Border Gateway Protocol/Operations

From Citizendium
Jump to navigation Jump to search
This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


Defense against infrastructure attack

In the public Internet, there are attacks both against enterprises that use BGP, typically for multihoming and traffic engineering, and against ISPs, for whom BGP is utterly essential.

Unicast RPF (uRPF)

Unicast reverse path forwarding is a widely used technique, an evolution of access control lists that were harder to maintain and imposed much higher router overhead.[1]

Blackhole route injection into iBGP

Once a specific IP address or range of addresses is shown to be under attack, blackhole route injection is a way to quarantine the attack traffic. It will make the target unusual at the cost of making it unreachable. When the attack traffic is isolated, however, the operator can apply much more powerful diagnostics to circumvent it, and ideally trace it back to its source and defeat it there. In the public Internet, it will usually take cooperation among autonomous systems to defeat an attack. [2]


Sinkholes

Network intrusion analysis

Statistical monitoring for attacks

Internal router metrics from SNMP, external from NetView or equivalent

References

  1. Baker, F. & P. Savola, RFC 3704: Ingress Filtering for Multihomed Networks
  2. Gemberling, Brian W.; Christopher L. Morrow & Barry R. Greene, ISP Security: Real World Techniques (Version 1.0), at 24-36