priori inter-domain routes For BGP, authentication probably only effects the preference of routes (in some sense)

5 Broadcast Media OSPF / IS-IS / RIP operate over broadcast media (eg, Ethernet) A router on a broadcast LAN uses link layer multicast to send one packet to multiple other routers on the same LAN AKM will need to operate over the LAN And provide a key that one router can use to send a single packet to multiple other routers

6 Don’t Break the Network
The point is to keep the network up Authentication has to be more likely to keep things up, than to take the network down It has to be simple, understandable, resilient to mistakes Some configuration is allowed A router has to know which IGP to run Probably one pre-shared secret is okay also But: Keep it simple

7 Simplicity, Comprehensibility
Many router experts are not security experts (and vice versa) This is not a complete mutual understanding Security is much more likely to be deployed if it is understood Including what it protects against, failure modes, and how to deal with problems.

8 Summary It has to work It (AKM for RPs) has to bootstrap
It has to work over broadcast LANs It has to be simple, foolproof It has to solve a perceived problem Requirements may differ by protocol (OSPF, IS-IS, RSVP, LDP, UDP, TCP for BGP, TCP for not-BGP, …)

Download ppt "Constraints on Automated Key Management for Routing Protocols"

Similar presentations

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.
4a-1 CSE401: Computer Networks Hierarchical Routing & Routing in Internet S. M. Hasibul Haque Lecturer Dept. of CSE, BUET.

4a-1 CSE401: Computer Networks Hierarchical Routing & Routing in Internet S. M. Hasibul Haque Lecturer Dept. of CSE, BUET.
CSCI 4550/8556 Computer Networks Comer, Chapter 25: Internet Routing.

CSCI 4550/8556 Computer Networks Comer, Chapter 25: Internet Routing.
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
Network Layer4-1 Chapter 4 roadmap 4.1 Introduction and Network Service Models 4.2 Routing Principles 4.3 Hierarchical Routing 4.4 The Internet (IP) Protocol.

Network Layer4-1 Chapter 4 roadmap 4.1 Introduction and Network Service Models 4.2 Routing Principles 4.3 Hierarchical Routing 4.4 The Internet (IP) Protocol.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
14 – Inter/Intra-AS Routing

14 – Inter/Intra-AS Routing
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.

Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
Chapter 27 Q and A Victor Norman IS333 Spring 2015.

Chapter 27 Q and A Victor Norman IS333 Spring 2015.
ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.

ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.
Routing ROUTING. Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow.

Routing ROUTING. Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)

1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE00378-1.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.

Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
Routing and Routing Protocols Routing Protocols Overview.

Routing and Routing Protocols Routing Protocols Overview.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Similar presentations

Ads by Google